Skip to content

Month: May 2011

Sweet & Tangy BBQ Sauce

I found this recipe over at Epicurious and am having the wife mix it up tonight:

  • 1 tablespoon vegetable oil
  • 1 large yellow onion, minced
  • 2 cups ketchup
  • 8-ounce jar honey mustard
  • 2 tablespoons minced garlic
  • 1/4 cup brown sugar
  • 1/2 cup cider vinegar
  • 2 tablespoons Worcestershire sauce

Heat the oil in a large saucepan and sweat the onion until tender and translucent. Add all remaining ingredients and simmer for 10 minutes. Remove the sauce from the heat and use a handheld blender to process it to a smooth paste. (Alternatively, transfer it to an upright blender and back again.) Simmer gently for an additional 5 minutes.

Separate the sauce into two containers. Use one to marinate and glaze the meat during grilling. Reserve the remainder for use as a sauce at the table.

Open Letter to SPAWAR

To Whom It May Concern,

As a service-member who has been in the Southwest Asia theater of operations for 24 of the last 48 months, I have been well exposed to the services offered by your organization. While it is nice to have free (albiet low-speed) Internet access and low-cost calling options, the reliability and quality of your network is questionable.

My first issue is regarding the lack of Quality of Service (QoS) policies on your routers. At least at the distribution/access level, QoS policies do not exist. While I have not seen your routers’ configurations, this is obvious for a number of reasons:

  • When the MWR is empty, the Internet speeds are manageable and could even be considered good for a satellite-based link.
  • During the afternoons, when the majority of traffic appears to be data (web pages, instant messaging, etc.), access speeds are still usable, even when all of the computers are in use.
  • In the evenings, at least fifty percent of users are using voice and video applications, such as Skype, with little to no degradation of video quality. Attempting to use data services, however, is nearly impossible, as pages (even quickly loading ones such as Google’s home page) will time-out before being displayed.

Quality of Service policies prevent any one type of service from dominating the available bandwidth and preventing others from working. While the telephone services you provide are Voice-over-IP (VoIP) and QoS policies may be in place segregating VoIP from other traffic, no restrictions are being placed on computer-generated VoIP and video services (i.e. Skype, Yahoo! Video Messenging, etc.).

These policies could be easily created and implemented, as they are in use throughout the IT world (including the Army’s WIN-T architecture). At bare minimum, ensure that each station is allotted a dedicated portion of the cafe’s overall bandwidth, so that it is usable.

Second, the images placed on the cafes’ computers are bloated, outdated, and just plain awful. While I applaud the wide-array of Instant Messaging clients (on this machine, there is Google Talk, Skype, Windows Live Messenger, Yahoo! Messenger, AIM, and MySpace IM), no one uses MySpace IM. Also, the version of Google Talk installed doesn’t support Google Voice, which would be the only reason to use that over Yahoo!, AIM, or Windows Live.

The Start Menu is littered with items like Creative Product Registration, two versions of, two icons for Internet Explorer, and a number of other applications that your cafes’ users should not be using or seeing. If the cafes’ techs are installing software onto your baseline, then my statement regarding your image should be withdrawn and my comments be redirected at your techs. Windows XP (the OS used in your cafes) is too easy to keep tidy, especially when users only have access to one account.

Lastly, your network is owned by the Department of Defense. As such, access should be limited to ID Card-holders only. Third country nationals should not be permitted access to such systems. I do understand that the network is not directly tied into NIPR net (the Department of Defense’s Unclassified network), but the use of MWR facilities outside of SWA is limited to ID Card-holders. It should be no different here.

The people working the front desk (TCNs) give priority to their “friends” with regards to time limits on the phones and computers. Soldiers, sailors, airmen, and marines should not have to wait in line behind TCN contractors that should not even be allowed MWR access.

Please do not take my criticism as an attack. I am grateful for the free Internet and appreciate its availability. My hope is to bring a few glaring issues to your attention, so that future deployers can experience even better services with little effort on your part.


Sean Callaway
United States Army

SPAWAR, or the Department of the Navy’s Space and Naval Warfare Systems Command, provides Internet and voice services in Iraq and Afghanistan. You can visit the SPAWAR homepage here.

Rediculous Backup Project

During my network redesign, I realized that having all my media and backups in one place, even with the pseudo-RAID of Windows Home Server, could be a bad idea. So, I decided that having my Home Server backup to another Home Server might be perfect. [No, I’m not going to cluster Home Servers.]

As my parents are in need of a similar backup solution, I decided that implementing a custom-built Home Server (they’ve got the machine already, but it requires more storage) which would act as my remote backup location would do nicely. Of course, their machine could also backup to mine.

Implementing this securely could be interesting. As I have no idea how much data would be need to be transferred between the two machines, a Dropbox hack would not fit the bill without an expensive business-level plan. About that time, I realized that I had a few extra Cisco devices around that I might be able to leverage.

The idea is to create a IPSec tunnel between our houses. This will allow the backups (and any other traffic we feel like) to pass through the tunnel, encrypted and secure, from my network to theirs and vice versa.

While my new network calls for a heavier-duty ISR (like the Cisco 2821), their needs are more modest. One of the routers I already have with Fast Ethernet interfaces could fit the bill. More to the point, I still have a PIX firewall laying around that could do all of the encryption/tunneling from behind their existing wireless router.

I’m going to be digging into actual configs in GNS3 in a few weeks, but I think the idea is sound.

More to follow…

Network Redesign: Almost Done

So, I’ve finally reached the point where I’m ready to buy equipment. I’ve settled on a Cisco 2821 router (nice ISR platform with Gigabit Ethernet ports) and an HP ProCurve switch like the 2510G-48. This will let me split up my network into a few VLANs: one for wired computers, one for VoIP (if I ever add it), one for wireless connectivity, and one for management.

By separating the network into VLANs, I can apply security features, like access control lists (ACLs), so I can do things like preventing guests on my wireless network from accessing my file server and the rest of my wired network, while still allowing them to get on the Internet.

Depending on whether I have fire-blocking in my walls, I also plan on putting a patch panel in the broom closet and installing RJ-45 jacks in the rooms that require wired access. Wireless access will be provided by a Cisco/Linksys WAP4400N wireless access point connected to the switch.

As I acquire and install equipment, I’ll post pictures, diagrams, and configurations.