. mombe.org
home of the mad cow
  Not A Blog

Saturday, March 26, 2005

African Bird's Eye Chilli Sauce

My chilli bush produces chillies profusely and I was at a loss as to what to do with them. This was my solution ...

20 African bird's eye chillies
1 large onion
6 medium tomatoes
5 cloves of garlic
1 tsp salt
2 tsp origanum
1/5 cup white spirit vinegar
2 cup sugar

- finely chop the onion and tomatoes

- remove the seeds from the chillies and finely chop the flesh. You might want to wear gloves for this. I chopped my chillies two hours ago and my hands are still, erm, warm. You also want to be very careful not to get any seeds in the chopped chilli, and not to rub your eyes, etc. This stuff burns like hell ;-)

- crush the garlic

- put all of the above in a pot with the tsp of salt and allow the tomatoes to draw for about five minutes over a low heat.

- if you've got one of those wizz-stick things, use it to chop everything in the pot up even finer (else do it right the first time ;-)

- add the origanum, vinegar and sugar

- simmer gently over a low heat for about forty-five minutes. you need to leave the lid on the pot for the first twenty minutes or so to cook everything and then you need to remove the lid to allow the mixture to reduce to a nice sauce.

- bottle whilst still hot in a clean, dry bottle/jar (makes about one chutney bottle's worth)

You should probably refrigerate this after re-opening the jar

posted by guy at: 16:42 SAST | path: /recipes | permanent link

Tuesday, March 22, 2005

Nothing To Report

So I went away for a long weekend, and for the first time in as long as I can remember, Big Brother didn't page me once. Not a single peep. It was great.

In all fairness, our copy of Big Brother currently monitors over 920 services on 282 different hosts, many of which aren't controlled by the IT Division or, in some cases, even at Rhodes. It is sort of expected that at any one time at least one of these services will be broken. Which is why it was kind of strange and nice that I got a weekend of peace and quiet. I must be doing something right ... or horribly wrong. :)

posted by guy at: 11:51 SAST | path: /systems | permanent link

Tuesday, March 15, 2005


After many, many months in the pipeline, GINX got its first (second actually, Rhodes was the first) peer — kudos to Bradley for bringing the Albany Schools Network online.

A few teething problems emerged once we started to see real traffic via the GINX switch. The first of these related to some DNS hacks we were doing. Because Albany Schools effectively moved from inside our firewall to outside (history; don't ask ...), we needed to punch some holes into our firewall to get things to work as they were before. This won't be the case when other people come on board.

The second problem was that we had an asymmetric route to Rhodes. We're peering to GINX with our two redundant border routers. A bug in the config of our primary router meant it wasn't advertising its route to GINX but was learning routes from it — so traffic from Rhodes went out via one router and in via a different one. Sorta breaks stateful firewall rules ;-) Adding the missing allow line to the config fixed that problem; GINX now sees two routes for Rhodes and gets the preference (metric, multi-exit discriminator) right. BGP is cool.

To celebrate this, Russell and I had a go at updating the GINX website to do content negotiation à la the W3C's Architecture of the World Wide Web. So now http://ginx.org.za/lookingglass.cgi is http://ginx.org.za/lookingglass, http://ginx.org.za/status.html is http://ginx.org.za/status and so on. We also created an RSS feed and got Sablotron and PHP to render the status page from it via an XSLT style sheet. The web is a wonderful place. CSS, PHP and XML can make it better.

Now we need to get Cliff at Imaginet to get round to setting up his peer — all the bits seem to be in place, he just needs to plug them together — and we'll start seeing some real use from GINX. Oh, and the Foundation would be nice too, but that's a lot more complex to get right because of how it's connected to the peering point and they're about to start SciFest. Broken routing there would probably go down like a lead balloon.

posted by guy at: 22:46 SAST | path: /systems | permanent link

Sunday, March 13, 2005

Perl 5.8 and FindBin

It appears that there is a bug in Perl 5.8.6's FindBin.pm whereby things don't work so well if it doesn't have access to the current working directory.

I picked this up trying to debug MRTG. The program would run just fine from the command line, but not from /etc/crontab. After playing with cron's path and env(1) to try and figure out what was going on, I found the following error from cron:

Use of uninitialized value in string at /usr/local/bin/mrtg line 78.
Empty compile time value given to use lib at /usr/local/bin/mrtg line 78
Use of uninitialized value in concatenation (.) or string at /usr/local/bin/mrtg line 79.
Use of uninitialized value in concatenation (.) or string at /usr/local/bin/mrtg line 703.
Use of uninitialized value in concatenation (.) or string at /usr/local/bin/mrtg line 703.
ERROR: Can't Execute '/rateup'

Looking on line 78 and 79 of the MRTG code I found:

use FindBin;
use lib "${FindBin::Bin}";
suggesting the problem was related to the FindBin Perl module.

Some googling lead me to a similar bug report for RedHat Linux. Their suggested fix was a patch to FindBin.pm.

Since I'm not wildly keen on altering bits of my Perl installation (I forsee problems later when I try and upgrade and have forgotten why I did it), I decided to try for a simpler, less invasive solution. Since it appears that the problem is related to permissions on the current working directory, and I'm not sure what cron's current working directory is by default, I decided to try setting it explicitly. So I changed my cron entry from

*/5 * * * * stats /usr/local/bin/mrtg /usr/local/etc/mrtg/mrtg.cfg
*/5 * * * * stats cd /tmp; /usr/local/bin/mrtg /usr/local/etc/mrtg/mrtg.cfg
and lo and behold things started to work properly again.

Anyway, I just thought I'd share this simple solution in case anyone else bumps their head against the same problem.

posted by guy at: 12:21 SAST | path: /systems | permanent link

Wednesday, March 02, 2005

Thawte Web of Trust

In an effort to try and drag things into the digital era, I've managed to convince Rhodes that it'd be a good idea if we could issue digital signatures for signing e-mail.

One of the nicest systems for doing this that I've seen is Thawte's Web of Trust. The idea is that you can register for a (free) Thawte-signed digital signature. Because Thawte have no way of validating your identity, you get a signature without your name on it.

If you want to have your name added (which is useful if you're planning on using it as a signature, rather than as a crypto key) you need to find someone to notarise your certificate. The way Thawte handle this is to out-source the checking of identity documents to willing participants. In other words Thawte trusts one of their notaries who trusts you. You need to get at least two notaries to trust you before you get a name on your certificate, thus the web of trust. Eventually if enough people trust you, you're empowered to trust other people and thus become a notary yourself. It's very similar in many ways to PGP's idea of a web of signed certificates, but has the advantages of Thawte's root CA certificate being at the end of the chain, as well as being S/MIME (that's a rant for another day. suffice to say S/MIME works better than PGP ;-)

There is an obvious bootstrapping problem with this. How do the first notaries become notaries. Well Thawte's answer to that is to make use of trusted third parties, being bank managers, lawyers and chartered accountants. If you want to be a notary and you can find enough Thawte notaries to notarise you, then you find two trusted third parties and get them to verify your identity to thawte.

This is what we did today. Three of us from the IT Division wandered down High Street armed with paperwork and found ourselves some trusted third parties (the manager of First National Bank and a public notary at Wheeldon, Rushmere and Cole). It was a little difficult to get the concept of what we were trying to do across, but we came away with appropriately verified identity documents. Many thanks to our two trusted third parties.

Our idea is simple - we're trying to get enough Thawte notaries in Grahamstown to be able to notarise other people's certificates so that we can fix the bootstrapping problem. Once we're done with this, we'll happily help anyone at Rhodes (or in Grahamstown) who's looking for a digital signature to get a Thawte personal e-mail certificate with their name on it. Hopefully this'll raise awareness of the need for and use of this technology.

posted by guy at: 17:00 SAST | path: /general | permanent link

Bloxsom Powered

© 2002-2005, webmaster@mombe.org
RSS Valid XHTML 1.0!

Creative Commons License