A friend asked me which herbs I have in my kitchen right now.
Chamomile (Matricaria recutita)
Cinnamon (Cinnamomum verum)
Echinacea (Echinacea purpurea)
Horsetail (Equisetum arvense)
Nettle (Urtica dioica)
Peppermint (Mentha piperita) (not pictured)
St. John's Wort (Hypericum perforatum)
Thyme (Thymus vulgaris)
I’ve also got an Echinacea tincture and locally wild-crafted Oregon Grape tincture in the making. They’ll probably both be decanted next week, just in time for cold and flu season.
OpenSSH has a history of security. Only rarely are holes found in the actual program. It’s much more likely that a system will be compromised through poor configuration of the SSH daemon. Ideally, an SSH config would allow only protocol 2 connections, allow only specified users to connect (and certainly not root), disable X11 forwarding, disable password authentication (forcing ssh keys instead), and allowing connections only from specified IPs. These config options would look like this:
Protocol 2
PermitRootLogin no
AllowUsers demo
X11Forwarding no
PasswordAuthentication no
Allowing connections from only specified IP addresses would be accomplished by adding something like the following to /etc/hosts.deny:
(You could also accomplish this with iptables, but I think editing the above file is simpler.)
But the last two options – disabling password auth and allowing only certain IP addresses – limits mobility. I constantly login to my slice from multiple IPs, and I also need to login during travel when I may or may not have my key on me.
The main thing these two options protect against is a brute force attack. By allowing password logins from any IP, we give the attacker the ability to exploit the weakest part of SSH. This is where DenyHosts comes in.
DenyHosts is a python script which attempts to recognize and block brute force attacks. It has many attractive features and is included in the default Ubuntu repositories.
1
$ sudo aptitude install denyhosts
The config file is located at /etc/denyhosts.conf. It is very simply and readable. I recommend reading through it, but most of the default options are acceptable. If any changes are made, the daemon must be restarted:
1
$ sudo /etc/init.d/denyhosts restart
Default Ports
Many people also advocating changing SSH’s default port to something other than 22 (more specifically, something over 1024, which won’t be scanned by default by nmap). The argument in support of this is that many automated attack scripts look for SSH only on port 22. By changing the port, you save yourself the headache of dealing with script kiddies. Opponents to changing the port would argue that the annoyance of having to specify the port number whenever using ssh or scp outweighs the minute security benefits. It’s a heated argument. I lean toward leaving SSH on the default port.
This morning before going to work I visited the neighboring woods, having taken it into mind that I would visit the sit spot I used during Kamana, but haven’t been to since last winter. Soon after breaking off the trail and climbing steeply uphill through the undergrowth toward the spot, I heard a bit of rustling of leaves and snapping of twigs. It surprised me, as I’d never seen another person near this spot – people rarely ever venture off the trails in this area at all. After stopping and listening for a short count, I continued on my way, thinking that I was probably making enough noise that the person would hear me, as I heard him, and thus wouldn’t surprise someone in awkward encounter.
A few steps later, as I came above the rock overhang that my spot sits on, I was greeted by a deer munching on the leaves of a young sapling. This surprised me more than the human I expected. Though the forest is home to deer and cougar, they usually stay in the deeper woods, not as close to the main trails as we were here.
I froze, partly out of surprise, and stood still, not staring at the deer, but keeping my peripheral vision trained on him. He looked in my direction, but continued munching and didn’t seem terribly concerned. I can’t imagine that he didn’t see or hear me, but the wind was favoring me by blowing downhill onto my face. Without my scent to alarm him, he must have decided that I was little more than an interesting stump.
When he turned his back to me, I slowly dropped my pack and went prone, thinking it would be fun to see how close I could get. Like most pine forests of the Pacific Northwest, the area was dense with undergrowth such as ferns and Oregon Grape. It all provides for great cover when you’re hugging the floor, but makes moving quietly in it a challenge.
I stalked the deer for 15 minutes, not getting much closer than I was when he first surprised me, but doing my best to maintain the distance as he moved. Within the first couple minutes he led me to 2 other deer slightly further up the hill which I had neglected to spot previously.
Stalking humans is much easier!
When compared with most people who tromp through the woods, I can walk with a measure of silence, but attempting to match pace with such an animal while not making noise gives one great respect for the deer’s ability. All the while I was crashing through the undergrowth, despite my best efforts at silence, while the deer would effortlessly bound ahead, snapping only the occasional twig.
Eventually they ditched me, but making my way back down hill to where I dropped my pack, there were plenty of tracks in the soft ground to gaze at.
Back on the trail, I encountered people dressed in their stylish reds, blues, and yellows, and was struck by how sad it was that they could never experience such an encounter while garbing themselves in such eye pollution.
In the damper months, I like to throw a small stove in my pack. A warm cup of tea encourages further exploration of the woods, which seem to come alive after a rain.
We do not go to the green woods and crystal waters to rough it, we go to smooth it. We get it rough enough at home; in towns and cities; in shops, offices, stores, banks anywhere that we may be placed -- with the necessity always present of being on time and up to our work; of providing for the dependent ones; of keeping up, catching up, or getting left.. "Alas for the life-long battle, whose bravest slogan is bread."
-Nessmuk, Woodcraft and Camping
A stye is a sort of pimple on the eyelid, caused by a bacterial infection at the root of the eyelash. The common treatment for the infection is applying a hot compress to the area, which encourages the stye to drain. I had a small stye on the inside of my lower left eyelid last week and decided to see if I could speed the healing process along with herbal experimentation. It ended up healing in 2 days.
The first day I applied a thyme compress to the area twice, for 15 minutes each. The compress I made by simply making a cup of thyme tea (steeped for 20 minutes for medicinal strength) and soaking a sterile gauze pad in it (with occasional re-soaking throughout the 15 minutes process as the compress lost its warmth). Thyme contains Thymol, an antiseptic which acts as a sort of antibiotic.
Of course, with any infection, the most obvious thing to reach for is Echinacea. I was out of tincture at the time, but I made a cup of tea with some dried Echinacea purpurea root before bed the first night.
The second day I repeated the twice daily 15 minute compress, but this time with Chamomile (Matricaria recutita). Chamomile has a reputation as general-purpose healer, and is also a relaxant.
The morning of the third day, there was no evidence of the stye.
Last May, DD-WRT released the (long in development) v24 of their firmware. I had been running one of the release candidates for it on my Linksys WRT54GL, but decided today to upgrade to the stable release. I downloaded the appropriate file (dd-wrt.v24_std_generic.bin), followed the instructions for flashing through the web GUI, and promptly bricked the router.
It wasn’t totally destroyed. I could still ping the router, but couldn’t access it in any other way. The power light would flash repeatedly, and no other lights came on. No amount of hard resets would fix it.
According to DD-WRT’s wiki article on bad flashes, the repetitive blinking of the power light means that the bootloader is defective, but that the problem might be solved using a TFTP recovery. The idea is that when the router first boots up, there’s a brief moment where it will accept an upload. By pushing through firmware, you are able to temporarily boot the router.
On older Linksys routers, this only works with the official Linksys firmware, so I downloaded the latest version from Linksys’ support page for the WRT54GL. Because the router will only accept the firmware at the very start of the boot process, I first unplugged the router, turning it off. To monitor the router during the process, I started a ping from my machine.
$ ping 192.168.1.1
Then, using the TFTP client that ships with OS X, I executed the upload
and immediately plugged the router back in. In 10 seconds, TFTP reported that the file had been sent.
At this point, the router stopped responding to my pings for about 30 seconds. When it began replying again, I was able to access the default Linksys web GUI. The first thing I did in the GUI was to hit the “reset to factory defaults” button, which clears the NVRAM of my bad DD-WRT image and installs the fresh Linksys image. After that, I installed a new DD-WRT “mini” image (the WRT54GL requires you flash with “mini” before upgrading to “standard” when moving from the default firmware), by uploading dd-wrt.v24_mini_generic.bin via the upgrade page. This worked without a hitch.
In the DD-WRT web interface, I tried to flash the router with the standard firmware, but was greeted by a vague error message that told me only that the upgrade had failed. I went back to the wiki to see what the differences were between mini and standard and decided that it would be find to leave the router with mini. All I needed was for the router to act as a wireless repeater with a virtual interfaces. The mini firmware supports this, so I was able to setup the router just as before.
I’ve returned early from Spain, arriving in the States last night.
I walked only about 110 miles on the Camino de Santiago, from St. Jean-Pied-de-Port to Logrono, before deciding that it was time to come back. During my short time on the walk, the Camino gave me what it could, and I gladly accept the gift, but I felt the remaining miles had nothing more to offer.
Following the Camino’s yellow arrows day after day, while comforting in their promise of direction and safety, is too structured an experience. This, the cultivated landscape, and the crowds of walkers contribute to a feeling of limitation.
I seek to find my own paths, and to forge my own way. Only by traveling into the unknown can we explore our selves. And so, despite the cultural differences, despite the linguistic barrier, and despite the unknown country, I think the Camino is flawed. There are no yellow arrows for the mind, save for those we paint our selves.
For me, it must be a journey wilder than this. One for which I do not have my way painted upon the landscape. A journey in which I am dependent on the self, alone in a solitary wilderness. To explore that is to touch the crevices of consciousness, running one’s finger upon the peculiar bumps of its surface.
From the 21st of June till the 1st of July, I walked, taking a day off in Pamplona and in Viana. In Logrono, I spent 3 nights before taking a train back to Madrid, where I’ve been for the past week.
