New Paint Job for Christmas

We decided to go for it on a spur of the moment decision.  Last weekend we asked our favorite painting contractor Josh Stonebrook (if your looking for a painter) to give us an estimate on painting the Living room, Kitchen, and Hallway.  The price was right and he started Monday morning.  I should have taken some photos of the place all masked off with the majority of the painting done when we got home from work.  The garage door was left open for ventilation and the ceiling fans were running to help air it out.  The only problem with that was Sunday the weather turned cold with a sudden drop in temperature.  So, it was a bit cold in the house when we got home.

Since the kitchen was all masked off we went out to dinner and Anna got to do her homework at Dos Coyotes.  After dinner we decided we had to have some heat and gingerly unwrapped the thermostat to turn on the heater.  When morning came we decided we had to go out to breakfast so we hit Starbucks before heading off to school and work.

Tonight, when we returned home all the masking was removed and the place looks pretty neat.  Just one more day and we should have everything back in place with a fresh new color scheme!

Hopefully all the paint is cured and the fumes are gone by the time we bring Nana to our house this Friday to stay with us thru Christmas!

Discovered a Friends Blog.

I was surprised to find that some of our friends have blogs, but what was more surprising was how thoughtful and insightful the post are.  Check out Foundational Thoughts for some interesting reading on good Christian views with explanations.

Harvest Time!

We just had our biggest harvest of Mandarins yet!  Our little 4 year old Matsuda Mandarin tree just gave us 127 delicious Mandarins!

Finally posted some belated photos to Flickr

Last August Anna and I had a few days off before 1st grade started.  So, we spend the week together going places and checking out neat sites.  Some how I forgot to post the photos to flickr so I just put them up there.

Grandpa, who was a flight navigator in Vietnam and a S.A.C. instructor for many years at Mather A.F.B., might find some of these interesting since one of our stops was the Sacramento Aerospace museum next to McClellan A.F.B.  Anna had fun climbing up into the planes and riding in the simulators.  Being a week day we had the place to ourselves!

We also spent a day at the State Fair, this photo was near the end of the day.  We were relaxing before the final show, then heading home.

and another day with friends at the Sacramento Train museum.  In this photo Anna and her friend Ruby are posing in front of a Western Pacific diesel engine.  Anna's great grandpa worked for the Southern Pacific for 40 years.

WPA Wireless Networking isn't Broken!

Despite what the most media sources have been saying, WPA certified wireless networking is not actually broken.  Rather than write-up a long complicated description of what was actually discovered, this has already been done (see grc.com's Security Now podcast #170 TKIP Hack).  I'll try to keep it short and simple.

First, as I noted on an old post on Wireless security, WEP (Wired Equivalent Protection) is totally broken so, you should NOT still be using this.  The WPA "crack / hack" discovery is simply a weakness in the protocol, TKIP (Temporal Key Integrity Protocol) used by many people that are currently using the WPA certified security.  WPA was an early implementation of the 802.11i specification before it was finalized.  What you want to use to mitigate what is really a very minor weakness in WPA is WPA2.  WPA2 is the 802.11i specification in it's completed / finalized form.  Now once you switch to WPA2 you also want to use AES and NOT TKIP.

If your equipment doesn't support WPA2, Check and see if there is a newer firmware for your router(s) and access points that may support WPA2.  If your are stuck with WPA, check and see if your router supports QoS (Quality of Service) and make sure you have it disabled.  It is likely the if you have QoS enabled it is doing you no good anyway.  QoS is a key feature in the slight weakness of the WPA crack.  Another name for QoS on some wireless routers is WMM (WiFi Multi Media).  This is a fairly new Wi-Fi Alliance certification on some routers.  All this new acronym indicates is an interoperability certification using a subset of the 802.11e subspec.  So, again disable WMM if it is enabled.  Another way to mitigate this attack would be to reduce the re-keying time from the default of 3600 seconds (60 minutes) to less than 12 minutes, say 660 seconds (11 minutes).  Then the attacker runs out of time before being able to complete the attack on one packet.  Doing this also removes the possibility of a DoS (Denial of Service) attack that could be done by injecting packets with bad MIC (Message Integrity Code).

So, bottom line.  Use WPA2 with AES / CCMP (NOT TKIP or AES+TKIP) and use a long randomly generated security key.  My favorite site for generating very high quality, cryptographic-strength keys is GRC's Perfect Passwords page.  FYI I also use his Perfect Paper Passwords service for shorter strings I can use for passwords and Passcards.

The minor weakness discovered only allows the attacker to get a short packet of relatively known contents once every 12 minutes or once every 4-5 min with QoS/WMM and issue a reply attack with up to about 7 fake packets.  These short packets are probably DHCP or ARP packets.  They can't actually decrypt your packets and they don't have the time to fake a larger data packet since your router will likely re-key once an hour.  This re-keying causes the attacker to have to start over from scratch.

Halloween 2008

We went trick-or-treating with Anna's friend Eva and her two cousins. Pretty cute for a group of Halloween ghouls.  Then they all had a sleep over at Eva's for the night.  Stayed up watching scary movies and stuffing themselves with candy.

An unmanaged forest

In the early 1980s I was a volunteer firefighter for a tiny community in the Santa Cruz Mountains of Northern California. We all lived in a beautiful redwood forest and our task was to keep that forest from burning down in a huge conflagration, taking us all with it. The job was made all the harder because our little part of paradise hadn't burned since the 1920s, so there was 60+ years of flammable undergrowth just waiting to light off. The current financial crisis facing the United States and the world really isn't much different from that. ... read more

Rejuvenating Vacation

We just got back from 3 days at our favorite cottage in Point Reyes, CA!  The weather was perfect, sunny and clear, slightly cool in the mornings for a run, and great temperatures for hiking and beach combing during the day.

Check out some of the photos I've posted on my flickr account taken in and around Point Reyes National Seashore.

 

The only drawback this time was our favorite restaurant ,Reyes Cafe, changed their menu about 6mo. ago.  It went from having a great selection of items that were all great, to one or two that I thought were good enough to eat.  So, I guess we'll have to try some different places to eat when we visit the area.

Running on the Beach at Drakes Bay

Save Net Radio

Check out Pandora my favorite & Last FM which I've heard good things about but haven't tried yet.

Summer Fun Playing in the Sprinkler.

View at YouTube

We found another way to stay cool while I was treating the pool.

Anna has been in the pool both at home and school this summer. So, she has gotten very comfortable in the pool and swims well even though we haven't had her in swim lessons yet. She loves diving to the bottom to retrieve toys and likes to show off her swim strokes too.

We've been working all summer but I'm taking a week off before school starts to spend with Anna. We'll take in some sights around town and visit the Train, Aerospace, and Discovery museums as well as take in some miniature golf, Water parks, and plays. Along with anything else I can think of that might be fun that week. We might even take in the State Fair one day.

Kindergarten Career Day Fashion Show

Anna has graduated from Kindergarten and is looking forward to a Summer of fun.  We are hoping to get her into swimming lessons and a few other things to keep her busy and her mind active.

Smokin' Weekend visit to Nana's

We were looking forward to a few days off and planned to visit Nana in Watsonville, one of our favorite places to visit along the coast. We heard there was a fire in Corralitos which is about 7-8 miles north of Watsonville. As we got close enough to see the smoke, we started to think we would just pick up Nana and take her back home with us. The smoke plume left a huge dark cloud stretching right over Watsonville and across the valley. Surprisingly, by morning the air wasn't all smokey like we thought it would be. So, we stayed the weekend. We kept an eye on the news of the fire through out the weekend. Here is a channel 3 news report on Sunday News report on Corralitos Fire. By Saturday, the winds had shifted and all the smoke was blowing away from us and the coast. This turned out to hamper the fire fighters as the fire jumped the line they created, killing their hopes of containing the fire by the end of the weekend.

The rest of the stay was nice. We did some minor yard work to help Nana clean up her yard. The weather was nice and cool. We played and read stories for Anna. Anna and I put together a 300 piece puzzle of a princess sitting on a unicorn with the castle in the background. While I ended up doing most of the work, Anna enjoyed helping find pieces. She found all the pieces for the princess and part of the unicorn. It was a unicorn weekend for her, as she also watched the Last Unicorn twice during the visit. There was a Fly-In and Air Show that we could see and hear from Nana's house. The airport is just a mile or so from her house, so we could see the planes flying over head through out the weekend. Anna had a run-in with some Cold Stone cotton candy ice cream on Friday that had her barfing until long after bedtime. That put a damper on Friday but by Saturday, she felt better and ate and drank enough to make up for Friday. She was still a bit lethargic Saturday but by late afternoon she seemed fully recovered. Mom spent her time snapping photos of Nana's flowers, especially the Orchids and Fuchsias.

Update: I spoke too soon.  Both Julie and I came down with the same symptoms as Anna Sunday.  Not a very restful night and we had the 3 hour drive home the next day.  Luckily traffic was light and we made it home with out having to use the barf bags in the car.

SANS Institute - @RISK: The Consensus Security Vulnerability Alert

CRITICAL: Intel Centrino Wireless Driver Buffer Overflow

• Affected:
  • Intel Centrino 2200BG Wireless Device Driver

• Description: The Intel Centrino 2200BG is a popular wireless network (802.11) card, commonly used in laptop computers. Its driver for Microsoft Windows contains a buffer overflow in its handling of wireless network traffic, a vulnerability that Intel has fixed since January 2007. A new exploit targeting this vulnerability has been released. A specially crafted wireless network frame could trigger this vulnerability, allowing an attacker to execute arbitrary code with kernel level privileges, completely compromising the vulnerable system. The wireless network interface on the vulnerable system need only be in range of the attacker; it need not be connected to any particular wireless network to be vulnerable. Full technical details and a proof-of-concept are publicly available for this vulnerability.

• Status: Intel confirmed, updates available. The patch can be accessed through Intel site reverenced below.

  SANS Institute - @RISK: The Consensus Security Vulnerability Alert

Anna's New Ride!

Watch it at YouTube.com

Now that Anna is actively participating in the ride she is enjoying our bike rides much more.  She used to try to talk to us from the enclosed trailer but it was too hard to hear her to have much of a conversation.  We would always bring along books and toys but she would usually get board on the way back and fall asleep.  In the summer with only the bug screen down in front and the back flap open she would get more air-flow but she would still get pretty warm in the trailer.  This new Trailer bike gets her involved in the ride more and she can see the scenery much better. She is talking the whole ride and having fun!

Hike along the River

Early April and the flowers are blooming. The three of us went for a short hike along the river taking pictures of the wild flowers as we went.

Then on our way back we ran into a local crawling across the trail and decided to cut up to the road and walk back that way to avoid possibly meeting more residents like this along the way.

Nokia unveils shape changing nano-phone concept

Nokia unveils shape changing nano-phone concept

telecoms.con, Feb. 25, 2008

Nokia has unveiled "Morph," a shape-changing mobile devices

concept based on nanotechnology. The concept demonstrates how future mobile devices might be stretchable and flexible, allowing the user to transform the gadget into radically different shapes and functions.

KurzweilAI.net

End to a Big Weekend

Anna had a pretty big weekend... It started with her 6th birthday party and we had about 15 people over for the party. Her big sister made it to town the same day so she got to celebrate with both of her older sisters too. Then the next day we went to lunch with her sisters, then went to the mall to have her ears pierced. She sat in that chair all excited and braved it quite well, even thought the left ear didn't go all that smoothly. Then to top off the weekend... She had been playing with a loose tooth all weekend but with some help from mom at bath time it finally came out. So, the tooth fairy will be making a visit tonight.

View it at YouTube

View it at YouTube

View it at YouTube

Wireshark

I've been having some issues with Voice Over IP (VOIP) at work.  We went with a proprietary system since we have an existing analog Nortel phones and PBX system we wanted to keep a bit longer.  So, our phone guy suggested MCK / Citel model PBX Gateway II and Extender 7000 devices which interface with the analog system and convert the voice to IP Packets using standard compression codecs.  The system requires QoS (Quality of Service) to be implemented (as I'm sure any VOIP system would) to perform properly.  Our phone guy suggested a Q1300 QoS box by Kentrox to manage the traffic.

I've been through a few reconfigurations with this hardware and some changes in ISP's along the way.  However I've never really gotten the system to work satisfactorily to date.  Several discussions with the support from both Citel and Kentrox, both of which have been very helpful every time I've called.  Currently we have a dedicated 5MB fiber EtherMAN between offices.  So, I've put the extender's IP on the same LAN as the main office and the rest of the remote office is behind a firewall device that I have set to limit the Egress and Ingress bandwidth to 3Mbps and tag it as BE.  I have the rest of the main office behind a firewall that also limits the bandwidth to 3Mbps and tags it as BE too.  The QoS box limits all traffic that isn't coming from or bound for either the Extender of the Gateway to 3Mbps as well.  All traffic between those two devices is tagged as high priority and put in the high priority queue.  All other traffic is tagged as BE (Best Effort) witch is lowest or next to lowest priority and put into the associated queue.  I've statically fixed all the ports to a fixed rate to eliminate any issues with auto detection.

With all that the sound quality is good, while the connection stays up.  The problem I'm trying to solve now is the Extender will loose connection suddenly 3-4 times a day, dropping all active calls.  There are no detected errors on the Ethernet line it's self, and no errors that I can see with the packets between the Extender and the QoS.  However I do see some transmission errors between the QoS and the Gateway device.

This brings me to the title of this post.  I have a laptop setup with Wireshark, previously known as ethereal.  To sniff all traffic for analysis.  I can't seem to find a hub though, which I would need to see all the traffic.  So, I'm looking for a simple hub, but I might need to buy a managed switch so I can tell it to mirror the traffic from other designated ports to a monitoring port where I can have the laptop plugged in.  Not the least expensive way to go.  I've done some test captures on our LAN, using the latter method, just to see how the analysis would go.

Field Trip!

Today  I stayed home from work to go along with Anna's class on a field trip.  Overall it was a pretty good trip.  The school rarely has access to school busses for field trips so it's a big deal when they do.  It's been two years since they were able to take the kids on this annual field trip.  We went to Hiram Johnson for a play put on by the Sacramento Junior League.  It's intended for the grade school kids and it's intended to help increase kids interest in reading.  The play is called The Tail Spinner.

Snow Day

While we didn't make it up to the snow last year, today we drove up to Nyack in Blue Canyon.  Across from a snow park where we would have to pay, we found a nice open area with a view of the mountains and few people to contend with.  This was the same place we took Anna to 2 years ago for her first trip to the snow with the church youth.  Anna had a lot of fun and we met several other families who also found this free "snow park".  Here is a video of Anna and me sledding down the hill.

View it at YouTube

Here is one of Julie and Anna making snow angels

View it at YouTube

When I move closer to see the results the camera shakes a bit when one of my legs sinks into a hole.

Almost lost a tree

We had a  bigger than usual storm with lots of rain and wind.  While the surrounding area did suffer some damage with fallen trees and limbs crushing a few cars we came out of it relatively unscathed.  The only near casualty was a small tree in our back yard that was blown over.  It fell against the deck so it didn't come completely out of the ground.  So, I put in some big stakes and used two small come-a-long style synchs to  pull the tree back into place.  Hopefully it recovers.

Lots of people were without power for several days but we only had a minor 5min outage the first morning.  My office was half down for 3 days though.