Daring to go beyond your local neighborhood?
So, you believe yourself to be among the jet-set crowd, with collaborations going with colleagues across the Continent and the Atlantic... The very fact that you are reading this manual yourself seems to contradict the notion,[ 1 ] but it is not our job to offer you psychoanalysis.
Let us assume that you are quite pleased with how the test with Jan turned out, you are genuinely interested in collaboration beyond your domain.
It is possible to use iChalk over internet if some steps are taken depending on your network configuration.
Lest you should disappoint yourself, you may want to adjust your expectation here.
For a reality check, run an ftp program and try downloading a file of size about 100 kb.
What used to be possible within local area network during an eye-blink now requires at least a few seconds, especially if you have a stingy DSL or cable service which placed a gag on your uploads.
Even though impressive progress has been made in online-gaming and video streaming lately, a free-form collaboration poses more serious challenge with all kinds of contingencies.
We alleviate some of the lag-problems to a degree by making iChalk multi-threaded.
Still, a satisfactory experience may be expected only when every member of the group has robust (DSL or better) connection speed.
According to science and telecom sources, we are entangled with fiber-optic cables all around but our neighborhood.
In the near future, iChalk may benefit from such infrastructure (we are still digging our back yard and yet to find that optical cable) and we will happily dispense with this paragraph.
Connecting to an Existing Collaboration over the Internet
First, easy one first. You should have received the WAN address of the serving machine already either through email or by phone.
This image is taken using iStorm. iChalk will display a very similar window.
In the Connect sheet, check Do not use Rendezvous button. Then the available document list will initially go blank. Type in the WAN address you received from your friend in the Server IP Address field. Press Tab key. If the server is set up properly, the list will show all available documents on the host at the typed address. Select the one you want to join, and the port field will be automatically filled. Press Connect button to join.
If no document shows up in the list, maybe the server's configuration was not good enough to provide the documents list. In this case, you need to manually type in the port number in addition to the IP address. If the friend did not give you the port number already, maybe you should make a phone call now.
The pull down menu titled Friend Hosts appears when you check the Do not use Rendezvous option. It remembers the last ten successful hosts, in case you find it tedious to type in the server ip address. If the host's machine is served by a domain name server, you can also type in the machine name such as sword.whitehouse.gov, instead of its boring numeric address.
Serving (Hosting) a Document over the Internet
Making the shared document accessible to outside world requires some serious effort in today's security-obsessed network environment. This burden, not encountered by on-line game players or chatters who need only to connect to a big, inviting servers, comes about since you aim to do the serving, usually multiple documents to different set of people. To do so requires opening your machine to the outside world to varying degrees.
We can not possibly address all possible network variations, and we can offer only some hints here.
Get to the Point Already!
With iChalk 3.1, we added some features which will provide pertinent information to make it easy to serve over internet.
If you are using an earlier version of iChalk, please make sure you download the latest version to take advantage of it. When you open the Host (serve) sheet by pressing Command-Shift K, you will now see a new button at the bottom titled Internet Serve.
Press the new button to start serving and get relevant information to provide your collaborators with. Essentially, they need the WAN (wide area network) IP address (preferably the numeric ip address such as 68.128.19.11, or the name of the machine such as mathgamehouse.edu, if it is served by the domain name server) and the port number that the served document is using to listen to the incoming messages.
If you have a static IP address and has already arranged for the Firewall for a specific port number of your choice, the information shown in the Server IP Address and Port fields at the bottom of the sheet will suffice. iChalk will try to figure out whether you have a more complicated situation, and will provide the steps to be taken if necessary. If you suspect you have complications due to dynamic IP address, firewall or any other reasons, please read on.
There are essentially three points to check if you are in doubt:
Is the IP you gave out is your correct WAN address?
Is Firewall blocking the port your shared document uses?
If your machine is in a network, are messages sent to the WAN address and the set port properly forwarded to your machine?
WAN address
If your machine is in an institution which granted you a permanent (static) IP address, (one way to check is to look into the Network preference panel and make sure TCP/IP is set to "manually" and with a decent looking IP address.) In that case, that address is most likely to be also your WAN address and you need not bother with most of this section, except for the Firewall. If your machine is directly connected to a broadband modem (be it DSL or Cable) via PPPOe, the IP address that you may read off from the Network preferences will do, although that may change from time to time (on the vagaries of your internet provider or network interruptions).
On the other hand, if your machine is attached to a sub-network, or if you have several machines at home sharing an internet connection using a router attached to the DSL or cable modem, then you have good reason to read on.
If you are like us, your machine is probably attached to a DSL/Cable router, and is sharing a dynamic internet connection with other machines. Usually the router or a machine on the network acts as a DHCP server and it distributes the "local" addresses to its siblings. If you see something like 10.0.x.x, 192.168.1.x.x or 163.185.x.x as your IP address in the network preferences, this is likely the case. These local addresses are useless for anyone outside this sub-network, since thousands of machines across the internet probably have the same local address. In this case, you need to take the following steps:
Find your WAN (Wide area network) IP address, which probably is the one assigned to the routing unit by the internet provider. You or your IP person should know what it is. Find that PostIt paper you slipped in a book six months ago. A better way is probably going to the www.myipaddress.com (active as of Jan. 2004) or similar services which will do it for you. (See one of the Q/A items at the end of this section for more details.)
In the router (say, the popular Linksys box or the Airport Base station) setup program, you should be able to do so-called port-forwarding. That is, all TCP requests coming to the router (at the WAN IP address) for ports 4040 and 50000 (assuming that the latter is what iChalk chose for the shared document. If you are serving several documents, the same applies to every port number thus associated.) should be forwarded to 10.0.1.12 (if that is the local IP address of your serving machine). (See one of the Q/A items at the end of this section for more details on port forwarding.)
Firewalls
Most likely, your machine is heavily guarded by a Firewall or two as erected by your mighty IT administrator. You need to dig a hole (matching your chosen private port number) through your firewall to allow in requests coming from outside.
Ports are like your ear and mouth. Computers have about 50000 of them available. So, what ports? For example, port number 80 is used if you serve Web pages using Apache web server. With iChalk, these ports include 4040 in particular and others either manually or automatically picked (between 49151 and 65535. In a large organization or schools, you will have to ask your IT administrator to make necessary arrangements. Unless this is taken care of, those joining you across the Ocean with valid IP address and the port number will end up with a spinning rainbow for quite a long while. Get ready to receive a phone call now.
This image is taken from iStorm user manual. For iChalk, appropriate changes should be made. Please refer to the text.
To allow communications through particular ports, you may first need to check the built-in Firewall setting for your machine. Open the System Preferences->Sharing->Firewall tab. If you chose to have Firewall Off for some reason, you may not bother with the following at all.
If it is on, you now have to add a New item to the list. Choose New... button and Choose Other for Port Name option. It will prompt for Port Number, range or Series and Description. Type iChalk in the Description, and (4040, 50000-51000) for example. 4040 is for iChalk to serve shared documents list to users outside your local network. By choosing the range 50000-51000 in this example, you are promising yourself that you will manually supply a port number in the range when you serve.
If you can't discipline yourself to always remember to manually pick a port number in a narrow range, then you may set the range of open ports to be (4040, 49151-65535) instead. Note however that this may be considered recklessly lenient by security experts! If you are sensitive to security issues, make it a habit of temporarily adjusting your Firewall setting only during collaboration and switch back to close the ports no longer in use.
For some of you, this may not be the end of the chore about Firewall. Your network administrator might know a thing about how medieval castles were surrounded by layers of defensive elements, such as moats and forests with dragons, before allowing a ladder set against the Wall. You may want to check if there is additional hardware firewall or other measures that you are not aware of.
Port Numbers
By default, iChalk picks a port number automatically in the range between 49151 and 65535. You can override this by manually typing in a port number (again in the same range) of your choice. This is OK as long as you do not have multiple documents to share. (Note that each shared document should have a unique port assigned to it.) [Warning: LAN users: You also need to find out whether another user is using the same port number and is forwarding that port already to his own machine in the same local area network as yours. In this case, you may have a nasty situation where your unsuspecting collaborator join a wrong session on a different machine.]
If you find it tedious to find the port number of each document and send it to your colleagues every time, you will find a way to make it almost as easy as using Rendezvous if the following step is taken:
With version 3.1, iChalk serves names and port numbers of all served documents on your machine to outside through a dedicated port number 4040. (Similarly, 3030 is used for iStorm application.)
Therefore, if these ports are open on your machine (if you have Firewall, you may want to set the ports 3030 and 4040 open always for iStorm and iChalk applications.), your friends, upon entering your IP address at their end, will automatically find all shared documents with their names and port numbers in the list when they try to connect. Again, if your machine is one of many in your LAN, sharing an internet connection, you will have to make arrangement for port forwarding for 3030 and 4040 as well as those for the shared documents.
For some reason, if you had to quit iStorm/iChalk and immediately restart, it takes about two minutes or so for the ports 3030/4040 to clear and become available again. Therefore, your colleagues may not see your served document until after a few minutes since you started serving.
Problems! Questions!
I find my WAN address keeps changing
Maybe you have an unstable network connection. DSL service, for example, may assign different ip address to you every time you reconnect for some reason. Also, you may have set the network setting to renew connection too frequently. If you can not remedy the situation, we recommend not to serve from your machine. It is preferable for everybody to serve a document from a machine with stable network environment.
I try to set the port number manually, but I often get the message saying the port is not available.
This means that the particular port is either being used by another document shared from your machine, or was previously used but recently stopped serving. If you stop serving a document, the port it was using is immediately closed, but takes a few minutes to clear for it to be used again. This is to ensure that orphaned datagram, if any, to die graciously lest they should come to haunt you through the newly established port. If this is the case, just wait at least for two minutes before trying the port number again.
What is this new complication about port 3030/4040?
In versions prior to 3.1, it was necessary to give group members outside your LAN both IP address of the server machine and the port number used for the shared document. With v3.1, if the server machine has port 3030 (4040 for iChalk application) active, the program will maintain all served document list for the machine and will give out to request from outside. On the client side, when the user checks the "do not use Rendezvous" option in the Connect sheet and type in a valid IP address, the list will show up in the available documents list, in ways similar to using Rendezvous in LAN. Then the client will pick a document, which will automatically fill in the necessary port number.
If you are serving and have to quit and restart the application, you may have to allow a few minutes for this feature to be up and running, as it requires the port to be cleared first.
How do I make my firewall keep a port number open?
It is described in detail above under the heading Firewall.
I even disabled the built-in firewall. Yet, the other party cannot connect to my document. (Yes, I am sure I gave out correct WAN address and port number.)
There may be additional (at the hardware level) firewall. Consult your network administrator if you do not remember any. If Firewall is not an issue, then you may need to check to see if you need port forwarding.
I want to use a fixed port number for all my collaborations over the internet. Why can't I?
If you happen to work with a single group of people using only a single shared document all the time, this is a very relevant question. It will save a lot of hassle regarding Firewall, port forwarding, etc. However, as each shared document requires a distinct, dedicated port, and often one runs several collaborations in parallel, therefore requiring several ports in volved. We wanted to keep it more flexible.
How do I find out my WAN address to give to my colleagues?
First, the ip address displayed in the Host sheet may well be your WAN address if you have a static ip address assigned, and if you are not sharing an internet connection with other machines.
If you find that address starts with "192.168..." , "163.185..." or "10.0..." then you have good reason to believe that you have to find the WAN address using the following method.
There are several ways to find the WAN address.
When you press the Internet Serve button (available for v3.3 or later) in the Host sheet, iChalk will try to find it and let you know. However, due to the dynamic nature of the method it uses, it may fail occasionally.
In that case, you should try one of the following:
The orthodox way will be to harass your network administrator. If you made internet connection yourself, the program you used to do so will usually display the address. If you are using a router such as a Linksys box or Airport base station, their control software will display the address.
If these sound too much for you, simply try one of the following web pages (they are all active as of January 2004) using your web browser:
myipaddress, ipaddressworld,
whatismyip, or ipchicken .
Why should I bother about port forwarding?
(If your WAN address found by methods described above is the same as the address shown in the ip address field of the Host sheet, you do not have to worry at all.)
In a typical network configuration, your machine is not directly exposed to the internet. Rather it is fronted by a router such as an Airport base station or a Linksys box, attached to the internet service source (DSL or cable modem). To the outside world, your network is identified by the address assigned to the router, and therefore, messages destined to reach your machine will first have to be addressed to that fronting address, not your local address. As the messages arrive with its destination port number, then the router will have to forward each datagram to appropriate local host, which is listening to that particular port. This can be arranged through the configuration software for the router. (for Airport base station, one would use the AirPort Admin Utility found in the Applications->Utilities.) So, if you just started a shared document at port number 55555, and if your LAN address is 10.0.1.11 and if you WAN address happens to be 68.25.3.102, then you will set the router to forward port 55555 (and 4040 as well) to 10.0.1.11.
My collaborator complains his machine hangs or crashes when trying the WAN address and the port number I gave.
It is probably because the port is blocked by your Firewall. Or the port may be forwarded to a different machine on your network by another user.
Another possibility is that you have an unstable connection to your internet service provider. For example, your dsl connection may constantly shift your assigned address. When the dsl modem disconnect and reconnect, it usually ends up with a different ip address.
Please read through this section carefully and consult a network expert, if available. We also encourage you to contact us to report a potential bug, but only if all measures described here fails to solve the problem.
We use multiple iBooks equipped with Airport cards, sitting on a campus lawn in a sunny Californian afternoon or gathered around a cozy bonfire in the state of Maine. Can we use one machine to create a network and let others join?
One person will opt to create a network, and everybody else will then switch their network to use the impromptu network. iSotrm and Rendezvous will work transparently. However, documents shared in this manner may not become available over the internet.
What is the best strategy to resolve a network-congestion related crisis during a collaboration?
Please check at the end of the chapter on Hosting for an answer.
I give up!
We apologize for not being able to offer a more transparent way to serve your document over internet at the moment. However, we would like to encourage you, if we may, to consult this chapter more carefully to track down the origin of your difficulty. Even if it turns out to be simply due to a bug in the program, you would have done a tremendous service to the user community by helping us improve the program.
Unless your network configuration is extraordinarily different from others, we can assure you that groups have used iStorm/iChalk successfully across the internet. Our recent in-house testings included people from Hawaii, Michgan, Connecticut, California and New York using dsl connections.
Notes regarding security
We observe that overzealous measures taken for network security tend to suppress our creative impulse. An exclusive, closed group is a notion hostile to germinating and cultivation of original ideas.
That is one of the reasons why we did not implement a tight password system for the original iChalk v1.0 to allow forming closed collaboration group. However, we received quite a loud feedback on the need for it at least as an option. Yet we were still deliberating. The clinch came when we received a suggestion from a professor at Berkeley. Didn't leave much room for our nauve liberal bias.
Even with password protection, you should be aware that a stranger, who acquired the IP address of the server machine and the port number, may attempt to join the ongoing collaboration posing as your friend or instructor and disrupt or steal your effort. Even in a LAN environment, this could be pretty hazardous if you happen to be in a company or a family with rampant internal politics. Please use iChalk at your discretion in such an environment.
By using iStorm/iChalk and following suggestions regarding Firewall or other security measures, you are agreeing to take full responsibility and do not implicate the developers of iStorm/iChalk if an intellectual theft occurs.
1. A recent news article revealed that Bill Clinton sent out an email only twice during his entire term as the president of USA. One of them was to see if he knows which button to press. Now this is a standard you should aspire to!
