tag:blogger.com,1999:blog-84968009635253154932024-02-20T21:49:20.256-08:00blog.josephhall.comUnknownnoreply@blogger.comBlogger417125tag:blogger.com,1999:blog-8496800963525315493.post-84666519573639577242015-05-21T17:07:00.000-07:002015-05-21T12:24:42.413-07:00The Garden's Coming Along<div class="separator" style="clear: both; text-align: left;">
It's hard to see with a couple of them, but it looks like my seed potatoes have all officially sprouted.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVfNoXs7Osiz626GM-ildpIswUrpnN74hG0gUmfRlLKo0_mBZ9ujICY12YcWysiq4JfIuy5jQ4100ZBdaf2-Kj3_ET_CO9drDIqaUZF_OXVLHtnptJvBTM0tlrJHc9x9AuYHZXpjRC5iZ0/s1600/IMG_20150521_125709.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"> <img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjVfNoXs7Osiz626GM-ildpIswUrpnN74hG0gUmfRlLKo0_mBZ9ujICY12YcWysiq4JfIuy5jQ4100ZBdaf2-Kj3_ET_CO9drDIqaUZF_OXVLHtnptJvBTM0tlrJHc9x9AuYHZXpjRC5iZ0/s320/IMG_20150521_125709.jpg" width="320" /> </a> </div>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
This is a very ambitious garden. I have 10 garden boxes, 4 of which are 4'x5', and the others 4'x4'. With luck, I'll have far more produce in the fall than I know what to do with, and will be able to share my bounty with the neighbors.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
I'll post more photos of the garden in a bit.</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8496800963525315493.post-3118653390586214872015-05-18T14:27:00.003-07:002015-05-18T14:28:06.744-07:00Speaking at YAPC::NA 2015For those who are interested, I will be speaking at <a href="http://www.yapcna.org/yn2015/">YAPC::NA</a> (Yet Another Perl Conference, North America) next month. My talk is entitled <a href="http://www.yapcna.org/yn2015/talk/5982">A Series of Unfortunate Requests</a>. If you know me, you know I'm a REST API junkie, so I'm pretty excited to talk about it at this conference.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8496800963525315493.post-20652454775050230632015-05-17T04:48:00.002-07:002015-05-17T04:48:34.921-07:00Finland!<div class="separator" style="clear: both; text-align: left;">
I just got back from Helsinki, Finland!</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiokbefEprJ7_qRSKds2sVyrTwVhfOQnaBSpwHFuALZRqRVealY6RtYgj_jjlZi1cO3ap0w01Ur1QNnITCcBWbOwa4JTetdbcoQS0yiYFRISwNved7U5-ThzJEgrQbj8EkY97_yZKG9Gvst/s1600/IMG_20150503_091008.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"> <img border="0" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiokbefEprJ7_qRSKds2sVyrTwVhfOQnaBSpwHFuALZRqRVealY6RtYgj_jjlZi1cO3ap0w01Ur1QNnITCcBWbOwa4JTetdbcoQS0yiYFRISwNved7U5-ThzJEgrQbj8EkY97_yZKG9Gvst/s320/IMG_20150503_091008.jpg" width="320" /> </a> </div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
I am now convinced that Helsinki is one of the great cities of the world. It's a beautiful place, with friendly people, and bonus for me as an American: almost everybody speaks English! In fact, in my two weeks there, the only person I spoke with that did not seem to know any English was a bus driver.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
I was working onsite with a customer there, including 4 of the nicest guys I've ever met. We did some work with SaltStack + OpenStack, and I for one had a thoroughly enjoyable time on the project.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
Because I was there for two weeks, I got to spend a weekend there. Saturday I went wandering around my part of the city, visiting the <a href="https://www.kamppi.fi/en/">Kamppi Center</a> and the <a href="http://www.forum.fi/en/">Forum Mall</a> across the street. I also went to the <a href="http://www.kiasma.fi/en/">Kiasma</a> modern art museum, and saw thoroughly fascinating exhibits on Ismo Kajander, and "Elements".</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
I loved the bus system while I was there, though I admittedly only used one route, to get to and from work. My host was kind enough to set me up in the <a href="http://www.scandichotels.fi/Hotels/Suomi/Helsinki/Scandic-Simonkentta/">Kamppi Scandic</a>, which was in a pretty central location. I should note though that, outside of one cab driver who seemed to have vision problems ("is this a 4 or a 6?"), all of the drivers that I observed tended to drive very conservatively, defensively, and safely. This is in stark contrast to driving in Utah, where it often feels like every driver is out for blood.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
If you ever get a chance to visit Finland, I highly recommend it. It's a beautiful country with beautiful, friendly people.</div>
Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8496800963525315493.post-25613156082395439572015-05-17T03:39:00.000-07:002015-05-17T05:25:38.855-07:005 YearsIt's been over 5 years since I've posted here, and it's time for that to change. I have a lot to say, and I find myself in need of a place to say it. So I've resurrected this blog, and intend to start posting on a regular basis again.<br />
<br />
A lot has happened in the past 5 years, and it will affect what I post here. I love cooking as much as ever, and a large chunk of the content will still be about food, albeit more from an engineering point of view. I have also worked for SaltStack for over 2 1/2 years, and you can expect to see some posts here about Salt.<br />
<br />
My old layout was incredibly incompatible with the current version of Blogger, so I'm using one of the default templates for now. Hopefully I'll have time to get something up soon that's more me.<br />
<br />Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8496800963525315493.post-17034393344806362512010-04-15T19:50:00.000-07:002015-05-17T04:17:23.693-07:00Using the find commandToday I was working on a problem with a coworker, and I saw him start to type the following:<br /><pre><br />find . | grep<br /></pre><br />I said, "no, I'm not going to let you do that. You need to do it the right way." (Yes, I do that sort of thing. Don't act like you didn't expect it.)<br /><br />Don't get me wrong, there's nothing wrong with grep. It's a fine tool, and I encourage people to constantly try to become better with it. But it has its place, and this was not it. Using the find command properly in this case would result in less typing, and would spawn one less process. It may not be important for a one-line command, but in a larger script it might be more significant. Better to get in the right habit now, so that when you do find yourself working on that big script, you do it right the first time.<br /><br />The find command is extremely powerful. Unlike locate, which uses a pre-built database of files and paths on your system, find searches your filesystem in real time, paying more attention to the individual files, and their properties. It may be slower than locate, but it's more accurate and far more flexible.<br /><br />I see people use find mostly to search by filename, but it has plenty of other options. Let's start with filename and build from there. There are two relevant options:<br /><pre><br />-name<br />-iname<br /></pre><br />They are identical, except that -iname is case insensitive. Since files on a *nix system are traditionally all lowercase, you might want to save yourself a few processor cycles and just go with -name. If there's a chance that case may be an issue, use -iname instead.<br /><pre><br />find -name 'myfile.txt'<br /></pre><br />Using quotes is not strictly necessary with most filenames, but it's a good habit to get into. Keep in mind that by default, find searches by exact filenames. If you're not sure what the extension is, or you want to look anywhere in the filename, you can use globs:<br /><pre><br />find -iname '*myfile*'<br /></pre><br />The above commands will process files recursively, inside the current working directory. If you want to search a different directory, you need to specify it before any other options:<br /><pre><br />find /etc -name passwd<br /></pre><br />There are a few subtleties of find that you will encounter. They're not usually a big deal, but they can be annoying sometimes. For instance, find does not sort its results. If I expect a lot of results, I generally pipe it through the sort command. It also isn't very good at searching its own results, which is where grep can come in handy:<br /><pre><br />find / -name 'Net' | sort | grep -i perl<br /></pre><br />Now that you have the basics of find, let's explore some of the other options. Two that I use extensively are:<br /><pre><br />-ok<br />-exec<br /></pre><br />Again, these options are identical in purpose, but there is an important difference in how they behave. Both of them will execute a command on each file found, but -ok will ask for permission first (for each file) while -exec will just do it.<br /><pre><br />find /etc -name '*conf' -exec mv {} {}.orig \;<br /></pre><br />First off, everything between -exec (or -ok) and \; is the command that you want to run. Make sure you escape that semi-colon at the end with a backslash, or you'll be sorry. The {} is a placeholder for the filename that was found by find. In this case, we're actually going to be performing a series of commands that looks like this:<br /><pre><br />mv /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf.orig<br />mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.orig<br />mv /etc/httpd/conf.d/perl.conf /etc/httpd/conf.d/perl.conf.orig<br />...SNIP...<br /></pre><br />You're not limited to just searching filenames by glob. The find command does actually have support for regular expressions, using the following:<br /><pre><br />-regex<br />-iregex<br /></pre><br />I don't think I need to tell you that -iregex is the case-insensitive version of -regex. If you already know how to use grep, this isn't much of a stretch:<br /><pre><br />find -regex ".*deskto."<br /></pre><br />The find command also supports boolean logic:<br /><pre><br />-and (or -a)<br />-or (or -o)<br />-not<br /></pre><br />Let's combine these with couple more options from the man page:<br /><pre><br />touch /tmp/jayceweb.tar.bz2<br />find / -user jayce -and -group apache -exec tar --remove-files -jrf /tmp/jayceweb.tar.bz2 {} \;<br /></pre><br />This is the sort of command a person might run if they found a user on their system that they didn't trust, and wanted to quaratine all of their web files. First we make an empty tar file, then we add the suspicious files to it, removing them once they've been archived. It assumes that the user that owns the files is jayce, and the group that owns the files is apache. You could also make use of:<br /><pre><br />-uid<br />-gid<br />-nouser<br />-nogroup<br /></pre><br />That's probably enough of a primer to get you started. Now would be a good time to check the man page for some of the other myriad options that you can use to check by date stamp(s), file size, file type and even permissions. A little practice with this powerful command will save you time and energy, and increase your productivity like you won't believe.Unknownnoreply@blogger.com4tag:blogger.com,1999:blog-8496800963525315493.post-63300005100389459292010-03-13T05:34:00.000-08:002015-05-17T04:17:23.706-07:00Getting Started with Cassandra12 days ago, I read <a href="http://news.cnet.com/8301-13505_3-10461670-16.html">an article by Matt Asay</a> which briefly mentioned Cassandra, Facebook's NoSQL offering. I had heard of it before, but hadn't really looked into it. For some reason, Matt's article caused me to look into it again. Within a couple of hours, I was evangelising it to a few friends. Matt's article pointed out that Facebook, Digg and Twitter had all started using it, and as I researched it, it seemed that Digg's and Twitter's migrations to it had taken only a few days. Last night, one of the people that I had been hyping it to sent me <a href="http://blog.reddit.com/2010/03/she-who-entangles-men.html">a thing from Reddit</a>, posted only 11 days after Matt's article, talking about how they had just finished a 10-day migration to Cassandra.<br /><br /><b>What is Cassadra?</b><br /><br />In order to understand Cassandra, it would first make sense to talk about exactly what this NoSQL movement is.<br /><br /><b>What is NoSQL?</b><br /><br />NoSQL is a nickname that arose sometime last year to describe a series of increeasingly popular database management systems (DBMS) that do not use SQL as an interface, as has been common in database servers for at least a couple of decades. Indeed, SQL is hardly the issue here at all. If you were to migrate from MySQL to PostgreSQL, chances are you would still have to update several of your queries in order to be compatible with the new DBMS. It's almost like changing languages anyway, except that it's more like the differences between Canadian French and Hatian Creole: both French, but not pure French, and there are enough differences to matter.<br /><br />Switching from SQL to NoSQL is a little more like switching from English to Japanese. Both are languages which accomplish the same goal (interperson communication), but both take very different approaches. They have different keywords, different grammars, and some would argue that Japanese is a much more precise and efficient language. One might even bring scalability into the discussion, as both languages have had the opportunity to grow. One might argue that English has done so sloppily, borrowing from odd places, whereas Japanese has done so with a little less mess, for instance, adding an entire syllabic infrastructure called katakana in order to handle foreign words, among other things.<br /><br />Both SQL and NoSQL are DBMSs. They both hold data admirably, but whereas most SQL servers were originally built before the idea of database clusters was common, NoSQL servers were introduced around the time that database clusters were becoming a necessity in many infrastructures. This provided NoSQL servers with the ability to consider this concern during the design stages, rather than having to patch it in later. Some of the names that you will see in the NoSQL world are <a href="http://en.wikipedia.org/wiki/BigTable">BigTable</a>, <a href="http://en.wikipedia.org/wiki/Dynamo_(storage_system)">Dynamo</a>, <a href="http://en.wikipedia.org/wiki/HBase">HBase</a>, <a href="http://en.wikipedia.org/wiki/Hadoop">Hadoop</a>, <a href="http://en.wikipedia.org/wiki/Couchdb">CouchDB</a>, and <a href="http://en.wikipedia.org/wiki/Cassandra_(database)">Cassandra</a>.<br /><br /><b>So, What is Cassandra?</b><br /><br />Cassandra is a NoSQL DBMS written by Facebook. It was open sourced in 2008, and added to the <a href="http://apache.org/">Apache Project</a> in 2009. It is fault-tolerant, decentralized, and "eventually consistent", meaning that when data is added to the database, there is a propagation period before that data is available to all of the nodes in the cluster. A more famous database model that is also eventually consistent is DNS: zone records are updated higher up in the DNS tree, and then trickle down to relevant servers in an organized fashion. This used to take 72 hours or more in DNS, but these days takes closer to an hour. With Cassandra, it is more likely to take a few seconds. This means that your applications must be written with this consideration in mind,<br /><br />Rather than using SQL, Cassandra uses a system of key/value pairs. This is not a new concept to most programmers, whether they refer to them as libraries, associative arrays or hashes. The concept should be immediately familiar to any Perl programmer, and possibly even more comfortable to anyone who has ever worked with JSON. One major difference is that each name/value pair is also timestamped. So a column, as it were, in Cassandra is comprised of a name/value/timestamp set. For example:<br /><pre><br />{<br /> name: "email",<br /> value: "test@test.com",<br /> timestamp: 1259991135887<br />}<br /></pre><br />Cassandra also has what's called a SuperColumn, which is a grouping of columns, much like a hash of hashes in Perl. For example:<br /><pre><br />{<br /> name: "person",<br /> value: {<br /> realname: { name: "realname", value: "Billy Bob Test", timestamp: 1259991135887 },<br /> email: { name: "email", value: "test@test.com", timestamp: 1259991135887 },<br /> ircnick: { name: "ircnick", value: "billybobtest", timestamp: 1259991135887 }<br /> }<br />}<br /></pre><br />That's all the technical detail that I'm going to go into at the moment, largely because there's already so many great articles out there to get you started, but also because I'm new, and still know just enough to be dangerous (mostly to myself). But I am going to link to a few of those articles for you, if you're interested enough now to check them out.<br /><br />Bearing in mind that I'm a Perl guy, here are the links that I've already sent out to a couple of friends in email, which may or may not cover your language of choice.<br /><br />For information about Cassandra and some theories behind it, you'll want to take a look at these links:<br /><br /><a href="http://incubator.apache.org/cassandra/">http://incubator.apache.org/cassandra/</a><br /><a href="http://www.allthingsdistributed.com/2008/12/eventually_consistent.html">http://www.allthingsdistributed.com/2008/12/eventually_consistent.html</a><br /><a href="http://bryanpendleton.blogspot.com/2010/03/following-links-to-cassandra.html">http://bryanpendleton.blogspot.com/2010/03/following-links-to-cassandra.html</a><br /><a href="http://blog.evanweaver.com/articles/2009/07/06/up-and-running-with-cassandra/">http://blog.evanweaver.com/articles/2009/07/06/up-and-running-with-cassandra/</a> (Ruby examples included)<br /><br />When you're ready to install it and start playing with it, you'll want to read these, in roughly this order.<br /><br /><a href="http://dustyreagan.com/installing-cassandra-on-ubuntu-linux/">http://dustyreagan.com/installing-cassandra-on-ubuntu-linux/</a><br /><a href="http://wiki.apache.org/cassandra/CassandraCli">http://wiki.apache.org/cassandra/CassandraCli</a><br /><a href="http://arin.me/blog/wtf-is-a-supercolumn-cassandra-data-model">http://arin.me/blog/wtf-is-a-supercolumn-cassandra-data-model</a><br /><a href="http://search.cpan.org/~lbrocard/Net-Cassandra-0.35/lib/Net/Cassandra.pm">http://search.cpan.org/~lbrocard/Net-Cassandra-0.35/lib/Net/Cassandra.pm</a> (For the Perl guys)<br /><br />As I continue to explore and learn Cassandra, you may see an article here and there about it on my blog. I'm pretty excited about it, and while I see no reason to completely abandon SQL databases (they all have their uses, many of which Cassandra is likely not well-suited for), I think that I'm likely to use Cassandra as a major component on an upcoming project.Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-8496800963525315493.post-7608906916870346022010-03-12T17:12:00.000-08:002015-05-17T04:17:23.752-07:00Interpreting Recipe InputAs some of you know, I've been working on recipe software off and on for a few years. It keeps finding its way to the backburner, mostly because other things have always taken priority, but also because doing it The Right Way (TM) is pretty intimidating.<br /><br />A few weeks ago I started The Latest Attempt. I started simple, and had few eyeballs look at it. A couple of days ago, I went back to the beginning of my blog and started transcribing recipes into the simple interface that I had. I ended up finding several issues, most of which I don't think most of my testers ever encountered. I thought I'd lay them out here, and let them percolate in my brain.<br /><br />I'm going to use an example that wasn't in my early archives, but that I've been playing with lately. The original is <a href="http://www.foodnetwork.com/food/recipes/recipe/0,,FOOD_9936_977,00.html">here</a>. I blogged about a version of mine <a href="http://blog.josephhall.com/2006/11/brownies.html">here</a>. Hopefully Food Network won't mind if I reprint the original here, because I'm going to tweak it a little of the sake of demonstration.<br /><pre><br />6 squares unsweetened chocolate<br />3/4 cup unsalted butter<br />2 cups sugar<br />3 eggs<br />1 teaspoon pure vanilla extract<br />1 cup unbleached allpurpose flour<br />1 cup chopped nuts (optional)<br /></pre><br />Words like "pure" and "unbleached" sound pretty specific. But it starts with "6 squares unsweetened chocolate". What size is a "square"? The experienced baker will tell you that unsweetened chocolate is often measured in one-ounce squares. But it presents the first problem what I've encountered, and that at least one tester came across too:<br /><br /><b>Non-Standard Measurements</b><br /><br />"two sticks butter". "one can olives". "one package spinach". These are all arbitrary sizes, that don't necessarily mean what you think they mean. Okay, so in America, butter comes in 4 oz sticks. That's something that we can rely upon. But one can of olives? Are we talking about the little 4 oz cans of sliced or chopped olives? Or are we talking about a 15 oz can of whole olives? How about the spinach? I've seen fresh spinach come in packages ranging from a few ounces to a couple of pounds, and who's to say we're not talking about frozen spinach? This actually leads into the next issue:<br /><br /><b>Inspecific Ingredients</b><br />What kind of butter? Salted or unsalted? A professional chef would never cook with salted butter. Joe Q. America, who knows? And I've already brought up the issues with olives and spinach. But the issue that I found here was actually in trying to categorize the food items, with minimal effort on the user's behalf. I've been using the USDA SR22 this time around, along with some auto-suggest AJAX code, to try and link up what the user has been looking for with something that the user can use for things like nutritional charts. The SQL looks something like this:<br /><pre><br />select NDB_No, Shrt_Desc from ABBREV where Shrt_Desc like '%butter%' limit 10;<br /></pre><br />Offhand, it seems reasonable that this would give us results like "unsalted butter", "salted butter", etc. But the SR22 isn't in an order that is condusive that that kind of thing. Instead, we get a result like this:<br /><pre><br />+--------+------------------------------------------------------------+<br />| NDB_No | Shrt_Desc |<br />+--------+------------------------------------------------------------+<br />| 42291 | PEANUT BUTTER,RED NA | <br />| 42307 | MARGARINE-LIKE,BUTTER-MARGARINE BLEND,80% FAT,STK,WO/ SALT | <br />| 42309 | MARGARINE-LIKE,VEG OIL-BUTTER SPRD,RED CAL,TUB,W/ SALT | <br />| 43214 | BUTTER REPLCMNT,WO/FAT,PDR | <br />| 11866 | SQUASH,WNTR,BUTTERNUT,CKD,BKD,W/SALT | <br />| 11867 | SQUASH,WNTR,BUTTERNUT,FRZ,CKD,BLD,W/SALT | <br />| 11372 | POTATOES,SCALLPD,HOME-PREPARED W/BUTTER | <br />| 11373 | POTATOES,AU GRATIN,HOME-PREPARED FROM RECIPE USING BUTTER | <br />| 11381 | POTATOES,MSHD,DEHYD,PREP FR GRNLS WO/MILK,WHL MILK&BUTTER | <br />| 11385 | POTATOES,AU GRATIN,DRY MIX,PREP W/H2O,WHL MILK&BUTTER | <br />+--------+------------------------------------------------------------+<br /></pre><br />Only one of those even remotely resembles what I'm looking for, and honestly, I don't want it. This problem is easily, if tediously solved: all I need to do is create a new database, of commonly used ingredients, and query it first, and then supplement it with the second database. Oog. Let's move onto the really tricky stuff.<br /><br /><b>Storing Measurements</b><br /><br />Let's go back to our brownie recipe. One of the ingredients is 3/4 cup butter. Databases don't store fractions in any mathematically-usable format. Do we store it as a VARCHAR to maintain integrity with what the user entered, and then convert it later? Or do we store it as a decimal, and then store a flag saying whether it was entered as a fraction or a decimal? Or do we store it as a decimal, and assume that it will always be displayed to ther user as a fraction (which is usually what the user wants)? For the sake of argument, let's go with decimals as the storage mechanism, and not worry about anything else for now. In MySQL, we might have something that looks like this:<br /><pre><br />...SNIP...<br />amount DECIMAL(10,2),<br />unit VARCHAR(10),<br />...SNIP...<br /></pre><br /><b>Measurement Ranges</b><br /><br />Brownie recipe again. One of those ingredients, the nuts, is optional. It's technically a garnish, if an internal one. It's already subjective (walnuts? peanuts? pecans?), which means we can fudge a little on the amount too. Depending on how much you like your nut of choice, let's say you might opt for anywhere from 3/4 cup to 1 1/2 cups. This presents another problem with database management, at the very least. Maybe we can solve it by breaking the amount into two different fields?<br /><pre><br />...SNIP...<br />amount_min DECIMAL(10,2),<br />amount_max DECIMAL(10,2),<br />unit VARCHAR(10),<br />...SNIP...<br /></pre><br /><b>Intermixed Measurement Units</b><br /><br />Let's play with the sugar a little. A lot of people (like me) like to swap out some of the white sugar with brown sugar. Let's say that after careful testing and tweaking, I come up with the following measurements:<br /><pre><br />1 cup + 2 Tbsp white sugar<br />3/4 cup + 2 Tbsp brown sugar<br /></pre><br />Oh man. How do you store that? We could convert everything down to the lowest common denominator, Tbsp in this case, and then upscale when we display it back to the user. In the database, we would have something like:<br /><pre><br />18 Tbsp white sugar<br />14 Tbsp brown sugar<br /></pre><br />Of course, now we have to write code to scale this back to a reasonable measurement, since 18 Tbsp of anything is just weird, even just for behind-the-scenes storage. I think I would rather convert everything to a common unit, store it, and then convert it back. And I don't think any (non-metric) unit of measurement is more versatile than the ounce. Now we can store the sugar as:<br /><pre><br />9 oz white sugar<br />7 oz brown sugar<br /></pre><br />Of course, this leads us to the next problem:<br /><br /><b>Weight vs Volume</b><br /><br />In the metric world, this isn't an issue, because everything is stored in either some version of grams or some version of litres. But in the Imperial system favored in America, an ounce could mean weight or it could mean volume. With some ingredients, this isn't a big deal. "A pint's a pound, the whole world round", right? Makes sense, since a pint is 16 ounces by volume and a pound is 16 ounces by weight. Well, not exactly (1 pint == 1.043 pounds), but close enough for the home cook.<br /><br />In the above example, we know that we're referring to volume, if only because we know that we started with cups. But if I were looking at the recipe without any context, I personally would start off by thinking that it was a weight measurement. Some would assume it was volume. Even for the home cook, this is kind of significant, since a cup of sugar weighs a little over 7 ounces, not 8 ounces. In the aforementioned example, we could just store a flag that states whether this unit is by weight, volume, count, etc. If a user specified ounce, without any context, we'd have to store it as "unspecified", until it became important to the user (say, for nutritional data).<br /><br />Of course, this is all backend stuff. Let's talk about another major problem:<br /><br /><b>Dealing With Users</b><br /><br />If you can force the user to use your own forms, custom-tailored to suit your database, you can force them to do everything properly. And any UI designer worth his or her salt can tell you, when you start forcing users to what you want, you start losing users to your competitor. Your competitor's software may or may not do an inferior job, but if it makes your users feel better, that's what your users will use.<br /><br />I've heard a lot of people complain about recipe software. From my limited experience, when a user gets tired of their recipe software (as most inevitably will), they will switch back to using a word processor, or possibly a spreadsheet. So it seems to me that the best way to get somebody to use your recipe software is to make it feel as much as possible like using a word processor. That means using a lot of fuzzy logic to convert what your users type into something that your software can use.<br /><br />As you can see, writing recipe software The Right Way (TM) presents itself with a lot of issues. I haven't figured out how to handle most of them, and one of the biggest problems seems to be that some issues are dependent upon other issues. Well, I'll get it figured out.Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-8496800963525315493.post-35063675628022615342010-03-12T11:28:00.000-08:002015-05-17T04:17:23.767-07:00Homemade Server RackI actually built about a year ago, and never bothered to post it. I mentioned it to a couple of people this week, and thought I would post it for them:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i122.photobucket.com/albums/o242/techhat/make/DSCF0158-800.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://i122.photobucket.com/albums/o242/techhat/make/DSCF0158-tn.jpg" alt="" border="0" /></a><br /><br />I had a couple of 2U servers laying around that I was planning on installing, but that's kind of a weird form factor for setting up around the home. Fortunately, we had some laminate boards laying around, left over from a water-damaged built-it-yourself stand-alone closet that was in the basement when we moved in. I tossed the water damaged parts, but held onto the rest of the boards, just for something like this.<br /><br />I used 4 shelves, and built a box about the right form factor. I already had some casters (not shown in the photo, because they're underneath) so I attached them to the bottom to easily move the box around. The only parts that I ended up buying were the mounting racks for the servers. It's just not a part that I had laying around the house. It's also not a part you can find at Lowes, but it's easy to find online. I bought mine from <a href="http://www.starcase.com/rack_rail_online_store.htm">Star Case</a>. I figured that a 10U set should last me for a while.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8496800963525315493.post-76791942065490023492010-02-18T06:17:00.000-08:002015-05-17T04:17:23.821-07:00Primary Keys in MySQLI was reading an <a href="http://www.dynamicajax.com/fr/AJAX_Suggest_Tutorial-271_290_312.html">AJAX tutorial</a> the other day, and something that the author said caught my eye:<br /><br /><span style="font-style:italic;">"All we really need is the title, but I always provide a primary key for any table that I create."</span><br /><br />Why add it if you know for a fact that you don't need it? In this case, as with every case I've seen so far, the primary key in question was an auto_increment integer. I have long maintained that while this is necessary in most tables, it does not necessarily belong in every table. What you really need is a unique identifier. Without this, all you have is a jumble of data that really doesn't make sense to be stored in a database.<br /><br />But that unique identifier doesn't always need to be a counter. Let's take a look at a couple of examples. Consider the following hypothetical user table:<br /><pre><br />CREATE TABLE users (<br /> username VARCHAR(50) NOT NULL,<br /> realname VARCHAR(50) NOT NULL,<br /> password VARCHAR(50) NOT NULL,<br /> PRIMARY KEY (username)<br />);<br /></pre><br />It makes sense for a username to be unique, because the username/password (or other token) combination will be required for access to this application. If you need to refer to this table from another table, you can just refer to the username, because it is unique and identifiable. I might note that MySQL itself does not use an auto_increment field for its own user table.<br /><br />There are potential problems with this, however. When you change a username in this table, you need to change it in any tables that reference it as well. Additionally, you are taking up a little extra (if negligible) space in referring tables. An auto_increment uses an integer, which takes up less space, and will not change under normal circumstances. It should be noted that Unix-style operating systems use a UID to identify not only users, but file and process ownership. The username itself is rarely used by the system for anything other than making things more human-readable.<br /><br />Let me show you a table structure that I've been working on this morning. I have a need to store recipes in a database, but because a recipe contains varaiable numbers of ingredients and directions, it doesn't make sense to try and store each in its own field in a single recipe table. Instead, I have broken out my structure into three separate tables:<br /><pre><br />CREATE TABLE recipes (<br /> recipe_id INT(11) UNSIGNED NOT NULL AUTO_INCREMENT,<br /> name VARCHAR(255) NOT NULL,<br /> source VARCHAR(255) NOT NULL,<br /> preheat_qty INT(4),<br /> preheat_unit ENUM('F','C'),<br /> yield_qty INT(4),<br /> yield_unit INT(11) NOT NULL,<br /> PRIMARY KEY (recipe_id)<br />);<br /><br />CREATE TABLE recipe_ingredients (<br /> recipe_id INT(11) UNSIGNED NOT NULL,<br /> rank INT(4),<br /> name VARCHAR(255) NOT NULL,<br /> qty INT(4) NOT NULL,<br /> unit INT(11) NOT NULL,<br /> PRIMARY KEY (recipe_id, rank)<br />);<br /><br />CREATE TABLE recipe_directions (<br /> recipe_id INT(11) UNSIGNED NOT NULL,<br /> rank INT(4),<br /> direction TEXT,<br /> PRIMARY KEY (recipe_id, rank)<br />);<br /></pre><br />The recipe itself is referenced by a unique counter, which is usual. INT(11) contains far more unique identifiers as I expect to need for that table. But there will be multiple ingredients per recipe, and multiple directions per recipe. Even if I only store recipes with no more than 4 ingredients and 4 steps (which is unlikely), I need 4 times as many unique identifiers per table. <br /><br />I already have to store the recipe_id, to keep from orphaning the data. It's important to store what order each step is in, because if they got out of order, the recipe would quickly becaome confusing. It's nice to store the order of ingredients in the order in which they'll be used too, and many people write recipes with this in mind. I've called this field "rank". Since I already have those two fields, and they already uniquely identify the rows, why not officially make them primary keys together? MySQL allows it, and I'm going to make use of it.<br /><br />I propose that whenever you create a table, you take a moment to consider whether or not you actually need a counter. Most of the time you will, but not always. Get out of the habit of doing things because that's the way you've always done them, and get into the habit of doing things because you've thought about them and have made an informed decision specific to the situation at hand.Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-8496800963525315493.post-89107493653894162582010-01-30T10:15:00.000-08:002015-05-17T04:17:23.981-07:00My Drive ArrayA couple of years ago I got ahold of an old ATX computer that I intended to use as a file server. Unfortunately, there were a few problems with it. The biggest problem was that the drive cage for the smaller drives was missing. Smaller problems like an underpowered power supply and limited onboard IDE adapters were fixed with things like a new 600W power supply, and extra IDE expansion cards. As it turns out, Linux had no problem with two onboard adapters and two more cards (two adapters per card). With IDE's master/slave setup, that brought me up to two DVD burners (/dev/scd0 to /dev/scd1) and six hard drives (/dev/hda to /dev/hdf). But the drive cage, that was a problem.<br /><br />Fortunately, like many American bakers and pastry chefs, I spent a lot of time at the hardware store. And believe it or not, the roofing section at Lowes carries a simple solution: roofing ties. Not TILES, but TIES (no "L"). Behold, the drive array, now connected to my Thinkpad (click to embiggen):<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i122.photobucket.com/albums/o242/techhat/drive_array/DSCF0001_800.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://i122.photobucket.com/albums/o242/techhat/drive_array/DSCF0001_tn.jpg" alt="" border="0" /></a><br /><br />Yes, dear readers, the file server is dead. It seems to have developed memory issues in its old age, leading to its untimely demise. Not Alzheimers, but some form of dementia. A close-up on the array itself:<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i122.photobucket.com/albums/o242/techhat/drive_array/DSCF0002_800.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://i122.photobucket.com/albums/o242/techhat/drive_array/DSCF0002_tn.jpg" alt="" border="0" /></a><br /><br />Sadly, my Thinkpad does not have an external IDE adapter of any kind. But USB to IDE adapters are relatively cheap and easy to find. I can't access every drive at once, but that's not a big deal at the moment.<br /><br />Lowes has several different sizes of roofing ties, and several different styles. I used two different sizes, both completely flat, but with rows of holes exactly the same width as a standard 3.5" internal drive. One is five holes high and one is three holes high.<br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i122.photobucket.com/albums/o242/techhat/drive_array/DSCF0004_800.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://i122.photobucket.com/albums/o242/techhat/drive_array/DSCF0004_tn.jpg" alt="" border="0" /></a><br /><br />If you're going to do this, you'll be buying them in sets of two each. And while you may be tempted to stack three drives in one 3-high roofing tie set, <span style="font-style:italic;">fight the urge!</span> You need airflow between the drives, or they <span style="font-style:italic;">will</span> overheat. I speak from experience. Limit yourself to three drives for the 5-high ties, and only use the 3-high ties for connecting sets of 5-high ties. Look back at photo #2 to see what I mean.<br /><br />Speaking of heat issues, it's not a bad idea to point a fan at these if you're going to have them all on at once. It's not a big deal with one or two USB-connected drives, but with all six drives that I have in my array, I always had a fan going.Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-8496800963525315493.post-39061175621975585292010-01-28T06:11:00.000-08:002015-05-17T04:17:24.027-07:00Importing the USDA SR22 into MySQLSome of you who were interested in my post on <a href="http://blog.josephhall.com/2008/11/importing-usda-sr21-into-mysql.html">importing SR21</a> may have been waiting for this one. I know it's been a few months since <a href="http://www.ars.usda.gov/Services/docs.htm?docid=8964">SR22</a> came out, but I didn't have a need to import it until just now. There are changes to this new version, but they are minimal, and you may have already patched the code yourself.<br /><br />Specifically, two new fields were added to the ABBREVS table: Vit_D_mcg and Vit_D_IU. This brings the total column count in that table from 51 to 53. That number is the only change in the Perl file, and those two columns were the only additions to the SQL file. With those in place, I was able to import the new database without a problem. For the lazy and/or efficient, here are the new versions of the files:<br /><br /><a href="http://blog.josephhall.com/downloads/import_sr22.txt">import_sr22.pl</a><br /><a href="http://blog.josephhall.com/downloads/sr22.sql">sr22.sql</a><br /><br />Based on the reponse to my last post, I expect more troubleshooting questions on this post. For those who know what you're doing, you can stop reading now. Everyone else, check here before asking.<br /><ul><br /><li>You need to have at least Perl 5.8.6 installed.</li><br /><li>You need to have the Perl DBI installed, and DBD::mysql.</li><br /><ul><li>In RHEL/CentOS/Fedora, these packages should be called <span style="font-weight:bold;">perl-DBI</span> and <span style="font-weight:bold;">perl-DBD-MySQL</span>.</li><br /><li>In Ubuntu/Debian, these packages should be called <span style="font-weight:bold;">libdbi-perl</span> and <span style="font-weight:bold;">libdbd-mysql-perl</span>.</li></ul><br /><li>When you download the files, make sure you save the Perl script as import_sr22.pl, not import_sr22.txt.</li><br /><li>This script assumes you've downloaded the abbreviated file. It is a separate download from the full version, so make sure you don't miss it.</li><br /></ul><br />I think that covers all the questions I was asked previously. For those who are interested, The Eloquent Geek posted a non-Perl way of doing this on the last post. I haven't tried it myself, but for your reference:<br /><br /><span style="font-style:italic;">For those who do not want to use the perl here is how you import the data from the command line client:<br />load data infile '/file_path/TABLE_NAME.txt' into table TABLE_NAME fields terminated by '^' optionally enclosed by '~' ;<br /><br />Just substitute the table name per table.</span>Unknownnoreply@blogger.com5tag:blogger.com,1999:blog-8496800963525315493.post-10475422246402877172010-01-26T05:08:00.000-08:002015-05-17T04:17:24.086-07:00Ice Cream NomenclatureRather than responding in the comments area to Hollie's comment on <a href="http://blog.josephhall.com/2010/01/ice-cream-machines.html">Ice Cream Machine</a>, I thought I would just make a new post. Her question was, "isn't that a sorbet?" No, Hollie, that wasn't a sorbet or even a sherbet. There are a few terms tossed around for frozen, churned desserts, and there are differences. Some of it has to do with dairy content, but not all.<br /><br /><span style="font-weight:bold;">Sorbet:</span> This dessert generally contains fruit puree or juice, but can contain other things, such as coffee or chocolate. The important thing here is that there is no dairy content. So Hollie, with all the half and half in my recipe, it's definitely not sorbet.<br /><br /><span style="font-weight:bold;">Sherbet/Sherbert:</span> You'd think my recipe would fall under this category, because sherbet can have dairy in it. But as it turns out, sherbet only contains a small amount of dairy, < 3%. The terms sherbet and sorbet are often used interchangeably, and I guess I'm not going to stop that with my little post. But as far as I'm concerned, they are different.<br /><br /><span style="font-weight:bold;">Ice Cream:</span> Once you get above 3% dairy, your dessert becomes "ice cream". This is a pretty generic term that gets tossed around, and is applied to everything from sorbet to gelato. You can have large amounts of fruit puree like I had, or you can just keep it as simple as frozen, churned, sweetened milk or cream. I have a friend that is a big fan of unflavored ice cream: not even vanilla gets in the way of the taste of milk. One day I will have to try it.<br /><br /><span style="font-weight:bold;">Frozen Custard/Premium Ice Cream:</span> Once you add egg to the mix, ice cream technically becomes a frozen custard. But most people still just call it ice cream. I have yet to see a premium ice cream that is not actually a frozen custard, but I'm sure one exists somewhere. From a technical standpoint, there is a definite advantage to using egg, which will help the ice cream set up a little more easily in the churn. It also adds a nice creaminess.<br /><br /><span style="font-weight:bold;">Frozen Yogurt:</span> There's not really a whole lot of difference between ice cream and frozen yogurt, other than the former using cream (or at least half and half) and the latter using yogurt. Because of the yogurt, it's often a little more tart, and generally lower in fat.<br /><br /><span style="font-weight:bold;">Granita:</span> This Italian dessert is kind of like sorbet, but with much larger ice crystals. This is due to the preparation, which is more of a shaved ice technique than a churning technique. The method that I see most often involves pouring flavorful liquid (usually coffee, but sometimes fruit juice) into a cookie sheet and putting it in the freezer, scraping with a fork every couple of hours or so.<br /><br /><span style="font-weight:bold;">Gelato:<span style="font-weight:bold;"></span></span> This is an Italian variety of ice cream who's name I have often seen mis-used and abused in America, so let's set the record straight. One big difference is the low dairy content: almost as low as sherbet. I have seen some gelatos with no diary at all. Gelato also has a higher sugar content than ice cream, and usually involves egg. I have also heard Italians mention some sort of mysterious stabilizer, which I have <a href="http://blog.josephhall.com/2006/07/ice-cream-stabilizer-results.html">experimented with</a> before. It's still unclear to me what it is, and if it's actually a requirement. Gelato is churned like ice cream, but has much less air incorporated into it, and is meant to be served fresh, the same day that it is made. While not necessary, gelato generally has a pretty high fruit content.<br /><br />I have often heard the terms "gelato" and "spumoni" used interchangeably. Let me be clear on this: spumoni is a <span style="font-style:italic;">type</span> of gelato. Not all gelato is spumoni. Spumoni is a layers ice cream, kind of like Neapolitan ice cream in America, but containing things like fruits and nuts. <br /><br /><span style="font-weight:bold;">Kulfi:</span> My favorite dessert from India, this concoction differs from ice cream largely in that it is not churned. It generally contains flavors indigenous to India, like cardamom or pistachios. Americans be warned: it would seem that India loves their desserts sweet, as is evidenced in pretty much every kulfi I have ever eaten. It's not too sweet for me, but it's close.<br /><br />I hope that clears things up a little bit for some of you. Obviously I haven't hit every type of frozen dessert, but there are a few important ones.Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-8496800963525315493.post-77055709466734528552010-01-19T19:48:00.000-08:002015-05-17T04:17:24.103-07:00I Want ProofThere is a fad that's been circulating around the Internets for years now, and I'm sure is even older than that: the idea of so-called "negative calorie foods". The basic premise is that some foods require more calories to digest than they actually provide. For instance, a food that provides 5 calories, but requires 10 calories worth of energy for your body to process it, is considered to have negative calories.<br /><br />It's an interesting concept, and it would be awesome if it were true. Unfortunately, I have been unable to find any concrete proof either way. We know how to determine a food's caloric content, but I wonder if we know how to determine how much energy it takes to process it? In trying to find answers online, I found several people who claimed to be knowledgeable, but who were obvious idiots, and/or didn't bother checking their facts. For instance, on <a href="http://answers.yahoo.com/question/index?qid=20090529151635AATt9n9">this page</a>, I found this comment: <br /><br />"Celery has almost zero calories, it's so minuscule we round down to 0."<br /><br />I've never heard of anyone making this claim. If we consult the <a href="http://www.nal.usda.gov/fnic/foodcomp/search/">USDA Standard Reference</a>, we discover that an 8-inch stalk of celery contains about 6 calories. This is not a miniscule amount (unless compared to a Big Mac), and I certainly wouldn't round it down to 0.<br /><br />I found several other references to celery containing anywhere from 5 to 20 calories per serving (though the serving size was never stated), and guesses that eating a single serving would burn anywhere from 5 to 20 calories. Even <a href="http://www.snopes.com/food/ingredient/celery.asp">Snopes</a>, which I lose more and more faith in every time I read anything there, claims the "negative calorie" concept is true, but offers absolutely no evidence or proof.<br /><br />Can anyone tell me definitively how many calories are burned by eating a single serving (say, 40g, the approximate weight of an 8-inch stalk) of celery? I want a number, and I want to know how that number was obtained.<br /><br />My next complaint involves cooking alcohol out of food. There are plenty of people that will tell you, "don't worry, the alcohol burns out". In my experience, these are people that either think you're silly for caring, or are reassuring themselves because they want it to be true. Other people will tell you that you can never burn it all out. The most outspoken of these that I've heard is Alton Brown, followed by his good buddy Ted Allen.<br /><br />Both Alton and Ted have discussed this on their shows, Good Eats and Food Detectives, respectively. Food Detectives is kind of a culinary Myth Busters, but is far more scripted. They frequently perform experiments to prove or disprove myths, but in the case of the alcohol, they did a food demo that proved nothing, and then stated their "fact" as gospel.<br /><br />Alton Brown has stated repeatedly that alcohol never cooks out completely, but has never offered proof. Some years ago I did some research and found a report on the USDA's website that seemed to imply that after 2 1/2 hours of oven roasting, the level of alcohol left in foods is 0% (which I'm guessing is actually < 0.5%). Unfortunately, in more recent visits, this report seems to have been removed. I have been unable to find it for years.<br /><br />So, it begs the question: does alcohol really cook out, or not? Does anyone have any proof? Or can anyone at least point me to a report or study somewhere that even suggests something either way?<br /><br />I'm not convinced on the negative calorie thing, or the alcohol thing. And I'm sick of people making claims with nothing to back them up. <span style="font-style:italic;">I want proof.</span>Unknownnoreply@blogger.com1tag:blogger.com,1999:blog-8496800963525315493.post-82827732658629472782010-01-16T10:12:00.000-08:002015-05-17T04:17:24.146-07:00No More Fast FoodYou may have heard that McDonalds is now providing <a href="http://blog.utahcon.com/internet/mcdonalds-go-wireless-for-free">free wireless Internet access</a> at their restaurants. For those of you who eat at McDonalds, this is great news! For myself, I haven't eaten McDonalds in several years. And recently, I decided to abandon fast food in general.<br /><br />Not eating at McDonalds was an easy choice, back when I made it. I still remember my first Big Mac. I was 12 years old, and my mom gave me $5 and told me I could eat lunch whereever was within walking distance of where we were. Finally, my big chance! I could finally try that Big Mac that I'd seen so many commercials about. Sadly, it did not live up to the hype. It was "okay", but nothing special. Since then, I had never eaten at McDonalds and thought afterwards, "wow, I'm glad I ate there!" So now I don't eat there anymore.<br /><br />Since then, I've run into disappointment at every fast food establishment I've ever been to. Carl's Jr has one (just one) item on their menu that I like (the Western Bacon), and I always feel like crap after eating it. Wendy's also only has only one menu item I can stand (spicy chicken sandwich), and it's not worth the sheer incompetence that they tend to hire to sell it to me. Even Subway is on my black list, with their selection of styrofoam-inspired breads.<br /><br />The problems with individual restaurants are just the tip of the iceberg. Fast food is famous for its unhealthiness. Granted, most restaurants now offer healthy options, but I have a hard time paying even a dollar (sometimes two or three) for a bag of apple slices, when I could just plan ahead and bring a $0.33 apple from the grocery store with me instead.<br /><br />Fast food menus are not designed for healthy eating. What's interesting to me is how many aspects of this were pioneered by McDonalds. When Ray Kroc first found McDonalds, he was surprised and impressed at the manufacturing-line techniques that were used to churn out fast, cheap burgers. Decades later, McDonalds not only began selling value meals, but actually assigned numbers to them, for convenience. And let's not forget the famed "Supersize" option which everyone copied again. While they don't ask anymore if you'd like to supersize, I'm told you can still ask for it. The most classic example is a Big Mac with large fries and a large Coke. Tasty, no? Not for me. And just between you and me, I've never been a fan of McDonald's fries either.<br /><br />I think my biggest problem with fast food has been using it as a crutch. When I don't bring lunch with me to work, fast food is there to keep me from being hungry. When I forget breakfast in the morning, there are plenty of places I can stop by on the way to work. And when I'm feeling just a little too tired to make my family a delicious and healthy meal, I can always pick up a bag-o-burgers on the way home.<br /><br />Why do I find myself in these situations? I think that it's been a misguided set of priorities, coupled with poor planning. I could get up early and spend a few extra minutes making pancakes to show a little love to my family, or I could stop by McLazy's on the way into work and leave my family to fend for themselves. I could make a little extra for dinner one night so that I can have leftovers to bring into work the next day, or I could buy a bucket of chicken so as not to lose precious TV time.<br /><br />I'm not saying that all restaurants are bad, of course. I'm still okay with casual dining restaurants. I will still go to diners. Fine dining, when it can be afforded, is a fine thing indeed. Even delis are okay with me, in moderation. If I could afford it, I would love to take my family out to eat once every week or two. Eating out is a treat, and a way to experience new foods and keep your palate from getting board. But when any treat becomes habit, it starts to lose meaning and spoil us. I'm not okay with that.<br /><br />Note: I've already been asked this once or twice, so I'd better say it here. As far as I'm concerned, carry-out or delivery pizza is also fast food. I love Pizza Hut, but I don't love the expense, or the idea of using it as a crutch. I can make my own pizza at home, which may take more time and planning, but which will taste 10 times better, and cost less than a half as much.Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-8496800963525315493.post-8176035916008908732010-01-03T15:53:00.000-08:002015-05-17T04:17:24.205-07:00Ice Cream MachinesI got an ice cream freezer for Christmas. It represents the latest in a growing line of equipment that I've had the opportunity to make ice cream with, each progressively better.<br /><br />You see, I started with a frozen core model. This includes a container which has a special solution built into it, which must be frozen for 24 hours before use, and an electric motor. This model was barely serviceable, because it never got cold enough to effectively freeze the ice cream, and it was only good for a 30-minute session. It held somewhere around a quart.<br /><br />My next model was, aside from the fact that it also had an electric motor, a little more old fashioned. You actually had to add alternating layers of ice and salt, which was surprisingly more effective than the frozen core model. I could go for as long as 40 minutes before the ice got melty enough to raise in temperature again. It could also make somewhere around 3 quarts pretty effectively. The most major drawback was the freezer full of ice that you needed to keep around. The second most major drawback was disposing of the salt water. The third biggest was the water that would condensate on the side, and then melt into a puddle around the churn.<br /><br />The first model was a joke. I would never recommend a frozen core to anyone. The second model was about the same price, and while it did have its drawbacks, it at least worked. I figured it would be the model I would use until I got rich and could afford a model with a built-in freezer.<br /><br />Well, that model is what I got for Christmas. It technically holds two quarts, but I have yet to get more than a quart and a half out of it. But that's not the fault of the machine itself. The motor will run until it can't run no more, and then it will stop on its own. Since the built-in freezer won't shut off with the motor, you could probably just add ice cream mixture, turn it on and go shopping, and come back home to ice cream fully ready for consumption.<br /><br />This brings up an important point. The first two models make soft-serve ice cream, which must be quickly moved into containers, and into the freezer, before it is ready to be served. While you can do that with this model, my first batch was actually hard-frozen. I wasn't used to the machine yet, and I ended up letting the motor run until the ice cream was hard.<br /><br />This brings up something else important. I have discovered that, with all of my practice batches so far, I need a minimum of 45 minutes to get a good churn (and sometimes longer), something that my old freezers fell short of. I have also discovered that I no longer need to use egg yolk to get a decent freeze. Before, I always used egg-based recipes, because frozen custard is easier to churn. With one exception, I have yet to use anything egg-based in this freezer.<br /><br />The one exception is eggnog. It's a little late now to do this, but it's something to keep in mind for next year. Commercial eggnog is little more than spiced, unfrozen ice cream. My favorite brand for the past few years has been Southern Comfort's Vanilla Spice Eggnog. They also have a "regular" Southern Comfort Eggnog. Both are alcohol-free (you're supposed to add the Southern Comfort yourself), and I've frozen several batches of the Vanilla Spice version, both for ourselves and for family and friends. For those of you that don't like eggnog, well, I'm guessing you don't like drinking melted ice cream either. And that's fine. It's okay to be wrong sometimes.<br /><br />I will give you a recipe that I've been playing with. It's not perfect yet, but it's still pretty good. And it's totally egg-free:<br /><br />Strawberry Ice Cream (beta version)<br /><br />1 pint half and half<br />1 pound frozen strawberries<br />1/2 cup sugar<br />1 pinch salt<br /><br />Combine all ingredients in a sauce pan and bring to a low simmer, just long enough to dissolve the sugar and thaw the strawberries. Use an immersion blender to puree the strawberries and homogenize the mixture. Cool and refrigerate overnight before freezing, as per your ice cream freezer's instructions. Makes a little over a quart.Unknownnoreply@blogger.com4tag:blogger.com,1999:blog-8496800963525315493.post-58955672440055569632009-12-23T12:43:00.000-08:002015-05-17T04:17:24.217-07:00Amano Chocolate: Dos RiosI can't even tell you how mad I am right now at Art Pollard, at <a href="http://www.amanochocolate.com/">Amano Chocolate</a>. After <a href="http://blog.josephhall.com/2009/09/ecuadorian-chocolate-from-amano.html">my glowing review</a> of his totally excellent <a href="http://www.amanochocolate.com/retail/bars/guayas/">Guayas chocolate</a>, he rewarded me by completely failing to mention that he had another chocolate also on the way: <a href="http://www.amanochocolate.com/retail/bars/dosrios/">Dos Rios</a>. I would have had no idea if I hadn't seen it on the shelf at <a href="http://www.pirate-o.com/">Pirate-O's</a> today.<br /><br />I bought a bar, along with my sandwich for lunch, and headed back to the office. After a few bites of sandwich, I decided that I couldn't wait to try the chocolate. So I put the sandwich down and broke off a piece of chocolate. The second I put it in my mouth, I knew I had a problem. Not only did I not want to finish my sandwich, for fear of losing the flavor that was suddenly in my mouth. In fact, I don't know if I can ever eat another kind of chocolate again. I have officially been ruined.<br /><br />The box that this chocolate comes in describes it as tasting like bergamot oranges, cloves and cinnamon. They're not kidding. The orange punched me in the mouth immediately, and was complimented by an amazing set of spices. I used to like those cheap chocolate oranges that you can find everywhere in America around Christmas time. They are officially crap. This trumps that any day.<br /><br />There is a bitterness that you expect from dark chocolate, but it's not an unpleasant bitterness. I broke off a piece and gave it to <a href="http://blog.harleypig.com/">Harleypig</a>, and told him that he had to try it. The look on his face was classic. He finally said, "I do <span style="font-style:italic;">not</span> like dark chocolate. But I <span style="font-style:italic;">like</span> this." The bitterness is one of the things he mentioned. It's not the dark bitterness of overly dark chocolate, but the pleasant bitterness of an orange that isn't too sweet.<br /><br />You have to try this. If you're in the south part of the Salt Lake valley, go down to Pirate-O's right now and buy a bar. If you're closer to downtown, go to <a href="http://www.caputosdeli.com/">Caputo's</a> and get it. If you're too far from either, order online. This stuff is effing amazing.<br /><br />Disclaimer: Although he's apparently not much of a friend right now, I do know Art Pollard. I don't believe this to have biased my review of the chocolate itself, but that's your call. And maybe if Art starts telling me about new flavors again, I'll acknowledge him as a friend again.<br /><br />Update: Art called, and we talked shop until I had to go change a diaper. We're friends again.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8496800963525315493.post-13761944969944991982009-12-18T13:26:00.000-08:002015-05-17T04:17:24.271-07:00Fun with sshd and straceI suppose this would be a much bigger concern if you could pull it off as an unprivileged user, but you do have to have root access on a server to pull this off. And really, once somebody has root, all bets are off anyway. Still, it's an interesting excercise.<br /><br />In one window, log into a Linux server (RHEL 5.3 in my case) as root. In another window, use ssh to log from a remote machine into the server:<br /><pre><br />jhall@bourdain ~$ sftp guest@myserver<br />Connecting to myserver...<br />guest@myserver's password: <br /></pre><br />When it prompts for the password, hop back over to the server and run ps to figure out which process is handling the connection:<br /><pre><br />[root@myserver ~]# ps auxf | grep ssh<br />root 28705 0.0 0.0 60672 1184 ? Ss 12:32 0:00 /usr/sbin/sshd<br />root 29361 0.0 0.0 86856 3116 ? Ss 14:36 0:00 \_ sshd: guest [priv]<br />sshd 29362 0.0 0.0 62016 1384 ? S 14:36 0:00 \_ sshd: guest [net]<br /></pre><br />What you need from this is the PID of the sshd process with [priv] next to it. In this case, 29361. Use strace to hop in and monitor this process (redirecting STDERR to a file, for later reference):<br /><pre><br />[root@myserver ~]# strace -p 29361 2> strace.log<br /></pre><br />Go back over to the remote system and type in the password. Go back to the server, cancel the strace, and then take a look at the log file. On my system, the 3rd line down had the payload:<br /><pre><br />Process 29361 attached - interrupt to quit<br />read(6, "\0\0\0\f", 4) = 4<br />read(6, "\v\0\0\0\7inmelet", 12) = 12<br />getuid() = 0<br />open("/etc/passwd", O_RDONLY) = 4<br /></pre><br />The text that we're looking for here is "inmelet", which is our sample password. In the clear.<br /><br />Of course, this was a very manual process. But plenty of techniques exist would would allow us to monitor sshd, and launch strace automagically every time a user logged in. Of course, if you're using ssh keys, then there would be no password to see in the clear anyway. I haven't tested to see if you could steal the ssh key though. That might be a fun excercise too.Unknownnoreply@blogger.com2tag:blogger.com,1999:blog-8496800963525315493.post-49440918176423053692009-12-17T11:41:00.000-08:002015-05-17T04:17:24.317-07:00Create a Custom MDA with Postfix and PerlWow, this was a fun one. We have an internal "project manager" that we use at work, instead of my prefered program, <a href="http://bestpractical.com/rt/">RT</a>. The other day, my boss asked me to set up this program so that they could email tasks to it, instead of having to pull up the site to create a new task. The easy part was building the queue into our system. But the fun part was setting up <a href="http://www.postfix.org/">Postfix</a> to receive and parse the emails.<br /><br />My first thought was to set up <a href="http://www.procmail.org/">Procmail</a> to send the messages to my parsing script. I'd never used it before, and I'd heard horror stories about writing "recipes" in it. What I had not heard was how difficult it could be to get it to play right. The mail server that I was using was not one that I had set up, and it had some weirdness about it that I wasn't familiar with. After fighting with Postfix and Procmail for a while, I managed to learn enough about Postfix configuration to realize that I might as well just skip Procmail, and write my own <a href="http://en.wikipedia.org/wiki/Mail_delivery_agent">MDA</a>.<br /><br />Now, when I say MDA, it's a bit of a misnomer. It receives and parses emails, but rather than filtering and delivering emails to a specific mailbox, it dumps a few fields into a database. To avoid confounding the issue too much, I will try and keep this post to the bare minimum. My setup uses virtual mailboxes, but I won't go into the steps to set that up. I also won't cover the DBI code that I wrote. If I get enough requests, maybe those can go into other posts.<br /><br />First things first. You need to edit the mail.cf file to set up some transports. There were two specific lines that I needed to add to mine:<br /><pre><br />virtual_transport = virtual<br />transport_maps = hash:/etc/postfix/transport<br /></pre><br />This allows me to only send messages sent to specific email addresses to my MDA. So the next step is to add the addresses to /etc/postfix/transport that you want forwarded to your MDA:<br /><pre><br />tasks@mytaskmanager.com mymda<br />projects@mytaskmanager.com mymda<br /></pre><br />Make sure to hash the file once you've edited it:<br /><pre><br />postmap /etc/postfix/transport<br /></pre><br />You've probably guessed that "mymda" is what you're going to call your MDA. This doesn't have to be the name of your script, it's just a pointer to the lines that you're about to add to your master.cf file:<br /><pre><br />mymda unix - n n - - pipe<br /> flags=R user=vmail argv=/usr/local/bin/mymdascript.pl USER=${user} EXTENSION=${extension}<br /></pre><br />You can see in here where we actually define the name of your script, in this case "/usr/local/bin/mymdascript.pl". Now that we're done with the Postfix configuration (remember to restart postfix for it to take effect), we can go ahead and set up that script. It's going to look something like this:<br /><pre><br />#!/usr/bin/perl<br /><br />use Mail::Internet;<br /><br />my @rfc2822 = <STDIN>;<br />my $email = Mail::Internet->new( [ @rfc2822 ] );<br /><br />my $from = $email->head->get("From");<br />my $date = $email->head->get("Date");<br />my $subject = $email->head->get("Subject");<br />my $body = $email->body();<br />$body = join( '', @$body );<br />...snip...<br /></pre><br />This is a very, very basic script. It will receive the email from Postfix using STDIN, and to save you the trouble of parsing it out manually, I just ran it through Mail::Internet (part of the <a href="http://search.cpan.org/~markov/MailTools-2.04/">MailTools</a> package).<br /><br />Keep in mind that each line that you pull out of the message will have a newline in it, so $from, $date, $subject, etc. may need to be chomped, depending on your needs. Also, the date is <span style="font-style:italic;">hopefully</span> in RFC2822 format, so in my case, I had to run it throught <a href="http://search.cpan.org/~drolsky/DateTime-Format-Mail-0.3001/lib/DateTime/Format/Mail.pm">DateTime::Format::Mail</a> to get it ready for MySQL.<br /><br />Like I said, this isn't a full MDA. But it can be used for accepting things like commands, preformatted data, etc. from email and processing them, without having to deal with the overhead of something like Procmail. And if you want to use it to write a full-featured MDA, by all means feel free. And really, now that you know that the script is going to pull the message from STDIN, you're free to use C, Python, even Bash if you want.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8496800963525315493.post-19340074001223617822009-12-13T06:48:00.000-08:002015-05-17T04:17:24.405-07:00Cinnamin Craisin Muffins<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://i122.photobucket.com/albums/o242/techhat/SunDec13074913MST2009.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://i122.photobucket.com/albums/o242/techhat/SunDec13073708MST2009.jpg" alt="" border="0" /></a><br /><br />Okay, so I have a thing for silicone <a href="http://www.wilton.com/store/site/product.cfm?id=1B62CE8A-423B-522D-FE15B18CAFE7D727&killnav=1">baking</a> <a href="http://www.wilton.com/store/site/product.cfm?id=1B64477E-423B-522D-F114DDE696FD0729&killnav=1">molds</a>. And I know the shapes weren't quite what I wanted. So sue me.<br /><br />Baking molds aside, these muffins are the perfect way to start off a cold, wintery day. As with most muffins, it takes longer for the oven to preheat before than it takes to mix everything together, so set your oven to 375F a good 10 minutes before you start mixing. <br /><br />1 1/2 cups flour<br />1 1/2 tsp baking powder<br />1/2 tsp salt<br />1/2 tsp nutmeg<br />1 Tbsp cinnamon<br />1/2 cup melted butter<br />1 cup packed brown sugar<br />1 whole chicken egg<br />1/2 cup milk<br />2 oz craisins<br /><br />Being muffins, we use the muffin method: whisk together the dry stuff (flour, baking powder, salt, nutmeg and cinnamon) in one bowl, whisk together the wet stuff (melted butter, brown sugar, egg and milk) in another bowl, then combine and mix together with a spatula (trust me it's easier to combine wet and dry with that than with a whisk). Fold in the craisins, pour into prepared muffin tins, and bake for 20 to 25 minutes at 375F.<br /><br />On a diet? Or maybe just looking for a way to add a little extra flavor? I'm told that with the muffin method, you can swap out the liquid fat with apple sauce, cup for cup. I didn't try it with this recipe, but I've done it before and it's worked well. And you can still spread on butter after it bakes, so don't worry about losing that goodness.Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8496800963525315493.post-1607280501268300262009-12-07T05:00:00.000-08:002015-05-17T04:17:24.486-07:00Periodic Tables of FoodA couple of days ago, I stumbled upon a poster at <a href="http://www.allposters.com/">AllPosters</a> of a <a href="http://www.allposters.com/-sp/Periodic-Table-of-Vegetables-Posters_i338062_.htm">Periodic Table of Vegetables</a>. It's an interesting concept, to be sure. <a href="http://en.wikipedia.org/wiki/Periodic_table">The Periodic Table of the Elements</a> is a mapping of a particular type of data, organized by groups (columns) and periods (rows). Why not use the same style as a visual representation of something tastier?<br /><br />Unfortunately, the image is a little too small to make out most of the veggies clearly, but it got me wondering what other kinds of periodic tables of food exist. The search was, and still is, on. I found several interesting tables of food, a couple of which I had even seen before. I also found non-food tables, my favorite being of <a href="http://www.crackteam.org/2009/04/02/periodic-table-of-game-controllers/">game controllers</a>. Here's what I've found so far:<br /><br />The table that I've found myself looking at, and wanting to hang up on my wall the most, is the <a href="http://www.eblong.com/zarf/periodic/closeup.html">Periodic Table of Dessert</a>. It breaks down its categorization into separate ingredients, which is important, because that's pretty much what the elemental table does. It makes an excellent effort to categorize things clearly, and assigns one- or two-letter symbols to each item. However, it does contain far fewer columns than the original, and uses symbols that I don't necessarily agree with (why P for peanut butter, instead of PB? How does M signify honey?). I would love to send this table through another revision. On the bright side, it is accompanied by a thermal spectrum (which doesn't make a whole lot of sense to me) and what appears to be the crystaline structures for several compounds (which is just awesome). These are all available together as a single poster.<br /><br />Next up is the <a href="http://backtable.org/~blade/fnord/condiments.html">Table of Condiments that Periodically Go Bad</a>. Unlike the dessert table, this table is numbered. Unfortunately, the numbers really only make sense paradoically (is that a word?). Again, elements are given symbols, and any that crossover to the dessert table actually seem to match. This kills me. I don't think that salt should be S, I think it should be Sl or Sa. Ideally, we would break into a three-letter designation, and use Sal. <End Rant> The most important part of this table is the designation for each condiment of how long you have before it goes bad. Very nice, in terms of food safety.<br /><br />The <a href="http://www.ethicurean.com/wp-content/uploads/2006/09/foodstorage_big.jpg">Periodic Table of Produce</a> is similar, except that it feels much more serious to me. Really, it's a table of food storage of fresh produce, including storage suggestions and timelines to when a particular veg will go bad. I would love to find a higher-quality version of this, and put it on my refrigerator door.<br /><br />Growing more complex, we have a <a href="http://www.paintingbynumbers.com/print/print.php?item=p1">Periodic Table of Cheeses</a>, complete with full <a href="http://www.cafepress.com/cheesetable">merchandizing</a> on t-shirts, mugs, mouse pads and, of course, posters. According to the site, this table was created by the blind Russian cook Anatoli Grigor Konchalovsky, apparently in 1865. I don't know how true that is, but if it is, that probably makes it the first periodic parody of food. Some thought has clearly gone into its organization, but I'm not entirely sure yet what each color means, or how some of the groupings fit. I love the "Noble Cheeses" classification, though.<br /><br />I found the <a href="http://www.findyourcraving.com/musing/cereal-periodic-table">Periodic Breakfast Table</a> interesting, though I haven't yet found a copy that looks to be complete. Offhand, it seems to be sorted visually, rather than by type of grain, manufacturer, history, etc. It does have some of this printed with each cereal, but it doesn't seem to be sorted that way.<br /><br />Going back to deserts, there was a <a href="http://www.womansday.com/Articles/Food/Recipes/Periodic-Table-of-Cupcakes.html">Periodic Table of Cupcakes</a> posted in Women's Day earlier this year. There's a part of me that is impressed, because I never would have expected any mainstream periodical (other than the venerable <a href="http://www.cooksillustrated.com/">Cook's Illustrated</a>) to expect their readers to enjoy a scientific nod like this. But then another part of me looks at the actual cupcakes printed, and would be entirely confused by the majority of them if it didn't know that really it's probably just a marketing gimmick for their own recipes. Still, it's cool.<br /><br />The <a href="http://www.drchinese.com/periodic_table_of_candy.html">Periodic Table of Candy</a> looks to be entirely parody, listing commercial candy varieties, numbered, and in alphabetical order. I haven't decided yet whether the little girl at the top is cute or frightening.<br /><br />Our journey is almost over. Back at AllPosters, I also came across a poster of the <a href="http://www.allposters.com/gallery.asp?startat=/getposter.asp&APNum=4850098&CID=BDBD6E4B81F14B00A85940DA92638F81">Periodic Table of Sandwichry</a>. There is no way I can make out anything sensible on this, but as one of the cheaper posted presented, I might be willing to order it along with something else.<br /><br />To finish up, I present to you the Periodic Tables of <a href="http://www.globalprints.com/gp_itemview.php?id=HMR31020">Beer Styles</a> and of <a href="http://www.allposters.com/gallery.asp?startat=/getposter.asp&APNum=358495&CID=BDBD6E4B81F14B00A85940DA92638F81">Mixology</a>. Add these to the category of "Text to small to read, so no clue as to any useful information, including accuracy." Still, it's a nice thought.Unknownnoreply@blogger.com4tag:blogger.com,1999:blog-8496800963525315493.post-133574039695433442009-12-01T09:13:00.000-08:002015-05-17T04:17:24.499-07:00T-Shirts For Sale!<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://powerwhisk.spreadshirt.com/"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="http://blog.josephhall.com/uploaded_images/spreadshirt-2009-12-01.png" alt="" border="0" /></a><br /><br />Some of you may recall that when I did my Object Oriented Cooking presentation at the 2009 Utah Open Source Conference, I was wearing a t-shirt with an 8-bit stand mixer on it, instead of one of the bowling shirts that I usually wear. I actually designed and had that shirt made about a year ago. The idea was always to put up a few designs for sale, but I never got around to it; mostly because I only ever came up with one other design that I was even remotely happy with.<br /><br />Well, a couple of nights ago, I got an idea for another design. It was based on the source code that I used in my presentation for a PB&J sandwich, written in Perl. I drew up the 8-bit graphics, added the source code to the back of the shirt, and after a couple of revisions, posted it for sale.<br /><br />I now have three shirt designs for sale, in my Spreadshirt store. All feature 8-bit graphics depicting various food-related items. We have the stand mixer that I wore at the conference, a big-ol' jug of moonshine, and of source the PB&J in Perl. And just in time for Christmas too!<br /><br />So if you want to show your geek side and your food side all at once, head over to my <a href="http://powerwhisk.spreadshirt.com/">Spreadshirt store</a> and grab a t-shirt. Or direct your friends and/or family members in that direction! I'll post more shirts as ideas come to me, but at least now we have an appetizer to get everyone started.Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-8496800963525315493.post-33363557099910709662009-10-23T08:27:00.000-07:002015-05-17T04:17:24.557-07:00Mitigating the Evil Maid AttackThe <a href="http://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html">security world</a> is buzzing with news of the so-called "<a href="http://pthree.org/2009/10/23/evil-maid/">evil maid</a>" attack. The basic warning is this: no matter how secure you think you are, you aren't. Full-disk encryption is now provably breakable, and without actually having to break the encryption itself. All you need to do is get ahold of a computer that has been shut down, boot to your own boot device, screw with the boot loader, and shut down again... and then come back after the computer has been turned on and logged into by the real user.<br /><br />This attack has been called the evil maid attack because a hotel maid is in a perfect position to accomplish this. They have access to the room when you're not around, and leaving a "do not disturb" sign on your door is hardly a deterrent. If you stay at a hotel multiple nights in a row, and you leave your computer in your room while you're not around, you are leaving yourself at risk. You may be the subject of a targetted attack, where the attacker poses as a maid or otherwise gains access to your hotel room while you're out. Or an attacker may get an actual job as a maid at a high-profile hotel, where they know that plenty of secrets will always be passing their way, waiting to be stolen.<br /><br />There are measures you can take to try and prevent this attack from occuring in the first place. Think of them in terms of both intrusion prevention, and intrusion detection. For instance, a BIOS password can be difficult at best to compromise on a laptop. This is an aspect of intrusion prevention. Of course, it is still possible to reset the BIOS password on a laptop, which will then give the attacker access to install the attack MBR. But if you turn on your computer and there is suddenly no password, when you previously had one, then you know that something is amiss. This is a form of intrusion detection.<br /><br />You could always use a thumb drive to boot your machine, which would make an evil maid attack against your actual hard drive completely worthless. This introduces another aspect of computer security, which security experts will always disparage, called "security through obscurity". If the attacker doesn't know that you use this method, then they won't be able to attack against it. The problem with this method is, now you have to protect both your boot key, and your laptop. If you only use one thumb drive to boot your machine, and that drive somehow gets damaged (water, static electricity, EMF), then you lose the ability to use your computer.<br /><br />You could change your password on every boot. Using traditional methods, this is is tedius, and inconvenient, and ignores the fact that the modified boot record might be prepared for it anyway. You could use a password <a href="http://en.wikipedia.org/wiki/Dongle">dongle</a>, but that suffers from the same limitations as the thumb drive.<br /><br />You could leave your computer on, of course. If somebody shuts it down and messes with your boot record, then you'll at least be able to detect that. But then your computer is also susceptable to a <a href="http://en.wikipedia.org/wiki/Cold_boot_attack">cold boot attack</a>, which doesn't require the attacker to return later, so that's out. Using a fingerprint scanner for authentication? Your fingerprints are probably everywhere on your computer already, and even the Mythbusters were able to <a href="http://en.wikipedia.org/wiki/MythBusters_(2006_season)#Fingerprint_Lock">fool these</a> using little more than a photocopy.<br /><br />So it would seem that leaving your computer off while you're not in the room is safer than leaving it on. Using alternative boot methods helps, but cannot completely prevent. Using a combination of methods is best, and while it may not provide 100% protection, it can slow down the attacker, and that <span style="font-style:italic;">may</span> be enough.<br /><br />Anybody else have any other methods that I missed?Unknownnoreply@blogger.com0tag:blogger.com,1999:blog-8496800963525315493.post-70492678791979255682009-10-21T18:45:00.000-07:002015-05-17T04:17:24.630-07:00Whiskerino 2009<span style="font-style:italic;">"He that hath a beard is more than a youth, and he that hath no beard is less than a man." - William Shakespeare</span><br /><br />The great <a href="http://whiskerino.org/2009/">Whiskerino 2009</a> is nigh at hand. In short, it is a beard-growing contest. The basic idea is, on November 1st, you shave. Everything comes off. And then you don't shave again until the end of February.<br /><br />I have a lot of friends who have never seen me without a beard. When I met my wife, I had a goatee, and by the time our first child was born, I was sporting a full beard. Neither has ever seen me without facial hair. I'm a little worried my daughter won't recognize me.<br /><br />I'm not <span style="font-style:italic;">that</span> worried though. We had a dress code at cooking school that stated that you could have a beard or no beard, but you could not be in the stages of growing a beard. I knew that if we had a three-day weekend, I would have enough time to grow a long enough beard to be within the requirements of the dress code.<br /><br />Of course I'm planning to enter the Whiskerino. I have a few friends that plan to as well. One rule is, you must post photos of your beard at least every 7 days, and more often towards the end. Never before has my beard been so well documented. I plan to post photos on my blog as well. For those who only read it via RSS, you're out of luck. I will be posting the photos on the side bar on my site.<br /><br />If anybody out there has been contemplating growing a beard but waiting for the right time, the right time is now. Well, in a week and a half. I issue a challenge to all of my geek friends out there with the ability to grow facial hair. Even Shakespeare knew the importance of a Unix beard. Now is your beard's time to shine!Unknownnoreply@blogger.com3tag:blogger.com,1999:blog-8496800963525315493.post-7807670132755107322009-09-29T20:41:00.000-07:002015-05-17T04:17:24.641-07:00The Boy Scout MottoBe Prepared. That is the motto of the Boy Scouts of America. And everyone loves the boy scouts, right? Okay, maybe not everyone. I remember hearing kids in school make fun of boy scouts. I also remember those same kids, not too long after high school, stumbling around drunk at a local grocery store, making fun of anything they could manage to focus on. Kind of puts things into focus, doesn't it?<br /><br />What does it mean to me to be prepared? I don't board an airplane without snacks, bottled water and sufficient reading material; you never know how much time you'll spend in the air or even just on the runway. I keep small sewing kits and first aid kits in my car, along with a flashlight, a roll of paper shop towels, and of course, jumper cables. And I've used all of them. I keep a spare laptop power brick in my work backpack, and have ended up using it on a number of occasions, sometimes because I forgot mine, but often because somebody else forgot theirs.<br /><br />Being prepared means thinking about things that might happen, so that if and when they do happen, you don't get caught with your pants down. Of course, we can't think of everything that might happen, but we do our best. And one of the things that I like to keep stocked is my food storage. I started slowly building it when I got married, and when I got laid off a year and a half later and was out of work for six weeks, my family and I were fed.<br /><br />I was dismayed some time ago to discover that there is a name for people like me: preppers. It sounds like "pepper", which is kind of cool, but reeks of "Trekker", which is completely uncool (even for me, and I also reek of uncool). But it gets worse. See, a lot of preppers believe that in addition to their food storage, they must also prepare for things like civil unrest. I don't think this is entirely unfounded. Anyone that's been through, or even seen on TV, riots and looting in large cities because of everything from natural disasters to local sports teams winning (or losing) would be a fool to find civil unrest unlikely.<br /><br />I don't mind them stocking up on their guns and ammo. It's not my thing, but I'm not going to slam on them either. But what kills me is when their efforts to ensure their families' safety makes them look like gun-toting fanatics who will try to cease power at their earliest opportunity. I don't see it like that, but a lot of people do.<br /><br />That's right. Some people actually have actually expressed discontent and fear at preppers, for a variety of reasons, including the one I just mentioned. One person, who's vanity mandated that her blog's name included the words "pretty girl", has stated that "<a href="http://prettygirlsays.wordpress.com/2009/09/22/preppers-scare-the-crap-out-of-me/">Preppers Scare the Crap Out of Me</a>". Her post is filled with a torrent of misinformation, and even tries to bring politics into condemning what I consider to be common sense: being prepared. For the record, I'm a little jaded that <a href="http://www.utahpreppers.com/2009/09/a-liberals-view-of-preppers/">the post</a> that refered me to hers also brought politics into it. Look, I don't care whether you're liberal, conservative, moderate, etc: when disaster happens, if you're not prepared, it may mean the difference between life and death, or at the very least, confinement and freedom.<br /><br />Hundreds of years ago, back before the days when American politics invaded our society, way before the Boy Scouts, there was a dude named Aesop. I don't know if he really came up with the story of <a href="http://en.wikipedia.org/wiki/The_Ant_and_the_Grasshopper">The Ant and the Grasshopper</a>, but the moral is clear: being prepared can save your life.<br /><br />My favorite part of the pretty girl's post is her closing thought: "For now though, I’m stocking up on sugary rum and tequila and calling it a day." Well, at least she has a plan, even if it is no more than to drink herself into a drunken stupor.<br /><br />Kind of puts things into focus, doesn't it?Unknownnoreply@blogger.com4tag:blogger.com,1999:blog-8496800963525315493.post-67248393997138892202009-09-17T13:00:00.000-07:002015-05-17T04:17:24.697-07:00Speaking at UTOSC 2009Those of you in or near Utah may be interested to know that this year's <a href="http://2009.utosc.com/">Utah Open Source Conference</a> is on the horizon. There's a full schedule at this conference, and I'm please to announce that I will be making two presentations this year. I thought I'd let you know what I'll be presenting on, using the text from the program descriptions:<br /><br /><span style="font-weight:bold;">Monitoring Your Servers</span><br />Friday, October 9, 6:15pm<br />Monitoring servers has become increasingly important in recent years, as downtime has become increasingly unacceptable. Countless tools exist to notify admins when downtime occurs, and possibly raise flags beforehand to keep it from happening in the first place. This session will explore some of the tools available, and discuss which ones are most appropriate for certain situations.<br /><br /><span style="font-weight:bold;">Object Oriented Cooking</span><br />Saturday, October 10, 4:45pm<br /><br />It seems that more and more geeks are discovering a fascination with cooking. Whether you're a geek that lives to cook or just cooks to live, Object Oriented Cooking is for you! Geek chef Joseph Hall will show you how smaller recipes can become objects, ready to be included on a whim in larger recipes. As you begin to understand how code reuse can happen in the kitchen, your meals will become both easier and tastier.<br /><br />Of course, the problem with making two presentations instead of one, like in years past, is that now I have to prepare twice as much content to present. The first year I was talked into teaching a cooking class, even though it wasn't technically computer-related. The second year, I taught a Perl class instead, partly in order to stay on topic with the rest of the conference. By popular demand (I had people asking about it as early as last year's conference) the cooking class is back this year, but with a twist: I'm trying to present cooking in a format which is more familiar to geeks.<br /><br />The server monitoring session is something that I'm planning to use to explain my own personal quest to keep an eye on my servers, both at home, and at work. Mostly at work. Because of my specific needs, some solutions were more appropriate than others. Obviously, your needs will probably vary. The idea is not necessarily to describe specific technologies, but to help identify which technologies are most appropriate for your specific needs.<br /><br />If past years are any indication, then we're going to be in for an exciting conference in general. If you haven't registered yet, <a href="http://2009.utosc.com/pages/registration/">now's the time</a>.Unknownnoreply@blogger.com2