Archive for February, 2013



I believe that some day, the boy will respond to his personal crises with a calm, calculating demeanor.

Today is not that day.

First up, this morning he started looking for his DS. His search started where he was sure he’d left it the night before. It continued in that general spot. It ended in that spot.

In between, he would walk away. Each time his level of agitation increasing. It “started in low, then it started to grow.” He muttered half-intelligible things like “It has to be here…” in a whiny, weepy tone. Sometimes the “here” would be more like “heeeeeerrrrrrrrrrrrrrrrrrrrrrrrrrrrr-uh.” He dug more frantically through the area each time he went back to it, certain he had somehow just missed seeing the large black carrying case his DS resides in.

He refused to listen to anything the Wife suggested, like other spots it might be. He refused to listen to anything logical, like if it wasn’t where he was looking it was probably someplace else. “NO! IT HAS TO BE HERE! THIS IS WHERE I LEFT IT!” was the retort. He was also fatalistic, declaring it gone forever and that he needed a new one. I almost snorted my milk through my nose at that point.

He never did find it. He went to school this morning miserable, certain it would never be found. His final request to me before heading for the school doors was that I would look for it. He walked off, shoulders slumped.

I found it 5 minutes after I got home.

It was in his sister’s hockey bag. Long story short, we were drying out hockey gear and they left everything out in front of the fireplace to get it dry. When we asked them to clean up, clearly the lass also knocked the DS into her bag along the way.

The boy’s next chance to practice his crisis management skills came up just before dinner. Sometime last week, he’d ordered a book about making balloon animals through Amazon.

No seriously, he did.

That book arrived today along with a bunch of balloons and a pump for inflating them. He was very excited and opened it up immediately to see what kind of cool things he could make.

His first attempt resulted in a balloon popping in his hands.

His second attempt he tried to make a sword following the book’s instructions, but it didn’t work out. So he turned it into a dog and gave it to his sister.

His third attempt, the balloon popped while inflating it. The color started to rise in his cheeks.

His fourth attempt, the balloon popped while inflating it. He threw it’s shattered remains on the floor and screamed “WHAT KIND OF STUPID BALLOONS DOES AMAZON USE!?!” The weepy whiny tone set in shortly thereafter. “What’s the point of the balloons if they’re all going to pop?”

He made a fifth attempt. It popped as well. I’m pretty sure the noise that emanated from his voice confused any birds in the general area. Possibly some small woodland mammals as well. He grabbed the remaining pack of balloons and attempted to rip them in half. Ironically, they stretched on him and he failed.

The attempt seemed cathartic though, as he calmed down after that.

I’m certain he won’t always be this emotional about every little, or big, thing that doesn’t go his way. I was once in his shoes and the troubles of childhood can seem enormous from that myopic perspective. Somewhere along the way, perspective starts to settle in and we become a little more practiced in dealing with misfortune. Whatever form it may take. The boy isn’t there.

At least, not today.

A Bobcat Badge Ceremony


Following is the Bobcat Ceremony I put our new Cub Scouts through last night at our Blue and Gold Banquet. It is a slightly modified version of this presentaion I found online. I think it went pretty well, including the face painting. A couple of kids abstained from the face-painting, which was fine. But in general the boys were pretty happy with themselves and the parents seemed to enjoy it as well.

For every journey, there is a beginning and an end. We’ll start the awards portion of our evening by celebrating a beginning.

In Cub Scouting, every boy begins their Scouting journey by earning the Bobcat Badge. It is the one badge that every Scout must earn, from the youngest Tiger to the most seasoned WEBELOS. Without it, they cannot receive any of the rank badges- Tiger, Wolf, Bear or WEBELOS. It is the foundation upon which a boy builds towards earning the Arrow of Light, the highest award a Cub Scout can earn.

Tonight, we have 8 boys who have satisfied all the requirements for their Bobcat Badges. Those requirements are to memorize a handshake, a sign, a motto, a salute, a secret, a promise and a law. These boys have all demonstrated to their leaders their knowledge of these requirements.

Would the following boys please come up with you parents:

(call each name of Scout who has earned their Bobcat Badge.)

Boy’s you’ve accomplished the first step in Cub Scouting. In all things there is always a first….the first stone laid in a new building, the first step across a bridge. The first is sometimes the hardest, but that’s because it lays the foundation or the strength for what follows. The Bobcat badge is your foundation. The trail of Scouting lies ahead of you, but don’t be afraid – you won’t have to do it alone. You’ll have lots of help from your Akela…Akela can be your parents, your den leader, even I your cubmaster will help you along the trail, helping you become successful.

As a symbol of your achievement and of becoming a member of this pack, I ask our Den Leaders to give you the colors of Cub Scouting…blue on the right cheek and yellow on the left.

(Asst. cm or den leader puts blue and yellow mark on each boys cheek)

Your parents stand here with you to demonstrate their pride in your accomplishment and that they are there to help you, just like they helped you earn the Bobcat badge. In recognition of the role that family plays in Cub Scouting, I will present your Bobcat Badge to your parents, who in turn will present it to you. When they afix the badge to your Scout Uniform, it will initially be upside down. It is a tradition of this Pack that the Bobcat be pinned upside down until such time that you perform a good deed, unasked. In recognition of this simple act, your parents may then permanently afix the badge to your uniform, right side up.

(Award badges to Parents, who in turn present the badge to the boys Since all of our Scouts were already lined up< I went to each one individually, alternatively you could call each boy forward but that would likely take longer.)

Parents and Scouts of Pack 26, please join me in congratulating these boys on completing their first achievement in Scouting.

One interesting thing about being up there in front of all those parents and family is how quickly things happen. I had mental notes- minor alterations to the script or additions I thought of prior to the presentation- and I missed most of them because the moment came and went so quickly. Just keep that in mind when you go live.

Blue and Gold Tonight


Our Cub Scout Pack is having its Blue and Gold Banquet tonight. It’s the first one I’ve been in charge of and, after a slow start, I have hopes that we’ll pull it off successfully. I have Bobcat Badges to award in addition to belt loops to hand out. Also, I’ll be crossing over our WEBELOS II boys.

I’ve worked up a couple of ceremonies that I hope to hit the right notes with tonight. I’ve read through a lot of the ceremonies out there on the web and couldn’t find anything I liked for myself to perform. So I did my best to come up with something that I felt comfortable doing but also acknowledged the achievements of the kids. It’s fair to say I borrowed from several sources, at least in terms of theme if not the actual words.

I’ll probably put it up tonight after the banquet with a little commentary about how it actually played. There’s the version in my head and the version in reality. We’ll see where the two intersect.

The Price We Pay?


A friend stopped over for a bit tonight and she was describing some of her trials and tribulations with her youngest son where video games are concerned. After listening to her describe his behavior, she seemed a little shocked to find out that the boy behaved very similarly at the same age while under the influence of video games. Perhaps because she’s only ever known him since he was 7, her vie of him was different. He no longer has the same tearful fits when it’s time to turn the games off nor the melt downs when he has to let his sister play. He has matured, as they say.

After she had left, the boy was working on his homework. We got yet another performance from the rushing, cranky, can’t-take-criticism-on-his-work boy. Because he has his Blue and Gold Banquet tomorrow night, we had planned on letting him stay up a bit longer to get a bit more done. But after a few minutes of abuse when we went over some of his work, we changed course and told him to go to bed.

With him in bed, the Wife and I discussed the possibility of letting him turn his work in without any corrections on our part, but giving his teacher a heads-up that a stinker was incoming. We thought perhaps getting a note from his teacher that he could do better work would finally spur him to take his time a little more and take our criticism constructively, rather than snapping at us and turning to all the drama he currently does.

Then I think of the boy who used to play video games and how it seemed like he would never change. It occurred that perhaps this is simply the way of it with him. For that matter, perhaps this is the way of it with many kids.

They kick, they scream and they call you names because their coping abilities are so meager at a young age. After a little time has passed and they develop some callouses their attitude changes a bit and they mellow out. Finally, one day perhaps, they even become civil about the whole thing.

So perhaps the behavior is just the price parents pay for trying to teach kids good habits. It’s not an indication that anything is wrong, per say. Simply that everything it as it should be, and it too shall pass.

Puppet Show = Funny


The lass hand crafted a couple of paper bag puppets earlier this week. She made a cat and a person puppet. The cat was complete with a tail and collar while the person had arms. Lots of detail in both which she accomplished on her own.

Earlier this evening, she regaled us with a one-of-a-kind performance that, quite simply defies words or description. Really. I don’t even no where to begin, other than I laughed, the boy laughed and the Wife laughed.

We cried a little too…

Compare and Contrast


Mike Florio, yesterday about the 40 yard dash:

With all due respect to Bill Polian, running 40 yards in a straight line in underwear doesn’t really tell anyone much about what a football player can do under ordinary football circumstances.

Mike Florio today:

Former Michigan quarterback Denard Robinson took a good first step in proving he can do something else.

Robinson just ran an unofficial 4.34-second 40 on his first attempt at the NFL Scouting Combine.

So which is it? A useful or unuseful metric?



Saw this item via Geekdad. Count me amongst those who think it a stroke of genius. I hope I come up with an adlib that clever when the moment presents itself.

Outlet’s with USB


It’s an outlet. NO! It’s a USB charger! NO! It’s both in one!

So the Wife found these while surfing about a week ago. I thought they were a great idea right off the bat- combining a USB plug with a wall outlet. With a few of these sprinkled throughout a home, charging all the electronic gizmo’s out there becomes a lot less hassle- all you need is the cable, no more wall warts.

But, as in many things, it isn’t all strawberries and cream. First, they are expensive. A normal outlet runs a couple of bucks whereas these things are nearly $15 and even more expensive varieties exist. Second, the outlet is large. Much larger than a typical outlet and therefore difficult to install. If the electrical box has a lot of wires in it or is too small (the documentation says it needs to be a 16 cubic inch box), it simply won’t go in the wall. The one I installed barely fit and I had to finagle wires quite a bit. Even then, I couldn’t get it to fit flush against the wall.

The third problem is one that was unexpected. First, USB is a standard interface with a complete electrical specification including the power lines that run through it. Theoretically, that means that any device that can be charged or powered through a USB cable should be able to plug into any USB hub or plug.

The reality is bit different, unfortunately. While our mobile phones and iPod shuffles seem to be just fine, the Nook devices don’t seem to take kindly to the wall outlet USB ports. On our Nook tablet, the LED on the cable seems to indicate that charging is occurring but the device itself doesn’t detect charging. On my Nook HD, the situation is even worse as there is no LED in it’s cable and it doesn’t appear to charge at all.

Still, with more electronic gizmo’s to come, I think it’s worthwhile to invest in a couple of these outlets. Call it an idea whose moment has arrived. Enough electronics seem to be compatible that these outlets make for an easy way to have a couple of ready, and easily available, charging stations.

Lucky Her Head is Attached


The lass had recently come into a little money. Mostly, it had to do with Valentine’s Day and a little birthday money. She had placed the cash in an envelope.

And then, she didn’t know where the envelope went.

So we set her to looking because, while she wasn’t going to be financially secure for the rest of the life off of it, it was not insignificant enough to just shluff it off as gone for good.

So, after 30 seconds of looking, she plopped down in a huff and declared the envelope lost.

At which point the Wife got up and said “It has to be over hear somewhere because you haven’t taken it anywhere else.” She walked over to the breakfast bar a, literally, said “Found it!” after a second or so of looking.

Which prompted the lass to exclaim “How did you find it so fast when I was just over there LOOKING!?!” Then, she stamped her foot for more emphasis. Or something.

The foot stomp prompted me to get in on the act: “Because unlike you, your Mother went over there and actually looked for a red envelope. She didn’t go over there, stare at the ground, shuffle her feet for a few seconds, flap her arms a few times and pretend to look for it and then declare ‘It’s not here, I’ve looked.’ She wasn’t relying on the envelope to jump up and say ‘HELLOOOO! I’M RIGHT HERE! UNDER THE PILE OF PAPER WHERE YOU LEFT ME!’ She wasn’t relying on it to jump up and do a jig either.”

The lass got a kick out of the idea of an envelope talking or dancing to get attention. She didn’t get her envelope back right then though. The Wife took it into her care until such time as the money is either spent or stashed in a bank.

For the time being, this seems to be one of the lass’ gifts. It could be her favorite comb, some article of clothing, her lunch box, or a toy. But she manages to lose it in such a way that she can’t find them. And she can’t find them because, even though she searches, she doesn’t look.

Blizzard Link Added


Just a quick note that I finally got around to adding a link to the page I created for the Blizzard of 2013. The page itself is just a live-blog of the storm with pictures of parts of the yard as they were covered with snow. The link is that little snow-storm icon over in the sidebar, right next to the Kid’s Dictionary icon.

Kudo’s To Me


I’ve been working with the boy on his multiplication “facts.” That’s what they refer to them as now, as opposed to multiplication tables. It was the same thing with addition and subtraction. I guess I can’t argue with the new nomenclature as it’s correct, they are facts. Still, it rankles for some reason.

Anyway, tonight was the first night he was able to work through all of his 7’s, 8’s and 9’s. He was, understandably, pretty proud of himself.

In fact, he was so flushed with confidence that he wanted to learn how to multiply double digit numbers. I hemmed and hawed a bit, mostly out of some respect for the school. Then I came to my senses and realized “HEY! He wants to learn something and wants ME to teach him!”

What the heck was I waiting for.

So I introduced him to double digit multiplication, showing him the mechanics of how to multiply the digits together and then add the 2 results. I kept things simple, avoiding any multiplication that involved carrying. I even showed him why the math “worked”, introducing him to breaking up a number and using the distributive property. Aside from making the mistake of wanting to add for some reason, he picked up on it and was working through problems after just a couple of examples.

After we’d finished up for the night, he told me “It makes so much more sense when you explain it. When the teacher shows us this stuff, she makes it seem so complicated and stuff. But you do it and its, like, so easy.” I was quite proud of my apparent teaching chops.

Naturally, he got the next problem wrong…

Dealing with Unicode in Python


I haven’t touched the code for the blog client I’d written in quite awhile. This is largely because it works well for my purposes and I haven’t had the need to add further support for other features.

There has been one major shortcoming for it, however, that I hadn’t taken the time to investigate and correct. Often times, when quoting text from an article on the web, I would get a unicode decode error related to the blob of text I’d copied from the browser.

Now, I understood in general terms what the problem was: stray characters within the copied text were not ASCII characters and markdown chokes on those characters. I had an inelegant workaround that kept me from properly dealing with the problem: I’d scan the text for offending characters, typically punctuation, and replace them with reasonable ASCII equivalents. It was a pain, but it worked.

Like all workarounds, this method had limitations. Specifically, certain special letter characters like letters with umlauts, tildes, accent graves or accent aigus over them cannot be duplicated. The fact that I didn’t run into that problem a lot kept me from dealing with it quicker. Also, scanning a block of text for unicode violators is tedious.

What I failed to understand at the time was that the characters on a web page were encoded in some kind of format, like UTF-8 for example. For most of the alpha characters (those without umlauts and the like) UTF-8 and unicode are identical. The problem comes in when characters don’t line up so neatly. What I finally came to understand was that the encoded web page text needed to be decoded into unicode prior to processing. The concept seems so blisteringly obvious, now, that I’m actually perplexed as to how I never grasped it originally.

So I finally fixed the problem. Or, perhaps better put, I came up with a solution with a better set of trade-offs. Because in order to actually “fix” the problem, it would be necessary to always know how text had been encoded. Unfortunately, from the program’s perspective, it can’t be done.

But it can make some educated guesses.

Here’s the basic code that fixes the problem:

for encoding in ['ascii', 'utf-8', 'utf-16', 'iso-8859-1']:
        xhtml = markdown.convert(text.decode(encoding))
    except (UnicodeDecodeError, UnicodeError):
        print "Unexpected Error: %s\n" % sys.exc_info()[0]
        return helperfunc(xhtml)

In this case, markdown is an object for marking up markdown formatted text. Prior to passing the text to the markdown object, I decode it using encoding that represent the most likely encodings I’ll run into. If an encoding fails, that a UnicodeDecodeError will get raised, which is caught by the first except clause. That clause merely passes control back to the for loop where the next encoding is selected and tried. Rinse, repeat. When no exception is created, control passes to the else clause where normal program flow continues on the returned xhtml from markdown.

This section of code eliminates, in my case, almost all occurrences my afore explained unicode problems. But that’s because the vast majority of webpages I use are encoded using UTF-8. I’ve since added a command line option to specify the encoding to use for decoding purposes. This should provide a means to cover all other situations that arise. In this instance, when the user specifies the encoding on the command line, the user specification supersedes all other encodings and is used. The presumption is the user knows what they are doing.

The code to support that looks like this:

if charset:
    encodings = [charset]
    encodings = ['ascii', 'utf-8', 'utf-16', 'iso-8859-1']

for encoding in encodings:

The rest of the code looks identical to the above snippet.

It was a good exercise for me to muddle through, as I now fully comprehend the unicode problems that can arise and how to deal with them. The basic rules are:

  1. Decode text going into the program.
  2. Encode text coming out of the program.
  3. Use unicode for the string literals within the program.

These should help keep me out of unicode trouble in the future.

Ironman Extremis- Not for Kids


So I’m browsing through the Netflix browser a week or so ago and figure I’ll look for some new cartoons for the kids. They’ve watched all of the Spiderman variations several times over by now, as well as X-Men: Evolution and a few others, including an more recent Ironman cartoon.

So, for something different, I did an Ironman search. A few choices popped up and the one that caught my eye was one called Ironman: Extremis. I read the description, it was definitely animated and seemed like it might be interesting. There was only 6 episodes though, so assuming they were interested in it, it was going to be over with quickly. So I put it in the instant queue and left it at that.

The next morning, the boy found it and started it up. Curious, I started watching it with him for a bit. The first thing I noticed was that the animation was weird. Not objectionable in and of itself, but the characters were much more life-like than typical cartoon animation. Plus, it looked like the characters were layered on top of the background.

Then, a character was injected with some kind of serum into the back of his neck followed by him vomiting blood and seemingly dieing, rather graphically. The second thoughts about my cartoon choice settled in almost immediately.

Things seemed to settle down, though, as the scene shifted to a science lab of some sort with a scientist sitting at a desk. Bear in mind, there had still been no sign of Ironman or Tony Stark to this point. Any chance of continuing to watch ended with what happened next. The scientist put his papers down, pulled out a gun, and place it to his head.

As soon as he pulled the gun out, I knew what was going to happen and right then, I told the boy to turn it off. He hesitated for a second, not understanding why I’d asked him to do it. Not unreasonable since every other superhero cartoon has a gun in it at some point, that in and of itself wasn’t a reason to get excited, as far as he was concerned. He didn’t really know what was coming next.

But I did. And I really didn’t want him watching it.

Subsequent research revealed that Ironman: Extremis is an animated comic and, as I’d realized by that point, most definitely not for kids.

I ended up watching all 6 episodes one night. It’s a good story- essentially it tells of the rebirth and remaking of Ironman- it’s a parallel story to the original Ironman origin story. The “extremis” is a serum that can rewire the human body. The guy getting infected with it in the beginning becomes superhuman as a result and mortally wounds Stark as Ironman. In order to survive, Stark modifies the extremis serum and takes it himself. He recovers, with all the benefits of it, plus some enhancements. He goes on to defeat the bad guy in a climactic battle.

As far as letting an under-10 kid watch it, though, well- not on my watch. When the bad guy is originally revealed, he goes on a violent rampage killing people in an office building in graphic, brutal fashion. The initial confrontation with Ironman is equally graphic, with Ironman getting mauled: he suffers a shattered knee, a crushed hand through his armor and a crushed chest plate while he’s still in the suit. Even the scene where Stark is injected with the extremis serum is objectionable, with Stark vomiting blood repeatedly due to his internal injuries. Finally, the climactic battle is way overboard- with the baddy getting his head blown off. Literally and graphically.

It’s seems ironic that we could let the kids watch The Avengers several times now yet I won’t let them see this anytime soon. There was plenty of violence in Avengers but it was all cartoon violence, despite it’s not being animated. Contrasted that with Ironman: Extremis, a cartoon with graphic violence to such an extent that we deemed it unsuitable for the kids.

So if you like Ironman and comics and cartoons, I’d definitely recommend the story to you. But there’s no way I could recommend it for a young child.

The Same But Different


We spent the day on a mountain side.

Well, sort of. The boy’s Scout Pack had their ski trip today. It was supposed to have been last week but, you know, weather. I’d actually decided to postpone it to this week a day or so prior to the storm. Ironically, more snow was forecast for today. But only a dusting- maybe a couple of inches was supposed to fall. Amazing what 2 feet will do to establish perspective on snow fall.

In the end, a little snow fell this morning. Just enough to frost the trees and make the ride a pretty one, but it didn’t affect travel in the slightest.

So the kids spent the day in a group lesson and the Wife and I spent the day with other Pack parents who were non-skiers but wanted to take advantage of the Pack’s offer to let their kids learn to ski. It ended up being a pleasant day as we all had lunch together and kibitzed about all things parenting.

I have to say, even after having been a parent for almost 9 years now, I still love listening to other parents talk about their kids. When the kids were young, listening to other parents made me realize that very few, if any, of the trials we went through with ours were unique. Similarly, neither were our responses.

Listening to the parents today talking about their kids, I realized there is a bit of fine tuning to that thought. When considering the type of person a child is, it’s apparent that they can be broadly brushed into types that are amazingly similar from child to child. The kids who are afraid to fail; the kids who are happy go lucky; the kids who are bright; the kids who are athletic; the kids who get along with everyone.

Even though these 1000-foot views of our kids can make them all seem pretty similar, the differences start emerging pretty quickly once we start zooming in. Two athletic kids who have picked up totally different sports; two smart kids where one is stronger in math than the other; one kid afraid to fail at any sports related activity while another is afraid to fail in competition. These differences are important because the way one parent tries to address things must necessarily be different from the way another parents addresses a seemingly similar trait. Plus, how does the child take criticism? Another detail to consider.

There’s much to be learned from other parents. We all struggle with similar issues where kids are concerned. Sometimes, we get lucky by picking up on some insight in how to deal with certain types of behavior. Sometimes, we find out that our current approaches aren’t all that different.

We’re all on the same journey, but the paths are completely different.

Meteor Shower Footage


Here’s some pretty remarkable footage of the meteor shower that occurred over Russia yesterday:

(hattip: Watts Up With That)

Resorting to Drama


The boy still gets frustrated with his homework. Actually, no- that’s not quite right. The boy gets frustrated with the Wife and about his homework when he asks us to look over his work.

We point out errors in his math his brow starts to furrow. We point out mistakes in his reading comprehension and his shoulders slump. We point out grammar problems in his writing and there’s an audible thump as he drops his head onto the table.

Then he says something like “I must be the dumbest kid in the entire world.”

Welcome to drama, the boy style.

The lass is getting dressed for her hockey practice. She grumbles as she puts on her shin guards. She complains when she pulls her hockey socks over her legs. She whines as she pulls on her shoulder pads. Finally, at the rink, she puts on her helmet and roars “STUPID HELMET! IT DOESN’T FEEL RIGHT!” She’s near tears now.

Welcome to drama, the lass style.

Both kids seem to have hit a patch here where the Wife and I are constantly dealing with these sorts of exaggerated crises or bouts of self-pity. There isn’t any real predictor for when it will happen, though fatigue or low blood-sugar are definitely correlated. The fits can come over just about anything: clothes, food, sports, school, homework, chores.

For all its unpredictability, there are several body language signs that one of these fits of drama are imminent. For one, they’ll become sullen and verbally unresponsive. For two, they’ll often become very reluctant to move and any exhortations to get them are met with increasingly hostile looks.

Anymore, the Wife or I simply walk away from this stuff or completely ignore it. We’ve come to the conclusion that it’s mainly for show and attempts to short-circuit it generally end up intensifying the behavior. We were initially concerned about the boy’s lines like above where he states “I’m the worst ever!” about one thing or another. But we’ve come around to the thinking that it’s at best an attempt to vent frustration, at worst an attempt at gaining sympathy. So we leave it be.

And wait for it to pass.

Most of the time, the moment does pass. Though sometimes we will have to tell the offender to walk away from their problem for awhile, if feasible. If not, we might occasionally try to refocus them and then come back around to whatever has been frustrating them. When they become overly emotional about any given source of angst it’s all but impossible to reason with them. For that matter, that’s why the Wife and I tend to ignore them when they get to that point- it serves as a subtle hint for them to settle down that they’ll respond to sometimes, depending on how far down the rabbit hole they’ve gone.

I will say it isn’t always easy to deal with them when the get in this state. When I find myself arguing with them or getting sucked into their world in those moments, I often find myself thinking “Be the adult.” A scary thought, for sure, when I’m the one thinking like that.

Updated SSL Certificates


Awhile back, I linked to an article that explains how to become your own certificate authority. It’s a good article and following the instructions yields the desired results. As to why I wanted to be my own certificate authority, I just felt it was a superior implementation to self-signed certificates. Once the upfront work was put in for generating the config file and the root certificate, the rest is a matter of a few commands.

Well, I was a bit naive about that last bit. I also have to at least pay attention to advances in cryptography, including whether current techniques are becoming unsecure. Turns out the MD5 hashing algorithm used to sign SSL certificates is now considered broken, more or less.

Unfortunately for me, MD5 is the hashing function the above linked resource defaults to when creating the certificates. Fortunately for me, I’m not exactly a high value target for hackers. That said, I knew my certificates were going to be expiring soon anyway, so I decided to make the necessary mods to improve my situation.

I decided to change the hashing algorithm to SHA256, something that’s seems to be considered secure for the next decade or so. In order to make that change, the openssl.cnf file that’s created needs a few modifications. It is sufficient to modify all of the md5 references in the file to sha256.

One gotcha that did trip me up, however, was that I created my new root certificate with a new, more descriptive name. So to with the corresponding private key file. This was all well and good, but I forgot to update the config file appropriately as well. In particular, under the CA_default section of the file, the certificate and private_key lines need to reflect the appropriate new file names.

As a result, I thought I had generated new signed certificates for my mail server with the updated root certificate. But when I updated the Wife’s iPad, I was getting an error that the certificates weren’t considered trustworthy. It took me awhile before I realized my mistake- I’d simply created new certificates that were signed with the old root certificates, so I hadn’t improved anything.

Now that I’ve straightened things out, things are playing nicely again and I can forget about this stuff until next year. When I’ll probably go through this all again.



The kids made their own “tattoos” tonight.

They’ve been fascinated with them from the very start- their very first one. Those little fake tattoos that come in cereal boxes and the like. The Wife or I would cut them out of the sheet, then the kids would pick the spot to place them on and finally we’d hold a sponge on their arm for awhile. If everything went right, the image would stick to their skin and voila! They had been pseudo inked.

I suppose the ease of the process lent itself to them enjoying it. It quickly became a process they could do with minimal supervision. After a few minutes, there would be a trail of little wet paper pieces on the floor from the table to the sink, multiple sopped sponges would be laying wherever, surrounding the wet pieces of paper were puddles of water and the kids would have pictures of animals and spaceships and whatever on any free area of skin.

So tonight, they decided to kick it up a notch. They wanted to make their own. The asked me how it’s done, but I told them I didn’t know. Then they asked if using wax paper would work.

Maybe? Possibly? How the heck am I supposed to know? I suppose I could’ve googled it, but I had other … motivations at that moment. Like not wanting a massive wet-paper project developing 30 minutes prior to bedtime.

Several minutes later, the squeals of delight made it apparent they’d had some success. It turns out that normal paper colored with marker and then using a soaked sponge will indeed transfer the ink to their skin. After a couple more minutes, they were trying different designs- the boy had an asterisk on the back of his hand, the lass had some kind of … purple blob on the back of hers.

With their process all worked out, they declared that they were open for business. No, really. They want to put a sign up at the top of the driveway advertising their tattoos. They were already talking about ramping up production and the boy was trying to figure out pricing. At one point he commented “They aren’t that good yet, what do you think Dad, are they worth 25 cents?”

All I can say is this planning stage was priceless.

Then, the boy had another thought. Would they have to get permission from “the governor or something like that” to sell tattoos? I tried to explain as simply as possible that they might need to get some kind of license from the government. He was a bit deflated at that point. Good ol’ government, killing free market ideas one at a time…

Then they decided that they could just keep it in the family. That’s when he handed me a tattoo they’d made just for me- a green ‘D’ for my college alma mater. Guess I’ll end up being their first customer.

Trading procmail for sieve


WARNING: Much technical jargon to follow. Those not versed in *nix style email black magic and jargon should proceed at their own risk. YOU HAVE BEEN WARNED.

I’ll state up front that my home email system has been working just fine for years now. That doesn’t mean I was entirely pleased with it, though. The main source of my angst was the use of procmail as my mail filter for routing mail delivered to me to my various personal mail folders.

Sure, there’s the maintainability of a procmail configuration file. It’s not exactly pretty to look at. There are special flags and characters galore that need to be researched every time it’s touched. There are special, obfuscated, fall-through conditions where certain processing paths are taken. In all, it’s the sort of configuration that makes total sense right up to the point where you get it working. Two days later, it might as well all be Greek. To top things off, procmail is a dinosaur, with no active development or support for the code base.

Even so, I did put the time in to figure out how to leverage it to the best of it’s capabilities and it has served me well over the years. My main bone of contention with the use of procmail in my case is it’s position as a glue component to bolt my spam filter, bogofilter, to my system’s MTA exim. In short, it’s a kludge and one that I’ve grown less fond of as time has passed.

To more thoroughly explain things, it’s necessary to mention another part of my mail system: dovecot, an IMAP server which has proven extremely useful over the years. The Wife and I both can access email from any of a number of devices; computers, tablets, phones, and so forth; from anywhere we have network access. All of these different forms of access are possible because of dovecot. As such, dovecot isn’t going anywhere. Now dovecot happens to come with it’s own filtering capabilities, provided by an implementation of Sieve filtering, and also has it’s own LDA, appropriately named dovecot-lda. It’s the presence of these 2 elements that, to my mind, make procmail seemingly superfluous because between Sieve and dovecot-lda all the functionality of procmail is possible in a more modern package.

So why haven’t I ditched procmail yet?

Here’s the problem: I use user-level word lists for spam detection with bogofilter as opposed to a global word list and Sieve does not easily pair up with bogofilter and it’s limited with regards to exim.

With bogofilter, it’s possible to either use a global wordlist for detecting spam or a per-user wordlist, each of which resides in a user’s private directory. In this way, the Wife can have spam detected how she likes and I can have spam detected how I like. While it’s possible to incorporate bogofilter support directly into exim, it seems this way only supports use of a global wordlist, which is a no-go for my situation.

Now one might presume that I could still dump procmail and just make use of Sieve to run my mail through bogofilter for spam detection. It is, after all, a filtering language. Unfortunately, it’s not possible to do this because Sieve does not support running external programs. Thus, there is no way to get it to run mails through bogofilter.

So to take advantage of Sieve, the processing has to take the following path: exim has to route the mail to an individual user, where (somehow!) it is then run through bogofilter which modifies the mail’s headers slightly to mark it as spam or not, after which the modified mail must be (somehow!) handed to dovecot-lda which will then run it through a Sieve filtering script. The Sieve script can then check the mail for spam and place it in the appropriate mail folder.

As hinted at, the bugaboo has been how to get exim to hand the mail to bogofilter so it can use the user’s word list for spam detection and then pass the resulting mail to dovecot-lda.

It turns out to be possible with the help of exim‘s support of .forward files, as well as a little helper script.

To make it work, start by enabling the Sieve plugin in dovecot. Do this by editing /etc/dovecot/dovecot.conf and adding the following configuration:

protocol lda {
    mail_plugins = sieve

(The ‘…’ characters just indicate the possible presence of other lines in within the brackets. They shouldn’t actually be in the file.)

Once this is done, restart dovecot however appropriate for your system. On debian using the /etc/init.d/dovecot restart incantation works nicely. Out of the box support has now been created for a ~/.dovecot.sieve file.

Next, create a .forward file for exim as follows:

if error_message then finish endif
pipe /home/user/.forward-helper

Now create the file /home/user/.forward-helper as follows:

/usr/bin/bogofilter -u -e -p -d /home/user/.bogofilter/ | /usr/lib/dovecot/dovecot-lda

The one thing to check on in these commands are that all of the paths are correct. The path following the -d should be the path to the bogofilter wordlist. Similarly, make sure that the path to bogofilter and dovecot-lda are correct for your system. In both cases above user should be substituted with the appropriate username.

What will happen now is that as after exim figures out which user to rout mail to, it will run that user’s .forward file. The file is setup as an exim filter file and will pipe the mail to the script .forward-helper. That script takes care of running the mail through bogofilter and then handing off the resulting mail to the dovecot-lda. The helper file is necessary because of the multiple pipes. While it is possible to run the mail through bogofilter directly from the exim filter file, the result cannot be grabbed for further use, like to pipe to dovecot-lda. Thus, the helper file takes care of that for us.

At this point, all mail will start showing up in your INBOX (I’m assuming use of maildir here). For a start, here’s how to separate out spam, ham and unsure mail messages using Sieve:

require "fileinto";
if header :contains :comparator "i;octet" "X-Bogosity" "Spam"
    fileinto "spam";
elsif header :contains :comparator "i;octet" "X-Bogosity" "Unsure"
    fileinto "unsure";

Place this snippet into a file named .dovecot.sieve in the user’s home directory. Now, spam will go into a mail folder called “spam”, mail that can’t be classified goes into a folder called “unsure” and the rest will go into the user’s INBOX. Please see RFC3028 for a detailed explanation of how the above works as well as how to further filter mail.

The solution seems somewhat trivial, but as a non-sysadmin lacking decades of experience working with email systems I can say it’s taken me quite awhile to figure it out. Initially, I searched high-and-low for someone else who had done this, to no avail. Then I had to become somewhat steeped in the machinations of exim to figure out how to make it work. In all, it’s a satisfying solution and the new Sieve scripts are much easier to understand and maintain. So long to procmail.



Would this be considered adding insult to injury?

The temp this morning at 7:20.

Go to Top