. mombe.org
home of the mad cow
  Not A Blog

Saturday, March 26, 2005

African Bird's Eye Chilli Sauce

My chilli bush produces chillies profusely and I was at a loss as to what to
do with them. This was my solution ...

    1. African bird's eye chillies
  1. large onion
  2. medium tomatoes
  3. cloves of garlic
  4. tsp salt
  5. tsp origanum
    1/5 cup white spirit vinegar
  6. cup sugar
  • finely chop the onion and tomatoes

  • remove the seeds from the chillies and finely chop the flesh. You might
want to wear gloves for this. I chopped my chillies two hours ago and my
hands are still, erm, warm. You also want to be very careful not to get
any seeds in the chopped chilli, and not to rub your eyes, etc. This
stuff burns like hell ;-)

  • crush the garlic

  • put all of the above in a pot with the tsp of salt and allow the tomatoes
to draw for about five minutes over a low heat.

  • if you've got one of those wizz-stick things, use it to chop everything in
the pot up even finer (else do it right the first time ;-)

  • add the origanum, vinegar and sugar

  • simmer gently over a low heat for about forty-five minutes. you need to
leave the lid on the pot for the first twenty minutes or so to cook
everything and then you need to remove the lid to allow the mixture to
reduce to a nice sauce.

  • bottle whilst still hot in a clean, dry bottle/jar (makes about one
chutney bottle's worth)

You should probably refrigerate this after re-opening the jar

posted by guy at: 16:42 SAST | path: /recipes | permanent link

Tuesday, March 22, 2005

Nothing To Report

So I went away for a long weekend, and for the first time in as
long as I can remember, Big Brother didn't page me once. Not a single peep. It was great.

In all fairness, our copy of Big
currently monitors over 920 services on 282 different
hosts, many of which aren't controlled by the href="http://www.ru.ac.za/it/">IT Division or, in some cases,
even at Rhodes. It is sort of
expected that at any one time at least one of these services will
be broken. Which is why it was kind of strange and nice that I got
a weekend of peace and quiet. I must be doing something right ...
or horribly wrong. :)

posted by guy at: 11:51 SAST | path: /systems | permanent link

Tuesday, March 15, 2005


After many, many months in the pipeline, GINX got
its first (second actually, Rhodes was
the first) peer
— kudos to Bradley for
bringing the Albany Schools Network online.

A few teething problems emerged once we started to see real traffic via the
GINX switch. The first of these related to some DNS hacks we were doing.
Because Albany Schools effectively moved from inside our firewall to outside
( href="http://www.wcape.school.za/za/conrvw96.htm#Eastern_Cape">history;
don't ask ...), we needed to punch some holes into our firewall to get
things to work as they were before. This won't be the case when other
people come on board.

The second problem was that we had an asymmetric route to Rhodes. We're
peering to GINX with our two redundant border routers. A bug in the config
of our primary router meant it wasn't advertising its route to GINX but was
learning routes from it — so traffic from Rhodes went out via one
router and in via a different one. Sorta breaks stateful firewall rules ;-)
Adding the missing allow line to the config fixed that problem; GINX now href="http://www.ginx.org.za/lookingglass">sees two routes for Rhodes
and gets the preference (metric, href="http://www.cisco.com/warp/public/459/37.html#med">multi-exit
discriminator) right. BGP is cool.

To celebrate this, Russell and I had
a go at updating the GINX website to
do content
à la the W3C's href="http://www.w3.org/TR/webarch/">Architecture of the World Wide Web.
So now http://ginx.org.za/lookingglass.cgi is href="http://ginx.org.za/lookingglass">http://ginx.org.za/lookingglass,
http://ginx.org.za/status.html is href="http://ginx.org.za/status">http://ginx.org.za/status and so on.
We also created an RSS feed and got href="http://www.gingerall.com/charlie/ga/xml/p_sab.xml">Sablotron and PHP to render the href="http://ginx.org.za/status">status page from it via an XSLT style
sheet. The web is a wonderful place. CSS, PHP and XML can make it better.

Now we need to get Cliff at href="http://www.imaginet.co.za/">Imaginet to get round to setting up
his peer — all the bits seem to be in place, he just needs to plug
them together — and we'll start seeing some real use from GINX. Oh,
and the Foundation would be nice
too, but that's a lot more complex to get right because of how it's
connected to the peering point and they're about to start href="http://www.scifest.org.za">SciFest. Broken routing there would
probably go down like a lead balloon.

posted by guy at: 22:46 SAST | path: /systems | permanent link

Sunday, March 13, 2005

Perl 5.8 and FindBin

It appears that there is a bug in Perl 5.8.6's href="http://search.cpan.org/~nwclark/perl-5.8.6/lib/FindBin.pm">FindBin.pm whereby things
don't work so well if it doesn't have access to the current working

I picked this up trying to debug MRTG.
The program would run just fine from the command line, but not from href="http://www.freebsd.org/cgi/man.cgi?query=crontab&apropos=0&sektion=0&manpath=FreeBSD+5.3-RELEASE+and+Ports&format=html">/etc/crontab.
After playing with href="http://www.freebsd.org/cgi/man.cgi?query=cron&apropos=0&sektion=0&manpath=FreeBSD+5.3-RELEASE+and+Ports&format=html">cron's
path and href="http://www.freebsd.org/cgi/man.cgi?query=crontab&apropos=0&sektion=0&manpath=FreeBSD+5.3-RELEASE+and+Ports&format=html">env(1) to try and figure out what was going on, I found the following error from

Use of uninitialized value in string at /usr/local/bin/mrtg line 78.
Empty compile time value given to use lib at /usr/local/bin/mrtg line 78
Use of uninitialized value in concatenation (.) or string at /usr/local/bin/mrtg line 79.
Use of uninitialized value in concatenation (.) or string at /usr/local/bin/mrtg line 703.
Use of uninitialized value in concatenation (.) or string at /usr/local/bin/mrtg line 703.
ERROR: Can't Execute '/rateup'

Looking on line 78 and 79 of the MRTG code I found:

use FindBin;
use lib "${FindBin::Bin}";
suggesting the problem was related to the FindBin Perl module.

Some googling lead me to a similar href="https://bugzilla.redhat.com/beta/show_bug.cgi?id=118877">bug
report for RedHat Linux. Their suggested
fix was a patch
to href="http://search.cpan.org/~nwclark/perl-5.8.6/lib/FindBin.pm">FindBin.pm.

Since I'm not wildly keen on altering bits of my Perl installation (I forsee
problems later when I try and upgrade and have forgotten why I did it), I
decided to try for a simpler, less invasive solution. Since it appears that
the problem is related to permissions on the current working directory, and
I'm not sure what href="http://www.freebsd.org/cgi/man.cgi?query=cron&apropos=0&sektion=0&manpath=FreeBSD+5.3-RELEASE+and+Ports&format=html">cron's
current working directory is by default, I decided to try setting it
explicitly. So I changed my cron entry from

*/5 * * * * stats /usr/local/bin/mrtg /usr/local/etc/mrtg/mrtg.cfg
*/5 * * * * stats cd /tmp; /usr/local/bin/mrtg /usr/local/etc/mrtg/mrtg.cfg
and lo and behold things started to work properly again.

Anyway, I just thought I'd share this simple solution in case anyone else
bumps their head against the same problem.

posted by guy at: 12:21 SAST | path: /systems | permanent link

Wednesday, March 02, 2005

Thawte Web of Trust

In an effort to try and drag things into the digital era, I've managed to
convince Rhodes that it'd be a good idea if we could issue digital
signatures for signing e-mail.

One of the nicest systems for doing this that I've seen is href="http://www.thawte.com/">Thawte's href="http://www.thawte.com/wot/">Web of Trust. The idea is that you
can register for a (free) href="http://www.thawte.com/email/index.html">Thawte-signed digital
signature. Because Thawte have no way of validating your identity, you
get a signature without your name on it.

If you want to have your name added (which is useful if you're planning on
using it as a signature, rather than as a crypto key) you need to find
someone to notarise your certificate. The way Thawte handle this
is to out-source the checking of identity documents to willing participants.
In other words Thawte trusts one of their notaries who trusts you. You need
to get at least two notaries to trust you before you get a name on your
certificate, thus the web of trust. Eventually if enough people trust you,
you're empowered to trust other people and thus become a notary yourself.
It's very similar in many ways to PGP's idea of a web of signed
certificates, but has the advantages of Thawte's root CA certificate being
at the end of the chain, as well as being href="http://dict.rucus.ru.ac.za/dict.cgi?word=Secure%20Multipurpose%20Internet%20Mail%20Extensions&dict=foldoc&strategy=default&define=define">S/MIME (that's a rant for another day. suffice to say S/MIME works better than href="http://dict.rucus.ru.ac.za/dict.cgi?word=Pretty%20Good%20Privacy&dict=foldoc&strategy=default&define=define">PGP ;-)

There is an obvious bootstrapping problem with this. How do the first
notaries become notaries. Well Thawte's answer to that is to make use of
trusted third parties, being bank managers, lawyers and chartered
accountants. If you want to be a notary and you can find enough Thawte
notaries to notarise you, then you find two trusted third parties and get
them to verify your identity to thawte.

This is what we did today. Three of us from the href="http://www.ru.ac.za/it/">IT Division wandered down High Street
armed with paperwork and found ourselves some trusted third parties (the
manager of First National Bank and a
public notary at Wheeldon, Rushmere and Cole). It was a little difficult to
get the concept of what we were trying to do across, but we came away with
appropriately verified identity documents. Many thanks to our two trusted
third parties.

Our idea is simple - we're trying to get enough Thawte notaries in
Grahamstown to be able to notarise other people's certificates so that we
can fix the bootstrapping problem. Once we're done with this, we'll happily
help anyone at Rhodes (or in Grahamstown) who's looking for a digital
signature to get a Thawte
personal e-mail certificate
with their name on it. Hopefully this'll
raise awareness of the need for and use of this technology.

posted by guy at: 17:00 SAST | path: /general | permanent link

Bloxsom Powered

© 2002-2005, webmaster@mombe.org
RSS Valid XHTML 1.0!

Creative Commons License