An upcoming film project requires a gold chain with a medallion.

The chain was 3 dollars and a small hole drilled in a gold button made for an acceptable medallion as long as the button face is facing forward.

The barred owls have been calling and the ruffed grouse have been pounding for the last week. Both are confused by the equal-length days and nights, triggered into spring behaviors for a limited time.

I haven't been tricked by the equinox, but I still find myself thinking of spring around the homestead lately. It's long-sleeved shirt weather in the morning when I gather copious pullet eggs, and I'm even setting out seedlings into the garden. Only in this case, the seedlings are filling in gaps in the winter-greens row, ensuring we have enough Swiss chard and parsley to make it through the long winter ahead.

Of course, other projects will vary. My use of AGPL In git-annex is confined to its webapp, and there's still a significant amount of code there, that would take lots of effort to reimplement. There's very little chance any of the AGPLed code there would ever end up in a client either, and if

some part of it did, I'd relicense it GPL in any case.

Still, it seems a shame if AGPL could only usefully be applied to that style of client-server app, and not to ones that have a more svelte design, like keysafe, or presumably what @Christopher Allan Webber is doing with actors.

My most recent project, keysafe, is AGPLed, and the client and server are part of the same program, and a large amount of code is reused between them including http request generation/parsing, object queuing/storage, proof of work generation/checking, data types, and serialization.

So, I hope that there's not really a good reason to avoid using AGPLed code if it could end up running on the client. That would make development significantly less efficient when there's so much opportunity for server and client to share code.

Or it would limit the AGPLed parts to such a thin shell around the shared code that it might not be much of a barrier to creating a non-AGPLed server implementation. If keysafe's shared code was GPLed and only the server-specific code were AGPLed, a simple non-AGPLed server using the GPLed code be implemented by writing only 2 trivial functions; around 10 lines of code.

Despite being nearly killed back to the ground again last winter, this has been an excellent year for figs. Hot and dry seems to hit the spot for this ancient fruit.

On that note, did you know that figs might be one of the first plants domesticated by man? Archaeologists have found sterile figs dating as far back as 9000 BC, up to a thousand years before the first known cultivation of wheat and rye. Something to think about when you sink your teeth into the next sweet morsel....

Only had a couple hours today, which were spent doing some profiling of git-annex in situations where it has to look through a large working tree in order to find files to act on. The top five hot spots this found are responsible for between 50% and 80% of git-annex's total CPU use in these situations.

The first optimisation sped up git annex find by around 18%. More tomorrow..

These cinder blocks will now absorb the bulk of the weight for our front porch steps.

So far, Aurora is thrilled at my decision to dry Artemesia off. I started the attempt nearly a week ago, but I'm pretty sure our doe is still making just as much milk...only her daughter's getting to drink it all instead of sharing with us humans. Hmmm.... Maybe I need to rethink my dry-down plan.

About a week and a half ago, Artemesia finally decided it was time to wean us. I say "us" because she not only stopped letting Aurora drink endlessly at the milk bar, she also started stamping uncomfortably as I milked her in the morning.

I could easily have pushed through the minor grumpiness, but I figured Artemesia had already done a pretty awesome job as a first freshener. We've enjoyed 17.5 gallons of her milk and her kids have probably gotten twice that much. Time to let her rest for a while so she'll be back in good shape for her Halloweenish breeding.

We got really lucky, with the only significant rain of the last month falling the weekend after my big oat-planting push. Thanks to the wild moisture, the cover crops are up and growing this week, their beds already a nearly complete sea of green.

Planting and mulching 96 garlic bulbs while the morning shade is still in tact.

I've decided to treat my funky tummy as a science-fair project. Here's the summary so far, with technical terms purposefully left out.

Hypothesis 1: Bad bugs took over my gut.

• Experimental protocol: A week of heavy-duty antibiotics followed by a bug-friendly diet heavy in probiotics and bland carbs (brown rice, steamed vegetables, bananas) combined with daily fiber pills.
  
• Results: After a bit of initial improvement, tummy still funky.
• Conclusion: Bugs are not the issue or are not the only issue.
• Note for further study: When I'm off farm and don't take along a fiber pill, I seem to have my best days.
  

Hypothesis 2: Inflamed gut never gets a chance to heal because I keep stuffing irritating, high-fiber food down my gullet.

• Experimental protocol: Low-fiber diet of foods that haven't inflamed my gut in the past (hard-boiled eggs, yogurt, bananas, low-fat hotdogs, chicken breast, tuna) in small meals for breakfast through mid afternoon, then juiced fruits and vegetables for supper to give my gut an extended relaxation period. Imodium as needed to slow things down.
• Results: I'm only two days in, but early signs are very positive.
  

By the way, I continue to appreciate everyone's kind words and good energy! Hopefully I'll be back to having fun homesteading information to report in the near future.

W    I     N     D

f

a

l

l

It will be amazing to be mobile again.  I missed my little Honda so much when she reached her 350,000 some odd mile and I sold her for $200 to a mechanic to fix her expensive leaky oil problem.  

Poverty puts the meaning of a small windfall somewhere outside my normal understanding.  Today was a bit wild in the mind in terms of listing off what I could do with my two new Grover Cleaveland’s.

I have impulses, needs, and the whole in between.  The rare birthday present came from a wonderful family friend.  Then late this afternoon, my brother in law gave me a super idea.  Why not keep it in the family.  I need a car, my Dad has a car for sale.  Perfect. 

Perfect sounding if I can learn how to drive a 5 speed.  Should be fun once I get the hang of it! 

After a month of development, keysafe 0.20160922 is released, and ready for beta testing. And it needs servers.

With this release, the whole process of backing up and restoring a gpg secret key to keysafe servers is implemented. Keysafe is started at desktop login, and will notice when a gpg secret key has been created, and prompt to see if it should back it up.

At this point, I recommend only using keysafe for lower-value secret keys, for several reasons:

• There could be some bug that prevents keysafe from restoring a backup.
• Keysafe's design has not been completely reviewed for security.
• None of the keysafe servers available so far or planned to be deployed soon meet all of the security requirements for a recommended keysafe server. While server security is only the initial line of defense, it's still important.

Currently the only keysafe server is one that I'm running myself. Two more keysafe servers are needed for keysafe to really be usable, and I can't run those.

If you're interested in running a keysafe server, read the keysafe server requirements and get in touch.

The dump bed on the Kubota X900 is a good height for easy wheelbarrow loading.

There's something about the autumnal equinox that makes me want to tunnel into the earth. Without realizing it, we repeated our Bristol Caverns visit on nearly the same date as last year. Does that make it a tradition?

The latest batch of heated chicken waterers will have a nice blue ceramic knob.

Catching up on backlog today. I hope to be back to a regular work schedule now. Unanswered messages down to 156. A lot of time today spent answering questions.

There were several problems involving git branches with slashes in their name, such as "foo/bar" (but not "origin/master" or "refs/heads/foo"). Some branch names based on such a branch would take only the "bar" part. In git annex sync, this led to perhaps merging "foo/bar" into "other/bar" or "bar". And the adjusted branch code was entirely broken for such branches. I've fixed it now.

Also made git annex addurl behave better when the file it wants to add is gitignored.

Thinking about implementing git annex copy --from A --to B. It does not seem too hard to do that, at least with a temp file used inbetween. See transitive transfers.

Today's work was sponsored by Thomas Hochstein on Patreon.

As we near the autumnal equinox, the light is subtly shifting.

I've had several concerned emails/calls from family and friends lately, so I thought I should give a brief followup about my grumpy gut.

The short version --- it's still grumpy. I'm mostly managing to keep diarrhea to a minimum with a (not-quite-so-severely) restricted diet. Meanwhile, I have an appointment with a specialist at the end of the month that I hope will determine the root cause and start me on the path toward healing.

While we wait, Mark has put me on half duty, which keeps me cheerful and prevents exhaustion from eating me alive. During the freed-up time, I've been spending more hours with the goats and have also taken up coloring books. I would have laughed at such structured art years ago, but my writing time uses up all of my creative juices and being able to simply play with colors within an established framework is awfully restful and fun.

Thank you all for your kind wishes!

My mind fluctuates like water, its tides turning, climate setting it frozen or evaporating.

A wise woman asks me how ritual changes my writing lately.  Writing does not separate from thought ever.  So I remember that with my tides and boiling points, glaciers melting into the water, and the moments known as depression.

These feelings for me come in times when motivation is fleeting.  I hold out all of my energy for a job interview with relatively high pay, completely losing my focus in the process because the focus depends on movement in real water.  

My mind’s eye nearly hazed over with thoughts of self hate and tax preparation.  I make a few decisions at once with this clarity.  

I haven’t been swimming enough.  I took time from it for swimmers ear, slouched in a depression, with a cold on the side.  

I am refocusing my life on the thing that brings my mind together, that makes my writing clear, the true ritual that makes me coherent, my swimming.  

In the water, it is impossible not to float.  (At least when you have this much blubber.)

Nothing matters like my body moving through water to my mental health.  Swimming, my gateway to healing, I take you back now, in full force.  I made a promise this year to do 50 miles.  I have swum just 26.  I need to increase my swimming.  

As the plane picks up off the runway, you will feel a moment of exuberance.  Your heart will pound in unity with a souring jet of smiling or bored humans. Connect with this moment.  Remember to breathe.

When I set out in the Capitol city my intention from the get go was to ask an opening question to a person every day for a year. I quickly decided to use the same inquiry, and then narrowed in on my query exactly as I would ask it. My approach was going to be to ponder deeply from the get go, and perhaps that is just as my nature is. But in fact it turns people off from opening to me, so ultimately I narrowed in on a question my mother offered that I would pose three hundred times throughout the year. “Do you like dogs?”

I never thought such a story could unfold in my quest for answers.

Subject One:

Koby is a guest at the hotel I am working and I meet him at the morning prayer vigil that we are holding for the local victims of gun violence. Recently, a crazed man who happened to be black shot into a crowd and was gunned down by police men and women, one of whom got injured. Lately the whole nation has been split, either saying that black lives matter and that attention needs to be placed on the criminal treatment of being black or that all lives matter and that business owners should have better ways to protect themselves.

“Do you like dogs?” I ask at the close of the worship, as if it has anything to do with what we were praying over.

I am not sure how to read his response, which is not uncommon for me. I have trouble making out what others might be thinking or feeling. But sometimes their expressions are dead pan, and that is what I get with Koby but his voice is warm.

“I like dogs. I had a little dog when I was in college actually.”

Then without any real work, he just opens.

“His name was Ruffian. He was a terrier mix. I almost didn’t take him in outside of food service. Some kids were bullying him, throwing things at him, and one of them got up and looked like he was about to kick him. People can be pretty rough. He looked kind of like a mongoose. He was ratty and scruffy and smelled like the poop he had been rolling in actually. I wasn’t the kind of kid who stuck my neck out for anybody especially then. But he looked at me. And I just imagined this was going down in one of two ways. Ruffian was being beaten to a pulp by dumb fucks, or he was going to get a home and I knew I was sly and I could run like hell. That was my plan and it was what I did. I shot out of my seat and I crossed the patio towards Ruffian, and I just grabbed him out of the air and darted off into the distance. He was nursed back to health. I was a lonely kid in college and nobody really knew I had him except my roommate and they got along just fine. He was a medical student and all he ever did was study. Maybe that is more of a story than you wanted. Why did you ask anyway?”

“Oh, I don’t know. I have trouble talking to people. Somebody told me people open up about their pets. You going into the city today?”

“Yes I am.”

“Well you stay safe out there and hydrated. I hear it’s going to be a hot one.”

Then we went on our separate ways, the story of Ruffian vivid between us.

Our last round of fall seedlings is ready to put into the ground. Swiss chard sure is easier to thin when started in a flat indoors where I can nip off excess seedlings while talking on the phone.

We had our first Bigfoot sighting while visiting Sawdust Mountain recently.

They cut up big trees with a large saw and one of the workers was sculpting an impressive likeness of Sasquatch out of a large stub of a tree. 

It's that time of year again. The weather is cooling. The lights are on in the chicken coop. In other words --- it's time to think about winter watering chores!

Once again, we have a very limited run of premade heated bucket waterers available. Mark snags these buckets during his annual winter trip to Ohio so we won't have to pay shipping twice, making it cost-effective to install two nipples in the bottom and send them out for a hundred bucks with free shipping. In other words --- there may be another run in December/January, but otherwise this is all we'll be selling for the year.

Here are the stats:

• 2 gallon volume with two nipples (sufficient for 34 chickens for at least two winter days).
• Nipples keep flowing down to the low teens Fahrenheit and water in the main reservoir stays thawed much longer.
  
• Comes with a lid with a knob for easy removal. (Your unique knob may or may not look like the one in the picture.) In addition, brackets within the bucket prevent your lid from falling in.
• Free shipping within the U.S. (We can't ship these out of the country at all --- sorry!). Your waterer should arrive sometime next week.
  
• Cost: $100

Pulled off the street into Radio Bristol to see the Indigo Girls! Live on air, and I was ten feet from the stage. I've been a fan for 19 years so this was super.

It seems the tape repair I did this Summer could not hold up to Anna yanking the hose so she could relocate a sprinkler station.

The surviving Brussels sprouts bounced back fast after their row-cover trauma. A few are so big, in fact, that I went ahead and topped them to prompt sprout-formation. Looks like we'll have a good crop this year after all

We noticed a fair amount of vole damage to the sweet potatoes.

The goats don't seem to mind and we save the good ones for ourselves.

Maybe the damage would've been a lot worse without Huckleberry killing the voles he's hunted?

This is the final week for oat planting in our neck of the woods, so we're filling up as many garden spots as can easily be turned over to cover crops. In really poor soil that didn't produce as well as I would have liked this summer, I sprinkle the oat seeds over the ground then top them off with solid coating of composted horse manure. Richer soil gets less TLC --- just oats covered by a thin layer of straw meant to hold in moisture and confuse hungry birds.

Add a little water and the seeds sprout fast. The image above shows oats we planted last week in parched soil, then watered well with our impact sprinklers.

Given my continued health issues, I'm not hitting every bed I'd really want to with oats this year. But that's okay --- rye can be planted slowly but surely over the next month and a half to produce similar cover and biomass. The goats don't enjoy grazing rye as much and the rye beds won't be available for spring and early summer planting, but the soil won't mind at all getting to enjoy eight months off covered with rye.

Running gpg --gen-key and about ready to call in the entropy delivery drones.

With one session of Driver's Ed under my belt, Mark certified me to take the Kubota out for a solo adventure. It was pure pleasure to be able to toodle along through the floodplain without worrying about getting stuck in the mud!

I put a little more manure in the bed this time around since I don't think my previous trip got anywhere near the load limit. Three very full wheelbarrow loads was enough to smother a third of the back garden in rich, high-nitrogen fertility.

We harvested about 4 bushel baskets of butternut squash yesterday.

In my last Then and Now post, I stuck close to home. So I thought I'd regale you this time with a shot of the barn from 10 years ago and again from this week.

So many changes in the interim --- a new roof, a Kubota to appreciate the cover, and several trees cut down or grown larger. I wonder what this area will look like in 2026?

Last week, I wrote about step one of winterizing our hives: checking on honey stores and feeding if necessary. At the same time I make my early fall hive check, I also move on to part two of the winterization campaign: testing for varroa mites.

I've written about how and why to test for varroa mites with a homemade stickyboard here. This time around, our Warre hive passed with predictably flying colors, dropping an average of only 9.3 mites per day. The bulkier Langstroth hive had quite a few more mites, clocking in at 31.3 mites per day. (Yes, I do count even immature specimens like the one shown to the right.)

In part, the Langstroth hive's higher mite count is due to the fact there are simply more bees present in that hive, but the infestation is still a little further along than I'd prefer. On the other hand, the last time I used non-chemical treatment for a borderline hive, I really regretted it --- after being dusted with powdered sugar, the bees got so pissed off about the intrustion that they absconded. So I'm going to try some rhubarb-leaf anti-mite strips, then test again in a month to see if pest levels are increasing or decreasing as the bees begin to slim their colony down in time for winter.

Buckets used today: Water bucket, token bucket

Proofs of work used today: hash based, physical vault containing heavy books with locks based

(I should bake bread too, then I could say.. Blooms used today: Yeast bloom, bloom filters)

An interesting side problem in keysafe's design is that keysafe servers, which run as tor hidden services, allow anonymous data storage and retrieval. While each object is limited to 64 kb, what's to stop someone from making many requests and using it to store some big files?

The last thing I want is a git-annex keysafe special remote.

I've done a mash-up of three technologies to solve this, that I think is perhaps somewhat novel. Although it could be entirely old hat, or even entirely broken. (All I know so far is that the code compiles.) It uses proof of work, token buckets, and bloom filters.

Each request can have a proof of work attached to it, which is just a value that, when hashed with a salt, starts with a certain number of 0's. The salt includes the ID of the object being stored or retrieved.

The server maintains a list of token buckets. The first can be accessed without any proof of work, and subsequent ones need progressively more proof of work to be accessed.

Clients will start by making a request without a PoW, and that will often succeed, but when the first token bucket is being drained too fast by other load, the server will reject the request and demand enough proof of work to allow access to the second token bucket. And so on down the line if necessary. At the worst, a client may have to do 8-16 minutes of work to access a keysafe server that is under heavy load, which would not be ideal, but is acceptible for keysafe since it's not run very often.

If the client provides a PoW good enough to allow accessing the last token bucket, the request will be accepted even when that bucket is drained. The client has done plenty of work at this point, so it would be annoying to reject it. To prevent an attacker that is willing to burn CPU from abusing this loophole to flood the server with object stores, the server delays until the last token bucket fills back up.

So far so simple really, but this has a big problem: What prevents a proof of work from being reused? An attacker could generate a single PoW good enough to access all the token buckets, and flood the server with requests using it, and so force everyone else to do excessive amounts of work to use the server.

Guarding against that DOS is where the bloom filters come in. The server generates a random request ID, which has to be included in the PoW salt and sent back by the client along with the PoW. The request ID is added to a bloom filter, which the server can use to check if the client is providing a request ID that it knows about. And a second bloom filter is used to check if a request ID has been used by a client before, which prevents the DOS.

Of course, when dealing with bloom filters, it's important to consider what happens when there's a rare false positive match. This is not a problem with the first bloom filter, because a false positive only lets some made-up request ID be used. A false positive in the second bloom filter will cause the server to reject the client's proof of work. But the server can just request more work, or send a new request ID, and the client will follow along.

The other gotcha with bloom filters is that filling them up too far sets too many bits, and so false positive rates go up. To deal with this, keysafe just keeps count of how many request IDs it has generated, and once it gets to be too many to fit in a bloom filter, it makes a new, empty bloom filter and starts storing request IDs in it. The old bloom filter is still checked too, providing a grace period for old request IDs to be used. Using bloom filters that occupy around 32 mb of RAM, this rotation only has to be done every million requests of so.

But, that rotation opens up another DOS! An attacker could cause lots of request IDs to be generated, and so force the server to rotate its bloom filters too quickly, which would prevent any requests from being accepted. To solve this DOS, just use one more token bucket, to limit the rate that request IDs can be generated, so that the time it would take an attacker to force a bloom filter rotation is long enough that any client will have plenty of time to complete its proof of work.

This sounds complicated, and probably it is, but the implementation only took 333 lines of code. About the same number of lines that it took to implement the entire keysafe HTTP client and server using the amazing servant library.

There are a number of knobs that may need to be tuned to dial it in, including the size of the token buckets, their refill rate, the size of the bloom filters, and the number of argon2 iterations in the proof of work. Servers may eventually need to adjust those on the fly, so that if someone decides it's worth burning large quantities of CPU to abuse keysafe for general data storage, the server throttles down to a rate that will take a very long time to fill up its disk.

This protects against DOS attacks that fill up the keysafe server storage. It does not prevent a determined attacker, who has lots of CPU to burn, from flooding so many requests that legitimate clients are forced to do an expensive proof of work and then time out waiting for the server. But that's an expensive attack to keep running, and the proof of work can be adjusted to make it increasingly expensive.

Our first day hauling straw bales with the Kubota.

A whole lot easier than using the ATV.

Lunchbox peppers are the most colorful things we have growing at the moment.

The plants seem resistant to problem bugs and provide a large yield.

Our new generation of Australorp layers is turning out to be a difficult flock.

We're debating on ways to scale it back for easier management.

At the beginning of September I embark on the first of several winterizing-the-hives tasks. Step one --- check on the honey stores and determine whether we need to feed.

Here in zone 6 (southwest Virginia), the rule of thumb on honey stores is:

• Langstroth hives should have 50 to 60 pounds of honey (which is equivalent to 7 to 9 deep frames or 14 to 18 shallow frames)
• Warre hives should have about 39 pounds of honey (which is equivalent to 1.5 boxes full)

How do our two hives stack up?

• Langstroth hive: 23 pounds of honey (6.5 shallow frames)
• Warre hive: 26 pounds of honey (1 full box)

It looks like my beekeeping mentor was right --- I probably shouldn't have stolen quite as much of their basswood honey. That's okay --- I'll top them off with sugar water now while the weather is still warm enough to evaporate the gooey concoction. Meanwhile, the copious brood in both boxes will ensure that the bees are also socking away nectar from the "yellow flowers" (as my mentor likes to call everything from wingstem to goldenrod). Hopefully by the end of the month, we'll hit quota.

Our swamp bridge floated downstream a year and a half ago. Luckily, the structure easily disassembled into two parts, and Mark and I were just barely able to carry one half back to lead from goat pastures to floodplain.

The other half, though, remained resolutely downstream...until Mark and the Kubota did the work of two people with ease. Yay for a bridge back in the swampiest portion of my morning walk!

The goats were equally thrilled at the addition since the bridge opened up a whole new arena of floodplain to explore. This area is a little bit close to the garden, though. Can you pick out the end of our trailer in the upper left side of the photo above?

I was never able to graze the goats in this region tether-free when Abigail was herd queen, but Artemesia is more malleable. My perfect doe grazed quite happily in previously taboo ground without ever making a break for the apple trees. It's such a pleasure to have a herd of well-trained goats!