Sunday
Sadly, Grace and I actually missed recording a podcast on Sunday. Here’s what happened instead. After another bad night’s sleep, I got up and cooked a pan of bacon, then pancakes. We are trying to stay off the carbs, so Grace and I ate a couple of fried eggs instead of pancakes.
Internet filtering has become an urgent problem to solve; we have given up on trying to use some sort of honor system to keep our kids from wasting all their time online. I settled on trying to set up a proxy server. I was hoping to do this using a Raspberry Pi, so I went to Target in the hopes of buying a Kano kit, which runs Raspbian, and would (I think) let me just plug it in and set up the squid proxy server from the command line. Although the Kano web site suggested Target was the nearest store to carry the things, Target didn’t have any Kano kits. So I came home and decided to bite the bullet and just set up my old server PC. It’s a homemade box with a Xeon processor that I assembled in 2010 to use as a software build server, back when I was working for Lectronix. I haven’t used it for very much since I decommissioned it a few years back. Years ago, I experimented with a couple different versions of Linux but never wound up using it on a daily basis.
So I first opened it up, and used an air duster to blow some dust out of the box. It’s not as clean as I’d like it, but at least it doesn’t look like one of the cat hair- and grease-filled machines one sees on the tech support gore subreddit. I wiped the boot SSD and installed the latest Debian Linux, then installed squid. That was quick except that Debian still makes you do some confusing hand-configuration to get sudo working. Then I was getting errors about the Cinnamon desktop running in software rendering mode, so I switched to Xfce. (I don’t really care much about the desktop environment on this machine, since mostly I’m just running terminal windows).
Then I had to start working out exactly how to configure our router, running a build of OpenWRT, and how to configure squid. I gave the PC a wired Ethernet connection to the router, and configured the router to give the PC a fixed IP address (and even that pretty simple thing took some confusion and several tries, since I’m not really familiar with some of the quirks of the OpenWRT web interface).
Then I struggled for a while with the squid configuration file. I tried following several very simple tutorials, but apparently squid defaults and configuration file syntax have changed repeatedly over the years, so several of the basic tutorials I found including this one just didn’t work, and squid’s error messages aren’t always very helpful. The configuration examples in the squid documentation are generally for making it do things that are far more complex than what I’m trying to do, while the documentation is not all that helpful. The documentation page on ACLs just says:
acl aclname src ip-address/mask ... # clients IP address [fast]
acl aclname src addr1-addr2/mask ... # range of addresses [fast]It’s almost working. The whitelist works, but when I combine the whitelist functionality with the IP address functionality, it blocks all the machines. I think maybe it’’s been so long since I’ve done this sort of thing that I forgot how subnet masks work, and I was trying to specify a wildcard mask instead. But reading a little more, it looks like squid also allows CIDR notation even though this is not mentioned in the documentation. So I will try that, as it should be unambiguous. That may just fix the problem.
There’s a bigger problem, which is that with this setup, the Windows 7 machines have to be configured to use the proxy server, and that setting isn’t locked down. In Windows 7, the proxy server is a Windows setting. Chrome honors it, but other browsers like Firefox use their own setting. So I’ll need to do something else to configure the router somehow so these machines can only access web sites via the proxy server. I’m not quite sure how to do that. I know I can make access rules that apply to these specific machines by MAC address. I know I can probably block ports, or maybe forward ports. But I’m not sure if this will be sufficient to really lock them down. My kids are pretty smart and I wouldn’t be entirely surprised to find them working around my security, mining bitcoin on a Tor exit node in Estonia, or influencing the next election, or some such, if I can’t get it tight enough. I may have to ask for help, since this just really isn’t my area of expertise.
We made it to Mass, only about fifteen minutes late (hey, for us, that’s a victory). Then we had to decide how to get through the remainder of our evening. I was really tired. We didn’t have a dinner plan. We decided to go look for somewhere to eat that wasn’t Maiz Mexican Cantina, and not to try to record and produce the podcast last night. We tried a Middle Eastern place that Grace had heard good things about, but it was about 7:30, and they had just closed their dining room. So we wound up at Palm Palace. I have not been there in many years. The food was very good, although I had to grit my teeth a bit because it is quite expensive. I had hummus with lamb, salad, and roasted vegetables. It’s one of my favorite Middle Eastern dishes. All the food was quite good.
They supplied us with a big dish of Toum. It’s basically garlic mayonnaise without eggs, and involves a lot of raw garlic, oil, lemon juice, and not much else (maybe some salt). It’s one of my favorite things, period. Raw garlic also seems to really help my lungs feel better, for reasons I’m not entirely clear on. Although I suspect the people I wind up breathing on may not appreciate it as much as I do.
When we got home, I sadly posted a note that we wouldn’t be getting a podcast out. For a bedtime story, I read The Hobbit chapter 18, “The Return Journey.” In this chapter, Bilbo says goodbye to Thorin, who has been mortally wounded in the Battle of Five Armies. He also learns that Fili and Kili have been killed. So the Peter Jackson movie is true to the book on at least those facts, although just about everything else it shows in the battle sequence is invented. These deaths are much more moving in the movie and in the 1977 animated movie. In the book, because Thorin and the other dwarves have gotten so little character development, we don’t get especially attached to them.
In the book, Gandalf’s arm is in a sling after the battle, as he’s been injured. I don’t think this happens in the movie, although I may have forgotten it. Also, Thorin is buried with the Arkenstone, which is a nice touch, given that he never got to hold it in life.
Monday
Elanor actually slept much better Sunday night, so I got a reasonable night’s sleep! Although it was a little truncated, since we got to bed pretty late.
I have news, which I’m going to recount more fully in the podcast. When we got back from our walk on Saturday, I had mail from Alpha-1 Foundation. I sent them a card with a blood sample, as part of my participation in a study. The letter contained my test results. I’ve learned that my alpha-1 genotype is PiMZ, which means I have a mutation that makes me mildly deficient in alpha-1 antitrypsin. This makes me a “carrier,” instead of someone with the more severe PiZZ genotype, which can produce severe disease. That term, “carrier,” is a bit misleading, though, because a mild deficiency is still associated with some increased risk of various lung and liver problems.
I am relieved in several ways: first, because it isn’t a “worst-case scenario.” Second, because it fits very well as an explanation of why I’ve had a cough and related symptoms for months. And finally, I’m relieved because it suggests what I should do next, as far as treatment. If this test had come back telling me I had a normal genome, I’d have been relieved but also frustrated, as it would not help explain any of this, or suggest another course of action, other than trying to go back to my regular doctor and complain that I’m still sick.
My kids will need testing. Given the genetics of this condition, I don’t think any of them could have the severe deficiency, but there is a chance some of them could have my version.
We put some thought into deciding whether or not to go public with this information, as it is health information. But I think I have a duty to try to help get the word out. Maybe my reports can help inform some other folks.
Tuesday
I made chili last night, although it wasn’t quite “real” chili. We used up a sort of ratatouille that we had in the fridge along with ground turkey and garbanzo beans. The result was a mild meat and vegetable stew with tomatoes and beans. It tasted pretty good so no one complained that it wasn’t “real” chili, and we used up some leftovers.
I tried to fix my squid configuration, as mentioned in yesterday’s entry. I wasn’t able to put much time in it, but I confirmed that there was nothing wrong with my subnet mask. Switching from specifying 192.168.1.0/255.255.255.0 to 192.168.1.0/24 made no difference at all. The test machine with IP address 192.168_1.143 was blocked, and I don’t understand why.
I thought my whitelist rule was working, but it turns out that even with no filtering by IP address, the whitelist rule fails to allow any clients. Is my syntax for referring to the whitelist file incorrect?
I tried turning on full error-logging, but it produces a river of output. The output contains lines that say that the clients are failing the acl tests, but they don’t say why.
I suspect there may be a configuration option in the squid.conf distribution for Debian that the examples don’t take into account. Perhaps it was added in a recent revision. I don’t know. All the online examples claim this is easy to do, and show changing just a handful of lines in the squid.conf file.
I’m poking around looking to see if there is a simpler alternative to squid for this kind of whitelisting. If I have time, I’ll look at it again tonight. I want to try applying the following advice from this site:
If ACLs are giving you problems and you don’t know why they aren’t working, you can use this tip to debug them.
In squid.conf enable debugging for section 33 at level 2. For example:
debug_options ALL,1 33,2Then restart or reconfigure squid.
From now on, your cache.log should contain a line for every request that explains if it was allowed, or denied, and which ACL was the last one that it matched.
If this does not give you sufficient information to nail down the problem you can also enable detailed debug information on ACL processing
debug_options ALL,1 33,2 28,9Then restart or reconfigure squid as above.
From now on, your cache.log should contain detailed traces of all access list processing. Be warned that this can be quite some lines per request.
If I can’t make any headway, I’m going to assume there has been some change to the default squid.conf, or there is some other configuration issue with squid on Debian that I’m not aware of. Maybe I’ll see if I can get better results with a simpler proxy server. Maybe I’ll try tinyproxy for Debian stretch. Tinyproxy lives here. If I can’t get that proxy server working either, the problem may have something to do with the OpenWRT router.
Wednesday
I got the squid proxy server working.
I was specifying an ACL like so:
acl WHITELIST dstdomain parameters("/etc/squid/whitelist.txt")
http_access allow WHITELISTWhere the text file contains the domains I want to allow. This doesn’t give any errors when squid parses its configuration, but it fails; the domains specified in my text file aren’t allowed. If I write it like this instead:
acl WHITELIST dstdomain "/etc/squid/whitelist.txt"
http_access allow WHITELISTIt works fine.
I came across the “parameters” syntax in the squid release notes. It’s mentioned in this document.
My squid version seems to be 3.5.23. I have no idea why this syntax doesn’t work and even less idea why it doesn’t work by silently failing to match whitelist entries. It smells like a bug to me. But the other syntax seems to work fine. Maybe I’ll see if there’s a good way to ask the developers about it.
After dinner I went downstairs and finished up this week’s podcast, which was about 48 hours late. We had a little time before bed so I watched an episode of Star Trek: The Next Generation with the kids. By that I mean that I watched the episode, and the kids hung out with me in the family room either reading or clustered around a laptop messing with Scratch, since I enabled access to Scratch.
I’ve been asking for a list of what to put in the whitelist, but so far they haven’t given me that list yet.
Breakfast this morning was bulletproof coffee, three fried eggs, a container of guacamole, and some corned beef. Lunch is leftover fake chili and brown rice. My breathing and coughing have not been bad today although I’ve still got a bit of this “hollow” cough and some white froth to cough up, and my chest just doesn’t feel normal. My lungs were not crackling noticeably when I woke up, which was nice. The baby has been a bit more settled for the last couple of nights, so I had better sleep. Better sleep, but still not quite enough of it.
I signed up for the “squid-users” mailing list because that’s where I am supposed to discuss possible bugs. I sent a message asking about the “parameters” issue. My experience asking for help in open-source projects has, generally, not been very positive, but hope springs eternal.
Update: I got a politely worded note back, effectively confirming that yes, the squid configuration parser is broken.
This has been my experience with a number of open-source problems: download a package, try following the instructions, find that things are clearly and obviously broken. Very often the parsers are a mess, and no one wants to touch them, because they mostly work, and changing anything would be very likely to break existing deloyments.
And after a look at the source, I realize that fixing it would be an enormous job; there’s really no “ride in on a white horse” thing I could do to quickly make myself useful. And as much as I’d like to take on another project, then I have to ask myself what I’d be willing to drop to free up the time to work on something like this, in addition to my paid work. And so it kind of peters out there.
Thursday
Busy day. Leftovers for dinner! We thus were able to clean out a lot of space in our refrigerator. Grace and I are trying to get ahead of the podcast curve a bit and plan topics, and also plan meals for the weekend. We’re having a friend over for dinner on Saturday and planning to make Indian food, so Saturday will be, in part, a cooking party.
We finished The Hobbit. Finally. Veronica would not join us for the last chapter.
Am I crazy, or in Tolkien’s black-and-white illustration called “The Hall at Bag-End, Residence of B. Baggins Esquire,” did he give Bilbo his own face?
Friday
Egg salad sandwich (from the Coffee House Creamery) and cold brew for breakfast.
Grace arranged an appointment for me with a new doctor. They want paperwork by fax. I need to call them and see if there is some way I can e-mail it instead. If not I will have to go to an office store to send a fax.
Saturday
Saturday was a big, exhausting day, but pretty rewarding, too. Bulletproof tea for breakfast. Then I took Sam with me and went to Bombay Grocers on Packard to pick up some more spices for making garam masala. I started brown-frying 7 cups of onions (about 40 minutes), chopping ginger and garlic, and then getting spices ready for garam masala. That involved picking apart about 90 green and black cardamom pods to get the seeds out. Very tedious, but they smell wonderful. Grace started roasting some oxtails at 275 in the oven, then ran out to return some meat to Kroger that didn’t look very good. It unfortunately took her two and a half hours to run a couple of errands and I was only expecting her to be out an hour, or 90 minutes at the longest. I was stressing because I needed her help to get three Indian dishes made, especially to make sure that the curry had enough time to simmer and rest for its best possible flavor.
We made 3 dishes, all from Julie Sahni’s Classic Indian Cooking: a meat curry, a cabbage dish, and eggs in spicy sauce. We used bison steaks for the meat, but bison is pretty lean, so we roasted some oxtails for a few hours to get the fat and flavor out, simmered the curry with the oxtails in it, then scraped the remaining meat off them and took the bones out before finishing up the dish.
Ideally after browning the meat (you want a good sear!) and bringing everything together to a boil, it would simmer for a couple of hours without the potatoes, then cook for about 30 more minutes with the potatoes, then rest for about two hours with the heat off, then you’d bring it back up to a simmer and toss in the coriander leaves and serve. We had to cut that down since we didn’t get it all assembled until about 3:30. So it simmered for about 90 minutes, then cooked with the potatoes for a half hour, then rested for about another hour. It might have been a bit better if it had sat for the whole recommended cooking time, but it was pretty fantastic. Meanwhile Grace cooked the cabbage in a wok, which is not exactly Indian but it worked very well, and made the spicy eggs using eggs we cooked for one minute in our Instant Pot (not counting steam-up and cool-down time). Everything came out great.
I fried a couple of big platters of papadums, and we served it all with some sauces (pre-made date sauce and mint chutney). We also opened up the last few bottles of wine we had remaining from Thanksgiving and Christmas: 2016 Greywacke Marlborough Sauvignon Blanc from New Zealand, 2015 Arcturos Late Harvest Reisling from Black Star Farms, and Chateau Fontaine Cherry Wine. With spicy Indian food you want something sweet, so we started sampling the Sauvignon Blanc while we finished up the cooking, then had the sweet Michigan wines with the meal. Our friend Scott brought apple and cherry pies and ice cream, which finished up the feast very nicely.
There’s quite a bit of leftover meat curry so I will have some very nice lunches this week. The curry actually gets better after it sits for a while. I don’t have a really good explanation for why that is. I suspect the meat fibers continue to break down so the meat gets even more tender, and maybe some of the fat-soluble flavors from the spices gradually dissolve further into the gravy. Maybe oxidation is actually a factor. I don’t really know, but I’m looking forward to some great leftovers.
It seems odd but I’m convinced that eating a large amount of onions or garlic, especially something like Grace’s green onion pesto, helps with the irritation and infection in my lungs. It hasn’t cured it, but it definitely helps. So I’m still seeing a doctor in a few days but meanwhile, I’ll be eating my green onions. I am noticeably tired. The big meal yesterday was a lot of work, and so it would be normal for me to be fatigued by the end of the day, but I was more tired than normal, which I attribute to the ongoing breathing problems. So I’m really looking forward to getting some help with this.
A couple remaining notes from the week: Grace ordered a copy of Galaxy Quest on DVD, so we should be watching that in a day or two. It’s Sunday and I’m working on notes for the podcast. With luck we should be able to get the show finished today and not have the problem we had last week, where we had to record the show on Monday night and I had to stay up late and edit it on Tuesday night.
Sam is done with it, so I started reading a book Scott loaned me, The Dangerous Case of Donald Trump: 27 Psychiatrists and Mental Health Experts Assess a President by Bandy X. Lee et al. I’m still thinking over how I feel about a bunch of psychiatrists essentially diagnosing a public figure without actually offering a literal diagnosis. I think we may wind up talking about that on the podcast. However, I was interested in the first chapter, which argues that Trump has an extreme case of “present hedonism,” when his behavior is considered using time perspective theory. Time perspective theory is something new to me, which is not surprising given that all the writing on the subject seems to date from long after I last took psychology classes.
Books, Music, Movies, and TV Mentioned This Week
- The Hobbit by J. R. R. Tolkien
- Classic Indian Cooking by Julie Sahni
- The Dangerous Case of Donald Trump: 27 Psychiatrists and Mental Health Experts Assess a President by Bandy X. Lee et al.
Ypsilanti, Michigan
The Week Ending Saturday, March 24th, 2018
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.