WordPress 2.1.x

April 25th, 2007 | 22:34

I finally got around to upgrading. Much less painful than I thought it would be.

Key West

March 16th, 2007 | 12:05

Given that we were in Key West at the beginning of February, I’d like to blame something sexy like “writer’s block” rather than the more pedestrian “laziness” for the long delay in getting this post out. But, yeah, “laziness” is a far better explanation.

Cleveland, at the beginning of February, was god awful cold: single digit temperatures, windchills down below -20F, Lake Erie frozen over out to snow-obscured the horizon. Florida, in our imagination, was blue sky and turquoise water, like we found in Turks and Caicos last year. But that trip was two months later and at a more southern latitude, and we had the bad luck of arriving in Key West when they were experiencing their worst weather in several months.

Of course, “worst weather” there means mid-50s to low-60s plus rain, so it’s uncomfortable wearing shorts: far better than Northeast Ohio at the time. We took advantage of that by doing the cultural attractions — museums, Hemingway’s house, simply walking around and seeing the town — during the first two days, which was a good thing in that it wasn’t hot and sticky during all the walking. Key West has a long cultural history (in contrast, T&C was primarily a salt works and pirate hideout, and is now mostly a beach resort and a budding center of off-shore banking), so there’s a lot to see. We had bought a book of tickets for a lot of these attractions, which reduced costs by a bit.

The main two things are Hemingway’s House and the Little White House. Hemingway’s House — situated near one of the lighthouses, so he could find his way home after a night of drinking at the Sloppy Joe’s bar among other places — is a good way to see a big Depression-era house in this town. Roaming throughout the house and its grounds are almost 50 polydactyl cats, all of them quite comfortable with the steady stream of tourists visiting their house. The Little White House is on the grounds of the old Navy base — now a condo development, because the port is too small for the Navy’s modern ships — used by Truman a vacation spot and out-of-Beltway office, with serious decision making being done over friendly late night games of poker (you can’t have any hint of gambling in the White House). You have to be part of a group to go through it, but the guides will give a very good talk about Truman’s time there, and its political significance (with some mention of the city’s front-line status during the Cuban Missile Crisis and the port being the USS Maine’s last American port of call before meeting its demise before the Spanish-American War). It’s still used occasionally by the government, so the Secret Service apparently forbids any sort of picture-taking there (in 2001, Sec. of State Colin Powell held a week of peace talks between Armenia and Azerbaijan).

The minor museums we went to were the local aquarium — where you can see feeding time for their sharks and living conch up close — and the Wrecker’s museum. Early Key West’s economy consisted of salvaging ships that wrecked on the poorly mapped Keys, and, for a time, before the system of light houses was installed and before steamships allowed the shoals to be bypassed, the city was the richest per-capita in America. The Wrecker’s museum is a small one, with artifacts from a recently excavated wreck, that was not fully salvaged because of technological constraints of the time (most of the ship was in water that was too deep for the pre-scuba age), and a modest replica of the old lookout towers used in the city to spot ships in trouble. You can get a decent view of the city from up there. There’s a thing also called “Pirate Soul”, which, I suppose, is edutainment, somewhat different from the hushed atmosphere of a proper museum. It’s a quick walk through, and they do have a couple of relatively unique artifacts there: a real pirate’s chest (complete with trick lock) and a real Jolly Roger from that time.

Having culture and history doesn’t mean that there isn’t a swath of the tackiest tourist traps running down the spine of the old town. The daily cruise ship port calls disgorge their passengers right into this maelstrom of souvenir shops, rude t-shirt emporiums, and Caribbean-themed stands that line Duval Street. I don’t believe the ships stay long enough to let those passengers partake of the numerous bars, though: you have to visit and stay in a hotel for that. There’s apparently live music at almost every establishment, every night, and we saw retirees stagger drunkenly down the street in a 55-and-better version of the bar crawl. I have no idea what Duval Street will look like during Spring Break.

We did take two boat excursions towards the end of the week. One was on a sail boat doing a snorkel/eco-kayak tour of some of the islands further west. The weather was improving, but still a bit too cold for snorkeling, though we did try. Unfortunately, the snorkel location wasn’t that interesting, so there was little incentive to tough out the colder water. The kayak tour was through the channels between mangrove growths: mostly plant life, with a talk on the natural history of how mangrove trees build up new land. We did see some birds as well as the shadow of a nurse shark cruising beneath our boats.

The other excursion was a day trip by fast catamaran to the Dry Tortugas, where we have the partially built Fort Jefferson, a Civil War-era fortification and the largest masonry construction in the hemisphere. It’s the “Dry” Tortugas because there’s no source of fresh water in these islands, but the 19th Century Navy decided it was worth building a strong fortification and anchorage there, as it would have allowed naval control over Gulf of Mexico and the important American ports on the south coast. During the Civil War, enough construction was completed to allow its use as a Federal prison. It was never finished because new technology — steam ships — made the cost of finishing and maintaining a base in such an inhospitable location too high to be justifiable. It was used as a coaling station later, but, I suppose, the advent of an oil-fired Navy made the fort, again, obsolete. Now, it’s a bird sanctuary and snorkeling site, where you can swim around the entire fort (the water was great, though I didn’t go in: after the chilly experience from the day before, I was more interested in just walking around and taking pictures). Note that our perky guide, one of the catamaran crew, was kind of useless and not that well informed, though it apparently was only her second week or so in that job. The self-guided tour with the old Parks Service signs was approximately as useful.

Food-wise, we had good Cuban food and seafood throughout the trip. The best Cuban place was an off-the-beaten-path location. I think it was this one. There are apparently three main makers of Key Lime pie in town, and, being on vacation, we had pie every day we were there. The best one was on Front Street, just west of Duval Street. There was real meringue, and it was cut to order and served from a whole pie. The other two key lime pie locations both pre-sliced their pies, and used a whip cream fringe. And I think they may have started out frozen, from shortly after production, but I’m not sure. Certainly, the one with meringue wasn’t frozen; I don’t think you can freeze meringue well.

Being an old city, Key West has its share of ghost stories. We went on one of those ghost walks, and passed by the church’s graveyard (ghost of sea captain and his daughter), stopped near a funeral home (weird-but-disturbingly true story of Carl Tanzler), listened to stories of Robert the Doll in front of the Artist’s House B&B, and looked into the darkened windows of an abandoned theater. The guide (who, incidentally, during the day plays a wrecker at the Wrecker’s museum). I actually thought the tour would be a bit longer, and go to more places than we wound up doing. That night, the locations were within a few blocks of the La Concha hotel, from where we started. Maybe the Carl Tanzler story took a bit too long. There were also interestingly credulous people on the tour; at the church’s graveyard, we were encouraged to take many pictures with our digital cameras, because spirit lights apparently appear in a lot of these photos. Someone even showed the results to the guide, even those these are clearly artifacts recorded by cheap digital cameras with lots of flashes going off in a small area.

To get to Key West, we drove down US 1 from Miami, but that first trip over the causeways was in the evening and obscured by rain. It was sunny on the return trip — our best weather was on the day we left — and we had spectacular views of turquoise water surrounding the myriad islands along the route. On the mainland, we stopped at Coral Castle, the hand-placed collection of megaliths of one crazy and determined guy. Like Carl Tanzler, we see the results of unhealthy (but far more wholesome) obsession. Neat stuff, and a chance to touch sun-warmed coral rock before heading back to the frozen grounds at home.

NYT No-Knead Bread

November 30th, 2006 | 08:31

This is the third attempt (Thanksgiving was #2) of the no-knead bread technique popularized by Mark Bittman earlier this month.

Going mostly by weight:

Flour (370g bread flour, 100g spelt flour)
Water (350g)
Salt (10g, about 1.75 teaspoons)
Yeast (0.25 teaspoons)

The approximates the 3 cups of flour to 1.5 cups of water ratio, and resulted in a drier dough upon mixing than did the earlier attempts, when I used the 1-5/8 cups water amount from the actual NYT article. Fermentation was about 20 hours, and the resulting mass was very similar to the amount with the extra water, but a little easier to handle (less sticky). I didn’t have the specified cloth towels (only terrycloth), so I used a Silpat and some plastic wrap for the final rise. From what I can tell, the towel is only used to make the dough easier to handle when you plop it into the hot pot. The Silpat is non-stick so it should be fine to use.

Oven temperature was kicked up to 500F, from the 450F used on the other attempts. Because of this, I unscrewed the plastic handle off of the Le Creuset, which is only rated to 450F or so (some sources say 400F, but I haven’t had a problem at the higher temp). I replaced it with a wadding of aluminum foil to keep in the steam. The lid was on for 30 minutes, then off for 15 minutes.

I also put a dab of canola oil in the pan after I got it out of the oven. This is to deal with the sticking issue I had on the first attempt (on #2, I sprayed with Pam before the pot went in the oven; this resulted in some of the oil burning by the time it was ready to receive the dough).

Note that removing the handle from the lid vastly increases the burn hazard risk for this adventure. Do a practice run in removing the lid while the pot is cool. I have to find a better way to pop off the lid when it’s hot.

Here are the pictures:

Bread pictures

The crust turned out much better on this attempt than on the previous ones. Before, the crust was tan and thin. With the higher oven temperature, I got a nice brown crust that had a bit of thickness. While it was cooling, you can hear a crackle from the crust.

This was tasty bread, eaten about 15 minutes after it came out of the oven. The crust was a little more rubbery after it’s sat around for half a day, though. I suppose that’s what’s expected of this type of very basic bread.

Main conclusion? Bake at the higher temperature. I don’t think the flour:water ratio would make much of a difference, but I’ll go with the 1.5 cups to allow a little better handling.

Here’s another good discussion of these techniques.

Windows Command Line Reference

November 27th, 2006 | 17:00

To use with the Windows telnet server, when something locks up the screen, etc.

Microsoft’s reference

Also, SANS has a write-up of various wmic commands, in particular “wmic process list brief” for the “ps” equivalent, and “wmic process delete” for the “kill -9” equivalent.

Thanksgiving Postmortem 2006

November 27th, 2006 | 09:10

Turkey, fresh, about 12lbs from Westside Market, brined and prepared along the lines of this Good Eats recipe, but using a turkey roasting bag. The brining was done in one of those giant XL Ziploc bags. Note that the big Ziploc had a slow leak, and it was a good thing I put the whole thing in the roasting pan as it sat in the fridge overnight. The aromatics were placed in a little bag of cheesecloth to facilitate removal.

The turkey meat came out fine. The skin wasn’t that brown and crisp, though, possibly because I put the roasting bag on a little too closely, rather than leaving more slack for it to expand. Next time, leave a little more slack for the dry convection heat to work: there was little danger of the plastic bag coming in contact with the top of the oven.

Stuffing: apple chicken sausage and acorn squash stuffing. The sausage and the squash were on-hand ingredients. Add in a standard mirepoix.

Roasted sweet potatoes: four large sweet potatoes, approximately 1″ cubes, plus olive oil, salt, paprika.

Both the stuffing and sweet potatoes (in separate casseroles) went in the oven about 45 minutes before the turkey was expected to be done.

Garlic mashed potatoes. Standard boiled potatoes, mash with garlic, butter and half-and-half. Sprinkle a bit of parsley and sage on top later.

Steamed cauliflower, broccoli, carrots. A little bit of a misfire, in the sense that they were a bit raw. I started the steaming, but forgot to set the timer, and then took the veggies off the heat prematurely.

Brussel sprouts, sauted with balsamic vinegar. Somewhat “eh”. The sprouts wound up a little overcooked.

Cranberry sauce: around 24oz of fresh cranberries, plus 1 cup water, 1 cup sugar, 1 orange rind. The rind was taken out a bit before the cranberries completely cooked down, because the sauce was becoming a bit bitter. A little more sugar was also added.

Mushroom gravy. Baby portobellos, some garlic, a bit of finely chopped onions, 1/2 cup of soy sauce. Sort of following this, but without the wine, and with the addition of the juice from the turkey (the roasting bag is good for keeping the juice in one place: just snip the corner of the bag, and drain out it out into a bowl, for fat separation). This worked pretty well, though there was a bit of a timing problem because the turkey is done and sitting there, and you need time to reduce the gravy, which you may not have. We used the expedient of corn starch.

Apple crisp. Following this, but reversing the proportions of flour and oatmeal. There was a misfire, in the sense of not properly creaming the butter and sugar to begin with. This resulted in “lumpy” crisp mix, rather than something crumbly, before going into the oven. I don’t think anyone noticed, though.

Pumpkin cheesecake. I can’t find a link to the recipe I was sort of working off. Basically, I used a six-inch high-walled springform pan, 8 ounces (by weight) of graham crackers and enough butter to hold it all together to make the crust. 16 ounces of Neufchatel cheese (or whatever that company was calling its lower fat cream cheese), plus one cup of low fat cottage cheese (hey, new technique: unleash the stick blender on the cottage cheese to beat it into smoothness! Use this in places that call for ricotta or cream cheese, if you’re going for the healthier substitutions.), 1 cup of sugar, 3 eggs, 1 can of pumpkin puree. Add with baking spices, and a dash of vanilla extract and (I think) a tablespoon of flour, and beat it all in the KitchenAid until more or less smooth, then pour into the prepared springform. The baking time was a little weird, in the sense that this was a high-walled springform that was filled close to the top (so the volume:surface area ratio is different from using a 9″ springform), and I was using a toaster oven (this was the day before) at 325F. Total time wound up to be around 90 minutes, though the thing bears watching. I might have overcooked it slightly, to make sure the center was properly cooked. I also put the springform pan into a water bath during baking (The toaster oven comes with a solid roasting tray of sorts. Wrap the springform in aluminum foil so the bottom is water-tight, put a water in the tray, then put the springform in there. Stick the whole thing in the pre-heated oven. Replenish the water as it boils off.) to help maintain the temperature and provide a humid oven environment. Cool overnight in the fridge.

Fruit bowl. The usual mix of pineapple, honeydew melon. Plus, Asian persimmons are in season right now, as well as pomegranates.

NYT no-knead bread. Here’s a good write-up. I used a little too much water (the infamous extra 1/8 cup) which made the dough a bit formless. Also, I was using 1 cup of fresh ground whole wheat and 2 cups of white flour. The crumb was very good, but the crust a little tough, though this may have had to do with it sitting around for many hours, before dinner started.

This was, to some extent, a logistics exercise, in terms of, uh, kitchen tasking orders for the various pots and pans, as well as oven time. For example, the bread was done first, with the turkey going in the hot oven more or less immediately afterwards. The apple crisp was started once the sweet potato casserole dish was freed up. The gravy couldn’t be completed until the turkey juices were ready, but this wasn’t a big deal, since you want the turkey to rest for a while after it comes out of the oven. And so on. It was more or less non-stop from 11AM to about 3:30PM, when guests were supposed to arrive. Of course, no one showed up until around 4:30PM, so I suppose the tight scheduling could have been relaxed, say, for the gravy, for a reduction instead of the corn starch thing.

Mansfield Haunted Prison Experience

October 31st, 2006 | 11:03

The previous weekend, we went to Mansfield Prison as part of Grace’s local college alumnae seasonal get-together. While we missed the alum group because of a late start, we did go through the annual the Haunted Prison Experience run at the old prison. It’s the first time we went through one of those Halloween “haunted house” amusements that seem to be all over Northeast Ohio.

We got there as the doors opened, but well after the ticket booth opened, so we waited on line for about an hour before we actually went in, a little after sunset. Here are some shots of the facility from the line:

Mansfield Reformatory pictures

Most of the crowd were younger, with a few clusters of older people here and there (was the alum group one of those?). It was Saturday, and I guess this was date night, with a few haunted thrills before or after dinner, I suppose. By the time we entered the prison, the line had more than tripled in length with the after-dinner crowd. Annoyingly, more than half the people on line smoked.

A large fraction of the Mansfield police force also appeared to be on the grounds. I don’t think they were expecting any awful goings-on; this just happened to be by far the largest congregation of people in the area and you have to provide basic crowd control and traffic direction.

Once we were through the door, the people running the experience sent us through in 10-person groups. The “plot” of the experience was straight out of video game cliche: an experiment in the old prison had gone horribly wrong, and the researchers and subjects have turned into flesh-eating zombies! Throw in interdimensional gateways and give us pump action shotguns, and you have the old Doom. Doom was scarier, though.

Basically, there are dim-lit rooms decorated with somewhat more expensive versions of the Halloween things you find at the local drug store: grotesque figures, skeletal remains, glow-in-the-dark ghouls. There might have been a strobe or two somewhere; I don’t remember exactly. In almost all the rooms, a Halloween Experience employee will jump out from a darkened corner and basically yell, “Boo!” Occasionally, he’ll have a toy chainsaw growling away.

We could see why the groups had to be somewhat separated: the employees needed a moment or two to reset themselves in their dark corners. We were at the back of our group, so all these shocks fired off about 10 feet in front of us, leaving us with only mild giggles. Grace said, “hello there!” to any number of the purported ghouls with their masks.

I spent a lot of time peering up at the remains of the prison. You can glimpse the peeling paint in the dark, and see the outlines of the small cells. Last century’s architecture of incarceration was more interesting than the 20-minute “Experience”, even though we couldn’t see most of it in the dark. Next summer, when the weather is warmer, we need to go back to Mansfield for the guided tours of the facility.

Google Spreadsheet of Buying vs. Renting

October 13th, 2006 | 07:44

The Big Picture has a pointer to this Google Spreadsheet of a buying versus renting cost comparison: .

It’s neat, but you have to save a copy to your own Google account before you can modify the values. There are a couple issues, having to do with dependent variables that aren’t well linked to other cells, e.g., the estimated tax deduction probably can be a formula that takes an expected tax rate and does a calculation against the holding period and the mortgage interest payments. But these are relatively minor.

One big hole, which is alluded to in the document’s notes, is that there’s no provision to calculate the returns on “alternative investments of downpayment.” One can make simplifying assumptions to figure out what this opportunity cost of buying would be: assume you put the whole thing into a CD with a maturity equivalent to your holding period, and ignore the pre-tax/post-tax issues. Depending on the size of the downpayment, this could be many thousands of dollars.

One difficult-to-quantify issue is also the amount of effort and heartache it would take to sell the property, which is something to consider when we hear anecdotes about other people at CCF who take a year to sell a house after they’ve finished their residency and moved out of state. I suppose one could ask text to the spreadsheet that merely asks whether the benefit of buying is worth the effort you expect to put into selling (including, say, double mortgate payments for a few months, etc.). That’s something people have to figure out on their own.

WEP Cracking using Auditor’s Security Collection 2006-06

October 12th, 2006 | 08:37

An associate of mine was challenged to crack WEP by one of his collegues recently. Somehow, this collegue was unaware that WEP is flawed and subject to very fast cryptanalysis, and believed that 128-bit WEP keys were unbreakable.

We picked up two Netgear WG511T PCMCIA cards, got the Auditor’s Security Collection as of around June 2006 (I had tried doing this on my own around then, before realizing that my DWL-630 PCMCIA card is on the non-functioning hardware list) and went to work. The first thing we found was that a lot of the documentation on how to do this tends to be specific to software versions, hardware, etc. For example, to perform the deauthentication attack, the guide from Tom’s Hardware uses the void11 tool, which is specific to Prism cards, but the Netgear has a Atheros chipset. Other sites, such as this wiki seemed to use versions of the software tools that had different options from the ones that came from that particular version of the Auditor’s disk, even though it was a useful discussion of the principles involved. There’s also an entertaining video of a fast WEP crack, but they either skip over some steps or were very lucky in an ARP packet capture.

These are my notes on what I did, with the hardware we had on hand, and that particular version of the Security Collection’s tools. As usual, cracking other people’s WEP without permission is illegal; these are notes in a lab/challenge setting.

1. The first thing is to run kismet to survey the area. The items to record on the kismet scan are the target WLAN’s AP’s BSSID/MAC, the channel, and the MAC of an associated client. “h” will give kismet’s help screen, but the relevant keys to push once the target WLAN is selected is “i” for detailed information on the WLAN and “shift-C” for the associated clients.

2. The Atheros cards have to be put in monitor mode:

# iwconfig ath0 mode monitor channel CHANNEL

where CHANNEL is the channel of the target WLAN.

3. We now sniff for IVs:

# airodump ath0 FILENAME MAC_OF_AP

where FILENAME is the destination of the dump, and MAC_OF_AP is the MAC of the access point.

Note that running kismet first will do something with the config of the card. I couldn’t get the airodump command to run without first running kismet, and running the above iwpriv and iwconfig commands.

There may be more than one WLAN displayed. The column to pay attention to is the one counting the IVs that have been captured. We want this number to be at least 100,000 if we’re targetting a 64-bit key, and at least 200,000 for a 128-bit key. This will be incrementing relatively slowly, depending on how busy the WLAN is.

4. Force the generation of IVs. We will attempt to capture ARP packets, as these are associated with IV packets. When we get an ARP packet, we will replay it, which forces extra traffic at the access point, thereby making Step 3 much faster.

# aireplay -n 68 -m 68 -b MAC_OF_AP -d ff:ff:ff:ff:ff:ff ath0

The “-n” and “-m” options specify the packet min and max size, both set at 68 for ARP packets. “-b” is the source, and “-d” is the (null) destination for the ARP request.

This will tick by, with aireplay reporting on how many packets it’s seen. If it sees a packet fitting the specified criteria, it’ll ask you if you want to use this for replay. I got lucky, and an ARP request came by relatively soon. Using that ARP packet allowed me to spin up the IV counter in airodump, so that I had about 200,000 packets in 5 minutes or so.

Of course, it may take a while before an ARP packet comes by. We can force extra ARP traffic by using a second machine to launch a deauthentication attack against an associated client:

# aireplay -m 26 -u 0 -v 12 -w 0 -x 10 -r FILENAME ath0

So, the airforge command creates a deauth packet from MAC_OF_AP to the MAC_OF_DEST (the MAC of associated client we saw on the kismet survey) and saves it as FILENAME. The aireplay command then just sends the packet from FILENAME out on the wireless. Note the “-x” option is set to send out 10 packets/second, which is good enough to cause a lot of packet loss on a standard ping to the client machine.

The first machine should see the ARP traffic in its aireplay, and we should be good to go from there.

5. Once enough IVs have accumulated, it’s time to run the cryptanalysis program:

# aircrack -m MAC_OF_AP FILENAME

where FILENAME is the filename of the airodump file. You can run this while airodump is still working and writing to the file. On a 128-bit key with around 250K – 300K IVs, I got a crack in a couple tens of seconds. The key will be in hex form. You can go verify this against the access point’s configuration, seeing as how you’re doing this in a lab and have full control over all the hardware.

Dough Techniques

October 10th, 2006 | 07:49

Here’s an interesting piece by someone reverse engineering Patsy’s pizza. I don’t intend to violate warranty/lease/fire codes by disabling the safety features of my oven in order to achieve 800F temperatures, but the dough techniques he discusses are informative.

Pizza is bread, and I’ve started using his “The Wet-Kneading Technique with Autolyze” on, say, multigrain bread. This has generally solved some texture problems I’ve had with the relatively low-gluten dough, and I’ve been getting lighter rolls than I had been. The KitchenAid is a very nice machine, but once the ball forms at the end of the dough hook, it’s not doing much more useful work. The wet kneading solves this by working the gluten much earlier and with material the mixer can actually mix.

Basil Ice Cubes

September 14th, 2006 | 07:17

Catching up on listening to the podcast backlog, I came across this idea for making ice cubes from fresh basil:

NPR : Celebrating Late Summer’s Basil Bonanza

A little too late on my part; I think I missed out on the cheap, abundant, fresh basil at Westside Market. Oh, well, next year.

Interestingly, our building is going condo, and they’ve allocated space on the garden/parking level for “terraces” or “balconies” for the apartments that don’t have them because of the neighboring garage. These spaces aren’t particularly partitioned from the garden, and have no particular access restrictions from the parking garage, so one would not, say, want to keep an expensive grill in the outdoor space because it’d be easy for nefarious individuals to push the thing into the back of a truck and drive away with it, no one the wiser. But keeping a few planters in the area wouldn’t be a chore, I think. Maybe next summer, depending on what’s happening with construction in that area.