Modest swimming costumes

Avatar
by Lisa

I read an article on BBC News last night that asked a question I’ve often wondered why people ask: Why do some people find the burkini offensive? I remember news stories in the 1980’s and 1990’s about the scandalous thong bikinis showing up on beaches near you with all the near-nakedness and permanent mental scarring. Communities banned these strings with a few patches of cloth amid debate about the offense such attire engendered. Cannot say I was personally offended by any near-nakedness … but I understand that there is a social convention that failing to sufficiently cover oneself is undesirable. Rarely is the convention reversed — apart from compulsory nude beaches, and to me that’s more of a “you are not wearing the proper uniform” than “ack, CLOTHING!” thing.

Ostensibly, the offense some people seem to find in a “burkini” — which is about as far away from a thong bikini as one can get – is perplexing. When I was in Egypt, people at the beach in Alexandria had everything from thongs to long sleeved shirts, long slacks, and hijabs. Not wanting to embarrass my host, I wore fairly modest surfing apparel – a long sleeved rash-guard and neoprene leggings. It’s comfortable. You don’t have to worry about reapplying sunscreen all over your person. You don’t get sand in places you would much rather not have sand.

The whole “offense” discussion is a red herring. I doubt anyone is actually being offended by not seeing enough skin at the beach. Otherwise surfers out in SoCal would have been harangued to stop wearing exactly what I purchased to swim in Egypt. The real offense, such as it is, is that (1) someone is displaying anything that identifies them as Muslim and (2) people do not want to admit their own prejudices. Like don’t-ask-don’t-tell, they’d be comfortable with a Muslim at their beach as long as they couldn’t identify the person as such.

Now the legal justification is secularism … which is at least reasonable sounding. The potential disproof of that notion reminds me of the short-lived school prayer initiative in my senior year at High School. Instead of the legal battles that went on in other districts, I simply asked the Superintendent how many subversive teenagers he thought I could find to sign up to read prayers from non-traditional religions – and, sure, you could get a bunch of kids to read Christian prayers … but it’s a sign-up to read one thing, and we’ll get in queue too. How long will parents support having their kids exposed to Pagan, Wiccan, Satanic … there sure are a lot of religions out there to which people take offense, and as soon as you tell me *my* religion cannot have a prayer read but yours can, we’re out of the murky free speech realm and into clear separation of Church and State territory. We had exactly zero prayers read in our morning announcements. I would love to see a line of beachwear reproducing the stations of the cross, Star of David prints, Buddha prints. Oh, a different outfit for each of the Hindu Gods. How many people wearing those would get fined? And how many people would support the ban after people start getting fined for their religious iconry.

 

Potatoes!

Avatar
by Lisa

We have corn tassels and a couple of cobs starting!

IMG_20160730_164529

Anya and I weeded our potato patch, and found a couple of new potatoes at the surface.

DSC_9742

Our potato plants are huge — and evidently the weather has been sufficiently odd that potato SEEDS are forming. I’ve seen potato plants with flowers before, but the little tomato-looking green things were new to me. We can also tell that part of our potato bed is amazing for growing plants, some of it is ok-ish, and the right-hand third is too shaded. The potatoes and sweet potatoes along the left-hand side look like a massive pile of vegetation. The middle part … well, they look like potato plants to which I am accustomed. The right-hand side … there’s one little sweet potato vine that’s about five inches tall.

IMG_20160815_192938

These are all growing in a leaf mulch that formed where the previous owner dumped the grass clippings and leaves from the bottom of the property. After we harvest the potatoes, I plan to mix all of the soil together (the stuff from the left may have its nutrients depleted, but the stuff on the right is essentially unused), add some compost, and then use this as a potato bed next year. Then we’ll start a rotation – definitely bush beans, but I’m hoping to build a trellis next winter & have a wall of vine beans or peas behind  the bush beans.

Anya Land Phase 1 – Rolling Tube

Avatar
by Lisa

My husband got a tubing roller from Harbor Freight — it was a special deal one week. It rolls electric metal tubing — so we got 3/4″ EMT from Home Depot. Scott is going to roll the tube into a circle and then weld the ends together. I’m planning to spray it with Rustoleum first, then wrap the black parachute cord around it. The black cord will give me a mount-point for the hanging ropes & the ropes that get woven into the circle.

That means we’re at about 30$ to make the same swing they sell for 80$

Securing WordPress A Little Bit

Avatar
by Lisa

We’ve had quite a lot of source IP’s flooding our web server the past few days. The first couple, I just blocked entirely … but we get a good bit of traffic to my husband’s business domain. That traffic is not exclusively people randomly surfing the Internet — we’ve been getting records in our logs that very specifically look like hacking attempts.

I’ve added a few stanzas into my Apache configuration to block access to “important” files unless the source is my tablet’s IP:

         <Files ~ "wp-config.php">
                Order deny,allow
                deny from all
                Allow from 10.5.5.0/24
        </Files>

        <Files ~ "wp-login.php">
                Order deny,allow
                deny from all
                Allow from 10.5.5.0/24
        </Files>

        <Files ~ "wp-settings.php">
                Order deny,allow
                deny from all
                Allow from 10.5.5.0/24
        </Files>

        <Files ~ "xmlrpc.php">
                Order deny,allow
                deny from all
                Allow from 10.5.5.0/24
        </Files>

       <Directory "/">
                Order allow,deny
                Allow from all
        </Directory>

        <Directory "/var/www/vhtml/lisa/html/wp-admin">
                Order deny,allow
                deny from all
                Allow from 10.5.5.0/24
        </Directory>

Then went into the MySQL database and renamed all of the tables to remove the default prefix:

rename table wp_commentmeta to prefix_commentmeta;
rename table wp_comments to prefix_comments;
rename table wp_links to prefix_links;
rename table wp_ngg_album to prefix_ngg_album;
rename table wp_ngg_gallery to prefix_ngg_gallery;
rename table wp_ngg_pictures to prefix_ngg_pictures;
rename table wp_options to prefix_options;
rename table wp_postmeta to prefix_postmeta;
rename table wp_posts to prefix_posts;
rename table wp_statistics_exclusions to prefix_statistics_exclusions;
rename table wp_statistics_historical to prefix_statistics_historical;
rename table wp_statistics_pages to prefix_statistics_pages;
rename table wp_statistics_search to prefix_statistics_search;
rename table wp_statistics_useronline to prefix_statistics_useronline;
rename table wp_statistics_visit to prefix_statistics_visit;
rename table wp_statistics_visitor to prefix_statistics_visitor;
rename table wp_term_relationships to prefix_term_relationships;
rename table wp_term_taxonomy to prefix_term_taxonomy;
rename table wp_termmeta to prefix_termmeta;
rename table wp_terms to prefix_terms;
rename table wp_usermeta to prefix_usermeta;
rename table wp_users to prefix_users;
rename table wp_wfBadLeechers to prefix_wfBadLeechers;
rename table wp_wfBlocks to prefix_wfBlocks;
rename table wp_wfBlocksAdv to prefix_wfBlocksAdv;
rename table wp_wfConfig to prefix_wfConfig;
rename table wp_wfCrawlers to prefix_wfCrawlers;
rename table wp_wfFileMods to prefix_wfFileMods;
rename table wp_wfHits to prefix_wfHits;
rename table wp_wfHoover to prefix_wfHoover;
rename table wp_wfIssues to prefix_wfIssues;
rename table wp_wfLeechers to prefix_wfLeechers;
rename table wp_wfLockedOut to prefix_wfLockedOut;
rename table wp_wfLocs to prefix_wfLocs;
rename table wp_wfLogins to prefix_wfLogins;
rename table wp_wfNet404s to prefix_wfNet404s;
rename table wp_wfReverseCache to prefix_wfReverseCache;
rename table wp_wfScanners to prefix_wfScanners;
rename table wp_wfStatus to prefix_wfStatus;
rename table wp_wfThrottleLog to prefix_wfThrottleLog;
rename table wp_wfVulnScanners to prefix_wfVulnScanners;

update prefix_usermeta set meta_key = REPLACE(meta_key,'wp_','prefix_');
update prefix_options SET option_name = 'prefix_user_roles' where option_name = 'wp_user_roles';

Modified wp-config.php to use the new prefix:

// $table_prefix  = 'wp_';
$table_prefix  = 'prefix_';

More to tweak, but this is a start!

Programming in Unknown Languages

Avatar
by Lisa

I’ve often thought that the immersion method of learning a language was setting yourself up for failure – it isn’t like knowing the fundamentals of grammar and pronunciation in English helps you in any way when you find yourself in Karnataka trying to communicate in Sanskrit. There are rather complex algorithms that attempt to derive meaning from an unknown language, but apart from body language, pointing, and gesturing … that’s not something I can manage in real-time as someone speaks to me.

*Programming* languages, on the other hand, I am finding are rather easily learnt by immersion. I know several programming languages quite well – C/C++, F77/F90, perl, and php. I know a dozen or so other languages well enough to get by.

Some of our home automation scripts are written in CoffeeScript (which is evidently a way to write JavaScript without *actually* knowing JavaScript) – and I would never be able to write the program. But to come into the middle of the conversation (i.e. to take someone else’s non-functional code and try to fix it), I can glean enough of the language to debug and fix code. And there’s always Google for any syntax I cannot guess.

I wonder if someone who is fluent in multiple disparate languages (knowing half a dozen Romance languages doesn’t really give you a good base of knowledge – I mean someone who speaks Italian, Hindi, Cantonese, Swahili, and some Levantine dialect of Arabic) is able to do something similar — they know enough words to pretty much guess what words mean & enough different language structures to guess words in their context.

Outdoor Project – AnyaLand Phase 1

Avatar
by Lisa

Instead of trying to build a whole Anya play land under the maple tree in our front yard, I’m starting a one-thing-at-a-time approach. I picked up a slackline to run between the big maple and another maple just under fifty feet to the South.

The next step is to make a swing of sorts. I am basing her swing on a woven one I found at Magic Cabin:

WovenSwing

I got a lot of 550 paracord. I will bend a metal tube to form the circle and wrap that circle in purple paracord. More purple paracord will be woven into the wrapping to give me a mount point for the web. I’ll then weave inward around the circle going through the rainbow colors. The final step will be to weave some black paracord into the circle to give us a couple of ropes to hang up in a tree.

That’ll give us a swing and balance activity. Next year we can work on getting a fort, slide, and rock wall.

 

Peanut Butter Oat Bites

Avatar
by Lisa

Ingredients:

1 1/2 cup old fashioned oats
1/2 cup shredded coconut
1 t vanilla extract
1 T carob powder
2 cups unsweetened peanut butter

Method:

Toast oats in a pan. Powder 1/2 cup of the oats in a food processor.

Toast the shredded coconut in a pan.

Place the peanut butter in a bowl. Stir in the vanilla.

Slowly add the powdered toasted oats and stir to combine. Add the carob powder.

Add the shredded coconut and whole oats. Stir to combine.

Using a tablespoon (or something similar – small ice cream scoop, small melon baller), scoop out some of the mixture. Using your hands, roll it into a ball. Place the balls on a lined cookie sheet and refrigerate for several hours.

These are a little bit like cookie dough — not as sweet since there’s no sugar added. You can add a tablespoon or two of honey if you prefer a sweeter treat.

Beware: an un-monitored tiny person may imitate the rolling process when eating these. They’re a little crumbly and make a huge mess.

Reverse Proxying WebSockets to An MQTT Server

Avatar
by Lisa

If you are trying to reverse proxy OpenHab – that’s over here. This post is about maintaining your own private MQTT server and making it accessible through a reverse proxy.

We want to be able to update our presence automatically (without publishing our location information to the Internet). Scott found a program called OwnTracks that uses an MQTT server – and there’s an MQTT binding from OpenHab that should be able to read in the updates.

We didn’t want to publish our home automation server to the Internet, but we do want to send updates from the cellular data network when we leave home. To accomplish this, I set up a reverse proxy on our Apache server.

The first step is to get an MQTT server up and working — we Installed a mosquitto package from Fedora’s dnf repository

Once it is installed, create a directory for the persistence file & chown the folder to mosquitto uid

Generate a bunch of certs using the ot-tools (git clone https://github.com/owntracks/tools.git). I edited the generate-CA.sh file in the ot-tools/tools/TLS folder prior to running the script. It will more or less work as-is, but modifying the organisation names makes a cert with your name on it. Not that anyone will notice. Or care 🙂 Modifying the IPLIST and HOSTLIST, on the other hand, will get you a cert that actually matches your hostname — which isn’t a problem for something that doesn’t verify host name information, but saves trouble if you get your hostnames to match up.
IPLIST & HOSTLIST
CA_ORG and CA_DN

Then use generate-CA.sh to generate a CA cert & a server cert. Copy these files into /etc/mosquitto/

Edit the config (/etc/mosquitto/mosquitto.conf) – LMGTFY to find settings you want. Specify a location for the persistence file, password file, and add in the websockets listeners (& ssl certs for the secure one)
persistence_file /var/lib/mosquitto/mosquitto.db

password_file /etc/mosquitto/passwd

listener 9001
protocol websockets

listener 9002
protocol websockets
cafile /etc/mosquitto/ca.crt
certfile /etc/mosquitto/mosquittohost.rushworth.us.crt
keyfile /etc/mosquitto/mosquittohost.rushworth.us.key

Add some users
/usr/bin/mosquitto_passwd /etc/mosquitto/passwd WhateverUID

Start mosquitto
mosquitto -c /etc/mosquitto/mosquitto.conf

Monitor mosquitto for the owntracks ‘stuff’
mosquitto_sub -h mosquittohost.rushworth.us -p 1883 -v -t ‘owntracks/#’ -u WhateverUID -P PWDHereToo

Setting up the reverse proxy
The big sticking point I had was that the Apache WebSockets reverse proxy has a problem (https://bz.apache.org/bugzilla/show_bug.cgi?id=55320) which is marked as closed. Fedora has 2.4.23, so I expected it was sorted. However using tshark to capture the traffic showed that the relayed traffic is still being send as clear.

Downloaded the exact same rev from Apache’s web site and checked the mod_proxy_wstunnel.c file for the changes in the bug report and found they were indeed committed. In spite of the fact I *had* 2.4.23, I decided to build it and see if the mod_proxy_wstunnel.so was different.

Make sure you have all the devel libraries (openssl-devel for me … run the config line and it’ll tell you whatever else you need)

Get apr and apr-util from Apache & store to ./srclib then gunzip & untar them. Rename the version-specific folders to just apr and apr-util

Once you have everything, configure and make
./configure –prefix=/usr/local/apache –with-included-apr –enable-alias=shared –enable-authz_host=shared –enable-authz_user=shared –enable-deflate=shared –enable-negotiation=shared –enable-proxy=shared –enable-ssl=shared –enable-reqtimeout=shared –enable-status=shared –enable-auth_basic=shared –enable-dir=shared –enable-authn_file=shared –enable-autoindex=shared –enable-env=shared –enable-php5=shared –enable-authz_default=shared –enable-cgi=shared –enable-setenvif=shared –enable-authz_groupfile=shared –enable-mime=shared –enable-proxy_http=shared –enable-proxy_wstunnel=shared

Rename your mod_proxy_wstunnel.so to something like mod_proxy_wstunnel.so.bak and the grab mod_proxy_wstunnel.so that just got built.

Grab the CA public key & the server public and private keys that were generated earlier & place them whereever you store your SSL certs on your Apache server

Create a new site config for this reverse proxy – SSL doesn’t do host headers so you need a unique port. Clear text you can use a host header. Don’t forget to add listen’s to your httpd.conf and ssl.conf files!

ProxyRequests Off
<VirtualHost #.#.#.#:##>
ServerName mosquitto.rushworth.us
ServerAlias mosquitto
DocumentRoot “/var/www/vhtml/mosquitto”

SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
SetEnv proxy-initial-not-pooled
SetEnv proxy-initial-not-pooled 1

ProxyPreserveHost On
ProxyTimeOut    1800

ProxyPass               /       ws://mosquittohost.rushworth.us:9001/
ProxyPassReverse        /       ws://mosquittohost.rushworth.us:9001/
</VirtualHost>

<VirtualHost #.#.#.#:##>
ServerName mosquitto.rushworth.us
ServerAlias mosquitto
DocumentRoot “/var/www/vhtml/mosquitto”

SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
SetEnv proxy-initial-not-pooled
SetEnv proxy-initial-not-pooled 1

ProxyPreserveHost On
ProxyTimeOut    1800

SSLEngine On
SSLProxyEngine On
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLCertificateFile /etc/httpd/conf/ssl/mosquittohost.rushworth.us.crt        # These are the public and private key components
SSLCertificateKeyFile /etc/httpd/conf/ssl/mosquittohost.rushworth.us.key        #     generated from generate-CA.sh earlier.
SSLCertificateChainFile /etc/httpd/conf/ssl/ca.crt                # This is the public key of the CA generated by generate-CA.sh

ProxyPass               /       wss://mosquittohost.rushworth.us:9002/
ProxyPassReverse        /       wss://mosquittohost.rushworth.us:9002/
</VirtualHost>

Reload apache. Create a DNS hostname internally and externally to direct the hostname to your reverse proxy server.

Configure the client — generate a key for yourself & merge it into a p12 file (make sure your ca cert files are still in the directory – if you *moved* them into /etc/mosquitto … copy them back:
sh generate-CA.sh client lisa
openssl pkcs12 -export -in lisa.crt -inkey lisa.key -name “Lisa’s key” -out lisa.p12
You’ll need to supply a password for the p12 file.

Put the ca.crt (*public* key) file and your p12 file somewhere on your phone (or Google Drive).

Client config – Install Owntracks from Play Store
Preferences – Connection
Mode:    Private MQTT
Host:    hostname & port used in your **SSL** config. Select use WebSockets
Identification:    uid & password created above. Device ID is used as part of the MQTT path (i.e. my lisa device is /owntracks/userid/lisa). Tracker ID is within the data itself
Security:    Use TLS, CA certificate is the ca.crt created above. Client cert is the p12 file – you’ll need to enter the same password used to create the file

If it isn’t working, turn off TLS & change the port to your clear text port. This will allow you to isolate an SSL-specific problem or a more general service issue. Once you know everything is working, you can drop the clear text reverse proxy component.

Voila – reverse proxied WebSockets over to Mosquitto for OwnTracks.

Pad Thai Recipe

Avatar
by Lisa

The Pad Thai recipe that I’ve developed isn’t authentic, but it is a tasty version that avoids fish sauce, pickled radish, and dried shrimp (all of which are not generally stocked in our house).

Ingredients:
Sauce:
1/3 cup tamarind paste
1/3 cup vegetable stock
1/3 cup tamari sauce
1/4 cup palm sugar

Veggies:
Shredded carrots
Shredded radish
Diced onion
Thinly sliced red peppers

Protein:
Tofu (frozen and thawed, pressed to drain)
Shrimp
Eggs

Other:
Rice noodles
Chopped peanuts
Bean sprouts
Lime
Sesame oil

Method:
Soak rice noodles in cold water while preparing the rest of the dish.

Combine the sauce ingredients in a pot and simmer over low heat, stirring until the sugar dissolves.

Put a little sesame oil in a pan. Add the tofu & cook until crispy. Remove from pan.

Put a little sesame oil in a pan. Add the onion & saute until soft. Remove from pan.

Put a little sesame oil in a pan and cook the shrimp. Remove from pan & wipe out pan.

Slice lime into very thin circles.

Scramble the egg.

Make sure the rice noodles are soft – you should be able to wrap them around your finger without breaking.

Heat the pan over medium heat. Put a quarter of the sauce into the pan, stir in a quarter of the rice noodles to coat with the sauce. Cook for two or three minutes. The noodles should be *almost* completely cooked.

Stir in protein and cook for another minute. Remove from heat and add in veggies. Serve topped with peanuts, bean sprouts, and thinly sliced lime. Drizzle a little extra sauce over the dish.

Put another quarter of the sauce into the pan & repeat.

Chocolate Peanut Butter Dip

Avatar
by Lisa

We picked up a piece of peanut butter pie on our way back from New York this weekend. It was incredible — tangy, sweet, and peanut buttery. I found a recipe that sounds similar (ours had a chocolate cookie crust) on Epicurious. I can see making it again – and topping it with curled dark chocolate shavings.

We didn’t want Anya eating too much of it though. It was late, and even a little bit of sugar means half an hour of running in circles. She was still hungry, though … so I made a carob peanut butter dip for her that was pretty close to this pie. I took two tablespoons of plain Greek yogurt, added a tablespoon of real peanut butter (no additives, no sweeteners), and then added carob powder until it was sweet and chocolaty enough. Mixed it all together with a fork (it would be interesting to make more of it and whip it to achieve the same consistency as the pie). Served with sliced apples, it’s a quick not-too-sugary snack.

DSC_9554

Mmmmm!