Cold Brew

This has got to be one of my more expensive experiments: cold brew coffee.
Can’t wait for this to be ready. It smells so sweet and fragrant. Hopefully it isn’t bitter. It is kind of bitter, but not as bitter as hot coffee.

edit: PUTANGINA ANG SARAP
_MG_9486

It tastes a lot milder than coffee brewed with hot water and not as aromatic when compared to a freshly brewed pot. It also doesn’t have the same kind of kick as hot brewed coffee. However, it is really tasty. I can taste mild undertones of the beans (is that a hint of cherry?). I admit, I’ve been buying Starbucks roast coffee, it’s the only one I could find for now. Caffé Verona might actually work well.

Still haven’t figured out what proportions of coffee and water to use for taste but it’s pretty good for a first try. Only problem now is sourcing good coffee that won’t break the bank here. PhP375.00 per 250g bag is a pricey for an ordinary college student in the Philippines. Currently checking if reusing grounds for a second batch would yield positive results.

General guide: use double the amount of coffee grounds for the same amount of water. Dilute 1:1 either with water or milk, add condensed milk as sweetener. Be careful with ice cubes if dilution is a problem. Steep for ~12h or more (sources around the internet don’t go more than 24h lest it becomes sour). French Press can be used for filtering.

I wonder how strong is this coffee…

_MG_9496

chroot lighttpd with PHP5 and MariaDB

Instructions for running lighttpd in a chrooted environment, along with PHP5-FCGI and MariaDB support (may also work with MySQL).
Inspired by sparse documentation, compiled from different sources, adapted and updated where necessary.
Heavily based from NixCraft and mylinuxtips.info setup guides.

I am not liable for any damage or harmed kittens this howto makes upon you. If you are successful, congratulations.

Environment: Debian 7 x86_64

Requires

Charades

Fourteen days and counting.
Fourteen days of cold shoulder between siblings. No talk, no eye contact, no acknowledgement of presence. Family gatherings are awkward now. But then, someone says that it only becomes awkward if you feel awkward.
This is why I stay in school well into the night. If only I can sleep there too. Can’t wait to go to school tomorrow.
I wonder how long until someone notices what’s happening.

Globe Telecom’s Old Logo

#ThrowbackThursday

I don’t really follow trends but this might be relevant.

20140405_001

What we have here is a cell repeater(?) unit of Globe Telecom located in SM Megamall’s basement, interestingly, using the old Globe logo. Just by looking at this, we can have a reasonable guessing range on how old this unit is, coupling the time when the mall was built and when cellular services, specially SMS, popularized in the Philippines. I don’t know if this is an antenna or just a marker, but most likely its internal components have been upgraded since there is an HSPA service available. This also sort of illustrates how slow these enterprise-grade systems in production use are being upgraded.

There is this well-known saying of “if it isn’t broken, then don’t fix it”. This is true, but for enterprise settings, “if it works, don’t tinker any more” is what seems to be more used. Either is appropriate, as downtime costs money. But I’ll go for “tweak until it breaks, then fix it, then tweak some more”, it’s much more entertaining that way.

Living in this house

is still tense.

It really just reaffirms those plans of going away and disappearing after. Maybe a change of name after the disappearing act may work.

I can’t believe I’m saying this, but, can going to school start sooner. Please. I want to get away from this house.

On wireless networks and insecure passwords

What happens when you put a bored power user in a coffee shop?

You get someone playing with aircrack-ng and trying to get into nearby networks vulnerable enough to be broken in. It’s bad enough someone leaves what’s supposed to be an internal network wide open and without encryption. Sometimes those open networks just rely on MAC address whitelists as their sole method of keeping unwanted users at bay. Granted, it does stop casual users, but the problem here is that their data is still broadcasted in plaintext, and that anyone with a packet sniffer in range can passively snoop on what’s being transmitted, specially if that connection wasn’t encrypted with say, TLS/SSL.

Another issue is that MAC addresses can be easily spoofed, meaning one can impersonate as one of the whitelisted MAC addresses and gain unrestricted access to the network, undermining everything else. In addition, if there was no isolation between clients, anyone in the network can access public shares and do not-so-friendly activities, like connecting to a nearby shared printer in the network and start printing nothing but saturated black pages (maybe naughty pictures of women, if that’s your fancy), or dd if=/dev/zero of=/victim/computer/share/file.zero and fill their hard drive.

Once connected, one’s next target may be the router/access point’s administration interface. As for the two networks I’ve gone into, it came to me as a surprise as both their passwords were “admin”, which enabled me to gain access to their units. It’s saddening to see that ordinary users don’t pay much attention on how important securing these areas are. This is equivalent to gaining root access to a box.

For example, having root to a gateway/router/access point running Linux can give you access to iptables, route, and so much more. With these, you can say, have it dump whatever connections are flowing in and out to somewhere else and see what was happening like chat sessions, connections, login credentials, and the like (try Firesheep for starters). Or, have it set up a man-in-the-middle and start intercepting SSL connections, decrypting data on-the-fly. For something that’s less evil, redirecting DNS to point all addresses to a site of your choosing (try Kittenwar?, Meatspin? WARNING: VERY NSFW! Have NoScript for Firefox to avoid untoward incidents of things like these playing by themselves).

So what happened?

Well, I was nearby two networks. One was encrypted with WEP, and the other completely open. aircrack-ng cracked the password with ease, and it had a really short password of five numeric characters. Yes, they didn’t even bother to make it alphanumeric. It was one of those mobile 3G modems with wifi, so I could even send SMS using their number for fun. The other was a Linksys WRT320N flashed with DD-WRT v24-sp2-std-vpn. It had no internet connection, so that was boring. If it had an internet connection, I would’ve played with its included dnsmasq and pointed all DNS requests to something “fun” (see previous paragraph).

Try again next time, on another network open enough and has an internet connection. I’d love to see what happens next.

from XKCD