Skills

The Weekly Feast – Tofu Wraps

I realize not everyone likes tofu, but let’s face facts: it’s cheap, it’s relatively healthy, and you can cook it in a zillion different ways. I’m in the process of learning how to use it for more meals, and so I’m going to share some of those recipes (the good ones) with you. This one in particular was so yummy that even my tofu-hater was willing to have it again!

Ingredients:

  • block firm tofu, drained
  • ¼ cup soy sauce
  • 1 tbsp dark brown sugar*
  • 2 tbsp unseasoned rice vinegar
  • 1 tsp toasted sesame oil
  • 1 tsp red pepper flakes
  • 1 tsp fish sauce (optional)
  • 2 tbsp cooking oil
  • 1 tbsp ginger, minced
  • 2 cloves garlic, minced
  • lime juice, for seasoning
  • wraps or pitas, for stuffing

Start by wrapping up your tofu in a lint free towel or cheesecloth, and putting it onto a cutting board. Place a cast iron skillet or a baking sheet weighed down with something heavy on top on top of the tofu, and let it drain for at least 15 minutes, or as long as 45 minutes. Don’t skip this, as it helps with the texture of the tofu.

Crumble the pressed tofu into a bowl using your fingers. You want small pieces, with none larger than a pea.

In a separate bowl, whisk together the soy sauce, sugar (*you can use Splenda brown sugar blend or any other sweetener you prefer if you don’t like the regular stuff), vinegar, sesame oil, red pepper, and fish sauce (or if you don’t like fish sauce, you may sub in Worcestershire sauce or mushroom ketchup for umami). The sugar may not fully dissolve, and that’s okay. It will once you begin heating it later in the recipe. Do your best!

In a large cast iron skillet or other nonstick pan, heat the cooking oil over a medium high heat. Add in the tofu, shake it to make an even single layer, and let it cook without stirring until it crisps up and is deep golden brown on the bottom. This can take 5 to 7 minutes. It’s okay to peek to see how it’s doing, but don’t stir it up until it forms that crispy bottom. Once it’s crisp, stir it up (breaking it up if necessary), and try to flip over the pieces to crisp the other side. You want the entire batch of tofu to be crispy, which requires you to let it sit and cook in the oil. It shouldn’t take too long, though.

Once the tofu is crispy, add in the ginger and garlic and stir gently until fragrant. This should take a minute or less. Add in the soy mixture, and continue to cook until the liquid essentially evaporates. This may take up to 10 minutes, but more likely will only take 5 minutes or so.

Spoon the tofu into the wraps or pitas, and add any garnishes you like (such as cilantro leaves, shredded lettuce, tomato, hot sauce, etc.). Top with a light squeeze of lime, then serve.

Notes:

The spicy hot mixes so well with the sweet in this! Too often, tofu is served squishy, and this avoids that problem. If you find that you can’t get a good crisp on the tofu crumbles, you can try dusting it all with a teaspoon or so of cornstarch and then just hand mixing it lightly before frying it. The cornstarch helps it crisp, but also adds to the calories, so avoid it if you can.

flashlight, blackout, power failure, energy, energy crisis, night, dark, supply failure, catastrophe, power supply, power plant, nuclear power plant, oil, gas, natural gas, green energy, error, breakdown, failure, heating, electricity, report, flashlight, flashlight, blackout, blackout, blackout, blackout, blackout, failure

Power Outage

Today I was waiting for clients to get back to me. While I waited, I started installing OpenStack.

So far it has been going well. A few typos slowed things down. Errors are not always clear, but I am now at the point of installing neutron

This is the scary part. The terrifying part.

Neutron interfaces with Open Virtual Networking (OVN). This could be magical, or it could break everything.

OVN sits on top of Open vSwitch, providing configuration.

The gist is that you install OVS, then you add configuration options to the OVS database. This configuration instructs OVN how to talk to its databases.

Once OVN starts talking to its databases, it performs changes in the OVS database. Those changes affect how OVS routes packets.

The physical network is broken into subnets. This is a requirement for high-availability networking. As links go up and down, the network routes around the failures.

On the other hand, many of the tools I use prefer to be on a single network; subnets increase the complexity greatly. Because of this, I created overlay networks. One for block storage, one for compute nodes, and one for virtual machines.

Neutron could modify the OVN or OVS that brings my overlay networks down.

So I’m well into this terrifying process, and the power goes out. It was only out for a few minutes, but that was enough.

The network came back to life.

All but two servers came back to life. One needs a BIOS change to make it come up after a power failure.

One decided that the new drive must be a boot drive, so it tried to boot from that, failed, and just stopped.

All of that put me behind in research, so nothing interesting in the 2A front to report, even though there are big things happening.

The number of moving parts in a data center is almost overwhelming.

Prepping – Sexual Assault

I don’t know if this is really a “prepping” thing, but it’s situational awareness and so I’m calling it prepping today.

Number One Rule: an armed female is a safe female. I believe with all the breath in my body that if every women carried a firearm and was well trained in its use and care, that sexual assaults would nigh on disappear. SA’ers are sorry, loser types who can’t handle real women, and coming face to face with a firearm would make the worm between their legs crawl away in horror. I continually and constantly encourage my women friends to go out, get trained, and pick a quality firearm that they can carry… and then to carry it always. I also believe that safely arming women is the best way to combat the woke shit going on right now, because while the Constitution says we’re equal, Sam Colt guarantees it.

Number Two Rule: people who sexually assault others have declared themselves dog meat, and will be treated as such. I’m not a “dog person” but if the SHTF for real, I’d be picking myself up a good quality mastiff or bulldog, and you can bet your ass I’d be sicking it on anyone who I caught doing such things (or had incontrovertible truth that they had done such things). If I catch you SA’ing someone, I will fuck you up. No, like really. I’m not good with firearms, but I’m hella good with a cast iron frying pan, and I own a ton of them. I catch you, I’ll start with your head, but I’ll end with your balls.

Number Three Rule: women (or anyone, honestly) who lie about sexual assault have proven themselves to no longer be human. And I mean that. I don’t want liars to be prosecuted for lying. I don’t want them to be prosecuted as if they had committed the assault. I want them to be executed. I am strongly of the opinion that the most dangerous thing to women out there is another woman who lies about sexual assault, because it increases the danger for ALL of us. Men and women alike.

So why are you talking about sexual assault today, Allyson?

There are several people in the ren faire community who have been accused of sexual assault. They’re all men, by the by, not that it matters. I’ve met a woman who sexually assaulted men, and I saw her in exactly the same way I saw the males. She was a cretin and she should have been burned at the stake. But I digress… These people come in three categories: known SA’ers, suspected SA’ers, and people who’ve been falsely accused or accused with no credible facts to back it up.

One of the women who had been sexually assaulted three times by different men recently spoke up in the RF community. She chose to post a picture of one of her assaulters and make the post public. And this is where we get a bit dicey. See, perp numbers one and two HAD assaulted her. She went to the police, took them to court, and they were jailed or fined or whatever, and were legally labeled assaulter. All fine and dandy. Perp number three, the one she posted the picture of? She’s “chosen” not to go to the police. And that makes me concerned.

Read More

Network Maps

There was a time when I would stand up at a whiteboard and sketch an entire campus network from memory, including every network subnet, router, and switch.

Today, not only can I no longer hold all of that in my head, my whiteboards no longer exist.

In the first office I rented, I installed floor-to-ceiling whiteboards on all walls. I could write or draw on any surface.

I can remember walking into Max’s office with an idea, asking for permission to erase his whiteboard, and then drawing out or describing the idea or project. Maybe 30 minutes of drawing and discussing.

What surprised me was asking to erase my chicken scratches months later and being told, “No,” because they were still using it.

Regardless, today I need to draw serious network maps.

I have multiple routers between multiple subnets. Managed and unmanaged switches. Gateways and VPNs. I have an entire virtual network layered over the top of all of that to make different services appear to be on the same subnet.

Not to mention the virtual private cloud(s) that I run, the internal, non-routing networks.

It is just to much for me to do in my head.

Oh, here’s one that’s currently messing with me. I have a VPC. It has multiple gateways allowing access residing on different chassis in different subnets. I can’t figure out how to make it work today. Even though it was working yesterday.

I’ll be messing with networks for the next week to get things stabalized.

Prepping – Skills Tree

Everyone who wants to survive upcoming emergencies (long or short) needs to have a skills tree. This is a list of skills that are in your household, as well as any that are overlapped. All good prepper families have lots of overlap, because we know that if one person succumbs (to a virus, to a gunshot wound, to dropping a tree on themselves…), someone else has to take up the slack. When you make your skills tree, be sure to list EVERYTHING that people can do, because you never know what’s going to be needed. If you find holes, you need to figure out a way to fill them. That means bringing someone into your plans, training yourself or someone else up in the missing skill, or figuring out ways to not need it. But plans need to be made.

Basic Skills

These are skills everyone should know. If someone in your group doesn’t know these, educate them, and fast.

  • cooking over a fire
  • gardening (basic, ie you can identify a pea and know how to operate a watering can, etc)
  • sewing (basic, ie you can sew on a button or patch something roughly)
  • triage (everyone should know how to tell how serious an injury is, even if they can’t treat it)
  • shelter building
  • filtering water to make it potable
  • building a fire
  • basic first aid (specifically, treating gunshot wounds, burns, and breaks, because they’re the most likely injuries you’ll encounter)
  • self defence (pick your weapon)
  • basic strategy
  • how to wash clothes with no power
  • where to find basic vitamins (ie you can drink pine needle tea to get Vitamin C)
  • how to find dry firewood
  • how to go to the bathroom when you have no indoor plumbing
  • how to care for a newborn and its mother
  • how to read maps (both standard ones and topographical)
  • how to use a compass
  • general problem solving/logic skills
  • record keeping (write down what you do and how it’s done, for future generations)

Read More

FBEL- Baking Bread

There are all sorts of old timey skills that are useful in a SHTF scenario, but knowing how to bake bread will be high on the list. At one time in history (ie anytime prior to 1930), pretty much everyone had at least a vague idea of how to bake bread. If they hadn’t done it themselves, they at least had witnessed it being made. The modern grocery store killed the last of the bakers, though. Baking, even the “bougie” artisan stuff, is done largely by machine these days. Why bake when you can just pick up a couple of loaves at the store? And store loaves last for weeks and weeks, while fresh bread goes moldy after only a few days.

When you have access to store bought bread, that’s fine. But what if you don’t? What if … oh, say a pandemic happens, and all the grocery stores are out of EVERYTHING, and you can’t find store bread? The bottom line is you need to know how to make your own.

There are simple loaves, no knead recipes that come together quickly with a minimum of mess. There are complex loaves that require multiple rises and tons of work. I tend to go for bread somewhere in the middle. Two rises to develop the gluten and make for a lovely, crusty bread that will hold together as sandwich exterior. A nice mix of flours. Standard yeast. It’s not a difficult loaf, if you know how to bake.

On Sunday, I held a class for six people at the Fort at No. 4, where I taught them how to make bread. From scratch. In a wood fired bake oven. We had a real range of students. One was a reenactor from the current iteration of Roger’s Rangers, who simply hadn’t learned to bake in the beehive and really wanted some help. One was a complete bread virgin but the price was right and how exciting to get to hang out in a fort and cook bread? The two couples were doing the lessons as a sort of “date day” thing, and were at varying levels of having attempted bread. One of the guys was a baker at a big company, but had never made bread with nothing more than a wooden spoon and a bowl.

We started out the day by adding yeast to warm water, and feeding it a bit of sugar. I explained that we were fermenting the yeast, letting it become active. While it isn’t necessary with dry active yeast (which is what we were using), it’s a good habit to get into. While our yeast was waking up, we went out to start the fire in the beehive oven. Everyone brought some wood, and I had already split kindling and had scraps from Chris’s day in the workshop on Saturday, so the fire started up quickly. Once it was loaded up and roaring, we were off to the kitchen again.

We slowly added our flour into the water and yeast mixture, then stirred with a wooden spoon. Once we had most of the flour in and the dough was forming, it got turned out onto the table, and we started the kneading process. Everyone has sore shoulders this morning (except me), because when kneading entirely by hand, it takes about 20 minutes. They all had various problems with their dough as we kneaded, and I was able to explain a variety of possible failure points. Everyone ended up with a decent “silky smooth” ball of dough, and we set that to rest.

Read More

The Weekly Feast – To Boil Fowls and Cabbage

To boil fowls and cabbage.

We’re leaving the 15th century behind, at this point, and moving boldly into the 18th! This recipe comes from The Compleat Housewife, written by Eliza Smith in England in 1773. Today’s recipe is entitled, “To boil Fowls and Cabbage” and is another forced meat yumminess!

Ingredients:

  • a well shaped cabbage
  • savory forced meat
  • 2 eggs
  • 2 whole chickens, cooked
  • “some” melted butter
  • slices of bacon

Pick yourself a nice, sizable cabbage, peel off a few of the outer leaves until it looks clean and good, and then use a sharp knife to cut off the top (like a lid), then cut out the inside of it. You want to form a cavity, in which you can put your meat, but it doesn’t have to be anything special. Set aside the removed bits of cabbage to stew up as a side dish.

Mix together “savory forced meat” (generally this means any ground meat mixed well with spices that you like, and I use a nice chub of country ground sausage meat) with two whisked eggs, so that it’s well distributed. Put the meat and egg mix into the hole in the cabbage, then put the “lid” back on. Wrap the stuffed cabbage with a cloth (cheesecloth or even a tea towel tied in place with kitchen string works well), and lower it into a large pot of lightly salted boiling water. Boil until the exterior of the cabbage is tender, and the meat inside is fully cooked (anywhere from 45 minutes to 3 hours, depending on the size of your cabbage and the rate of your boil – you want the meat inside to register AT LEAST 160°F to be food safe).

While your cabbage is cooking, roast up a couple of chickens or warm up some rotisserie chicken. Place these on a large platter, and then put the stuffed cabbage (removed from its cloth prison) in between them. Over everything, place several slices of cooked bacon, and then drizzle it with some melted butter.

This makes a lovely presentation, and is quite historically accurate to the 1750s!

Business woman drawing global structure networking and data exchanges customer connection on dark background

Virtual Devices

When I started to babysit Cray Supercomputers it was just another step. Massive mainframe handling many users, doing many things.

But I quickly learned that there are ways of making “supercomputers” that don’t require massive mainframes. My mentor used to say, “Raytracing is embarrassingly parallel.”

What was meant by that is that every ray fired is completely independent of every other ray fired. His adjunct program rrt was able to distribute work across 1000s of different compute nodes.

We were constantly attempting to improve our ability to throw more compute power at any problem we were encountering. It was always about combining more and more nodes to create more and more powerful compute centers.

Which moved the bottleneck. We went from being CPU starved to being memory starved to being network starved. So we added more network bandwidth until it all balanced out again. Until we bottlenecked on networks again.

After his passing, I did work with a company that supported multiple large corporations.

I was introduced to VMware. A virtualization framework.

Instead of taking “small” computers and joining them together to create larger computers, we were taking “medium” computers and breaking them into small virtual devices.

What is a virtual device

A virtual device is nominally a network interface, a virtual disk drive, or a compute instance.

To create a virtual computer (instance), you tell your vm manager to create a virtual drive, attach it to a virtual computer, attach a virtual DVD drive, allocate a virtual network interface, and boot.

The virtual drive can be a physical drive on the host computer. It can be a partition on a physical drive, it can be a file on the host computer, or it can be a network-attached drive.

If you attach from the host computer, you can only move the drive to other instances on the same computer.

If you attach a network-attached drive, you can only move the drive to other instances with access to the network-attached drive.

I use libvirt for my virtual manager. If I expect the instance to stay on the same host, I use a file on the host computer. That is easy.

If I need to be able to migrate the virtual computer to different machines, I’ll use a Ceph Raw Block Device or a file on a shared filesystem.

What are the cons of using a virtual machine

It can be slower than a physical device. It doesn’t have to be, but sometimes it is.

While you can oversubscribe CPUs, you can’t oversubscribe memory. Memory is always an issue with virtual machines.

When the network isn’t fast enough, network-attached drives will feel slower.

And the big one: if the Network Attached Storage (NAS) fails, all instances depending on the NAS will also fail. Which is why I use Ceph. Ceph can survive multiple drive or node failures.

Another big con: if a host computer fails, it will cause all virtual computers running on that host to also fail.

What are the pros of using a virtual machine

It is trivial to provision virtual machines. There is an entire framework OpenStack that does exactly this. Using OpenStack you can provision an instance with just a few simple commands.

You can migrate an instance from one host computer to another. Even if the disk drive is located on the host computer, it is possible to move the contents of that drive to another host computer.

If you are using a NAS, you can attach a virtual drive to an instance, work on it with that instance, then detach that virtual drive and attach it to a different instance. This means you don’t have to use over the wire data moves.

You can also increase the size of a virtual drive, and the instance can take advantage of more disk space without having to be rebooted or any downtime.

Besides increasing the size, we can attach new drives.

This means that storage management is much easier.

Virtual Networks

The host computer lives on one or more physical networks. The instances can be bridged onto that physical network.

The instance can also be protected behind a Network Address Translation (NAT) service. This gives complete outbound connectivity but requires extra configuration for inbound.

But an instance can be placed within a Virtual Private Cloud (VPC). A VPC provides the complete internet IP space to the instance (or instances).

This means that user A can have their instances on 192.168.100.x and user B can have their instances on 192.168.100.x with out collisions.

None of user A’s traffic appears in user B’s VPC.

VPCs can be connected to share with gateways. When this is done, all the VPCs must use non-overlapping subnets.

In other words, 192.168.100.1 on user A’s VPC cannot communicate with an instance on user B’s VPC at address 192.168.100.55.

But if user A agrees to use 192.169.100.x and user B agrees to use 192.168.99.x then the VPCs can be connected with a (virtual) router.

Using a VPC means that the user must use a gateway to talk to any other VPC or physical network. This places a NAT service in the gateway.

A physical address is assigned to the gateway, which forwards all traffic to one or more VPC IPs.

Conclusion

While every infrastructure manager (network manager) needs to know their VM Manager. They all work in similar ways. If you know the basics, the rest is just a matter of finding the correct button or command.

This stuff is easy once the infrastructure is set up.

Prepping – The Book List

Cyber security concept. Data protection and secured internet access. Identity info.

Password Managers

People do a poor job of creating, managing, and remembering passwords. We are horrible at making random numbers and worse at creating things that are random-like but we can remember.

Part of this is because of the rules put in place by NIST and ISO. ISO 27001 has this to say about passwords:

Length
Shorter the password, easier it is to crack. The minimum acceptable length for a strong password is at least eight characters.
Complexity requirements
Creating a lengthy password is effective only as long as it is difficult to crack. Your name, city, pet name, and so on may have more than eight characters but are weak passwords that are easy to guess.
Characters
Continuing on the previous point, the key to a complex password is a mix of lowercase, uppercase, numbers, special characters, and symbols.

As computers have become faster, the need for better passwords has also increased. Brute forcing a password has a simple cost formula:
complexity length 2
For example, if the complexity is all uppercase letters and the length of the password is 8 characters then we have:
26 8 2 = 104,413,532,288

Which might look like a large number, but in computer terms isn’t really. As the complexity goes up, the final number goes up. Adding length causes the number to go up even faster. Consider adding the set of numbers, 0-9 to our complexity verse adding one more character to the length of our password.
36 8 2 = 1,410,554,953,728
And adding one more character to the length:
26 9 2 = 2,714,751,839,488

Adding just one extra character gives us nearly twice as many values to test.

Oh, the divide by 2 is the average number of tests before we guess right.

If the characters are not truly random, the number of guesses decreases substantially. Using names or words, even with character exchanges, produces a much smaller search space. Regardless, the formula stays the same, even if the vocabulary changes.

Consider just using a 3-word passphrase:

104,334 3 2 = 567,868,237,365,852

As you can see, using a passphrase increases the search space incredibly. The only requirement is that the search space of the letter search meet or exceed the search space of the word search.

Unfortunately, many password methods do not handle long passwords well. In early Unix times, no matter how long of a password you entered, only the first 8 characters were used.

Which brings us to

Password Managers

A password manager stores passwords in an encrypted form and retrieves them for you on demand.

For a password manager (PM) to be acceptable to the users, it must interface with the users browsers and other tools that need passwords. This means it must have a mobile app. If it does not, it will not be used.

The PM should monitor applications for password requests and autofill those requests.

The PM must lock itself after a certain amount of idle time or browser/device restart.

Finally, and in some senses, most important, the PM must be secure from data breaches.

To be secure from data breaches, the PM should never store credentials in clear text.

LastPass

This is one of the better-known PMs. While it had a good track record, there was a data breach and credentials were exposed.

One of my clients used LastPass, so I used it. I never particularly liked it. When I could, I moved away from it.

One of the big downsides is that it requires a live, active internet connection to function. No network, no access.

Keeper

I have used Keeper. It is a well-rounded PM with all the expected features. It stores all credentials encrypted by your password. They can’t access your credentials even if they wanted to. Since they can, your passwords cannot be exposed in a data breach.

One of the strong points of Keeper is the ability to share “folders.” You can have a folder for passwords related to a single project or client and share that folder with other users, inside or outside the organization.

The ability to share passwords means that the administrator can update a shared password, and every member with access to that password gets the change immediately.

Shared folders requires a paid tier.

There is also the ability to store small files securely.

The one downside I discovered with Keeper is that it too requires an active internet connection to function.

We were on a long road trip when my kid ran us out of data on my mobile plan. They consumed nearly 10GB of data in a little over 6 hours.

This left me in the position of attempting to log into my provider’s website using credentials stored in Keeper. Except that the amount of bandwidth available to me was so low that it took 30 minutes to get that password and login.

BitWarden

This is my current PM of choice. It provides all the features of Keeper with a few that appeal to me.

First, it is can be self-hosted. This means that all the data security is provided by me. With the self-hosted version, I can offer PM services to anybody at cost to me.

When you move up to any of the paid tiers, the lowest being $4/user per month, you get the ability to create organizations and then share a collection (folder) with that organization.

The mobile application does not need to have Internet access to function, though you might need to request a sync if there are recent changes to your vault.

All data is stored encrypted. The key to decrypt your vault is your master password. Even if there were to be a data breach, your password would still be secure because decrypting your passwords requires your master password.

The BitWarden allows for the use of a Personal Identification Number, or PIN. Unlike most PINs, the BitWarden PIN can be any number of digits. I find that it is easier to remember a number sequence than to remember random character strings.

You can set when the master password is needed to unlock the vault.

If you happen to forget your PIN, you can still unlock your vault with the master password.

Like all good PMs, BitWarden offers two factor authentication (2FA). It supports YubiKeys and TOTP options. TOTP is commonly referred to as an authenticator.

You can use a secondary authenticator for your 2FA to access BitWarden. But you can also use BitWarden’s integrated TOTP generator.

The pricing appears to be reasonable: $4/user per month for “small teams” and $6/user per month for enterprise-level features.

Psono

This is another self-hosted option. It does not seem to have the same polish as BitWarden. It would be my choice if I were just playing.

Conclusion

If you are not using a Password Manager, now is the time to start. For my readers, I’m willing to give you a free account on our BitWarden server, though you are likely better off using BitWarden’s free offering.