Wednesday, 8 December 2010

Web serving from home (Part 2)

As related in the previous post, I installed a clean version of OpenBSD on a Sun Netra T1. With all the daemons running, I decided to put it on the web --- if I could. After all, this means I have to open port 80 (http) and since we had switched to FiOS I didn't know if I could do this.

So, I logged into the router and set the security to nothing. I then realized I could put the new machine (shieldaig, named after a small coastal town in Scotland) in the DMZ. This is a more secure idea than exposing all of our machines to the wild wooly world. But, to do this meant I had to have a static address for shieldaig. That was easy enough to do ... but then I didn't have a local name! Why not? Because... in order to register the machine with the local DNS server at the router, I have to use the DHCP server. But, for once I remembered how I'd solved this problem: aliases. shieldaid has two addresses: one static, one dynamic. The static one doesn't have a name, so that's OK. Back to the router: I put the new static address in the DMZ field. I now checked that port 80 was open. It was!

So, what's the name of this machine? That's the question. Since I'd paid for kahrs.us what I needed was a DNS mapping from this name to it's IP address. I found a free DNS server --- but now the problem was how to make the DNS address point to the IP address. It took me several days of off and on tinkering to realize that the DNS server had to be all on the free DNS server. Once I did that, then the free DNS server was happy and accepted my IP address.

Now, I have to mention that FiOS has Dynamic IP unless you want to pay big bucks. It's just another layer of DHCP above our router after all... So, this means our address could change. But it appears that Verizon has set a huge timeout for the Dynamic DNS, so thus far I haven't had to reset our DNS address. Cool.

One last thing: I was trying to figure out why going to www.kahrs.us didn't work from outside. Well, turns out it gets mapped to shieldaig.kahrs.us and unless that's in the DNS entry as well, it won't work. Simple fix again.

At this point, shieldaig was now on the web. And lo and behold, immediately it was under attack. The samba server was hit constantly but since the addresses weren't local, it just failed. Then there's the constant script kiddy attacks on the sshd daemon. If it weren't so funny, I would love to trap them. I watch the logs that show constant login attempts to root (which is disabled via ssh) and then also watch as they march up the alphabet trying name after name.

I also see what's going on with web access. The machine has been found by both google and yahoo (yahoo was first). I'm wondering when random web accesses will start... thus far it's only been people who we know.

The last conundrum is why accessing www.kahrs.us fails locally but succeeds outside. I've just put this as a DNS question and decided that it doesn't really matter.

My final step was moving the machine down to the basement to live next to the router. Thus far, OpenBSD has been rock solid. And the shitehead script kiddies are deeply unsatisfied. Excellent!

Saturday, 4 December 2010

Web serving from home (Part 1)

In an earlier post, I mentioned that I was going to lose my long time web home at caip.rutgers.edu --- Since I was long gone from caip, I suppose it was about time. So, what was I going to do for a replacement? I decided maybe now was the time to take it into my own hands...

Sometime earlier I had acquired a Sun Netra T1 as a possible web machine. I had an X1 in mind, but the T1 was certainly cheap enough. It's packaged in a nice 1U box and has a very simple interface to the outside world. Two ethernet ports, a serial port and that's about it. My machine didn't have a disk but included one sled. Good thing. I happened to have a stockpile of 40 GB disks, so I installed it in the machine. Good, what next? Software, that's what. I decided to go for OpenBSD because (a) it's a BSD derivative and I know BSD from my grad skool days (b) The price is right (c) it's said to be very secure. But how do I get it onto my disk? Fortunately for me, I had torn apart a PC and had a CD-ROM available. So, I plugged it into the second IDE slot and powered the machine up. Oh yes, and connected the serial port to my lab PC.

The machine came to life easily enough but proceeded to put my in the Sun Lights Out Monitor (LOM). The LOM is yet another supervisor layer for the machine --- reminds me of the PDP-11/45 used on the PDP-10/L ... So, the problem was as soon as I told it to boot from the cdrom (in the console) then it would complain about the Fast MMU error. I'd seen this before --- a long time before but couldn't remember what it was. Google to the rescue. I found a post that claimed that this error was due to a missing password in the LOM. You've got to be kidding. But what had I to lose? I created a password and tried again. Still failed. Ah! Maybe I should logout and log back in? You guessed it. It worked. So, there I was booting from the CD-ROM and writing to the disk. I couldn't believe it.

I installed OpenBSD and it all worked. But then I changed my mind about the disk allocation. Maybe I should put most of the space for web pages? It was almost trivial to go back and re-install. After that, I had to work on the ethernet interfaces. I wanted to have two ports: one for the router and one for the local machines but decided it really didn't make much difference. So one port it was. OpenBSD comes ready to serve pages: it already has Apache on it. So, I really didn't need to install any packages. In addition, I decided to move the services served by my own machine to this server (such as BOOTP, RARP and friends). I easily moved them over.

Finally, I was looking at a reasonably nice machine. I was impressed at how fast it served pages. It seemed fairly secure. I enabled samba for the local house machines but turned it off for everyone else (this will turn out to be important). Finally, I decided it was time to remove the CD-ROM and put the lid back on. The next and final step would be to place it on the net ...

Marshall Leach

I find obituaries fascinating. There are so many interesting people that we never meet. I think it's only fair that I contribute. In this case, I never met the man. Marshall Leach died at age 70 as a full professor at Ga. Tech. He was certainly not retired and had a full teaching schedule. What's notable about Leach is that from all appearances, he was an idiosyncratic type with a great sense of humor. But what I know of him is his academic legacy. My last paper on SPICE modeling of headphones is a direct descendant of his paper on SPICE modeling in Electroacoustics. It was his paper that led me into all of Olson's papers on electroacoustic modeling and simulation. Unlike many, he published sporadically but his papers were always interesting to read. His paper on low noise electronics in Proc. of the IEEE is a clear exposition of the problems and solutions to low noise design. He received four teaching awards from the students. Clearly, he was perfect in his roles as teaching and advisor. His legacy comprises the papers he published and the many students he taught. And that's a life well lived.

Sunday, 19 September 2010

Mise en Place and Garde Manger

This post is stimulated by two items: First, I am reading a commercial book entitled "Modern Garde Manger" by Garlough and Campbell. Written for the aspiring chef, it's full of little historical tidbits such as the origin of the brigade system (dating back to Escouffier). The authors try to instill pride in the student... So different from a university textbook (an interesting topic perhaps for another day). The second inspiration is from a recent Times article concerning a recent cookbook by Sara Mouton. This chef has discovered that home cooks don't do mise en place - shock and amazement. So, now onto my take on this: when is mise en place appropriate?

Let me start with a bit of personal history: I really learned to cook during my junior year in college. I was living in an on campus apartment with four other guys. And, I was the only one who had a clue about how to shop and how to cook. My mother had sent me to Macy*s with the assignment to buy something for the school year. She had hoped I would buy some shirts or something. Instead I came back with "The Joy of Cooking". Far more useful, really. So, I spent most of that junior year shopping and cooking. And one of the most important lessons I learned was how to time the various dishes so they would come out at the same time. This is a critical skill in any cook. For complex meals, I actually work out a diagram that shows dependencies complete with timings. This is so I don't have to worry about losing track of what to do next and as a warning not to get involved with something that's not on the time critical path.

So, back to mise en place. There is no reason to do this for most meals. Frankly, half the fun of cooking is working several stations at once and then having it all come together at the end. I enjoy the multi-tasking that requires. However, for a complex meal at home (say, the French Laundry), then mise en place is essential. I find this particularly appropriate when you need to finish a dish while guests are at the table. There is no time to lose --- everything must be ready. Earlier in my cooking career I was often miss half the meal since I'd be at the stove. Now, I've figured it out. Mise en place must be totally complete --- don't wait until the last minute to chop those herbs, do it before you're out of time. Make half the dessert and then finish it as you need it (this is particularly effective with the molten chocolate cakes). The only downside is that the cleanup at the end is more because all of those little dishes are hanging around at the end.

As for Garde Manger, I am pleased to note that I already knew most of it. The recipe for haggis was new, but for the most part, I was competent although my skill in turning potatoes into rondelles is unknown. I've always fought against such fussiness. But when it comes to dice, I'm there.

Sunday, 18 April 2010

On chickens and stock

Some number of uncountable years ago, I was fed up with the commercial butchery of chickens. I decided to learn how to "process" them. What follows are some of my thoughts on this (messy) process. After washing the bird inside and out, I set out to (1) remove legs and wings (2) cut off the breasts and then create a stock. Oh, and fry up the liver for the liver consumer in the household.

Start breast side up. In step (1), I first remove the legs (and thighs). This is done by pulling gently on the leg with one hand whilst slicing gently through the skin. Next, viciously dislocate the joint by pulling the wrong way. You'll know it. Then slice around the joint. There, you have a thigh and drumstick. From there you separate the two by slicing through the joint. You can find it by feeling it. Even if you miss it's still easy to separate (it's not bone). Repeat for the other side.

In step (2), you dislocate the joint again and cut around with the knife. I cut off the wing tips to put in the stock pot. My mother objects because this is one of her favorite parts. So it goes. Repeat on the other side.

The last step is to cut along the breast bone, keeping the knife close to the bone but not into the bone. It's more of a clean slicing action. You'll also need to cut around the wish bone to release the breast. The supreme (where's my accent?) can be removed if you want. Repeat on the other side. The knife work is done.

At this point, you have a carcass. I throw it in a tall pot with whatever I can find, but celery is a must add. Onions also. I add cold water and turn on the heat and try not to let it boil. And I do skim the scum off the top when I can remember. I push it to the back burner and let it do its thing for hours (until I go to bed). If I was truly obsessive, then I suppose I could use egg whites to create a raft and really get a clear stock. I'm not that fussy.

I freeze the stock unless I have immediate plans for it. Like risotto. But that is the subject of another post.

Thursday, 18 March 2010

On the web

Or, subtitled, how I fought the Verizon modem and won.

For DSL service, Verizon supplies a model 7500 Versalink modem. This modem is also a router and I have it set up to be our DHCP server as well. It certainly works well and I am fairly content with it. But recently, I was threatened with the loss of my web page. This was enough for me to swing into action and put an ancient Sparcy (Ultra 2) into action. It's interesting to note that the current version of Solaris is incompatible with ancient hardware like this. So, my next choice was something secure, so I went for OpenBSD. I had various adventures with the dead CD-ROM reader, the incompatible external CD-ROM reader, etc. I finally was able to netboot it only to discover that OpenBSD didn't like the onboard SCSI drives. Say what? Well, that meant NetBSD. And you know what? It worked right out of the box. I had to get the package manager up and running so I could get apache. And apache also worked straight up. So, onto the web... And the router.

It seemed simple enough: just enable port 80 (HTTP) and we'll be ready to go. Not so fast! First, there's the issue of host addresses: I wanted the machine (now named "cullen" after the town in Scotland named for skink, a certain stew) to have a static IP address. Well, if I did that then the router had trouble (I went for a different subnet and it didn't like that). I eventually figured out that I could have it both ways! In the deep recesses of my mind was the notion of aliases and this is what I did: One static, one dynamic.

Back to the router. I tried to open up port 80 by creating a new profile called "cullen" (shock). Didn't work. All the external tools said it was closed. After sleeping on it, I decided that maybe this additional port forwarding didn't work... Maybe I should add it to the "default" profile. And lo and behold. The port was open.

One of the interesting tidbits from this is that in spite of registering with dyndns.org, if I try and put the symbolic host address into the brower, I'll get the modem/router home page. But if I am external, I definitely get the right page. At this point I don't care. Originally, I was also going to enable SSH but I am tired of script kiddies, so for the time being it's closed. I might open it when I go away...

The machine also had two ethernet ports --- I might use one for a direct connection to the router and the other for internal net traffic. It should handle that. Famous last words.

White Sauce Pizza

I know, it's an abomination, but I've been working on "white sauce pizza". As I see it currently (subject to change), there are 3 (count 'em) methods of pizza construction: (1) red sauce (2) white sauce (3) no sauce. The typical american pizza is of course #1. Escarole and caper is an example of #3. So, what about #2? Well, it all starts with salsa besciamella (a.k.a. bechamel). So, it follows the following "rule": 2:2:1 --- 2 T butter, 2 T flour and 1 cup of milk. A whisk is a good accessory here. It's also important to keep the heat low so that the butter doesn't brown and the flour doesn't toast (this isn't a cajun roux after all). I add parmesan and romano cheese to the finished product. The last step is to add the vegie (last experiment involved swiss chard and carmelized onions). It was tasty but I thought it had a few faults: (a) the sauce should be thick --- if it's too loose, it will be too wet and so will the pizza. Which leads me to (b) Perhaps a light coating of olive oil would prevent the dough from getting excessively soggy. Other toppings I've done with a white sauce include baby artichokes with pancetta (a power combination if there ever was one).

Thursday, 14 January 2010

Pizza

I've been thinking about pizza lately. I believe that a lot of cook shy away from it because they believe that it's complicated. Nothing could be more untrue. I will say, however, that having the right equipment makes it easier. This means (a) a pizza stone and (b) a pizza peel (that's the paddle). The reason for the stone is to get the nice crust on the bottom --- the reason for the peel is to extract the floppy pizza from the oven (and turn it if you are so adventurous).

Let's now discuss the dough itself. It's not complex, even for someone who is not a baker. I use Nick Maglieri's recipe from How to Bake. I have it memorized: 3 cups flour + 1 tsp salt. Then 5/4 moderate temperature water (this is the secret: it should be like baby milk) and 1 pack yeast. I like to goose it up by adding a tiny bit of honey to the warm water. The yeast eats it up and starts to "bloom". Oh, and some olive oil. I mix wet with dry, use the paddle until it looks right (meaning not too wet [sticky] and not too dry [can't stick together]). Then I switch to the dough hook and let it go until it's smooth. Then it's onto the marble for a quick knead and then back in the bowl to rise.

Meanwhile, I make the sauce. Sometimes tomato and sometimes not. Escarole and capers (and olives) is a favorite. The secret here is to saute (anyone have an accent to spare?) the escarole with garlic first ... and put in a colander. Then you can add the rest later if you want. In my experience, I can literally do the whole thing in an hour. The new super fast yeast will do its thing while you make the sauce.

Now, I have to admit, this does not result in a true Neopolitan crust that I remember from my time teaching at the Universita di Napoli... That crust is super thin and cooked in a special conical oven. But in spite of this, it's a worthy consumable.

Finally, a note on flour. I have tried both the Italian 000 pizza flour and the American pizza flour (again obtained from PennMac). Both are good. It is rumored that the American flour has more malt in it. I'd like to experiment with that sometime in the future.