New HVAC

Avatar
by Lisa

The heat exchanger on our old propane furnace is cracked. And propane is an expensive way to heat a home. Here, it is trucked in and pumped – so in the worst of winter, we’ve got to manage to clear the driveway so the delivery truck can get here safely. All in all, not sad to see it go. We’re comparing air-exchange heat pumps with geothermal heat pumps.

Obviously the air-exchange sales guy has a lot of terror stories about loop fields going bad, digging up the whole yard, and incurring tens of thousands in repair expenses. Our neighbor has a geothermal system and says he’s constantly using emergency heat so it’s really a super-expensive propane furnace.

I spent some time searching for the down sides to geothermal. Found a news article republished in quite a few small town news sites with a study claiming a town had so many geothermal installations that they caused their own localized warming. Suck heat from earth, pump to house to heat, lose heat through exterior walls … town heats up. Except all other heating sources extract an energy source from elsewhere, heat the house with it, and lose heat through exterior walls too. It’s not like we rip out our exterior insulation to get geothermal. If they’d wanted say the Earth’s temp lowered locally, it would at least pass a prima facie logic test. But they wanted to scare off the global warming types, so they went with “you’re causing global warming!!!”. And ended up with a completely illogical argument. If they wanted to talk about older, undersized, systems that created hyper-local problems caused the system to run on emergency heat … well, don’t undersize your system.

The only down side I’ve found is the installation cost and potential cost of emergency heat. We’re going to get the air exchange heat pump – the infinitely variable pump is supposed to operate in sub-freezing temperatures, and it’s a quick install instead of taking a month or two.

Independence Day Skirt

Avatar
by Lisa

WooHoo! I finished another sewing project — this one is Anya’s 4th of July skirt. It’s a fabric from Northcott’s Stonehenge Stars & Strips line (20159-30). I think the fabric is not so flag-like that it looks silly on the 364 other days of the year, but it is right festive enough for the holiday.

DSC_7152

Missing The Point

Avatar
by Lisa

A security researcher used a modified cat6 cable and default creds on airline seat electronic boxes to compromise flight control systems on an aircraft. That’s really bad, and the FBI is investigating the crime. But why is it that no one seems to care that (1) SEB’s ride on the same network as flight control systems, (2) there’s a default password no one has bothered to change, and (3) no one on the aircraft was in any way bothered by some dude digging around under the seat and messing with cables?

Seriously – in the system design meetings for a million dollar aircraft, someone thought it would be a good idea to save, what, a grand by having a single open network for all electronic components on the aircraft?!

And I sincerely hope the WiFi networks they’re starting to put on the aircraft are on an isolated network that has nothing to do with any of the flight control equipment. It’s one thing to notice a guy plugging into some box under his seat … a guy using his computer mid-flight, nothing to see there.

Linux Utility: xxd

Avatar
by Lisa

When there’s something different between two files but you just cannot see it — xxd is a command line hex dump utility. You can even pair it with diff to see … oh, one has \r\n and the other just has \n

[lisa@FVP05 ljr]# diff -u <(xxd unix.txt) <(xxd dos.txt)
--- /dev/fd/63  2025-01-15 16:39:58.016083028 -0500
+++ /dev/fd/62  2025-01-15 16:39:58.018083031 -0500
@@ -1 +1 @@
-00000000: 4865 6c6c 6f21 0a                        Hello!.
+00000000: 4865 6c6c 6f21 0d0a                      Hello!..

Progress

Avatar
by Lisa

And we are almost done with the Easter dress (just in time too)!

DSC_6167

I had quite a time making the straps. Trying to turn the right side out, I wouldn’t get the layers right and ended up with two tubes sewn together at the seam. I finally stitched the two fabrics around a metal straw and then pushed the fabric through the straw. That worked surprisingly well.

I still want to make a wider belt, but the only thing that *needs* to be done is stitching the straps in place. They are pinned, at the moment, so I could get the proper length.

Too bad it will be so cold on Easter day – we’ll need sweaters!

Easter Dress

Avatar
by Lisa

The front cover of the latest Chasing Fireflies catalog had this 225$ dress. Beautiful dress, but the price is outrageous. So I decided to order the fabrics and make something similar – a circle skirt with a spaghetti strapped fitted bodice.

First we used a trammel to draw a really big circle and cut it out — I used that to cut the yellow satin and the lace.

DSC_5814

The circle skirt and lace:

DSC_5839

The entire thing basted together and halfway on Anya so I can see how it fits:

DSC_5902

I still need to sew up the bodice and make the shoulder straps, but I’m about 75% done with weeks to go.

 

Response Policy Zone (RPZ)

Avatar
by Lisa

Years ago, Paul Vixie developed a component of the BIND DNS server that allowed server owners to easily override specific hostnames. We had done something similar for particularly bad hostnames — if your workstations use your DNS servers, you just have to declare yourself the name server for a domain that has the same name as the hostname you want to block (i.e. I become the NS record for forbidden.google.com and my clients are able to resolve all other records within the google.com zone, but when they resolve forbidden.google.com … they get whatever I provide). I usually did this to route traffic over a B2B VPN – provided the private IP address instead of the public IP provided by the domain owner’s name servers. But for a few really bad malware variants, I overrode their hostname. Problem was the technique wasn’t exactly easy. Every single host required a new DNS zone be created, configured on your DNS servers, and (at least in BIND) the service restarted.

Response Policy Zone was pushed as a functionality that would allow service providers (ISPs). That’s not a use case I forsee (it’s a lot of manual work), but it has become an important component of our company’s network security. Hosting an RPZ domain allows us to easily add new overrides for B2B VPN connected hosts. But it also means we can override hostnames that appear in phishing e-mail campaigns, malware hosts, infected web sites … basically anything we don’t want employees accessing.

Stopping clients from accessing infected sites is a great thing; but for hostnames that are indicative of a compromised box (i.e. there’s a difference between an employee clicking on a link within their e-mail that links them to a specific host and someone having malware on their box that automatically contacts a specific host), we set the IP address for the hostname to a honeypot.

The honeypot is bound to all unused ports on the host (there aren’t a lot of used ports on it), logs all contact to a database, then basically hangs the connection. We have a scheduled job that looks at the contact log and opens a ticket to the desktop support team to investigate the compromised host.

Anya’s 2nd Birthday Cake

Avatar
by Lisa

This year, I made a parsnip cake for Anya’s birthday tea.

  • 175g butter , plus extra for greasing
  • 250g demerara sugar
  • 100ml maple syrup
  • 3 large eggs
  • 250g self-raising flour
  • 2 tsp baking powder
  • 2 tsp mixed spice
  • 250g parsnips , peeled and grated
  • 1 medium eating apple , peeled, cored and grated
  • 50g pecans , roughly chopped
  • zest and juice 1 small orange
  • icing sugar , to serve
  1. Heat oven to 180 C.
  2. Grease 8″ round cake pans and line the bases with baking parchment.
  3. Melt butter, sugar and maple syrup in a pan over gentle heat, then cool slightly.
  4. Whisk the eggs into this mixture, then stir in the flour, baking powder and mixed spice, followed by the grated parsnip, apple, chopped pecans, orange zest and juice.
  5. Divide between the cake pans. Bake for 25-30 mins until a toothpick inserted into the thickest part comes out clean.
  6. Allow pans to cool on a wire rack for ten minutes.
  7. Turn cakes out of pans and set on wire rack until completely cooled.

This cake is topped with mascarpone (250g tub) mixed with a little maple syrup (3 tbsp).