Month: January 2021

Body Butter, Take 2

I tried making body butter last year — it was not a success. There were fairly large chunks of solid oil. It worked, they melted eventually so it worked. But it wasn’t something I wanted to give away to friends. In researching, I found some people add sweet almond oil to the mixture. The amount of almond oil I found in recipes online proved to be way too much — the melted oil mixture never congealed. I ended up doubling my coconut oil, shea butter, and cocoa butter amounts. The oils became solid. When I started the mixer, there was liquid almond oil coating small chunks of solid oils and the chunks got somewhat liquidy. I still have really fine grains of solid oils, but they melt quickly.

Initially, I used a cup of coconut oil, a cup of shea butter, half a cup of cocoa butter, and half a cup of sweet almond oil. Added another cup of coconut oil, shea butter, and half cup of cocoa butter.

I melted it all in a pot then transferred to the mixer bowl and set the bowl outside to cool off.

Once it had hardened, I used the whisk attachment on the mixer at a high speed for five minutes or so. It fluffs up a lot! I think the trick is to not let the oils fully solidify. My initial plan was to whip the oils as they cooled … but it took so long to cool that this approach was not practical. Setting the bowl outside to cool worked, but it needs to be checked frequently because there’s evidently not much time between “totally liquid” and “solid block”.

SolarWinds Attack and Access to MS Source Code

Reading Microsoft’s publication about their impact from the SolarWinds hack, I see the potential for additional (unknown) attack vectors. Quoted from MS:

“We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated.”

 

While the potential for attackers to have read something that provides them some sort of insight is obvious, the less obvious scenario would be the SolarWinds attack having obtained credentials with write access elsewhere. Worst case, even inserting another attack vector as was done in the SolarWinds attack. That’s a good reason to establish firewalls with least-required access (i.e. nothing can get to any destination on any port unless there’s a good reason for that access) instead of the internally wide open connectivity that I’ve seen as the norm (even in places with firewall rules defined, I’ve seen servers where either everything is allowed or low ports are blocked but >1024 is opened).