1000umbrellas.com

For the past several months, I have been a huge fan of running CyanogenMod (CM5, mostly) on my rooted Motorola Droid. Unfortunately, the ROM’s latest incarnations (CM6 RC1 and RC2)—which correspond to its move to the Froyo source code base—have not run stably on my phone. Despite my efforts to fix the problems (reflashing, wiping data and cache, fixing permissions, switching kernels), apps under CM6 keep crashing. Luckily, I found a great alternative, a Froyo-based ROM that has been much more stable than CM6: Sapphire 0.8.4. Sapphire is based on the Froyo source code, like CyanogenMod, and is completely independent of CyanogenMod’s codebase.

While CyanogenMod has more interface and application tweaks than Sapphire, Sapphire runs more stably on my phone (compared with CM6 RC1 and RC2), which is far more important. One of Sapphire’s killer features is that it integrates the basic overclocking/underclocking mechanisms found in the SetCPU app, which enables you to overclock without SetCPU (unless you wish to set up profiles). The rest of the Froyo goodness, including the JIT compiler, wifi tether, Exchange support, and Chrome-to-Phone, are all included.

If CM6 isn’t working well for you, I highly recommend trying out Sapphire. I found it a little tricky to install via ClockworkMod Recovery/ROM Manager, because you have to downgrade ClockworkMod Recovery to do so. The instructions below reflect the steps I took to switch from CM6 RC1 to Sapphire 0.8.4. If you’re new to flashing ROMs on your phone, know that it requires root access. Also, Sapphire appears to be compatible with the Motorola Droid only at this time.

1. Install/upgrade to the latest version of the ROM Manager app via the Android Market.
2. Open ROM Manager.
3. Due to an incompatibility of the latest ClockwordMod Recovery, Sapphire will install with ClockworkMod 2.0.1.3 or earlier. To flash this recovery, scroll to the bottom of ROM Manager’s main screen and select “All ClockworkMod Recoveries” from the “More Recoveries” section.
4. A recovery selection popup will appear. Choose “2.0.1.3″ and click the “OK” button.
5. ClockworkMod 2.0.1.3 will be flashed to your devise. (If for some reason the recovery does not install, use ROM Manager to “Flash Alternate Recovery” and then repeat steps 3 and 4.)
6. From the “ROM Management” section in ROM Manager, select “Download ROM”.
7. Select “cvpcs” under the “Free” section.
8. Select “Sapphire 0.8.4 (Froyo)”, which is the latest stable release at this time.
9. A screenshots popup will appear. Click the “Download” button.
10. A kernel selection popup will appear. Choose a kernel from the list. I use P3Droid’s 125-800mhz Low Voltage kernel. You may choose one with a faster top speed if you wish. Click the “OK” button.
11. A theme selection popup will appear. Choose a theme from the list. I stick with the “Stock (Default)” theme. Click the “OK” button.
12. A ROM addons selection popup will appear. Check “Google Apps” so that Google’s standard apps (including the Market) will be installed. Check the “Market Hack”, too. Until Motorola releases an official Froyo build for the Droid, copy-protected apps will not show up  in the Market when you run a Froyo ROM. The Market Hack fixes that. Click the “OK” button.
13. ROM Manager will download the necessary ROMs.
14. When the downloads complete, a ROM pre-installation popup will appear. Check both of the options: “Backup Existing ROM” and “Wipe Data and Cache”. Always back up your current ROM prior to flashing a new one. Sapphire’s developers say that it is important to wipe data prior to the install. Froyo will re-download your apps from the Market after a reinstall, so it isn’t as much of a pain as you think it might be. Click the “OK” button.
15. ROM Manager will reboot into recovery and install all the ROMs you selected.
16. When the phone reboots again, you will be able to log into your Google account and set everything up. The Market will download all your previously-installed apps during the sync process. Just be patient!

I prefer the ADW Launcher to the launcher that Sapphire comes with. ADW Launcher is a free download from the Android Market.

This is definitely a newb-level topic, but I think it is important to understand how to redirect output from your command-line processes. This becomes important because regularly-schedule processes run via cron will email you whatever the output is. This is completely confusing when you first encounter it, and the complete solution isn’t exactly obvious.

StdOut

When you run a process on the command line, it will probably output right back to the terminal. This is StdOut, or “standard output.” In scripts and cron jobs, however, you might want to redirect output to a file instead, so you can review the output later.

You can redirect output to a new file by using the “>” operator.

$ ls -l > ~/directory_listing.txt

You can redirect output and append it to a file by using the “>>” operator. This method will create a file if it does not already exist.

StdErr

Error messages are output to StdErr, which by default is redirected to StdOut. This is why you see normal messages and error messages in the terminal when you run a command. StdErr does not have to be redirected to StdOut, however, and has to be treated separately from StdOut if you are redirecting StdOut.

/dev/null and 2>&1

Redirecting output to /del/null sends it nowhere, which effectively gets rid of it. You often see output redirected to /dev/null, followed by a cryptic construction 2>&1. Here is what that construction means:

In the command
$ tvnamer --batch > ~/log/tvnamer.log 2>&1

• 2 refers to StdErr; and
• &1 refers to the first redirection argument; in this case, /log/tvnamer.log.

My example uses a normal file, instead of /dev/null, to show that you can use  2>&1 with any old file.

This construction is very useful if you find that your cron jobs are sending you emails, even after you redirected their output to log files. Cron will automatically email the owner of the cron job any output (on StdOut) from them. This is why you sometimes are notified that you have emails when you log into your system. Effective redirection will eliminate these emails.

My wife and I just bought our first house, and have spent the last few weeks packing, moving, unpacking, and even cleaning an inordinate amount. I haven’t been posting to this blog, but I will get back to it as soon as we are settled in. We finally got Verizon FIOS installed earlier this week, and so far, it is awesome. That is all for now. Cheers, everyone!

When I was in high school, we used to play a simple but addictive shareware game called Scorched Earth, a turn-based artillery game. It involved tanks shooting at each other with crazy weapons, fun upgrades, very basic controls, and a little dumb humor. I was delighted to find out that there is a version of it on the Android platform, called Barrage. I think it captures the essence of the original game perfectly, and is easy to pick up and play on your phone. It’s a lot of fun, especially if you’re a nostalgic gamer.

Barrage Lite is free and includes the entire game. You can purchase the paid version to add more weapons, remove the unobtrusive ads from certain non-gameplay screens, and save your high scores and publish them for all players to see. Sadly, there is no online play, though that would be awesome. Still, it’s very good, and I heartily recommend it if you played the original in the DOS days!

The most popular post on my blog is how to set up the Ubuntu Server firewall via ufw, the Uncomplicated Firewall. I recommend UFW for any standard server, but you might want to move to something more advanced to expand your firewall knowledge, to set up a network gateway, router, or firewall, or to conform with other systems on your network. If UFW is for beginners, then Firehol is for intermediate sysadmins, or those wishing to run proxy servers and the like.

Before I started using ufw, I used to use Firehol to set up the iptables firewall. Firewall does the same thing that UFW does, and a lot more, but in a completely different way. That’s because Firehol is not just a script, but a language, for defining firewalls. You write your rules in a configuration file, and Firehol will convert them into iptables commands, and issue them at boot time or on demand. It can only create “drop/reject everything, allow explicitly” type firewalls, but luckily, that’s the most appropriate type of firewall to create most of the time.

Firehol is useful not only for standard file and web servers, but also for routers and gateways, and can set up rules for transparent proxies, NAT, and so on. Home users such as myself have a hardware router for that, and only need to set up firewalls on home servers as a defense-in-depth measure.

I think that Firehol is more flexible than ufw, can implement more advanced features such as transparent proxies better than ufw, but it is a little to a lot harder to set up. This tutorial covers how you would lock down a simple home server that you wish to access via the Internet, but not leave completely open to the outside world.

Installation

Install the firehol package.

$ sudo apt-get install firehol

Enabling Firehol to Start on Boot

Firehol must be enabled before the rules you define will go into effect. To enable it, you must edit a configuration file.

$ sudo nano /etc/default/firehol

The file will look like this after a clean install:

#To enable firehol at startup set START_FIREHOL=YES
START_FIREHOL=NO
#If you want to have firehol wait for an iface to be up add it here
WAIT_FOR_IFACE=""

Simply change the second line to

START_FIREHOL=YES

and save the file. That will enable the firewall upon reboot. What that means is that Firehol will run its bash scripts, generate iptables rules, and then the iptables will be activated. Firehol does not run continuously as a service.

If you wish to disable the firewall, be sure to edit this file again, and reset the START_FIREHOL variable to NO.

Configuring the Firewall Rules

The configuration file containing the firewall rules is located in /etc/firehol.conf. This is what the default configuration file looks like. It will set your server to block everything coming in, and accept everything going out.

#
# $Id: client-all.conf,v 1.2 2002/12/31 15:44:34 ktsaou Exp $
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#

version 5

# Accept all client traffic on any interface
interface any world
client all accept

You could edit this file and specify your own services, or you could auto-generate a configuration file. I will walk you through auto-generating a confguration file in the next section.

Bear in mind, though, that a fully-working firewall can be made with a configuration file as simple as this:

#!/sbin/firehol
version 5
interface any world
protection strong
server "ssh http samba webmin" allow
client all accept


If you are only running standard services, it’s best to edit the file manually. If you have custom services, or are curious about Firehol’s abilities, read on.

Auto-generating a Configuration File

Firehol can automatically generate a configuration file for you to get you started. The firehol helpme command identifies aany running services on your server and builds a configuration file that will allow all traffic between them, and block all traffic outside those parameters. After the file is generated, you are then expected to review and modify it, to ensure the rules are correct, prior to activating the firewall.

First, use the firehol helpme command to generate a configuration file and put it into the /tmp folder.

$ sudo firehol helpme > /tmp/firehol.conf

Then, review the automatically generated configuration file.

$ nano /tmp/firehol.conf

The automatically generated configuration file is pretty verbose. This is what mine looks like, for a server that runs SSH, Samba, Transmission, Dropbox, and Lighttpd web server (it could be Apache or any other web server, really).

Note that there are two interfaces set up: one for my LAN (10.0.0.0/24) and one for the Internet (i.e, anything outside my router’s subnet). When I reviewed it, I notice that the peer ports for my transmission-daemon service are not all mapped, just the one currently in use. Therefore, you definitely have to tweak this file to suit your needs.

#!/sbin/firehol
# : firehol.sh,v 1.273 2008/07/31 00:46:41 ktsaou Exp $
#
# This config will have the same effect as NO PROTECTION!
# Everything that found to be running, is allowed.
# YOU SHOULD NEVER USE THIS CONFIG AS-IS.
#
# Date: Fri May 14 10:43:37 EDT 2010 on host thor
#
# IMPORTANT:
# The TODOs bellow, are *YOUR* to-dos!
#

# INFO: Processing interface 'eth0'
# INFO: Processing IP 10.0.0.3 of interface 'eth0'
# INFO: Is 10.0.0.3 part of network 10.0.0.0/24? yes

# Interface No 1.
# The purpose of this interface is to control the traffic
# on the eth0 interface with IP 10.0.0.3 (net: "10.0.0.0/24").
# TODO: Change "interface1" to something with meaning to you.
# TODO: Check the optional rule parameters (src/dst).
# TODO: Remove 'dst 10.0.0.3' if this is dynamically assigned.
interface eth0 interface1 src "10.0.0.0/24" dst 10.0.0.3

# The default policy is DROP. You can be more polite with REJECT.
# Prefer to be polite on your own clients to prevent timeouts.
policy drop

# If you don't trust the clients behind eth0 (net "10.0.0.0/24"),
# add something like this.
# > protection strong

# Here are the services listening on eth0.
# TODO: Normally, you will have to remove those not needed.
client dhcp accept
server http accept
server ICMP accept
server ms_ds accept
server ntp accept
server samba accept
server ssh accept
server webmin accept

# The following eth0 services are not known by FireHOL:
# tcp/17500 tcp/20550 tcp/9091 udp/10000 udp/17500 udp/20550

# Custom service definitions for the above unknown services.
server custom if1_tcp_17500 tcp/17500 any accept
server custom if1_tcp_20550 tcp/20550 any accept
server custom if1_tcp_9091 tcp/9091 any accept
server custom if1_udp_10000 udp/10000 any accept
server custom if1_udp_17500 udp/17500 any accept
server custom if1_udp_20550 udp/20550 any accept

# The following means that this machine can REQUEST anything via eth0.
# TODO: On production servers, avoid this and allow only the
#       client services you really need.
client all accept

# INFO: Is 10.0.0.1  part of network 10.0.0.0/24? yes
# INFO: Default gateway 10.0.0.1  is part of network 10.0.0.0/24

# Interface No 2.
# The purpose of this interface is to control the traffic
# from/to unknown networks behind the default gateway 10.0.0.1 .
# TODO: Change "interface2" to something with meaning to you.
# TODO: Check the optional rule parameters (src/dst).
# TODO: Remove 'dst 10.0.0.3' if this is dynamically assigned.
interface eth0 interface2 src not "${UNROUTABLE_IPS} 10.0.0.0/24" dst 10.0.0.3

# The default policy is DROP. You can be more polite with REJECT.
# Prefer to be polite on your own clients to prevent timeouts.
policy drop

# If you don't trust the clients behind eth0 (net not "${UNROUTABLE_IPS} 10.0.0.0/24"),
# add something like this.
# > protection strong

# Here are the services listening on eth0.
# TODO: Normally, you will have to remove those not needed.
client dhcp accept
server http accept
server ICMP accept
server ms_ds accept
server ntp accept
server samba accept
server ssh accept
server webmin accept

# The following eth0 services are not known by FireHOL:
# tcp/17500 tcp/20550 tcp/9091 udp/10000 udp/17500 udp/20550

# Custom service definitions for the above unknown services.
server custom if2_tcp_17500 tcp/17500 any accept
server custom if2_tcp_20550 tcp/20550 any accept
server custom if2_tcp_9091 tcp/9091 any accept
server custom if2_udp_10000 udp/10000 any accept
server custom if2_udp_17500 udp/17500 any accept
server custom if2_udp_20550 udp/20550 any accept

# The following means that this machine can REQUEST anything via eth0.
# TODO: On production servers, avoid this and allow only the
#       client services you really need.
client all accept

# INFO: Processing interface 'wlan0'

# IMPORTANT:
# Ignoring interface 'wlan0' because does not have an IP or route.

# The above 2 interfaces were found active at this moment.
# Add more interfaces that can potentially be activated in the future.
# FireHOL will not complain if you setup a firewall on an interface that is
# not active when you activate the firewall.
# If you don't setup an interface, FireHOL will drop all traffic from or to
# this interface, if and when it becomes available.
# Also, if an interface name dynamically changes (i.e. ppp0 may become ppp1)
# you can use the plus (+) character to match all of them (i.e. ppp+).

# No router statements have been produced, because your server
# is not configured for forwarding traffic.

Customizing the Configuration File

The auto-generated configuration file lists “TODO” items for you to do as you review the file. You can rename the interfaces to something meaningful, such as “lan” and “internet”. You can remove any of the named or unnamed (“custom”) services that it includes rules for. A few more of the rules that Firehol generated for my server bear some explanation:

• UDP/17500 is used by the Dropbox service to identify other Dropbox clients on the LAN. This rule cannot be removed
• TCP and UDP/25500 is one of the peer ports I set up for transmission-daemon. This I actually have to change, because I have a port range open for those services.
• UDP/10000 can be removed, because webmin runs on TCP/10000.

Server vs. Client Rules

Firehol considers all incoming requests “server” requests and all outgoing requests “client” requests. You might see client accept all in a configuration file. That means that client requests from any service are allowed. If you only want to allow certain services to be allowed, you can specify them much like server services are specified.

client http allow

Setting up Custom Services

To clean up custom services—for Transmission or Dropbox in this case—you can either give them names and define them inline…

server custom transmission-daemon tcp/9091 any accept
server custom dropbox-lan-peers udp/17500 any accept
server custom transmission-peers “tcp/20550:20599 udp/20550:20599” any accept

…or define them at the top of the script as variables…

# Transmission front-end
server_txf_ports="tcp/9091"
client_txf_ports="default"

# Transmission peers
server_txp_ports="tcp/20500:20599 udp/20500:20599"
client_txp_ports="default"

# Dropbox-related LAN functions
server_dpbx_ports="udp/17500"
client_dpbx_ports="default"

…and then invoke them very simply:

# custom services
server txf accept
server txp accept
server dpbx accept

To specify a port range, use a colon instead of a dash to indicate “through.” To specify both tcp and udf ports, use a space-delimited list, enclosed in quotation marks.

Different Rules for LAN vs. Internet

If you run Samba for file sharing, you’ll want to allow your LAN users to use Samba file shares, and block Internet users from doing so. (It’s true that the Samba ports should also be blocked on your router/gateway, if you have one, but bear with me.) To do so, you’ll want to include rules to allow Samba on your LAN interface (interface1 in the automatically-generated file above), and not include those Samba-related rules in the Internet interface (interface2, above). You might wish to remove webmin and other services from the Internet-side, too. I do both in my configuration file, which is reproduced below.

My Configuration File

Here is my configuration file. It implements kinder rules for the LAN and stricter rules for the Internet.

#!/sbin/firehol
# -----------------------------------------------
# Set up custom services
# -----------------------------------------------

# Transmission front-end
server_txf_ports="tcp/9091"
client_txf_ports="default"

# Transmission peers
server_txp_ports="tcp/20500:20599 udp/20500:20599"
client_txp_ports="default"

# Dropbox-related LAN functions
server_dpbx_ports="udp/17500"
client_dpbx_ports="default"

# -----------------------------------------------
# Set up interfaces
# -----------------------------------------------

# LAN Interface
# The purpose of this interface is to control the traffic
# on the eth0 interface with IP 10.0.0.3 (net: "10.0.0.0/24").
interface eth0 lan src "10.0.0.0/24" dst 10.0.0.3

	# policies
	policy reject

	# standard services
	server dhcp accept
	server http accept
	server ICMP accept
	server ms_ds accept
	server ntp accept
	server samba accept
	server ssh accept
	server webmin accept

	# custom services
	server txf accept
	server txp accept
	server dpbx accept

	# client section
	client all accept

# Internet Interface
# The purpose of this interface is to control the traffic
# from/to unknown networks behind the default gateway 10.0.0.1.
interface eth0 internet src not "${UNROUTABLE_IPS} 10.0.0.0/24" dst 10.0.0.3

	# policies
	policy drop
	protection strong

	# Here are the services listening on eth0.
	# TODO: Normally, you will have to remove those not needed.
	server http accept
	server ICMP accept
	server ntp accept
	server ssh accept

	# custom services
	server txf accept
	server txp accept

	# client section
	client http accept
	client https accept
	client ICMP accept
	client ntp accept
	client ssh accept
	client txp accept
	client txf accept

Note that I have cleaned it up considerably and defined custom services at the top of the file. This is not the most condensed configuration file I could make, but it is easy to understand.

Testing Your Configuration File

To test the configuration file you have edited, run the firehol test command.

$ sudo firehol test /tmp/firehol.conf

This will do a syntax check of your configuration file, then allow you to commit the changes to the firewall by typing "commit" at a prompt. I recommend that you don't type commit if your configuration file is not in the right place. Let's move the tested, working configuration file there first.

Enabling Your Configuration

Once you have customized and tested your configuration file, copy it to where it belongs.

$ sudo cp /tmp/firehol.conf /etc/firehol/firehol.conf

And then initialize the firewall.

$ sudo /etc/init.d/firehol start

And you're done!

I hate getting up in the morning, and have long had trouble falling asleep at night. These two apps by Mobitobi work together to make it a bit easier.

Gentle Alarm

Thanks to the Motorola Droid’s dock and clock (ahem, “Multimedia Station”) mode, my phone became my alarm clock the day I brought it home. (Of course, due to the insanely bright LED lights on the Droid, I have to shut off the display before turning in for bed! The LEDs Hack doesn’t work for me very well.) Android’s default alarm clock is fine, but I really wanted an alarm that didn’t blast me out of bed in the morning, but started out quietly instead, and gradually increased in volume until it woke me up. Luckily, the Gentle Alarm app exists for just this purpose.

Gentle Alarm provides alarms that fade in over a user-definable period, and customizable snooze times, too. It can ring any alarm, audio file, or ringtone on your phone. (The app, and your Android ROM, come with a number of alarm sounds by default.) Gentle Alarm’s defining feature is its “pre-alarm” feature, which tries to take advantage of your sleep cycles to wake you up when you are refreshed. The idea is to ring a very quiet alarm, prior to your normal wake-up time, to rouse you if you are already almost awake. If you are still in a deep sleep, you won’t be able to hear it. (It’s true!) The app helps you calibrate the volume, so the pre-alarm will only wake you up when you are not sleeping deeply, and the main alarm will always ring loud enough (eventually) to rouse you out bed. I’ve found that the pre-alarm helps me wake up earlier, or at least hit snooze less often, and still refreshed.

If you’re worried about replacing Android’s tried and true alarm system with a third-party, and potentially unstable, application, don’t be. Gentle Alarm hooks into Android’s normal alarm routines, so, short of your battery dying, you can be assured that the alarm will ring.

It took only one night’s trial for me to fall in love with and purchase the Gentle Alarm app. (The free version only works 6 days per week.)

Sleep Now

Sleep Now is a great app for the power napper or anyone who has trouble getting to sleep at night. It’s a fancy white-noise generator and alarm clock wrapped up into one package. I really like it, because I think it helps me fall asleep faster, and sleep more soundly, than I did without it.

You set up programs to fall asleep to music or white noise.

1. Relax to music (whatever is on your phone), white noise, or other sounds included with the app.
2. Sleep to white noise, other sounds, or silence.
3. Wake up to a gentle alarm.

Programs can be configured to a fixed sleep timeframe, such as a 20-minute power nap, or to prompt you for a sleep duration when you run them. The alarms are similar to the Gentle Alarm app, but cannot be scheduled to exact times of day, and do not include the pre-alarm function. Like Gentle Alarm, Sleep Now allows you to calibrate your volume.

Two Apps?!

I bought both apps and use them every day. I think that Gentle Alarm could be folded into Sleep Now, because only two features of Gentle Alarm (alarm scheduling and the pre-alarm) are missing from Sleep Now as it is. The developer may do that in the future. Because the apps are not that expensive, I use them every day, and I like to support small developers, I didn’t hesitate to buy both.

If you have a consumer-grade camcorder, such as the Flip MinoHD (2nd Generation), like I do, you probably should use a tripod of some sort to stabilize your shots. Obviously, if your camcorder is smaller than a deck of cards, you probably aren’t going to lug around a full sized tripod. Luckily, mini-tripods exist, which are (almost) pocketable, and make steady shooting easy. The GorillaPod is a prime example.

The GorillaPod is a mini-tripod for cameras and camcorders with an interesting feature: bendable legs that conform to almost any surface. As you might imagine, it is very effective when placing your camera on uneven surfaces, such as rocks, blankets, and nearly anything found in nature. The extreme flexibility of the legs also allows you to clamp it onto vertical, horizontal, and diagonal handrails, chair-rails, guide-wires, and what have you. Indoors, chair backs make a great, impromptu stand.

Flat surfaces, however, are more challenging to deal with. Every “node” of these legs, including where the legs and mount attach, is posable, and there is no easy way to perfectly straighten them. This means that you have to manually adjust the mount to ensure the camera is level. That’s a minor inconvenience for such a cool and flexible tripod. I’ve even found that I can use its legs to steady the camera even while I’m holding it.

It isn’t obvious at first how to list all the members of a group from a Linux command line (I’m using Ubuntu Server 10.04 Lucid Lynx).

Listing A User’s Groups

It is very easy to list the groups that a user belongs to. Simply use the groups command.

$ groups user

This command will output the user name and a space-delimited list of all the groups that user belongs to, as follows:

user : user dialout cdrom floppy audio dip vido plugdev users fuse lp admin sambashare

Listing a Group’s Members (Users)

If you want to do the opposite, and list the members of a group, you can use the members command. The catch is: the command is not installed by default. Fortunately, it is simple to install:

$ sudo apt-get install members

Once the package is installed, you can issue the members command similarly to how you issue the groups command.

$ members groupname

This will output a space-delimited list of all the members of the group, as follows:

member1 member2 member3

Unlike the groups command, it does not output the name of the group. You may use the optional arguments --primary and --secondary to list only the primary or secondary users within the group.

Strawberries are in season, and they are sweet, cheap (relatively speaking), and plentiful. One elegant and deceptively simple spring and summer dessert is chocolate covered strawberries. It’s nice enough to serve to company but it only takes a few minutes to make. Plus, they look fantastic, whether they are on their own, or served alongside other desserts (such as a slice of cake!).

The chocolate you use makes a big difference in this recipe. In season strawberries are sweet, so you don’t necessarily want to use a sweet chocolate, such as milk chocolate. Use white chocolate for color, not for taste. I recommend using good quality 70% cacao chocolate. Its bitterness contrasts well with the strawberries, but it is sweet enough, unlike higher cacao content chocolates, to complement the strawberries rather than compete with them. Chocolate bars are said to be higher quality than chocolate chips, and are often a little cheaper, ounce for ounce. I recommend that you use them and chop them yourself. I found that my chef’s knife made short work out of the thin “baking” chocolate bars sold in the supermarket. Use a serrated knife to chop of thicker bars.

Ingredients

• 1 quart package fresh strawberries
• 8 oz dark chocolate, chopped (I use 2 70% Cacao Extra Bittersweet Baking Bars. You could use dark chocolate chips.)
• 4 oz white chocolate, chopped (White chocolate chips are fine.)
• 1 tbsp butter (optional, but it gives the chocolate an appealing silkiness)

Technique

1. Line a baking sheet with waxed paper.
2. Wash and thoroughly dry the strawberries. You don’t hull them for this dessert.
3. Melt the dark chocolate and butter together. I like to use an improvised double boiler for this. A double boiler is simply a mixing bowl set on top of a pot of water which is simmering (not boiling) on the stove. Make sure that the bottom of the mixing bowl does not touch the water. You could also melt the chocolate in the microwave. Use 50% power for 1 minute, check it, and then continue heating in 30-second increments, until the chocolate is melted. Stir the chocolate to ensure even melting.
4. When the dark chocolate is melted, start dipping the strawberries in it, holding each by the stem. Try not to dip the entire strawberry; leave some bare space to hold onto while eating it.
5. After dipping each strawberry, place it on the wax paper. The metal baking sheet will help the chocolate cool down and harden faster.
6. After the chocolate hardens, melt the white chocolate, similarly to how you melted the dark chocolate.
7. Put the melted white chocolate into a plastic sandwich bag* and cut a tiny hole in one of the corners. This will serve as a makeshift piping bag. *The easiest way to fill the bag is to stuff one corner into a small cup, fold the rest of the bag over the edges of the cup, and dump the melted chocolate in.
8. Pipe the white chocolate in a zig-zag pattern onto the strawberries.
9. Place the tray in the refrigerator to allow the chocolate to harden. Once it has, they are ready to remove from the wax paper, serve, and eat!

Here are instructions on how to overclock your Motorola Droid. I learned how to do this through various forum posts and a blog posts, some of which were a confusing mess of information and misinformation. My goals is to summarize what I have learned in one place, to act as a more-or-less definitive guide.

1. Root your Droid. (Note that I rooted my Droid before 2.1 came out, so I have not followed the instructions that I have linked to, and cannot comment upon them.)
2. Install ROM Manager from the Android Market. This app, and the ClockworkMod Recovery it comes with, make flashing ROMs a lot simpler than the process used to root your phone.
3. Flash ClockworkMod Recovery via ROM Manager. (You don’t need the paid version for this tutorial.)
   1. Launch the ROM Manager.
   2. Click the first option: “Flash ClockwordMod Recovery.”
   1. Grant the app root access (and check “Always Allow”) when it asks you.
   1. A popup will ask you to confirm your phone model. Just click on “Motorola Droid (CDMA)”.
   2. This will download and install the ClockworkMod recovery image. Just wait a couple minutes. There’s no need to reboot your phone afterwards.
4. Install the latest stable CyanogenMod via ROM Manager.
   1. In ROM Manager, click the “Download ROM” option, then click “CyanogenMod”, then click the latest stable release. As of this writing, the latest stable release for the Droid is 5.0.6.2.
   2. A popup will appear. Check the box next to “Google Apps” and click “OK”.
   3. ROM Manager will then download the ROMs for Cyanogen and Google Apps. When the downloads are complete, ROM Manager will alert you for more options prior to installation.
   4. When the downloads are complete, a “ROM Pre-Installation” popup will appear. Check the option to “Backup Existing ROM” just to be safe. If you are doing this for the first time, or are changing themes, check “Wipe Data and Cache”; you may leave it unchecked if you are upgrading to a new version of the same ROM. Click “OK”.
   5. The phone will then reboot into recovery, back up your current ROM to the SD card, install CyanogenMod, and then reboot when it is done. The first boot into the new ROM might take a little longer than normal. Don’t worry.
5. Set up your phone again.
   1. You will need to sign into Google again and re-download all your apps. (Yes, this is a pain, but you did just reinstall everything on your phone!) You can re-download your apps after overclocking, if you wish. You will not have to pay again for any paid applications you purchased from the Android Market. You will not have problems “reactivating” your phone.
   2. If Google apps, such as Google Maps, are missing, that means that you didn’t check “Google Apps” when you downloaded the ROM. You will have to install Rom Manager and then reinstall CyanogenMod with Google Apps to fix this.
6. Install the bekit kernel, which allows you to overclock your CPU.
   1. Open ROM Manager.
   2. Click “Download Rom”, then “CyanogenMod”, then “bekit Kernals (0.8.3)”.
   3. Choose your bekit kernel from the popup that appears. I recommend “5 Slot 800MHz 0.8.3 *Low Voltage*” (which I use for this tutorial) or “5 Slot 1.0 GHz 0.8.3 *Low Voltage*”. A “slot” is an operating frequency. 5-slot means that there are 5 speed settings at which you can set your CPU. 7-slot kernals have 2 more speed settings. I don’t see much need to set the CPU to a whole bunch of different frequencies, so 5-slot kernals are good enough for me. You should stick to the “Low Voltage” kernels (scroll down in the list to find them) to avoid overheating your CPU or decreasing battery life more than necessary.
   4. The kernel install process through the ROM Manager works similarly to the CyanogenMod ROM install process. When the kernel download is complete, a “ROM Pre-Installation” popup will appear. Check “Backup Existing ROM” if this is your first time changing kernels, or if you don’t have a recent backup. Do not check “Wipe Data and Cache”. Click “OK”.
   5. The phone will reboot into recovery, back up your current ROM to the SD card (if you selected that option), install the new kernel, and then reboot when it is done.
7. Purchase and install SetCPU from the Android Market. It costs $1.99 as of this writing, and is totally worth it. Read more about SetCPU here.
8. Set up SetCPU’s global settings.
   1. Launch SetCPU.
   2. Click the “Autodetect Speeds” button. Grant the app root access (and check “Always Allow”) when it asks you.
   3. SetCPU will display the maximum and minimum CPU speeds your kernel supports. Using the “5 Slot 800MHz 0.8.3 *Low Voltage*” bekit kernel, you should see 800MHz max and 250 MHz min.
   4. Adjust the sliders on SetCPU’s main screen to set the global minimum and maximum CPU speeds. I tend to leave the minimum as 250MHz and the maximum as 800MHz. Remember that the stock Motorola Droid CPU is underclocked from 600MHz to 550 MHz, so 250MHz is actually underclocking (better for battery life) and 800MHz is overclocking (better for performance).
   5. Set the CPU Governor. I recommend using default CPU Governor: “ondemand.” This means that the CPU will scale up when the phone is busy (i.e., when you are using it) and will scale down when the phone is idle (i.e., sleeping). The “conservative” CPU Governor scales speeds up more slowly than “ondemand” does; I find that it makes games a little laggy. The “performance” CPU Governor simply always uses the maximum speed setting; this seems unnecessary for a device that spends most of the time sleeping.
   6. Check “Set on Boot”. The only reasons not to have “Set on Boot” checked is if you are flashing a new ROM, or if you are overclocking by a lot (say, to 1.2 GHz) and are concerned about stability.
9. Set up SetCPU Profiles. (This step is optional, but recommended.)
   1. In SetCPU, click the “Profiles” button. A popup will appear.
   2. Check “Profiles On” in the popup.
   3. To update a profile, click on its “Enabled” checkbox, click the “Modify” button, set the CPU speed sliders and CPU Governors in the popup, and click the “Apply” button. My recommended profile settings (for my 800MHz kernel) follow.
   4. Enable the “Charging” profile. Set to 550 Max, 250 Min, ondemand. You don’t want to overclock while charging, because the battery is already hotter while charging, and you don’t want to overheat your phone.
   5. Enable the “Sleep/Standby” profile. Set to 550 Max, 400 Min, ondemand. You can set the minimum speed to 250MHz, but I like 400MHz, because the phone wakes up a little faster.
   6. Enable the “Battery Profiles”, which will be in use most of the time you actually are using the phone. You have to set up all 3 profiles for them to work. I like to set them to scale back the CPU speed as the battery is depleted.
      1. Enable a “Power < 100%” profile. Set to 800 Max, 400 Min, ondemand, if battery is under 100%.
      2. Enable a “Power < 50%” profile. Set to 600 Max, 400 Min, ondemand, if battery is under 50%. This steps down the CPU a bit to eke out more battery life.
      3. Enable a “Power < 15%” profile. Set to 550 Max, 250 Min, ondemand, if battery is under 15%. This steps down the CPU a bit more to eke out more battery life.
   7. Leave the “Failsafe Profile” as is, and enabled. This profile kicks in when the phone starts to overheat. I’ve never had my phone overheat for any reason. SetCPU reports the battery temperature of my phone as 30° C to 40° C, which is well under the danger zone for this CPU (which starts, I believe, at 50°C).

After all this, your phone will be overclocked during use and underclocked at rest. I find that a little overclocking makes the Droid a lot more pleasant to use, and doesn’t hamper battery life much, and doesn’t affect stability at all. The whole process will cost you about $2 for SetCPU. If you love ROM Manager, buy that app, too, and support the developers. The premium version of ROM Manager unlocks a lot of ROMs and themes, and provides notifications if an update is available for your ROM.