October 1, 2008: Georgian Cuisine in NJ

51 Days to Baby Day! (32 Weeks and Five Days Pregnant)

Got up at five thirty this morning and did a little reading.  I finished reading “Dynamic Software Development” by Timothy Wells.

Dominica dropped me at the train station and I was off to Warren.  I actually made the early train today and remembered to use the off-peak round-trip tickets, too.

This is my first time working out at Warren in almost a month, I think.  It has definitely been a while.  Just one thing or another has been cropping up making the trip rather impractical.

Today was a nice, slow day.  For lunch, a friend and I went to a Georgian restaurant on Route 22.  We’ve been trying to go to this restaurant for weeks and just have not been able to schedule it.  We turned out to be the only people looking to eat there during the entire lunch hour!  It was completely empty when we arrived and not one person came while we ate out entire meal except for one woman, just as we were paying, who was just looking to see a menu.

The food was quite good.  The menu was tiny.  The only main meal that they had from the menu was the chicken kabob and the only appetizer was the eggplant wraps.  I told them that I was a vegetarian so they made me an awesome mushroom and potato stew.  It was very good.  I also got the eggplant wraps as an appetizer, they were really excellent.

We also tried a bottle of Georgian cherry soda – which was really good.  If I had had a car there I would have bought several bottles from them.  I love Georgian soda.  It has far less carbonation as American sodas do and is sweetened with cane sugar not high fructose corn syrup.  The combination means that it has far fewer calories as it does not need as much sugar and that the sugar that it has is better for you.  It’s kind of like a blend between soda and kool-aid.

The afternoon went by pretty quickly.  Nothing exciting at work but there was some additional house excitement.  It seems that after last week asking us to move the closing date forward for them the sellers are now asking that we move it back as far as possible.  It’s not a big issue since they don’t want to move back past October 25th, which is when our paperwork from the bank will expire.  They know that we have that limitation and that delaying past there means that they have no buyers for their house and this is a pretty bad market to be losing buyers in.  Most likely if they did do that we would renegotiate to buy the house in several months at a lower cost but that would be rough.  We can’t be doing anything extra like that with the baby right around the corner.

So the original closing target date was October 15th.  The originally asked, last week that is, to target the 7th to which we agreed to try to accomodate and now they are shooting for the 24th which is the last possible day that the attorneys could schedule (the 25th is actually on the weekend.)  The 7th was going to be awful for us since we are away that weekend and the extra time would cost us money and not give us any benefits since we wouldn’t even be around to spend the weekend in the house or to move anything.  Going past the 17th, though, means that we lose the one weekend that we do have to do casual moving.  The 17th is our perfect date so we are hoping that that is what gets scheduled.  It means two days less escrow, both Dominica and I will have another paycheck before the closing and we still get two weekends in which to move.

We are just waiting for some closing date to get scheduled so that we can hire our movers.  That is our biggest point of stress at the moment – other than the stress of paying for this house – just trying to find movers and get that scheduled and to know that there really is a window in which the moving can be done.

If we get the extra weekend, the 18th and 19th, then we are planning to take the Mazda PR5 (which we are picking up when we go back home for Joe’s wedding next weekend) back and forth two or three times with loads of small items to take to the new house if at all possible.  We are guessing that with just a couple of good loads in the hatchback that we can move just about all of the small stuff from the apartment to the house.  Only the furniture and boxes of books would be left for the movers.  The books are just too heavy and too likely to hurt my back to bother moving.  It will only take about two boxes for all of them since so few are here in Newark with me that it is totally worth having the movers just take them with the furniture.  If we manage to get the Verizon FIOS hooked up before the movers come then we might even move the computers early and have that out of the way.  At least everything but the workstation that I use to work for Citi.  But even that I might be able to reduce to a laptop.

The only really tough piece to coordinate will be the plants and the daily use computer equipment.  None of it is hard to move just hard to get moved when it all needs to go right at the last second.  The plants might be staying in Newark until a week after the movers take the furniture away.

My trip home this evening went great.  I caught the Summit shuttle and did a little listening to IT Conversations on my iPod and then managed to just make it on to the express train to Broad Street without any problems.  They really need to move the shuttle schedule up by like one minute so that we never miss that train.  There are several people on the shuttle running for that train every day.

On the train ride home I manage to finish reading “Getting It Right: Business Requirement Analysis Tools and Techniques” by Kathleen Hass, Don Wessels and Kevin Brennan.  I am on quite the roll reading-wise this week.  Three books in three days completed.

Dominica decided that she was in the mood for salad and a sandwich from Eli’s tonight.  So I ordered in and we had food in around an hour.  I messed up the order, though, and had to run down to the deli downstairs to complete the order.  Oops.  I really hate placing orders by phone, especially when I have nothing written down in front of me and no one listens to make sure that I ordered everything.  I am very had at that.

We watched a little bit of Magnum P.I. and The Fresh Prince of Bel Air and both went to bed very early.  I am trying to make sure that I am not falling behind on sleep this week to give my back as much opportunity as possible to repair itself.  Today was better than yesterday so we continue to move in the right direction.  I am home all day tomorrow with no need to walk around outside except to walk Oreo so I am hopeful for a good day of progress.

September 30, 2008: Found a New Health Club

52 Days to Baby Day! (32 Weeks and Four Days Pregnant)

…had contemporary news editors existed back in the days when books were invented, they would have published big scary articles expounding on the dangers of reading a book while riding a horse or chopping firewood.  – Raymond Chen on the New York Times report that people engaging in an activity that requires their attention have a reduced ability to do other things at the same time which also require their attention.

Geekzine picked up one of my older articles.  Pretty cool, thanks, Geekzine!

I slept in a little this morning after staying up rather late last night working until one in the morning.  My back is about the same today as it was yesterday so apparently the walk into the office is not a problem.

It took a while before I was able to get enough done at home so that I would be able to leave.  I had the same problem yesterday.  Yesterday it was all that I could do to get out of the apartment in time to be able to have a one thirty lunch with Katie.  Today was not that bad but it was after noon by the time that I was in to the office.

Shreyash and I went down to Financier for lunch today.  I am watching what I eat a bit more closely now but I have been excited to try Financier’s ratatouille and goat cheese tart so I got that today.  Very tasty.  Dominica would really like it.  It is her type of food.

The afternoon was pretty busy but not too bad.  The market did a lot of recovery today.  A lot of the panic seems to be subsiding.

I talked to a friend, Dan “Mr. Crayfish”, about health clubs with swimming pools near Wall Street as he uses a local health club regularly and it turns out that he is in the process of shopping for a new health club himself.  So we looked around and found a health club down on Whitehall that has a swimming pool and participates in our company’s employee (or pseudo employee, like me) health club discount program.

The club that we found gives us a one week free trial membership through the company so we are going to take advantage of that next week and will be heading down to Whitehall on Monday to give the place a test swim.  Handily the club is right across the street from Katie’s office, literally facing it across the street, and her company pays part of the cost of her membership so she is thinking about giving it a try as well.  Katie swam varsity for four years in high school.

It was around seven thirty when I left the office with Shreyash and Suraj to walk to the World Trade Center.  My back is continuing to improve slowly.  The pain seems to have moved to more muscular and less disc related.

Dominica cooked dinner at home tonight.  She has made tamale pie from a box several times and we decided that making it from scratch had to be cheaper and better.  The box contains almost no beans and the whole thing is mostly cornbread with bean sauce on the bottom.  So tonight from scratch she made it with real vegetarian corn break (no lard, eww!) and lots of beans and corn on the bottom.  It was very good.

We watched a little Fresh Prince and Magnum P.I. and called it an early night.  I am up early tomorrow for my trip to Warren – which I have missed for the last several weeks.

September 29, 2008: Record Market Crash

53 Days to Baby Day! (32 Weeks and Three Days Pregnant)

I didn’t wake up this morning until seven thirty.  My back feels a bit better today and I am going to make an attempt at walking into the office on Wall Street.  This will be quite the challenge.

The walk into the office actually went pretty well.  It was a bit warmer out today that I had anticipated.  It actuall climbed into the seventies here today.

I was listening to Stack Overflow Episode 22 (I listen to them somewhat out of order sometimes) in which Joel was talking about the new offices of Fog Creek Software.  I knew that they were moving to new offices but had no idea that they were moving into my neck of the woods down at 55 Broadway.  I was practically walking past the front of the office when he said it on the podcast!

Even stranger is that I was talking to Katie today and learned that she has an office at 55 Broadway that she is going to this afternoon.  So she and Joel Spolsky actually work in the same building.  What a weird day of coincidences.  I am hoping to be able to go to Fog Creek’s open house once they get completely moved into the new building.

Today was, obviously, an absolutely crazy day on the market.  The biggest Dow Industrial one day point drop in history.  Now that’s something.  It is neat working on Wall Street for things like this.  It was unfortunate that I wasn’t on the trading floor when it happened because that would have been even more interesting.

For lunch today, Katie and I went over to Adrienne’s Pizzabar on Stone.  They have the most amazing pizza there.

We couldn’t decide on dinner this evening so I just went to the deli at Eleven80 and got tuna salad sandwiches for Dominica and I and we ate while watching a little bit of The Fresh Prince of Bel Air. Dominica cooked for Oreo this evening but was really exhausted so she went to bed really early around eight thirty or so.

I stayed up for a while and got some work done including some of my class work for RIT.  I am a bit ahead of schedule for a change with my class this week.  That feels good.

I will be on Wall Street again tomorrow.  My walk in and out went pretty well today.  My back still hurts but it is getting better.  I am still taking two to three ibuprofens throughout the day.

September 28, 2008: Another Long Homework Day

54 Days to Baby Day! (32 Weeks and Two Days Pregnant)

Time is flying.  The house should close, in theory, in under two weeks.  That doesn’t seem even remotely possible with how little communications we have had about it thus far.  It almost doesn’t even seem real given how little we have been hearing.  But the target date from the sellers is in nine days and the target date from us is in sixteen days and it is likely to be somewhere in between the two dates which is very, very soon.

We all slept in very late this morning.  I need more time sleeping to give my back a chance to heal.  It does feel much, much better today so I am hopeful for a quick recovery.  I am still on ibuprofen just to be safe.  No reason to push it.

Today was one of the most humid days that I have ever seen.  When we woke up there was water on everything.  The windows were all steamed up, our glasses were steamed up, the glass on the shelving unit in our bedroom was steamed up – even the television was covered in fog!

More homework for me today.  No escaping homework on Sundays.  Just can’t happen – not with online discussion groups that only have discussions on Sundays.

This afternoon I finished reading “Professionalizing Business Analysis: Breaking the Cycle of Challenged Projects”.  I’ve had a couple of books all being read at the same time recently which has slowed me down a bit, so I am glad to have one of them out of the way.  I am in one of me indecisive reading moods recently.

Today was a rather uneventful day.  Dominica watched a lot of Jericho on Hulu and I spent the morning working on scripts for the school in Castile and the afternoon and evening working on homework.

We were lazy and ordered in dinner from Nino’s and watched some of Magnum P.I. on the AppleTV.  Dominica watched for a few hours after I went back out to the living room office to keep working on homework.

Manhattan looks amazing tonight.  The Empire State Building is obscured behind the clouds and mist but its spire is visible and the bright shine of the cloud just above it that is completely lit by its lights.  Enchanting.

HowTo WhiteList Proxy for School Using Squid on OpenSUSE Linux 11

Overview

I am the technology coordinator for a small, private K12 school in rural Upstate New York.  One of our challenges is filtering Internet access so that the students may have access to the Internet as much as possible while not requiring constant, direct supervision.

To meet these needs we decided that we were limited to WhiteListing – managing a list of all allowed websites and blocking everything by default as opposed to blacklisting where everything is allowed except for a specific list of banned sites.  Whitelisting means that we have to manually maintain a list of approved websites, but the parents are confident that the students are only able to access pre-approved web sites.

Our Infrastructure

Before getting into the implementation details, I would like to detail how our network is laid out to put this project into context.  We are a pure 32bit Novell OpenSUSE environment, both desktops and servers, with a single Netgear ProSafe Firewall connecting us to a donated Time-Warner RoadRunner cable connection (Thank You, Time Warner RR!!)

Each desktop is setup without routing so they are limited to communications within the subnet only.  We have no fears of needing to grow beyond our /25 subnet’s limit anytime soon.  We have no DHCP and use static IP assignments throughout the school including machines connected via wireless.  Those machines used for administrators (not teachers – but office use where students do not have access) are routable and will not use our filter (for extra security they are allowed external access at the firewall via an IP list.)  All other machines can only get access to the Internet through the use of the proxy server.  This also allows us to improve bandwidth utilization through aggressive caching since the set of allowed sites is so limited and well known.

For our proxy server hardware we are using an HP Proliant DL380 G2 with dual Pentium IIIs 1.4GHz processors, 1.25GB and six hot-swap 36GB 10,000RPM SCSI drives arranged as RAID 0+1.  This machines is far more than adequate for our needs and does an amazing job.  We could easily run on a DL360 G1 with just a single processor, half that memory and two drives in RAID 1 without any problem.  Our previous machine, which we used for years without any issues in performance, was a Proliant 3000, dual Pentium II 333MHz, 1GB and five 4.3GB 7,200RPM drives in RAID 5.

The older system ran SUSE 9.2 and ran wonderfully for a long time.  I am writing this HowTo guide as I move us to OpenSUSE 11 and do a fresh installation of our proxy server.

The Software

As we are running on OpenSUSE Linux 11, I want to work with Novell managed packages as much as possible.  For the proxy portion of our system we will use the Linux standard proxy server Squid.  OpenSUSE’s repository offers us both Squid3 and Squid2.  We will go ahead and use the latest Squid Proxy package for OpenSUSE 11, Squid3 3.0.5.  The downside to going with the newer Squid3 package is that OpenSUSE’s YaST tool cannot yet manage it so you are stuck working only from the configuration files.

For advanced filtering we have two primary choices: SquidGuard and DansGuardian.  SquidGuard has the advantage of being included in the OpenSUSE repositories making it easier to manage from a patch perspective.  DansGuardian is what I have used in the past.  It is available as an RPM from the OpenSUSE Build site but is not available through the YaST repositories.  DansGuardian is GPL’d but the author asks that you not exercise your GPL right (GPL in fact but not in spirit.)  So, I like to avoid DansGuardian simply because I can’t figure out if the author even wants me to use his software or not.

For our purposes here, using nothing but whitelisting, we do not need the features of either SquidGuard or DansGuardian and can avoid them completely.  If you are looking to do more than just whitefiltering they are your best bets.

Installing the Proxy Server: Squid

Installing Squid3 on OpenSUSE 11 is extremely simple.

zypper install squid3

Of course, if you prefer, you can always use OpenSUSE’s YaST utility, either graphically through the desktop or through an ncurses interface on the command line to install Squid and any necessary dependencies.  I find that working through Zypper (or Yum on a Red Hat, CentOS or Fedora system) to be the most effecient by far.

Configuring Squid

These are the changes that I made to /etc/squid/squid.conf:

acl localnet srv 192.168.4.0/25
http_access allow all whitelist
http_access deny all
http_port 8080

That’s it.  Very, very simple.  The first line is simply to allow my local network.  You will need to add in your own local network and not mine for this to work for you.  If you stick with the Squid3 defaults then all private networks are allowed locally by default so that is a completely viable option.

The next two lines, http_access, first tell the system to allow access to anyone “all” to sites included in the whitelist.  The next line says to deny access to anyone who did not get allowed from the previous rule.

The last line, http_port, is also completely optionaly.  The default port for Squid is 3128 but I prefer to run my proxy on the more common 8080 port.  This is just easier to remember when setting up desktops.

With the default install of Squid3, Squid is not configured to start automatically.  So we need to use chkconfig to configure Squid to start on system boot.  You can skip this step if, for some reason, you do not want your proxy system to start automatically when your server restarts.

chkconfig –level 3 squid

Before we actually start Squid, though, we will want to create our whitelist file which will be the main configuration file that we will be using after Squid is up and running.

Creating the Whitelist

Using your favourite text editor (that’s vi for me) create the file /etc/squid/whitelist.  This file is just a simple list of websites that will be allowed.  The one thing of which to be aware is the fact that your entries need to lead with a dot.  If you leave off the dot you will have problems.  Here is an example from my own whitelist:

.gov
.sheepguardingllama.com
.unicef.org
.eff.org
.conversationsnetwork.org

In this example, all United States government web sites will be allowed (those ending in .gov) as well as this blog, UNICEF, the Electronic Frontier Foundation and The Conversations Network.  Anytime that you alter this file you will need to ask Squid to reread its configuration.

Configuring the Desktop Clients

If you are like me, you will be using OpenSUSE on your desktops as well which I highly recommend.  OpenSUSE makes a wonderful desktop, especially with KDE4.  With OpenSUSE you have the option of setting your proxy settings using the handy YaST tool.  This is fine.  If you are like me, you will prefer to use the command line – mostly because it is easily scriptable but also because it will work for non-SUSE Linux boxes as well.

To set your proxy temporarily just for the current session to test your proxy server you can simply:

http_proxy="http://192.168.4.2:8080/"

Notice that you will need to use your own IP address here as well as your own port number if you decided to use one other than 8080.  My proxy server’s IP address is 192.168.4.2 so modify accordingly.

The most common means of setting this variable to survive through a reboot is to use /etc/profile so that it will apply to all users.  Simply add this line to /etc/profile:

export http_proxy=http://192.168.4.2:8080/

In OpenSUSE, there is a better place to set this information.  Let’s look at /etc/sysconfig/proxy.  This file is a central proxy settings file for all of the OpenSUSE which makes it very handy so that we don’t have to worry about users not picking up changes from other locations.  It is also nice as it will allow us to have some advanced settings if we so desire.

In my case, I am only using the proxy server to handle HTTP and HTTPS requests (we are blocking FTP and GOPHER entirely) so we only need to edit the two lines pertaining to those protocols as well as the “no proxy” setting to list which locations should not be proxied but accessed directly.  Here are my settings:

HTTP_PROXY="http://192.168.4.2:8080/"
HTTPS_PROXY="http://192.168.4.2:8080/"
NO_PROXY="localhost, 127.0.0.1"

With these changes you should now have a functioning, whitelisting proxy server to protect your network.  OpenSUSE’s default installation of FireFox is set to bypass its own proxy settings and to pick up the system changes automatically.  Tools like w3m and wget will use the system proxy settings as well.  If you are using a client that is either unable to or is not configured to get its settings from the system then you will need to configure its proxy settings manually on an application by application basis.