Experimental music, photography, and adventures

Archive for December, 2007

Great Christmas

Wednesday, December 26th, 2007

I had a great four-day weekend, since I took the 24th off and the office was closed on Christmas day. I did a fun road ride on Christmas Eve Day, once again doing the Shilo Road route of which I am so fond. That was a good length, about 25 miles. Sarah and I exchanged our gifts on Christmas Eve. Her gifts to me followed a bicycle touring theme, including a book and a backpacking sleeping pad and sleeping bag.

They are incredibly compact and lightweight, the sleeping bag weighing exactly 1 kilogram. I’ve been talking about doing a bicycle tour for a while now and I’m feeling more and more confident that I’ll be able to do one sometime in 2008. Last year, fitness would have been the biggest concern but hopefully I can stay in some semblance of shape over the winter and be in better shape next year. And now I have a lot of the gear I’ll need to do some sub 24-hour overnight trips and/or a longer tour. Thanks, hot stuff!

Christmas morning, we went over to mom’s house to exchange gifts with my family. We had a great time. Mom made lasagna for dinner as is becoming a tradition, and after dinner, I proposed a hike. The high was 47 degrees, and it was sunny — an incredibly beautiful day and surprisingly warm. After some discussion, everyone decided to come. We decided to hike the Wolf Cave trail (trail #5) at McCormick’s Creek State Park. It’s an easy two-mile trail.

Everyone really seemed to enjoy the hike, including my sister Becky, who hasn’t gone on the past few family hikes. I was really glad that everyone went and had a good time. In fact, it had been a long time since Sarah and I went hiking, and I think I had forgotten just how much I enjoy it. Here are some photos from the hike. Sarah took some of these.


Sarah and me

There's a hiding place in there!
Avery (my nephew) showing me a hiding place in Wolf Cave

Avery, mom, and me

Wolf cave
Rock bridge with icicles

Fording the river
Avery and mom crossing the creek

Becky and me
Becky (my sister) and me

Becky, looking aloof

Hiding in a tree
Avery, hiding in a tree

Hiking into the sun II
Hiking into the sun

Web security workshop

Thursday, December 20th, 2007

I’ve been busy the past two days attending the SANS 519 Web Application Security workshop. The lecturer was at Purdue University, but the class was broadcast digitally to several other locations, including one at Indiana University here in Bloomington. Here’s a breakdown of the topics.

Day One:

  • Introduction
  • Nikto and Apache mod_security
  • Understandint unicode exploits
  • Cryptography
  • Authentication
  • Access Control
  • Session Management
  • Logs and analysis

Day Two:

  • Input Validation
  • SQL Injection
  • Blind SQL Injection
  • Cross-site scripting
  • Phishing
  • HTTP Response Splitting
  • Secure credit card handling and PCI standards
  • Cross-site request forgery

I already had some familiarity with almost all of these topics, but this workshop went into a lot more depth in many areas. The demonstrations of exploits were particularly helpful, and scary. At one point, the lecturer uploaded netcat to a server and started executing commands — using SQL injection on a search form. And while I knew cookies and headers and so forth could be forged, I didn’t realize how easy it could be, or how many different ways this could compromise a server or application.

While some of the things we covered are easily dealt with (if you use PHP or .NET’s built-in session management, you automatically get hard-to-predict session ids, for instance), I’m glad they gave us that background information. I’ll be taking a test for a certificate in a few weeks.

I have to admit, I was a bit skeptical that a two-day security workshop would be worthwhile — most training I’ve attended hasn’t been that great — but this was really an eye-opening experience and will certainly help me to write more secure applications.

Snowy road ride; icy commute

Monday, December 17th, 2007

I was hoping to go mountain biking this weekend, but everything was too muddy. I was hoping the ground would be frozen Sunday morning and even though we got a bit of snow, the ground beneath it was muddy. So instead, I took to the road Sunday afternoon in mid-20s temperatures with winds gusting to 30-40 mph and a wind chill of around 15 degrees. I rode my old mountain bike since it now has wide, knobby tires on it once again and I really had no idea what condition some of the roads would be in.

As it turned out, the roads were mostly clear of snow and ice. However, there was still snow and ice in a few places, and even the clear parts had a lot of salt and sand. I was glad to have the knobby tires. The bike path, on the other hand, had a good coating of snow on it. I saw another cyclist on a road bike come out from the bike path just as I was turning onto it, although he had to walk his bike. I rode it without too much trouble.

Bike Path
Bike path

I rode around a couple of neighborhoods, trying to gauge road conditions. These roads all seemed mostly clear as well. However, I found myself in my old neighborhood, which is right by a forest. I rode onto that trail to see how conditions were and add an offroad element to my ride. The snow was thick enough to protect the ground, but it was certainly muddy underneath the layer of snow. The only time I hit mud was when braking or cornering. I had definitely made the right decision in avoiding the mountain bike trails, but this short ride in the woods was very beautiful and fun. Sometimes you don’t need an epic ride to get the feeling of being out in the woods.

The trail

Snowy tire
Snowy tire

Snowy forest
Snowy trees

Snowy forest II
Pine tree

Before long, I reached a point where a tree (or possibly two) had fallen across the trail, blocking my way. I thought about trying to move it, but I wasn’t really prepared to deal with something like this and instead just turned around. Maybe I’ll hike back there sometime and try to clear the trail.

Trail blocked by trees
Fallen tree blocking my path

So after a brief but fun and beautiful jaunt through the woods, I got back on the road and started doing my Water Works route. I need to find more routes of about this length that don’t have too many huge hills. I was worried about some other possible routes because of the big hills and unpredictable traction.

My old mountain bike is heavy and not terribly efficient on the road, especially with knobby tires. But you can’t be in a hurry in conditions like these anyway, and patches of snow and ice reassured me I had made the right choice. Once I reached some rolling hills out on Snoddy Road, there were a few places where the snow was drifting across the road. This seemed to mostly happen at the tops of hills where there were no trees or buildings blocking the wind, so every time I came to a drift, it was accompanied by a blast of 30-40mph crosswinds. That, combined with the sketchy transitions from clear road to snow/ice and back, made for tricky riding. But I handled these sections as intelligently as I could, taking my time and taking a straight line through the snow drifts, and my tires didn’t let me down.

Snow drifts in road
Snow drifting onto Snoddy Road

Snow blown on fence
Snow stuck to the side of a fence

Minimal snowscape
Minimal snowscape

Harrell Road had some more drifting snow and crosswinds, but it wasn’t quite as bad. After that, I rode down Handy Road toward the Water Works facility and this road had more snow and ice on it since it’s a less-traveled road. I decided to ride down to Moore’s Creek SRA to see how things looked down there. This meant riding down a big hill, which I did very slowly. It had a thick layer of sand on it and while it helped keep snow and ice to a minimum, the sand itself decreased my traction. I passed a service drive which I’d like to explore at some point.

Looking toward Lake Monroe
Looking toward Lake Monroe

I got to the bottom of the hill and aside from one guy walking across the parking lot, I didn’t see anyone. I went over by the shelter near which Sarah and I have gone to skip rocks many times, but I stayed in the parking lot as the grassy area looked really muddy.

GT Timberline at Lake Monroe
My bike at Moore’s Creek SRA

I took a break for a few minutes before riding back up the hill. It’s a steep climb for a while and then it gets a bit easier, but still climbs for quite a while. Normally I’d climb at least some of it out of the saddle, but I felt if I did that I’d lose traction in my rear wheel, so I stayed seated the whole time. It was a long climb but I made it.

Sandy, snowy switchback climb
Steep switchback climb

My ride back was pretty tough as I was getting tired and now I had to ride into the wind for a while. Fortunately at some point the road turned and I was no longer heading directly into the wind. Things got a lot easier from here on in. The sun came out again and it was truly a beautiful day. It was cold outside but I stayed comfortable. I saw some fantastic trees and stopped to take a photo.


My ride totaled about 27 miles or so, and took about two hours. That’s certainly slower than my usual pace, but in these conditions, you can’t go as fast and you have to work harder for every mile. I’m looking forward to doing more wintry riding.

Commute this morning

My commute this morning was quite icy because while we got snow Saturday night/Sunday morning, it warmed up enough for some of that snow to melt during the day on Sunday. Of course, it froze overnight so things were very slippery this morning. The worst part was the bike path, which hasn’t been cleared. Fortunately, the ice there was mostly covered in snow, and it was mostly a fairly porous, crunchy kind of ice, rather than glare ice. It was ridable, but I had to be extra careful. Unfortunately my brakes didn’t work too well because my tires couldn’t get much traction on the ice. They were still usable, but I did lock up my rear wheel a couple of times. I kept a straight line and stayed vertical. I may need to find an alternate route to work for winter that doesn’t use the bike path, since it doesn’t seem to get much (any?) maintenance.

Ear to the Breeze is proudly powered by WordPress
Entries (RSS) and Comments (RSS).