I have lived in and around Denver for a few years now and have really come to love it. Z and I intend on settling down here eventually after we explore some other places the world has to offer but before I moved away I figured a short post about what I love about Denver is in order.
Archive for Life
Cuban Burger
- 5 Green Plantains
- Coconut Oil
- 2 Pounds ground pork
- 3 Tablespoons onion powder
- 2 Tablespoons dried oregano
- 3 Teaspoons garlic powder
- 1 Lime - Juiced
- Shaved deli ham
- Dijon Mustard
- Dill Pickles (sliced)
- Swiss Cheese (optional)
- Peel the plantains and slice into 2-inch-thick rounds.
- Boil plantain rounds until soft, about 5 minutes.
- Smash the plantains flat.
- In a skillet, melt a few tablespoons of coconut oil over medium-high heat.
- Fry flattened plantains until brown and crispy, about 3 minutes per side.
- Place all ingredients in a bowl.
- Use your hands to mix everything together thoroughly.
- Form the burgers roughly the same size as the plantain buns.
- Cook the burgers in the skillet, adding more oil if needed, about 5 minutes per side.
- (For a smoky and vibrant flavor, grill the patties over an open flame instead of in the skillet.)
- To assemble, place a bun on a plate, top with a burger patty, shaved deli ham, pickles, mustard and cap off with another plantain bun.
Bacon `N Cheese Quiche
- 2 Cups Half & Half (or Milk)
- 8 Eggs
- 1/2 Cup Cheddar Cheese
- 1/2 Cup Parmesan Cheese
- 1/4 Cup Green Onions
- 1/4 Cup Crumbled Bacon
- 3/4 Cup Spinach
- Salt (to taste)
- Pepper (to taste)
- Preheat Oven to 350 degrees.
- Fry & Crumble Bacon.
- Chop Vegetables.
- Shred Cheese.
- Beat all ingredients in a mixing bowl.
- Grease 9x13 Pyrex cake-pan.
- Pour ingredients in to cake-pan.
- Bake @ 350 Degrees for 40 minutes (or until done). Poke with a fork or tooth pick to test done-ness. When removing the fork/toothpick there should not be any wet material stuck to it (like testing a cake)
Our Wedding Plans
Hey Hey! June 6th is coming up fast and we’ve finalized all our wedding plans. The details are as follows:
Hotel
Most of the Wedding Party will be staying at Antlers Hilton, Downtown Colorado Springs [Click here for Map] both Friday June 5th and Saturday Night June 6th. If you would like to stay with us at the Antlers there is currently (as of today April 14th) still a deal on Groupon for $99/night [Click here for Link]. Book now or forever hold your peace. ^_^
Ceremony
The wedding ceremony will be held at the Grand Overlook in Palmer Park at 12:O’Clock Noon. [Click Here for Map] We changed this for the beautiful scenery so the ceremony will be held outside at the Overlook, not at the church. The Ceremony will be officiated by Zechariah Walden.
If you’re going to show up before noon I suggest you meet us at Lazy Land (map below) rather then the Grand Overlook since we have reserved lazy land and will migrate up to the Overlook for the ceremony at noon. If you arrive at noon simply drive up to the Grandview Overlook. The parking is very limited at the Grandview Overlook so if you can comfortably walk a mile or two then please park at Lazy Land where we have reserved and walk to the Grand Overlook with us.
- 12:00 PM – Ceremony
- 1:00 PM – Walk the trails to Lazy Land
Reception
The ceremony will be 30 minutes to an hour after which everyone will walk or drive to Lazy Land Area in Palmer Park where the reception will be held until 4:30 PM. [Click here for Map from Grand Overlook to Lazy Land] Appetizers will be served at 1:00 PM. Our caterer is going to be on site barbecuing. Aside from the cupcakes that will be available we’ve asked the caterer to be conscious of the fact a good number of our guests eat a gluten free diet.
- 1:00 PM – Appetizers Served
- 2:00 PM – Eat!
- 3:30 PM – Dance!
- 4:30 PM – Cleanup
- 5:00 PM – Depart
Party Bus
At 4:30 PM we’ll clean up Lazy Land and at 5:00 PM a Party Bus will arrive for all who wish to continue the party. Lazy Land will be shut down at 9:PM so the party bus will pick us up from the main entrance where you will want your car to be when we get dropped off. The Party Bus seats 32 people (all whom must be over 21 years of age due to there being a stocked bar on the bus) and will take all those interested to Garden of the Gods with the Wedding Party for photos, sight seeing and of course drinks. The Party bus will drop us off at 11:PM. We’ve estimated that roughly 50 people will share our wedding day with us so the seats on the Party Bus will be first come first serve. If you don’t wish to ride on the Party Bus you are still invited to come to Garden of the Gods and take photos with us, simply follow the bus!
- 5:00 PM – Pickup at Front Entrance to Palmer Park
- 5:30 PM – Drink! Be Merry!
- 6:00 PM – Pictures @ Garden of the Gods
- 7:00 PM – More Pictures @ Garden of the Gods
- 11:00 PM – Dropped Off @ Front Entrance to Palmer Park
Thank You!
I want to thank all of you who are coming to share our wedding day with us! It really means a lot to us! Thank you =)
Given the traditional expectation to setup a wedding registry we have setup a wedding registry with Amazon [click here for our wedding registry on Smile.Amazon.com]
Archer – Shiba Inu German Shepherd mix
I’m not completely sure what mix Archer is but we believe the closest guestimate is that he’s the result of a Shiba Inu and German Shepherd Mix.
Any input on this would be great! If not a mix of Shiba Inu and German Shepherd, what is Archer?
Mount Evans or Bust!
Go Z! Go Z! Go!
Z, Dillon and I took to hiking Mount Evans on Sunday, June 1st but due to snow conditions we had to head turn around. The views for this hike were none the less amazing! Checkout all the photos on My Flickr tagged Mnt Evans.
Before leaving, as if not to be out-done, Z jumped off the mountain and got broke! Fear not as we extracted Z without further implications and got her in and out of the ER.
Submitting Personal Information with[out] SSL
UPDATE:As of September 24 2013 TeachingChile.com is completely wrapped in SSL. ~Thank you!
This post is no longer entirely relevant. TeachChile.com has updated their site and wrapped it in SSL. Thanks guys!
https://teachingchile.com
URL:Â http://teachingchile.com/apply_online/machform/view.php?id=6
TeachChile.com has an online application process that requires the submission of quite a bit of personal information including your Passport Details over plain text. Seriously? I almost feel like someone’s playing a prank here. Â with SSL and ‘secure websites’ being pretty well understood it’s mind boggling to see websites like this still exist requesting personal information including passport number be submitted via plain text non-secured form data. What’s more amazing is that the lack of SSL is just one of what seems to be a whole ton of security-ignorance which pretty much guarantees anyone submitting data to these guys gets their identity (all their submitted data) jacked.
Wha? Google shows some love.
What makes it more astonishing is the domain was registered in 2005 and ranks #1 for “Teach in Chile” on google(us) and ranks really well for quite a few other keyword phrases. With the potential traffic exceeding thousands of visitors a month – I wonder how many fill out that insecure form?
Source:Â http://www.semrush.com/info/teachingchile.com
Google gives the page that links to the Non-SSL encrypted page a PageRank of 3.
http://teachingchile.com/to_apply.htm – With all the crazy search listing algorithms and such you’d think Google wouldn’t demonstrate much appreciation for this.
WTF? Guess until you find a stored form!
Saved forms can be easily brute forced! Â Now this is so far over the top I’m not sure what to make of it but it offers to let you save the form if you provide an e-mail address like so:
and upon saving you are presented with a ‘special link’ which at a quick glance looks like a simple 10 character alphanumeric hash.
http://www.teachingchile.com/apply_online/machform/view.php?id=6&mf_resume=f4e2cdde3a
As far as I can tell that is permanent unless they purge the system of old resumable forms at some point. But to drive my point home – all one has to do is generate hash values 10 alphanumeric characters long. The following function ‘should’ generate those hashes. Â Can’t say I checked but it is quite that simple.
function generate_random_hash($length=10){ $chars = '0123456789abcdefghijklmnopqrstuvwxyz'; // Our Hash Building Alphanumeric Soup $char_count = 1; // Counter for how many characters our hash is (as it loops and grows) while($char_count <= $length){ // Add random chars from our alphanumeric soup until we hit our target length $hash .= substr($chars,rand(0,35),1); $char_count++; } return $hash; }
Replace the ‘special’ part of the resume URL with generated hash & test for live data.
There can’t be more then 6.something quadrillion hashes possible used to uniquely identify the  saved forms are in their database.  6 Quadrillion is a lot, don’t get me wrong but it’s really not if you break the work down across 1 thousand, 10 thousand or even more computers it becomes pretty easy to pull the task off in a very short period of time, even if approached in a slow enough manner as not to bring their web server down.  I’m digressing though – this isn’t the school of brute-forceology.
Verifiably Exploitable Platform…
If I were to assume TeachChile.com was using Mach Forms (which they are) based on ‘machform’ being in the url or some other simple means then a quick Google search for existing (and very well documented) Mach Form exploits might apply. The latest exploit having been uncovered less than two months ago.  *shakes head* … I’ll just stop there on the topic of exploits.
Just 1 of 1,000+ Other Sites on the Server
With over 1,000 other sites likely hosted at the same IP address (server) I wonder what the odds are that the server itself isn’t entirely compromised already? Source:Â http://www.reverseip.us/?url=teachchile.com
Running across this situation on a legit website isn’t something that happens anymore. I’m blown away by the seemingly legitimate operation being run on TeachChile.com.  Beyond notifying their contacts I’m not sure what else to do about it.  Should anyone beyond their posted contact be notified of this? Lets hope this application isn’t to teach web development. ^_^
The purpose of this post!
Be very aware of what you’re doing when you release personal information online. Â In this case It’s pretty safe to assume that data submitted to TeachChile.com will become property of some nefarious individual. Unless you have some otherwise unobtainable insight in to what happens to your data after you submit it – be cautious. Â It doesn’t take much for a web server to fall victim to an automated attack, especially and very specifically DATA because that’s what everything is all about anyway. Â Nobody reads the ‘terms of use’ or ‘disclaimers’ anyway (and in many cases, neither do the writers of those things so they don’t identify how your personal information is being securely managed anyway; further – there is no code enforcement to ensure what you’re reading is in fact what happens) so it’s best to assume all the data you’re submitting to a website is going to be retained indefinitely by an individual or a staff that isn’t specifically driven by keeping your data safe. Most techs are extremely trustworthy however often quite lazy. Â It doesn’t take much oversight for a whole database, server or better yet a cloud driven limitless data storage asset to become the property of an attacker. Â It’s often just a password between the evil attacker and your personal information. Â
Don’t EVER submit your Social Security Number or Passport information online. Â Just don’t. Perhaps try using your dog or cat’s social security number as a temporary placeholder. ^_^
My Girlfriend is a Hacker…
The definition of ‘Hacker‘:
A “computer hacker,” [then,] is someone who lives and breathes computers, who knows all about computers, who can get a computer to do anything. Equally important, though, is the hacker’s attitude. Computer programming must be a hobby, something done for fun, not out of a sense of duty or for the money. (It’s okay to make money, but that can’t be the reason for hacking.)
The fact that Zahira is an amazing tech has been obvious for quite a while however it really set in yesterday as I walked past her desk. Â On it were the following things:
- an iPhone 3G displaying what looked like a linux console.
- Update: She had installed Android on her old iPhone 3G.
- a 21″ LCD extending the desktop of a Dell [model] laptop running Ubuntu Linux (BackTrack) testing our Netgear WNDR3700v2
- After disabling WPS on the wireless router it seemed to advertise that it had WPS enabled.
- a Dell i5105 running Linux Mint Cinnamon x64 – Her favorite Operating system second only to OSx Mountain Lion.
- a 27″ iMac w/Terminal, Google Chrome, iTunes & the Console [log viewer] app visibly running and Synergy operating in the back ground allowing her to use the iMac’s Apple keyboard and trackpad seamlessly across all three devices.
- an iPad leaning against it’s protective shell displaying a paused YouTube video.
- an iPhone 4Gs in an Otter-box minus the rubber external shell so it fit in the iHome doc.
Seeing Z surrounded by linux and an an android icon laid over a CLi on the phone brought it home. Â As long as I’ve known her Z’s demonstrated the same attitude toward tech which is essentially and very simply being intrigued by virtually every tech ‘thing’.
What I really enjoy though is the awesome moments of revelation when something she’s been working on -clicks- and all the dots come together. Â I love helping everyone with their technical issues but it’s been quite a while since I’ve seen the glow of self gratification after all the research comes together and she figures it out. Â It’s nothing short of inspiring. ^_^ Â It’s awesome. Â And of course she’s always working on something cool while we progress through the actual IT ‘work’.
For example:
There’s a Dell D630, Dell E6400 and a Toshiba Satellite A135 S7404 sitting in my office right now running OSx.  A couple months ago with a couple hard drives in hand and a bunch of support tools she set out to install Mac OSx on every PC she could get her hands on. hehehe.  Then as if to contrast the situation: she helped me prepare, develop and use our “install anything” network boot environment which has since been used to deploy our own highly customized versions of nearly every Microsoft operating system on any device that supports PXE booting.  Perhaps the icing on the cake i that most all of the really interesting projects get reverted and undone shortly after their launch due to some reason or another – often times simply the lack of appropriate licensing but that never derails the completion of the project.
I believe her iPhone 4Gs, iPad and iMac are currently running stock iOS ^_^ and according to the network management resources on our gateway – her iPad and iMac (in that order) are not only the 1st and 2nd largest consumers of bandwidth on our network but those two devices alone out-weigh all the other devices on our network combined.!. Â She consumes and retains information like it’s easy. lol
According to our logs – I’m a wierdo with a secret lust for ad networks and tracking servers while Zahira has watched all of YouTube a couple times. Which brings about my last major note for this post. Â I am perpetually blown away by how good she is at not only researching and finding information that leads to logical answers but in the same effort of digging for information she makes it seem effortless to bring it all back and put it together in writing that she publishes for others (and myself) to consume. No matter the topic she produces the most amazing results. Â When we were re-structuring TechnologyBytes business model she produced an intense Employee Handbook and business brochures. Â While developing Think Smart, Inc as the Marketing director during startup phase she created quite literally everything from the logo, Mission Statement, Investor Presentation, business plan, marketing plan, brochures and many more marketing pieces. Â All while proactively managing her own web presence, maintaining all her sites and writing all the original content.
Zahira, You’re amazing. Â You’re pure inspiration and I’m blessed to be graced with your presence every day in and day out! Â Thank you so much! Â I love youl <3
A couple sites Zahira actively maintains:
A couple social profiles for the real Zahira Schmidt ^_^