mattscott.org Here we go again!

24Dec/101

2010 Pumpkin Ale

Back in October I was looking for something to brew at an upcoming homebrew get together.  The two pumpkins in our kitchen were sitting their looking as if they needed a purpose so I decided to use them.

Most pumpkin ales that I've had just don't seem to be the right color to me.  I think a fall ale should be somewhere in the dark brown to black category.  This one definitely turned out dark.  I probably went a little bit overboard but it's my beer.  You can make yours lighter if you want to.

Here's the recipe:

Mash:
10 lbs 2 Row Barley
1 lb 60 L Crystal
.5 lb Black Malt
.5 lb Chocolate Malt
2 Bowling ball sized pie pumpkins (I never bothered to weigh them)

Boil:
4 Cinnamon sticks at 60
3 Nutmegs at 60
6 Allspice at 60
1 Oz Cascade Hops at 60
1 Tsp Gypsum at 60
1 Oz Cascade Hops at 20
1 Tsp Irish Moss at 10
1 Tsp Yeast Nutrient at 10
1 Oz Cascade Hops at flame out

White Labs California Ale Yeast

I batch sparge so I scaled the grains up by 1.15...a number I got from a book that seems to work.  =)

The beer spent about two weeks in primary and three in secondary before priming with 3/4 cup of corn sugar and bottling.  Two weeks later the carbonation was nice and I was serving it at a Christmas party.

Pumpkin Preparation:
I quartered the pumpkins, sprinkled them with cinnamon, allspice, and nutmeg and then baked them until they were soft and the skins were easy to peel off.  I then cubed them up and set them aside for the mash.

Things I did wrong:
My mash temperature was a little too cool.  I have a copper manifold in my mash ton and I need to remember that it takes more warm water to preheat it than I think it should.  I did a conversion test though and things were fine.

Also, I'd probably half the black and chocolate malt next time.  This beer turned out dark.  I mean really dark.  It fools you though because the it's not a heavy beer.  It's just really...really dark.

All in all I'm happy with the beer.  You get just a little bit of pumpkin flavor and I think the little bit of roastiness is nice.  I think it's best to let it warm just a bit before drinking.

Merry Christmas!

Filed under: Beer, Food, Homebrewing 1 Comment
20Nov/102

HP ePrint Address Alias Using Exchange 2010 Transport Rules

The other day my company put on a day of presentations for our customers to celebrate our 10th anniversary.  As one of the technology demos we showed off one of the new web-connected printers from HP.  One thing we didn't care for was the crazy HP ePrint email address.  If we wanted to make it easy for our customers to try printing from their mobile devices we couldn't very well make them type in <string of random chars>@hpeprint.com all the time.

So we decided that we'd just create a mailbox rule on our Exchange 2010 server that would forward the message to the ePrint email address generated by HP.  This didn't work at all.

Due to what are probably sensible anti-spam precautions the messages were rejected.  I suspect that when the message headers were analyzed the didn't pass muster bouncing through another mailbox like that.

I thought about it and decided this may be a place to try using Exchange Transport Rules.

We kept the Exchange mailbox, eprint@<domain>.com.  This may or may not not be strictly necessary but given the fact that our spam filtering service gets the list of accepted email addresses from Active Directory we did need it in our case.

In the Exchange Management Console I went to Hub Transport under Organization Configuration.  From there I went to the Transport Rules tab and I created a new rule.

In Step 1 I checked the "sent to people" box and entered the value eprint@<domain>.com address.  I wanted to make sure that rule was only applied to messages I intended to print.

In Step 2 I checked the "remove header" box and set it to remove the "To" header.  I also checked the "add a recipient to the To field addresses" and the "redirect the messages to addresses" box and entered the ePrint email address as the value in both of those fields.

It ended up looking like this:

Transport Rule

Transport Rule for ePrinting

I didn't enter any exceptions in the last window of the wizard.

At this point I sent a test message to the new address and the message printed perfectly.  It simplified things for the customers at our tech fair and they were able to very easily test what seems to be a very desirable printing feature for many of them.

Enjoy!

18Nov/091

Update

I finally got around to updating wordpress. Woohoo!

Filed under: Uncategorized 1 Comment
4Oct/090

AT&T Uverse vs. Aastra 55i

Several months ago we switched from AT&T DSL to AT&T Uverse at my home. It offered "cable" TV and quick Internet for a price that worked or us. Uverse also offers its own VoIP service but we declined that part of the service in favor of using a 3CX remote extension using a Sipura SPA3000 that I bought a few years back.In my experience so far, Uverse is not a Voip-friendly provider unless you use their service. For one, you are stuck with their gateway box. Yes, you can use the "DMZPlus" mode to add your own firewall into the mix but it's far from perfect. I did manage to get my SPA3000 to work. The Aastra 5xi series of phones doesn't have as many NAT traversal options however so it wasn't quite as easy.

First I went to the Global SIP screen and set things up in the usual way so that the phone had the information needed to register to the PBX, etc.

This would work great if the phone could route directly to the PBX and back again but with Network Address Translation occurring on my end throws a monkey wrench into the works when it comes to SIP and RTP.

So next I looked on the Network settings. This is where all of the NAT options live. With typical cable or DSL service, I'd just set a STUN server, maybe check the Rport box and go. In the case of the Uverse 2Wire Residential Gateway, however no combination of these options that I tried worked.

So in the end it seemed necessary to take a look at the available settings on the 2Wire device and see what my options were. There weren't many.

I ended up explicitly allowing the UDP ports that the phone uses. On the Uverse gateway. Here are the steps:

First I went to the Firewall tab and then Firewall Settings. I selected the phone from the Computer drop down and selected "Allow individual application(s)" like so.

Next, I clicked Add a new user-defined application and created a user-defined app as below.

The phone sends and receives RTP traffic on ports beginning with UDP 3000. I opened up ten ports allowing for five simultaneous calls. This seemed like more than enough for my purposes.

When I was done I clicked "Add Definition" and then the new user-defined app was ready to go. I Selected it on the following page, clicked Add, and then Done. After that the phone worked great.

What I did find odd is that I didn't need to define a stun server on this phone to get it to work in this situation. The 2Wire residential gateway must do some sort of manipulation of SIP packets because from what I could tell all of the fields looked correct with the appropriate public IPs in the right places.

It's unfortunate that the phone couldn't be made to work without making changes to the firewall. But something with the way that the 2Wire handles RTP seems to make it necessary.

Enjoy!

Matt

13Apr/091

Snom 370 SIP Phone Through NAT to 3CX

My article relating to this was accepted and posted in the official 3CX blog.  You can read it here.

Filed under: Uncategorized 1 Comment
8Feb/093

More Mead!

I made yet another batch of mead today.  This batch had the usual 15 lbs of honey in it but this time I also added cinnamon, allspice, nutmeg, cloves, and two vanilla beans.  It should prove delicious.  We'll find out for sure in about a year.

Filed under: Uncategorized 3 Comments
5Jan/094

American What?

I need to rant.

What is the deal with American Cheese anyway?  I don't understand how people can call it cheese at all?  What's sad is that it is the type of "cheese" that many people in the U.S. were brought up on so they continue to buy it not even knowing that something that doesn't taste like processed pond scum is readily available.

According to Wikipeda Kraft Singles contain:

"milk, whey, milkfat, milk protein concentrate, salt, calcium phosphate, sodium citrate, whey protein concentrate, sodium phosphate, sorbic acid as a preservative, apocarotenal (color), annatto (color), enzymes, vitamin D3, cheese culture."

What is milk protein concentrate anyway and why does color need to be added?  What color would these things be if they didn't change it?

Velveeta is even better.  According to another Wikipeda article about Velveeta "In 2002, the FDA warned Kraft that Velveeta was being sold with packaging that described it as a 'pasteurized processed cheese food,' which the FDA claimed was false ('cheese food' must contain at least 51% cheese). Velveeta is now sold as a 'cheese product,' using a term for items that contain less than 51% cheese."

Cheese product?  Less than 51% cheese?  I sure am glad that the FDA has such standards as to ensure that something called cheese is more than half made of cheese.  It's no wonder that all you have to do to make a product sound substandard is to paste the word American on the front of it.  Are we that stupid?  What is the matter with real food anyway?

I'm done...for now.

Filed under: Cheese, Food 4 Comments
9Aug/082

802.1x Certificate-based Computer Authentication in a Windows Domain

I have a customer that has felt it necessary to secure the network ports in their conference rooms. The goal was to make it impossible for untrusted computers to access the LAN and if possible dump them on to a VLAN that would allow them only Internet access. Rather than detail the whole project I'll just provide a couple of links that helped me out and explain a couple of difficulties I faced. I am still working on the guest vlan portion of the project and will update the config below when that portion of the project is complete.

Switch Configuration

We used a Dell PowerConnect 6248 switch in this case. During R&D for this project I also made 802.1x authentication work on a PowerConnect 6024 and a Cisco Catalyst 2950 series. I actually made things work with the Catalyst first by following this article http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_9_ea1/configuration/guide/Sw8021x.html. The important bits of the config for the PowerConnect 6248 are as follows:


*snip*
! This enables dot1x globally
dot1x system-auth-control
! This sets up the radius server. 192.168.1.5 is a Windows Server 2003 server running IAS
aaa authentication dot1x default radius
radius-server key "abcdefg"
radius-server host 192.168.1.5
exit
!
! This port requires authorization. This is the default.
interface ethernet 1/g1
exit
!
!This port is forced into an authorized state.
interface ethernet 1/g2
dot1x port-control force-authorized
exit

Windows Client and Server Configuration

To configure the clients and server I used this article: http://alextch.members.winisp.net/802.1x/Defending%20your%20internal%20network%20with%20802.1x%20and%20Microsoft%20PKI.htm.

This article pretty much got me where I needed to be but here's a couple of things to note.

  1. You have to make the registry change found on Page 13. There doesn't seem to be any way around it. If you find one, let me know. The plan is to make the change in a logon script.
  2. How your computer names are stored in the certificate issued to the clients is important. The default settings had been changed on the system in this case and this caused some problems. I successfully used a Subject Name Format of None and checked DNS name. I also used a subject name format of Fully Distinguished Name with nothing checked underneath. I do not fully understand these options so YMMV.

Keeping that in mind you shouldn't have any problems implementing this using the two articles that I linked to. I may eventually get really motivated and take screen shots.

UPDATE!

I spent manyl hours over the last couple of weeks trying to get this to work well in production.  We were seeing very odd behavior.  At times ports that had been moved to the guest vlan would mysteriously be moved vlan 1 once the host was disconnected and would stay their for long periods of time.  Vlan 1 does not normally contain any ports with this configuration.  At once point we had two ports stay in vlan for more than eighteen hours.  It was weird to say the least.

We tried my Catalyst 2950 in the customer's production environment and it worked perfectly and exactly as I would expect it to.  We finally gave up on the PowerConnect and my customer decided to just buy some used 24 port Catalyst 2950s.

What we ended up doing was creating a trunk port on the PowerConnect 6248 that supplied both the guest and trusted vlans to a trunk port on the catalyst.  Since my Catalyst is not layer 3 capable the PowerConnect still handled routing, DHCP relay, and ACLs.  The Catalyst was just responsible for 802.1x.

When I get my switch back I'll post the important bits of the config.

10Jul/082

This Year’s Mead

I now have approsimately ten gallons of mead fermenting.  My brother's fiance tasted some of last years mead a couple weeks ago and decided that she wanted it to be served at her wedding.  So I got to work.  I made two batches.  One is exactly the same as last years.  Bascialy there's honey, water, and sweet mead yeast in the bucket.  I decided to mix it up a bit though and used a dryer wine yeast for the second batch.  It'll be interesting to taste the differences.  I expected them to be delightful.

Filed under: Beer 2 Comments
28Jun/080

Some cool natural parenting giveaways!!

Here is a contest from Along for the Ride to win a bunch of great slings!

<a href="http://www.alongfortheride.biz/contest-s/49.htm">Win the Essential Babywearing Stash from Along for the Ride (one Beco Butterfly, one Hotsling baby pouch, one BabyHawk Mei Tai, one Zolowear Ring Sling, and one Gypsy Mama Wrap)</a>

And here is a contest from Nature's Child to win a starter set of cloth diapers!!

http://blog.thenatureschild.com/2008/06/beat-heat-summer-con-
test.html

(Matt wants you to know that this post was written by his dearest love)

Filed under: Uncategorized No Comments