mattscott.org

My article relating to this was accepted and posted in the official 3CX blog.  You can read it here.

I made yet another batch of mead today.  This batch had the usual 15 lbs of honey in it but this time I also added cinnamon, allspice, nutmeg, cloves, and two vanilla beans.  It should prove delicious.  We’ll find out for sure in about a year.

I need to rant.

What is the deal with American Cheese anyway?  I don’t understand how people can call it cheese at all?  What’s sad is that it is the type of “cheese” that many people in the U.S. were brought up on so they continue to buy it not even knowing that something that doesn’t taste like processed pond scum is readily available.

According to Wikipeda Kraft Singles contain:

“milk, whey, milkfat, milk protein concentrate, salt, calcium phosphate, sodium citrate, whey protein concentrate, sodium phosphate, sorbic acid as a preservative, apocarotenal (color), annatto (color), enzymes, vitamin D3, cheese culture.”

What is milk protein concentrate anyway and why does color need to be added?  What color would these things be if they didn’t change it?

Velveeta is even better.  According to another Wikipeda article about Velveeta “In 2002, the FDA warned Kraft that Velveeta was being sold with packaging that described it as a ‘pasteurized processed cheese food,’ which the FDA claimed was false (’cheese food’ must contain at least 51% cheese). Velveeta is now sold as a ‘cheese product,’ using a term for items that contain less than 51% cheese.”

Cheese product?  Less than 51% cheese?  I sure am glad that the FDA has such standards as to ensure that something called cheese is more than half made of cheese.  It’s no wonder that all you have to do to make a product sound substandard is to paste the word American on the front of it.  Are we that stupid?  What is the matter with real food anyway?

I’m done…for now.

I have a customer that has felt it necessary to secure the network ports in their conference rooms. The goal was to make it impossible for untrusted computers to access the LAN and if possible dump them on to a VLAN that would allow them only Internet access. Rather than detail the whole project I’ll just provide a couple of links that helped me out and explain a couple of difficulties I faced. I am still working on the guest vlan portion of the project and will update the config below when that portion of the project is complete.

Switch Configuration

We used a Dell PowerConnect 6248 switch in this case. During R&D for this project I also made 802.1x authentication work on a PowerConnect 6024 and a Cisco Catalyst 2950 series. I actually made things work with the Catalyst first by following this article http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/Sw8021x.html. The important bits of the config for the PowerConnect 6248 are as follows:


*snip*
! This enables dot1x globally
dot1x system-auth-control
! This sets up the radius server. 192.168.1.5 is a Windows Server 2003 server running IAS
aaa authentication dot1x default radius
radius-server key "abcdefg"
radius-server host 192.168.1.5
exit
!
! This port requires authorization. This is the default.
interface ethernet 1/g1
exit
!
!This port is forced into an authorized state.
interface ethernet 1/g2
dot1x port-control force-authorized
exit

Windows Client and Server Configuration

To configure the clients and server I used this article: http://alextch.members.winisp.net/802.1x/Defending%20your%20internal%20network%20with%20802.1x%20and%20Microsoft%20PKI.htm.

This article pretty much got me where I needed to be but here’s a couple of things to note.

1. You have to make the registry change found on Page 13. There doesn’t seem to be any way around it. If you find one, let me know. The plan is to make the change in a logon script.
2. How your computer names are stored in the certificate issued to the clients is important. The default settings had been changed on the system in this case and this caused some problems. I successfully used a Subject Name Format of None and checked DNS name. I also used a subject name format of Fully Distinguished Name with nothing checked underneath. I do not fully understand these options so YMMV.

Keeping that in mind you shouldn’t have any problems implementing this using the two articles that I linked to. I may eventually get really motivated and take screen shots.

UPDATE!

I spent manyl hours over the last couple of weeks trying to get this to work well in production.  We were seeing very odd behavior.  At times ports that had been moved to the guest vlan would mysteriously be moved vlan 1 once the host was disconnected and would stay their for long periods of time.  Vlan 1 does not normally contain any ports with this configuration.  At once point we had two ports stay in vlan for more than eighteen hours.  It was weird to say the least.

We tried my Catalyst 2950 in the customer’s production environment and it worked perfectly and exactly as I would expect it to.  We finally gave up on the PowerConnect and my customer decided to just buy some used 24 port Catalyst 2950s.

What we ended up doing was creating a trunk port on the PowerConnect 6248 that supplied both the guest and trusted vlans to a trunk port on the catalyst.  Since my Catalyst is not layer 3 capable the PowerConnect still handled routing, DHCP relay, and ACLs.  The Catalyst was just responsible for 802.1x.

When I get my switch back I’ll post the important bits of the config.

I now have approsimately ten gallons of mead fermenting.  My brother’s fiance tasted some of last years mead a couple weeks ago and decided that she wanted it to be served at her wedding.  So I got to work.  I made two batches.  One is exactly the same as last years.  Bascialy there’s honey, water, and sweet mead yeast in the bucket.  I decided to mix it up a bit though and used a dryer wine yeast for the second batch.  It’ll be interesting to taste the differences.  I expected them to be delightful.

Here is a contest from Along for the Ride to win a bunch of great slings!

<a href=”http://www.alongfortheride.biz/contest-s/49.htm”>Win the Essential Babywearing Stash from Along for the Ride (one Beco Butterfly, one Hotsling baby pouch, one BabyHawk Mei Tai, one Zolowear Ring Sling, and one Gypsy Mama Wrap)</a>

And here is a contest from Nature’s Child to win a starter set of cloth diapers!!

http://blog.thenatureschild.com/2008/06/beat-heat-summer-con-
test.html

(Matt wants you to know that this post was written by his dearest love)

I recently had the opportunity to setup Automatic Proxy Detection for a customer. I’d never taken the time to figure it out before. It worked in both IE and Firefox and was kinda neat.

It turns out that when you start your web browser and you have automatic proxy detection enabled it attempts to find a file at the URL http://wpad.yourdomain.tld/wpad.dat. In my case it would try for http://wpad.mattscott.org/wpad.dat. If that file is found it runs the javascript in it and sets the proxy settings to however they are defined in the wpad.dat file. Here’s what we did. I’m using example.com as my domain to protect the guilty.

Create a DNS Record

We created a CNAME for wpad.example.com that pointed to a web server. In this case a Microsoft Small Business Server 2003 running IIS. An A record would work okay too but given the fact that this will probably never be a server’s primary name record a CNAME made sense to me.

Create wpad.dat

Now you need to create your wpad.dat file. We found several examples on the web. Here’s an example. Google can help you find more:

function FindProxyForURL(url, host)

{

if (shExpMatch( host, “192.168.1.*” )

|| shExpMatch( host, “127.*” )

|| shExpMatch( host, “localhost” )

|| shExpMatch( host, “*.example.com” )

|| isPlainHostName( host )

|| dnsDomainIs( host, “.example.com” )) {

return “DIRECT”;

}

return “PROXY proxy.example.org:8080;”;

}
The first section inside the if block tells the browser to connect to the destination server directly if one of those conditions are met. You’d normally do this to bypass your proxy for a host on the local LAN. The second section is where you define the proxy for use with everything else. It’s just a javascript function so you could probably go pretty crazy with the thing if you wanted to.

Once you’ve created your file copy it to the root of your web server. One thing that we noticed was that IIS wouldn’t server the file initially because it didn’t have a mime type for a .dat file. So we added a mime type of application/x-ns-proxy-autoconf for .dat files and we were good to go.

Create a DHCP Scope Option

The last thing we did was create an option in our DHCP scope to define where your wpad.dat file is. I don’t believe his isn’t strictly necessary since a machine should generally attempt to connect to a host called wpad in its own domain. I see it as a good idea though because you might run into issues if you ever have guest machines on your network or if you are using some sort of split DNS tunneling over a VPN client or something like that. It was a recommended step so we did it in DHCP on a Windows Small Business Server 2003.

Create an Option 252 Entry in DHCP

To create an Option 252 entry in DHCP, do the following.

Unless I left something out, that about does it. All you should have to do is to check the Automatic Proxy Detection box in your browser and you should be good to go. In Internet Explorer you can sort of push this setting down via GPO. Of course it’s one of those whacked out policies that users can mess with if they know how. In Firefox I am not aware of a way to automate this but I’m sure somebody’s written something.

Enjoy!

So. I was doing some reading this weekend about parasitic worms. I do crazy things sometimes. I found the life cycle of the hookworm most interesting. Here’s a worm whose larva can be absorbed right through your skin. Then they ride around in your blood and get stuck in your lungs. At this point their journey is just beginning. These little guys burst the capillaries in your lungs and then begin the long crawl. They worm their way up and out of your lungs and then down into your stomach. All of this happens without the host having any idea what’s going on.

One in your small intestine their work is pretty much done. At this point they latch on, drink your blood and mate with each other. Just one great big hookworm party.

If you are interested, Google knows lots of stuff about the hookworm. If you don’t feel like typing, click here http://www.google.com/search?hl=en&client=firefox-a&rls=com.ubuntu:en-US:official&hs=c1G&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=hookworm+lungs&spell=1

I tried the mead I made last summer tonight. It isn’t bad. It could probably stand to age a little more but I wouldn’t be ashamed to serve it. Two glasses has be barely able to blog. Glad their’s a spell check.

Well, I’m finally doing it. Here’s my Wordpress blog. Now all I have to do is figure it out!