Saturday, January 26, 2013

Brake drum blacksmith forge

Ended up working some long hours earlier this week.  That usually means when the weekend comes around I dive into a project to clear my mind.

For the past few weeks I've been collecting the pieces for my blacksmith forge.  As I thought through the design I'd stop by Home Depot or Lowes on my way home from work to buy another piece.  I'd sneak a hair dryer into the garage (don't tell my wife).  I set aside the old brake rotors I took off my truck last summer.  Bought untreated bolts, sheet metal, etc...

 The last pieces came in the mail on Wednesday: two-inch black-pipe flanges.  Amazon prime is great for buying odd  hard to find stuff, shipping is free on anything coming directly from their warehouses. The home improvement stores did had the right size flanges, but they were galvanized.  A note if you ever try something like this, galvanized metal and for that matter any zinc coated metal will create zinc fumes when heated to high temperatures.  Zinc is normally great for the body (it's even in cough drops), but when burned it creates zinc fumes. When these are inhaled they can cause fever, chills, nausea, headache, fatigue, muscle aches, joint pains, shortness of breath, chest pain, cough, a burning sensation in the body, shock, no urine output, collapse, convulsions, shortness of breath, yellow eyes or yellow skin, rash, vomiting, watery or bloody diarrhea, low blood pressure, and ... death if untreated.  All of those sound like things I'd like to avoid.  For that reason I took pains to ensure the entire forge is built from untreated metal.  I'd probably be fine with a few zinc bolts of flanges in there, but I've gained more patience as I get older.  There was no pressing reason to take short cuts.

The design is straight forward.  Two inch pipe is used for the frame and to direct air to the firepot which is a brake rotor bolted to a pipe flange.  In theory the ashes should fall and collect in the bottom of the vertical pipe which has a removable plug on the bottom for cleaning.  The hair dryer provides more than enough air (maybe too much) and is connected to the horizontal pipe with a rubber coupling.  I cut and drilled some sheet metal to form a grate in the bottom of the fire pot.  I intentionally made it very tight fitting so I ended up just pounding it in the last few centimetres to the bottom of the pot and around the bolts. I expect that as I use the forge more this metal will slacken and lay in there even nicer than it does now.  I reinforced the bottom of the grate with some round stock I bent into a zigzag pattern, so the grate is probably overbuilt.The cooling fins in the brake rotor made a perfect place to insert a bar to hold the workpiece or tools as shown here.

It only took two hours to cut, drill, bolt, and screw everything together.  During the first uses, the vertical pipe remained cool 10 or 12 inches below the firepot.  I could keep my fingers on it until 2 or 3 inches below the pot even after running the forge for an hour.  I think this is going to work out great.  Currently I only have a 9lb anvil that I got for free, but if the forge works out this summer I'll keep an eye out for a larger one.

Some future improvements to the forge include a larger area to hold fuel at the ready, probably a small sheet metal tray I'll bolt to the side of the pot.  Maybe I'll come across an old baking pan. I probably won't add a chimney or anything fancy to it since I'll only be using it outside. I should be set for making all sorts of metal projects this coming summer.  Stay tuned.

If you're interested in making your own, there are many different designs of forges on youtube or the web.  I've seen functioning ones made from old sinks, brake drums, stoves, etc.  The fun part is working with the materials that are available to you and making something from junk.

Brake Drum Forges on Youtube



Wednesday, January 9, 2013

URL Watermarking



There are times when it's useful to change a URL without changing where it goes to.  I just had to help somebody do this, so I'm capturing some of the nuance here.

The web has been developed iteratively over time evolving new capabilities while maintaining backwards compatibility with older ones.  HTTP, the fundamental way that we push data around the web, is inherently a stateless protocol.  This is great because it allows for easy fault tolerance and scalability but means that sometimes we get into funny situations with dynamically generated content.  Things get especially interesting when taking into consideration things like browser caches, proxies, and access control systems.  

If you’ve ever been designing a system and had to ask a user to refresh their browser to see that they’ve logged out or to get a dynamic update onto their screen, you know what I mean.  Redirecting to a modified URL will cause the browser to refresh stale caches.  This is typically easier to implement than messing with headers which is a more traditional way of doing this.

Another time when this comes in handy is when “digitally watermarking” URLs that you distribute.  By changing the URL without functionally changing where it goes you can gather more accurate metrics about what distribution methods were most effective.  For example if you post the same link on your blog and on twitter and want to see which got the most hits using a service like Bitly.

How to do this depends a lot on how the web server is set up and what kind of things it will or will not tolerate.  Here’s some easy approaches/rules for changing URLs.  I’ll spare the technical details for why this works and just present how to do it.

If there’s no question mark in the URL, then add a question mark to the URL and then a number (any number, this is your watermark).

www.abc.com/something.html?12345


 If there is already a question mark in the link then add an ampersand to the end of the URL and then your number.

www.abc.com/something.html?alreadyhere=something&12345


If both of these methods result in an error, try using a pound sign instead.

www.abc.com/something.html#12345

All of these should go to the root URL, but provide a unique watermark in your logs which you can look at to see how the person found your link.  Were they forwarded that email you sent it out in or did they click on the link from your blog?  Seeding these innocuous numbers will allow you to figure it out.

Tuesday, January 1, 2013

Attempting to steal your secrets

A friend sent me a note that United States Defense Security Service (DSS) just released their counter intelligence threat trends report for 2011.  For the uninitiated, counter intelligence is the spy vs spy stuff.  It's our military and intelligence trying to determine how and what other intelligence agencies are collecting against them.  The trends report is unclassified and openly shared because it's designed to inform everybody what to be alert for.  It's written for those working around US Govt information but it applies to pretty much everybody working at any company that has trade secrets.


75 page report:
http://www.dss.mil/documents/ci/2012-unclass-trends.pdf

18 slide summary:
http://www.dss.mil/documents/ci/2012-unclass-Trends-Brief.pdf

My summary of the summary:
Interestingly IT was at the top of the list and way up from last year.  This is funny because it seems a popular trend is for the US Gov to open source and publish papers about all the interesting stuff anyway.

http://en.wikipedia.org/wiki/Apache_Accumulo
http://www.nsa.gov/ia/_files/Mobility_Capability_Pkg_(Version_1.1U).pdf
http://www.openstack.org/

Requests For Information (RFIs) were one of the methods they were gathering intelligence, aside from trying to buy the stuff (AAT).  Asking about something and trying to buy it is still the best way to to learn the technology, nothing new here.

Suspicious contact reports were way up from the previous year.  This is partly due to a change in the definition of what constitutes an SCR but 75% still seems like a lot.

I did ctrl-f to search in the report and "social media" "facebook" "linkedin" "twitter" returned no results.  One mention of "social" in the context of "social network".  Maybe the other info about social media MO are classified, in either case I was disappointed they didn't address that more in the report.  Suspicious profiles trying to linkedin targets is one of the most common things I hear of.  It's best policy to only friend folks you know personally on social networks.

Recruiters and "head hunters" are the worst at this random-friending.  On that note, if you have proprietary, trademarked, trade secrets, or sensitive information rattling around in your head please don't spew it all out in an interview.  Talk about your competencies, not the details of your last project.  I'm often shocked about what people will tell me during interviews ostensibly to impress me.  They don't.  If they can't protect the last company's information why would I think they'd have any sort of loyalty to our team?   On the other side of the table, having gone through a few interviews several months ago, I was also shocked at how much information interviewers will provide about their company to potential hires!  I am not a lawyer and this is not legal advice, but here's a dirty and dangerous secret about proprietary information: if it's released in a public forum or in a conversation with a person without an NDA it becomes more difficult to hold people you do have NDAs with accountable for releasing it.  It, in essence, has become public information.  Oh... and another thing: that generic NDA your company has been reusing for the last decade isn't very effective anyway. Why Generic Non-Disclosure Agreements Don't Work  

If you do business, something you should also know about is denied party screening (and the legal requirements to do so especially during international dealings).  Here's a useful web site for helping to check if somebody is legit or not:
http://www.bis.doc.gov/complianceandenforcement/unauthorizedparties.htm


Hope this information helps.  If you find my blog useful or entertaining, don't forget to subscribe and receive updates.