I have also enabled SSL with a self-signed cert, so if you're shy about signing in to comment via http, just switch it to https by typing the s in your link bar. And no, I have not found a way to globally change signins to SSL in MT 5.

<Directory> </Directory> 

What this does is make browsers do
TLSv1 DHE-RSA-CAMELLIA256-SHA only.

You can then watch your SSL handshakes fail from IE and Chrome. If you want to require strong encryption across browsers, edit ssl.conf to look like this:

SSLProtocol TLSv1
SSLCipherSuite AES256-SHA

Then you'll have reasonably strong encryption.

First: my ride. On days that I ride (I'm not a 5-day-a-week rider yet), I ride seven miles (mostly downhill) into work in 35 minutes. That same ride home (mostly uphill) takes about 45 minutes. I carry a laptop and a full set of work clothes each way in panniers on a rack.

Overall, the Breezer Uptown 8 is a great bicycle. However, there are some things to nit-pick about, mostly because commuter bicycles are relatively new in the United States. Nobody reviews them because they're not sexy.

First off, the Uptown is comfortable. I ride in an upright position. The seatpost is suspended, and overall it's a pleasure to ride. However, it's not a fast bike. It's got full fenders and a fully-enclosed chaincase. The only place I get splashed in rain is my feet.

The built-in Shimano front hub generator and lights are great. The headlight is pretty bright. I did get a Niterider light because the trail is not lit and pitch black. The rear light connections are weak and the light failed after going over a few bumps. Some new wire fixed that. The generator does add a little drag when it turns itself on. It's great having lights without ever having to worry about a charger or batteries. I have two Planet Bike flashies (one works consisently) mounted on my panniers. That worked out especially well after I wrecked and my black laptop pannier fell off and onto the dark, unlit trail at night.

The stock tires, Schwalbe City, are heavy. I replaced the front with a Conti 1" which works fine. The rear tire I haven't replaced because the rear wheel is a pain to take off. You need to shift to 4th gear, remove the tiny screws in the chaincase, and then use a 15mm wrench. Not something to do on the trail after dark.

You can see photos of my nitpicks here.

I bought the bike at Bikes at Vienna in Vienna, and get some help with maintenance from Griffin Cycle in Bethesda. There's nothing wrong with the service at Bikes at Viennna, it's just that Griffin Cycles is close to home.

That may seem expensive, but it's far cheaper than getting that much server capacity at Rackspace. However, I don't need that much capacity. I can trade processor power for power savings, keep the disk space and RAID card, and switch to an Atom-based server. My current FreePBX Atom server runs at 40 watts with an analog card powering two FXS modules. I bet I can match that on a new server. I'd get the new Supermicro Atom Server, but it has space for only one 3.5 inch hard drive. I need two. Thus I'll be using another miniITX case. In the meantime, everything's running on another old Dell tower box.

How did I move it? First I though reinstalling all the software from scratch would be a good idea. I'd get a nice clean, efficient build. But that took way too long, and I'd have to re-customize my templates and tweaks. I had MySQL backups running for a while, why not start testing the restores? I used rsync:

rsync -avz /var/www/ -e ssh:user@mynewserver /var/www/

Then I restored the databases:

mysql -u root -p

mysql> create database mynewdb

mysql> quit;

$ mysql -u root -p [mynewdb] < [backupfile.sql]

mysql -u root -p

mysql> use mynewdb;

mysql> GRANT ALL PRIVILEGES ON *.* TO 'myuser'@'localhost' 

IDENTIFIED BY 'pAssW0rd' WITH GRANT OPTION;

mysql> flush privileges;

mysql> quit;

Then double check that the user and pass from above match your config files.

Finally, test your applications. Gallery2 and MovableType worked fine. Your milage may vary. My office is almost silent now.

Theoretically, Bluecoat logfiles are the same as W3C web server log files that logparser can consume via the -i:W3C directive.

You can see the fields in a Bluecoat log below.

#Fields: date time time-taken c-ip cs-username cs-auth-group x-exception-id sc-filter-result cs-categories cs(Referer) sc-status s-action cs-method rs(Content-Type) cs-uri-scheme cs-host cs-uri-port cs-uri-path cs-uri-query cs-uri-extension cs(User-Agent) s-ip sc-bytes cs-bytes x-virus-id

For some reason, Bluecoat leaves two spaces between cs(Referrer) and sc-Status, so all the columns to the right of sc(Referrer) past that will be one off. BlueCoat also leaves spaces in cs-categories and surrounds them with quotation marks, so you need to specify -dQuotes:on. Logparser doesn't have a quick and easy way to handle the double-spaces issue, so I wrote a VB Script to handle it. (VBScript is pretty quick at text handling and it's much faster than using search and replace in WordPad or Notepad on a 500-1000 MB File.)

Here's the VBScript:
'start

Set objFSO = CreateObject("Scripting.FileSystemObject")
'change this line to wherever you want to read the input from.
Set objTextFile = objFSO.OpenTextFile("c:\myBluecoatlog.log",1)
Set objNewFile = objFSO.CreateTextFile("c:\myCleanBlueCoatlog.log")
Do Until objTextFile.AtEndOfStream

myString = objTextFile.Readline
objNewFile.WriteLine(Replace (myString, " ", " "))
Loop
'end vbscript
Here's the logparser file:
-------------------start
SELECT TO_LOCALTIME(TO_TIMESTAMP(date, time)) AS date,
time-taken,
c-ip,
cs-username,
cs-auth-group,
x-exception-id,
sc-filter-result,
cs-categories,
cs(Referer) AS Referer,
sc-status AS scStatus,
s-action,
cs-method,
rs(Content-Type) AS ContentType,
cs-uri-scheme,
cs-host,
cs-uri-port,
cs-uri-path,
cs-uri-query,
cs-uri-extension,
cs(User-Agent) AS UserAgent,
s-ip,
sc-bytes,
cs-bytes,
x-virus-id

INTO BlueCoat4
FROM c:\myCleanBlueCoatlog.log
------------------end
And here's the command line for logparser. (Save the logparser file as c:\scripts\log\bluecoat.sql)

logparser file:c:\scripts\log\bluecoat.sql -i:W3C -o:SQL -server:sqlservername -database:BLUECOAT -createtable:ON -dQuotes:ON

Statistics:
-----------

Elements processed: 613076
Elements output: 613076
Execution time: 241.20 seconds (00:04:1.20)
About 2500 lines/sec. Processor utilization is almost zero for SQL and logparser, so it's all about disk time.

The above is from a file that's 310,935,417 bytes large. That means BlueCoat logs are about 507 bytes per line, or 0.5k per line before compression. The last time I checked BlueCoat gz compression, it was about 15% of the original file size. Compressed, the line would cost you 76 bytes.

1. ./configure --help (Always look at the help to see the options. It makes a difference if, for instance, you compile php without support for MySQL.)


2. ./configure


3. make


4. make install

However, with Darkice, it's prerequisites are numerous, and Darkice's configure doesn't find it's prereqs if they're installed in the standard locations. I've done this twice so far without documenting how I did it, so this time, I'm writing it down.

Here's my configure line:
./configure --with-vorbis-prefix=/usr/local/ --with-lame-prefix=/usr/local/lib/ --with-twolame=prefix=/usr/local/lib/ --with-faac-prefix=/usr/local/lib/

Then you'll get this when you launch darkice:
darkice: error while loading shared libraries: libmp3lame.so.0: cannot open shared object file: No such file or directory

So you need to link that, and when you link that you'll get the next error, so here are both:
ln -s /usr/local/lib/libmp3lame.so.0 /usr/lib/libmp3lame.so.0
ln -s /usr/local/lib/libfaac.so.0 /usr/lib/libfaac.so.0.
If you're wondering what links you're missing, try
ldd /usr/local/bin/darkice
If one of the links to the libraries reads "missing" then that's the one you need to link.

Yum install darkice might work for you, but then again, if you need all the features, it probably won't.
Prereq links are below. Generally ./configure, make, make install works well with all of them, but you really want to track exactly where each lib gets installed -- usually /usr/local/lib/.
Lame
Twolame
libogg
libvorbis
faac

Preqrequisite for faac or twolame -- I forget which:
libsndfile
Prereqs I didn't neeed:
Alsa
Jack

Yes, I'm using google as a verb. If you Google me and click on one of my pages, my web server logs the information:
1.2.3.4 - - [01/Oct/2009:10:23:41 -0400] "GET / HTTP/1.1" 200 7186 "http://www.google.com/search?hl=en&source=hp&q=larry+s&aq=f&aqi=g10&oq=&fp=7d15299a959dbb33" "Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3 (.NET CLR 3.5.30729)"

As you can see, I get your IP address, a date, an offset to Universal Time (-0400), a verb (GET, in this case / means my default site page), a status code (200=OK), and a referrer. From the referrer, I can tell you Googled me with the phrase "larry s". Finally, I also get some information about the browser you used, Firefox, and the operating system, Windows XP with service pack 2. There's a chance you may have used a anonymizing proxy, but I'd still get an entry. (Generally, Anonymizer says "TuringOS," so I know it's them.)

Case 2: You Google me and don't click on my page.

That's more difficult but not impossible, because I have a Google AdWords account. I bought my own name as a keyword. Google AdWords works by selling keywords for search insertion. It's an open market, with the second-highest bidder winning in a dutch auction that is Google's revenue machine. When you buy a keyword, you get two measures back from Google:

1. how many impressions it got (viewing)


2. how many clickthroughs it got. (someone clicks on the ad)

And that's how I know that you Googled me. If you're wondering if you've been Googled, but don't have a web site with logs you can comb through, or don't want to set up a Google AdWords account, try Google's external keyword tool. Just don't forget to un-check the synonyms box.

Why doesn't Google have a Cybersecurity graphic? Online providers don't want you to think about security. Banks don't want you to think about online security. If you thought about security when you signed up for online banking, you might not do it. Without the regulatory agencies, the banks would leave you liable for all losses -- event those caused by the bank's own security lapses, as happened in the UK.

A banking-industry consultant at the same conference said two striking things:

1. Bank marketers fought tooth and nail against FFIEC regulations requiring two-factor authentication for online banking logons. (That means you need your password AND something else to log on.) Banking marketers want to make easy for you (or a hacker) to log on and transfer funds.


2. Banking customer service representatives are just as dumb as the customers when it comes to online security.

If your bank account gets hacked, your bank isn't going to be of much help. They might get some money back, but in most cases, they won't. Your money's gone. The same goes for any other account of yours that gets hacked, whether it's Facebook, GMail, or Yahoo. Nobody's going to help you much.

So take the time now to do a few things to ensure your online security.

1. Use antivirus and make sure it's up to date. If you're on Windows, there are several free antivirus packages available, such as Microsoft Security Essentials , Avast , and Avira . Password-stealing viruses infect computers every day. If you want to tweak out on antivirus effectiveness comparisons, go here.


2. Patch your computer. It doesn't matter if you're windows, mac, unix, linux or bsd. Patch.


3. Change your banking password. Change your email password, because all your password resets go there. Change your security questions, because those reset your passwords. If you're using the same password from college, and your college system gets hacked and reveals your password, then they will find your other accounts.


4. Realize that you are a hundred times more likely to fall for a phishing email than you are to click on an online ad. (Phishing emails are now so common that you might get one that coincides with a recent transaction, making you think it's real.) Now that banks have increased their online security, the hackers are targeting you -- the soft spot.


5. Also realize there are are now office buildings full of professional hackers working in shifts trying to get to your money. (Another panelist, Chris Roberts, talked about research he had done observing the building in an unnamed country in Eastern Europe. Some of his work is available on McAfee's hacker-commerce site.)


6. Don't use unsecured wireless networks. Secure your home wireless network. (Replace WEP encryption with WPA or WPA2.)
   

Catches:
1) You need to use their client.
2) Their client doesn't run on Windows Server or Linux -- just WinXP, Vista, and Macintosh. (Even if you run the installer in XP compatible mode on Windows server, it still doesn't install.)
3) The $5/month is for one computer, not all the computers in my house.
4) rsync doens't work with Windows/samba shares. (You may, however, be able to get rsync to work to a Macintosh. I haven't tested yet.) (Update below: you can install an NFS server onto WindowsXP/Vista to get rsync to work, or you could do it from Windows via an SSH rsync script.)

Solution: I installed it on a Vista workstation, created a share, and copied the few things I really need backed up to it. I also wrote scripts to transfer my PBX backups to my backup and log host and then copy the files from the backup server to the windows share via smbclient. I'll skip the part about configuring password-less logins for SSH via ssh-keygen keys, as well as the kinit for logging into windows via smbclient. (I also never was able to mount.cifs via kinit, just smbclient.)

So what happened when I tried to back up 15 GB on my Vista box to Backblaze? Not much -- the files just transferred. iPod library -- check. Photos -- check. My mrtg indicated that bandwidth increased to about 310 kbps for four days. I was still able to make phone calls via my SIP trunk to vitelity with no problems. (g729 to my SIP provider and alaw to my friends' PBX servers via IPSec VPN.)

Bandwidth used:
`Weekly' Graph (30 Minute Average)

Max Average Current
In 501.9 kb/s (0.5%) 56.4 kb/s (0.1%) 47.9 kb/s (0.0%)
Out 1360.2 kb/s (1.4%) 168.6 kb/s (0.2%) 29.3 kb/s (0.0%)

Security comments: Backblaze says it encrypts files, but doesn't offer details on the algorithm or implementation. (e.g AES-CBC, etc.) Backblaze does offer you the option of using a private key, so that only you (assuming you don't forget the key) can access your files.

My advice: If it needs to stay secure, encrypt the files yourself before they hit the local hard disk. You can even do a loopback mount (Super-awesome tutorial there) to an AES-encrypted file on a samba share, and rsync will work, but the whole file will change, requiring it all to be sent to Backblaze.

Update: You can use rsync to get your Linux/BSD/Unix files over to your windows box, but you'll need to install an NFS Server on your windows box. You could also use Microsoft's Services for Unix, but it's easier just using the Allegro server.

WARNING: You should not pay more than $100 for the x500 through x2500. They're end-of-life. And don't let anyone confuse an even older, 2RU model, with the x-series.

What's the hardware? (Boot console text here, photos here.) It's a 1.2 GHz Celeron processor, 256 MB of PC133 RAM, a SanDisk 64MB "Industrial Grade" compact flash card, an Intel Motherboard with six RealTek (!) LAN ports. There's a serial port, two fans, a PCI slot, and a mini-PCI slot occupied by a SafeNet SafeXcel 1141 v.1.1 card. Unfortunately, the SafeXcel 1141 is not supported in FreeBSD even thought the boot shows that it found something. (Maybe OpenBSD...)

Just to be sure, I did the OpenSSL speed check from the Watchguard's console after I installed pfSense.

Firebox Xseries, SafeNet 1141 v1.1 installed:
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 26917.66k 27987.75k 28248.74k 28359.04k 28376.05k
aes-192 cbc 22900.88k 23917.93k 24122.93k 24210.67k 24213.70k
aes-256 cbc 20624.38k 21210.58k 21364.18k 21430.52k 21439.17k

Firebox Xseries, Safenet removed:
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 26924.00k 27986.35k 28249.58k 28358.33k 28374.19k
aes-192 cbc 22911.56k 23924.39k 24126.03k 24212.23k 24220.05k
aes-256 cbc 20624.28k 21211.41k 21360.39k 21429.22k 21439.88k

While there's no difference, it blows away my Alix 2d3 Board with the Soekris mini-PCI HiFn 7955 card. This is
what I'm currently running pfSense on. To be fair, it was still live and sending 310k/sec to Backblaze, but that's another story.

Alix board w/Soekris VPN Card:
The 'numbers' are in 1000s of bytes per second processed.
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 5186.19k 5310.60k 5423.67k 5473.56k 5487.10k
aes-192 cbc 4548.62k 4671.94k 4780.79k 4802.54k 4801.88k
aes-256 cbc 4117.25k 4157.12k 4243.48k 4263.61k 4257.15k

Finally, some commentary on the original Watchguard Firebox series:
I used one of these at a former client's main site. The user interface was great, and it offered superb logging and even offered a realtime view of connections that I have seen no-one duplicate since. That much let me identify info leak attempts in real time, because I did not leave all outbound ports open.

However, Watchguard included the encryption acceleration hardware, but didn't let you use it without an additional licen$e. pfSense is free.

I bought another Radio Shack antenna -- this time the "Outdoor HTDV Antenna," SKU number 15-2152 with the last money left on my two-year-old Radio Shack gift card. Since it was a huge, 80-something-inch antenna, it must receive better, right? I mounted it in my attic, two floors above the indoor rabbit ears, and hooked it up via quad-shield RG58. Excitedly, I ran back down to my man-cave and scanned through the channels again.

At first, I lost channels 4, 26, and 32. After minor direction adjustments, I received all previous channels as well as 23 (analog), 25 (analog), 30, 47 and 66. While there's nothing I'm going to be watching on channel 66, I definitely receive more stations than before. Best of all, the new stations are free, so I'm one step closer to eliminating my cable bill.

If you can run a cable to your attic, and you have a traditional, non-steel roof (like the asphalt shingle here), then you can mount your antenna there. I'm not about to distract from the beauty of my Icom Discone mounted on my chimney with a cheap aluminum TV antenna. And that antenna is cheap and I got aluminum dust all over my hands assembling it. Since it's going to stay in a corner of my attic, I don't mind. If you're looking for the 15-2152 antenna on Radio Shack's site, it's gone. It was discontinued and cheap to buy.

Finally, matching airports to AWOS increases the complexity. I had hoped to write a simple script that does text manipulation for all KML files -- one script altering one FAA text file to produce one KML file. As with the Special Use Airspace, however, there wasn't a good way to do it without using a database and relations.

Find them in the KML archive.