Loads O Stuff

Been plowin' away at a whole bunc of projects of late, both home and work oriented. I upgraded a while back to OpenBSD 3.3 on my firewall and that gave me some nice advantages.

The new pf code has plenty niceties in it. Probably the nicest of which is the TCP ACK prioritization capabilty as described here. It also offers a nifty spam tarpitting functionality that I'm playing with. In addition to these nifty features, it has an app, pfstat, that can generate lovely little graphs. But the TCP ACK stuff is nice. It's nice not having your upload activity interrupt your download.

I've built a few more gentoo boxes. One is destined to be a file/www server for a site I'm helping to manage. The cool trick on this one is that I built gentoo completely under RedHat and then replaced it.

The box came with a RedHat install as it is a highly optimized Dual Athlon 1U server. I was able to build a copy of Gentoo in a chrooted subdirectory, boot off of a temporary CD and move all the original RedHAT out of the way and move the gentoo inplace, then reboot with my highly optimized system. I really like Gentoo for system management.

With that same site I've had plenty of work tuning a replicated www server environment with a custom php app and doing a mysql master-slave setup that's quite busy. Lots of db tuning to reduce load on those guys. I'll detail some of that here later.

I've also built myself a nifty little mini-itx fileserver for the home. I was going to build a custom case but ended up purchasing one instead. For under $300 I built a complete box with 256MB RAM and 120GB storage. The only part I didn't purchase was an old CD-ROM used to load the initial OS. I'm running Gentoo on this one as well. It is replacing a very old Sun E150 that I started losing disks on some time ago. Tons more storage, vastly reduced power consumption and noise, and a vastly smaller footprint.

Lastly for my work I am working on integrating qmail, OpenLDAP, and Samba 3.x into a single environment. I'll detail these many many parts in a separate post. It's really pretty involved and I need to keep track of my notes. It's also slow going since I can only do this work off-hours as my regular contract job for this company is my 40 hour job. Plus I'm having to do the work in such a way to provide minimal interruption to the current corporate LAN. But at least it's mine to do as I wish.

[/Work/#loads_o_stuff.html] Comments (0)

making picture albums.

I like to use album to make my picture albums The command to generate the static picture pages is: ~scotth/album/album.pl -medium 50% -medium_type -known_images -theme ../album/Themes/Blue once i'm in a directory full of pictures. Makes it simple, really.

[/Computers/Internet/Site_Info/#making_albums.html] Comments (0)

New thoughts on streaming music

Writing up the procedure I use to stream music got me thinking about problems with it and alternatives. One problem that it has is that I must be logged in on the console, in X, running xmms. A power-outage forced reboot could end my musical bliss at work ;). Someone else pointed out that I really should consider ogg. While re-encoding all my source CD's would be a massive undertaking this would eventually be a good goal. Transcoding from mp3->ogg is a bad idea but for a low quality stream it may have little impact.

So I found gnump3d and liked what I saw. So I installed it, reconfigured some firewall rules, and liked it even more. This is a web-based way to control and stream an music collection. The web interface is well-designed and skinnable. It seems to give me more control than xmms-shell. I can cue up individual songs or albums. Each song is a playlist so I can easily scramble within my xmms client at work rather than on the server. I can create customer playlists through the web interface.

The coolest feature is the way resampling is handled. The parameters for resampling (called downsampling in gnump3d.conf allow you to specify subnets that do not require downsampling. Thus I can fire up a session on my local desktop and use it to control music and those songs will not be re-encoded to a lower bitrate. The cacheing that happens between each song due to stream is instantaneous on a local connection so album play is minimally interrupted.

gnump3d doesn't utilize a MySQL or other backend database. It's very simple to setup and has taken some reasonable security precautions. I like it's "keep it simple" approach.

It doesn't work well through the reverse inbound proxy so I run it through an alternate port on the firewall and redirect that to the internal gnump3d server. One way I could deal with this is switch to Apache::MP3. This is a mod_perl solution that runs within Apache. So even SSL-encrypted streaming could work through this. Port 80 name-based virtual hosts work fine Apache::MP3::Skin and Apache::MP3::Resample would provide the additional similar functionality. A user can choose the level of resampling desired so it's pretty interesting.

Since gnump3d works so well for me I didn't try the Apache perl module approach but I may mess with it at a layer time. I've been experimenting with mod_perl stuff for a while so it may be educational to mess with this.

[/Computers/OS/Linux/Tips/#more_streaming_music.html] Comments (0)

War

It's hard to imagine anything positive to say about war -- regardless of one's opinions of the decisions that led up to it. Hopefully few (or none!) are hurt or killed and this ends quickly. Hopefully the divisions that have been created are mended. It's hard for me to imagine positive outcomes but I hope that I am wrong.

[/Life/Rambles/#war.html] Comments (0)

Using Procmail as an autoresponder

I'd done this a long time ago and pretty much forgotton all about it. I've used procmail for a long time to pre-sort all my mailing list mail among other tasks. I also use it as a mechanism to distribute my gpg public key. If you send me a message with the subject "get key", you'll get a response containing my public key in ASCII format. Here's a snippet from my .procmailrc:

  VERBOSE=off
  PATH=$HOME:/usr/bin:/bin:/usr/local/bin:.
  MAILDIR=$HOME/Mail      # You'd better make sure it exists
  DEFAULT=/var/mail/scotth
  LOGFILE=$HOME/Mail/from
  LOCKFILE=$HOME/.lockfile
  SENDMAIL=/usr/sbin/sendmail

  :0 Wh: msgid.lock   # get's rid of duplicates
  | formail -D 8192 msgid.cache

  # Autoresponder
  :0i
  * !^Subject:.*Re:
  * !^FROM_DAEMON
  * ^Subject:.*get key
  | (formail -r -A "From: scotth@scottharney.com" ; cat $HOME/.pubkey.asc)\
      | $SENDMAIL -oi -t

  # SpamAssassin 
  :0:
  * ^X-Spam-Status: Yes.*
  $MAILDIR/junk

  # mailing list inet-access
  :0:
  * TO.*inet-access
  $MAILDIR/inet-access

If you just need an autoresponder, you'd just use formail in a .forward. Here's how I do it using a mail server running qmail. Just create ~/alias/.qmail-autorespond containing the following text

| (/usr/local/bin/formail -r -A "From: autorespond@yourdomain.com" ;\
   cat /var/qmail/alias/autoresond.txt) | qmail-inject

[/Computers/OS/Linux/Tips/#procmail-autorespond.html] Comments (0)

GPG key

I have decided to start using my GPG key again to sign emails and such. It's a good thing to use encryption and digital signature technology. Consequently, I've gone ahead and posted my key here

[/Computers/Internet/Security/#gpg_key_info.html] Comments (0)

Streaming Your Music Collection

If you're like me, you've taken the time to rip your entire music collection to mp3. I have a huge collection of CDs and like to listen to them in the car with my portable mp3 player. I also like to listen to them at work. Since I have a PC and net access, I just stream them and pick the stream up with xmms (or mpg123 or winamp). I use the liveice plugin for Xmms and the Xmms::shell perl module to remotely control the Xmms session and manage playing tunes. There are many ways to do this, but this method works for me

Things you need

• A broadband internet connection.
• Knowledge of firewalls and NAT. My previous article on mod_proxy via apache will also be useful since your typical home setup has just one public IP address.
• To do the above apache mod_proxy trick, you need to understand DNS and have a domain that you control.
• A collection of tunes. Mine is shared on my internal network via NFS and Samba.
• An understanding of streaming technology. The software links below should tell you what you need to know.

What to do

You'll be downloading a pile of software. Everything for me was available as Debian packages so apt-get (packagename) worked for me. I'll link to the original sites here.

First and foremost, you need xmms. You also need icecast. Along with that you'll need liveice and the liveice-xmms plugin. What this will do is send the output of whatever is playing in xmms to your icecast server.

The other thing you'll need is lame because liveice needs to reencode mp3's on the fly. I encode mine for high quality and they're much too large to stream. Thus I re-encode them on the fly to a paltry 64kbps stream. This is bandwidth friendly and my workstation running xmms can more than handle the load.

In Xmms just go to the Options dialog and select the Effects/General plugins tab. From there you can choose to configure and enable the liveice plugin. There are boxes for the stream bitrate (640000 in my case) and the encoder choice (lame)./p>

You're almost set. You need to set up your firewall and/or apache proxy to get the traffic in to your icecast server. Icecast runs by default on port 8000. So for the first option, pass that port through and then you'd connect your remote mp3 software to http://www.yoursite.com:8000 to catch the stream.

Because I'm stuck behind a highly restrictive firewall/http proxy at work, I needed to use the apache proxy magic and DNS. First I set up a new DNS alias pointing to my single IP address -- ie. music.yoursite.com. Then I set my apache mod_proxy on my firewall to pass the traffic through to my internal icecast server (ie. 10.10.1.5 below).

NameVirtualHost your.external.ip.address

<VirtualHost your.external.ip.address>
   ServerAdmin webmaster@yoursite.com
   ServerName music.yoursite.com
   ProxyPass / http://10.10.1.5:8000/
   ProxyPassReverse / http://10.10.1.5:8000/
   ErrorLog /var/log/apache/music.yoursite.net/error_log
   TransferLog /var/log/apache/music.yoursite.net/access_log
<VirtualHost>

So at work I use mpg123 ( I could use any mp3 player really) to connect to my stream remotely: mpg123 -p http://my.work.proxy http://tunes.yoursite.com. If Xmms+liveice-plugin+icecast is running on the server, I get a stream. If not I get a standard HTTP 404 error.

There's one more issue -- remotely controlling that Xmms session. There's lots of ways to do that and the control plugins to xmms are available at the xmms site. I've experimented with some of the web-based plugins and xmms-shell as well. I settled on the perl module Xmms::shell. I can ssh to my site and then use perl -MXmms -e shell to start xmms and manipulate the playlist to my heart's content. I used apt-get libperl-xmms on my Debian setup but non-Debian users might do this:

perl -MCPAN -e shell
CPAN> install Bundle::Xmms

As always, you need to be concerned about security when you start opening holes on your firewall and running new servers. In this case, you've got a firewall, apache, mod_proxy, icecast, and liveice-xmms to be concerned about. That means you've got to watch for vulernabilities in all of these items. This is hardly a mission-critical service so it's no big deal to turn it off should a new vulnerability be discovered. You may also want to restrict it further via your firewall and your apache proxy server using Limit directives in your VirtualHost container.

[/Computers/OS/Linux/Tips/#streaming_music.html] Comments (2)

Mardi Gras is Over

Well, it's finally come and gone and I for one shall miss it. Mardi Gras has to be my favorite holiday. It's special. it's different. Everywhere else, Tuesday was just another Tuesday. In New Orleans it's so much more.

Lots of people only think of Bourbon Street and baring body parts for beads. Sure that's going on but really the entire city -- the entire southern half of the state -- celebrates in a myriad of ways. There are the lavish parades, not just in New Orleans, but also in the 'burbs. There's the music, the impromptu parties, the private marching krewes. There's even a parade for dogs. I put up my annual onslaught of pictures here. It's perhaps the central cultural event of New Orleans and a great reminder of how different this place is from anywhere else.

p.s. Now that it's over, I've taken the time to launch NOLUG with the new site.

[/Life/Rambles/#mardi_gras_over.html] Comments (0)

The Lab

I've had a few questions lately about my lab. I no longer host NOLUG on my personal equipment. My company OTIS hosts it on a FreeBSD box that Mikey and I set up. Nonetheless I do have a pretty extensive little personal lab for testing and development.

My primary workstation is an Athlon with 512M RAM. I've run Debian unstable on this box since I built it. It's for burning Cd's and just generally workstation and development. It's got a GeForce2 and decent sound as well. One thing I've learned the hard way about early Athlons is that they run hot. I burned up two good motherboards on this thing; the capacitors around the CPU just melted.

I also have an old PII-233 which was my second Linux workstation. The first was a 486 running Slackware 2.1 then Debian Hamm and is long gone. It's been running FreeBSD since the 3.x days and is currently at 4.7. This is my mailserver running postfix and UW-IMAP (internally only). It also runs apache where I typically mirror regular web content. I also use djbdns on it with IPv6 patches applied. It's secondary dns for my domains as well as an internal DNS server for the LAN. It also handles DHCP duties. Lastly, it has a secondary harddisk with all of my mp3 archive on it. I used to stream them via a mounted NFS partition from my primary workstation but since my current job has such strict firewall restrictions I no longer do that. I rather miss my personal radio station that consisted of my entire record collection

I also have a SunBlade 100 running Solaris 9. I have a few NFS partitions on it holding the source and ports trees for my BSD boxes, which have limited disk space. Also running Sun's build of Gnome2 on the desktop and will probably play with LDAP on it as well to see if I can implement single sign on across my little network. Plan to do that for the office so testing it out at home first will be useful. The only thing I can't test out is integrating Windows into the SSO because I don't have any Windows boxes.

My firewall is -- believe it or not -- a Packard Bell P75. I upgraded the RAM on it but not much else. It's been running OpenBSD since 2.6 and is at the current 3.2 release now. I've upgraded using both binary procedure (replacing all the binaries) and using buildworld. In addition to being my pf-based firewall this box is also my Wireless LAN access point. Rather than using insecure WEP, I implemented the built in IPSEC to encrypt and authenticate the wireless link. I also have used IPSEC to VPN in to my network from the office. Also, I use freenet6.net's tools to get my net visible via Ip6. This box is the Ip6 router and firewall. I can go to work, fire up an IP6 tunnel, and connect to apache and ssh directly via IP6 rather than having to use NAT. At some point I will put an apache proxy on this box to get into the multiple web servers behind my firewall.

Lastly I have an old Sun Enterprise 150. It used to be a server for an ISP I worked for and is quite out of date. Unfortunately, the /var disk is dead and I just haven't replaced it yet. Actually I have two of these beasts though one no longer works at all; the motherboard appears to be gone on that one. So at least I have a spare parts shelf. These things are also really loud and they suck power big time. Still, it is a solid fileserving platform. And these suckers did real work. We hosted nearly 200 domains mail and web on them and numerous other services. They barely blinked at the load. I have some SCSI disks now so I may resurrect this thing. Or I may grab another newer sun off of ebay some time and retire these puppies.

They're really cool though. The motherboard(s) float in a hard foam shell. Of course these are SBUS rather than PCI. Everything is much more solid than even the modern PCI-based 250's and the like. It's also tons heavier than those guys. I guess it's about vintage 1997 and would have set you back around $30K at the time. There's one on ebay today with a "Buy it Now" link for $250. wow.

And of course I have my laptop, a Dell Inspiron 8200. The big brick with 15 inch screen and DVD. It's large for a laptop but it's also a workhorse and it's really what I need.

I also have various and sundry pieces parts like anyone else who does this for a living and a hobby. I almost have enough to cobble together another (decent) PC. At some point I'll probably move my Athlon to the front and drop in a capture card and a new video card with NTSC output and try out one of these "build your own PVR" projects.

[/Computers/#lab.html] Comments (0)

Victory is Mine

I've been wrestling with a problem at work along with our vendor. We have a product on Win2K Advanced Server that kept blowing up during the install very earlier in the process. Some DLL call in Installshield was mailformatted in some fashion but we couldn't find why or what. We kept re-installing and removing hardware and diddling with registry entries and DCOM stuff to no avail.

Today however, I found on Installshield's site a direct reference to our error. We finally have a root cause and probable fix. The fix, though, requires the vendor to write some code. But at least its a fix. I'm definitely anxious to get moving forward again on this.

And of course I will get high visibility for being the miracle worker which feels pretty good. I love being the guy who does the magic voodoo. I suppose that's why I do what I do for a living. Between that, getting squirrelmail installed for my employer, tweaking this site, and getting the new nolug site set up, I've had a pretty darn good career day.

[/Work/#victory_is_mine.html] Comments (0)

Squirrelmail Rocks

Installed Squirrelmail today for the company. I first used ApacheToolBox to build and install Apache with php4, SSL support, and even IMAP. I've used that a few times and this is the first time I had a build go with so little trouble. The only thing I had to do was install GNU sed to fix a long path issue during the PHP4 build. After that everything was automatic.

As a bonus, I found that Squirrelmail had a plugin to change user passwords through PAM. Very cool! Once we get LDAP rolling we can still use this to change passwords and we'll have a company-wide contact list in the webmail interface. Frankly, I'm surprised how smooth this went.

Actually the change password plugin had one wrinkle for Solaris. In the source for poppassd.c I had to change an include from "security/pam_misc.h" to "security/pam_module.h". Once I did that it built fine and ran after a little naggling with tcpd.

[/Computers/OS/Solaris/#squirrelmail.html] Comments (0)

Nolug Beta Rollout underway

Well I rolled out NOLUG for beta test today (temporarily at http://www.nolug.org/postnuke/html. All comments have been complementary so far. It'd be nice to see NOLUG get moving again. I even impressed myself with the site actually. I managed to get a static content plugin installed for meeting documents archive as well as a calendar plugin and a separate headline grabber/RSS aggregator for them to play with.

I'll probably duplicate some of my content from here onto NOLUG as well where it's relevant. Now if I can just get em to move the meeting night I can start going again....

In addition to that I played with the blosxom.cgi a bit. I installed 2.0beta so I could play with plugins. Hence the Breadcrumbs at the top of the screen and the Calendar with archive links. I also played with Blagg a bit though I don't really have anything I'd want to syndicate into my blog though I may work on getting it to syndicate a bunch of stuff daily to email to me (security notices, etc) and perhaps integrate in to the sidebar as headlines rather than in the main blog.

[/Computers/OS/Linux/NOLUG/#nolug_beta.html] Comments (0)

How I post to the blog

I use Blosxom to run this here blog. It's simple to set up and does everything I need. And it also means I can write entries in a text editor "like God intended". I looked at some of the various blog services but those didn't interest me. I have an apache server and a domain after all. And of course I preferred something Open Source. Blosxom fits the bill

One way to post is of course using good ole vim/vi inside an ssh session. But instead I work on my laptop remotely where I have a mirror of my blog directory structure. I use rsync to sync up the whole shebang. It looks like this from inside my local mirror of the blog: rsync --rsh="ssh" -avz --progress . www.scottharney.com:/path/to/blog/scotth
Very quick. And syncing back the other way is just as simple just switching up the "." and the "www.scottharney.com..." parts. I use "--delete" when I need to prune up in one direction or the other.

[/Computers/Internet/Weblogs/#rsync.html] Comments (0)

Barkus pics are up

Pics from this year's Barkus parade are up. Barkus is a parade just for dogs benefitting the Louisiana SPCA. There are 1500 dogs in the parade. It is enormous and great fun. We had beautiful weather and enjoyed dressing up as Elvis and his Memphis Mafia to complent the parade's "TailHouse Rock" theme.

[/Computers/Internet/Site_Info/#barks_pics.html] Comments (0)

Why I'm doing this and a note on self-censorship

Well, if for no other reason, everyone else is blogging (I really hate that term, actually). Actually I really needed a home for some documentation notes for myself. I've always kept little README files around noting changes I've made and things I discovered but it's really better to have them in one place like this.

Of course it's also for some amusement. And I have this journalism degree that I never actually use. Perhaps this will be useful to others as well. I also will likely cross-post some bits on nolug.org which is a site I manage as well.

I was also making some notes ranting about issues at work. On reflection, I decided to remove those for several reasons. Even though I elided all identifying details, I do work at a government facility and I'm under NDA. Better safe than sorry. And I also felt maybe I was giving a false view of my work environment. It's not all 'Dilbert-esque' but that's likely all that would be posted here.

[/Computers/Internet/Weblogs/#meta1.html] Comments (0)

Potential sig

"I find your lack of clue disturbing"

[/Humor/quickies/#darth_vader_sig.html] Comments (0)

Remotely upgrading FreeBSD

I've recently done several remote upgrades of FreeBSD and wanted to note the procedure since it differs a bit from the handbook procedure for doing so. Still, you must review and understand the details of the procedure here

I use cvsup to get my copy of the stable source. Used /etc/standard-supfile provided with cvsup to get it going to to update sources to 4.7-STABLE. Here's the procedure:
  get updated src (cvsup, cvs, ftp)
  read /usr/src/UPDATING. follow instructions up to (but not after) the
    release you're going to.
  cd /usr/obj; rm -r *
  cd /usr/src
  mergemaster -p
  make -j4 buildworld
  make buildkernel KERNCONF=MYKERNEL (the KERNCONF is not necessary if you didn't
    customize the kernel)
  make installworld
  make installkernel KERNCONF=MYKERNEL
  mergemaster (this gets the rest of the config and MAKEDEV as well)
  reboot

The latter steps are what differ from the handbook procedures. You've got to really be careful doing this sort of thing remotely. Especially depending on how physically remote you are and especially with a firewall!

After completing the upgrade, I applied the necessary errata to correct any post 4.7-STABLE security and stability fixes.

[/Computers/OS/FreeBSD/Tips/#remote-upgrade.html] Comments (0)

Using Knoppix and Partimage to "Ghost" whole systems.

Recently at work I needed a way to quickly recover systems from bare metal to a known-good state. These were, of course, Windows2000 boxes. Now there are several commercial solutions to "ghost" a system, but I didn't have funds available to do that.

Enter knoppix. Knoppix is a bootable CDROM distribution of Linux. It has many many uses and is worth investigating. A copy of it stays in my permanent SysAdmin toolchest. One thing it is particularly good at is autodetecting even the most recent hardware. I was pleasantly surprised to find it booted successfully with no manual intervention from me on our Dell PowerEdge 6650's with newish RAID and Gigabit Ethernet devices on board.

Once I booted up, rather than using the traditional unix dd(1) approach to make bit-for-bit drive images, I used the included partimage utility to clone those NTFS partitions. Since partimage knows about filesystem types, it's much more efficient than a bit-for-bit copy. I also had a complication in that I was saving to an temporarily NFS-mounted directory on a Sun server. The details of my procedure, including Linux-Solaris NFS tricks are below

Backing Up Images

Of course you need to get your network connections sorted out first. Boot the server with the Knoppix CD-ROM. Knoppix will come up in a full graphical environment. You, however, will need to work in a terminal console. On the panel bar at the bottom of the screen there is an app called "konsole" (just hold the mouse of the icons to identify them). One click will start it.

Use the following commands to set up network connectivity: First get root

$ sudo bash 

# killall pump 
# ifconfig eth1 192.168.1.254 
# ping 192.168.1.13 PING 192.168.1.13: 56 data bytes 64 bytes from
nfs-server (192.168.1.13): icmp_seq=0. time=0. ms 64 bytes from
nfs-server (192.168.1.13): icmp_seq=1. time=0. ms 

# portmap 

 # mount -t nfs -o nfsvers=2,rsize=8192,wsize=8192,hard,intr \
192.168.1.13:/win2k-image-dir /mnt 

# sfdisk -d > /mnt/server-partlayout.sf 

 # dd if=/dev/sda of=/mnt/server-bootblock.img count=1 bs=512  

# partimage

# sfdisk < /mnt/server-partlayout.sf
# sfdisk -l 

# dd if=/mnt/server-bootblock.img \ 
of=/dev/sda count=1 bs=512

# partimage

# /etc/init.d/rpc start
# /etc/init.d/nfs.server start
# share
-               /share   rw=192.168.1.254   "my share comment"

# /etc/init.d/rpc stop
# /etc/init.d/nfs.server stop
# share

LoadModule proxy_module       libexec/apache/libproxy.so
AddModule mod_proxy.c

NameVirtualHost your.external.ip.address

<VirtualHost your.external.ip.address>
   ServerAdmin webmaster@yourwebsite.net
   ServerName www.yourwebsite.net
   ProxyPass / http://www.yourwebsite.net/
   ProxyPassReverse / http://www.yourwebsite.net/
   ErrorLog /var/log/apache/yourwebsite.net/error_log
   TransferLog /var/log/apache/yourwebsite.net/access_log
<VirtualHost>

<VirtualHost your.external.ip.address:443>
   ServerAdmin webmaster@yourwebsite.net
   ServerName secure.yourwebsite.net
   ProxyPass / http://secure.yourwebsite.net/
   ProxyPassReverse / http://secure.yourwebsite.net/
   SSLEngine on
   SSLCertificateFile /path/to/certfile
   SSLCertificateKeyfile /ditto/for/keyfile.key
   ErrorLog /var/log/apache/secure.yourwebsite.net/error_log
   TransferLog /var/log/apache/secure.yourwebsite.net/access_log
</VirtualHost>

←July→

Sun	Mon	Tue	Wed	Thu	Fri	Sat
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31

About
Nix Bits, Notes about life, *nix, and other stuff.

Scott Harney    (GPG key)
<scott_harney@yahoo.com>

Wedding
I got married on 9/4/2004. So click for details, already.

Resume
An online copy of my resume. This resume is suitable for printing but also contains clickable links providing more detail. Just mouse over the bullet items.

Photo Album
Lots and lots of family pictures.

Archives

• 2003 (20)
  • February (11)
  • March (7)
  • May (1)
  • July (1)
• 2004 (7)
  • March (3)
  • April (2)
  • August (1)
  • October (1)
• 2005 (34)
  • January (12)
  • February (1)
  • March (2)
  • April (2)
  • May (1)
  • June (1)
  • September (12)
  • October (2)
  • December (1)
• 2006 (5)
  • April (2)
  • May (2)
  • June (1)

Search

Bookmarks
My del.icio.us bookmarks

Subscribe
Subscribe to a syndicated feed of my weblog, brought to you by the wonders of RSS or Atom.

Old stuff
Links and writings from the older version of this site
Old stuff