Not a Gram-Weenie (yet)

I was discussing Philmont with some of the leaders who went last year. They were describing having a 50lbs(+) pack. Even back when men were real men and you carried your food with the water in it by gum – I never carried that much and I did carry food for a non-resupplied 10 day trip a couple of times. (the resupplies in Philmont are a 3-5 days apart)

So obviously I’ve been looking for how to keep pack weight down – while still carrying the supplies needed for a safe trip. (adult scout leaders tend to have a weight tax, because they’re the ones who promise to bring the boys back home in more or less one piece).

My heavy pack is a Kelty 50-year anniversary pack and its a great pack. It’s just big and well – too easy to load up. It also weighs enough that you can’t actually get a base load less than 20 lbs unless you really shave the load, and then you don’t need a big pack.

Finally I have found a light-weight pack that can actually work for me. I can actually break the 20lbs barrier with a Gossamer Gear Mariposa Plus, and with packing everything I need (which is too much). This is after trying an Osprey Atmos 50 (nice pack, but puts a lot of pressure on the lower back, and the curved frame gets in the way of loading), and Equinox Katahdin (big bag – the mesh backpanel is a wet weather concern, and there is no way to tie wet things to the outside). Neither of these really works for the kinds of loads I have – although I could see them working for some people.

Here are my criteria:

  1. Comfortable hip belt and suspension (Mariposa & Katahdin)
  2. Light Weight. (Mariposa < Katahdin < Atmos 50)
  3. Easy access of Nalgene or Soda bottle (Mariposa < Katahdin << Atmos )
  4. Some sort of stable frame so the pack cover stays on (Atmos < Mariposa << Katahdin)
  5. Enclosed bag (Mariposa == Atmos << Katahdin)
  6. External tie ons or pockets for wet gear (Mariposa << Atmos, Katahdin or kelty)

Point 6 is the real deciding point. Things that are wet should stay on the outside of the pack. There’s no reason to put a wet shelter or rain gear inside of what should be the dry bag.

So now to see how it carries on a real trip (vs. around the block a couple of times) and to start on the rest weight reduction.

Written by Rob in: backpacking,outdoors |

The joy of distributed attacks.

I’ve just been the victim of a distributed email bounce attack. My apologies to anyone who had email pretending to be from me and advertising wondrous things.

The attack takes two parties – first the spam emailer who uses a realistic looking or real email address to add verisimilitude to the email. This was probably harvested from this blog (which now has an invalid email address – sorry). They then use a botnet, probably contracted from another group, to send emails from many different sources with a forged address.

This isn’t hard. The email protocol is trivially insecure and it is a common beginning Unix security lesson to show students how to do it.

The second part of this is the mailer deamons. These quite rightly check that the incoming email is spam or that the end user doesn’t exist or whatever. They then send email to the apparent sender – which is the forged address. So you come in, in the morning, to several thousand emails from “Mailer-daemon” or “postmaster” berating you for having an “insecure system”. The most frustrating are the ones that correctly analyze the email, but still send it to you.

Back in the “good old days”, this was a nice courtesy, but now it is a disaster. If it is spam and the “HELO” or “EHLO” address does not resolve to the same location as the “replyto:” or “from:” addresses then it should not be bounced.

I’ve set up a procmail script that bit-buckets these emails, and unfortunately legitamate bounces as well. This will at least keep the buggers from crashing my email host. It won’t repair the damage to my email reputation, but thats tough.

Written by Rob in: security |

Sailboat performance

This is just a bit of a followup on my post about the inflatable sailboat. Last weekend we had a chance to try it with real winds. Funny how “lake wind advisory” takes on a new meaning when you want a decent wind. The boat handles very well in 10-15mph winds, although the steering oar will come out of the water if it is too choppy. The oar is not as effective as a rudder when going downwind and you may need to tack downwind. The boat comes about nicely from a downwind tack so you don’t need to jibe – if you have the room.

I later tried the boat alone in about 20mph winds with a 1-2 foot wave chop. Fully stable and quite fun. However, keeping the oar in the water takes a bit of effort under those conditions. It’s helpful to have the oar on the same side of the boat as the sail when its that choppy (it’s not as critical when it’s calmer). The wind gusted while I was on a downwind tack on the way back and we went very fast – motorboat sorts of speeds. Needless to say I wore my PFD and didn’t stray too far from shore under these conditions.

Written by Rob in: outdoors |


I thought it would be good to show some of the improvements in how I set up my shelter system to be drier. Last weekend at the scout leader training I help with it rained almost as much as at the camporee the week before (1.5 inches vs. 3 inches – and over a longer time) and I was absolutely dry. I use a tarptent (2lbs or so) which is very light and (usually) dry.

Set up for a normal environment the tent looks like:

tent in normal configuration

When I’m expecting wet weather I can bring a fly and set it over the entrance, thus giving me a “porch” and helping keep the inside dry. It’s also good to have a small waterproof doormat and I use an old (light) poncho for it.

tent with fly

The pink flamingo is a “pack flamingo” which is light-weight and usually good for a laugh.

Written by Rob in: backpacking,outdoors |

2 new Ph.D.’s

Congratulations to my two students:  Gulsah and Patra for passing their dissertation defenses.

Written by Rob in: Uncategorized |

Illusory Security

Engineering effective computer security is difficult, and I don’t claim to be a master of it (even though I teach it). In fact I’m rather scared of people who claim to be masters of security – because almost inevitably they are better at selling snake oil or “hadacol” than they are at establishing secure practices.

Put simply there are 11 sorts of computer security people:

  1. bean counters – establish and implement practices which cover a delicate part of their anatomy when the system is broken into. In essence they view security practices as a set of standards, which when met, insure that the system was up to date and the problems which ensue after the inevitable compromise or are due to the policies are somebody elses.
  2. Formal methods – establish a formal or mathematical model for the security problem and then solve it. The basic problem with this approach is that real systems seldom completely conform to the assumptions of the formal model.
  3. Tricksters or “hackers” – Slightly odd people who are always looking for the ways in which the system is incomplete. To quote an overused trite expression – they “think outside of the box”, although they’re more likely to solve the box problem by soaking it in water and letting the glue dissolve and the cardboard disintegrate.

The ideal researcher is probably a combination of types 2 and 3. Real world systems people are mostly type 1. It is critically important to think of the side effects of your security policy, because they can have unanticipated effects.

At my glorious institution, the bean counters have instituted a single university-wide password system. You have to change it 3 times a year, can’t reuse it and it has to meet ANSI standards for toughness. If you mistype it 3 times, then you’re locked out.

Great – now any disgruntled student, staff or faculty member can harass any other GSU person by a) finding out their login id (public information as it is the email address), b) finding a semi-anonymous terminal such as at the library, and c) logging in four times. The worst outcome for them is that they lockup the account, and the best is that they are lucky and can change personal information – including the location that paychecks are sent to (which would be a neat two-fer – redirect the check to someone else you don’t like).

But the system is “secure”.

As a faculty member I can change grades if I’ve made an error or a student finishes an incomplete. I do this by sending email from my official account to an email address (I’ll let them keep their “security by obscurity” for the moment). How do they know it’s me and not a student giving themselves or a friend an A? Two things – the format of the email and the email address.

Gee, I guess the system designers haven’t heard of how easy it is to forge email.

Written by Rob in: engineering,security |

Staying dry

Just a quick post.

This weekend I was helping at a district camporee – having the interesting experience of being an assistant scoutmaster with two troops and on the district comittee – it was a busy time. Friday was a beautiful night and Saturday was reasonable. Saturday night the heavens opened and we had 3+ inches of rain as a supercell moved over the camp. It literally sounded like a hose was being turned on my tent. Needless to say on Sunday there were a lot of wet and cold scouts. The rain was so hard it dug a pit beneath my tent and I was flooded. Outside of maybe better tent placement, there are a few lessons to examine:

  1. Bivy sacks. – I brought one along to evaluate as a low-weight alternative to tents. It seemed to be a good idea Saturday night to put in on in case of a small leak (I use a single layer tent with not a particularly good bathtub floor – so sometimes a little water gets in). I can now confidently state that it lets you sleep dry and lukewarm in a 3 inch puddle of water. It’s now on my essentials list.
  2. Pack covers. – I had my things in two packs (a Kelty 50-year anniversary pack and a Equinox Katahdin pack that I was using as a daypack (small and light enough to use a stuff sack!)) I left the Katahdin in its pack cover, wrapped in a poncho under the front of the tent and pulled the big pack into the tent. Guess what! – the pack in its cover was much drier even though they both saw the same level of water. It looks like that’s the way to go (we’ll see).
  3. “waterproof” stuff sack. – I used one from outdoor research and it worked as advertised. There’s nothing like dry polypro’s in the morning.
  4. Trash bags. – Many of the scouts ignored our warning on the potential low temperature or failed to remember a jacket (or change of clothes). This is a leadership issue that will be worked on. Fortunately, if you bring a trash bag and cut head and arm holes you can keep someones’ trunk warm and head off hypothermia.

These systems are redundant. The tent should have kept me dry, and in normally heavy rain, would have. The pack system should have repelled enough water to stay dry, and again until it was submerged in a ad hoc stream it would have. Had the bivy sack failed I could have used trash bags and my dry clothes to avoid hypothermia. The systems also did not increase the weight above what I would normally carry.

By the way, the recipe for backpacking brownies from freezerbagcooking.com worked well again. (the recipe is no longer on that site and I found one on http://scoutmaster.typepad.com)

In a quart freezer bag put:
1lb package graham crackers, reduced to crumbs.
In another bag put:
6 oz (about 3/4 cup) chocolate chips and
3 Tbsp powdered milk.
2 Tbsp sugar
In camp: Add 3/4 cup water to the chocolate. Bring a pot of water to a boil and dip the bag to melt the chocolate (the higher-quality the chocolate, the better it melts and the better it tastes). When melted, add the graham cracker crumbs and knead to mix thoroughly. How you eat it is up to you. You can let it cool and break into chunks. (don’t over do the amount of graham cracker crumbs – but the boys will scarf the lot anyway)

Written by Rob in: backpacking,engineering,outdoors,scouting |

Powered by WordPress | Aeros Theme | TheBuckmaker.com WordPress Themes