Brew 20 -- Blackberry Honey and Cherry Mead

This was a completely unmeasured, throw things together and see what happens kind of mead. I took 6lbs of Blackberry honey, about 2.5 gallons of water, a handful of dried cherries I nuked in the microwave, a very generous pinch of yeast nutrients, and some dried champaign yeast from which I made a starter the day before. If it's good, well, I'll probably never be able to make it quite the same again!

Date of Mixing: November 30, 2005
Ingredients

• Honey: 6lb Blackberry Honey
• Fruit: 2.2 oz dried Cherries
• Water: circa 2 gallons
• Other:About 2t Yeast Nutrient

Original Specific Gravity: 1.082 (quite low)
Expected Final Specific Gravity: 0.998
Expected Alcohol Content: 12%
Gallons in Fermenter: about 3 gallons
Yeast: Red Star dried Champaign yeast
Quantity: 900mL
Time of Pitching: 23:00

Beer cures cancer!

According to this article, there's a nutrient in hops which helps prevent cancer. In the interest of overhyping, please ignore the scientist in the article who says "We can't say that drinking beer will help prevent cancer". He's clearly just being modest.

Goodbye Treo, part I : the Palm TX

My Treo 600, for the most part a wonderful device, is starting to die on me. At least, it sure seems that way. The phone starts buzzing a lot once the battery gets low, where low is defined as "less than 70% capacity left". You'll note that this is not the usual definition of low.

The problem is that T-Mobile doesn't support the 650, and I'd rather not get a windows phone. So, I decided it's time to separate functionality. Perhaps, if the pda and the phone can connect via bluetooth, then the effect will be almost the same as an all in one device, without the comforting "all your eggs in one basket" feeling.

I decided on the Palm TX for the PDA. It's a little bit larger than the treo, but has a beautiful 320x480 screen, about 100 megs of ram on board (pause to contemplate the 16k memory on my first computer), and built-in WIFI and bluetooth.

So far I've been pretty happy with it. The WIFI had one problem: The symptom was that the web browser would say that "page cannot be found". The router confirmed that it had given it an ip address though. I tried the usual connectivity check: I put the IP address of google.com in it and that worked just fine!

So for some reason my router was not serving domain names to the pilot. I checked the status of the connection on the pilot, and it confirmed that the proper DNS entry was there. Doing a bit more searching I saw a post where someone suggested overriding the DNS entry. I put in SBC's DNS server, since I use their DSL. This worked just fine.

It is nice having a machine that will hotsync now. The network sync over t-mobile's internet service was dreadfully slow... on the order of 150 bytes per second. And I could never get the usb cable to work with it either. Syncing over 802.11, on the other hand is wonderful.

So that's one half of the story. The other half, hopefully, will arrive tomorrow.

Other notes:

• The address book has been expanded. It now stores a small thumbnail photo of the contact if you like, and many more entries such as birthday (doesn't seem to be any good way to select the year, though... you have to scroll back year by year), IM address, web page. There's also an option to "tap to connect", to activate a bluetooth phone or the versa mail client.
• The versa mail client that is included has a gmail setting included, which is nice, but I had to override the outgoing SMTP port. It was set to port 25, but it should be 587. It occurs to me that downloading all my mail, composing replies on the El when I go to work, and uploading the changes when I reach the office could be a good use of time.
• The package came with three screen protectors, which seem to be very good quality, and a hard case cover. Nice touch.

Brew 19 --- Woodbridge Ranch 11 Cabernet Sauvignon

Today I started Brew 19. It's a Cabernet Sauvignon kit, from Wine Expert's Selection Estate Series. The last kit I bought from them made excellent wine, so I decided to get more. This is a 16 liter kit. Specs:

• Serial Number: 0406705 (in case something goes wrong and I need to call the company later)
• Grape: 16L Cabernet Sauvignon
• Water: 3L
• Additions: Benotite, Oak
• Yeast: Lalvin Bourgovin RC 212, 5g powder

I put the oak in a cheesecloth bag, sewed it shut, sprayed it with Sodium Metabisulphite to make sure it was sanitized, and put it in the juice. Hopefully that will prevent it from clogging up the collection bottle.

The specific gravity was 1.102. The wine will probably be 13% ABV when the time comes.

I ordered two more kits from Northern Brewer. A Chilean Carmenere/Cabernet, and a Nebbiolo d'Alba. These two are limited edition specials. They release four a year, once a month, from January to April. Northern Brewer has a special where they will send it with free shipping if you preorder the kit. This is important, because my normal supplier, Morebeer.com doesn't ship the 16L wine kits for free anymore. (Not that I blame them, those are 40 pound kits!) Free shipping on these two kits will save $65.

One problem with these kits: it's best if you let the wine sit in the bottles for 6 months before opening. My first batch didn't last that long. It was very good. :-) I think the only solution is to make lots of it to start with, and count on buying wine for the next six months. Once the "pipeline" is established, it will be a lot easier, since there will be stuff that's "ready" while the new stuff is sitting around getting good. The downside: 1. waiting is not one of the American virtues, and 2. I figure I'm going to need at least 120 empty bottles in order to get up to capacity. I have 30 now. Needless to say, I'm starting to encourage my friends to save their bottles for me.

While I'm at it, there is sad news to report about Brew 18... some uninvited molds had a party and drank it all. I suspect it was the problem with the oxygenation---I forgot to oxygenate the wort until three days later when I noticed there was no fermentation going. Live and learn.

Adventures on the CTA: Having a Louis Moment

Last night, at about 10:30, I was on the El platform when someone yelled "Matt!" from behind. It was Jenny G., a good friend I had not seen in 12 years. We were mutually impressed that we recognized and remembered each other.

And to think, this kind of thing happens to Louis all the time....

Sony vs. their customers

Apparently Sony has been caught selling a CD that will put a trojan program on your computer if you play it on your CD. From the reports, it appears the program was badly written: it uses up 2% of your CPU time, whether you are playing the CD or not. (Two percent isn't so bad. Unless you get a different version of this software each time you put a Sony CD in your drive. Can you imagine 10 different versions of this running at the same time?)

If you try to remove the software, it disables your CD Rom Drive. And worse, it's written in such a way that if anyone else wants to put a virus or spyware on your computer, they can use Sony's software to hide themselves from the spyware removal programs you should be running.

Without question this is incredibly unethical, and it is also most likely illegal. Sony has gone on record (ha! I didn't even mean that pun!) saying that they feel they have the right to do this.

Of course, I use Linux, so this doesn't affect me. Well, at least not until my windows using friends need me to take this off their computer. But until Sony issues a statement apologizing and promising never to do this again, I will never buy any music from them again. Or their computers for that matter. I suggest you seriously think about taking the same stance.

The real pity of this is that the only people inconvenienced by this are the people who purchase Sony's music legally. If you steal this off the net, you won't have any problem---at least, not with Sony's malware. The blots on your soul and other hazards of online theft are yours to keep. But if Sony is so worried about people stealing their music, breaking the computers of people who buy their music legally seems counter-productive somehow. I feel badly for the artists affected by this....

Blocking Script Kiddies

When you administer your own unix box, one of the things you find out (if you pay attention to the log files) is just how often someone tries to break in. Lately there have been tons of people using secure shell to do a "brute-force" attack: try all the usernames and passwords you can think of an hope one matches. It uses up a lot of CPU time because they try sometimes a couple of hundred connections before giving up.
I decided I was sick of it, so I wrote a script to monitor the log and block the IP address of anyone who tries more than 5 times to connect.

#!/usr/bin/ruby

p = IO.popen("tail -f #{ARGV[0]}")
#p = IO.popen("cat #{ARGV[0]}")

$bad = {}

def log(ip)
   if $bad[ip] == nil then
      $bad[ip] = 1
   else
      $bad[ip] = $bad[ip] + 1
   end

   if $bad[ip] > 5 then
      system("/usr/local/sbin/ipdrop #{ip} on")
      m = IO.popen("/usr/bin/mutt -s 'Dropped IP #{ip}' mattoxbeckman@-----.com","w")
      m.write("IP address #{ip} has been blocked for excessive ssh failures.\n")
      m.close
      print "Blocking IP #{ip}\n"
   end
end

p.each { |x|
   if x =~ /.*sshd.*Invalid user.*from ([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/ then
      log($1)
   end
}

This morning after I got back from teaching I found an email in my box; some script kiddie at 211.22.84.102 got blocked! I checked the logs and found this.

Nov  2 10:26:22 calvin sshd[22502]: Did not receive identification string from 211.22.84.102
Nov  2 10:30:01 calvin cron[22507]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons )
Nov  2 10:31:07 calvin sshd[22523]: Invalid user test from 211.22.84.102
Nov  2 10:31:09 calvin sshd[22528]: Invalid user test from 211.22.84.102
Nov  2 10:31:11 calvin sshd[22533]: Invalid user test from 211.22.84.102
Nov  2 10:31:13 calvin sshd[22538]: Invalid user test from 211.22.84.102
Nov  2 10:31:15 calvin sshd[22543]: User guest not allowed because shell /dev/null is not executable
Nov  2 10:31:22 calvin sshd[22558]: Invalid user prova from 211.22.84.102
Nov  2 10:31:24 calvin sshd[22563]: Invalid user prueba from 211.22.84.102
Nov  2 10:33:25 calvin sshd[22568]: fatal: Timeout before authentication for 211.22.84.102

After the fifth attempt, my log watcher ran the command to block the IP. During that time, our kiddie initiated a sixth attempt (for prueba). The last line is fun. The IP got blocked before they could try a password. :-)
Okay, so I'm a geek. But a pretty satisfied one.