Step Out Walk 2014

The photos from this year’s Step Out walk are located here.  Thanks to all of the volunteers, walkers and sponsors for making the event a success.  All photos at my PerformancePixel.com may be downloaded for free/no charge. So don’t use the order prints feature unless that offers a convenient means for you to get them.  The prices for prints that are ordered is the cost that the lab charges with no markup from me.  Again, thanks for your support of the walk.  It was great to see so many families supporting loved ones with diabetes.

Nginx and Blocking Countries Redeux

After having some issues with this new server build and Apache2, I decided to move over to Nginx for the web server. This meant I had to figure out how to get a Linux, (e)Nginx, MySQL, and PHP (LEMP) server going.  Although I am not a DigitalOcean customer I used a great tutorial from them to determine what I needed on the Nginx and PHP5-FPM side of things and left off the other steps pertaining to Linux and MySQL.  I also had to recreate my self-signed cert for SSL which I did using these instructions from DigitalOcean. These portions of the upgrade, I actually did from remote while DJ’ing for an 80’s gig, but I did need to finish up swapping the Apache2 and Nginx daemon start ups the next day.  All in all, it was a pretty effortless job to make the Apache to Nginx switch until I started investigating what I needed to do to continue blocking web visitors by country.

So the next step was to enable the MaxMind GeoIP modules in Nginx and configure the web site profile to block countries other than the usual five. For this portion, I found another tutorial from  how-to-forge that walked through the process step by step. Just like the previous effort to do this under Apache, there are methods to allow all countries and specify a few to block or block all countries and specify a few to allow. The latter is the method I chose.  The one option that I really like with this setup is instead of giving a 403 – forbidden response to blocked visitors, I followed the tutorial’s recommendation to use a 444 – no response method which just keeps the browser at the other end hanging on and waiting for a response.

Between country blocking, using a self-signed SSL cert and a captcha requirement for administrative access, the number of attempted password guessing attacks against this site has gone from several an hour to zero.

Follow-Up:

ZP20In addition to WordPress, my site also includes Zenphoto 2.0 for the photo gallery.  While it initially looked like wordpress and zenphoto were functioning correctly under nginx, if you went into any of the albums you would get a 404 error.  Turns out that mod-rewrite and php needed some attention to get Zenphoto back to health.  Here is a post I made to the Zenphoto 2.0 forum on the adjustments needed.


 

Due to some problems with apache2 under a new Ubuntu 14.04 load, I decided to switch my web server to nginx.  I used a couple of nginx (LEMP) tutorials from DigitalOcean even though my server self hosted.  My primary site is wordpress with zenphoto 2.0 as a sub folder named zp.  Zenphoto detected the server change to nginx and prompted me to run setup.  This created two issues. One was setup did not detect a working mod_rewrite.  The other was a timeout error (504) waiting on the setup script to complete.  The timeout for php execution completion is probably set at 30 seconds on most default php installations. This is too short for the setup process to complete. This site (http://www.nginxtips.com/504-gateway-time-out-using-nginx/) has the settings needed for extending the timeout to avoid a 504 error waiting on Zenphoto 2.0 setup to complete.
You may have to make adjustments to the location of the files to edit, with Ubuntu 14.04, nginx, and php5-fpm these were the locations:
php.ini = /etc/php5/fpm/php.ini
www.conf = /etc/php5/fpm/pool.d
virtual host conf = /etc/nginx/sites-available/<default site file>
To fix the mod_rewrite issue I found one suggestion (http://www.zenphoto.org/news/nginx-rewrite-rules-tutorial#rewrite-rules-for-zenphoto-145) of this simple location section for zenphoto being hosted in a sub folder.

          location /subfolder {
try_files $uri $uri/ /subfolder/index.php?$args;
}

mod_rewrite is detected and seems to be working with this location portion added add to the default site config:

        location /zp {
try_files $uri $uri/ /zp/index.php?$args;
}

The nginx wiki has a much more detailed section of rewrite configuration (http://wiki.nginx.org/ZenPhoto), but I think the shorter one above is working.
Just passing this along for those that might hit these issues with nginx and zenphoto 2.0.

Updated SUP Board and Debby’s First Lesson

Glide1
Naish Glide AST 12′ 2010

As Debby and I prepare for vacation, where she might get a chance to try out Stand Up Paddleboarding (SUP), she decided it might be time to get a lesson before possibly having to lay out some cash on a rental while on vacation.  So, if she wanted to learn, it meant I had to use one of my old sailboards as a SUP board or check into to getting one of the newer boards made for touring on flat water.  My previous experience has been using an old sailboard as a SUP. Those boards were a Magnum Nova and Hobie Alpha 230a.  Real SUP boards include an Ocean Kayak 11′ Nalu and the 12′ Naish Glide (2010 model).  I found the surf style nose on the Naish made me feel like a was pushing water a little bit when compared to the displacement nose on the Nalu.  Looking at what’s available in displacement touring boards, there are a lot of options with prices on the low end for the Nalu’s around $600 to high-end carbon touring boards going for more than $2,500.  I ended up closer to the low end with a 12’6″ Bic Ace-Tec Wing limited edition from REI.  More on that later…

Lake_Johnson
Lake Johnson (c) Wind Watcher 2012

Debby’s first lesson went well.  We showed up at a local Raleigh city park, Lake Johnson, where a SUP group lesson was just starting.  I gave Debby the quick instructions of how to hold the paddle the right way, where to put it across the board while going on to the board on one knee in shallow water.  She has seen me SUP enough to have a basic idea on paddling.  She ended up on the Naish Glide and followed the group class out to the back side of the lake which required me to go from standing up on my board to a crouching position on my knees to make it under the Avent Ferry Road Bridge.  Once on the other side, she was able to stand up pretty easily by following my example.  We hung out in that part of the lake for a while after letting the group lesson go their own way to learn important things like how to get back on the board after falling off, where Debby’s idea of good lesson was not falling off.  After about fifteen minutes, we headed back to the main part of the lake which gave Debby another chance to go under the bridge and stand up again.  We paddled toward the dam and Debby had no issues and no near falls over the hour that we were on the water.

My thoughts on the new Bic Wing are: Wow!  Now the first thing I will have to say is the board is a little heavier compared to the Glide, but not anything like the rotomolded Ocean Kayak.  I  ended up getting the blue topped limited edition during the Labor Day sale at REI with the ship to store option  that only took two days to arrive.  I had been looking at this as a potential displacement board for awhile, but the $1399 price tag was a little more than I wanted to spend and 15% off helped push me over the edge and pull the trigger on the purchase.  My only qualm with REI, being an REI member at least, is they did not give a dividend on my purchase stating that the discount I was getting was more then the dividend would be.  That is pretty lame if you ask me, but it was not enough to make me decide to try and see if I could get it for the same price at another retailer that had similar ship to store options.

We unboxed the board at REI and let them recycle the the card board before heading out to Lake Johnson.  Thankfully one of the staff that helped me get it out of the box took the extra effort to bring me the FCS hex key wrench they found when discarding the box while I was still loading the new board up on the car or it would have been a sad trip to the lake for me as I only brought a phillips and straight screw driver with me.  Getting it on the water was pretty simple once I got the FCS 9″ touring fin installed.  Sadly carrying this board and the Naish Glide on my roof rack at the same time will require removing the fin from the Bic.  On the water the Wing is very stable, from a stop you have to alternate your paddle from side to side to get going in a straight line, but once you are carrying some speed this board tracks truer in the water better than any of the four boards I have SUP’ed on the past including when I was lowering the daggerboard on the Hobie Alpha to get some stability back when I was first starting out.  With Debby going at a much slower pace during her lesson, I had to double back several times to get her caught up.  Initially I was back paddling on one side to turn around and since this board tracks so straight I was almost coming to a complete stop to make the turn.  Later on I started walking back on the board to get the nose to lift out of the water and torquing my core to twist the board as I paddled on one side to make the turn.  Turning this way was quick and let me maintain some forward momentum, but required my full attention to keep my balance.

Overall I think this is going to be a great board for my flat water needs here in the area.  As far as the aesthetics go on this board, I like the metallic royal blue on top and the white bottom.  I have not verified this, but a quick glance at a couple of the graphics on the side they did not appear to be integrated into the glossy finish, so it will be interesting to see how long these decals stay on.  The recessed deck padding is nice and you can see where the red swoosh is cut into the base white pad.  I did get a little bit of hot foot on my right side, but that is most likely due to some planar faciitus and me being off the water for so long and not the padding.  The weather was an intermittent light breeze with overcast to partly cloudy while we were out on the water.  That said, I did notice that if I slid the outside of my foot off the pad up onto the blue top, I could feel the increased heat level of the darker color versus the mostly white pad.  Compared to the normal edition of this board in all white non-glossy finish with red graphics, I really like the red, white and mostly blue look of the top on the limited edition.  One of the items to note on the limited edition is the glossy finish.  Long term I think this may show a little more of the scrapes and dings that come with loading, launching and landing, but the whole reason for the Ace-Tec construction is make these boards pretty bullet proof and I can tell you as the owner of two 1980’s sailboards using similar construction that you can probably poke a hole all the way through one of the boards and keep using for years to come as long as you don’t compromise the board’s structural integrity.  I have to make a note to myself  that if I am leaving the board out in the sun for a any long length of time, it is probably better to leave the white up and blue side down help the board keep its cool.

Hopefully I will be able to get it out a few more times over the Fall season and post some additional reviews.

Data Specs
Length: 12’6″
Width:  30″
Weight:  34 lbs
Volume:  285 Liters
Fin:  FCS SUP Touring 9″
Shaper:  Patrice Remoiville

Program

www.timbrown.us

HiFi $50 Headphones

I would have to call myself and audiophile from a pretty young age as my dad was always recording the band concerts and coming home and playing them on a decently high end stereo at the time.  My Dad and also had the pleasure of knowing Harry Grasser, a violinist, that would share some great classical LP pieces he had come across.  I ended up leaning toward early 80’s contemporary Jazz after growing up on Pop and southern Rock & Roll.  This was not from a dislike of those genres, but more of an escape.  In the early 80’s I was DJ’ing at a local roller skating rink, Sportsworld of Cary.  After playing Pop and a lot of R&B, the chill out music of choice, thanks to Jerry Rose, became a lot of what we call smooth jazz today.  At night, I could not turn up the stereo to get my fix, so I would fall asleep most nights listing to some music through  my headphones.  Back then there was not a large market place and you generally chose between Koss, Sony or some of the new Walkman style phones.  I ended up with some Koss Pro-4a’s and wore them out between heavy use and age.  Since then I floated between ear buds of various sorts and some cheap around ear styles that I did not care if they broke as I was using them each night when I went to bed.  Yes, I still listen to something every night as a fall asleep.  But these days the tracks are mostly binaural beats or self-hypnosis focused on various things from pain control to body asleep – mind awake.  With binaural beats there is a desire hear the low bass frequencies as they form the core of the tones sent to each ear at different frequencies to produce a harmonic within the auditory function of the brain which appears to sound like a beat.  People tend not believe this part of the binaural beat phenomenon, but if you pull the headphone off of one ear the beat produced by the different tones to each ear goes away.  So back to headphones.

Panasonic RP-HTF600-S Stereo Over-ear Headphones

Most of the cheap headphones I have bought have been really cheap Sentry brand from BigLots.  Like I said, I was just buying something that worked that I did not care about as I might pull the cord out or break the ear piece off while sleeping.  The specifications on the the Sentry around ear Studio model was 20Hz – 20,000Hz which is fairly standard for an average pair of phones or “cans” today.  Eventually I came across some V-Moda LP’s at Costco and got those, but needless to say, they did not get  bed time duty.  They are some pretty good headphones, but I found the around ear cushions were just shy of going around my ears which limits them to short term use.  Sound quality is definitely better than the cheap Sentry stuff and the ability to use them with the second cord that includes a mic that works with an iPhone is a nice feature and the storage case is added plus.  But like I said, these are a little over the top for use while falling asleep. So I kept looking at reviews on Amazon and everything was about $80+ for something with 4 stars, but then I came across the Panasonic RP-HTF600’s (600’s for short).  Most every review gave these guys 5 stars with very few low ratings.  The specs for the 600’s are 10Hz – 27,000Hz at $29.99 price point.  I have been listening to the 600’s about six months now and they find their way from the bed room to the computer room so I can listen to music, binaural beats or whatever else I decide to play through them.  I have played with EQ settings and find that I like the sound they produce without any EQ adjustments.  I have not really found any frequencies where they fail to produce a clear sound.  The mids are not overbearing or muffled and the highs are very crisp with super smooth bass.  One of the best traits so far are the new deeper tones I hear when listening to binaural beats.  Some of the self hypnosis sessions that I have listened to for years have been rejuvenated like old people in the movie “Cocoon”.   These are Amazon prices as of May 18, 2014.  But you said $50, well the additional cost comes from Beyerdynamics replacement velour ear cushions.  While the original ear cushions are okay, they would get a little sweaty being  pleather.  The Beyerdynamics velour cushions were recommended in a couple of reviews.  And I am very glad I added them to the order.  So far these cans have holding up on their own four over six months.   I still want to try and make them a little more closed versus semi-open by inserting some blue tack on the inside vents; leaving only a small opening for ventilation.  If I make that change, I will post an update on the improvements or detriments.

Koss KTXPRO1 Titanium Portable Headphones with Volume Control

Some other cans I own in addition to the V-Moda and Panasonics are: Bose Mobile in-ear (clearance shelf at Sam’s Club), Bose OE (Target clearance item), Monoprice DJ headphones,  Radio Shack Realistic Pro-35a (Titanium) also sold as Koss KTX Pro 1 on Amazon, and a pair of Koss from Walmart that have been discontinued.  The Bose in-ear are good with my iPhone, but they are not going to win any contests even though I do find the microphone better than most in-ear mobile headsets.  I have the OE Bose at work and find they are bassy with very good highs if my old ears can hear them, but they are missing some mid range that make the overall sound experience a little muddy. The Radio Shack Pro-35a could almost be a standard reference which is saying a lot when you think about the current Koss version costs less than $12.  I picked up the Monoprice headphones on a daily deal or sale and got two more pairs for my nieces as gifts.  They were 10 and 13 at the time I gave them to the girls and they have not broken either set in two years.  I like the Monoprice as far as sound experience goes, but the headband tended to cut into my head and the pleather ear cushions caused some sweating.  I made two mods to the Monoprice to improve them.  One, I took the ear cushions I removed from the Panasonics and put them on the Monoprice set and I took a strip of rubber cut from an old bicycle inner tube to create suspension headband inside of the original poorly padded head band.  If you take a look at the Koss Pro1 photo, the homemade inner tube head band looks sort of like that on my modified Monoprice cans.

No doubt I will probably keep looking at new cans and probably buy some higher end models if I come into some gift certificates or money.  But unless I am a producer behind a studio sound board for a professional musician, I can’t see spending upwards of $150 for my old ears.  So now I wait for the new Audio-Technica ATH-M50x to come down to my price range.

 

Photo Shoots

It was a busy weekend for photography.  So much so that I had to call in the reserves (my wife & father-in-law) to help.  The first event was the Raleigh Police 5K Run For Our Heroes in downtown Raleigh.  The other event was the first annual Bed Race held by the Caring Community Foundation.  If you are looking for the images, you will find the 5K photos here and the Bed Race photos here.  As always thanks for your support of these great charities, the Raleigh Police Memorial Foundation and the Caring Community Foundation.

The memorial foundation has been working hard over the past few years to raise funds for a proper fallen officer memorial for the Raleigh Police Department.  Sadly eight officers have given their lives while protecting the citizens of our capital city, but they are finally recognized through the memorial which was dedicated Friday night before the 5K on Saturday.  If you get a chance, please visit the Raleigh City hall to pay your respects at the memorial.

The Caring Community Foundation continues to be the little cancer charity that can.  While many cancer charities raise funds for research, CCF is unique in that the funds raised are used to assist cancer patients in our area that have  financial needs which are many times identified by their oncologist.  The goal last year was 365 patients assisted and that goal was met and this charity has raised over $1 million in the 10 years since its humble start with a backyard BBQ.

Internet Neighborhoods

Deciding on which web hosting provider to use should be based on more than the hosting fee, or you stand the possibility that your site will end up on a blacklist that may prevent many of your potential visitors from reaching your site. Whether you are hosting a blog or a small business website, your ultimate goal is to have your site serve your visitors the content you want to share. But if your site is hosted as a virtual site on server that might be actually hosting hundreds of other web sites, you shouldn’t be surprised when potential visitors claim they can no longer access your site.

When this happens, many site owners don’t consider blacklists as the source of their problem. Blacklists are the customary means for security tools such as content filters and DNS systems to block access to web sites or servers that are known to be providing malicious content or redirects to other malicious web sites. Now when you start to think about the inexpensive web hosting company placing hundreds of sites on the same server, you can start to see an analogy to a physical neighborhood in the virtual neighborhood represented by the many sites hosted on a single server. If you are opening a new business that you expect your customers to visit in person, you might consider the square foot cost of the lease, but more importantly you consider the location for both convenience and safety of your customers. But this logic is often ignored when setting up a web presence as price seems to be overriding logic with little if any consideration given to potential web site visitor safety.

When a web site owner has experienced being on a blacklist, they will usually try to find out if their site is truly malicious. For the non-technical this is often a challenge. For some host names, the google web crawler aka Spider can tell a site owner if their site has been found to be malicious. Google also offers the ability for web site owners to check out how their site appears to the google crawler. https://support.google.com/webmasters/answer/158587?hl=en

With the appropriate URL, web site owners can also view the status of their pages through the google malicious URL service. In most cases this can be done based on IP address, host or domain name or AS number. So if we take a site that is known to be clear of any malicious content and check it, it should show that google has found no problems with the site. If we use the AS number, which includes all of the sites on the hosting provider network, you can check provider for reputation as seen by the google crawler (http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=AS:46606). One can think of this as the neighborhood that the hosting provider represents. Here are some examples of this using the site from my local bike shop cycle-logic.biz. The report for this site at http://safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=Cycle-logic.biz shows no malicious content has been found on the site over the past 90 days. So why would this site end up on a blacklist? Simple answer is the Internet neighborhood in which the site resides has a very poor reputation. The IP address represents all of the sites commingled with the cycle-logic.biz web site. If we go a little further and look at virustotal’s report for the IP address 192.254.185.32, many sites from this IP address are listed as being suspect. https://www.virustotal.com/en/ip-address/192.254.185.32/information/. The best source for checking to see if an IP address is showing up in any blacklists is http://dawhois.com/rbl_check/.  Currently this site is reports the IP address hosting cycle-logic.biz,  192.254.185.32, is  listed in 11 blacklists.

So if you are considering hosting a web site or blog, research the provider’s reputation through their AS number. If there are multiple sites noted in their record at google, try another provider. Reputable providers will usually act quickly if notified of malicious content on a customer’s site and either notify the customer or take down the content. While these providers may cost a little more than $5.95 a month, you will significantly reduce the risk that your site will get on a blacklist due to other sites being hosted on the same IP address are providing malicious content or redirects to other malicious web sites.

St. Baldrick’s Raleigh Event

Many thanks to all of the folks that came out and supported the Raleigh St. Baldrick’s event (updated totals at the link)  this year.  The numbers shared with volunteers prior to the event were: over $200,000 raised and 400+ shavees and another 100+ volunteers. I am sure the actual numbers will be higher with the number of groups that showed up and the last minute challenges from the stage.  This was my first St. Baldrick’s event thanks to my friend of 40 years Evelyn Putnam who recruited me to help since I already shoot for some other local charities.  I am trying to get locations of the other photographer’s images and will share links if they placed theirs on the web.  My shots are located here.  Many thanks to the two returning photographers, Carter Pettibone and Haley Bohn; and thanks, as well, to ShellyBooker, Evelyn Putnam and one other un-named shooter who had her head shaved as well helping with photography.  While I have shot many charity events, there is no doubt when you hear from the families that are currently fighting for their child with cancer or the parents that lost their child to cancer; it’s a wake up call that there has to be something we can do and we did it today! Whether shavee, family member, or friend supporting them; the funds raised will support research like that of Dr. Oren J. Becher, from The Becher Lab At Duke University.  And we know we make a difference with the success stories of cancer battles won that would not be possible without funding more children’s cancer research.

For anyone who is interested in some upcoming charity events in the area that I shoot, the Raleigh Police Memorial Foundation 5K Run For Our Heroes will be at the end of April.  The Caring Community Foundation (Cancer Patient Financial Support) is holding their first Breakfast in Bed Race on Academy Street in Cary on the same weekend.  And finally the Band Together Concert featuring Hall & Oates will be at Walnut Creek this year on May 3rd.

-73

The Five – Countries

Flag5After much monitoring of malicious traffic and hacking attempts against this server, I have taken the ultimate draconian measure of blocking all countries except our US allies: Canada, United Kingdom, Australia and New Zealand.
The attempted attack that broke the camel’s back came yesterday with an attempt to have WordPress download malicious content from another site. The attempted download failed, but I manually went and got the files only to find they were trying to load an IRC Bot, web shell, deface my site, and use it to scan for other victims. So recky aka bogel, and x0re; sorry it failed for you. If anyone has any hosts talking out to *.blackunix.us, block the traffic. Nothing good can come from the hosts answering up on that domain name.
bot.blackunix.us has address 217.29.115.1
bot.blackunix.us has address 94.23.89.246
bot.blackunix.us has address 122.201.71.67
bot.blackunix.us has address 122.201.73.182
bot.blackunix.us has address 168.131.234.13
bot.blackunix.us has address 210.56.17.19

Zenphoto Offline

Due to a major upgrade failure of Zenphoto – Yea, just copy the index.php and contents of zp-core after a backup of your DB and your site will upgraded super easy –  NOT!  My photos are offline for now.  I think I may have to find something else.  The site is actually up and available, but I have to put passwords back on albums now that were protected and now are not.