December 2014
M T W T F S S
« Mar    
1234567
891011121314
15161718192021
22232425262728
293031  

Knots

Carrick Bend

Carrick Bend

I’ve always got a list of things I want to learn and last month learning to tie knots was selected at random. So I dragged my buddy Jeff to the local hardware store and bought two 4′ lengths of nylon rope. Since I knew nothing about knots I googled “best knots to learn” or “most important knots” or probably both of those and after removing duplicates, came up with this list:

  1. Bowline Knot – the king of all knots, makes a secure loop and is easy to tie.
  2. Figure 8 Follow Through – easy to tie and verify, favorite of climbers.
  3. Slip Knot/Noose Knot – same knot just tied two ways, slipknot for a stopper and noose knot for a, well, noose.
  4. Square Knot (Reef Knot) – great for bandages and garbage bags, just don’t use it to join ropes (it capsizes easily).
  5. Blake’s Hitch – a climbing knot that you can slide up and down another rope as long as you remove tension.
  6. Rolling Hitch – if I get a horse I can use this knot to tie him up somewhere.
  7. Trucker’s Hitch – if you don’t have ratchet straps this will do the trick, a must-know for cinching down a load.
  8. Buntline Hitch – a hitch that stays secure even if it’s been yanked in different directions.
  9. Sheet Bend – a simple knot for combining two ropes of different thicknesses.
  10. Carrick Bend – another knot for combining two lines especially if they’re not that pliable (e.g., chain).

All the learning above and below happened at Animated Knots dot Com. Check ‘em out.

Once I’d learned those I was on a roll and went on to learn the Figure 8, Alpine Butterfly Loop, Round Turn and Two Half Hitches, Barrel Hitch, Sheepshank, Timber Hitch, Handcuff Knot, Directional Figure 8 Loop, Underwriter’s (Electrician’s) Knot, Spanish Bowline Knot, Mooring Hitch, Double Fisherman’s Bend, Running Bowline, Bowline on a Bight, Tautline Hitch, and the Poacher’s Knot.

2014-03-11 13.09.21Whew, okay. Lots of knots and so far aside from busying my hands while binge watching TV shows I hadn’t had an opportunity to try any of them aside from tying off trash bags with a solid Reef Knot (very cool, though). Then we had to pick up a king-sized bed across town and had to tie it to the roof of the Pilot. That didn’t go as well as it could have.

Tying knots when they’re laying out in front of you is much different than having to do it after they’ve been looped through something a foot over your head. First you have to tie them upside down, and second I had the folks from whom we picked up the bed watching me fumble with the knots. So that didn’t go very well. We wound up driving down the street after hastily wrapping the rope around the bed a few times and re-tied it. Still no fancy knots beyond a bowline and a couple half hitches but we got home with the bed.

2014-03-14 16.44.21Fast forward a few days and we have to put a couple twin-sized box springs and a king-sized frame in the back of the Pilot. The door won’t close so it needs to be tied down. I was able to make it work with a carefully (read: slowly and without someone watching me) tied bowline, a buntline hitch, and a trucker’s hitch. The door stayed closed and didn’t seem to move much while we went around the block to get back to the house.

Next up: learning how to tie the knots I’ve already learned in the direction that makes sense to actually tie them to things.

Because I Love You…

The long-awaited trailer for our wedding video has arrived! Check it out:

http://vimeo.com/84474315

Transformation. Again.

When I met Kayla I was miserable. I was fit but I was miserable. Then we got together, got happy, and ate lots of great food. Add a little travel, a job change, and a complete reboot of my life and that adds up to little deliberate physical activity and a lot of extra calories. My body dutifully stored them away for later, of course. So rather than considering it a total backslide I prefer to think of it a testament to my body’s efficiency in converting extra food to stored energy. That’s the ticket.

转型

Transformation (转型)

The upside is that I know how to lose the weight and we’ve already begun. I’m tracking my meals, eating more frequently, getting enough water, and—the thing that’s always hardest to start—cardio. Until I get some endurance built up I’m starting with the boring 30-45m on the treadmill. From there I’ll move into some classes.

Lifting weights with Jeff has been a huge help and he’s beyond reliable. With a few exceptions, he’s there like clockwork from 3:30 – 3:45 PM doing a warm-up, 3:30 – 5:30 PM lifting weights and then 5:30 until ?? mixing up a little cardio. I’ve started getting there a little early to get 30 minutes of cardio in before weights but it’s just not working. I’m so dead by the time I start on the weights that I’m dragging. I think I’m going to have to bite the bullet and do the cardio afterward. Even though crawling to my car after the last set sounds like more fun I think that I can still get some effective cardio in without dragging too badly after the weights are done.

It’s time to load up the Kindle with something to watch so I can get through treadmill purgatory.

Welcome Harper Klassen!

Harper and Walter Chilling

Harper and Walter Chilling

Kayla and I have been all about the cats. We’d been talking about rescuing a dog from the shelter but yesterday we finally went over there and picked out Harper (formerly “Kacey”)! She’s a Chihuahua/Dachshund mix and she couldn’t be more adorable. Of course as soon as we got her home we realized how little we knew so we took turns researching and playing with her. Right now she’s sleeping in Kayla’s lap while she surfs the Internets.

Update 01/04/2014: Mornings are definitely a whole new experience. Her battery is charged to 125% and she is ready to go. From the moment I let her loose she’s bouncing off the walls. I get her leash on her and get her outside before she pees all over the place. A half hour later Kayla wakes up and takes over for a bit while I hit the store for cat food, and doggy & kitty treats.

I Can Breathe Now

Kayla in the Parking Garage at OHSU

Kayla in the Parking Garage at OHSU

Kayla’s scan was clean! She’s now officially in remission. Whew, now that we’ve covered that…

She’s always been the pessimist realist in our relationship and that’s good for things like budgeting, planning vacations, and other adult things. I balance that out with my head-in-the-sand optimistic outlook on things. That worked from the time that we found out there were suspect lesions on her CT scan until the morning of her PET scan to tell us if the next 6 months were going to be puppies and rainbows or chemo and stem cell transplants. I had my own mini meltdown and our dear friend Katie Huston swooped in on the virtual scene like CSI: Sacramento to cordon off the area, gather up the pieces, and put me back together again.

It started with her asking: “what’s anxiety look like for you?”

A million thoughts ran through my head: money to pay for everything, freezing eggs to save our biological babies from being irradiated, hospital trips, chemo, nausea, and so many other things I didn’t even know I was worried about until someone asked at the right time. And then suddenly there was a calm. I knew two things: we were going to beat whatever it was that was facing us, and I cared not a bit about anything but her. If we had to sell every possession and live in a one-bedroom apartment I was perfectly okay with that. As long as I had a laptop and an internet connection I could continue to earn and we’d have plenty of cash to feed the doctors until they’d slain whatever was threatening us.

And then Kayla woke up (she’d slept in to avoid being extra hungry during her pre-scan fast) and the armor came back up. I had to be solid for her and I only had to do it long enough to get her from the house to OHSU and into the waiting room for the scan. Then I could crumble again, or do whatever it was my psyche had waiting for me. Katy and Katie (yeah, it’s strange) kept me company via text messages and a scant 2 hours and 15 minutes later Kayla came out of the back room and we were out of there. On the way home she got a call from a 503 number she didn’t recognize and it was Dr. Okada telling her that her scan was normal and the CT had picked up junk that we needn’t be worried about. Then the phone tree was hopping – she called the family and let them know that the scare was over and that they could look forward to babies. =)

Le sigh.

Quick Update on Us

Klassen Wedding 2013-11-02 21.40.37It’s been 56 days since the wedding! We’ve got our pictures back and they look amazing. But mostly because Kayla was in them. Nudge nudge, wink wink.

With the wedding behind us we established with a new oncologist at OHSU. The difference from the last oncologist was night and day. This was meant to be the last scan before the probability of relapse was to drop into the low numbers but a few new (we think) lesions showed up. We’re in watch and wait mode right now until the PET scan on Monday afternoon. Kayla and I are taking turns talking one another out of our respective crazy trees. As long as we avoid climbing up at the same time, we’ll be good. All well wishes, prayers, good thoughts, and extra karma our direction are appreciated. If you want to read more about that Kayla’s keeping up on it with her blog: Owl You Need is Hope.

I haven’t written in a while and the little hater inside convinced me that nothing I wrote would be interesting enough to read. So I’d put it off again and again. Kayla insisted I fire this up, so here I am.

Kayla’s amazing that way.

We were binge-watching episodes of Grey’s Anatomy but with the medical stuff we decided neither of us needed any reminders. We decided to start Sons of Anarchy over from the beginning. As we speak season 3, episode 4 is running. I won’t spoil it for you, but it’s a great show. We can always use other recommendations – we have Hulu Plus and Netflix streaming.

I Now Pronounce You, Man and Wife

kayla-dressThe wedding was absolutely amazing!

The rehearsal and dinner on Thursday night went off without a hitch. Catered BBQ at our house. More about that one soon.

On Friday, the day before the wedding, I got together with my groomsmen for breakfast at Carol’s Corner. From there we headed to PlayLIVE in the Vancouver mall for 4 hours of zombies and other tactical gaming. After that it was some sci-fi goodness, Ender’s Game, at Cinetopia. We rounded it out with some Chinese food in the food court. Yes, we’re party animals.

The morning of the wedding started out with Jerome and I grabbing a semi-healthy breakfast at Burgerville. That’s suitably PNW right? The local burger joint for breakfast? Next we headed over to the tux place to get our stuff and then to the venue. At the venue we were ushered upstairs to stay until it was time for our first look. Kayla looked absolutely beautiful in her dress. I think it was the first time all morning she was able to really take a breath. We posed for some pictures and video and they left us alone for a few minutes before whisking us away to downtown Portland for many more shots.

Our photographers and videographers were excellent but we were so exhausted by the time it was over and we were headed back to the venue again. We posed for a couple more pictures in the stairwell and then it was back upstairs until Jessie called for me.

I knew that I’d be emotional when the vows started, but I didn’t expect it to start the moment I got into the ballroom with my mom on my arm. I looked around (that was probably a mistake) and saw friends and family smiling back at me. Looking up to stop the eyeballs from sweating—totally ineffective. Everyone else filed in behind me while I stood at the front and then the main event: the double doors opened and Kayla was there. She was so beautiful in that dress. I’d spent the afternoon with her but somehow it was like seeing her for the first time. The way the light hit her… I’m so glad we’re going to have video of that. I can’t wait to see it!

Our officiant had invited everyone to put their phones and tablets away and it looked like folks were respecting that. Not an iPhone, Android, or iPad in sight. Nick Marino did his reading and then it was on to the vows. We’d written our own and they were on index cards. It was extra emotional to hear Kayla read hers, but when I got to mine, whoa—it was all over. I got through 1.5 cards before I was so choked up I couldn’t continue. Jerome was a champ, patting me on the back to help me get through it. Like Jeff said later, “when it’s from the heart, it’s gets emotional.” It was just the right kind of emotional.

I knew the ceremony would be great but I wasn’t sure I’d have enough gas by the time the music started to do anything but sit slumped over at the head table. Boy was I wrong. We had just the right combination of family and friends there and the dance floor wasn’t empty once all night. I’d almost forgotten that some of our guests were Zumba instructors. They kept things popping. Of course there was rapping. And some entertaining dancing on my part during the garter toss. Pictures and video to follow.

Thanks again to everyone that came and the folks who celebrated from afar. Now, on to the thank-you cards!

SSL Certs and Keychains

Keychain-Access-iconThe more I work with these Mac Xserve systems, the more I wish that I had at least a rudimentary understanding of the Mac OS. I used one back in the early days but professionally it’s always been some Linux, UNIX, or Windows.

Anyway, the issue of the week was migrating an SSL certificate for a customer’s website to a new Red Hat Enterprise Linux web server. I’d restarted Apache on the Xserve lots of times and was never prompted for a password so I figured the keys either had their passwords stripped out (or never had them). So I copied the key and cert files to the new system and tried to fire up Apache. No good – I was being prompted for a password for the key.

Oh, and the files had odd strings in them:

customers.fqdn.here.F2B946075326B05DECC62B54D0ABB733D6D773DD.key.pem
customers.fqdn.here.F2B946075326B05DECC62B54D0ABB733D6D773DD.cert.pem

I knew that the Xserve uses a Server Admin to orchestrate things like services, the web, firewall, etc. and just assumed it was some unique identifier it used to keep track of websites that had been configured. The httpd site configuration files had similar strings in them.

So at this point I had a key file that required a password and no idea what the password was supposed to be. I went back to the Xserve to poke around and found SSLPassPhrase mentioned several times in a file called ‘servermgr_web_apache2_config.plist’ but no mention of a password anywhere in the file. Finally I asked Kayla (my fiancée and resident Mac expert), “is there somewhere that a Mac stores passwords centrally?” As soon as she told me about Mac’s keychain I started poking around the Xserve’s desktop.

Sure enough, Keychain Access had some interesting entries:

10-11-2013 8-39-23 PM

Notice that the ‘Account’ matches the string used in the files. Once I unlocked the system chain with the same user/pass I use to log into the server’s desktop I was able to show the password (another big string):

10-11-2013 8-43-14 PM

Mystery solved and I’m off to use the password to bring up the key/cert on the new server.

Custom SELinux Port Access

Apple Web Objects

Tonight I was working on a server that’s going to be running an application that uses the Web Objects framework.

For this to work, Apache’s mod_webobjects adapter needs to be able to make a connection to localhost:1085. But since SELinux is dutifully protecting the system by disallowing Apache from opening TCP connections of its own we need to make an adjustment.

type=AVC msg=audit(1370168291.796:35647): avc:  denied  { name_connect } for  pid=1892 comm="httpd" dest=1085 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket

The low-hanging fruit would have been to toggle httpd_can_network_connect to ‘on’ but that would have allowed Apache to connect to any TCP port, not just the one we want. There are more specific SELinux booleans for MySQL and SMTP but we needed something custom that allowed Apache to connect to port 1085 only.

Step 1: Create a New Policy Module

policy_module(apache_proxy_port,1.0.0)

gen_require(`
    type httpd_t;
')

type apache_proxy_port_t;
corenet_port(apache_proxy_port_t)

allow httpd_t apache_proxy_port_t:tcp_socket name_connect;

Step 2: Compile Your Module

Run make in the directory where you created your apache_proxy_port_t.te file. You’ll need to have installed the `selinux-policy` package beforehand though it should be installed by default.

~# make -f /usr/share/selinux/devel/Makefile

Step 3: Set SELinux to Enforcing (Optional)

If your system can remain safe without SELinux enabled for a moment it makes sense to set it to enforcing temporarily while you load and test your new module. You could get locked out of your system if something went awry.

~# setenforce 0

Step 4: Install Your Module & Activate It

One of the files created in step 2 is the apache_proxy_port_t.pp file. Load it up using `semodule`. Both `semodule` and `semanage` come from the policycoreutils package. Warning: this semodule command can take several seconds to complete—don’t panic.

~# semodule -i apache_proxy_port_t.pp
~# semanage port -a -t apache_proxy_port_t -p tcp 1085

You’ll also want to create another mapping for each of your application instances. Run the same command above with the port number changed (i.e., port 2001).

Step 5: Re-Enable Enforcing

If you’re not seeing any violations and things are running as expected, turn enforcement back on.

~# setenforce 1

TL;DR: If you want to allow your freshly-hijacked Apache server to open TCP connections to any port it likes, toggle the SELinux boolen. If not, use the instructions above.

** Thanks to Mr SELinux himself, Dan Walsh, for his 2007 post on policy customization.

Hydration is Key

I know that I feel bad if I don’t drink enough water and I also know that I feel pretty good when I do. The problem is drinking enough water consistently throughout the day instead of this guzzling that happens when I’m not busy and this drought that happens when I am.

So, some calculations. This app (yeah, there’s an app for that) says that at my weight I need 187 oz per day. Incidentally, that drops to 121 oz at my goal weight, so I won’t be urinal-bound forever.

That means, if I’m awake from 4 AM until 9 PM, I have 17 waking hours. I usually start the day with a 20 oz of ice water so that’s my start time. If I stick to even hours: 4, 6, 8, 10, 12, 2, 4, 6, 8 that gives me 9 opportunities to kill that 20 oz tumbler with 7 oz left over. At the gym I’m going to go through at least 2, maybe 3 of those, but I’m fairly certain that 187 number needs to be adjusted with activity. So we’ll just leave that 4-6 AM span at a single 20 oz tumbler.

Easy, right? During the even-numbered hours I need to get at least one 20 oz tumbler down. On the odd-numbered hours I can either be too busy to drink anything or slide a little caffeine in there. Good plan, yes? Alright. Go team go.