skip past navigation links
pixel

Technologists (P6 die photo) about archives notes (RSS) music vidconf.net

Technologists.com
pixel
home > tidbits
Distance Multimedia: 4 score & more

pixel
pixel

Periodic writings, less frequent than notes
pixel
2016
pixel

Computing 2017  permanent reference link


pixel
"There are not many who remember
They say a handful still survive"
(1976) Miami 2017 - Billy Joel

October 20, 2016 -- Predicting the future is hard. Even when the concepts are right, the timing is often not. When the year 1984 came along, Nineteen Eighty-Four seemed mostly fictional. 30+ years later, some of Orwell's predictions were prescient. With human travel to Mars merely anticipated, travel to Saturn as in 2001: A Space Odyssey probably won't happen any time soon, but HAL 9000 is very recognizable. So Billy Joel may have been prescient, too, just wrong about the year.



More...
pixel
2013
pixel

It looks like it's a-dyin' an' it's hardly been born  permanent reference link


pixel
(1962) "Song to Woody" - Bob Dylan

Herbert Hoover TV demonstration

July 11, 2013 -- Four score and seven years since the Herbert Hoover TV demonstrations, "distance multimedia", "video conferencing", "telepresence", whatever we want to call it, is still trying to grow up.

Irrational exuberence was en vogue a year ago, but even skeptics didn't forecast sales plummeting.

More...
pixel
2012
pixel

Lies, Damned Lies and
VideoConferencing? Telepresence? Exuberance Expectations  permanent reference link


May 15, 2012 -- A couple of months ago, I seemingly started channeling Alan Greenspan after seeing a report of US$3 billion dollars in video calling revenue for 2011 -- that report also forecasting dramatic growth in the next few years. US$3B in 2011 seemed twice reality and US$22B in the next five years seemed impossible. Part of my thinking was wrong -- the industry has been growing faster than I realized. But the optimistic forecasts seem to already have been tamed by Polycom's April earnings report, and 40+% stock price decline in the last 3 months, and the analogous 12% Cisco stock price decline last week. I remain skeptical of the US$22B figure, but now understand and accept the US$3B figure.


There were at least 4 reports for 2011 industry revenues that I saw at roughly the same time:

More...
pixel
2010
pixel
Looking Back at Mainstream Videoconferencing permanent reference link
pixel
pixel March 1, 2010 -- Last year's biggest video calling news was financial -- Cisco acquiring Tandberg, Skype separating from eBay and Logitech purchasing LifeSize. Let's assume these are signs of maturation, that video calling is significant enough to be termed "mainstream" and look back at the predictions Joe Duran and I made in 1996. We prefaced our book,

Down the Road is our vision of the future of videoconferencing:
Chapter 13: "Barriers Breaking Down" is mostly about the current challenges to successful videoconferencing. With the technologies and developments we see on the near horizon, these challenges will be overcome, and mainstream videoconferencing will surely be a reality.
Chapter 14: "Things to Come" concludes our vision of where videoconferencing will take us, once videoconferencing is mainstream.
As often happens with technology predictions, we were too optimistic in the short term and perhaps not optimistic enough in the longer term. Let's consider more specifics.

More...
pixel
2009
pixel
"Video Conferencing" D.O.A.? permanent reference link
pixel
pixel February 16, 2009 -- After the long predicted "Year of the LAN" finally arrived, use of "LAN" and/or "Local Area Network" died off. "Ethernet" and/or just plain "network" were more sensible words to use -- there was no need to encompass the losers: ARCNET, Token Ring, FDDI et al. Even with the emergence and prominence of WiFi, displacing Ethernet in some contexts, there has been no apparent revival of "LAN".
pixel
pixel Anecdotes, financial results, public opinion and popular culture suggest that we have experienced the year of video conferencing. However, with this arrival of video calling, the term "videoconferencing" is rightfully dying. A variety of terms, e.g., "telepresence", and brands, e.g., Skype, have emerged and become more useful than "conferencing".

More...
pixel
2008
pixel
Flash Forward: The Year of Video Conferencing permanent reference link
pixel
pixel February 19, 2008 -- 18 years ago, the long predicted "Year of the LAN" was no longer in question -- the Local Area Network had finally arrived. A dozen years ago our book predicted "Videoconferencing should become mainstream by the end of the decade ..." How wrong!

More...
pixel
2007
pixel
On a Monday permanent reference link
pixel
pixel September 3, 2007 -- It is another holiday in the U.S. (and Canada). It likely will rain, a fitting end to a "Summer of Rain" in Austin. I've listened to the three songs I usually listen to on Mondays, by the Boomtown Rats, Grandmaster Flash and The Furious Five, and (The Rev.) Al Green.

More...
pixel
Desktop virtual machines (DRM bites me, too) permanent reference link
pixel
(1972) "I can hear the fireworks...        
And it's almost Independence Day." - Van Morrison

pixel
pixel July 4, 2007 -- I can hear the fireworks. It is Independence Day.
pixel
...
pixel
pixel However, back to virtual machines, the device drivers provided by Fedora, VMware and/or Windows 2000 do not seem sufficient to work with the Content Scramble System (CSS) Digital Rights Management (DRM) scheme used with most commercial DVDs. Whenever I would try to play "Jurassic Park" with ShowTime, it would either simply hang or complain of some CSS problem and then hang.
pixel
pixel I have a few non-commercial DVDs. One DVD that my grand-daughter's other grandfather made of her birthday party plays just fine with ShowTime running in the virtual machine. So virtual machine performance passes my test, but this application (playing DVDs) doesn't seem very usable.
pixel
More...
pixel
Upside Down (Windows over Fedora 7 Linux) permanent reference link
pixel
pixel June 18, 2007 -- For some time I've wanted to make better use of a fairly robust X86 machine that was mostly generating heat and wasting electricity while performing minimal duties as a Windows file server.
pixel
...
pixel
pixel Eventually, it dawned that I should try turning the software upside down. Instead of running Fedora in a virtual machine on Windows, the raw hardware could run Fedora and the Windows file server could be relegated to a virtual machine on VMware on Fedora.
pixel
More...
pixel
Real Virtual permanent reference link
pixel
pixel May 21, 2007 -- Sometimes I feel overly cautious as I re-engage with virtual machine thinking. When IBM, Microsoft et al aggressively tout the advantages of deploying servers as virtual machines, what's the sweat? Last month I plunged into decisions and experiences with virtual machines in the "real world" -- production environments. Alas, there was no time for writing stories then, and the thoughts are fleeting.
pixel
More...
pixel
Free code meets free sectors permanent reference link
pixel
pixel March 28, 2007 -- My wife dryly prefaces nostalgic comments with "back in the McKinley administration" (at the turn of the previous century). In the McKinley administration, telegraphs were normal distance communication. In 1927, the baud became a measure of transmission speed. In the 1990s, Andy Grove and others at Intel spoke of "free bauds" in anticipating Internet hyper-growth. Joe and I repeated (paraphrased?) the Intel-speak as "free MIPS meet free bauds" in our Barriers Breaking Down chapter.
pixel
pixel Though Intel did and does charge for processors, their prices in the mid-1990s were likely a few (U.S.) dollars per MIP and today are likely below a penny per MIP. At a free WiFi hotspot, megabits of Internet access are literally free. The smallest allocation unit of most disk drives is a 512 byte sector. 500GB disk drives are readily available for under $200 and have roughly a billion sectors, so the marginal cost of a disk sector is under 0.2 micro-cents.
pixel
pixel In the last week or so, I've become re-enamoredVRM with virtual machines and am using them to gobble up tens of millions of sectors with free software.
pixel
More...
pixel
Looking at and past the windows permanent reference link
pixel
(1965) "Same old places and the same old songs...        
It's the singer, not the song." - Jagger/Richards
(1929) "You may forget the singer, but don't forget this song." - A.P. Carter

pixel
pixel January 19, 2007 -- My head hurts from all of the explorations I've allowed myself, such as
  • Trying to make Windows XP, PuTTY, SSH and Samba cooperate so that I can securely access Windows shares (and Samba shares of Linux file systems) off-premises. An aggravating battle, not for the faint of heart, but I won.
  • Helping a friend, a 20-year Mac user, recover an eMac which OS X had helped mess up. (He seems to have "won" but seems forced into testing his disaster recovery procedures.)
  • Exploring PmWiki and MediaWiki to try to "evangelize" a new church Wiki. I tried both, on IIS on NT4 Server, on Apache on NT4 Server, and Apache on Fedora, FreeBSD, and ubuntu. MediaWiki is way too hard to work with for my purposes. PmWiki is delightful on Apache, and probably OK on supported IIS, but I never got it to work on IIS/NT4.
  • Continuing to clean up self-certified SSL connections for IMAP, LDAP, sendmail and other things I'm probably forgetting.
  • Reading lots of what others have written recently about Vista and OS X.
...
pixel
If the details are not of interest to you, here are some summary suggestions:
  • IMO, not one of the prominent platforms (Linux, Mac OS, Windows) does everything well. Not even close.
  • It is easy to find staunch advocates of each platform and dramatically contrasting writings extolling OS X or Vista or Linux.
  • Except for the staunch advocates of a particular platform, not one of the platforms is good enough to get excited about.
  • The next releases (Fedora/ubuntu 7, Mac OS 10.5, Windows Vista) are not that much better than the predecessors.
  • Personally, there is no urgency to upgrade to Vista or 10.5, certainly not enough motivation to spend money. (With free versions of Linux, there's a little more curiosity basis for exploring the upgrades.)
More...
pixel
Looking out the windows permanent reference link
pixel
(1965) "Same old places and the same old songs...        
It's the singer, not the song." - Jagger/Richards
(1929) "You may forget the singer, but don't forget this song." - A.P. Carter

pixel
pixel January 2, 2007 -- While the "real world" mourns President Ford and ponders the past, present, and future of our planet, many in cyberspace find now the time to ponder hardware, software, and Internet platforms.
pixel
More...
pixel
2006
pixel
(12/18) blogs & S P A M revisited permanent reference link
pixel
pixel My laments about blog overload coincided with Gartner saying
"Blogging and community contributors will peak in the first half of 2007. Given the trend in the average life span of a blogger and the current growth rate of blogs, there are already more than 200 million ex-bloggers. Consequently, the peak number of bloggers will be around 100 million at some point in the first half of 2007." [emphasis added]
pixel Not quite as focused is the TIME Magazine article, "Person of the Year: You". TIME elaborates through more than five paragraphs, eschewing the year's conflicts and tragedies, citing Wikipedia, YouTube, MySpace and Web 2.0 before mentioning blogs. But the technical press, e.g., The Register, and a number of bloggers seem to equate Person of the Year with blogger(s).
pixel
pixel I spend too much time trying to track too many blogs, but do so with ruthless efficiency, only skimming the <title> lines, much in the fashion of skimming news groups in the 80's or reviewing the morning report of yesterday's 1000+ discarded spams. Among the noteworthy trends are the multi-day propagation delays between original posts in specialized blogs to regurgitation in more general sources. This occurs with a variety of topics, from technical to what might be called "geek social", e.g., Microsoft knocked out by mother nature, to the more general.
pixel
pixel For example, when Ahmet Ertegun died December 14, some blogs posted the news that day. Since the death resulted from a fall October 29, it was not a surprise. The New York Times obituary likely was prepared in advance. Lots of sources had the news the next day. But other sources just got around to reporting his death today, when he was buried.
pixel
S P A M, again
pixel
pixel After months of a seeming plateau, there are widespread perceptions and statistics that spam has escalated. Closer to home, my "Suspect" folder seemed to be gathering tens of mails at a time. Spending time purging those items, and forgeries that made it into other folders, made it clear that my previous attempts to discard mail based on originator names, whether forged or real, were fruitless. What I have now is simpler, yet more effective:
  • First, the "white lists" are used to classify and deliver wanted mail, based on origin and recipient. Though spam gets mixed in, due to forgery, most of this mail is valid. Sooner or later authentication technology will exist to eliminate the forgeries.
  • SpamAssassin, with fairly strict settings, marks presumed spam.
  • My own heuristic content filters get a chance to mark as spam anything that SpamAssassin passed.
  • Everything else, which is not much, goes to "Suspect"
  • Though the spam goes to a /dev/null (trash) folder, a nightly report of From & Subject: lines gives me a chance to recover false positives. (Since there can easily be a thousand discarded mails listed in the report, "ruthless" efficiency is expedient in skimming the report.)
In spite of the overall escalation, the latest revisions seem more effective than anything I've used before. Example Procmail configuration is visible at http://technologists.com/~procmail/.procmailrc and the referenced files visible as links in http://technologists.com/~procmail/.
pixel
pixel Of course, along with anticipation about VOIP benefits, there are hazards. "SPam over Internet Telephony" (SPIT) may be one of them.
pixel
coda
pixel
pixel Now that we've adapted to the NT4 end-of-life, or chosen to go on with NT4 in spite of Microsoft, the Windows 2000 end-of-life issues are next.
pixel
pixel Today I was supposed to have my own "high patient satisfaction" surgery, removal of cataracts in my right eye. But my opthamologist was ill, so the surgery is rescheduled for Wednesday morning. If we go ahead with the left eye now, it will be next Thursday.
pixel
(12/13) blog, blog, blog permanent reference link
pixel
pixel Reasons I haven't been writing?
  1. Busy with family
  2. Busy with work, both paid and pro bono
  3. Writer's block
  4. All of the above, but...
"blog overload" has also affected me.
  • Trying to keep up with far too many blogs -- see http://www.bloglines.com/public/CharlesHSauer.
  • Dismay at the questionable over popularization of "blogging" -- everywhere you look there's a new blog, a new RSS feed.
  • Dismay that five years ago I was unable to conjure up good projects leveraging the emerging importance of blogs and RSS.
  • Dismay that five years ago I was unable to persuade local venture capitalists that they should be looking for blog/RSS investments.
  • Doubting whether I had enough worthwhile things to write about.
A few months ago I convinced myself that writing more "tidbits" wasn't a good idea. It was not hard to find supporting searches:
"To blog or not to blog" found over 300,000 matches
"Nothing new" "To blog or not to blog" found over 1,000
"Enough new" "To blog or not to blog" found about 50
But as I revisit various old ideas, I am finding new inspirations. So I'll try to resume writing, perhaps not taking things so seriously, and, perhaps, having a little more humility.
pixel
Videoconferencing
pixel
pixel Ten years ago, when Joe and I had finished Mainstream Videoconferencing, our optimism about the future of the industry was premature. The then dominant suppliers were not nimble enough in the midst of Internet "hyper-growth" and "Year 2000" concerns. For example, PictureTel, the dominant U.S. supplier in the 90's, saw year-to-year revenue declines such that 1999 revenue was 66% of 1996 revenue. After 9/11/2001, new predictions of industry growth flourished, but combined supplier revenue this year is probably no more than half the corresponding figure for 1996.
pixel
pixel However, the evolution of computers, Internet connections and packet-based implementations has finally enabled casual use of videoconferencing. In 1996, high-end PCs were fast enough to handle video coding, audio coding and communication protocols, but were not fast enough to do other things at the same time, and were not inexpensive. For a number of years now, inexpensive PCs have been up to the tasks, so personal video conferencing hardware can be thought of as "almost free".
pixel
pixel The biggest technical hurdle had been "the last mile" connections, which were too slow and too expensive. Pervasive broadband connections are fast enough and affordable. As I use packet-based implementations, both H.323 and SIP, it is delightful to see how robust they can be.
pixel
Packet Telephony (VoIP - Voice over Internet Protocol)
pixel
pixel Though videoconferencing is not yet "mainstream", much of wired telephony is transitioning quickly from circuits to packets.
  • Long distance carriers began transitioning to packets years ago to save costs, unbeknownst to most of their customers.
  • Popular services such as Skype and Vonage have brought Internet telephony to individuals.
  • Broadband providers are doing likewise.
  • Asterisk and other open source software can now turn a PC into a very low cost PBX.
  • Cisco is seeking to expand their presence in voice communications.
  • Microsoft and other software vendors are trying to extend their offerings to fit with voice over Internet protocols.
I have set up a simplistic Asterisk PBX for my own use and am gradually understanding the myriad issues and opportunities. LDAP and other administrative tools have renewed relevance.
pixel
System Administration
pixel
pixel Just as I questioned whether to write more of these "tidbits" I questioned whether I wanted to be committed to the expense and effort of having my own servers and business Internet connection. The monthly fees would probably go down by about two-thirds if I switched to ordinary broadband and a shared hosting service. However, both for client purposes and my own explorations, continuing with my own servers seems worthwhile.
pixel
pixel In particular, if I want to seriously explore Asterisk and alternatives, having the servers and connections I have seems necessary. I had put off upgrading Linux servers from Fedora 3, but when Fedora Core 6 seemed stable, I put it into production. So far, no regrets.
pixel
Macs
pixel
pixel As I reorganize and recycle equipment, doing something better with my dilapidated iBook seems worthwhile. In particular, I want to try videoconferencing with XMeeting, since Joe seems happy with XMeeting on his MacBook. Mac OS X 10.4 is a prerequisite to XMeeting, so upgrading from "Panther" was the first step. Initial testing with XMeeting is promising, even on the obsolescent 900 MHz G3.
pixel
pixel But the way I was using the VGA port on my LCD was cumbersome, and I really disliked the iBook keyboard. Now I have an external USB keyboard and a USB KVM. The iBook is out of sight, analogous to a Mac mini, but definitely not out of mind -- the iBook is finally enjoyable again.
pixel
(4/5) Post-Hiatus Miscellany: Surgery, Photos, Phones, Notebooks, Fedora 5 permanent reference link
pixel
pixel After the last long hiatus, "If Tomorrow Wasn't Such A Long Time", I did not expect another, but it happened, for similar reasons: personal illnesses, a variety of family challenges and blessings, and trying to keep up/catch up with commercial and pro bono professional activities.
pixel
pixel One of the challenges was the continued deterioration of my wife's arthritic left knee. It had been troubling her for over a dozen years, presumably from the stress of pursuing classical ballet until she was 37, and landing on that leg when she did jumps. In early October, our excellent orthopedist recommended knee replacement and scheduled surgery for November. However, family matters took precedence and delayed the surgery, similar to her hip replacement last May, and the surgery was not performed until February 28.
pixel
pixel Knee replacement is more challenging for all than hip replacement. It is more painful, by far, and recovery is slower. Caroline was in the hospital for seven days, vs. four days for the hip. Fortunately, all of the medical professionals we dealt with were good or better, in contrast to the unfortunate experience at the hospital after her hip replacement. I still spent most of my time at the hospital, and one physician told me that if his wife were in the hospital, he would be doing what I was doing. However, five weeks after surgery, Caroline is walking without a cane. Two days ago she was discharged from physical therapy and saw the orthopedist for follow-up. He was pleased enough with her progress that he doesn't need to see her for six months.
pixel
Returning to Managing Digital Photos
pixel
pixel I've not done much, except ponder, since saying I was going to ponder what to do next. I have taken a few photos and have become more fluent in PHP, due to one of my pro bono web site projects. However, on the surface, it doesn't appear that Flickr has changed much except to allow more of their own metadata. Flickr does not seem to have a lot of competition, though others might disagree -- see Flickr has some catching up to do, for example.
pixel
Photo Phones
pixel
pixel One thing I have done is think more about how photo capable phones fit with "real" cameras (note the bias I carry). Caroline got me an LG PM-325 with a built-in camera. At first I thought that the built-in Bluetooth would allow me to transfer photos to Bluetooth capable computers, so I got a little USB Bluetooth dongle. However, the PM-325 doesn't have any useful Bluetooth profiles for file transfer. (The PM-325 does have a profile for Windows "dial-up networking", but my first attempt at using the PM-325 for DUN failed to establish pairing between the notebook and the PM-325.) So, for now, the most pragmatic approach seems to be Sprint's services for email and web access to photos. So far, these are unimpressive. In particular, the navigation is clumsy and (predictably) there is no (preservation of?) metadata.
pixel
Notebooks
pixel
pixel I did get the Dell Latitude D510 as planned and it seems to be what I wanted/expected for both Linux and Windows XP. Though it is bigger than the iBook, it is small enough for my purposes (and I purchased a warranty that will apply even if I drop it!). The iBook is still functional with the external LCD, but it does not get used much.
pixel
Fedora Core 5
pixel
pixel Fedora Core 3 on my production Linux machine is now in legacy status. That is about the only motivation to go with Fedora Core 4, but Fedora Core 5 now seems stable and will probably go on the production machine soon. The only apparent holdup is integrating the mod_auth++ changes into the rewritten mod_auth_basic.c that comes with Apache 2.2 in FC5.
pixel

pixel
2005
pixel
(9/10) The Really Difficult Parts; More iBook Struggles permanent reference link
pixel

"Let Me Keep My Metadata!" (July 22, 2005)
"They Took My JPEGs! & won't give 'em back!" (July 16, 2005)
"They Took My Kodachrome!" (July 2, 2005)
"Don't take my Kodachrome away" - Paul Simon (1973)
"They took our jobs!" South Park (April 28, 2004)

pixel
The Really Difficult Parts
pixel
pixel The previous notes in this series were relatively easy to write. I started to write this one right after the last one, but became consumed by other things.
pixel
pixel However, both back in July and now, I find it hard to take the next steps, to start writing about identifying/sorting/searching/sharing digital photos. I think I understand lots of the pieces, well enough to
  • Be very conscious of the limitations and problems with what I have done so far for my family photo sharing site.
  • Quickly dismiss most of the commercial approaches I have examined.
  • Ponder all of the limitations in Flickr yet admire how much better Flickr seems than the alternatives.
Putting all the pieces together is difficult.
pixel
pixel Some of the requirements include:
  1. Storing vast amounts of data. (My family photos site of 1800 photos is about 8GB, so anything with commercial scalability is many terabytes, if not more than a few petabytes of data.)
  2. Privacy controls to restrict (or not restrict) access to images.
  3. Accessibility to images ranging from thumbnails to original sizes.
  4. Preservation of metadata on all accessible images.
  5. Facilities for adding/editing of image metadata.
  6. Flexibility in organizing and searching, including many views:
    • Date (ranges)
    • Subjects (including lists of specific people, etc.)
    • Locations
    • Photographer
    • Expressions allowing combinations of the above and other info.
pixel What I have done previously allows for pieces of the above and has seemed useful for a first attempt. But that original approach is really very simplistic. I am pondering how and whether to
  1. Continue the status quo.
  2. Attempt incremental changes.
  3. Attempt radical changes.
During my hiatus from thinking/working on this topic, I did notice Philip Greenspun issuing a related specification. See http://philip.greenspun.com/images/tools/slide-shows-spec.txt.
pixel
pixel I found it interesting that Greenspun's spec does not seem to assume a SQL database would be involved in any way. Greenspun is an expert on databases and web sites. In particular, his book Database-backed Web Sites was very meaningful to me when I read it almost a decade ago. I have been assuming that if I attempt radical changes, they will involve some use of a SQL database to facilitate organizing and searching of photos. (I assume the database would not contain large photo images.)
pixel
pixel This is probably the last piece, for a while, on this topic until I take the time to experiment and ponder.
pixel
More iBook Struggles
pixel
pixel My iBook was seemingly doing just fine. I closed the lid one morning a week ago, expecting it to go to sleep mode. When I reopened, it wouldn't wake up. I tried every trick I could think of to get it to power cycle, but no signs of life. I suspected that the small power circuit board that was replaced under warranty in November had failed again, but both the system and the replaced board are out of warranty. (The original warranty expired after 1 year in February, and, coincidentally, the 90 day repair warranty also expired in February.)
pixel
pixel At first, I was ready to abandon it, but a friend recommended a local Apple specialty store (not the Apple store at the shopping mall). That turned out to be good advice.
pixel
pixel For a $45 diagnosis fee, they sort of brought the machine back to life. They worked on it for a couple of hours to accomplish this, so I feel like I got a bargain. However, the backlight on the built-in LCD has clearly failed. They recommend sending to Apple for flat fee repair ($395 less the $45).
pixel
pixel My first reaction was total disbelief at the diagnosis and the price. But I trusted the person I was talking to and was able to reconcile almost everything. The reason I was shocked at the price was recollection of an incident in 1993 when I was at a Microsoft conference in Anaheim. In a crowded dark auditorium, I stepped on my Dell notebook, breaking the backlight tube (a miniature fluorescent bulb). I was no longer with Dell, but a friend still there graciously Fedexed me a couple of replacement backlight tubes. In the hotel room, with only a pocket knife and fingernail clippers for tools, I successfully replaced the backlight tube. But of course it seems that everything Apple costs more, and iBooks seem incredibly difficult to repair. Back to the iBook diagnosis, I remember thinking that the LCD was dimmer than it should be when it came back from Apple repair last year.
pixel
pixel Except when I would take it out of the house, the normal place for the iBook was on a desk next to a dual input (DVI/VGA) LCD. A Windows machine uses the DVI input, but the VGA input was unused. So now the iBook is plugged into the VGA input and seemingly working just fine, ignoring the built-in LCD.
pixel
pixel However, I don't think I could ever trust this iBook again as a portable machine. I'm still thinking it is likely to fail in some other way, just sitting on the desk. So it seems very unlikely that I will get the backlight repaired.
pixel
pixel I have picked out the Dell Latitude I think I want, am still pondering some of the specifics, but will probably order before the end of the month. I don't expect to travel until October, so I don't have urgent need for a notebook. If I had to suddenly travel, I could probably live with my 6 year old Latitude.
pixel
(7/22) Let Me Keep My Metadata! permanent reference link
pixel

"They Took My JPEGs! & won't give 'em back!" (July 16, 2005)
"They Took My Kodachrome!" (July 2, 2005)
"Don't take my Kodachrome away" - Paul Simon (1973)
"They took our jobs!" South Park (April 28, 2004)

pixel
pixel If you buy a (conventional audio) CD, you expect to find basic information about the music printed on the disc and/or the paper insert:
  • Year published (copyright date)
  • Song titles
  • Performers/composers
  • (maybe) lyrics and other descriptive information
If you buy an MP3 file, most of this metadata should be embedded in the file, in addition to the sounds. Programs like iTunes and Musicmatch that organize libraries of MP3s depend on the metadata. Sometimes these programs ask the user to provide some of the metadata. (These programs usually mostly ignore the file name. "MyFavoriteSong.mp3" is not a reliable indication of what song is in the file!)
pixel
pixel 50 years ago, if you took a snapshot, you could expect the photo-processor to put the processing date on the prints and/or slides. You might pencil a description on the back of the print or the border of the slide. Today, if you take a digital photo, you can expect your camera to put all sorts of metadata in the JPEG file: date, time, exposure settings, focus settings, pixel counts (e.g., 2048x1536), etc. Sometime in the future, you or someone else might want to know the names of people in the picture, where it was taken, etc.
pixel
pixel MP3 and JPEG files are analogous:
  • Both depend on esoteric compression algorithms to reduce huge data files to relatively small files, without loss of quality in the perception of the non-expert.
  • Both are immensely popular on the Internet, in portable devices, personal computers, et al.
  • Correspondingly, both have inspired prodigious numbers of software projects, from the obscure individual programmers to the mega-multinational companies, e.g., Microsoft.
Beyond the obvious difference that MP3 is for audio and JPEG is for still images, a friend argues that the second biggest difference is that the JPEG metadata must be provided by individuals (though as more and more individuals create MP3s, e.g., for podcasts, this difference fades). The second biggest difference, in my opinion, is that MP3 efforts have been enormously successful (ignoring the copyright wars) and JPEG software has been relatively (but not totally) unsuccessful.
pixel
pixel Why? MP3 software is targeted at typical end users. How many people listen to music? JPEG software seems mostly targeted at very sophisticated users. How many people understand F-stops and ISO film speeds? Metadata, the arcane additional information stored in an MP3 file to describe the audio and stored in a JPEG file to describe the image, has been treated radically, and unnecessarily, differently in the MP3/JPEG worlds:
  1. With MP3, the metadata (ID3 and its competitors) started out simplistically, almost too simplistically. ID3 and its competition have evolved slowly enough to become de facto standards. The initial ID3 totaled 128 bytes, allowing for
    • Track Name - e.g., the song title
    • Artist Name
    • Album Name
    • Year
    • Comment
    and one byte for genre: "blues", "classic rock", "country", etc.
    On the other hand, metadata for JPEG started more comprehensively and leapt forward without apparent consensus. Where a small set of analogs of the above would be a great starting point, there are a plethora of fields consuming as many bytes as needed. For example, in lieu of the "Track Name" there are fields for "Headline", "Location", multiple variants of "Title" and other fields that potentially name the image. There are just shy of a dozen ways to describe the "Creator". There are at least two fields for "Description". Get the "picture"? See JPEG captions and more, EXIF, and IPTC IIM for some of the background. If you do pursue these sources, pay attention to the complexity and redundancy.
  2. As a consequence of (1), MP3 software tends to be relatively consistent in handling of metadata. Further, there are lots of utilities readily available for manipulating MP3 metadata. On the other hand, JPEG software often ignores the metadata entirely. The few programs that attempt to notice the metadata do so in different ways making the metadata unreliable at best and useless at worst.
  3. Digital cameras typically include reasonable starting values for the metadata and store them in the photo file. Things start to fall apart when the file leaves the camera.
I have tried numerous pieces of photo-oriented software (Windows, Mac and "open source") and several photo-oriented web sites. With few exceptions, these experiences have been very disappointing. The software and web sites not only ignore existing metadata when they could make good use of the metadata, they usually discard the metadata. Aargh!
pixel
pixel The two most promising sources of commercial software for JPEG metadata seem to be Adobe and JASC. Even these make it harder to find/edit the metadata than I would like, but at least they have some usable provisions for handling metadata. Google's Picasa seems to comprehend some of the more interesting metadata, but then seems to store changes to the metadata in a private database, rather than the JPEG file.
pixel
pixel Flickr seems to recognize some interesting metadata when a file is uploaded, but after that point seems to do things its own way. It does appear that the paid subscription version of Flickr does allow for downloading of the original files, contrary to what I said before permanent reference link. I have not yet paid for a subscription, so I have not tested.
pixel
pixel Some programming languages have classes or other support for JPEG metadata. Of these, PHP seems to be the most comprehensive and interesting. Since PHP is widely used for web sites, the PHP support seems especially encouraging. See Metadata Toolkit Example.
pixel
pixel Consistently handling metadata seems key to capabilities to identify/sort/search/share digital photos. Those are the next things to talk about.
pixel
(7/16) They Took My JPEGs! & won't give 'em back! permanent reference link
pixel
"They Took My Kodachrome!" (July 2, 2005)
"Don't take my Kodachrome away" - Paul Simon (1973)
"They took our jobs!" South Park (April 28, 2004)

pixel
pixel I think my most useful experiments/thoughts/plans regard (mis-)handling of the metadata contained in JPEG files (to be picky, I should probably be referring to JFIF, not JPEG) and the opportunities for using the metadata and other information to identify/sort/search/share digital photos on the Internet.
pixel
pixel But first things first. It makes no sense to discuss helping the typical point and shoot digital photographer (and those who would see their work) to do more with their photos if their photos are so likely to get lost. Of course, traditional photographs easily get lost, as well. They're picked up from the 1-hour photo processor, viewed once, and stuck in some "safe" place, never to be seen again.
pixel
pixel Digital photos allow for better solutions to that scenario, but for now let's consider some familiar, not so good practices:
  • Depending on prints as primary storage. Though prevalent, this is not good for traditional photography or digital photos.
    • With film-based photography, the negative or slide is a better version, probably stored in a better (no worse?) environment than print(s) and least likely to deteriorate. But these original media versions are most likely to be lost, if, for no other reason, because they are small.
    • However, century old black and white prints seem to have survived pretty well. (See http://technologists.com/images/sm1890.jpg, for example.)
    • Half-century old color prints are more likely to have degraded, but some are still pretty good. See http://technologists.com/images/sm1956.jpg for one example. There are lots of counter-examples of faded 20th century prints, but there are enough existing good quality mid-20th century prints to blame sunlight and other environmental conditions for the counter-examples.
    • Let's stipulate that commercially generated prints from digital sources will last at least as well as last century's commercial prints.
    • But what about the non-commercially generated prints from digital sources? Can anyone reliably predict whether/when they will degrade?
  • The above discussion intentionally ignores the art of creating prints from negatives/slides/digital files. That art is a gift in the right hands but, in my opinion, a disastrous overindulgence of almost all software for manipulating digital images. Using an enlarger skillfully to enhance a traditional print or Photoshop to do analogous things with digital photographs can be wonderful. But 80% of those who would use Photoshop either ignore the potential, or worse, misuse the abundant facilities.
  • Depending on the camera's memory or the computer hard disk for storage. These are probably the two most vulnerable places to save digital photos, but are likely the most prevalent. The plethora of problems, and opinions on solutions, might fill a tome. Also, safely preserving digital photo files on hard disk is a specific instance of the bigger issue of safely preserving files on hard disk, so I'll not say much more about this now.
  • Having just disclaimed the hard disk preservation topic, consider the most likely preservative practice: copying files from disk to writable CDs or DVDs. Depending on where the optical disks reside (sitting in the sun? locked in a safe-deposit box?), this may be a very good scenario. However, we do not have enough experience with the longevity of CDs and DVDs to really know. Will a newly created DVD deteriorate or not in the next decades?
  • There is a seemingly preferable but minimally realized scenario: uploading the JPEG (or another file format) to appropriate web sites and depending on those sites to "do the right things".
Unfortunately, with the exception of Flickr, none of the existing commercially oriented sites (of those that I have tried) come within shouting distance of my perspective of the "right things". Rather, the primary emphasis is on selling conventional prints. Providing conventional prints is a valuable service, but not near the top of my list. The biggest problem with all of the sites I have tried, including Flickr, is I see no way to get back the files the customer uploaded. Thus the title of this tidbit -- these sites will accept my JPEG files but won't give them back to me.
pixel
pixel More on "doing the right things" in the future.
pixel
(7/2) They Took My Kodachrome! Medical Addendum permanent reference link
pixel
"Don't take my Kodachrome away" - Paul Simon (1973)
"They took our jobs!" South Park (April 28, 2004)

pixel
pixel 67 years after introducing the reference standard color film, Kodak discontinued Kodachrome 25 in 2002. (It is my understanding that the other two versions, Kodachrome 64 and 200, are also being discontinued.) When I was a child, first learning about photography and film, Kodachrome 25 was exotic. I mostly used black and white film and borrowed darkrooms because I could not afford color film or commercial processing. I never became more than an amateur, having neither artistic gifts nor great fascination with photographic technology. But I took lots of photos and accumulated lots more family pictures -- I maintain a family photos web site with about 1800 photos, some dating back to the 19th century.
pixel
Camera, Negatives and Prints Point and Shoot Digital Camera pixel To be honest, I've rarely used Kodachrome, mostly opting for Ektachrome (to enable indoor photos without flash) and print film (Kodachrome was/is primarily for slides). Though not really the end of traditional photography, the end of Kodachrome symbolizes the end of film-based photography, ignoring disposable cameras and (semi-)professional photographers. Low cost, automated digital cameras let the average person, the amateur photographer, replace a bulky camera, scattered negatives and disorganized collections of prints with pocket-sized and television-like alternatives. (It literally took years for me to collect, organize and digitize the prints, slides and negatives that are the basis for my family photos site.)
pixel
pixel Digital photography has tremendous benefits:
  1. Instant gratification. With most digital cameras, you can immediately view the photo, maybe even immediately print the photo, depending on where you are. Even pervasive 1-hour processing of film-based photography can't match that.
  2. Zero-cost/minimal-effort to delete unsuccessful efforts. You don't have to tell the 1-hour processing clerk which prints you want.
  3. Integration with television sets and computers. Most digital cameras come with cables that allow you to view your photos on your TV. All digital cameras are designed for easy transfer of photos to your personal computer. More and more, this can be a cable-free proposition -- remove the flash memory card from the camera and insert it in the computer.
There are many more currently realized benefits of digital photography, but what concerns/interests me more are the hazards of digital photography and the unrealized potential of digital photography.
pixel
pixel One example of a hazard: catastrophic loss of photos seems more likely to me with common practice today than common practice with film-based photos. With film-based photos, one usually had both negatives and prints, often in separate rooms if not further apart, so it would take a major physical disaster, e.g., a house fire, to lose the photos. With digital photos, common practice is to transfer photos to a computer and delete from the camera. If the computer fails, because of infection, a disk failure, whatever, the only copy of the photo is lost. (There might be a printed copy, but even then, if made on a home printer, that print might deteriorate more rapidly and/or be of noticeably lower quality that commercial prints.)
pixel
pixel One example of an unrealized benefit: digital images, computers and web sites allow for far more ways to identify, organize and present photos than traditional envelopes and albums of prints. But in practice, the software and web sites for digital photos seem mostly oriented toward selling prints of digital photos, doing little different than film-based photography in allowing sharing and viewing of photos.
pixel
pixel With digital photos, it feels like we're where personal computers and/or the Internet were in the mid-1980s. The potential is thrilling, but the reality is not. As I've said before, I'm trying to figure out how to leverage what others have done with incremental improvements I might suggest.
pixel
Medical Addendum
pixel
pixel First, I am delighted with my wife's recovery after her hip replacement. Just seven weeks and a day after her surgery, she is so much more mobile, and so relatively free of pain, that we are both in somewhat of a state of disbelief. But her recovery is real and seemingly faster than what we were lead to expect.
pixel
pixel However, her experience and another family member's experience after multiple glaucoma surgeries have made me very conscious of the importance of following the doctor's orders after surgery. My wife was given three primary rules of things she was not supposed to do for the first six weeks after surgery. She was very careful to follow those rules, and her caution, along with a great surgeon and a very good physical therapist, are some of the main reasons she is doing so well now. The surgeon, his staff, and the written instructions she received all emphasized the importance of those three rules (which were formally termed "precautions").
pixel
pixel In the case of the glaucoma surgery, perhaps the surgeon was not so emphatic in discussing the post-surgery precautions. In any case, the family member was not carefully following the restrictions and had a frightening setback. After a couple of weeks of realization that this was seemingly the primary problem, including a second opinion from a different surgeon, the restrictions are being followed. Yesterday, the surgeon said the eye is "well on its way to total recovery".
pixel
pixel Bottom line, I omitted a critical issue in Navigating Modern Medicine: the importance of understanding and strictly following post-surgery directions from the surgeon. That is the patient's responsibility!
pixel
(5/23) Navigating Modern Medicine, Miscellany permanent reference link
pixel
"Well, Jane, it just goes to show you. It's always something. If it's not one thing, it's another." - Roseanne Rosannadanna

pixel
pixel I've been spending hardly any time on the things I expected I would be a month ago. But I am not about to complain. Rather, I thank God for the magic of modern medical technology, and my late mother, a nursing professor, for preparing me so well to cope with the complexity of modern medical practice. (Besides thanking my mother for teaching me so much about nursing, I have to thank her and my father, who is nearing 95-years-old, for giving me a wonderful sister who became an M.D. and my most trusted medical advisor.)
pixel
pixel I'm going to mostly focus on my wife's condition and treatment, comment on the challenges of being a patient and a caretaker where we live. There will be a little discussion of computer-oriented things, but expect this to be mostly different from what I usually write about.
pixel
pixel My wife developed "avascular necrosis" in her right hip, the same condition that ended Bo Jackson's football career. With an artificial hip and rehabilitation, Jackson was able to resume playing major league baseball. That was almost 15 years ago. Hip replacement has progressed so far since then. It is one of the two surgeries with the highest rate of patient satisfaction, the other being cataract removal. (I'm basing this on what an anesthesiologist told us. I assume he both knew what he was talking about and had no reason to be biased.) We originally scheduled surgery for May 24. The surgeon asked that we move the date up to May 13. Given how much Caroline was suffering, I would have voted for an earlier date.
pixel
pixel Caroline's orthopedic surgeon is probably the best in Austin. The hospital, next door to his office, is probably the best in Austin. Yet, I tremble when I think about those patients who don't have the kind of facilitation I was able to provide, and regret the one night I chose to sleep at home instead of in her room.
pixel
pixel The 24x7 effectiveness of a hospital is almost entirely dependent on the nursing staff. We encountered mostly excellent, dedicated nurses, some not quite so good, and a few that needed discipline and re-education. I knew beforehand that good nurses are scarce and overworked. But I didn't know that viscerally until the weekend Caroline spent in the hospital. I didn't have a clue about the degree of overwork.
pixel
pixel Which gets back to me as a facilitator. I was able to remind the nurses of things that had been forgotten or delayed. I was able to handle some of the tasks that were really the nurses' responsibility. I was able to talk to the nurses in the terminology and abbreviations they are used to. And, except for the one night I slept at home, I was able to prevent the less than excellent nurses from making mistakes, large and small. This gets me back to thanking my mother and my sister. I'm very good at teaching myself, but without the basic training from my mother and the counsel from my sister, I could not have learned what I needed to learn, could not have done what needed to be done.
pixel
pixel The surgeon recommended that Caroline's rehabilitation be at home (vs. a much longer hospital stay). Since she hates being in the hospital, since hospitals are full of germs, and since the surgeon believed we could succeed with home rehabilitation, the decision was easy. (In general, everything the surgeon and his assistants have said has so far proved to be correct, so my attitude has been to trust him entirely.) Caroline has been home for a week, as of today, and all seems to be going as we were led to expect.
pixel
pixel There are lots of computer oriented things I could talk about from the hospital experience, but I'll pick one piece of "low hanging fruit". One of the devices used for post-surgical patients is a PCA ("Patient Controlled Analgesic") which either continuously or on patient push of a button introduces intravenous narcotic. The PCA Caroline had was a very sophisticated device, but totally baffling to almost all the nurses, even the most technologically sophisticated nurses. By the time it was removed, I had figured out how to understand its display, and I knew what it was supposed to be doing, but I certainly would not have wanted to be responsible for programming the PCA.
pixel
pixel A couple of unrelated tidbits:
  1. Yesterday, I upgraded my VAIO to Windows Media Center 2005. So far, I haven't noticed much that is different. However, I was dismayed at the number of reboots it took to get the upgrade accomplished, the number of personalized settings that had to be reset, etc.
  2. My Uncle Hugh, who will turn 90 later this year, has just started using email and web browsers, under his daughter's tutelage. So he is now the oldest recipient of this distribution.
pixel Back to digital photography, I have been able to use digital photographs of Caroline's incision to show medical professionals how the incision is healing, not infected, etc., without Caroline having to go through the discomfort of those professionals removing/replacing the dressing.
pixel
(4/23) Digital Photos, PHP, FC3, Dead Fans permanent reference link
pixel
"Come together right now over me" - John Lennon

pixel
pixel I wouldn't dream of comparing my writing to Jean-Paul Sartre, but this may seem like stream of consciousness, so please bear with me. I hope it will all come together by the bottom of the page.
pixel
pixel This week it seems to me that there's nothing like being a first time grandfather (April Rose was born this past Monday) to make one conscious of digital cameras, the huge benefits of digital cameras (see April) but also the unnecessary discrepancies between different digital cameras and deficiencies in the associated software. This reinforces my motivation to document the benefits and problems of digital photography and to pursue software to make things better. I expect I'll have lots more to say about this in the future, based on thoughts and draft documents I'm not ready to reveal.
pixel
pixel I've been looking at all of the (free, bundled and/or affordable) photo software I can get my hands on, and have lots of opinions. Bottom line, I don't think any of the software is close to getting things "right", though some is much closer than other software. In the process, I've discovered that PHP probably has better primitives for dealing with the problems than any other web environment. Since PHP has so many other advantages and advocates, it was easy for me to conclude that anything besides the two heavyweight contenders (from Microsoft and Sun) could not compete with PHP.
pixel
pixel Unfortunately, my own Apache modifications had broken PHP on my own Linux servers. I realized quickly that there was no inherent conflict, just my naive approach of entirely rebuilding Apache to add mod_auth++. So I resolved that quickly on my test servers.
pixel
pixel That brought me back to whether I was going to upgrade my production Linux server to Fedora Core 3, now that FC2 is "legacy". The only plausible answer was "yes", but when? And what do I do about the unnecessarily manual process, I'd go through to configure Fedora after install?
pixel
pixel To exacerbate things, the processor fan in my Linux server developed bad bearings. As much as I like the "medium desktop" Dell Optiplex chassis design and all of the improvements and variations that have appeared over the last decade, my production server was early vintage and it looked like the fan was one of the hardest components to replace. That server normally sits in a minimally temperature controlled closet with a newer, fully loaded Optiplex running Windows 2000 Server and a well-loaded Mac G4. Between the three of them, they generate lots of heat, so I knew I had to make hardware changes before summer.
pixel
pixel Fortunately, I have a half-dozen of the right vintage Optiplex desktops, so I could swap hardware easily. I developed a collection of useful scripts for configuring Fedora after install. So all that was left was to be brave and put in place the things I'd been contemplating/prototyping. I did that today. So far, so good. So now I can get back to digital photography software.
pixel
(2/28) (disc)centricity: Solaris X and Fedora in a Windows world permanent reference link
pixel
"It was 20 years ago today
 Sgt. Pepper taught the band to play." - Lennon/McCartney

pixel
pixel I wrote before about my frustrations and concerns with Fedora and my intentions to explore alternatives, especially Solaris X. In my recent explorations, I've puzzled about what Sun has released and wondered how serious they are about Solaris on X86. Having been involved with Solaris on X86 since the very beginnings, I would be delighted to enjoy Solaris on X86 and see it have some success. (In 1991 or '92, before Sun said anything publicly about Solaris on X86, four Sun executives paid me a surprise visit at Dell to talk about collaboration on putting Solaris on X86.)
pixel
pixel Before starting to install Solaris X on my favorite test machine (an older Dell Optiplex with a 733MHz PIII), I installed larger disks to have plenty of space for Solaris, multiple Fedora releases, and Windows 2003 Server. Suddenly, I seemed mired in all of the arcane details of disk partitioning that trace back to the 1983 introduction of the IBM PC/XT with its "large" 10-megabyte disk. (The disk really was large, both in capacity, and in physical size, at that time.) Today, with disk drive capacities thousands of times larger in much smaller physical packaging, the "PC architecture" still reflects decisions made back then.
pixel
pixel Much has been written about the shortsighted memory parameters ("who will ever need more than 640KB of memory") of the original IBM PC. By the mid-80s, the PC world was struggling even more seriously with the limitations of 16 bit addressing, just as the PC world is beginning to struggle with the limitations of 32 bit addressing today.
pixel
pixel Disk capacities have increased roughly comparably with physical memory, but there has seemingly been no de facto standard for extending the disk partitioning parameters. Until recently, I naively assumed that Microsoft was/is able to set the de facto standard. Sun (Solaris) and Red Hat (Fedora) seem to disagree. Worse, Sun and Red Hat seem to have changed their own partitioning assumptions between Solaris 9 and Solaris X, and between Fedora Core 2 and 3. (Fortunately, Windows seems to accept any of these partitioning setups.)
pixel
pixel On a disk with Microsoft established partitioning and Windows 2003 Server, I installed Fedora Core 2. Then I tried to install Solaris X. (On this same machine, with a smaller disk, I'd previously had Windows NT4 Server, Solaris 9, Free BSD and FC2 all on the one smaller disk.) Solaris X told me the disk partitioning was invalid and that if I wanted to install Solaris X, I'd have to re-initialize the partition table, and, in doing so, delete everything on the disk. Grumble. Before accepting that, while ruminating about workarounds, I tried Fedora Core 3. It told me essentially the same thing, that it would have to re-initialize the partition table!
pixel
pixel I'll skip most of the subsequent arcane tribulations I experienced. I was able to create a partition table acceptable to FC2 and Solaris X (and Windows). Then the Solaris X install told me it would not allow Linux on the same disk (machine?) and it would delete the Linux partition before I could proceed! This made me think back to mid-80s battling amongst the vendors of all the different versions of Unix. SCO dominated market share on PC hardware and Sun dominated market share on workstations. There were lots of other Unix versions in the mix. Sun, and to a lesser extent, SCO, seemed unaware of how the rapidly increasing dominance of Microsoft, Novell and Apple products would leave little room for even one version of Unix. That the battles went on between the different versions of Unix, especially since there were so many arbitrary and unnecessary incompatibilities between the versions, made it impossible for any of them to thrive. Today, it seems those lessons have been forgotten. Only to the extent that the various Linux distributions remain more or less compatible with each other, then Linux on server-like machines seems a realistic alternative to Windows.
pixel
pixel I managed to get Solaris X, FC2, FC3, and Windows Server 2003 barely coexisting on the same machine, using three disks. The Solaris graphical user interface wouldn't start because Solaris X installation had mis-configured the "Xorg" X-windows server instead of the "Xsun" server. (Apparently, this is a common experience, based on my search for a solution. The solution buried in http://forum.sun.com/thread.jspa?threadID=22723&messageID=73851 worked for me.) Solaris needs to be obviously better than Linux to even be in the competition (while hoping that Apple doesn't release their Unix, OS X, on PC hardware). So far, Solaris X has frustrated me more than it has engaged me.
pixel
pixel I'll probably gradually learn more about Solaris X, but not now. Paying attention to Linux and Windows (and OS X) seems much more valuable. Red Hat continues to indicate better attention to Fedora. I've figured out workarounds for all of the problems I'd been having with Fedora Core 3 and may even use it on my production Linux server soon.
pixel
(2/3) Closing Out 2004, Planning 2005 Research permanent reference link
pixel
pixel Let's see, I could start on income taxes. No, I still haven't received a couple of 1099s. Whew! It's not much more fun to admit that many of the things, I've tried to work on the last year or so have led me to disappointing technical conclusions. "You can't always get what you want ... you get what you need". (That could be attributed to Mick Jagger/Keith Richard, but I'd rather think of the Biblical basis.)
pixel
pixel Anyway, this is intended to be a brief recap on various technical topics, approximately in order of most disappointing first, and a glimmer of where I hope research will take me this year.
pixel
Replacing/Preserving NT4 Server
pixel
pixel There are "lots" of organizations still using NT4 Server, even though it has reached "end-of-life" in Microsoft's perspective. Since I manage a few of these servers myself, and the owners cannot easily migrate to Windows 2003 Server, as Microsoft would want, I'd hoped to come up with strategies that are viable for either staying with NT4 or switching to Samba. However, my reluctant conclusion is that neither of these are good solutions:
  • The biggest problem I see is that Windows XP clients running SP2 do not "play well" with NT4 domains, in my experience. I assume this is a problem for Samba, as well, but have not bothered to test. To the extent XP SP2 works poorly in NT4 and Samba domains, this is a showstopper for NT4 and Samba, in my opinion.
  • Though NT4 servers may be adequately protected from external intrusion by independent firewalls, they are still vulnerable to intrusions from local machines (unless the NT4 servers have their own firewalls).
  • The big security scourge has become PUS (potentially unwanted software, in Microsoft terminology), more commonly known as "spyware" or worse. This makes it increasingly hazardous to use Internet Explorer on an NT4 console.
  • Though I use Samba casually, it doesn't (yet) seem ready for production use in a network dominated by Windows clients.
The NT4 Server machine I had here was replaced with one running Windows 2000 Server. (The NT4 machine was the one decimated by lightning.)
pixel
LDAP For General Use
pixel
pixel Unfortunately, I have no better report than that of my "LDAP Angst". The more I learned, the more OpenLDAP seemed incomplete, and the more Samba seemed incomplete, due to dependence on LDAP. But I'll continue to learn more about both, hoping that new releases will bring both closer to being complete.
pixel
Fedora
pixel
pixel Ambiguous, conflicting messages are coming from Red Hat regarding Fedora. http://fedora.redhat.com/ seems to indicate that all is going according to plan. However, news reports quoting Red Hat sources admit "mistakes" and suggest changes are coming.
pixel
pixel I hope so. I've seemingly wasted much time and had allowed myself to get very frustrated with Fedora Core 3. After extensive testing on several other machines, I tried to switch my production Linux machine to FC3. I could never even get it to boot after the install! I submitted detailed bug reports with Bugzilla. As far as I can tell, those reports were never even read. Further, even new FC2 kernel updates seem to have significant problems. They "panic" in the disk driver at boot time on my best test machine. (That machine happily runs NT4, Solaris 9, FreeBSD, ... as well as older FC2/FC3 kernels.)
pixel
pixel For most purposes, I'm backing away from new Fedora releases until I see what changes, if any, are made in the overall Fedora strategy. My production Linux server should be happy with FC2 for the foreseeable future, even though FC2 is going to "Legacy" status soon. However, I have some plans for new FC3/FC4 experiments. I'll also be looking at alternate Linux distributions and Solaris X.
pixel
Secure Wireless; Spam
pixel
pixel I don't think I've written anything about these topics in a long time, basically because I think I have good solutions in hand. Between WPA, SSL for picking up e-mail, SSH for sending e-mail, and other usage of SSL and SSH, I think pretty much everything I do using wireless connections is encrypted at least at one level if not multiple levels. Spam continues to be an annoyance, but my simplistic solutions still seem to keep things under control.
pixel
Looking Forward
pixel
pixel So what next? SBC's intent to purchase AT&T and discovery of an ancestral tie to the Wright brothers have made me ponder the formerly dominant commercial research labs in the U.S. a few decades ago. The main three I think of are
  1. AT&T Bell Labs, the birthplace of the transistor and Unix. (Of course, Bell Labs is part of Lucent, not AT&T, these days.)
  2. IBM Thomas J. Watson Research Center, the birthplace of RISC processors and my first employer after graduate school. (Like the Wright brothers, Thomas J. Watson, Sr. was from Dayton, OH.)
  3. Xerox PARC, birthplace of Ethernet and graphical user interfaces.
Perhaps one or more of these will spring forth with more breakthroughs and/or modern analogs, such as Microsoft Research, will do likewise. But none of these currently have the cachet that say, Bell Labs, once had.
pixel
pixel One of the bureaucratic, yet effective, procedures at T.J. Watson used to be annual production of "Research Orders" that documented what a group had accomplished and why it should continue to be funded. Sort of like a grant proposal, except that it is easier to justify continuing successful efforts than to compete for external funds.
pixel
pixel I'm thinking I should at least sketch out something like a research order or a grant proposal for the things I want to work on. I think I am on the verge of a one paragraph introduction, which might be something like:
"Computer-based photographs, from digital cameras and scanned conventional media, have become pervasive. Major companies, notably Google, have produced a variety of (free) software and services (e.g., Blogger.com, Hello, and Picasa) to facilitate Internet communication and sharing of photographs. Yet, these have seen miniscule use, in comparison to email, web browsing and other more established Internet capabilities. This research will identify barriers to broader acceptance and attempt to overcome these barriers."
2004
pixel
(11/15) Corrigenda, Dropping Notebooks, LDAP Angst permanent reference link
pixel
Corrigendum: Fedora, a year later
pixel
pixel In Fedora, a year later, I lamented the difficulty of changing from the "legacy" (University of Washington) IMAP to the Fedora Core 2 mail server implementation, based on the CMU Cyrus IMAP Server.
pixel A kind reader pointed out that FC2 includes two IMAP implementations and that the second, Dovecot, allows a much more graceful transition from the UW-IMAP found in FC1 and older Red Hat distributions. I've been using Dovecot in production on FC2 for several weeks and have no complaints.
pixel On the other hand, FC3 is now "final", so I've begun to explore what is different in FC3 vs. FC2. On a separate but possibly related note, Sun's announcement today of (nearly) free Solaris 10 for X86 reinspires me to look more at Solaris.
pixel
Corrigendum: Windows XP Service Pack 2
pixel
pixel In Windows XP Service Pack 2, I said "The problems I've noticed were there before SP2".
pixel That is no longer true. I have concluded that XP SP2 is very troublesome in domains where the servers are still running Windows NT4 Server. There seem to be two cases:
  1. SP2 is applied as an upgrade to an XP machine already integrated into the NT4 domain. That seems to work OK.
  2. A previously independent SP2 machine joins an NT4 domain. That seems to be fraught with problems. Some relate to the new Windows Security Center. Some relate to application install procedures leaving the applications only useable by members of the Administrators group. After weeks of frustration trying to resolve all the problems I found in trying to introduce a new SP2 machine into a production NT4 domain, I created a test environment to attempt more controlled experiments and resolution. I quickly concluded that this was a waste of time.
Don't drop your iBook!
pixel
pixel In Mac OS X, I talked about traveling with my iBook as my primary notebook, bringing my ancient Dell Latitude along for software not available on the iBook.
pixel A couple of months ago, I was leaving on a two week trip with both notebooks. I removed both from my luggage to go through the security checkpoint, and managed to drop both of them! After clearing security, I determined:
  1. The iBook would not get past the initial boot screen. It was obviously not finding a boot device, so I presumed that the disk had not survived. At my destination, I determined that only a fool or an Apple trained technician would attempt to replace an iBook disk drive. When I got home, the local Apple Store charged a pretty penny (about one-third of the six months earlier iBook purchase price) to replace the drive. Fortunately, that was sufficient to make the iBook useable again.
  2. More fortunately, the Latitude seemed unharmed, so I had a useable notebook for the two week trip and the two weeks afterward waiting for the iBook to be repaired.
I'll also note that I've upgraded the Latitude's disk more than once -- if the respective machine roles had been reversed, I could have replaced the disk and revived the Latitude in days instead of weeks.
pixel
LDAP Angst
pixel
pixel In "and all those things" (Directories, volunteering, ...), I wrote that an ex-Dell colleague considered LDAP and Active Directory "fundamentally flawed" but that I felt compelled to work with them because they are the seeming dominant directory approaches today.
pixel All of the time and frustration I've spent with LDAP recently makes me remember both his words and mine. After much reading, trial, and error, I have OpenLDAP working on a production FC2 machine mostly the way I wanted.
  1. The biggest problem is that I have not been able to get TLS to work with self-signed certificates, coming to a conclusion, shared by others, that OpenLDAP will not work with self-signed certificates. My current workaround is to use SSH for encryption.
  2. More aggravating, but less important for now, is that I do not have things working with OS X -- I only have things working satisfactorily in Windows and Linux (FC2) environments. Things that work with ldapsearch in Linux fail when run identically in OS X.3. Things that work with Microsoft Outlook and Outlook Express fail with Mac's mail client. I'm hoping these things will be better in "Tiger" (OS X.4).
pixel Since the NT4 end-of-life "witching hour" is just six weeks away, I'm assuming that for now I have an adequate understanding of LDAP to pursue Samba and other solutions to NT4 end-of-life. I intend to get back to the NT4 experiments I planned earlier in the year.
pixel
(9/7) Static in the Ether permanent reference link
pixel
"Lightning is striking again and again and again" - Lou Christie
"It's a jungle out there" - Randy Newman
pixel
Lightning strikes thrice
pixel
pixel I used to be so naive about lightning. Of course, a direct strike could be catastrophic. Ignoring that, I assumed the main vulnerability of electrical devices is surges on power lines -- if power wiring had enough surge protection, then things would be OK. About a decade ago I started thinking that phone lines needed surge protection, which they do. The last year has made me realize that just about any kind of wiring and device is vulnerable to static electricity damage from a nearby strike. This seems to be particularly true of Ethernet (10/100/...BaseT):
  1. In April last year a strike near our house disabled two ports of an inexpensive Ethernet hub. It was puzzling at first, particularly since out of couple of dozen ports cabled at the time to more expensive devices (computers and routers), there were other ports that I thought more susceptible to static buildup. (Those thoughts were based on cable length, location, etc.)
  2. In August last year a friend's SUV took a direct strike while parked in front of his single story office building. This was on flat land with tall trees and multi-story buildings next door and across the street. Go figure! About half a dozen seemingly random Ethernet ports, out of about three dozen in his building, were taken out.
  3. Then last month a new level of realization and respect "struck". A major bolt devastated a house somewhere near here, but not near enough that I've seen the direct damage. The indirect damage, at our home alone, was extensive, and seemingly random. In approximate reverse order of discovery:
    • The (electro-mechanical) timer for the pool pump stopped at the time of the strike, presumably because of the surge on the power line.
    • The thermostat for the smaller floor HVAC got scrambled enough to run the compressor constantly, even when the thermostat was turned off entirely.
    • The alarm system siren announced that a burglary was in progress, even though the alarm system proper seemed undamaged afterward. (A prior alarm system was much more susceptible to static damage, with the main system board twice succumbing to nearby strikes in the 1990s.)
    • The phone line was dead (on SBC's side of the "demarc"). (This was probably part of what upset the alarm system.) A phone and the surge protector for the alarm system phone line were also fried.
    • By far the most expensive damage was a Dell 2450 that I consider a total loss. (Four years ago, that machine cost about $17K.) I assume the damage was due to whatever came in the Ethernet port, since the power line was very well protected by a UPS and other devices with the same protection were unharmed.
    • Many Ethernet ports were damaged. Fortunately, except for the 2450, these were inexpensive to replace.
    Unfortunately, I have only a few learnings to avoid a repeat experience:
    • Put power and phone protection everywhere.
    • Leave anything unconnected that doesn't really need to be connected.
    • Use (inexpensive) extra Ethernet switches next to expensive devices, simply as protection. Much better to lose a $20 switch than an expensive computer.
    • Think of WiFi as a way to avoid static electricity damage.
Infections of the Computer Kind
pixel
pixel For this time of year, it seems I know/know of lots more people with bacterial/viral infections than I would expect. But whenever I start talking about "viruses" people assume I'm talking about computers. That's understandable, given the prevalence of hostile, vicious software succeeding in infecting so many computers, especially home computers. Neurotic hygiene, fastidious enough to make Monk seem normal, is the order of the day.
pixel I keep seeing more and more computers so seriously infected that I see no choice but to retrieve whatever data can be retrieved, erase the disk, and re-install all the software. Computer manufacturers are making such "Full System Recovery" easier, but that is little consolation in the face of many hours of effort and the almost certain loss of some data.
pixel This is inevitably most noticeable with Windows-based machines, for a number of reasons, but is true for other platforms, as well. I'm discouraged that I have so little constructive to say on the subject:
  • Use a firewall.
  • Use antivirus software and be sure it is up to date.
  • Use "spyware" detection software and be sure it is up to date.
  • When software vendors issue security patches, apply them right away.
In the words of Roky Erickson, "you got to be careful".
pixel
Fedora, a year later
pixel
pixel Speaking of alternate platforms, I'm pondering my approach to Linux. I'm too busy/lazy to deal with anything but a prepackaged distribution. When Red Hat was "free" (as in money) and the most popular distribution, the answer seemed easy. Fedora Core 1 has seemed a natural progression from Red Hat 9. However:
  • Fedora Core 1 is about to go to "legacy" status, "end of life" as far as Red Hat is concerned.
  • Fedora Core 2 is not quite the graceful upgrade I had expected. In particular, the mail server implementation, newly based on the CMU Cyrus IMAP Server, seems hasty and rough to me.
I had tried to upgrade my main mail server from Fedora Core 1 to Fedora Core 2, but decided I wasn't prepared to go to Cyrus IMAP now. I reverted the server to Fedora Core 1 and am contemplating my options. At the moment, I am thinking I will install Fedora Core 2 on that machine again, but remove Cyrus IMAP and install "legacy" mail services from the Fedora Core 1 packages. So far, trying this on a guinea pig machine, this seems viable.
pixel
Windows XP Service Pack 2
pixel
pixel I don't know of a publication that has even noticed the Fedora transitions. On the other hand, there has been lots of coverage of XP SP2. Even the daily newspapers have had their say. And much of what has been said has been "static". I went to SP2 on my main Windows machine four weeks ago and not looked back:
  • SP2 seems like a step in the right direction.
  • SP2 is a smaller step than many of the publications would have you believe: The positive differences seem fairly hard to notice. The problems I've noticed were there before SP2.
"and all those things"
pixel
pixel I can't say much about the things I was writing about last, partly because I have little new to say and partly because of non-disclosure responsibilities. I've delved much more deeply into Mac OS X. New clients and personal responsibilities have taken me in new directions. I'm still trying to balance my time between paid and pro bono activities. I always seem too busy for "self-funded research" yet optimistic that I will find time to get back to old and new ideas.
pixel
(4/5) Keepin' on Keepin' on: OS X, Fighting Spam, XP Media Center, "and all those things" permanent reference link
pixel
"Genghis Khan and his brother, Don, just could not keep from keepin' on" - Bob Dylan
pixel
Mac OS X
pixel
pixel I've continued pursuit of Mac literacy, mostly trying to see if I can be confident that the iBook is a complete replacement for my old Dell Latitude running Windows NT4/2K/XP. Mostly it is. I think I could make a stronger statement -- I can do anything I normally do with the Latitude on the iBook, with the major exception of purchased software (mostly from Microsoft and Adobe, but also things like TurboTax) that I do not plan to purchase in Mac versions. (Traveling locally, I do just fine with only the iBook. For out of town trips, carrying the iBook in my briefcase and the Latitude in my suitcase seems to work.)
pixel
pixel In a number of cases, I've had to find OS X equivalents of what I normally use in Windows or Linux. The Unix (Mach) and X11 underpinnings of OS X make all the difference in making this feasible. A couple of examples:
  1. I use VNC extensively for managing computers remotely. Since the original Olivetti/AT&T VNC development, there have been quite a few semi-independent, not 100% compatible, offshoots. On Windows machines I usually use TightVNC for both viewer and server. "Tight" is supported on both Windows and Linux, but not OS X. OSXvnc seems to be a good server for OS X, but I've had little success with any of the Mac VNC clients I could find. With a little fetching of missing include files, I had no trouble building the Linux version of TightVNC to work with X11 on OS X. (The Linux version is missing one of my favorite features of the Windows TightVNC. The author of TightVNC pointed me at a patch that he had not tested that sort of provides the feature, but not well enough, so adding that feature better is on my "to do" list.)
  2. There doesn't seem to be any good "Wake on LAN" utility for OS X, something analogous to AMD's Magic Packet. Further, the ether-wake.c that I use with Linux has more Linux dependency than I wanted to resolve. However, there is a cross-platform Perl script, wakeonlan, that works fine on OS X.
Fighting Spam
pixel
pixel As much as I tuned and tweaked my Procmail anti-spam stuff (Getting Away From SPAM?), I was still spending too much time checking the "Suspect" folder and finding hardly anything interesting there. Since I'd seen such positive reports about SpamAssassin and SpamAssassin was laying dormant on my Fedora-based mail server, I started using it, with essentially the default settings, and sending anything it marked as "[SPAM]" to /dev/null (the traditional *nix trash can).
pixel
pixel There have been minor difficulties:
  1. As with any heuristic based Spam filter, there are false positives. I accept these as the way of the current world. Every night, while backup scripts have sendmail turned off, those scripts generate a list of From/Subject lines for each discarded message, for each user of the mail server, and send the list to the user. So it is relatively easy each morning to scan through that list, note anything important that was thrown away and request a resend.
  2. There are also false negatives, so the scripts have additonal rules for sending other messages to /dev/null.
In brief, the scripts now apply the "white lists", then SpamAssassin, then the additional rules. The substance of what I do is still visible at http://technologists.com/~procmail/.procmailrc and the referenced files visible as links in http://technologists.com/~procmail/.
pixel
pixel Before SpamAssassin, I sent anything not classified to the Suspect folder. Now, so little bad stuff gets through, I let anything not classified come to my Inbox.
pixel
Windows XP Media Center 2004
pixel
pixel Before getting the iBook, I was thinking that the next computer purchase for myself would be a Centrino notebook. Since the iBook has worked out so well, and since it had been 5 years since I'd bought myself a new machine (desktop or notebook) for Windows, I started thinking about getting a better desktop instead of a Windows notebook. Saturday's Fry's ad had a seemingly unbelievable bargain on a Sony VAIO "Windows Media Center". Since much of my thinking about a new desktop was motivated by audio and video processing plans, the VAIO proved irresistable.
pixel
pixel The system unit has more connectors than any other electronic device I own, excepting a 16 channel audio recording mixer. In other words, I've been challenged to connect it up reasonably, and I wonder how anyone without serious A/V experience would cope with it. I've been further challenged because I wanted the keyboard/mouse/display on my desk, about 12 feet away from all of the audio recording gear. Cabling things so that the computer stuff works well and the audio signals are clean was not easy, but by putting the system unit along the wall in between the desk and audio gear, I seem to have succeeded. (I carefully avoided "ground loops", a notorious source of 60 Hz hum, but still ended up with one ground loop due to the cable TV connection. A homemade isolation transformer made from back to back 300 Ohm to 75 Ohm transformers solved that.)
pixel
pixel So far I am very pleased with the VAIO. I've barely scratched the surface of all of the bundled software, and haven't tried any of the video facilities, except for the TV tuner. I expect I'll use the VAIO to facilitate ongoing conversion of LPs and cassettes to MP3's and figure out the video stuff ad hoc.
pixel
"and all those things" (Directories, volunteering, ...)
pixel
pixel After what I wrote last month, a colleague/friend from when I worked at Dell wrote back with at least a couple of memorable points: (1) he wanted to know why I spent any time with LDAP and Active Directory when he considers them fundamentally flawed, and (2) he wanted me to write more about personal stuff, so here's a little bit in response.
pixel
pixel I really don't know enough about LDAP and Active Directory yet to know whether I think they are fundamentally flawed or not. What I do know is that they seem to be the dominant approaches to directories at present, and that the people I want to help are using LDAP and Active Directory more and more. And as organizations feel forced to migrate away from NT4 Server, the emphasis on LDAP and Active Directory will be that much stronger. So even though I think of LDAP as anything but "light weight" and Active Directory as inevitably more complex, I see no choice but to understand and work in that context.
pixel
pixel When I worked at "traditional" jobs at IBM/Dell/VTEL and software startups, my wife said I worked "half-time" -- 12 hours a day. Now she says I'm a "full-time volunteer". By her previous standard, I think a more accurate characterization would be "quarter-time volunteer", but that is just playing with words. (I also spend time on paid consulting and "self-funded research".)
pixel
pixel The important thing is that I am finding many opportunities for helping my church, with everything from removing spyware and virus infections, to re-purposing unused computers for backup servers and disaster recovery, to using telecom cost reduction experience from my last startup to cut the monthly phone bill in half and the monthly Internet bill by two-thirds. I'm also trying to help Texas Reach Out Ministries. Texas Reach Out is "providing Christian transitional services for former inmates". Amongst the services are housing and computer access, so I help them both with their office computing and with the computers for the former inmate residences.
pixel
pixel I think that's enough for today.

pixel
(3/1) Mac Literacy, Printing Challenges, Directories! permanent reference link
pixel
Mac Literacy
pixel
pixel The last few weeks I've given myself a crash course in Mac literacy -- I now feel pretty accomplished/confident, especially with OS X. I gave up, at least for now, on getting one of the "museum" Macs to work. Instead I got a 900MHz G3 iBook, then added memory and an Airport (WiFi) card. {Aside -- I thought I was going to order through the "Special deals" section of http://store.apple.com, but found I could get a "more special" deal by calling 1-800-MY-APPLE. Apple seems to almost have sales channel conflict between their own web and phone channels. I wonder whether things are different/similar in other countries. Different confusion seemed to reign with regard to customer/technical support -- the web site seems to encourage calling for help, but the on-hold chatter on the phone lines encourages going to the web.}
pixel
pixel One of my worries with starting with OS X was that I would lean on the Unix underpinnings of OS X and not really become Mac literate. But I had the discipline to pretend Unix wasn't there until a couple of nights ago, when I felt sufficiently accomplished/literate to not taint myself.
pixel
pixel I fear that people will see me carrying my iBook and think of me as a Mac chauvinist. In the past, things like that have given people the perception that I am a Unix chauvinist or a Windows chauvinist, whatever. I think of myself as pragmatic. Just as I jump freely between Unix (really now, Linux) and Windows environments, I'll start mixing in the iBook. To the extent I can be platform neutral, I can choose the right tool for the task at hand for things I'm doing myself and can help others regardless of their choices of platforms.
pixel
Printing Challenges
pixel
pixel If the task at hand is networked printing, OS X isn't even as good as recent Linux distributions. That's a pretty harsh assessment given my past dissing of Linux printing support. (Linux printing support seems noticably better to me recently, at least in what I find built-in to Fedora.) I'm not alone in this perspective -- a couple of friends who are long time Mac users/experts have recently been challenged by setting up new printers with their Macs. I should temper this assessment by pointing out that this is based on a very small sample (my/my friends' experiences) out of a huge population of printers, networks, and protocols.
pixel
pixel With the iBook, I had no trouble with direct USB connection of my newest Canon ink-jet nor my Samsung laser. They work fine with direct USB connection, but I have no desire to have them USB connected to the iBook. The Canon is normally connected to a Windows machine, and the Samsung is normally networked via a Hawking print server that supports both LPR and IPP. My Windows and Linux machines seem to work fine with both of those. But not the iBook. I have yet to make it work with either of those. However, I do have it printing, using Windows protocols!, to an older Canon connected to a different Windows machine.
pixel
pixel Fortunately, I don't do much printing. One of the nice features of OS X is that the print dialogs have a pervasive "Save As PDF..." button. So if I need to print something on the nicer Canon or the Samsung, at least there is the option of hitting that PDF button, saving to a Windows or Linux machine and printing the PDF from that machine. Did someone say "easy to use"?
pixel
Directories!
pixel
pixel Another issue the iBook raises is that now I have yet another e-mail client on yet another platform. I'm stalling on bringing my address books into the iBook, hoping that I will finally follow through on my LDAP plans. So I'll sign off here now so that I will sooner get back to pursuing LDAP/Active Directory/NT4 End of Life.
pixel
(2/2) Viral Spam, Macs, Mirroring, mod_auth++ permanent reference link
pixel
Viral Spam
pixel
pixel In my December overview/details of my simplistic approach to spam filtering, I mentioned that virus management and spam filtering should be coordinated, and that I mainly depend on renattach to neutralize potentially viral e-mail attachments. This past week of MyDoom dominating e-mail systems, and the attention of many people, from end users to administrators to reporters, re-inforced this point in a way I never could have.
pixel
pixel One of my clients kept calling me thinking that his computer was infected. I kept checking the computer and finding that his antivirus software was doing what it was supposed to and keeping him uninfected. I had to keep saying that he was "inundated but not infected". I tried to think of a good way to get my simplistic spam filtering to deal with MyDoom. At first I was stumped, but then realized there was an almost trivial solution:
  1. Make renattach treat ZIP files as "bad" even though they are often "good" attachments, since MyDoom was using ZIP files as a part of its bread and butter, and
  2. Shuffle any files renattach considered "bad" to a separate folder. So far, everything that has shown up in my instance of that folder has been a MyDoom carrier.
The only real trick, the common theme of almost all spam filtering, is to recognize the false positives. Some of the files renattach marks as "bad" are valuable. The recovery is for a human to recognize that the file is valuable and to use "Save As" appropriately, e.g., to save CLSERVER_ZIP.xxx as CLSERVER.ZIP.
pixel
pixel I must admit that I am discussing this from a platform neutral or even Windows friendly perspective. (In the interests of full disclosure: I have direct or indirect financial interest in Dell, HPQ, Intel, and Microsoft.) There are Linux and Mac advocates that will simply say the solution to these problems is to not use Microsoft software. For example, Walt Mossberg's October 23, 2003 column in the Wall Street Journal was If You're Getting Tired Of Fighting Viruses, Consider a New Mac. Friday, a Mac advocate seemingly seriously tried to convince me that "Microsoft Office is a worse virus than MyDoom". I disagree.
pixel
Macs
pixel
pixel With lots of help from three different Mac experts, plus my own investigation, I've made little progress in bringing the Mac II to life. I've tried OS 6.x tools/install diskettes, OS 7.x tools/install diskettes, an OS 7.1 hard disk pulled from a once functional Performa that lost its video circuitry, and an OS 7.5.0 install CD. (Supposedly, Mac IIs were supported up through OS 7.5.5.) At this point, I'm believing that there was more wrong with the Mac II than the missing hard drive. It may be that resumption of my Mac self-education will have to wait on me acquiring more modern hardware, such as the PowerBook I keep thinking I want.
pixel
Mirroring
pixel
pixel My mirroring explorations have progressed far enough that I feel very confident of being able to rapidly recover loss of any component or my entire production Fedora machine. Not perfect, but good enough. Besides my ad hoc procedures, I've started exploring/testing the software RAID capabilities built-in to most Linux distributions. I'll probably start using those in place of some of my own procedures once I get more comfortable with them. But for now, I think other projects are more important.
pixel
mod_auth++
pixel
pixel There were two main problems in the mod_auth++ Beta 0 level release:
  • My use of the mod_auth_any project's approach to avoiding the problem of Logging out When Using .htaccess Authentication was incomplete -- I needed to add a <meta> tag to maasuccess.html and macsuccess.html to redirect to the pages I used before I was aware of their approach, approve.html and confirm.html, respectively.
  • There seemed to be a file pointer not being kept accurately in mod_auth.c, resulting in scrambled password files. I'm not certain about this. It may be that there is no problem or it may be that I don't have adequate test cases yet and there is still a problem.
These are now addressed, and I've added release notes and more explanatory text to the mod_auth++ page.
pixel
(1/28) XP, Macs, Mirroring, Museum, mod_auth++ permanent reference link
pixel
pixel I've been working on lots of small projects. Some I won't describe here since they were for paid or pro bono clients. The rest of the story:
pixel
Windows XP
pixel
pixel Not all that long ago, I wrote about Windows XP: "I've tried it numerous times on different machines and just don't like it". A couple of months later, I had to write Making Peace With Windows XP when I discovered I needed XP to reasonably use WPA. A week or so ago, I felt compelled to change the Windows 2000 partition of my favorite machine to XP so that I could take full advantage of the DVD burner I'd acquired. In particular, I wanted to try Windows Movie Maker.
pixel
pixel So now I am further compelled to admit that I'm beginning to like XP better than 2000. As long as XP is configured for the "classic" start menu, and I customize the explorer defaults more or less the way I've been doing since Windows 95, I have no serious complaints. And I'm starting to take advantage of XP features such as "Switch User".
pixel
Macs
pixel
pixel Since I got serious about working with computers in 1971, I have worked with many different types and brands. In the 70s it was mostly CDC 6600s and related models, IBM 360s/370s and a little bit with Digital minis. In the 80s it was mostly what were then called "engineering workstations" running some flavor of Unix. Since then it has been PCs running Unix, Windows, and Linux.
pixel
pixel I've always felt remiss in not having more experience/expertise regarding Macs. I bought my daughter a Performa in 1993 with the intention that I begin teaching myself about Macs when she was not using it. Several years later, the video circuitry stopped working, she was going to a school that used Windows machines, so the Performa went into the attic and I got her a Dell Optiplex. (I'm partial to Dell and especially the Optiplex line.)
pixel
pixel My sister, an M.D., has always been a Mac user, partly because of medically oriented software and partly because I told her she would probably find the Mac easier to use. (Aside -- at her clinic she now has to use a Windows ME machine. My personal opinion is that Microsoft should have ended the Windows 9x family with Windows 98SE. Everything I know about ME makes me wish my sister wasn't stuck with it.) Anyway, she and her daughter have been wanting to make their OS 9.2 iMac a vehicle for recordings of my niece's singing and guitar playing. With lots of advice from Mac expert friends, I've got them going with recordings and sending me the AIFF files. (Hopefully, they will soon switch to sending me MP3s.) In the process, I figured out how to remotely manage her router, a brand previously unknown to me, with a confusing user interface, and set things up so that I could remotely control things with VNC when they need help. (Unfortunately, it appears that none of the modern enhanced performance VNC versions are available for pre-OS X Macs, so VNC access is painfully slow, even though access to her router is quite responsive.)
pixel
pixel Last year, a good friend with long experience in Mac usage and advocacy offered me an original Mac II that was intact except for no hard drive. In principle, it would be possible to pull the Performa drive, put it in the Mac II and be up and running. A couple weeks ago I was in the attic looking for the video camera that came with my original Intel ProShare videoconferencing system. I also found a couple of half-height 5.25" SCSI drives that I thought were functional, just large in size and small in capacity: 330MB. I also saw the Performa and thought that I could remove its disk without tools, which I did. Unfortunately OS 7.1(?) on the Performa disk doesn't like the Mac II and asks to be reinstalled. I've purchased an OS 7.5.0 retail CD on ebay and hope I can use that to at least get the Mac II operational and maybe recover the sofware/data from the Performa drive. We'll see when the CD arrives. I have several other strategies for proceeding if that one doesn't work.
pixel
pixel You might ask "Why not just start with OS X?". Two answers: First, if I start with OS X, I'd probably not resist treating it more like a Unix machine than a Mac. So I really wouldn't learn the Mac environment that is forced upon me by OS 7 and OS 9. Second, I don't want to buy a modern Mac at this time. (Sooner or later, I expect I'll get a PowerBook G4 of some kind.)
pixel
Mirroring
pixel
pixel If you read Disks STILL Fail (Sometimes Catastrophically), you would expect that I've been incrementally working on ad hoc mirroring strategies for that machine. Right now, that machine has three disks: a small one that I think of as the operating system disk, a larger one that I think of as the "content" disk and a mirror for the content disk. Though not perfect, this works fairly well with ad hoc mirroring procedures. The content disks have RCS controlled copies of all of the operating system configuration/customization files, so if any of the three disks fails, I should be able to recover very quickly. On the other hand, I'd like to have a mirror disk for the smaller operating system disk. I even have the drive in hand, but no more free disk bays in the cabinet. However, there is a bay that is occupied by a rarely-used IDE CD-ROM.
pixel
pixel Because of the Mac activities, and even more because of wanting to replace the IDE CD-ROM with a mirror system disk, I wanted a reliable external SCSI CD drive. I had an external 2X (!) Toshiba, but the drive had failed. I had an internal 3X NEC in my Dell 450 DE/2 DGX museum machine, but that drive is not reliable and obviously not fast. I found a fresh-in-the-box HP CD-RW 9200i at a good price on ebay, put it in the Toshiba's cabinet, so now I have a good external SCSI CD-RW drive. (It may never get used to burn CDs, but I have four other drives that will burn CDs, so I don't care one way or the other about that.)
pixel
pixel So now the missing pieces are (i) a SCSI controller for the Fedora machine, which should arrive soon and (ii) better software approaches. When I get the mirroring more to my liking, I expect I'll write more about it then. Just as a teaser, I'll say that part of what I've already done is targeted at mirroring the content drives across all three of my Fedora-cabable machines.
pixel
Museum
pixel
pixel With all of the above, especially with the Mac II sitting next to the 450 DGX, it was hard to avoid playing with the DGX, so I've been spending more time with Dell Unix 2.2, NT4 Workstation and Red Hat 5.2. I'm pleased with the things I've rediscovered. I just wish I could safely make these museum machines accessible over the Internet. I probably would have tried to install NEXTSTEP, but (a) I couldn't find the install CDs I thought I had and (b) I could not find anything reasonably priced on ebay. (Anyone who has unused NEXTSTEP X86 they do not want, please contact me.)
pixel
pixel Also, while in the museum mode, I tried to fire up the TRS-80 Model 100 that my pastor wanted to place in a good home vs. trying to sell it for $25 on ebay. I've spent enough time with it to be convinced that the Ni-Cd battery soldered to the system board will no longer hold a charge for more than about 15 seconds. I've tracked down and ordered a replacement, so I hope to get this machine dialing up at 300 baud some day soon. (I have a 2400 baud modem for the Mac II. Whee! I remember being excited when I got my first 2400 baud modem!)
pixel
mod_auth++
pixel
pixel There have been a number of things I've wanted to work on in mod_auth++:
  1. I found enough bugs in my code that I regretted calling it "beta". I hope those bugs will be fixed by the time you read this, and I will claim a minor new milestone, call it "beta-1".
  2. I needed a better explanation for myself and others of the usefulness of "Confirm" mode. I think I have that now. I want to get more end-user experience with this before I try to say more.
  3. I need to figure out how to make the use of authorization and authentication less confusing/intimidating to the casual user. That is an open ended effort in itself, but I am slowly making progress.

pixel
2003
pixel
(12/24) Getting Away From SPAM? permanent reference link
pixel
pixel After I wrote my lengthy "End of Two Weeks of SPAM Purgatory!?", I almost discarded (did not publish) it because I thought it was too long and not that interesting. In retrospect, it is obvious that my perspective was distorted, since there has been significant subsequent positive impact:
  • Two ex-colleagues from the 80s, both of whom I still think of as friends, are trying to lead the fight against spam, but didn't even know of the other's efforts. I've been privileged to get them engaged in an intense dialogue and read what they have to say to each other. If that was all my efforts produced, that would be enough.
  • Every now and then, Chris Pirillo finds one of my "tidbits" worth republishing to his audience, which is orders of magnitude larger than the routine audience for my postings. While I feared that what I had written was too long and boring, Chris obviously thought otherwise, since he reproduced it in his Lockergnome Windows Fanatics feed day before yesterday. I've been so busy that I haven't even been keeping up with my usual RSS feeds, so I started getting queries in response to Chris' republishing before I knew of the republishing!
  • My ex-colleagues, who are much more spam-fighting experts that I am, seem to have concluded that my simplistic approach is more effective and reasonable than they would have thought without empirical evidence.
What I do really is simplistic. I am surprised (delighted) that it works as well as it does because I know so many ways the spammers could defeat it. Like many good programmers, I am basically lazy in the sense that I try to get the best results with the least amount of effort. Of course, that attitude is not limited to programming. For example, the late, great Israel Kamakawiwo`ole, in his video "IZ: The Man and His Music" talking about making music, says "basically ... what I do it's minimum effort but maximum pleasure, and that's part of being Hawaiian".
pixel
pixel This "tidbit" is even more technically presumptive than the predecessor permanent reference link. I'm hoping it will be helpful to a broad audience, yet definitive enough that I can get back to some of the other topics I keep saying I'm going to bring to completion, e.g., nt4eol and mod_auth++.
pixel
pixel My intention here is to explain my practices in enough detail that anyone who runs their own mail server can adopt (with or without modifications) my practices. By far, the biggest assumption is that the mail server is a Unix oriented machine. (And to make it easier for me to get this written, I make some very weak assuptions that the server is running something similar to recent Red Hat releases or Fedora.) I've not even thought about doing similar things on a Windows-based mail server:
  • The environment is radically different.
  • Microsoft and others are attempting far more ambitious approaches for Exchange servers. (Somebody must have a good reason for trying to run a Microsoft-based mail server that doesn't use Exchange, but I've never heard one. From my perspective, you either use Exchange or a Unix-oriented environment. Before there is any backlash from Mac advocates, (a) Macs have yet to be established as significant in the server competition, and (b) I think of OS X as another flavor of Unix.)
Though everything I've done has only been run on recent Red Hat Linux or Fedora, I assume that my approaches would work with any of the BSD flavors and any of the vendor proprietary Unix flavors, but I don't even have easy access to most of those. (As those who have read my past tidbits know, I am very proud of what my team did in creating Dell Unix V.4 Version 2.2 and I still have a machine that can run Dell Unix. But that is irrelevant in a production environment. I also have a machine that can run Solaris 9 X86 or FreeBSD 5.1, but I haven't found the time to work with either of those. When that machine is powered on, it is most likely running Fedora or some flavor of Windows.) Finally, in terms of clients, what I have has mostly been exercised with Outlook 2000 for POP and Outlook Express 6 for IMAP.
pixel
pixel I hope that is enough background. I am assuming that anyone who reads further has already gleaned the basic strategy from the prior posting permanent reference link and is ready for more detail. One of my challenges in describing things is that my personal usage has been strictly IMAP oriented, but I expect that most people are more interested in POP.
pixel
pixel Assume an e-mail gets in far enough that this discussion is relevant. I'm assuming that the default Red Hat/Fedora mechanisms are already in effect, plus all spam-oriented options in sendmail.mc are enabled, for example, sendmail.mc has

       dnl FEATURE(`accept_unresolvable_domains´)

I am pretty sure, based on my server's log files, that such settings are pretty important. On the other hand, I don't have any evidence one way or the other whether spamassassin as supplied/configured by Red Hat does any good. In my experience, Red Hat has good judgement on such things, so I accept their judgement when I don't make the effort to make my own assessment.
pixel
pixel All of the above could/should be seen as disclaimers. The substance of what I do is best visible at http://technologists.com/~procmail/.procmailrc and the referenced files visible as links in http://technologists.com/~procmail/.
pixel
Notes:
  • When I started this two years ago, I had no procmail experience. I looked through many examples of procmail-based spam fighting. I should be giving credit to the examples that influenced me most, but it was so long ago I don't remember who/what deserves the credit and thanks.
  • The above links show a very generic POP setup. But what I use in production for IMAP for myself and my wife isn't all that different from what you see in those links.
  • I depend on renattach to neutralize potentially hazardous attachments.
  • rc.suspect4pop is really not the reference version -- when I see an address or id that seems suspicious, I run virc.spam, which changes rc.suspect (the version I use for IMAP) and the perl expression embedded in virc.spam derives rc.suspect4pop from rc.suspect.
  • Because I am trusting my "white lists" rc.fromaddressbook and rc.exempt, I am brutal in rc.devnull and more brutal in rc.suspect. All the spammers reading this should immediately realize that my biggest vulnerability is forged "from" addresses.
  • Whenever I see something suspicious, I run virc.spam and change rc.suspect (and thus change rc.suspect4pop). On rare occassions I find something so obviously spammish that I change rc.devnull
  • mkfromaddressbook.pl is a simplistic way to create rc.fromaddressbook from Outlook "Contacts" exported as comma separated values.
  • rc.suspect4pop is adding an "X-Suspect: [Suspect]" header to the message. The client must be looking for this header to put the mail wherever suspect mail should go. For example, with Outlook, the "Rules Wizard" can be used to put mail with this header in a folder named "Suspect".
  • I used to have some domains in rc.suspect that I would really like to have left in there. For example, except for my monthly bill, anything I get from att.com is almost certainly forged. But some of the most important users of my mail server get lots of genuine mail from att.com. So I had att.com in rc.suspect, but took it out to make things right for the majority of the users of my mail server.
I hope the above is enough to help people use these tools for themselves.
pixel
Happy Holidays!
pixel
(12/21) End of Two Weeks of SPAM Purgatory!? permanent reference link
pixel
Background
pixel
pixel This will be longish, definitely not a "tidbit". I hope you will find it worth reading. It concerns spam, spam filtering solutions, and ISP customer service experience. If those topics do not interest you, you need not read further. Some of this will seem very technical to some of the e-mail recipients, but I will try to explain the technical aspects as I write.
pixel
pixel Spam is frustrating to all of us. Some say that more than half of e-mail is now spam. It seemed like spam started escalating dramatically after the 9/11 tragedy. My wife and I seemed to be victims of the early escalation of undesired e-mail two years ago, presumably because we had made our e-mail addresses very visible publicly, especially on our web sites. Starting in early 2002 I have been crafting a custom solution that has been satisfactory for the two of us.
pixel
pixel Technical Issues: There are two primary Internet e-mail protocols for picking up mail: POP and IMAP. Most people use POP (Post Office Protocol). POP stores the mail on the client, so (unless you tell it otherwise) it deletes the mail from the server when your client gets it. If you only use one computer, that's fine. But if you use more than one computer, POP can be frustrating. My wife and I use IMAP (Internet Message Access Protocol) because it stores the mail on the server in such a way that it is the same regardless of what client computer you use. Originally, my spam solutions only worked reasonably with IMAP. (On the other hand, IMAP is inefficient and can be frustratingly slow...)
pixel
pixel A good friend, very astute technically, called a few weeks ago and asked about using what I had done. Then the answer was wishy-washy, since he wanted to continue to use POP. Week before last, one of my client's people and my client complained to me about spam. They all use POP, with Outlook 2000. I told them I would make him a guinea pig for a modified version of what my wife and I use. I spent midnight to 4:30 a.m. that night reworking what I had done to make that possible, making a coordinated IMAP and POP version, got some more sleep, then spent much of the afternoon tweaking/testing what I had done earlier.
pixel
pixel I applied it to my client's account and he seems happy with the changes. I think what I have done is immediately applicable to anyone who uses my mail server.
pixel
Stepping Back
pixel
pixel First, what is spam? Some think it is any unsolicited e-mail. My wife likes to get e-mail telling her how to enlarge her penis!? My male friends don't!? More seriously, if you've ordered stuff from Amazon and they suggest you buy something similar, is that spam? Some say yes, some say no. If an outfit you've never heard of tries to sell you Vicodin, we probably all would call that "spam", even if Hormel wishes we wouldn't.
pixel
pixel Second, in some sense the spammers are winning. They're tricking a lot of people. If you get spam and it gives you a "take me off this list" link, the last thing you want to do is click on that link. Spammers are looking for viable e-mail addresses. Most of the stuff they send goes to invalid addresses. If you click on a "take me off this list" link, they've suddenly discovered a valid address and will add your address to their list of viable addresses, exactly the opposite of what they said and you wanted.
pixel
pixel Third, the e-mail protocols were designed without thinking about this problem. Unless/until those protocols change, which is not easy, there is no 100% solution. It is very easy to forge e-mail addresses. Spammers have lots of other tools at their disposal. The most we can hope for is to make spam no more annoying than the junk paper mail we receive and recycle.
pixel
pixel Server vs. Client solutions: Ideally, this would all be dealt with at the e-mail server. That way, your dial-up connection wouldn't waste the time of downloading a virus you didn't want in the first place. (I'm not going to try to distinguish between spam and viruses. They're different, but I don't want either of them, and I use coordinated mechanisms to keep them at bay.) However, many of the commercial solutions, and there are some very good ones, deal with things at the e-mail client (i) because there can be more control at the client and (ii) maybe they can make more money selling solutions per client than solutions per server.
pixel
pixel Open Source vs. Commercial Solutions: There are many good efforts both from the free software advocates and those trying to make money. (1) I didn't want to spend money or time sorting through all of the options and (2) I wanted to understand as best I could how to deal with the problems directly. It turns out that everything I use is either free software or stuff I've crafted myself. However, my client's request forced me to look at how to make what I did work with commercial software, specifically Microsoft Outlook, and I think I have done so.
pixel
pixel Perfection: If you're looking for a perfect solution, stop reading. I don't have one. What I have is good enough for me, good enough for my wife, and, I hope, good enough for everyone who uses my mail server. Because of all the problems listed above, any attempted solution is going to fail to some extent, either by throwing away mail you want to see, or making you look at mail you don't want to see. My bias is to try to never throw away good mail, even if bad mail gets through. (I have a strategy for neutralizing viruses in bad mail, so even if bad mail gets through, it is unlikely to harm the computer.)
pixel
My Basic Strategy
pixel
pixel First, I use an automatically generated "white-list" - anyone that I (or other user of my mail server) says they want to receive mail from gets to send me (or the other user) mail. If George W. Bush (probably forged, since he said he stopped using e-mail entirely when he took office) wants to tell me how to enlarge my penis, and G-dub is in my white-list, the mail gets to me. Part of what I have done is to make it easier to make this "white-list" be based on addresses the user has put in their address book. Second, anyone not in my white list who has VIAGRA or Vicodin or similar words or common mis-spelling of those words in their subject line gets their mail thrown away. They can be clever with mis-spellings and get the mail through. Every day, I (and other users of my spam filters) get a list of who had their mail thrown away, so if someone I really wanted to hear from wrote me, I can write them back and say "so sorry, my spam filter threw your mail away". Third, I have a growing list of "suspect" domains and addresses. Anything from those lists gets re-routed to a "Suspect" folder, in the IMAP case, or gets an X-Suspect header in the POP case. Either way, the "suspect" mail is in a separate folder and can be quickly scanned, when/if it seems worthwhile. 95%+ of what goes in my Suspect folder is immediately deleted. Finally, anything that doesn't pass/fail the above tests ends up in my inbox.
pixel
My Purgatory
pixel
pixel Most of the above is excerpted and abstracted from an e-mail I sent to clients, friends, and family December 14. The youngest recipient was my niece just turned 15, so I didn't think I would offend her or my sister with the word "penis" and so forth. About 15% of the recipients had addresses at one of the largest ISPs, which I will refer to as XYZ hereafter. I think everything I am saying is factual, and there are only two reasonable interpretations of "XYZ" but I am trying to avoid offending either one of them. My telephone conversations with XYZ have intended to be polite and constructive, in spite of XYZ severely trying my patience and forgiveness. Anyway, the December 14 mail got through to all of the recipients, even with the potentially offensive content.
pixel
pixel December 16 I sent a family-letter, to the same addressess, and the ISP (XYZ) rejected all of the copies going to their clients. The rejection message was very unclear and truncated. For my personal account with XYZ, the rejection said:
    ----- The following addresses had permanent fatal errors -----
    <chsauer@xyz.com>
        (reason: 554 TRANSACTION FAILED:  (HVU:B1) The URL contained in your 
	email to XYZ members has generated a high volume of complaints.?? 
	Per our Unsolic)
    
This is literally what it said, except that I have substituted XYZ for the ISP's domain name. (I assume they intended to say "Unsolicited" and continue further, but the many rejection mails I got all stopped at that same spot.)
pixel
pixel This made absolutely no sense. If my spam descriptive e-mail got through, including potentially offensive words, why was this rejected? (A slightly excerpted version of the e-mail is visible at quarterdecademilestoneletterexcerpted.html.)
pixel
pixel What URL could be the problem? Certainly not the one for the Methodist Church, http://nwhillsumc.org/. And seemingly unlikely any of the http://technologists.com/ URLs. I sent e-mail to the postmaster at the ISP and got no response. Surprise. So I started calling their customer support numbers. I probably spoke to 20 people, most of whom were seemingly not competent for the discussion at hand. They would give me a ticket number and say they were transferring me to someone who could help. Half of those transfers were disconnects!
pixel
pixel Finally, I got a toll-free number for the postmaster's office. I called that number, waited on hold for an hour and 20 minutes, then finally spoke to someone who seemed to have a resaonable idea of how to diagnose the problem. The first thing he did was have me forward the rejected e-mail to an address at Yahoo.com! (XYZ is not Yahoo!) When he read the message, he couldn't see any reason why it was rejected. He gave me a new ticket number, admitted they were swamped with technical problems, and said that someone would resolve. He couln't say how long that would take.
pixel
pixel Since I knew that most messages I sent to my XYZ correspondents were getting through, I realized there was an obvious workaround: put the e-mail on my web-site, password protect it, and tell the XYZ recipients where to find it and give them that id/password. That worked. So besides clumsiness/frustration, all of the problems were solved.
pixel
pixel Last night I received an e-mail from my pastor, who is very computer savvy and aware of what was going on, saying "Thank God I don't use XYZ. A friend just upgraded to their latest software and now his system is unusable."
pixel
pixel This afternoon, when I was intending to write this, I suddenly realized there were 3 URLs, not two that might be offending XYZ. I was pretty sure that http://nwhillsumc.org/ was not the problem, and I doubted that anything related to http://technologists.com/ was an issue, but there was a third domain name in the e-mail. In the postscript of the e-mail, I had said
P.S. This is not the end of my project, just a milestone. I still want more family e-mail addresses to add to the lists. I still want more photos. I'm also beginning to make MP3s of my out-of-print LPs, etc. One of my accomplishments last week was to help the Red Clay Ramblers make CDs of out-of-print albums they recorded! I'm astonished that I could help them in this regard to help them recover lost recordings of their own music. The MP3s are in a separate password protected directory to avoid copyright violations.
In doing so, I had given the URL for the Red Clay Ramblers web site, http://members.tripod.com/~RedClayRamblers/. Note that I am not making this a hyperlink, because that is the URL XYZ is rejecting. There is no sense in this at all that I can recognize. http://members.tripod.com/ was one of the first, after XYZ, to inundate their users with pop-up/pop-under windows. With that exception, I know of no reason why XYZ should be blocking references to http://members.tripod.com/~RedClayRamblers/.
pixel
pixel When I realized all of this, and made tests that proved to me conclusively, that I had diagnosed the issue, I called the XYZ postmaster toll-free number, expecting to be put on hold for an hour. To my delight, a human answered immediately, seemed to understand what I was saying, said she was adding the info to my trouble ticket and that even though they are horribly back-logged, they should fix this problem in about a week.
pixel
(12/17) Quarter Decade Photo Project; MP3s; Simplistic Spam Solutions permanent reference link
pixel
Quarter Decade Photo Project
pixel
pixel Somehow it always seems like I spend my time on things other than my plans. Sometimes this is logical, sometimes it is serendipity.
pixel
pixel For 2 1/2 years I've been working on archiving family and friends' photographs, for a number of reasons:
  • If the physical photsgraphs get lost/destroyed, the digital versions are much better than ashes or whatever. In my case, this strikes close to home, since my father's birthplace had a bad fire over a decade ago, and many family treasures were lost. On the other hand, I have photos of my mother's mother's mother's family.
  • Many of these photos I had never seen before. If I had never seen them, then it is likely that other/younger family members had never seen them.
  • The digital versions allow for editing/enhancement that is impractical for those without a convential darkroom. (I used to have a darkroom in the 60s and had access to one in the 70s. Now I depend on what I can do with scanners and software.)
  • I've reached a major milestone, having scanned almost 1700 photos/slides/negatives in the last 2 1/2 years. Not only are these available on the web to most family members, I've made paper copies for those who are too old to want to learn to use a browser.
(The URL for the photos is http://technologists.com/photos/.)
pixel
Rise and Fall of MP3.com
pixel
pixel One of my real thrills of 1998-99 was the emeregence of MP3.com, and the ability to make Caroline's 70s/80s/90s recording available to a broad audience. We were both thrilled in 1999 when some of her songs hit the top of the charts on MP3.com, not only in folk/country genres, but even her tribute to Bob Marley Tuff Gong and some of her other songs e.g., Lonely Man being promoted by mp3.com. Unfortunately, it looks like only the domain name "mp3.com" will survive, and all of the 250,000 artists' music will disappear unless/until something is done to make it available elsewhrere. Fortunately, all of Caroline's MP3s are vislble at http://kaybuena.com/songs/.
pixel
Simplistic SPAM Filtering
pixel
pixel The other thing I've been doing is making my simplistic spam filtering solutions useful to all who use my mail server. If they endose what I've done, I'll tell more, but the biggest limitation is that my solutions only work for those who receive mail on my server.
pixel
(12/1) Making Peace With Windows XP permanent reference link
pixel
pixel A while back, I admitted that I needed to make peace with Windows XP. I had three main issues with XP:
  1. The new "Start Menu" seemed to slow me down, especially on notebooks and other machines with limited pixel layouts.
  2. I had been unable to get my WiFi card to work with XP.
  3. Some administrative tasks seemed unnecessarily harder than with 2K.
(Others have other issues with XP, e.g., the "activation" requirement. Those issues do not particularly bother me.)
pixel
pixel I've newly started attending services at a neighborhood church. The senior pastor called me and suggested a 1-1 meeting. At the end of that meeting, I volunteered to help with any computer problems at the church, other churches and/or non-profit organizaitons. Bill, the pastor, immediately said he was having problems making his WiFi connection as secure and functional as he would like. It turns out that Bill has been working with computers about as long as I have, and has been working with PCs longer than I have! Though he's quite adept with managing his own and the church's computers, sometimes he gets stuck, as we all do.
pixel
pixel When I arrived the next day to follow-up, I found out that (a) Bill's notebook was running XP and (b) the church had 802.11g equipment, with capabilities beyond my obsolescent 802.11b stuff. At first I was stumped, and didn't get things working much better that they already were. I installed XP on my notebook, yet again, with several significant differences from before:
  1. I installed XP SP1 before trying anything else.
  2. I read the knowledge base articles on the WiFi manufacturer's web site.
  3. I set XP for the "Classic Start Menu" and made the other user interface tweaks that I routinely make when I setup a Windows machine for myself.
Though clumsier than my experience with Windows 2000, I did get my 802.11b stuff working with XP, including enabling WEP.
pixel
pixel Then I went ahead and fetched the church's 802.11g equipment, got everything working the way I thought it should, including enabling WPA. I've taken 802.11g stuff back to the church and have it working well there.
pixel
pixel So now my attitude toward XP is similar to my attitude toward Outlook -- in general I'm not a fan of Outlook, but for some situations it is the tool of choice. All things being equal, given a choice, I'd use Windows 2000 before using Windows XP. However, there is at least one thing I can do easily with XP, enable WPA, that I can't do easily with Win 2K.
pixel
pixel So I think I've reconciled with XP at least as well as I have with Outlook.
pixel
pixel The church's primary server is running NT4 -- yet another motivation for me to get back to nt4eol.
pixel
(11/21) Disks STILL Fail (Sometimes Catastrophically) permanent reference link
pixel
pixel Those of us who remember computing before the last decade probably remember the great improvement in disk drive reliability that occurred in the early 90s. Before then, disk drives seemed to be the most failure-prone component of computers. "Everyone" was concious of "head crashes" (when a recording head hits the spinning magnetic platter, usually destroying both of them). Backups, mirroring, "Redundant Arrays of Inexpensive Disks" (RAID) and other strategies were emphasized to cope with the failures.
pixel
pixel Seemingly overnight, disk manufacturers dramatically improved reliability. At a time when disk drives seemed to last a couple of years, manufacturers started quoting "Mean Time Between Failures" (MTBF) of close to 30 years! It is critical to realize that this is predicted average behavior, and that any given disk can fail at any time. Still, it is very easy to lull oneself into thinking that disk drives last forever. They don't!
pixel
pixel Between my own premises, other commercial premises, and residential premises, I probably control forty to fifty disk drives. They do fail. I think I'm well prepared for failure of the most important drives. (I'm usually obsessive about backups and redundancy.) However, I got caught this week.
pixel
pixel In my experience in the last decade, when a disk drive fails it is almost always gradual, not catastrophic. Presumably, the magnetic material fails in spots, and sectors of the drive become unusable. Depending on the circumstances, this may go un-noticed, but more often than not, even the in-experienced user will notice that something is wrong and at least ask for help. However, this Tuesday I saw the first catastrophic disk failure I can remember in over 10 years. Unfortunately, it happened to the disk drive that is most important to me, the primary drive on my Linux production server.
pixel
pixel My NT4 production server was designed to be a rack-mount server, has a built-in RAID system and good monitoring software. As long as I keep an eye on the monitoring software, any significant problem is very unlikely. (One drive failure would probably only be noticed by me and the warranty service person.) However, my Linux production server was really designed to be a desktop machine and has had minimal disk redundancy. I had been planning to institute much more formal mirroring when I upgraded that machine from RH 9.0 to Fedora, probably Thanksgiving weekend. I still intend to institute the mirroring, but right now I am humbled and embarassed that that machine failed Tuesday, with a small loss of data and an outage of several hours.
pixel
pixel It could have been worse. I was on premises and noticed the problem within an hour. My existing redundancy strategies worked as expected so that the loss of data was minimized. I decided to go ahead with Fedora on Tuesday, since I needed to do a complete OS install in any case. That went well. I had been out of town three of the previous four days and would have had much more of a challenge fixing things remotely. (I believe I could have done so reasonably, with one of my hot spare machines and backups. I don't think there would have been any worse loss of data, but the problem would have not been recognized so quickly and the recovery would have taken longer.)
pixel
pixel For those of you in the U.S., Happy Thanksgiving!
pixel
(11/12) Fedora's Fine; nt4eol; mod_auth++ permanent reference link
pixel
Fedora's Fine
pixel
pixel So far, I have no complaints about Fedora. It feels like a good successor to Red Hat 9.0. The only obvious omission is tripwire. I created my own ad hoc, simplistic analog of tripwire in 1998, before I knew of tripwire, and have continued to maintain it. So the omission of tripwire probably is a concern to others, but doesn't directly affect me. I have Fedora installed on all of my Linux machines except for the production machine that is still running RH 9.0 (and the museum machine that runs Red Hat 5.2). Assuming things go as I expect, Fedora will replace 9.0 on the production machine in a couple of weeks.
pixel
pixel Of course, the big questions revolve around updates, business practices and other potential changes as Red Hat proceeds with Fedora. For now, I'll hope that those questions are resolved positively.
pixel
pixel Tangentially, I have learned a lot more about multi-booting many of the operating systems in my museum. In other words, I've spent many frustrating hours installing and reinstalling many of those operating systems. The big problem seems to be that they make different, incompatible, assumptions about disk geometry. I won't rant about that the way I might want to, but I will say that NT4's "Disk Administrator" tool was my best friend in resolving the problems.
pixel
NT4 Server End of Life
pixel
pixel All the above and other activities have impeded my nominal plans. I'm filling in my experiments and experiences in nt4eol, but have much more to do.
pixel
mod_auth++
pixel
pixel Because of the above, no new news about mod_auth++. However, I plan to use Fedora to test/fix/enhance mod_auth++ before I put Fedora on my production Linux server.
pixel
(11/06) Brave New World: NT4 2004 Edition permanent reference link
pixel
NT4 Server End of Life
pixel
pixel Huxley probably wouldn't notice, but 2004 is when we'll have to deal with the real demise of NT4 Server. I've started nt4eol to describe my experiments and experiences. Right now there are four placeholders for additional pages I plan to add.
pixel
"and all those things" (mod_auth++, Fedora)
pixel
pixel Except for the citations in the October 30 and November 5 editions of the Lockergnome IT channel (thanks Chris!), I don't have much to add about mod_auth++. I continue to use it, test it, and recognize bugs, but I need to allocate time to fixes/enhancements.
pixel
pixel In the Linux world, there's lots of news, especially the Core 1 release of Fedora and Novell's acquisition of SUSE. I got the Fedora ISOs quickly, thanks to BitTorrent, and am beginning to assess Fedora as a replacement for Red Hat 9.0. Obviously, there are going to be many assessing/wondering this, e.g., Red Hat's Fedora released - the upgrade path for the rest of us?. My assessment so far is definitely "thumbs up". I think Red Hat has done the right thing. Technically, Fedora feels to me like an incremental Red Hat Linux release. I probably grumbled more about the changes between RHL 7.0 and RHL 7.1 than I will grumble about what has changed between RHL 9.0 and Fedora. My evaluation of a new Red Hat release goes through three stages:
  1. Install "everything" on a machine that doesn't matter and look for obvious problems. I've done that with Fedora. No obvious problems.
  2. Install on my "hot spare" server. That server is intended to be able to take over if either my Linux or my NT4 server fails. I've just started installing Fedora on my hot spare server.
  3. Install on my production Linux server.
Fedora feels more like an incremental Red Hat Linux release than something new. If I were a product manager at Red Hat, I would be grumbling about all of the places Fedora still seems like Red Hat Linux 9.x from a business perspective. For example, on one of the early pages, it says "Welcome to Fedora Core 1 ... If you have purchased Official Fedora Core, be sure to register your purchase through our web site, http://www.redhat.com/." Since you can't purchase Fedora, this is nonsense. But the similar message that existed with shrink-wrap Red Hat Linux was apropos. Anyway, so far I am very pleased with Fedora both from a technical and a business perspective.
pixel
(10/31) mod_auth++ Beta; "it's the end of NT4 as we know it" permanent reference link
pixel
(I was going to post this 10/30, but how could I not wait for more burnt orange on Halloween?)
pixel
1. mod_auth++ Beta
pixel
pixel I've solved the biggest problems I had with mod_auth++. Let's call the current version "Beta". I'm expanding my production use of mod_auth++. If you're curious, (and willing to assume any risk involved) please give it a try. The usual disclaimers apply -- I take no responsibility if something goes wrong. A special thanks to Matthew Gregg at the mod_auth_any project for telling me of their approach to avoiding the "browser close/reopen" problem.
pixel
2. "it's the end of NT4 as we know it"
pixel
pixel Microsoft is bringing Windows NT4 Server to "end-of-life". See Retiring Windows NT Server 4.0: Changes in Product Availability and Support. My interpretation is that there will be no new fixes, except for security issues, after this year. Security fixes will stop a year later, after January 1, 2005.
pixel
pixel This seems perfectly reasonable. NT4 is ancient. Microsoft has released two successor products, Windows 2000 Server and, now, Windows 2003 Server. (Of course, there are sub-versions of both 2000 and 2003 Server.) However, there are lots of production NT4 servers going strong. My two production servers run NT4 and Linux, respectively.
pixel
pixel The biggest problems in the upgrading are the directory issues. Because of the radical changes between NT4 and the successors, there is no easy answer. Here are some possibilities:
  1. (Ostrich mode) Pretend there is no problem. This might actually be viable for my production NT4 server, since it has minimal directory issues and is behind a firewall. However, I'm assuming that by January 1, 2005 it will be running some flavor of Windows 2003 Server.
  2. Samba 3+ on Linux (or some other Unix-like environment). This is plausible. I've experimented with the latest Samba build (Samba 3.0.1pre1) and see much promise. However, I'm not as optimistic as Samba 3.0 Does Windows Even Better.
  3. Windows 2000 Server
  4. Windows 2003 Server
I used to be proficient in dealing with NT4 directory issues, but had gotten out of practice. I've given myself a refresher course. Soon I plan to add a new section to this site devoted to all of the above, plus, LDAP, which is even more important than I realized before.
pixel
(10/20) mod_auth++ "and all those things" permanent reference link
pixel
mod_auth++
pixel
pixel "mod_auth++" started with my frustration with existing authorization mechanisms that are available with standard browsers (IE, et al) and web servers (Apache, IIS, et al). I wanted to be able to control access to web cams, photographs, and other static content on my web servers in ways that seemed impractical with the commonly used mechanisms. After investigating and thinking, I believed I knew how to do so. permanent reference link I think I have successfully prototyped what I envisioned, at least with IE and Apache, and believe what I call "mod_auth++" will also work with other browsers and servers. There is a first draft document at mod_auth++ which describes what I've done, how mod_auth++ might be used, and the limitations and problems I've recognized.
pixel
"and all those things"
pixel
pixel A friend who read that I was making 12-year-old software and hardware work asked if I was a "masochist". I said "no, I am a historian". I took his comment as a challenge and brought my Dell 320N+ 386SX 20MHz back to life running Windows for Workgroups 3.11, including an alpha version of Mosaic 2.0.
pixel
pixel A different friend said I had created a museum and should make it visible on the Internet. I wish I could. Unfortunately, 12-year-old software (and lots of more recent software) would be very vulnerable in the currently dangerous state of the Internet.
pixel
pixel I did install Windows 2003 Server on a couple of machines, but have not done much more than that. Perhaps for good reasons, Windows 2003 Server is much less friendly to multi-booting other operating systems (Microsoft and non-Microsoft) than previous Windows Server versions. In particular, on one machine that already had Windows 98 and Red Hat 9.0 installed on it, the Windows 2003 Server install disabled the Windows 98 and corrupted the Linux install. However, on a different machine that had Windows NT 4.0 Server, Red Hat 9.0 and Windows 2000 Professsional, installing Windows 2003 Server did no harm to any of the existing systems. So I have to assume that the Linux corruption on the first machine was not intentional. The Windows 98 disabling clearly was intentional.
pixel
(10/6) "If Tomorrow Wasn't Such A Long Time" permanent reference link
pixel
When I said "Diving In", I thought I would stop updating this page for a month or so. I had no idea it would be 8 months! But everything always takes longer than you think it will. The words of one of my main muses, Bob Dylan, have resonated with me as I've tried to overcome bloggers' block and get back to writing. (I don't really think of this as a daily blog, but I have meant to write something every few days, not allowing lapses of months and months.)
pixel
What have I been doing?
  • Spending my time with personal and family challenges and blessings. In particular, June 21st I was father of the bride. Not only was my daughter's wedding a blessing, I tremendously enjoyed my role and helping/seeing it happen. (I was not at all like Spencer Tracy or Steve Martin in the movie renditions.)
  • Pursing the "unifying access control approach that will be both secure and usable". permanent reference link So far, this has worked out fairly well. This was the nominal reason for taking the writing hiatus and "diving in". I have alpha+/beta- code working with Apache. I've used some of the new capabilities for my own production purposes for a couple of months. One of my next steps is to finish and document what is visible at http://technologists.com/mod_auth++/ -- what is visible there now is mostly incomprehensible unless you look at what I've done to mod_auth.c.
  • Becoming a self-taught expert regarding Microsoft Active Directory, as implemented in Windows 2000 Server. This ties back to my interest in making LDAP usable for non-experts, since Active Directory is based on LDAP. However, Active Directory is at least as intimidating as plain LDAP. Next I plan to go back to plain LDAP and also explore the reported improvements in Active Directory in Windows Server 2003.
  • Expanding my already eclectic interests in alternate operating evironments. What if SCO really puts a damper on Linux? I've been looking at Solaris and FreeBSD much more closely, understanding how they work on their own and how they fit with Windows and Linux. What if Samba 3 really is a satisfactory replacement for a Windows NT4 Server?
  • Both because of this expansion of interests and my desire to preserve my access to ancient environments, I've been setting up some multi-boot machines that allow me to run any of the following, though not all at the same time. (These are listed in approximate order of the age of the OS, oldest first. These are in addition to my usual operating/testing environments: Windows 2000 Professional, Red Hat Linux 9.0, and Windows 2000 Server.)
    1. Dell Unix V.4 Version 2.2, which, 11 years ago, was the best x86 implementation of Unix. It was based on the latest AT&T SVR4 and included many extras, notably the Roell X-server (pre-cursor to XFree86) and lots of useful public source packages.
    2. Windows 95 (OSR2) with IE 5.5. (I'm tempted to bring up a Windows 3.1 environment that works with TCP/IP -- I've got a 20MHz 386sx notebook that only knows NETBEUI and IPX/SPX right now. We'll see.)
    3. Windows NT4 Workstation with IE 5.5.
    4. Red Hat Linux 5.2
    5. Windows 98 with all the latest Microsoft updates.
    6. Windows NT4 Server with all the latest Microsoft updates.
    7. Solaris 9 X86
    8. FreeBSD 5.1
    9. (Soon to come) Windows 2003 Server.
    1 through 4 are on a 12-year old Dell 450 DE/2 DGX! Part of what started this all was seeing if I could get the DGX running again, and to see if I could get Linux running on that machine. It turned out that 5.2 is the most recent Red Hat release that I could get to work with a machine that old.
    pixel
    There are at least two serious omissions from this list:
    • Windows XP. I've tried it numerous times on different machines and just don't like it. One of these days I'll have to make peace with XP, just as I had to make peace with Outlook, but that took several years.
    • Macs. I have two ancient, non-functional Macs that might be cobbled together into one functional system. What I really need to do is buy a modern Mac. But I haven't bought a modern PC for myself in quite a while, so I'll probably get a Centrino notebook before I get a new Mac. (I do have NextSTEP 86 and compatible hardware, since the X86 port was developed on prototypes of the Dell 450 DGX, but getting that working again seems much less important that a modern Mac.)
More later.
pixel
(2/6) Valuable Distractions and Discoveries: Diving In permanent reference link
pixel
I've not written one word of my intended requirements document. Rather, I've been pursuing a "unifying access control approach that will be both secure and usable":
  • I discovered a grant solicitation that seemed closely related to what I'm working on, so I submitted a funding proposal. This may have seemed a distraction, but the thinking and learning were very valuable even if my proposal is not funded.
  • I think I have come up with a secure scheme for new authentication and access control mechanisms that will integrate nicely with existing web browsers and servers. It seems to fit nicely with the Apache web server. There seems to be a natural way to do equivalent things with Microsoft's IIS. This is a meaningful discovery if, as it seems, there is a way to provide improved authentication and access control mechanisms that fit well with existing code. It will be a victory for software architecture if this works without a huge coding effort.
  • Now it is time to (i) dive in to the details of the existing Apache authentication modules and (ii) build new modules with new capabilities. Having never even built Apache from source code before now, there is probably much to learn. However, I've already found what looks like a minor bug in one of the existing authentication modules, and think I have a fix for the bug, so the next step is to build the repaired module and test.

pixel
2002
pixel
(12/23) Seeking Simplifications permanent reference link
pixel
The optimism I had a couple of months ago was short lived, optimism about being ready to write a requirements document for software that would facilitate communication and collaboration amongst small groups. I've become more aware of the challenges and limitations of some of the components I hoped to "drop in". Most notably regarding LDAP, but also aspects of existing Windows applications, Jabber, and other pieces of the puzzle.
pixel
At the same time, I'm seeing new requirements and opportunities. For example, I should at least allow for the possibility that Chandler will successfully address part of the problem and look to leverage Chandler, or at least avoid duplicating what they might do. Perhaps more significantly, I'm trying to come up with a unifying access control approach that will be both secure and usable. That's not easy.
pixel
I've also allowed myself to slow down with the holiday season, and pursue some seemingly unrelated tangents. But back to the thoughts of a couple of months ago: it is time to attempt a requirements document! Beginning a document would demand a clear one sentence description. Writing a document should force much needed simplification of thoughts that are probably too ambitious. The simplifications should guide where to go next.
pixel
(12/4) Disaster Preparedness for a Small Organization permanent reference link
pixel
(With deference, but no real tie, to Frances Moore Lappé)
pixel
I target making computers more useful to organizations with minimal professional system administration (most likely, no professional system administration).
pixel
One of the worst scenarios is to become dependent on computers and suddenly not have them available! Computer disasters, small and large, are inevitable:
  • "Everybody" accidentally deletes or ruins an important file every now and then.
  • As reliable as disks have become, they still fail without notice. I've seen this happen four times recently, after a couple of years of not seeing any disk failures.
  • Portable computers get lost or stolen.
  • Fires and larger disasters happen sooner or later.
To be prepared for the inevitable, emphasize:
Redundancy

Every computer has a "hot spare" ready to take over. Besides defending against minor problems, this also means that it is relatively safe to experiment with things that might "break" any one computer.

Homogeneity

Unless there is good reason for differences, everything should be the same!

Cross-platform Heterogeneity

External (Internet) sources of problems: intrusions, viruses, etc. are unlikely to affect both Windows and Linux. So, for example, having a secondary fileserver running Linux and Samba makes it less likely that an intrusion into a primary Windows server will be a disaster.

Backups and Backup Testing!

Stop reading if you don't make backups. But only making backups can lull a false sense of security. More importantly, test those backups. I do this brutally. I take a computer I depend upon and trash it! I format the disks, and install everything from scratch. In the last couple of weeks, I've done this to the computers I depend upon the most! Since I have redundant computers, and trashed them one at a time, nothing terrible happened.

Off-site Storage for Backups

A tape in a tape-drive or a disc in a burner does little good if the computer is stolen or the building catches fire. In addition to keeping backup tapes and discs off-site, I keep the original software installation discs off-site. I make copies of the installation discs and use the copies for re-installs and maintenance. That way, I'm very confident that the off-site discs are sufficient.

pixel
(11/20) Outside/Inside Maintenance, Part I permanent reference link
pixel
I like to mow the lawn. Gardening, even weeding, can be satisfying. I like to apply preservative/stain to the deck (before or after summer!). Outside work frees me to think about things. This has been especially valuable when making major transitions, for example, when I left IBM to join Dell in 1989. (In 1989, Dell was just barely a public company. Everyone thought I was crazy. I said that Michael Dell would be comparable to Henry Ford. The people at IBM did not like hearing that, but Michael has justified my claim.)
pixel
I think I've mowed the lawn the last time this year. The chard is still producing and the Fall tomatoes are ripening. The deck is in good shape. But two different catalysts on Friday have set me about maintenance of most of the Technologists computers. First, a bad splice in an Ethernet cable in the wiring closet stopped working. I'd been sloppy and got caught. Second, stepping back from LDAP, I zoomed through a bunch of instant messaging explorations: refreshing my knowledge of "the big three" (AOL, Microsoft, Yahoo), quickly getting Jabber working on a test server, etc.
pixel
I like system administration. Doing system administration right is challenging and rewarding. The Jabber successes quickly made me think about putting Jabber into production, and I knew the servers weren't ready for that. The bad splice was also a wake-up call. So the last five days have been mostly spent on sys-admin things:
  • Testing disaster recovery by re-installing the main Linux server from the latest Red Hat 8.0 (vs. the two levels down Red Hat 7.2 that was in place) and the backups. (The primary Windows server continues to run NT4, avoiding upgrades to avoid the cost of new Win 2K and SQL Server licenses.)
  • Having succeeded (aside from minor glitches), the secondary and test servers were brought up to date. Either of these can be quickly reconfigured to take over the primary Linux or Windows server role.
  • Creating an up to date network diagram. Though Technologists is a relatively simple environment, there are four servers, four routers, half a dozen other active Ethernet devices (hubs/switches/WiFi access), four desktops and two notebooks.
  • Getting the desktops back to being as homogeneous as possible so that they can continue to be used interchangably.
  • Getting the notebooks back to being homogeneous and disposable. Not that I want to throw them out, but if a notebook gets stolen going through airport security, I don't want to think about anything but losing the hardware.
Like the work outside, the time spent on maintenance has allowed me to think more about the other things (LDAP, instant messaging, VPNs, RSS, etc.) I've been working with. Next time I expect to say a little bit more about sys-admin stuff and more than a little more about how all these things fit together.
pixel
(11/14) Small Successes and a New Course permanent reference link
pixel
I said before that I was overwhelmed by LDAP and that it fits a 90/10 rule, that most of what is there will go unused. I could repeat and amplify on all that after my last few days. This morning I was ready to give up, but somehow didn't. After plodding through a couple of tomes, a dozen LDAP "tutorials" and more utilities than I want to remember, I succeeded in getting a working directory server based on OpenLDAP, and had added a few entries to the directory. All of the books and tutorials seemed to omit key information, but the union of the tutorials got me through.
pixel
The next step was to get e-mail clients to use the directory. But I couldn't get Outlook Express to find any of the entries. The success finally came when I tried Mozilla's mail client. Then I went back to Outlook Express, figured out I needed to go to the "advanced" settings to set a parameter, and O.E. started working. Next (non-Express) Outlook, and it is working, too.
pixel
But these are small successes, and the best I can say for LDAP at the moment is that it is still probably better than the alternatives. LDAP is not focused on a "directory" in the pre-computer sense, for example, the phone book, nor is LDAP analogous to a file system "directory". LDAP is more oriented toward displacing "/etc/passwd" in *nix systems and equivalent primitives in other operating systems. I still have a ways to go before I'll use LDAP regularly myself; in particular, I need to figure out how to easily add/modify/delete entries without resorting to an "LDIF" file and the "ldapadd" command. Before I recommend LDAP to others, I need to navigate through the incomplete work on access control to figure out how a non-administrator should access/add/modify entries.
pixel
But for now I'm relieved that I got this far, can step back from LDAP, and get to the next items on my priority list.
pixel
(11/8) B.B. King & Slack Key & Back To LDAP permanent reference link
pixel
In Legendary R&B guitarist so happy to play the blues, Derek Paiva writes:
pixel
"It's not every day a Rock and Roll Hall of Fame inductee asks you to recommend a few slack-key guitarists he should have in his CD collection. But B.B. King (class of 1987) made me promise to do just that. ... "I like the sound, but ... I don't know who to listen to." ... "
pixel
Paragraphs later Derek answers "Oh, and about that promise, sir? I recommend you start your collection with CDs by Gabby Pahinui, Ray Kane, Sonny Chillingworth, Led Kaapana and Keola Beamer. But remember, that's just my opinion." That's a couple more players than my initial list, but those additions look great to me.
pixel
This article resonates with me for lots of reasons. I listen to slack key as much as any music these days. I've been a B.B. King fan since I first heard him in the mid-60's. One of my proudest moments as a musician was when my band was on the same bill with B.B. King in Houston in 1970.
pixel
Back to LDAP. I made good progress prototyping yesterday. I started reading the tome Understanding and Deploying LDAP Directory Services. I just weighed the book: 4.5 pounds.
pixel
(11/6) Truth In Naming permanent reference link
pixel
Most software is too complex. The so-called "80/20 rule" is really the 90/10 rule -- 90% of the users of a software application use less than 10% of the features. It's not just the software -- the associated protocols and data representations are comparably bloated.
pixel
Browsers, HTML and HTTP started out simple, exceptions to the 90/10 rule. Their collective lack of complexity was a catalyst to the Web/Internet explosion. Naysayers said "too simple", but the populace said "good enough". A decade later, inevitable pressure for features has taken a toll, but not noticeably in comparison to most software.
pixel
The other day I set my sights on making LDAP (Lightweight Directory Access Protocol) more usable. I've immersed myself in that pursuit and been overwhelmed. "Lightweight, my a--"! If this is lightweight, we need weightless. No wonder no one uses directory software and directories.
pixel
The "lightweight" started out as a comparision to X.500. Probably still applies. Everything is relative. Novell has been a leader in directory products, but the 90/10 rule applies. Active Directory doesn't have simplicity credibility, either.
pixel
Next step: try to prototype and subset something useful out of all of the LDAP options. As an inventory of the options, and much more, I've found Adam Williams' LDAP and OpenLDAP (on the Linux Platform) very helpful in sorting through all the options. There are 402 charts in that file, so it is not "lightweight". Though Linux-centric, it does touch on Windows software, Active Directory, and non-Linux Unix.
pixel
(10/29) It's 10 p.m. -- Have you posted your blog today? permanent reference link
pixel
You've read email today. You've probably sent email today. But if you're like most Internet users, you don't have a weblog and wouldn't distinguish a 'blog from any other web site. Irregardless, there are hundreds of thousands of active blogs and millions of blogs total. Until now, I've not called this site a "blog". I've avoided the label, but the site fits the usual definitions, especially now that I've added an "RSS feed".
pixel
Much of the focus of blogs is cultural, especially the sites with creators passionate as if their blogs were progeny. That may be overstated, but thoughts along that line prompted the "10 p.m." title. Serious blog authors update their sites multiple times per day, those who update less than daily seem compelled to defend their "at least twice a week" committment. Bloggers are passionate about what they have to say and reaching an audience with their ad hoc journalism.
pixel
(i) The labelling and the passion have a downside to the extent that blogs are treated as a category unto themselves instead of an organic part of Internet communications. (ii) Moreover, there is pervasively useful technology underlying blogs:
  • RSS feeds, used for syndication and aggregation of blogs, are probably the most widespread application of XML.
  • XML-RPC seems to have been primarily inspired by blog requirements.
  • XML-RPC and other aspects of blogs seem to have had a dramatic behind the scenes impact on Microsoft's .NET initiatives.
I'm still sorting through what all this means to enabling better Internet communication amongst small and medium-sized teams. As I better understand what is happening with Chandler, it becomes evident that they are heavily influenced by blog-oriented technologies, and probably ahead of me in thinking about this.
pixel
(10/25) One, Two, Three... A Few Dozen permanent reference link
pixel
I think I first became aware of the traditonal definition of "google" (ten to the hundredth) forty years ago when I read Gamow's One, Two, Three... Infinity. Similar to Chandler's orientation towards small and medium organizations, much of my my thinking is oriented toward software that facilitates communication and collaboration amongst groups of "one, two, three... a few dozen".
pixel
This is not just the sort of things Chandler aspires to, and not just the media breadth I referred to before (publishing, photos and video as well as interactive text), but also things such as providing directories that are simple enough for everyone to use. (That is probably not Active Directory or LDAP implementations in their current forms.) This probably DOES include "presence" in the IM sense.
pixel
I'm approaching this in a mathematically inductive sense, and think I'm almost up to two or three (users). (It works for one, maybe it works for two, so it should scale to dozens?) I'm almost ready to write a requirements document. I don't know if I will literally write one, but being able to write one is necessary. I'm also ready to do more prototyping. At the moment, making LDAP implementations more usable seems near the top of the priority list.
pixel
(10/23) Chandler and/or Conan Doyle? permanent reference link
pixel
In concluding "The Big Picture" in Mainstream Videoconferencing we wrote: "But first, we seek inspiration from Sherlock Holmes! In the early pages of "The Adventure of the Cardboard Box," Holmes and Watson are sitting in the same room. Watson believes that Holmes is not paying attention to him. After prolonged silence, Holmes tells Watson what Watson has been thinking, based on the visual clues from Holmes' observation of Watson during the silence. Predictably, Watson is amazed and Holmes represents his observations as "very superficial." Though fiction, the Holmes stories are replete with examples of the usage of all senses, particularly vision, to gain understanding. Attempts at a distance meeting with only audio seems like sensory deprivation. This is a conscious phenomenon for someone used to using videoconferencing. For others, the deprivation is no less real, but less likely to be consciously recognized."
pixel
This week, Raymond Chandler's ears are burning, thanks to the announcement of his namesake product from OSAF. I like much of what they are saying, especially today's Chandler Not Outlook Killer, After All?:
  • open source
  • targeted at small and medium organizations
  • not having "the administrative burden of Notes or Exchange"
  • "empowerment through decentralization"
I've been thinking along related lines, but more broadly regarding media (static publishing at one extreme, still images and video at the other end) yet more simplisticly (less feature depth) than Chandler. Trying to understand OSAF's plans and relate them to my own meanderings brought me back to Holmes and "The Adventure of the Cardboard Box".
pixel
More next time.
pixel
(10/18) Public WiFi Privacy, Part II permanent reference link
pixel
Part I set the stage for discussing the state of VPNs. This is both highly relevant and of broader interest, so please forgive me if I lose a little focus. VPNs are relatively mature, increasingly common, and sufficiently confusing that there is still room for new technology to make VPNs more useable and more secure. There are at least four approaches to encryption-based VPNs. (To me, private networks without encryption are not VPNs, but others would count things like MPLS, which I tend to ignore, as VPNs.)
1. IPsec
IPsec seems to dominate current thinking. IPsec is the most comprehensive, the most widely implemented, but also dauntingly complex. Unless something changes dramatically, IPsec will never be something for ordinary users without administrative assistance.
2. SSH/OpenSSH
SSH is a good option, and has plenty of advocates, but will probably remain in the province of the "tech-nerds" and those with administrative assistance -- it seems unlikely that SSH will become pervasively useable. In the short term, I suspect that SSH will be my best option for "Public WiFi Privacy", but I need to do more testing before I'm sure about that.
3. PPTP
The original, "legacy-Windows" versions of PPTP were both insecure and unstable. Starting with Windows 2000, PPTP seems stable, is relatively easy to configure and is relatively secure if you disable the legacy options. However, at least one public access environment that I've visited seems to block the ports needed by PPTP, and robust support for non-Windows platforms seems unlikely. (There are non-Windows implementations out there, so I'll hedge and say that PPTP might be the best option. But even Microsoft seems to think otherwise.)
4. TLS/SSL
There is lots of activity in this area. I prototyped some code for my own implementation of TLS-based remote access last year, and keep thinking I'll implement a robust version myself. If I do, it means I've reaffirmed my enthusiasm for this approach.

pixel
(10/17) Public WiFi Privacy, Part I permanent reference link
pixel
Privacy in Public?
  • An oxymoron? Yes
  • Achieveable via encryption? Yes
  • Practical? Not yet
For WiFi privacy at home, I've done the simple things:
  1. Access point antenna located to minimize off-premises signal.
  2. Set non-default SSID
  3. Turned off SSID broadcast
  4. Filter out unknown MACs
  5. Turned on WEP
Someone with a good enough antenna and the right software on their notebook could defeat all that, but I don't lose sleep over this possibility (especially since I have better measures in sight).
pixel
At an airport, or a Schlotzsky's, or a client's office, none of the simple measures help: 1 through 4 contradict the intent of public access, and impracticality of key distribution eliminates WEP. There are other options:
  • VPN based on PPTP, IPsec, TLS/SSL or SSH.
  • Application level encryption, email being the first candidate.
  • Wait for something better than WEP to get deployed.
Of these, only a VPN approach seems close to practical now. "Close to" because there are plenty of challenges with VPNs. But even those arguing against VPNs for WiFi security (for example, see David Berlind) seem to accept VPNs as the right answer for public access.
pixel
More on VPN approaches in Part II.
pixel
(10/16) Lull in PDA Phone market? permanent reference link

My Samsung I300 has pleased me since I got it in February. This has been my first PDA -- I'd waited until I could get Internet connectivity without a big monthly fee. I mostly use it as a phone, but having a browser, email, VNC, and an SSH client in my pocket is very appealing. I've even started to use traditional PDA apps!

However, the I300 seems to have gone out of production, as have many of the competing products. Checking out the wireless carriers' sites this week, I found no PDA phones at all at AT&T and Cingular, one Pocket PC phone at Verizon, one each of Pocket PC and PalmOS at SprintPCS, and three (RIM/PocketPC/Sidekick) at T-Mobile.

A couple of conclusions:
  1. Pocket PC phones are still way too expensive, but will become more popular as prices drop.
  2. 16 bit PalmOS phones are history, but ARM-based PalmOS phones may still compete when they become available.

pixel
(10/15) Aloha! Changes are afoot: permanent reference link
  • hotlists has been reorganized.
  • A music section has begun, starting with my favorite Hawaiian music.
More to come!
pixel

  Security: Stop ignoring the obvious mistakes (ZDNet 9-19)
  Navigating the Embedded Java Maze (SD Times 9-15)
  10 choices that were critical to the Net's success (SiliconValley.com 9-8)
  Remembering Vignette (Scripting News 9-3)
  What PDA/phone can pass the test? (ZDNet 8-15)
  Tech's 'dirty little secret'--cybersecurity (ZDNet 8-14)
  Minding Your Language (SDTimes 8-1)
  XML security: A who's who (ZDNet 7-8)
  Hot Spots for WISPs (ZDNet 6-28)
  Tempest in a coffee pot (ZDNet 6-26)
  Watch this airspace (Economist 6-20)
  Getting Started with C# On Linux (C# Help 6-10)
  Campus WLAN Design (Network Computing 5-13)
  P2P Makes a Corporate Play (ZDNet 5-7)
  .NET: Microsoft's Enterprise Ticket? (ESJ 5-2)
  Just How Trusty Is Truste? (Wired 4-9)
  Apple Ties the Wireless Knot — Again (DDJ 4-6)
  IBM's unfolding power play (ZDNet 4-3)
  Dan Bricklin review of Handspring Treo 180 (found on useit.com 3-24)
  Sun blinded by paranoia (Financial Times 3-13)
  AT&T Privacy Bird (2-22)
  Grid Project to Wed Web Services (NY Times 2-19)
  Videoconferencing Snapshot (CHS 1-30)
  Understanding the value of Web services (ZDNet 1-28)
  Shadow initiatives: .Net and Java (ZDNet 1-24)
  10 things Google has found to be true (Google Corporate Information)
  Open source, standards and Windows (ZDNet 1-22)
  The MIT Lightweight Languages Workshop (Dr. Dobb's Journal, February)
pixel
2001:
  Pocket Slides v1.2 Released (from Lockergnome Tech Specialist, 2001-12-17)
  GINGER the Segway, IT Scooter (Slate, 2001-12-11)
  CD-R media: testing for quality (CNET, 2001-12-3)

pixel

pixel
pixel


Back to Top

Copyright © 1995-2016 Charles H. Sauer. All rights reserved.

pixel