July 2013

Tasting notes on the American Brewing Caboose Oatmeal Stout

Yesterday I stopped by Peabody's after work and picked up a few stouts, one of which is a 22 of American Brewing Caboose Oatmeal Stout. I'm a big fan of stouts so I figure I would give it a shot, Beer Advocate rates it at an 89.

Appearance

The beer pours pitch black with about 3 fingers of really dark head. The head retention is pretty much non-existent and there isn't really any lacing.

Smell

It smells like chocolate malt, carmel, and not much else.

Taste

Disappointing to be honest. It tastes very sweet, a bit of coffee, metallic, but you don't get much alcohol. There's a little bit of fruit in it, but still it's very lacking. It's not very balanced, the hop profile is non-existent.

Mouthfeel

Not as heavy as it should be, the oatmeal should give it more body but it's very watery. The carbonation is way too heavy, it's almost like drinking a soda.

Overall

I don't care for this beer and won't be buying it again. It was really disappointing and a bit of a let down for the first beer I tried from this brewery.

Final score

2.5 out of 5.

Tasting notes on the French Broad IPA

So, I'm hanging out at my favorite pizza place in Boone, Capone's Pizza, drinking a beer from a brewery about 2 hours south of here. They put this beer on tap about two weeks ago and it's became my goto IPA.

Appearance

This beer has a golden/amberish color, white head and decent lacing.

Smell

It smells like fresh baked bread and earthy hops, little notes of caramel, pine, and a bit of citrus.

Taste

Nicely balanced with a lot of biscuit, earthy hops, touchs of citrus and a piney ending. It's a supper well balanced IPA, and for being at least 3 weeks old it is still has a nice hop profile.

Mouthfeel

It's decent, not too thin but not very heavy.

Overall

I like this beer, it really shows off what French Broad can brew. I can't say I haven't had a beer they brew that I didn't like.it's a good goto IPA.

Final score

4 out of 5

Managing site maintenance with Varnish 3.x

Recently I had to push out a few updates to a site that required a few big interface changes that I didn't want the public to see while I was making them. The application is running under Apache and we're using Varnish 3.x as a reverse proxy.

I wanted to be able to have a white list of IPs that can access the site and be able to display a custom error page to the user letting them know that the site is undergoing maintenance. If I were only running Apache I could do it easily in the vhost for the site, but we're using Varnish so we need to stop the request once it hits the server. I could do it with iptables and block traffic to port 80 and 443, but I wanted to display a message to the end user letting them know that the site is under maintenance.

Varnish makes this really easy, all you have to do is define access control lists and populate it with the IP address of machines you want varnish to whitelist.

acl admins {
    '123.123.123.123'; # The IP address of my machine
    '127.0.0.1';
}

And inside of your sub vcl_recv function you would put a check in to make sure that the client.ip is not included in the admins acl.

if (!(client.ip ~ admins)) {
    error 503 'Service Unavailable';
}

Finally, we need to display a custom error message to the end user. Because we're using the 503 error code we can use the sub vcl_error directive to generate a page to return to the user.

sub vcl_error {
    if (obj.status == 503) {
        set obj.http.Content-Type = "text/html; charset=utf-8";
        synthetic {"
            <!DOCTYPE html>
            <html>
                <head>
                    <title>Site Maintenance</title>
                </head>
                <body>
                    <h1>We're doing some maintenance!</h1>
                    <p>This site will be back shortly, we're doing a bit of maintenance.</h1>
                </body>
            </html>
        "};
    }
    return (deliver);
}

So, there we go, we have our acl defined with our IPs that varnish will talk to, we have our check to make sure the client.ip is able to talk to varnish, and finally we have our error message. You can put anything in there and even load it from a file if needed.

How to make fail2ban bans persistent

I've recently started using fail2ban more to ban suspicious traffic on my web servers. It's great because it looks at logs and if an entry matches a regular expression it will perform an action on the IP address from the log. You can make the actions do pretty much anything, typically the action is an iptables rule that will ban the user. The problem is when you restart the fail2ban service fail2ban clears the chain for the filter and parses the current log for matches, not the rotated logs. So you don't ban any IPs that were banned before logrotate rotated the old log.

You can make the bans persistent by setting up a blacklist and automatically loading them when fail2ban is restarted. First, you need to create a file to store blacklisted IPs.

sudo touch /etc/fail2ban/ip.blacklist

Then you can either make a copy or edit the /etc/fail2ban/action.d/iptables-multiport.conf file. I prefer to make a copy of it because I version all of my configs.

In the action config file you have a few different directives, we want to focus on 2, the actionstart and actionban. First, when fail2ban bans an IP we want to not only ban it, but we want to add the IP address to the ip.blacklist file.

actionban = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
            echo <ip> >> /etc/fail2ban/ip.blacklist

Then we want to be sure that the iptables rule is added when fail2ban is started, so we add the following lines of code to the actionstart directive:

actionstart = iptables -N fail2ban-<name>
              iptables -A fail2ban-<name> -j RETURN
              iptables -I INPUT -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
              cat /etc/fail2ban/ip.blacklist | while read IP; do iptables -I fail2ban-<name> 1 -s $IP -j DROP; done

That's it, once you restart fail2ban it will automatically ban all of the IPs in your ip.blacklist file.

Messing around with sass @each loops

Loops are one of the best parts of Sass (Syntactically Awesome Style Sheets), they let you define lists and loop over each item in the list.

For example, I've got this:

h1 {
   font-weight: normal;

    $font-sizes: (handhelds 120%, medium-screens 150%);
     @each $size in $font-sizes {
         @include respond-to(nth($size, 1)) {
             font-size: nth($size, 2);
          }
     }
}

That code will generate something like:

h1 { font-weight: normal; }
@media (max-width: 480px) {
    h1 {
        font-size: 120%;
    }
}
@media (max-width: 767px) {
    h1 {
        font-size: 150%;
    }
}

It's really cool how you can use the , inside of your list to split up lists of elements and then access items with the nth() function to grab the item in the sub-list.