Pages

Tuesday, September 4, 2012

Labor Day Camping in South Haven, MI



Took the new bike on its first long trip to South Haven, MI for some Labor Day camping. Total round trip mileage: 260. Total time on the bike: 20 hours.

Click for more Photos

Thursday, August 30, 2012

What I've been up to for the past two weeks... Bike Build

I decided earlier this summer that I was in need of a bicycle upgrade. My Motobecane Mirage circa 1975 road bike, which was purchased from a used bike shop in town, had been a smart investment and still works great for getting around town, but after a broken pedal, bent chain ring, and several flats during weekend trips, I realized the time had come for a ride the better suited my needs. I also decided that since I enjoy doing long, unsupported overnight trips it was time for me to better understand bicycle components and maintenance. What better way to do that than to build this new bike myself? So I set out to do some research.

After looking at over a dozen frames I finally settled on a Soma Double Cross. Why, you ask?

  • I often carry load on by bike for long rides, but I wouldn't consider what I do most to be loaded touring (carrying 80+ pounds cross country for months at a time). Generally the weight is less than 40 pounds, and I wanted something that was build with a more aggressive, speedy geometry than something like the Soma Saga or the Surly Long Haul Trucker. The Double Cross fit the geometry I wanted, being build for an aggressive posture but with a bit more length in the chainstays so that bags don't interfere with feet.
  • The double cross is a cyclo-cross frame, meaning that it is build for racing, but unlike road racing, must be able to handle off-road riding. As such, these bikes must be just as sturdy as they are fast.
  • As I do carry some weight basically all the time, I am not concerned with the frame or components being ultralight. The Double Cross is a steel frame with a bit more weight to it than an average road frame, which will help to control weight on the back as I ride.
Double Cross frame and fork in stand
The process of building up from parts was a long one. Some of the parts took weeks to come in, other orders came in with the wrong parts. I began the research process in mid June, and did my first ride during the last weekend in August.

In addition to assembling the bike, I also built the wheels myself. Hand built wheels are far superior to wheels build by machine, as machined wheels are trued by spoke tension measurements and do not accommodate for variances in rim or spoke construction. Learning to build wheels was a slow process at first (I think I put 6 hours into my first one!), but I learned a great deal about how and why the bicycle wheel works the way it does which will prove very useful while out on the road.

Soon-to-be bicycle wheels

After many late nights over several weeks, I took my new ride out on its first real test last Friday, riding 85 miles to Bourbonnais, Illinois where my family was helping my sister move in to college. The ride was insanely hot and very uncomfortable, as the Soma (new bike) is set up very differently from my Mirage (old bike), but the bike itself held up very well. I had to stop a few times to adjust the breaks, as the new cabling was still stretching and settling, but beyond that all components performed very well. I am riding out again tomorrow on a 130 mile journey from Chicago to South Haven, MI for some labor day weekend camping. Hopefully all goes well!



Monday, July 16, 2012

Brew Day - Australian IPA


It was a sweltering 90 degrees on this particular Sunday, so we decided to do what any old Chicagoan does to beat the heat... brew a beer. Shane took a trip over to the local home brew store, and was sold on a kit for a IPA using a rare Australian galaxy hop known for its citrus and passionfruit aroma. Opening one of the hop packets for a sampling got us very excited about this beer.

The process, by far, went more smoothly than it ever has before.

Since this is my first post, I'm going to go through the general process for brew day:

  • Steeping the grains: Heating the fresh malts to between 155 - 165 degrees. The purpose is to release the sugars from the malts.
  • The Boil: We add more water to the steeped grains, as well as malt extract. We also added hops in 3 stages:
    • Beginning of boil. This batch of hops will cook the longest, bringing out bitter flavors from the flowers, which is meant to balance out of the sweetness that comes from the malts.
    • Middle of the boil. This is meant to add flavor to the beer (known as wort during the boil).
    • End of the boil. The hops doesn't get cooked much at all, and adds the fresh citrus aroma
  • Cooling: Before the wort can be transferred into the fermenting bucket and yeast gets pitched, the wort must be cooled down from boiling to around 70 degrees (so the yeast can survive). In the past we used an ice bath around the pot. This took a very long time (several hours). Not only does this make things take longer, it also gives a larger window for bacteria to accumulate in the beer. This time around, we used a wort chiller Shane bought at a garage sale, and got the wort cooled in less than 30 minutes.
  • Transfer and pitch yeast: Once cooled, we siphoned the wort from the pot into a fermenting vessel. Ours is a plastic, seal-able bucket with a temperature indicator on the side. We then pitched the yeast, stirred, and sealed the container.
Three weeks later, we bottled the beer after mixing in some priming sugar, indented to feed the yeast and get it working again, which creates the carbonation in the beer. Now that's left is to sit and wait for it to condition. It should be ready to try in a few weeks!

Indiana Dunes S24O

I packed up my camping gear again to do a Saturday-Sunday overnight at Dunewood campground. (70 miles each way). Funny story, I snapped off my right pedal 4 miles away from the campground, was able to call a bike shop and convince them to stay open 30 minutes late so I could drag my crap back 2 miles to get them replaced. 

Anyways, enjoy the pictures.






Apparently, the town of Beverly Shores, IN is famous for its "Neck Tie 5k" race.

 The Dunewood campground has a section of walk-in only sites. Great for a biker looking to get a little more seclusion.









Monday, May 21, 2012

Masking Arbitrary Properties in JBoss

JBoss (AS and EAP) Provides various ways of masking or encrypting plain text passwords so as to hide them, not only from attackers, but also from employees who may have read access to a box. Unfortunately, many of these masking solutions are very specific to a certain password or configuration item, and are not widely applicable. Furthermore, many of the masking or encryption techniques, at some level, depend on having static encryption keys or passwords stored in java classes. As JBoss is open source, it would not be difficult to locate the java file containing the key, and use that to decrypt the password.
While I have yet to see a solution to this that I love, I did come across a method that is both widely applicable, and simple enough that I was able to customize it for some added security (here). This method involves a jboss service (SAR) that is used to encrypt the properties (via a command line call) and then decrypt them and load them in memory once it gets deployed to jboss.
NOTE: This method comes from the community and is NOT recommended, nor supported by Red Hat. If you are using AS, feel free to use this method for whatever passwords/properties you would like. If you are using EAP (paying for support) I would recommend using the officially recommended methods from the Red Hat docs, where available.
First, let's take a look at the java code:
public class EncryptSystemPropertiesService implements
  EncryptSystemPropertiesServiceMBean {

 private Logger log = Logger.getLogger(this.getClass());
 private String encryptedSystemPropertiesFilename;
 private String encryptionKeyFilename;
 private static String encryptionKey;
 
 public static void main(String[] args) throws Exception {
  if(args.length < 2) {
   System.err.println("Usage:  java org.jboss.example.EncryptSystemPropertiesService [encryption key] [string to encode]");
   System.exit(0);
  }
  System.out.println(encode(args[0], args[1]));
 }

 public void start() {
  log.info("Starting EncryptSystemPropertiesService");
  loadEncryptionKey();
  loadSystemProperties();
 }

 public void stop() {
  log.info("Stopping EncryptSystemPropertiesService");
 }
 
 // GETTERS and SETTERS omitted

 private void loadEncryptionKey() {
  log.info("Loading system properties from: " + encryptionKeyFilename);
  
  File file = null;
  
  try {
   // This will look for the filename in the
   // $JBOSS_HOME/server//conf/ directory
   URL url = this.getClass().getClassLoader().getResource(encryptionKeyFilename);

   // Load the properties
   file = new File(url.getPath());
   Properties properties = new Properties();
   InputStream is = new FileInputStream(file);
   properties.load(is);

   // Get encryption key from temporary properties file
   setEncryptionKey(properties.getProperty("encryption-key"));
  } catch (Exception e) {
   if(file == null) {
    log.error("Failed to loadEncryptionKey for: " + encryptionKeyFilename, e);
   } else {
    log.error("Failed to loadEncryptionKey for: " + file.getAbsolutePath(), e);
   }
  }
 }


 private void loadSystemProperties() {
  log.info("Loading system properties from: " + encryptedSystemPropertiesFilename);
  
  File file = null;
  
  try {
   // This will look for the filename in the
   // $JBOSS_HOME/server//conf/ directory
   URL url = this.getClass().getClassLoader().getResource(encryptedSystemPropertiesFilename);

   // Load the properties
   file = new File(url.getPath());
   Properties properties = new Properties();
   InputStream is = new FileInputStream(file);
   properties.load(is);

   // Loop though the properties in the file and decrypt the values
   for (Enumeration e = properties.propertyNames(); e
     .hasMoreElements();) {
    String key = (String) e.nextElement();
    String encryptedValue = properties.getProperty(key);
    String value = decode(encryptedValue);

    // Set the decrypted value in the System properties
    System.setProperty(key, value);
   }
  } catch (Exception e) {
   if(file == null) {
    log.error("Failed to loadSystemProperties for: " + encryptedSystemPropertiesFilename, e);
   } else {
    log.error("Failed to loadSystemProperties for: " + file.getAbsolutePath(), e);
   }
  }
 }

 private static String decode(String secret) throws Exception {
  byte[] kbytes = getEncryptionKey().getBytes();
  SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish");
  BigInteger n = new BigInteger(secret, 16);
  byte[] encoding = n.toByteArray();
  Cipher cipher = Cipher.getInstance("Blowfish");
  cipher.init(Cipher.DECRYPT_MODE, key);
  byte[] decode = cipher.doFinal(encoding);
  return new String(decode);
 }

 private static String encode(String salt, String secret) throws Exception {
  byte[] kbytes = salt.getBytes();
  SecretKeySpec key = new SecretKeySpec(kbytes, "Blowfish");
  Cipher cipher = Cipher.getInstance("Blowfish");
  cipher.init(Cipher.ENCRYPT_MODE, key);
  byte[] encoding = cipher.doFinal(secret.getBytes());
  BigInteger n = new BigInteger(encoding);
  return n.toString(16);
 }

}
This code provides two functions. The first is to provide a command line method for encrypting a password:
java -cp $JBOSS_HOME/lib/log4j.jar:./EncryptSystemPropertiesService.sar org.jboss.example.EncryptSystemPropertiesService myEncryptionKey myProperty
The second is to provide a JBoss service that, on startup, decrypts the properties, and loads them into memory. This is assuming they have been entered into a properties file called $JBOSS_HOME/server/$PROFILE/conf/encrypted-properties.properties and the encryption key is saved to $JBOSS_HOME/server$PROFILE/conf/.encryption-key.properties. These filenames are defined in jboss-service.xml.
Now, despite the fact that we have avoided ever displaying our sensitive properties in plain text, we still store the encryption key. While this does add an extra layer of obscurity, it may not be enough of a deterent for more highly secure application. So, to add another layer of security, I have automated this entire process via a script that does the following:

  1. Generate the encrypted properties
  2. Write encrypted properties and encryption key to their respective properties files
  3. Start JBoss
  4. Query for our encryption service to start (via twiddle)
  5. Delete both properties files once we know that they have been loaded into memory.

Here is the script:

#!/bin/bash

#-----------------------------------------------------------------------#
#   Custom JBoss Run Script    #
#-----------------------------------------------------------------------#

# Takes the following arguments:
# ./jbossRun.sh [encryption key] [truststore-password]

#Properties
JBOSS_HOME='/home/eric/appservers/jboss-eap-5.1/jboss-as'
PROFILE="default"

if [ $# -ne "6" ]; then
 echo "Syntax: ./jbossRun.sh [encryption key] [property-name] [property-value] [username] [password] [server hostname]"
 exit
fi

echo "Starting..."

ENCRYPTION_KEY=$1

PROPERTY_NAME=$2

PROPERTY_VALUE=$3

USERNAME=$4

PASSWORD=$5

SERVER_HOST=$6

ENC_PROPERTY_VALUE=`java -cp $JBOSS_HOME/common/lib/log4j.jar:$JBOSS_HOME/server/$PROFILE/deploy/EncryptSystemPropertiesService.sar org.jboss.example.EncryptSystemPropertiesService $ENCRYPTION_KEY $PROPERTY_VALUE`

# Create file containing keystore password system variable

echo "$PROPERTY_NAME=$ENC_PROPERTY_VALUE" > $JBOSS_HOME/server/$PROFILE/conf/encrypted-properties.properties

# Create temporary file containing encryption key

echo "encryption-key=$ENCRYPTION_KEY" > $JBOSS_HOME/server/$PROFILE/conf/.encryption-key.properties

#ls -a $JBOSS_HOME/server/$PROFILE/conf/
#echo

$JBOSS_HOME/bin/run.sh &

sleep 4

breaker=0

while [ $breaker -eq 0 ]; do
 sleep 1
 results=`$JBOSS_HOME/bin/twiddle.sh -s $SERVER_HOST -u $USERNAME -p $PASSWORD query EncryptSystemProperties:service=EncryptSystemProperties`
 if [ "$results" == "EncryptSystemProperties:service=EncryptSystemProperties" ]; then
  breaker=1
 fi
done

rm $JBOSS_HOME/server/$PROFILE/conf/.encryption-key.properties
rm $JBOSS_HOME/server/$PROFILE/conf/encrypted-properties.properties

#ls -a $JBOSS_HOME/server/$PROFILE/conf/
#echo

echo "JBoss Started Securely"
Now our properties have been loaded into memory, having only existed in readable form for a few seconds.
EcnryptSystemPropertiesService
JBoss Run Script

Often times, I work on several development projects at the same time, each of which requires different libraries, databases, servers, etc. Back in the "old days," I would spend hours getting my OS, IDE, and other development tools all set up exactly the way that I liked it for the project I was working on. Once it was over, I found it too tedious to undo all of those changes, so I left them while I added more configurations to my next project. After three or four projects, I started to run into conflicts, and eventually would get so frustrated that I wiped my hard drive and did a clean OS install. When it got to the point of doing a clean wipe once every month or two, I decided I needed a different solution.

I now use virtual machines to create separate, isolated environments for my various development projects. I have even created a simple base environment configured with the basic development essentials (ubuntu, jdk, eclipse IDE) that I clone each time I start a new project. I am going to walk through the steps I have taken to create this system. This method will work on any operating system.

What you will need:

VirtualBox - PC virtualization software. Supports most operating systems (Windows, OSX, many Linux distros)
Download and installation instructions are at www.virtualbox.org
ISO for Ubuntu, or other OS. I will use Ubuntu because its free to download and use, and makes for a simple, easy to use development environment
For this walk through, I will set up a Web Development environment for developing PHP web applications.

Initial VM Install


  • Install VirtualBox. I am not going to give installation instructions, as the website has very clear instructions specific to your OS.
  • Open VirtualBox, select "New," and hit "Next" to begin the Create VM Wizard.
  • Name your VM. This is the base environment that I will clone for individual projects, so I am calling mine "Base Install."
  • Select the operation system and version and hit next. My selections would be "Linux"->"Ubuntu". "Next"
  • Select memory size. You will want at least 1 GB, but do not go over half of your total system memory. "Next"
  • Create a new virtual disk. Choose Dynamically Expanding Storage, and give it at least 10 GB.
  • After selecting your Virtual Disk, click Finish.
  • Select your new VM, and double-click "Storage."
  • Select the "Add CD/DVD Device" icon and point the wizard to the ISO for the OS you are setting up.
  • Now that everything is set up, Start your VM, and follow the instructions to get your OS installed.
  • Once the base install is complete, go ahead and install any software or tools that you expect would be common to all of your project setups. I installed the Sun Java6 JDK and Eclipse with the Subversion plugin.

Cloning a VM for a Project

...to be continued...

Bike Camping to Illinois Beach

I recently decided that I wanted to start getting more use out of my bike. I've been commuting to and from work every day for several months now, which has allowed me to not only get used to putting in significant miles, but also to get to know my bike a little better. I decided it was time to take the next step -- longer distance overnight trips.

Preparation

Illinois Beach State Park seemed a decent place to start; about 40 miles north of home, and the route is largely on designated bike paths. The nice thing about this trip was that it didn't take a whole lot pf preparation, as it was only one night, less than 24 hours total, and only required that we planned for two meals. I got a lot of tips talking to a few people I know who have done this before, as well as some knowledgeable people at REI, as well as the article I reference at the end of this post.
Here's the packing list:
  • Tent: 3 person ultralight from Alps Mountaineering (6 lbs.)
  • 6 x 8 ft. tarp, for tent footprint
  • Sleeping bag (2.5 lbs)
  • Stove: MSR pocket rocket + 8oz isopro canister
  • Cooking/Eating: MSR portable 1.6L lightweight pot, aluminum bowl, aluminum mug, collapsable knife/fork/spoon.
  • Toiletries: toothbrush, toothpaste, deodorant... the bare minimum. Also, packed some toilet paper, unrolled in a plastic sandwich bag. Turned out to be essential!
  • Clothes: again, not much. clean tshirt, something with long sleeves for the evening.
  • Tools: whatever I needed to change and a tire tube, plus hex key multitool, patch kit, duct tape, matches.
  • Water: 1 bike bottle plus a 32 oz nalgene.
  • Food: 1 dinner (tortellini, sauce, packaged salmon), 1 breakfast (oatmeal, dried fruit, mangos, tea), one spare light meal, just in case (dry chicken soup mix, can of chicken), snacks for riding (cliff bars, trail mix, etc.). 

Once all packed up, everything fit nicely into my two Ortleib Backroller panniers, with room to spare (except the tent, which I strapped on top of my rack with a bungee cord). Total weight on my rack was about 35 lbs.


The Trip

We got off to a rough start on Saturday morning. We left two hours late and had to make several stops for extra tubes as my friend got 3 flats in the first 10 miles. Once we finally worked out the kinks, the second half of the trip was very smooth, making the second 20 miles in less than 2 hours. We rolled onto our site around 5 pm, set up camp and made dinner. The food we brought could have actually fed three people comfortably, so we got to sleep extra full. After dinner we explored the park a bit. Illinois Beach is not the most scenic state park, adjacent to an out of commission nuclear reactor of some kind, but the area near our site was very nice and wooded.

The ride back was BRUTAL. It was 90 degrees with a hefty breeze in our faces. However, we had far fewer incidents, only having to stop once to swap a tube. Despite the conditions, we ended up making it back home sub 4.5 hours.

Lessons Learned


  • Normally I would have brought an inflatable sleeping pad on a trip like this, but my pad had been punchured beyond repair. I opted not to replace it immediately, as the one I wanted wasn't going to be able to be shipped in time and it was "just one night". Just so that I can look back at this and remind myself, I WILL NOT MAKE THAT MISTAKE AGAIN. I woke up with terrible back nad neck aches, which made the first half of the ride home very uncomfortable. Before my next trip, I will be purchasing this Big Agnes Inflatable Air Core pad. I think I will also invest in an inflatable pillow, but haven't done my research yet.
  • I will be making a few upgrades to the bike before my next long ride. The first is more hearty tires. My current ones, while new, are not terribly high quality and really only built for smooth roads. Many of the area bike paths include stretches of cruched limestone (about 15 miles of our route) and those that are paved are not in the best shape. I lost a chunk of my back tire on the ride home, which also meant a tube change. Luckily it wasn't so large that it prevented me from getting home. I will also be upgrading to a sturdier back rack than the no name used one I purchased several months ago.

History of Beards

Not much to say here. This just needs to be shared.

http://imgur.com/yjg8v