A Collection of Thoughts & Discoveries

Specific Gravity Calculator for Gemstones

A gemologist friend of mine recently complained about the tedium of calculating gemstone and mineral specimen specific gravity via the hydrostatic weighing method. You see, after weighing the specimen in air (at room temperature) and in water (at 4º Celsius, ideally) one must do a little math to determine the specific gravity (S.G.) of a sample. The formula is very simple: It’s the weight in air, divided by the loss of weight in water (at 4º Celsius). Or: the weight in air, divided by the weight in air minus the weight in water. Simple. Right? But when you do dozens (or more) of these a day, it gets tedious. High-end lab equipment will do the calculations for the technician, but my friend doesn’t have such equipment. And such equipment doesn’t help if one is in the field.

There are a few calculators on the Web, but most are not mobile-phone-friendly, and he likes to use his iPhone around his lab. So I coded this simple little web app to help my friend in his time of need. Of course he wants a native iOS app, but that seems a bit overkill for such a simple task.

Now I just need to update this site to modernize it and make it mobile-friendly. So little time…

If you’d like to use the calculator, you can go here and calculate ‘til your heart’s content. It’s labeled to suggest entering carat weight (for precision), but entering weight in grams is fine as well (but rounding may negatively affect accuracy, depending upon your precision). Most important is to not mix units of measure.

Cisco Switches to Weaker Hashing Scheme

“Cisco switches to weaker hashing scheme, passwords cracked wide open.”

In this day and age, for a company with such technical and financial resources such as Cisco Systems to “dumb down” their password hashing methods is inexcusable and irresponsible. As noted elsewhere here, other large companies (like LinkedIn) have employed poor password management practices and they and their users have paid for it.

It turns out that Cisco’s new method for converting passwords into one-way hashes uses a single iteration of the SHA256 function with no cryptographic salt.

Read about Cisco’s poor choice here on Ars Technica. I expect there’ll be a fix in an update, but sheesh.

Patent Wars: Of Smartphones and Sewing Machines

Bloomberg has posted an interesting article in which historical comparisons to patent infringement and litigation of the 1,800’s and today are made. Airplanes, sewing machines, agricultural reapers and smartphones share a history (and present) of conflicts over patents.

I’d like to see the tech patent wars end as they did with the sewing machine — with patent pools. It’s being reported that Apple and Google spent more on purchasing patents and litigation than on R & D last year. (I’d like to see most software patents go away altogether, but that’s a different issue, although it’s also discussed in the linked NYT article.)

The New York Times has also published a rather detailed article today on the topic of smartphone patent litigation which addresses some of the stresses the issues place on a bureaucratic system and on the markets.

Check out the Bloomberg article here.

The New York Times article is here.

Web Security: Fundamental Obligations to Protect Users, Part 1

Part 1: Passwords

In this day and age, when there are highly publicized reports of security lapses associated with user data around the web, there is no excuse for weak password security practices to continue. Web services which require users to submit personal information, email addresses, use passwords or passphrases to access accounts, etc., have an obligation to exercise best-practice fundamentals when designing their services. Mistakes happen, breaches will occur, but neglecting to at least implement best-practice fundamentals is not acceptable.

Recently, I have experienced several examples of very poor security design on various websites and it simply baffles me that businesses allow this sort of condition to persist in the wake of so much negative press. We’ve had examples of poor practices made very public and embarrassing at: RockYou, Gawker, Stratfor, eHarmony, LinkedIn, Sony, Yahoo! and more, and yet developers and business managers are allowing the weakest of practices to persist.

Here are some simple examples of basic do’s and don’ts, describing what should be minimum habits of design. This represents just a few of the lowest of low-hanging fruit. There must be a complete and comprehensive security policy throughout.

1. Registration and Logon must be over HTTPS, i.e. Transport Layer Security (TLS), SSL, etc.

No exceptions unless the site is just a personal project for sharing a semi-private blog among friends and family and you don’t really care if non-members access it. For websites which are for commerce or community this should not be an option. There are security holes when redirecting from HTTP to HTTPS (or including logon forms on non-secure pages), but that’s another post.

2. Don’t store users’ passwords in plain text. Argh!

This is a big one. There’s NO justification for this and yet mega-corp Sony did exactly this (according to reports) and bore significant abrasion to their rep and their pocketbook, with the issue affecting millions of account holders. In fact they had to close down the PlayStation Network for quite some time while they retooled. And Yahoo! was recently hacked in which nearly a half million passwords were exposed for this weak practice.

3. Don’t skip the salt!

No Thank You… for Your Investment

Raising funding for an Internet startup project is a grueling and somewhat complicated process. As most of my friends know, I’m involved in such a startup about which we’re very excited. So far, the feedback has been nothing short of fantastic from all who have seen it. Our project has a humanitarian element to it, so finding the right investment partner (or partners) is very important to us. We’re taking a lot of time to find the right fit. We truly want our investor to make a handsome return, but we want to work with people who care about more than just making a buck. To that end, we have stepped away from potential investors for various reasons, and this week we did again. I’d like to share a bit of the “what” and “why”.

First, even if our project (or yours) did not have a humanitarian element we’d still want to be very selective regarding the type of investors with whom we work. This is fundamental to any long-term business relationship and extremely important in the Internet startup world. We must like and respect our partners, and this must be truly mutual for the project to flourish.

Angel investor background: Working with a special liaison, we presented our project to what was described to us as a very special angel investor. We did a lot of background due diligence on the individual and he was more than qualified as an investor and a professional. This person could be considered to have a very public persona within his profession and it was stated that he was interested in investing in special projects which will do good, and which are “bigger than he is”. That sounded like potential for a fit.

We’re looking to raise investment funds of a non-trivial amount, i.e. solid seven figures. But it must come from a truly ethical source and someone(s) genuinely interested in building something great to help others. That’s not the easiest criteria to start with, but we thought we had a good fit with this investor who had stated that they LOVE our project.

So what went wrong? Why did we withdraw our invitation to invest, when we thought we were likely going to close with this investor? We put a tremendous amount of work into our presentation, in a form suitable to the investor’s preferences and we were told that we hit all the right notes. In fact, we received a term sheet with an offer to which we countered and we were getting closer to mutually-agreeable terms. We weren’t in exact alignment yet, but the differences were shrinking – mostly centering on valuation – and we felt a close was possible soon.

We returned what we had hoped would be our final adjustments to the term sheet, but still remained opened minded, as we always want to consider all parties and their valid needs. In other words, this was our final offer unless we could be convinced to flex a tiny bit more. But here’s where the deal went south: The investor received the package via e-mail on Wednesday evening, May 16th and replied with thanks and “I will review over the weekend and get back with you the beginning of next week”. That meant the following Monday or Tuesday, and that’s consistent with his pattern up to that point. Well, the next Tuesday came and went; the Memorial Day holiday weekend was approaching and so we figured it might be the following Tuesday that we’d have our reply. We contacted our liaison with the investor to check status. We were assured that he was still VERY interested and looking at a couple of options to help get it all settled…

Then, after waiting an additional week, we get a nasty e-mail stating that the e-mail attachment could not be opened; and he had his “best IT men working on it for the past five business days” to open the attachment, so he knew “it wasn’t on his end”. This was then followed by some disrespectful, condescending crap and an offer to invest at a split between what he understood our offer would be and his last. WHAT?? You want us to believe that someone in IT spent more than 90 seconds on it before realizing that the file was corrupted in transit?? (And by the way, the file opened fine for others on various operating systems, even after the file name was corrupted.) Would it not make sense to simply ask for a new file to be sent? Are your IT people so inept as to waste valuable time on such a thing? Or are you prone to lies and attacks when you attempt to manipulate others during negotiation? If this is how one functions during the courtship and honeymoon, how is it likely to be when in the trenches of business together?

Now let’s break this down (in case it’s not obvious):

1) After briefly attempting to open an e-mail attachment which seems to be corrupted, a normal person would simply request a replacement – not waste time on the original.

2) Rather than berating those with whom one is about to invest a large sum of money, does it not make sense to pleasantly seek a solution to the minor hiccup? Hint: yes.

3) If an investor is showing signs of Napoleonic tendencies over rules of contact and something so common as a corrupted attachment file name, what will the relationship on your Board of Directors be like? Answer: Not pleasant, nor productive!

4) If the investor realizes that he did not respond in the time frame which he personally had set, and which crowded the expiration date of the original term sheet, why lie about spending five days on attempting to open the file? Why not simply say “sorry, I needed a bit more time to complete my process” or similar? This is either meant to manipulate the time frame and press toward urgency to pressure a close at his desired terms, or simply a lack of ability to accept responsibility for one’s own delay by apologizing and rescheduling. Either way, a bad partner! Walk away.

5) Suggesting that the team’s technical ability is in question because the attachment could not be opened? Do I really need to point out the flaws here? Our web application is comprised of thousands of lines of code, including (but not limited to) PHP, Java, JavaScript, Perl, XHTML, CSS, and HTML5, in addition to various server technologies. We’re pretty sure we know how to attach a file to e-mail, and we know how to replace it if it gets corrupted. This attack method was used to intimidate so that we would acquiesce to the investor’s terms (in this case, additional equity), but as mature and experienced business people we were not phased. Don’t let this negatively affect you. See it as the blessing it is (a clear sign of things to come if you accept his money) and walk away from this investor. A bad investor can be worse than no investor at all.

What’s the moral of the story? Keep your business standards high, and never, ever accept investment from someone who shows little or no sincere respect for you and your team at any time throughout the process – or who thinks too highly of themself. Of course in this investor’s previous counter-offer he stated “Your company and its leadership is above reproach and I am well pleased” so go figure. Bullying is not a rare tactic in business negotiation, but don’t let it affect you. It tells you two very important things about your negotiation counterpart: 1) S/he is very interested in your deal (or they would have disengaged); and 2) this person may be difficult to work with in the future, so you’ve gained useful information to consider.

And if you’re an investor: If you want to invest in great projects with great people and be a part of something really big–much bigger than yourself, DON’T BE A JERK!

Bottom line: We withdrew our invitation for investment and are cheerfully moving on.

One final note: Some might be tempted to blame our liaison for not properly vetting the investor, but that’s not how we feel at all. The liaison has known the investor for a long time and they have closed several investment transactions. However, we gather (from certain inquiries) that many of those investments were made in which the principles were more desperate for funding and didn’t have the resources or experience to repel or avoid such tactics. The investor simply tarnished his own “face” and the liaison has likely now seen another side of him.

U of F Eliminates Computer Science Program for Athletics: Wow…

According to an article at Forbes the University of Florida is eliminating its computer science program to save $1.7 million while the athletic department receives a budget increase.

Let’s get this straight: in the midst of a technology revolution, with a shortage of engineers and computer scientists, UF decides to cut computer science completely? Steven Salzberg: Forbes

Universities are big business, but eliminating C.S. while the U.S. struggles to improve employment statistics seems wrong-minded to me.

The Browser I Love(d) to Hate

I count myself among those who love to hate Internet Explorer (IE), at least versions up to, and including, IE8. It’s a web developer’s nightmare (although IE8 has been an improvement) and costs clients money for the additional work required to build and maintain websites which support all current browsers. We build a “web-standards compliant site”, and then add IE support… sigh. In version 9, IE has begun to finally support some web standards which have long been part of the W3C web standards spec, as well as some design rules used in newer CSS practices which have been supported by most other browsers for some time now.

This Microsoft ad for Internet Explorer is making the rounds and I must give Microsoft a “tip o’ the hat” for laughing at themselves a bit. We should all laugh at ourselves at times and resist taking ourselves too seriously. I could go on a long diatribe about why IE sucks or sucked in past versions, but why? You probably know, or can easily find abundant complaints for the lack of web-standards support which has been the norm with IE. Better to just enjoy this new Microsoft advertisement and give them credit for improving, as well as poking a bit of fun at themselves.

Flaw Found in Online Encryption Method

I found this article interesting, but have been swamped and didn’t get around to writing a post about it. It’s been sitting in my to-do pile, so I’ll just punt and link to it here.

A team of European and American mathematicians and cryptographers have discovered an unexpected weakness in the encryption system widely used worldwide for online shopping, banking, e-mail and other Internet services intended to remain private and secure.

Security is so important in web application design, but cryptography quirks and nuances can affect even well conceived designs. Yet another reason to maintain “best practice” coding and use “belt and suspenders” security design whenever possible. The researchers’ technical paper is available here (as a pdf).

Apple: From Computers to Consumer Electronics Company

Apple’s path from computer company to a consumer electronics company – and consumer services company – has been going on for a long time. As a long-time Apple user and an admirer of their products and much of their software, especially much of OS X, and a one-time stockholder, I’m actually quite disappointed by the “evolution of Apple” as it currently is going – at least regarding the OS and high-end tools. Oh sure, I do get it from a business point of view, from a shareholder value perspective, etc., but I’m just not thrilled with it from a selfish point of view.

Lots of people complain about “the Apple walled garden”, yet with some exceptions, I really like Apple’s integrated approach as it pertains to quality control and a uniform user experience. That many of these controls also add to Apple’s profitability is fine with me. That’s business, and I like the products.

However, as one who likes computers to feel like mature tools, I really don’t like the direction of Mac OS X at this time. I like OS X 10.6.x (Snow Leopard) very much. It’s stable on my machines (much better than Leopard, which was worse than Tiger for me), it looks grown-up and mostly works well with my software and peripherals. I don’t like Lion and find the UI absolutely atrocious in some areas (esp. the Address Book and iCal), as it looks like Romper Room to me and it’s tacky IMHO. Hopefully Apple will consider moving back to a mature and elegant user interface in Mountain Lion and beyond. The move to a uniform “iOS feel” across Apple products is the obvious direction, but it’s something I truly hate about Apple’s current path. For the consumer market it makes sense, but for people (like me) who like computers to feel like tools with detailed controls instead of a stroll through FAO Schwarz it’s not a great path. Don’t get me wrong, I love the integration, just not the “sameness” across tools used for different tasks.

This is all a very personal thing, and I’m sure that there are many who love the current path (or simply don’t care). For example, I’m one who loves the detailed controls available in Photoshop and hates the simplified UI of products like iPhoto. Even Adobe Lightroom is not for me because of the lack of precision. Apple really ticked off a lot pro users with their “update” to Final Cut Pro because of “dumbing it down” in many users’ eyes. Apple has moved away from supporting pro users on many fronts, such as color management (horrible support), discontinuation of their one display suitable for high-end image processing (the 30 inch cinema display), and a tower line with very limited RAM expansion capacity and long-due for an update (last updated August of 2010). Again, I get it, for business reasons. I just don’t like it.

Over time Apple had lost a lot of the enterprise world (or didn’t get it at all in many sectors) as IT managers stayed with the Windows platform. I’m always rooting for Apple to get more uptake in enterprise, but I can see why CIOs are hesitant to invest in Apple. Apple is making progress in this market, but talking with ranking engineers at large enterprises I can understand the resistance. One concern which I had not considered is Apple’s frequent OS updates which are not as backward compatible as needed. That doesn’t really affect me, so I overlooked it. My friend said that his team at a Fortune 100 company is using mostly Window XP still and that a change to Windows 7 will be very time consuming and costly. Enterprise needs stability, not new eye-candy. Still, thanks to the great success of the iPhone and iPad, Apple computers are working their way in to more enterprises and I like that.

Here’s an article that describes some real concerns with Mac OS X Lion in the enterprise environment. Most of what is described would be fairly easy to fix if Apple were to focus on such adjustments. The part about automatically reopening applications and windows which were open at shutdown would be an easy fix and is the source of much frustration even for the non-enterprise Mac community. There’s at least one lengthy thread in Apple’s support forums asking for this to be fixed. Apple just need to give the pro and business users a little love now and then, even though they’re “killing it” with iOS.

So there is my rant and personal lament regarding how I wish that Apple would find a way to continue to support not only the vision that is iOS, but also keep supporting those who use computers for more technical tasks, business needs, and professional production, and less so for social congregation. My whining is personal, but I also hear if from friends using OS X Lion and looking ahead to OS X “Mountain Lion”. Plus, Lion has stopped a couple of my friends from switching from Windows and that’s a shame. I’d love to see Apple develop the OS in a way that continues to innovate, yet retains the means for users to work more technically if they wish.

Stop S.O.P.A. and P.I.P.A.

S.O.P.A. and P.I.P.A. are U.S. legislative bills presented as means to protect intellectual property and to stop online “piracy” of digital media. However, behind the labels of these destructive bills lies legislation which is potentially very harmful to how the Internet works to empower individuals, while pandering to certain parties in the movie industry and music industry. It’s no surprise that representatives in Congress would pander to the likes of these skillful and well-funded lobbyists, but the Internet is a valuable, global asset which must not be controlled by special interests.

To be clear, I am against any form of intellectual or creative property piracy, including bit torrents to share music against its creators’ will, using photos without the photographer’s permission, etc. We currently have laws in place against such behavior, but S.O.P.A. and P.I.P.A. appear to be designed to simply help U.S. media industry players who refuse to embrace new business models as technology has evolved–at the expense of the entire Internet.

Here’s a great talk by Clay Shirky on TED:

EDIT: I removed the embedded video here because the method TED uses for video embeds is such a drain on resources and loads incredibly slowly. So the link to the talk on the TED website is here, and worth a watch: Link to video on TED

Please inform yourself about S.O.P.A. and P.I.P.A. by following the links below, and reach out to your representatives in Washington D.C. to let them know that if they support such rubbish it will cost them their jobs.

SOPA: Hollywood Finally Gets a Chance to Break the Internet

Wired.com’s Comments

An Article on Ars Technica on SOPA

SOPA on Open Congress

PIPA on Open Congress

Congressman Darrell Issa’s Project: Keep the Web Open

An Important Point Raised at Read-Write Web

Misadventures in VC funding: Rand Fishkin Shares His Experiences

Rand Fishkin, CEO of Moz (formally SEOmoz), has posted a very interesting article on the experiences he and his colleagues experienced during a recent attempt to raise $24 million in venture capital. He had signed the term sheet and received the letter of intent from the VC, but ultimately they did not close. In the post, Rand lays out the chain of events, and shares what he learned about the process and what he could have done differently. But most importantly, he points out the importance of choosing an investor who is aligned with your own vision and team culture. Rand’s tone is humble and the content is remarkably transparent. This type of sharing by Rand is a great resource for startups considering taking venture capital.

Within the post there are links to a couple of blog entries about previous funding attempts. They’re worth checking out too.

Misadventures in VC Funding: The $24 Million Moz Almost Raised

Marc Andreessen: Why Software is Eating the World

The Wall Street Journal has published an insightful essay by Marc Andreessen on how technology permeates society, even in analogue life.

My own theory is that we are in the middle of a dramatic and broad technological and economic shift in which software companies are poised to take over large swathes of the economy. Marc Andreessen

Andreessen, an immensely successful entrepreneur, as well as venture capital and angel investor, sees tremendous opportunity globally in this trend. Of course, he’s not alone, as technology is one of the gleaming bright spots in our very challenging economy.

Marc Andreessen on Why Software is Eating the World  Definitely recommended reading.

Garagiste Healdsburg: A Wine Lover’s Gem

Last Sunday my wife and I needed a day away from the grind, so we impulsively decided to explore a bit of wine tasting in Healdsburg, California – prompted by a random tweet by Chris Sacca in which he mentioned that Cartograph Wines is his favorite winery. Completely unfamiliar with Chris’ taste in wine, it really didn’t matter because we were looking for an excuse to get out… so,  Healdsburg or bust!

Healdsburg is located at the center-point of the Alexander Valley, Dry Creek Valley and Russian River Valley wine producing regions. Thanks largely to the growth in quality wine production in this area – and high quality Pinot Noir wines in particular – Healdsburg has evolved from a quiet little town to a delightful destination with tasting rooms, charming and sophisticated restaurants, shops and great atmosphere. We encountered perfect weather, friendly people and happy dogs enjoying the day there.

Enter Garagiste Healdsburg

Garagiste Healdsburg is a wine tasting collaboration established by Cartograph Wines and Stark Wine – both, micro-wineries which share the same wine making philosophy of quality over quantity. They just opened the tasting room in July of this year and they’ve done a great job in my opinion. The venue has comfortable patio seating with a pleasant fountain, as well as inside seating, so take your pick. Or just stand at the bar and learn about their wines, as we did.

Our hosts were Cartograph Wines proprietors Serena Lourie and Alan Baker. Serena and Alan were an absolute delight to speak with, and both very open and informative about their wine making. Sincere passion for their craft is abundant and obvious in each of them – and infectious. Serena brought us up to speed regarding the wines that both they and Stark produce, while Alan shared specifics of the grape clones used for each wine. I’m a neophyte when it comes to Russian River and Dry Creek Valley pinots and Serena and Alan made me very comfortable as they shared their knowledge. Christian Stark was not at Garagiste on this day, but Serena and Alan are quite knowledgeable about the Stark offerings and explained the materials and processes which Christian employs in making his wines.

We tasted six wines – three from each winery. Cartograph Wines was offering two Pinot Noirs and a very nice Gerwürztraminer,  and Stark presented a Chardonnay, a Syrah and a Viogner – the latter employing grapes from the Sierra foothills because of the advantageous (for the variety) warmer weather there.

Before visiting Garagiste Healdsburg I read on the Cartograph Wines website that they produce a Gerwürztraminer, but I must admit that the “Gerwürz” was of least interest to me. I love good pinots and cabs., and have never really been fond of floral or fruity Alsatian-style wines. Well, I got a lesson in how different this variety can be. The Cartograph Gerwürtz is pleasantly dry (just as they state on their website), yet complex and delicious, without a florid nose that I don’t care much for. A great surprise for me.

Two fine Pinot Noir wines are currently offered by Cartograph Wines: one with grapes from Floodgate Vineyards, and one made from Perli Vineyard grapes. Each is distinctly different, complex and elegant. In fact, we enjoyed a bottle of the Cartograph Wines Floodgate Pinot Noir last night with grilled pork tenderloin and pearl couscous made with sauteed mushrooms, pignoli nuts (pine nuts), celery, garlic, shallots and dried mission figs (simmered in a bit of the pinot to reconstitute) and it ROCKED! You should have been here.  ;-)

The Stark Wine Chardonnay is not a typical heavy-handed, oak-laden wine. We’ve grown tired of such wines, and have in fact largely moved away from Chardonnays because of the popularity (and ubiquity) of the heavy oak style. Serena explained to us that Christian Stark uses stainless and “neutral oak” barrels to avoid the heavy oak elements and that suits us just right. In fact, the Stark Chardonnay has a distinct coconut element, both on the palate and the nose. We look forward to enjoying a bottle with a nice halibut meal.

The Syrah from Stark is another example of the care with which both of these wineries craft their wines. It’s full-bodied, not overly round or mushy (as so many syrahs can be), and in fact it’s complex and well-balanced. To Stark’s credit, the current release is a 2006 vintage – a pleasure to see, in contrast to the really young reds that get pushed into the market much of the time these days. I need to taste this wine again, without tasting five other wines first, to better appreciate its nuances. I purchased two bottles for just such a study.

And finally, the Stark Viogner. I have very little experience with this variety, but enjoyed it very much. It boasts a strong stone fruit complexity that seemed like it would pair nicely with cheese and fruit. In fact Serena suggested that it is fantastic with a nice brie and apricots, and that made perfect sense.

In case you haven’t noticed, there’s a common thread here which applies to each of the wines from both of these micro-wineries: careful attention to quality to produce elegant, well-balanced, nuanced wines. It’s not often that we’ve tasted wines on our explorations where we actually enjoyed each wine we tasted and envisioned the setting in which we’d like to enjoy them again.

So enough of my blathering here. For those close enough to do so, put a picnic together and check out Garagiste Healdsburg. You probably need a break from the grind, too. They ship to many U.S. states as well.

Garagiste Healdsburg is located at 439 Healdsburg Avenue, two blocks north of the plaza. Their hours of operation are from 12:00 noon to 7:00 p.m., Thursday through Sunday (by appointment Monday–Wednesday).

Cheers!

Tomatillo Salsa Verde: My Favorite Salsa Recipe

Here’s the recipe for my favorite salsa. I’ve been asked for it several times by friends and provided it by phone, but when recently asked to email it I thought it would be better to just post it here. It’s a tomatillo salsa verde, or green salsa. It’s really simple to make and requires no cooking. This salsa is addictive when eaten with tortilla chips, but it’s also amazingly versatile as an accompaniment to various foods. I love it on grilled salmon – it’s great on halibut or chicken too. Use it on beef steak (or roast pork or lamb) similar to how you might use a chimichurri sauce. And it’s killer on mahi mahi or shrimp tacos and burritos. Oh, and breakfast potatoes and omelettes, and… well, you get the idea. Of course, all of this assumes it doesn’t get eaten before the food comes off the grill.

Okay, enough talk. Let’s get to this easy recipe.

Ingredients:

1 pound fresh tomatillos, husks removed, rinsed, patted dry and quartered
1 bunch fresh cilantro (probably about 1/2 to 3/4 cup)
1 fresh serrano chili pepper, green, seeds removed, finely chopped [1]
1/2 to 1 fresh habenero chili pepper, seeds removed, finely chopped [1]
1 medium or large garlic glove (or two small cloves), quartered
1 ripe avocado
1 fresh lime [see note 2]
Kosher salt
Fresh ground black pepper

Method:

In a food processor combine the tomatillos, cilantro, chilies and garlic. Add a few twists of fresh ground black pepper and a couple of teaspoons of kosher salt. I like this recipe with a bit of salt, but if you need to reduce the salt you can replace it with some lime juice to taste. Remember that kosher salt is less intense than iodized table salt. I usually add more salt, but taste it after processing to decide.

Blend well in the processor until the ingredients are well processed. Some texture is desired, but not big chunks.

Once well processed, taste for salt and adjust. You’ll be adding the avocado at the end, so anticipate that it will need a bit of salt for that. Also now is the time to squeeze in a bit of lime if you feel the tomatillos lack acid or are a bit sweet. They vary, so adjust to your taste.

Finally, add the avocado as chunks (be sure to keep the pit aside for later [3]) and PULSE the mixture just a few times until the avocado is evenly chopped and distributed as chunks larger than the rest of the salsa mixture.

That’s it. Enjoy!

The salsa improves with some time to allow the flavors to mingle. Making it several hours ahead of time is best. It lasts well in the refrigerator for a day or two (or three) if you store it covered, with the avocado pit placed in the container to help keep the avocado from turning brown.

If you want a bit of color and variety gently add diced tomatoes when you serve it. It’s also very nice with quality, tiny bay shrimp added and served with tortilla chips. We sometimes serve half the batch with shrimp and half without just to mix it up a bit.

[1] I find that the heat provided by the amount of chills in the above list is about right for a broad audience. However, I like it a bit spicier, so often make a hotter batch or divide it and make half as described and half with more chilies. Chilies vary in heat, so when you’re tasting for salt you can add more chili to kick it up if needed. Leaving the seeds and interior ribs of the chilies in will make the salsa spicier. Also, Jalapeños can be substituted, although the flavors of the serrano and habenero are really nice. Try a red and a green jalapeño if that’s the route you go. I chop the chilies before adding just to ensure even distribution.

[2] You may not need to add lime, but sometimes the tomatillos are a bit sweeter or “fruity” tasting. I like to add lime if there’s a lack of acid, etc.

[3] Storing with the avocado pit really makes a difference, so do keep it if you’re not planning to eat all of the salsa right away. Just place the pit in the salsa during storage and remove it when you serve (or don’t).

Burmese Living in Australia Admits to War Crimes

A guilty conscience can be a powerful thing. It’s been known to drive one mad or as in this case, to finally admit to heinous crimes against humanity done in the past.

Burmese refugee, Htoo Htoo Han, has been living as a political refugee in Australia. He has now admitted to the Australian press that he murdered 24 people and had indirect involvement in about 100 more murders some 20 years ago in Burma. He's said to have infiltrated activist groups while working as an undercover officer for Burmese military intelligence.

While in Australia Htoo Htoo Han has been working in support of human rights and speaking out against the Burmese government. He now risks going to prison for his acts in the past, but he claims that he can no longer live with the guilt.

Here are a couple of articles regarding Han's admission: Voice of America and The Sidney Morning Herald. There are others on the web.

Life is brutal for many people in Burma. The Burmese are typically wonderful people, but they live in constant fear of their government. I hope that they will find peace and a democratic government one day, but it won’t be an easy process – even if the military rulers allowed for fair elections. Strong security will need to be in place for many years to protect against territorial conflicts between various warlords throughout Burma.