Fair warning: This post is heavy geek. The Net is a big part of how we’re trying to make the farm work. Having sites that stay up and a connection that doesn’t suck is as important as getting state meat inspection back. If it’s going to cause your eyes to glaze over, just pretend I wrote about tensioning my sawmill blade and move on.

For the last couple of years, I’ve been paying a hideous price for a T-1 connection, because, at least as of 2007, it was completely impossible to do my job as a software developer using satellite: Skype didn’t work, and I would lose signal just when I needed to put out a patch. There are no other broadband options here. (Canada and Australia have lower population densities than the US and far better broadband coverage. Tell me again that the US is a first world country.) One of the ways I kept expenses down was by hosting The Vast Richards Web-Empire (TM) on a box under my desk. Unfortunately we had continuous reports of people who could not reach our server, possibly because I never really got reverse DNS working.

Supposedly satellite is better now, and in any case I’m not currently developing from home, so we’re reverting to satellite. This means hiring hosting again. The price of that has gotten better. I’m paying $15/month for “unlimited everything”, including multiple domains. We’ll see of course what the actual bandwidth is. Add $80 for the satellite and I’m still well over $500/month ahead.

Because we were bloggers before blog was a word we use WordPress for pretty much everything. We’re also now standardizing on the Thesis theme from DIYThemes. Unfortunately despite all the progress since my first WordPress install at version 0.7, I’m still having issues. Thesis, especially with the Openhook plugin keeps all sorts of stuff in the database rather than theme files. It’s not in the custom files on the old box, but it’s not reaching the new box when I do a backup/restore. Far far scarier, Mmmmonadnock.com is losing its’ last two entries, the two written after I switched it to Thesis. I’ve tried twice, and the result is the same. Of course the old box still thinks it’s mmmmonadnock.com, so I can’t just cut and paste those entries, and all the custom code to the new one.

Ending on a positive note, here’s the workaround. Both WordPress and J. Random Hosting expect you to have DNS set up to point to them from second one, with no actual expectation that you’re migrating a running site but might want to make some changes on the way. How can you actually make this work? Load all your files and restore the database on your new box. Then have two workstation machines. Set the hosts file on one to resolve mysite.com to the new box, while leaving global DNS pointed at the old site. Then use Remote Desktop or your OS’s equivalent to cut and paste from the old server to the new. When you finally like it, change the nameservers. Don’t forget to count the entries.

The preceding was a public service announcement.

I’ve recently upgraded our server from Fedora 9 to 10 and then to 11. Both times the upgrade process disabled Postfix. This is annoying.

It was supposed to start raining about ten this morning, so we didn’t worry about leaving the sap uncovered to cool. There was half an inch of snow on the ground (and in the sap) at six this morning. One hundred sixty five gallons boiled down to fifteen over the last two days. It’s cold enough that I’m willing to leave it till Saturday to finish on the propane burner. It’s still so cold and snowy in the woods that we should get a good weekend and at least one more good run.

Stuff to keep in mind for next year:

Can the buckets, even for a single tap. There’s no money savings, the lids fly off in the wind, and even if they don’t, the sap ends up full of bark chips, which doesn’t happen with tubing. As the snow melts I’m starting to have trouble with the plastic buckets falling over as well. Some of this is because I cut the drip tube too short, but it’s also that they just don’t stand up on a steep hill. Definitely something to work through for next year.

There are different colors of sap out there: some of the buckets are yellow, others are bluish like a chlorinated swimming pool. Does this correlate with anything?

The (expensive) tapping bit I bought was too ‘agressive’ and bogged down my (pretty darn good) cordless drill. I backed off to a regular 5/16 bit and all was well. This might have cost me 1 or two seconds per tap. Compared to the time it takes to walk from tree to tree, it’s negligible.

A sugar house is a big deal. Besides a roof to keep rain out of the pan so we can boil any day, four walls to raise the temperature and block the wind would be a massive savings in both time and firewood. Before we build anything, we should cruise not only our land but the neighbors’ and build it big enough to handle all the taps we’re likely to have.

Pine slab from the sawmill is great fuel for the evaporator. It burn hot and leaves no inconvenient coals at the end of the day. Also we have it and need to make it go away.

If we want this farm to pay, we need to know the economics of what we’re doing. We now have something of a handle on sugaring.

The two variables seem to be number of taps and evaporation rate. Cost and revenue all follow from those two.

An average tap produces ten gallons of sap, which is one quart of syrup, which this year is roughly ten bucks, after packaging but not cost of sales. Depreciation on the plumbing I’m swagging at a dollar a year per tap. We can set up 250 taps/day, I’m hoping tear down will be the same. That’s an 8-hour day because that’s all we can manage with chores and all the normal life maintenance stuff. That’s 1/125 a day per tap, call it fifteen taps an hour or 4 minutes each. These numbers might improve with time, but I’m concerned that I’m optimistic about sterilizing the stuff. At least for now, we can gather sap while boiling. The evaporator is slow enough that we can leave it to make a sap run, so I’m not counting that separately.

Another rule of thumb is one cord of dry pine per hundred taps. As long as we’re running the sawmill, slab and branches are free, but must be cut, hauled and stacked at say 2 cords/day. That 1/25 an hour per tap, call it two minutes. So there’s an extra 6 minutes per tap of work which needs to be factored in.

The other issue is evaporation rate. We’ve gotten 15 gallons an hour out of our hobby unit. With shelter and dry wood, I’m comfortable we could get 20. That’s two quarts, which after depreciation on two taps is $18/hour gross revenue. There’s also depreciation on the evap: Say $4k (2k each for evap and building) over 20 years is $200/year over 20 days of season (HA!) is $10/day or $1.25/hr. (What with heat up time and clean up, I’m going to call that an 8 hour day too.) So, we can make 16 quarts or 4 gallons of syrup per day. After depreciation on 16 taps and the fixed equipment, (Tractor and chainsaw are on whole-farm depreciation.) that’s $134 income per day.

Besides the boiling time, there’s 6 minutes per tap of labor. Times 16 taps, that’s 96 minutes. So $134/9.60 is $13.96 an hour in a world where everything goes right (including no health insurance being ok). Even if everything was paid for, that’s not enough. With mortgage, college loans and health insurance, that’s not close to enough.

I have plenty of time to crunch these numbers in my head while gathering sap, but I’m tired of typing them, so I’ll do the numbers on a bigger operation some other time.

ZenCart now seems to be coexisting correctly with WP. I bought the FM so I can get it set up soon and, if not get rich, start to get the roving out of the house. The trick was to edit all the .htaccess files and restart apache. If I ever change my permalink scheme it’s all to do again. Hope you like what I have .

However I’ve developed a weird and annoying CSS(?) issue. For some reason I can’t use a <br> tag in the center column or it will kick all the text below it down below the end of the left sidebar. Honestly, I’m not sure how this is possible, but it’s there in both FireFox and IE. I don’t grok CSS, so it’s a serious issue. I’ve managed to get <br> out of most templates, but the comment form just really needs them. Perhaps a table. With fixed width columns there’s really no practical or even religious problem with a table.

Note to self: Look into the resolution homesteaders are likely to be using. I’d like to upgrade from 800×600 as a design point, but I’m not sure I dare.

Hermione finally had her piglets yesterday, 119 days after coming home from East Hill Farm. Nominal pig gestation is 115 days: She pushed it as hard as she could and of course had them in a snowstorm. The good news is that all is well, six live piglets that she is feeding and looking after. It’s well below freezing out there, so we’re giving them an extra day before we bust in and check sex and notch ears. I’m not quite sure how we’re going to manage the ear notching. I’m sure that giving her a scratch behind the ears will let us look them over, but notching could be a bit much. There is some hope in that both she and Ginny have figured out that Minnie squealing her head off means only that we’ve picked her up. Whether she’ll be so phlegmatic about her own babies is another question.

By the way, I’ve figured out the simple reason that pigs don’t fly. They do not like to fly. They want all four hooves solidly on the ground at all times, thank you very much. Minnie goes positively ballistic when she’s picked up. (yep, smile.) She is getting out less often, and seems to enjoy hanging out with her mama Ginny these days, but when she is out, she absolutely does NOT want back in. She is getting harder and harder to catch.

The birdies in the basement are all doing fine. The ducks and geese are growing by leaps and bounds. The turkeys are falling behind even though they should end up bigger than the ducks, though smaller than the geese.

There’s 55 gallons of sap on the front porch, but it was only 20°F at noon today, so no boiling until tomorrow, when we should get another 25 gallons or so.

Yesterday’s snow put (Concord) NH into all time second place for snowiest winter. We’re still 7 inches behind 1872-73 and everyone but the WMUR weatherman is content to leave it so. He’s hoping for Tuesday to bring the record in. It’s been cold, but not spectacularly so. It feels cold after the last few mild winters, but I think we’d have called this normal back in the 90s.

Now that the localvore site is up and running, I’m back to trying to get ZenCart working here so we can peddle our wool. It’s not finding the stylesheet, which apparently is a known issue involving the .htaccess file. ZC would prefer I just turn it off, but I’m using mod-rewrite and .htaccess to get friendly (to both search engines and people) URLs. I could certainly give ZenCart its’ own virtual host, and perhaps I should, to facilitate https later, but I had planned to put it in a subdirectory since we’ll be starting with PayPal and Google Checkout and their security is (ought to be) as good or better than anything I can do. However ZenCart is known to not play well with others, and I’m only willing to invest a limited amount of time.

In setting up the Localvore blog I needed to duplicate some of the custom pages that I made for this site. The categories page was the first. Lo and behold, when I went to select a custom template for the page I was writing, not only were there none, but the select box was also missing. If I reverted to the default WP template the box was there, but of course not my template.

A little sleuthing later, I discovered there’s a change to custom template handling in version 2.3. Ghu knows when it will get into the docs. (Hey, would you write documentation for free? Me neither. Let’s be thankful for what there is.)

Anyway, here’s the deal. If you want your custom template to be picked up and made available, you need to start it with:

<?php
/*
Template Name: name of your template
*/
?>

I’m not actually impressed. Parsing comments is always a kludge of desperation and in this case they had two better choices.

First, they could have done nothing at all, just showed all the page templates as they did in version 2.0. I found that perfectly acceptable.

Alternatively, PHP code is, or can be, well formed XML. <?php … ?> is what’s called a processing instruction(PI). The ‘<?’ is a signal that what’s inside is meant for some other processor than the xml parser. The ‘php’ identifies which processor. WordPress.org could just as well have added another another PI, say <?wpinfo … ?> into which they could stick this and any similar things they think up in the future.

Honestly, I like the first alternative. Don’t fix what’s not broken. But if you must, if it’s no more work, and it’s not, there’s no excuse for not following standards. There’s no way to know a priori that the comment they added is needed for function rather than just being nice to those who come after. In contrast, <?wpinfo would have told many, likely most, of their colleagues exactly what was going down.

I’ve decided regretfully that WordPress MU is not suitable for our application. It apparently does what it is designed for well. Unfortunately what it does is not what I want done.

WPMU is a wrapper around WordPress that allows a single WP installation to support ridiculous numbers of blogs in a single DNS tree. That is Fredsblog.example.com and Gailsblog.example.com and on and on. What I want is a cms to help me run mackhillfarm.com and textualforests.com and therichards.org and several others. The WPMU FAQ and puffery implies that this is easy. It is not.

There are howtos and even a plugin. The plugin randomly drops ‘.’s when creating read-only strings. The howtos list every setting the writer had to change. (95% of the time by editing the database in phpMyAdmin or the like.) Of course my setup always needed something else as well. And the WPMU dev team, despite being the source of the puffery, is snooty rather than helpful.

I’ve googled around, and all of the CMS suitable for sites with a few thousand hits a day are in roughly equivalent states. eg Drupal seems to have the multi-site thing working, but its’ blog capabilities are not quite mediocre, and the dev team is planning to get around to upgrading them first thing in 2012.

So I’ll be going back to installing WordPress once per site. Boring, but safe.

We’ve had our T1 for a few weeks now, and it’s been a wonderful step up from the satellite travesty, albeit at a very high price. It still doesn’t download like a $50/month cable modem, but it does upload symmetrically. We’re getting some of the cash back by dropping our co-located server in Virginia once I finish repatrating the vast Richards web-empire. I get to sysadmin at the actual keyboard, and I can give Lisa a Samba connection, something she moans about if she has to use FTP, let alone the command line. Still, I’d take a cable modem and rent on the server in a New York nanosecond, if only we could get one out here in the boonies.

The limited bandwidth does present something of an issue for our very large Gallery II setup. We’re going to deal with that by hosting all new images on Flickr figuring that views of the older images will dwindle. A Flickr pro account costs $25/year. The cheapest possible hosting for our images would be that a month.

We’re running both Google Adsense and and Amazon Omikase (“let them choose”) ads on this site. I find it extremely telling that Google gives us about 7 out of 8 good, well-targeted ads, ones that I’d click on myself, while at least half of what Amazon pushes are Gothic/Metal/Death and Taxes CDs that I would have to be paid to take away. It’s no surprise that Google sends us bigger checks, more often. It’s barely a fraction of our connection charge, but money in instead of money out.

In between moving domains home, I’m trying to figure out how to get OpenGroupware actually installed and running. Lisa would like us to run MS Exchange Server because she is still an Outlook addict, and we (yes all two of us) could use it. However, it’s thousands of dollar, it basically needs a full time admin, and like nine geeks out of ten, I think Outlook is the second worst mail client in the world, beating only Outlook Express. But we still need that shared calendar and todo list and address book. OpenGroupware iss an astroturf open source project. The code was open sourced by its original closed source developer who is hoping to get free maintenance help while still charging for support themselves. It’s an honest living, so no hard feelings, but the result is a good app that’s virtually impossible to install. They want to sell me a 700 euro CD that will bring up a complete small business server on whatever box I have gathering dust. I want to download the RPMs to install on the box sitting in our DMZ serving this journal. I will win.

If it was just the 700 quid/thousand bucks, it would be worth paying, much as it would bug me. But there’d still be ten hours of work, a box I don’t have and thus would have to buy, and maintenance and electricity. I can bring it in for the $2500 actual cost of their way.

Yes, I know I could just pay ten bucks a month each for hosted exchange server, but I’d have to run Windows and use Outlook.

By the way, Fedora 7 rocks, and Firestarter is a nice little semipro app for configuring a firewall. By semipro, I mean that you have to know inbound from outbound, and TCP from UDP, but not the niceties of the 5(?) different chains in Iptables or the specific syntax ( -j? an option named ‘j’!, huh?). If you’re doing your own sysadmining it’s perfect. Try samba to your web server in the dmz. It gets blocked. Allow outbound samba on the firewall. It’s still blocked. Allow samba from the firewall (only) on the webserver. It works, it’s safe, and your users don’t have to bother their pretty little heads. Be warned that the dhcpd.conf file it spat out was trash, but dhcpd is easy, or just use static IPs.

Our spiffy new T1 got turned up last week, and I finally found time to move the LAN over today. Yippee, a connection that works. It doesn’t have the download speed of a cable modem, but it is symmetrical, so uploads do actually go at 1.5 megs. Given the number of pictures we post, that’s a big deal.

Lisa is now making extensive use of Flickr, although we also still have a Gallery II installation on our rented server at MAE-East. We certainly have the bandwidth now to host our own text sites, but I’m a little concerned about the images. If we were starting now, I’d put the images on Flickr for $25/year and not have the $70/month server. However we have years of links to our own Gallery, and there’s some serious bandwidth used. We’d be more selective uploading to flickr. I’m thinking of ceasing to update the gallery for a while and then hauling it home when the traffic falls to something we can serve.

I’m still working through firewall issues. Our setup is elaborate enough to justify a real DMZ/firewall configuration. Dealing with Iptables straight is a serious pain. I tried a highly recommended app called Firestarter which claims a painless configuration. The jury is still out on whether it’s better than Emacs and a book. It’s not painless, but I learned better than that around 1970.

The good points are that you can point and click authorize the most common services and that you can monitor what’s being blocked, and authorize it if you wish to.

The bad points: It claims to setup DHCP for the LAN side of your firewall. Actually the cockamamie DHCPd.conf it spits out is just plain wrong and dhcpd won’t start. I’ve got everyone on static 192.168 IPs at the moment because life is too short.

The ‘most common’ list is very short: no PPtP, no AIM, no Yahoo. I need to get all three working.

And finally, it has no clue whether or not it has either restarted iptables or saved the new configuration. According to Firestarter, a restart always fails and a save configuration always succeeds. Actually, restarts work but take several minutes, and I think it only saves configuration on exit, no matter what it says.

As I said, jury still out.

Right up front, Don’t get satellite internet if you can get DSL or cable. Don’t even think about it. If you can’t get DSL or cable, seriously think about a dedicated dial up line (personal), or a fractional T1 (business) as alternatives to satellite. It’s that bad. I’ll put a geek appendix at the end explaining all the reasons why.

If you do get stuck using satellite for business, it’s likely that sooner or later you’ll want a VPN to somewhere. When you do, the odds are that you’ll just want to use the one built into Windows. It won’t work. The FAQ says it does, but is not supported by Hughes. As in they won’t even tell you what to do, at your own risk.

Microsoft, give them credit, is actually as helpful as they can be: They explain that the most likely cause of your error 721 is funky proxying, which looks like double NAT, so that your answer comes from a different IP than you sent the question too. (Hughes tech support denies this. For once I’m believing Redmond.) PPTP quite rightly regards this as as wrong and ignores the response. MS even tell you how to edit the registry to overide the check. They also quite rightly tell you that if you mess up, you’ll probably have to reinstall Windows, and your computer may explode, and it will all be your fault. After all, you did a tricky procedure to make your computer do something stupid.

If Hughes tech support is feeling kindly, they will tell you that you have to have a static IP (at extra cost) to make it work. They will not tell you what you have to do with that IP. After some serious googling, I found this: http://www.dslreports.com/faq/13545.

Executive summary: To put one machine on a VPN, assign the port connected to the satellite modem a static IP as follows:

IP Address: [the one assigned by Hughes] + 1
Netmask: 255.255.255.252 (248 if you paid for the fancy package with 5)
Default Gateway: [Address assigned by Hughes]

In theory you then only have to repair your connection to get the new values assigned. In my experience you should reboot because repair has a less than even chance of getting the static IP in.

You can then configure the VPN. It will be dog slow, with occasional timeouts (Hughes’ excuse for not supporting this.) but it will work.

Security warning: If you do it this way you will have a Windows box directly on the Internet. If you do not have a firewall and Norton/McAffee running you will be rooted within the hour. Even then it’s dangerous: you should put the static IP on a real firewall at your earliest convenience.

How it (seems) to work: There is double NAT going on. The second is your modem doing DHCP to your LAN. By assigning the static IP you stop this. Note that apparently you can have your firewall do NAT for you and things will still work. The second IP is available because you can’t actually assign a single IP. You need a base and a broadcast and then something to actually use, so you have to use four, which leaves two available, not one.

Why Satellite Sucks

A. Technical Reasons

1. The speed of light. The round trip from you to the satellite ground station is 88,000 miles. That’s a 475 millisecond ping before you even hit the internet. So much for twitch games. See part B for why your FTP crawls.
2. Weather. Air is transparent to the frequencies used. Water is not. Thus rain is a problem. A nice gusty wind will rock your dish, causing it to go in and out of alignment.

B. Your ISP

1. Overbooks. When things are busy you’ll think you’re on a 9600 baud modem.
2. Takes the overbooking out on you. They have a “Fairness Doctrine” that throttles your speed, whether or not the link is congested, if you move too much data per unit time. (I saw 170 megs in 4 hours somewhere on the net, but I can’t vouch for the actual number.)
3. Has no docs or tech support. As in no where do they tell you how to actually use the static IPs you’re paying for. See above

The hay feeders have been a big success. In normal winter weather (say low of 8°F, high of 18°F), we’ve pretty well stabilized at two bales a day. Miguel’s crew clean out their feeder every day with the extra to Leon and Buster, and the other two pens each eat one in two days.

This is at least half a bale better than before and the critters are better fed. There’s no baaing from them until they hear the grain rattle. They eat more in cold weather of course, the girls will soon be eating for two, which may become an issue, but right now it’s roughly a fleece a month of our hay bill.

I wish I could say the same about sendmail. Lisa slept in this morning and I decided it was time to make outgoing mail work from mackhillfarm and therichards.org. It was far easier than the first time I did it, because TLS now ‘just works’ and all SASL needs is a self-signed certificate, which procedure has also been streamlined. However sendmail itself seems irretriviably stuck in the 1980s. I deliberately chose to stick with sendmail because it’s a remote server.

Two hours of googling and fiddling later, it is now working. Yep, I forgot to enable sendmail to listen on non loopback ports. Why did I forget? Because in non TLS mode, it challenged for credentials which, it then denied. When I turned on TLS, it refused all connections, including incoming mail. So, of course I thought the issue was in the smtp-auth stuff.

I can understand why I’d need to change that setting for relaying, but I still have no clue why it should have to change to accept incoming mail. (If anything, it should not have been accepting mail in the first place — that’s what Apache would have done when configured to only listen on loopback, and that’s what makes sense to me.)

Rightness was restored to the universe however — when Lisa came up, I got to fight with Outlook. It’s settings make no sense either, whilst Evolution and Thunderbird had nice little ‘requires TLS’ and “Authentication method’ dropdowns that just worked.