Cosmo’s power pancakes, metric edition

I’m a huge fan of Carla Lalli’s Music’s pancakes (aka Bin It to Win It Pancakes aka Cosmo’s Power Pancakes). We make them a bunch, and have fed them to appreciative family and friends.

Carla initially shared the recipe in a Bon Appetit video from April 2017. The recipe was approcumented by a sketchy recipe blogger and a revised version was printed in Where Cooking Begins.

There’s only one problem with this recipe: it calls for 1.5 cups of buttermilk, and buttermilk comes in quarts. Rather than have the buttermilk go to waste, we, of course … make more pancakes.

Unfortunately, the combination of legacy heirloom units and odd fractions leads to some weird quantities, like ⅓ x 2 ⅔ = ⁸⁄₉ = 0.88578 cups of coconut oil.

Being both Canadian and someone who is used to weight-based baking recipes, I knew there was a better way.

With the help of the King Arthur Ingredient weight chart and my handy scale, I converted the recipe to metric and multiplied by 2.66.

I present you with an easy way to use your scale and a whole quart of buttermilk to make a lot of pancakes. (They freeze well.)

IngredientUnofficialVideoMetricMultiplied outWhere Cooking BeginsMetricMultiplied out
Coconut oil0.33 cup0.25 cup79ml210 ml2 tbsp butter28g113g
Oats0.33 cup?30g80g0.33 cup30g80g
Buttermilk1.5 cups?354 ml945 ml 1.5 cups354 ml945 ml
AP Flour1 cup1 cup120g320g0.75 cup90g240g
WW Flour0.5 cups0.5 cups57g150g0.75 cup85g225g
Baking powder1.5 tsp1.5 tsp6g16g1 tsp4g11g
Baking soda0.5 tsp0.5 tsp3g8g1 tsp6g16g
Salt0.5 tsp?1g4g0.5 tsp1g4g
Sugar1 tbspLittle bit12g33g1 tbsp12g33g
Flax0.25 cup?35g93g2 tbsp17g47g
Chia0.25 cup?61g162g0.33 cup81g216g
Eggs2?525

Directions

Tools needed

  • Medium and large bowls
  • Scale
  • Whisk, spatula, scoop
  • Skillet or griddle
  • Microwave- or oven-safe measure to melt coconut oil

Prepare

  • Measure and melt the 210ml coconut oil
  • Heat a skillet on medium heat and grease with additional coconut oil

In a medium bowl

  • Soak the oats in buttermilk

In a large bowl

  • Combine the dry ingredients: mix all-purpose flour, whole wheat flour, baking powder, baking soda, salt, sugar, flax and chia

In the medium bowl

  • Add eggs and melted coconut oil (to buttermilk and oats)
  • Whisk together

Combine everything

  • Pour the wet ingredients in to the large bowl
  • Stir with spatula to combine

Cook

  • Cooking time is approximately 90 seconds per side, depending on the size of the pancake. Adjust your cooktop temperature if they’re cooking too slow or too fast.

Notes

  • Salt is based on Diamond Crystal kosher salt. If you’re using Morton’s kosher salt, double the amount of salt provided.
  • For additional background, see Carla’s recipe notes and the buttermilk pancake recipe she used as a starting point.

HOWTO fix ActiveRecord migration NoMethodError in Rails 5.2

Ruby on Rails 5.2 changed the method signature for ActiveRecord::Migrator.migrate().

The old signature was this:

def migrate(migrations_paths, target_version = nil, &block)

The new signature is this:

def migrate(target_version = nil, &block)

Suppose you had some Rails 5.1 code like so:

ActiveRecord::Migrator.migrate(
  ActiveRecord::Tasks::DatabaseTasks.migrations_paths,
  version,
)

If you ran it in Rails 5.2, you would get this error:

NoMethodError: undefined method `migrate' for ActiveRecord::Migrator:Class

In Rails 5.2, you would write:

ActiveRecord::MigrationContext.new( ActiveRecord::Tasks::DatabaseTasks.migrations_paths ).migrate( version )

HOWTO move WordPress from MyISAM to InnoDB

When importing an old WordPress database, it may have tables in MyISAM. You can convert them to InndoDB in MySQL like so:

ALTER TABLE wp_commentmeta ENGINE=InnoDB;
ALTER TABLE wp_comments ENGINE=InnoDB;
ALTER TABLE wp_links ENGINE=InnoDB;
ALTER TABLE wp_options ENGINE=InnoDB;
ALTER TABLE wp_postmeta ENGINE=InnoDB;
ALTER TABLE wp_posts ENGINE=InnoDB;
ALTER TABLE wp_term_relationships ENGINE=InnoDB;
ALTER TABLE wp_term_taxonomy ENGINE=InnoDB;
ALTER TABLE wp_termmeta ENGINE=InnoDB;
ALTER TABLE wp_terms ENGINE=InnoDB;
ALTER TABLE wp_usermeta ENGINE=InnoDB;
ALTER TABLE wp_users ENGINE=InnoDB;

If you run into errors like this:

ERROR 1067 (42000): Invalid default value for 'user_registered'

It’s because of the SQL mode. You need to remove NO_ZERO_DATE from the mode. First, see what SQL mode you have set:

select @@sql_mode \G
*************************** 1. row ***************************
@@sql_mode: ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION

Then, set it to everything except NO_ZERO_DATE. In my case, that is:

set SQL_MODE='ONLY_FULL_GROUP_BY,STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION';

This setting is temporary, and will go away as soon as you exit the MySQL client.

Now, re-run the ALTER TABLE statements above.

Journalism Resources

Education and Training

Publications

News Organizations

Professional Associations and Consortia

Press Freedom

Tools

Miscellaneous

Password rotation is dumb

Many organizations have policies requiring you to change your passwords every 90 days. These policies are dumb, and make security worse.

The following material should help you fight back against this nonsense. You don’t have to believe Paul Schreiber, but you should believe NIST, the FTC and the UK’s NSCS.

NIST

In 2016, the National Institute for Standards and Technology came out with a new set of password guidelines. The formal document is “NIST Special Publication 800-63B Digital Identity Guidelines: Authentication and Lifecycle Management.”

§ 5.1.1.2 states:

“Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).

memorized secrets is NIST-speak for passwords.

Chester Wisniewski provides an excellent plain-English summary of all of NIST’s recommendations (not just password rotation).

NCSC

The UK’s Nation Cyber Security Center writes:

CESG now recommend organisations do not force regular password expiry. We believe this reduces the vulnerabilities associated with regularly expiring passwords (described above) while doing little to increase the risk of long-term password exploitation. Attackers can often work out the new password, if they have the old one. And users, forced to change another password, will often choose a ‘weaker’ one that they won’t forget.

FTC

Lorrie Cranor, the US Federal Trade Commission’s Chief Technologist writes:

I go on to explain that there is a lot of evidence to suggest that users who are required to change their passwords frequently select weaker passwords to begin with, and then change them in predictable ways that attackers can guess easily. Unless there is reason to believe a password has been compromised or shared, requiring regular password changes may actually do more harm than good in some cases. (And even if a password has been compromised, changing the password may be ineffective, especially if other steps aren’t taken to correct security problems.)

She has a formal academic paper on the topic, “Measuring Password Guessability for an Entire University.

How to register a Kindle DX in 2018

I recently repaired a Kindle DX for a friend. As part of that, I reset it to factory defaults. When I went to register it so it would connect to his Amazon Account, I received the following error:

Your Kindle is unable to connect at this time. Please try again later. If the problem persists, please restart your Kindle from the menu in Settings and try again.

I confirmed the Kindle was running the latest software. Some chatter on the Internet suggested Amazon had disabled (re)registration for older Kindles, but that turned out to be a bug that Amazon had already fixed.

Restarting didn’t fix the problem. Turning wireless on and off didn’t fix the problem. Downloading a free book didn’t fix the problem. Wireless was definitely working — I could browse the Kindle store.

I called Amazon support. They suggested changing the password. That didn’t work. The rep tried deregistering the Kindle and then manually re-adding it to my friend’s account. That didn’t work.

He promised a callback three days later (today). The callback never came.

I called Amazon support again. I explained the situation and asked for an update. The support representatives were anti-helpful. They suggested a factory reset (that’s what got me in to this situation in the first place). I asked for a manager. Twice. Neither supervisor was helpful. One offered me 15% off a new Kindle, which I did not want. The reps would not divulge a case number or ticket number. I eventually was told by “Dorothy” that “Murray” was the person I spoke to on Sunday and he’d call me back.

During the 45-minute call, I did some additional research. It turns out that in addition to updating the Kindle to 2.5.8, you need to install the Kindle Services Update. (See Kindle DX Software Updates.) You can do so via USB from your Mac or PC. (See Transfer & Install Software Updates Manually.)

  1. Download the Kindle Services Update
  2. Copy the update-caupdate-05.bin to the root level of your Kindle
  3. Disconnect your Mac from the Kindle
  4. From Home, press the Menu button, and then select Settings.
  5. Press the Menu button, and then select Update Your Kindle.
  6. Select OK.
  7. Wait for your Kindle to update and restart.

Assuming it’s listed in your Amazon account, your Kindle will automatically reregister itself. If not, register the device manually.

So what is this additional update? A new set of security certificates.

Problems

  • The Kindle gives a generic “unable to connect” error. Nothing about the error message indicates it was problem with certificates. The corrective action it suggested (wait, restart) will fail 100% of the time.
  • Instead of releasing a 2.5.9 update, Amazon released this as a supplemental update. This makes it hard for users to know if the update is installed.
  • Amazon support staff are exceptionally poorly trained and didn’t think to check if I had installed the CA Update.

Using a Dell DRAC5 with a modern browser and OS

The DRAC5 is a remote access card, letting you control a server such as the PowerEdge 300. With it, you can simulate physical access to the machine, viewing the screen on boot, entering commands and cycling power.

Unfortunately, Dell has neglected this aging product. Trying to use it today will lead to errors in modern browsers and Java implementations. Fortunately, they can be worked around.

Clear space on the DRAC5

Before getting started, we want to ensure there is sufficient free space on the remote access card. If there is not sufficient space, the card will fail in strange ways (such as the web interface not loading).

Log in to the remote access card using SSH. Clear the logs:

racadm clrraclog

Restart the device:

racadm racreset

Update the DRAC5 firmware

Download version 1.65 of the firmware. Get the “hard drive” update package. If you’re on a Mac or Linux, you can decompress the .exe with the unzip command:

unzip f_drac5v165_A00.exe

You’ll get one file: firmimg.d5.

  1. Go to the web interface for your DRAC5.
  2. Enter your username and password. Click OK.
  3. On the left-hand side menu, click Remote Access.
  4. Click Choose File. Select firmimg.d5.
  5. Click Update.
  6. Wait for the update to complete and the DRAC card to reboot.

Install a TLS (SSL) certificate

Before you can install a certificate, you need to create a Certificate Signing Request (CSR). By default the Dell DRAC5 uses short, less secure keys for its certificates. This can be fixed with a CLI command.

Log in to the DRAC5 using SSH. Run the following:

racadm config -g cfgRacSecurity -o cfgRacSecCsrKeySize 2048

You should see:

Object value modified successfully

Now, let’s generate CSR and obtain and install the certificate:

  1. Go to the web interface for your DRAC5.
  2. Enter your username and password.Click OK
  3. On the left-hand side menu, click Remote Access.
  4. Click the Configuration tab
  5. Click SSL.
  6. “Generate a New Certificate Signing Request (CSR)” will be selected. Click Next.
  7. Fill out the form and click Generate.
  8. A file named csr.txt will download. Open it up. It will start with -----BEGIN CERTIFICATE REQUEST-----. Ensure the next line starts with MIIC, indicating a 2048-bit key. (If it starts with MIIB, you have a 1024-bit key, and need to run the racadm config command again.)
  9. Go to sslforfree.com. This will let you get a certificate using Let’s Encrypt without having to run your own website.
  10. Enter the hostname of your DRAC5 card. Click Create Free SSL Certificate.
  11. Click Manual Verification (DNS).
  12. Click Manually Verify Domain.
  13. Add the TXT record they specify.
  14. Verify the TXT record.
  15. Check the “I Have My Own CSR” box.
  16. Read the warning and click OK.
  17. Paste the contents of csr.txt in to the text field.
  18. Click “Download SSL Certificate.”
  19. Click “Download All SSL Certificate Files.” A file named sslforfree.zip will be downloaded.
  20. Create an account to get reminded by SSLForFree when the certificate expires (in 90 days).
  21. Unzip sslfofree.zip. You’ll see three files:

    private.key
    ca_bundle.crt
    certificate.crt

  22. Repeat steps 1-5 above.
  23. Click Upload Server Certificate. Click Next.
  24. Click Choose File. Select certificate.crt.
  25. Click Apply. You should see:

    The certificate was uploaded successfully. The DRAC will now reset and the browser will close. Wait for a few minutes before logging back into the DRAC

  26. Click OK.
  27. Wait for DRAC card to reboot.

Downgrade Java security to allow remote access

Modern Java implementations disable older encryption algorithms. Unfortunately, because the DRAC5 does not support modern encryption, you need to manually enable these older method to use the DRAC5 remote console.

To do this, you need to edit the java.security text file. Its location will vary depending on which version of Java you have installed.

On macOS, you will find it in Internet Plug-Ins:

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/java.security
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/conf/security/java.security

The path will vary depending on your version of Java. Java 9.0.4+11 uses conf/security/java.security.

Edit this file. Comment out two lines (add a # at the beginning)

Change:

jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, DES40_CBC, RC4_40

To:

#jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
# EC keySize < 224, DES40_CBC, RC4_40

Change:

jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224

To:

#jdk.certpath.disabledAlgorithms=MD2, MD5, SHA1 jdkCA & usage TLSServer, \
# RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224

Remember to uncomment those lines when you’re done with the DRAC5 remote console.

Add Security Exceptions

  1. Go to System Preferences > Java
  2. In the Java Control Panel, click the Security tab
  3. Click “Edit Site List”
  4. Add both https://hostname and http://ipaddress
  5. Click OK
  6. Click OK

Access remote console

  1. Go to the web interface for your DRAC5.
  2. Enter your username and password. Click OK.
  3. Click the Console tab.
  4. Click Connect. A file named vkvm.jnlp will download.
  5. In Terminal, type javaws vkvm.jnlp.