Now a few weeks settling for carbonation.
2 full cases plus 3 bottles, not a bad yield.
The final gravity is 1.020 so it did not ferment off much more. Thats good, that just means the fermentable sugars are pretty much all digested. Its a little sweet but not too bad. Very smooth, a little oaky ( go fig! ) and you can really tell the difference with the Glenlivet. I think this recipe is done - probably will not change it.
Need to archive off a few bottles plus keep from giving away too much of this one. Speak up now for forever hold your peace!
Monday, April 20, 2009
Monday, February 9, 2009
cd /pub; more beer
A short while ago I picked up a really great book from the local homebrew supply shop. Extreme brewing ( http://store.dogfish.com/item/Extreme_Brewing/796/for_your_reading_pleasure/40/index.htm) by Sam Calagione over at dogfish head. I picked this book up for a few reasons:
1) It was the first homebrew book I had seen which discussed the use of oak chips and beer
2) The book has recipes to some of my favorite beers ( no, not just ones from Dog Fish Head! )
3) It has the recipe for Midas Touch :-> ( http://en.wikipedia.org/wiki/Midas_Touch_Golden_Elixir )
I got an idea from a few different sources:
1) The local brewery Barleys, they make a beer called Jack Frost which is a winter ale aged in a Jack Daniels cask
2) There is a recipe in the Extreme Brewing book which discusses using oak chips soaked in Port
3) I really love whisky!
Here is the idea:
Take a basic recipe - in this case the nut brown ale recipe from Dog Fish Head. Then take oak chips soaked in some kind of whisky - add to the secondary fermenter for a while. I tried this idea out 8 months ago or so with Jack Daniels whisky. I must say, it was one of my best brews to date. All of my friends and family ask me: When are you making that whisky beer again?
Well, Here we go. It has been brewed!
The recipe ( slightly modified from the original )
2lbs 2-row barley
10oz British amber malt
10oz chocolate malt
2oz roasted barley
2 cans light lme ( Alexanders I believe )
2lbs dark amber honey
1/2 oz warrior hops for the boil
1oz vanguard hops, last 15 minutes
I toasted some oak chips. Very simple, covered a cookie pan with aluminum foil, dropped the chips onto the tray and then cover with aluminum foil. Cook over a flame for about 15 minutes and then leave to cool. Some of the chips were pretty charred, some were not - which is ok that is what I want. Once the chips cooled, I tossed them into an air-tight canister along with 2oz or so of Glenlivet 12-year whisky ( I know, to some this is alcohol abuse but hey, its got a purpose! )
The recipe called for ringwood yeast but the local brew supply did not have this strain. I picked up the Wyeast 1028 London yeast which should be fairly close - we'll see.
Upon racking, the beer had a pretty strong foam on top. I assume this to be the protein rich brew. I awoke the next morning to the wonderful aroma of the digestion gasses of the yeast. The wife hates it - personally I love it :-> Beer had a nice rocky head and the airlock was going bonkers.
The steps still remaining for this batch:
1) Transfer to the secondary fermenter
2) Add the oak chips ( drain the whisky off, should cut down on sediment )
3) Leave in the secondary for at least 2 months - maybe more
I think the really long stay in the secondary should help this batch ferment out fully. The original gravity was 1.080 or so, but the temp may have been a little higher than the hydrometer accounted for. The difference is probably almost nothing.
1) It was the first homebrew book I had seen which discussed the use of oak chips and beer
2) The book has recipes to some of my favorite beers ( no, not just ones from Dog Fish Head! )
3) It has the recipe for Midas Touch :-> ( http://en.wikipedia.org/wiki/Midas_Touch_Golden_Elixir )
I got an idea from a few different sources:
1) The local brewery Barleys, they make a beer called Jack Frost which is a winter ale aged in a Jack Daniels cask
2) There is a recipe in the Extreme Brewing book which discusses using oak chips soaked in Port
3) I really love whisky!
Here is the idea:
Take a basic recipe - in this case the nut brown ale recipe from Dog Fish Head. Then take oak chips soaked in some kind of whisky - add to the secondary fermenter for a while. I tried this idea out 8 months ago or so with Jack Daniels whisky. I must say, it was one of my best brews to date. All of my friends and family ask me: When are you making that whisky beer again?
Well, Here we go. It has been brewed!
The recipe ( slightly modified from the original )
2lbs 2-row barley
10oz British amber malt
10oz chocolate malt
2oz roasted barley
2 cans light lme ( Alexanders I believe )
2lbs dark amber honey
1/2 oz warrior hops for the boil
1oz vanguard hops, last 15 minutes
I toasted some oak chips. Very simple, covered a cookie pan with aluminum foil, dropped the chips onto the tray and then cover with aluminum foil. Cook over a flame for about 15 minutes and then leave to cool. Some of the chips were pretty charred, some were not - which is ok that is what I want. Once the chips cooled, I tossed them into an air-tight canister along with 2oz or so of Glenlivet 12-year whisky ( I know, to some this is alcohol abuse but hey, its got a purpose! )
The recipe called for ringwood yeast but the local brew supply did not have this strain. I picked up the Wyeast 1028 London yeast which should be fairly close - we'll see.
Upon racking, the beer had a pretty strong foam on top. I assume this to be the protein rich brew. I awoke the next morning to the wonderful aroma of the digestion gasses of the yeast. The wife hates it - personally I love it :-> Beer had a nice rocky head and the airlock was going bonkers.
The steps still remaining for this batch:
1) Transfer to the secondary fermenter
2) Add the oak chips ( drain the whisky off, should cut down on sediment )
3) Leave in the secondary for at least 2 months - maybe more
I think the really long stay in the secondary should help this batch ferment out fully. The original gravity was 1.080 or so, but the temp may have been a little higher than the hydrometer accounted for. The difference is probably almost nothing.
Thursday, January 29, 2009
the quest for web security
For a while now, I've often wondered just how secure my home stuff is. One area I've been wanting to tinker with is web traffic. The idea is, how difficult would it be to find and secure at least some of the content.
Idea 1: DNS
There are plenty of ways to prevent malware and adverts. If the dns resolves to localhost, or, say - your own internal web server for logging purposes... Kinda cool, but it seems as though this is not really being maintained anymore - not sure why, will have to research this one more.
Idea 2: Firefox plugins
NoScript is really cool. NoScript in combination with adblock and a few list subscriptions is fairly effective.
... todo, more content ...
Idea 3: Content filtering
For a while now I've protected my external apache instances with mod_security. I wondered though - could I apply mod_security within a virtual server and mod_proxy in combination?
If interested, this is how you could do it:
---- begin config block ----
LoadFile /usr/lib/libxml2.so.2
LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so
Include rules.d/modsecurity_crs_10_config.conf
Listen 3129
#ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/var/www/html"
ServerName someServer.somewhere
ErrorLog logs/proxy-error_log
CustomLog logs/proxy-access_log common
ProxyRequests On
ProxyVia On
Order deny,allow
Deny from all
Allow from 192.168.1.0/24
# Example configuration file for the mod_security Apache module
# This is the ModSecurity Core Rules Set.
Include rules.d/modsecurity_crs_20_protocol_violations.conf
Include rules.d/modsecurity_crs_21_protocol_anomalies.conf
Include rules.d/modsecurity_crs_23_request_limits.conf
Include rules.d/modsecurity_crs_30_http_policy.conf
Include rules.d/modsecurity_crs_35_bad_robots.conf
Include rules.d/modsecurity_crs_40_generic_attacks.conf
Include rules.d/modsecurity_crs_45_trojans.conf
Include rules.d/modsecurity_crs_50_outbound.conf
#Include rules.d/optional_rules/modsecurity_crs_20_protocol_violations.conf
Include rules.d/optional_rules/modsecurity_crs_40_generic_attacks.conf
#Include rules.d/optional_rules/modsecurity_crs_42_tight_security.conf
#Include rules.d/optional_rules/modsecurity_crs_21_protocol_anomalies.conf
Include rules.d/optional_rules/modsecurity_crs_42_comment_spam.conf
Include rules.d/optional_rules/modsecurity_crs_55_marketing.conf
---- end config block ----
Well, yes - it works quite nicely. The funny thing is, I started blocking all kinds of traffic. I thought it interesting to play around with their console application so I went to download it.
What do I notice while loading the page?
==> proxy-access_log <==
192.168.1.103 - - [29/Jan/2009:22:50:08 -0500] "CONNECT bsn.breach.com:443 HTTP/1.1" 200 -
==> modsec_audit.log <==
--fecc3827-A--
[29/Jan/2009:22:50:14 --0500] GeYs9MCoAZIAADzjiu0AAAAJ 192.168.1.103 53990 192.168.1.146 3129
--fecc3827-B--
CONNECT bsn.breach.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2 Ubiquity/0.1.5
Proxy-Connection: keep-alive
Host: bsn.breach.com
--fecc3827-F--
HTTP/1.1 200 OK
--fecc3827-H--
Message: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/httpd/rules.d/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"]
Message: Warning. Match of "rx ^((?:(?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [file "/etc/httpd/rules.d/modsecurity_crs_30_http_policy.conf"] [line "37"] [id "960032"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [tag "POLICY/METHOD_NOT_ALLOWED"]
Apache-Handler: proxy-server
Stopwatch: 1233287408659700 5664183 (266 3214 -)
Producer: ModSecurity for Apache/2.5.2 (http://www.modsecurity.org/); core ruleset/1.6.0.
Server: Apache/2.2.3 (CentOS)
--fecc3827-K--
SecRule "&REQUEST_HEADERS:Accept" "@eq 0" "phase:2,chain,skip:1,log,auditlog,msg:'Request Missing an Accept Header',severity:2,id:960015,tag:PROTOCOL_VIOLATION/MISSING_HEADER"
SecRule "REQUEST_METHOD" "!@rx ^OPTIONS$" "phase:2,log,pass,t:none"
SecRule "&REQUEST_HEADERS:Content-Type" "@eq 0" "phase:2,pass,chain,log,auditlog,msg:'Request Containing Content, but Missing Content-Type header',id:960904,severity:4"
SecRule "REQUEST_METHOD" "!@rx ^((?:(?:POS|GE)T|OPTIONS|HEAD))$" "pass,status:501,phase:2,log,auditlog,msg:'Method is not allowed by policy',severity:2,id:960032,tag:POLICY/METHOD_NOT_ALLOWED"
--fecc3827-Z--
Yep, the mod_security ruleset is cutting some of the traffic from Breach Security - the makers of mod_security :-> Too funny!
It also handily blocks some other stuff. Since I configured my mac to use the proxy, it blocks apple's auth servers, mobile me ( which I am tinkering with as well - interesting but probably won't stick with it ), a whole bunch of odd stuff while downloading web pages and a few other things.
Oh, and if you throw in the in-memory caching on the proxy content the over-head of the mod_security is very nicely realized. I noticed response/load times improved a good bit.
This goes into the virtual server def:
CacheEnable mem /
MCacheSize 1024
MCacheMaxObjectCount 100
MCacheMinObjectSize 1
MCacheMaxObjectSize 2048
Funny thing, I had to turn off the proxy so I could publish the post. Guess I won't be leaving this on until I can debug it more. Still pretty cool!
Idea 1: DNS
There are plenty of ways to prevent malware and adverts. If the dns resolves to localhost, or, say - your own internal web server for logging purposes... Kinda cool, but it seems as though this is not really being maintained anymore - not sure why, will have to research this one more.
Idea 2: Firefox plugins
NoScript is really cool. NoScript in combination with adblock and a few list subscriptions is fairly effective.
... todo, more content ...
Idea 3: Content filtering
For a while now I've protected my external apache instances with mod_security. I wondered though - could I apply mod_security within a virtual server and mod_proxy in combination?
If interested, this is how you could do it:
---- begin config block ----
LoadFile /usr/lib/libxml2.so.2
LoadModule security2_module modules/mod_security2.so
LoadModule unique_id_module modules/mod_unique_id.so
Include rules.d/modsecurity_crs_10_config.conf
Listen 3129
#ServerAdmin webmaster@dummy-host.example.com
DocumentRoot "/var/www/html"
ServerName someServer.somewhere
ErrorLog logs/proxy-error_log
CustomLog logs/proxy-access_log common
ProxyRequests On
ProxyVia On
Order deny,allow
Deny from all
Allow from 192.168.1.0/24
# Example configuration file for the mod_security Apache module
# This is the ModSecurity Core Rules Set.
Include rules.d/modsecurity_crs_20_protocol_violations.conf
Include rules.d/modsecurity_crs_21_protocol_anomalies.conf
Include rules.d/modsecurity_crs_23_request_limits.conf
Include rules.d/modsecurity_crs_30_http_policy.conf
Include rules.d/modsecurity_crs_35_bad_robots.conf
Include rules.d/modsecurity_crs_40_generic_attacks.conf
Include rules.d/modsecurity_crs_45_trojans.conf
Include rules.d/modsecurity_crs_50_outbound.conf
#Include rules.d/optional_rules/modsecurity_crs_20_protocol_violations.conf
Include rules.d/optional_rules/modsecurity_crs_40_generic_attacks.conf
#Include rules.d/optional_rules/modsecurity_crs_42_tight_security.conf
#Include rules.d/optional_rules/modsecurity_crs_21_protocol_anomalies.conf
Include rules.d/optional_rules/modsecurity_crs_42_comment_spam.conf
Include rules.d/optional_rules/modsecurity_crs_55_marketing.conf
---- end config block ----
Well, yes - it works quite nicely. The funny thing is, I started blocking all kinds of traffic. I thought it interesting to play around with their console application so I went to download it.
What do I notice while loading the page?
==> proxy-access_log <==
192.168.1.103 - - [29/Jan/2009:22:50:08 -0500] "CONNECT bsn.breach.com:443 HTTP/1.1" 200 -
==> modsec_audit.log <==
--fecc3827-A--
[29/Jan/2009:22:50:14 --0500] GeYs9MCoAZIAADzjiu0AAAAJ 192.168.1.103 53990 192.168.1.146 3129
--fecc3827-B--
CONNECT bsn.breach.com:443 HTTP/1.1
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.1b2) Gecko/20081201 Firefox/3.1b2 Ubiquity/0.1.5
Proxy-Connection: keep-alive
Host: bsn.breach.com
--fecc3827-F--
HTTP/1.1 200 OK
--fecc3827-H--
Message: Warning. Match of "rx ^OPTIONS$" against "REQUEST_METHOD" required. [file "/etc/httpd/rules.d/modsecurity_crs_21_protocol_anomalies.conf"] [line "41"] [id "960015"] [msg "Request Missing an Accept Header"] [severity "CRITICAL"] [tag "PROTOCOL_VIOLATION/MISSING_HEADER"]
Message: Warning. Match of "rx ^((?:(?:POS|GE)T|OPTIONS|HEAD))$" against "REQUEST_METHOD" required. [file "/etc/httpd/rules.d/modsecurity_crs_30_http_policy.conf"] [line "37"] [id "960032"] [msg "Method is not allowed by policy"] [severity "CRITICAL"] [tag "POLICY/METHOD_NOT_ALLOWED"]
Apache-Handler: proxy-server
Stopwatch: 1233287408659700 5664183 (266 3214 -)
Producer: ModSecurity for Apache/2.5.2 (http://www.modsecurity.org/); core ruleset/1.6.0.
Server: Apache/2.2.3 (CentOS)
--fecc3827-K--
SecRule "&REQUEST_HEADERS:Accept" "@eq 0" "phase:2,chain,skip:1,log,auditlog,msg:'Request Missing an Accept Header',severity:2,id:960015,tag:PROTOCOL_VIOLATION/MISSING_HEADER"
SecRule "REQUEST_METHOD" "!@rx ^OPTIONS$" "phase:2,log,pass,t:none"
SecRule "&REQUEST_HEADERS:Content-Type" "@eq 0" "phase:2,pass,chain,log,auditlog,msg:'Request Containing Content, but Missing Content-Type header',id:960904,severity:4"
SecRule "REQUEST_METHOD" "!@rx ^((?:(?:POS|GE)T|OPTIONS|HEAD))$" "pass,status:501,phase:2,log,auditlog,msg:'Method is not allowed by policy',severity:2,id:960032,tag:POLICY/METHOD_NOT_ALLOWED"
--fecc3827-Z--
Yep, the mod_security ruleset is cutting some of the traffic from Breach Security - the makers of mod_security :-> Too funny!
It also handily blocks some other stuff. Since I configured my mac to use the proxy, it blocks apple's auth servers, mobile me ( which I am tinkering with as well - interesting but probably won't stick with it ), a whole bunch of odd stuff while downloading web pages and a few other things.
Oh, and if you throw in the in-memory caching on the proxy content the over-head of the mod_security is very nicely realized. I noticed response/load times improved a good bit.
This goes into the virtual server def:
CacheEnable mem /
MCacheSize 1024
MCacheMaxObjectCount 100
MCacheMinObjectSize 1
MCacheMaxObjectSize 2048
Funny thing, I had to turn off the proxy so I could publish the post. Guess I won't be leaving this on until I can debug it more. Still pretty cool!
Saturday, January 17, 2009
if at first you don't succede
I have a semi-interesting post regarding a brew I came up with a while back. I modeled the batch off of a really nice beer - Tommy Knocker Maple beer ( http://tommyknocker.com/ourBeer.html#mapleNut )
I brewed this beer ... dunno, I know it has been 1.5 years because I brewed it about the time I moved into my current apartment - pretty much right when we moved in. When I was adding in the maple I accidentally added too much. The recipe called for 1 or 2 cups, I put in about double :-> Oops!
Well, when I fermented it it was nice. You could really smell the maple. When I bottled it and sampled the first one a few weeks later, it was pretty much un-drinkable. The maple was just so over-powering. It did not sour or get spoiled - it just did not taste good :-> I mentioned this to a friend of mine and his comment was rather fun! "Ah, just throw it in a case and toss it into the closet for a year. It'll mellow out.
Well, sure enough it has mellowed out nicely. Actually tastes ok ( though a tad sweet ).
Cheers! viva la laziness!
I brewed this beer ... dunno, I know it has been 1.5 years because I brewed it about the time I moved into my current apartment - pretty much right when we moved in. When I was adding in the maple I accidentally added too much. The recipe called for 1 or 2 cups, I put in about double :-> Oops!
Well, when I fermented it it was nice. You could really smell the maple. When I bottled it and sampled the first one a few weeks later, it was pretty much un-drinkable. The maple was just so over-powering. It did not sour or get spoiled - it just did not taste good :-> I mentioned this to a friend of mine and his comment was rather fun! "Ah, just throw it in a case and toss it into the closet for a year. It'll mellow out.
Well, sure enough it has mellowed out nicely. Actually tastes ok ( though a tad sweet ).
Cheers! viva la laziness!
Subscribe to:
Posts (Atom)