Friday, August 2, 2013

Gymnastics: Pace, Mantilla revel in opportunities gymnastics provide

Posted: Friday, August 2, 2013 10:06 am | Updated: 10:30 am, Fri Aug 2, 2013.

Gymnastics: Pace, Mantilla revel in opportunities gymnastics provide

Sloane Pace and Louisa Mantilla know they will probably never be Olympic gymnasts — and that’s OK with them.

The tumbling twosome don’t do gymnastics for the medals or the accolades, they do it because there’s nothing in life they are more passionate about.

“I think it’s really fun and it’s a great opportunity because most kids don’t get to do it,” 13-year-old Mantilla said. “It’s a really great sport and you can have fun with it.”

Both Pace and Mantilla have been involved with gymnastics from a young age and have become USA Sports most senior competitive gymnasts at the Gilroy location. They have moved up through the levels of gymnastics since the Lawerence family took over the gym in 2008 and continue to train hard in order to keep progessing.

“I feel like it’s your reward (moving up a level in gymnastics),” 12-year-old Pace said. “All your hard work is paying off and you get this really great sense of accomplishment when you conquer the skills and get to move up.”

In Gilroy, the highest level a gymnast has reached is level 6 in the five years of having a competitive team. But in the Hollister location, gymnasts have reached the optional levels — levels that allow a gymnast to compete in state competitions — and have also gone on to compete at the college level.

One such gymnast is Taylor Lawerence, the daughter of owner Melinda Lawerence, who is currently on the Division I Brigham Young University cheering team.

“The most rewarding thing for me is seeing them (the gymnasts) grow,” Melinda Lawerence said. “With gymnastics, it’s hard to see results. You don’t see day-to-day results. You see monthly or six month results. ... I like to see them not know how to do anything, and then give this a chance and have confidence in something they would’ve never tried or dared to try before.”

Programs are open to both boys and girls who want to learn the different aspects of gymnastics as well participate in the gym’s total body conditioning program. Lawerence said that this type of conditioning is beneficial not just to gymnasts, but to any athlete looking to add more strength and flexibility to their game.

“It definitely keeps you in shape,” Pace said. “You’re constantly working and it’s a really difficult workout that you do. You need to eat healthy because if you don’t, you won’t be able to do the skills. You get mentally strong, too, from having to do all the hard skills that are sometimes scary. You have to build up the mental strength to be able to do it.”

While some use gymnastics as a transition into other sports such as cheerleading, Pace and Mantilla won’t be picking up pom pons any time soon. The pair will be entering high school soon but are grateful that both Gilroy and Christopher High Schools offer a gymnastics program where they can continue to compete and apply what they’ve learned at USA Sports at the high school level.

“We just want to keep moving up, keep progressing,” Mantilla said.

Tuesday, July 23, 2013

FreeBSD success: Block bruteforce ssh attacks, plus squid

I recently built a new FreeBSD server to replace my aging system.  This server acts as my firewall, dhcp server, does NAT, and now that I have lots more disk space, will be the local file server.  During the switchover, I decided to begin using OpenBSD packet filter pf which is one of the firewall options in FreeBSD.

I am still getting the hang of configuring pf, but I have been able to set it up to notice brute force attacks on my open services (e.g. ssh) and put those hosts on a blacklist.  This makes me happy, since my daily system report has always included pages and pages of attempted access to my system.

So I can always recreate my success when I inevitable mess it up later, this post documents how I did it.

First, you need to enable pf.  The FreeBSD handbook has the details.  That page also details what I'm talking about, so this post isn't even needed. :)

The relevant portions of  my pf.conf are something like:
# Services I offer to the world
ext_svc_tcp="{ ssh, ftp, http }"

table <bruteforce> persist
scrub in
nat on $ext_if from !($ext_if) -> ($ext_if:0)
# Filter Rules
block in
block quick from <bruteforce>
# Allow rules for services running on Tigger
pass in on $ext_if inet proto tcp from any to ($ext_if) port $ext_svc_tcp \
        flags S/SA keep state \
        (max-src-conn 50, max-src-conn-rate 10/5, \
        overload <bruteforce> flush global)
I'm not certain if the bruteforce table persists across reboots or reloading of the firewall, but I figure it should since the keyword persist is on the table definition.  Table lines can also have "file <path>" options, which might write it out to an editable file?

How do I know this is working?

# pfctl -t bruteforce -Tshow
No ALTQ support in kernel
ALTQ related functions disabled

I also am attempting to use squid to remove ads during web browsing. On desktop computers, I am very happy with Adblock Plus on Firefox, but it really bothers me that I am deluged with ads on my iPad and the like.  SquidGuard seems like the perfect addition to filter the ads, but, while I have configured it into the stream, it isn't blocking things I know it should.   However, I have had success with Upside-down-ternet.  The kids don't know what hit them. (I recommend using mogrify options "-flip -swirl 45".)

squid is automatically placed into all outgoing http requests by adding this line to pf.conf:
rdr pass on $int_if proto tcp to port http -> port 3129
and adding this to squid.conf, after rebuilding www/squid33 with TP_PF enabled:
http_port 3129 intercept