| 2002
(12/23) Seeking
Simplifications
The optimism I had
a couple of months ago was short lived,
optimism about being ready to write
a requirements document for software that would
facilitate communication and collaboration amongst small groups.
I've become more aware of the challenges and limitations of some of the
components I hoped to "drop in".
Most notably regarding
LDAP, but also
aspects of existing Windows applications,
Jabber, and other
pieces of the puzzle.
At the same time, I'm seeing new requirements and opportunities.
For example, I should at least allow for the possibility that
Chandler
will successfully address part of the problem and look to leverage
Chandler, or at least avoid duplicating what they might do.
Perhaps more significantly, I'm trying to come up with a
unifying access control approach that will be both secure and usable.
That's not easy.
I've also allowed myself to slow down with the holiday season,
and pursue some seemingly unrelated tangents.
But back to the thoughts of a couple of months ago:
it is time to attempt a requirements document!
Beginning a document would demand a clear one sentence description.
Writing a document should force much needed simplification of thoughts
that are probably too ambitious.
The simplifications should guide where to go next.
(12/4) Disaster Preparedness for a Small
Organization
(With deference, but no real tie, to Frances Moore Lappé)
I target making computers more useful to organizations with minimal
professional system administration (most likely, no
professional system administration).
One of the worst scenarios is to become dependent on computers and
suddenly not have them available!
Computer disasters, small and large, are inevitable:
- "Everybody" accidentally deletes or ruins an important file
every now and then.
- As reliable as disks have become, they still fail without notice.
I've seen this happen four times recently, after a couple of years
of not seeing any disk failures.
- Portable computers get lost or stolen.
- Fires and larger disasters happen sooner or later.
To be prepared for the inevitable, emphasize:
- Redundancy
Every computer has a "hot spare" ready to take over.
Besides defending against minor problems, this also means that it
is relatively safe to experiment with things that might
"break" any one computer.
Homogeneity
Unless there is good reason for differences, everything should
be the same!
Cross-platform Heterogeneity
External (Internet) sources of problems: intrusions,
viruses, etc. are unlikely to affect both Windows and Linux.
So, for example, having a secondary fileserver running Linux and
Samba makes it less likely that an intrusion into a primary Windows
server will be a disaster.
Backups and Backup Testing!
Stop reading if you don't make backups. But only making
backups can lull a false sense of security.
More importantly, test those backups.
I do this brutally. I take a computer I depend upon and trash it!
I format the disks, and install everything from scratch.
In the last couple of weeks, I've done this to the computers
I depend upon the most! Since I have redundant computers, and
trashed them one at a time, nothing terrible happened.
Off-site Storage for Backups
A tape in a tape-drive or a disc in a burner does little good if the
computer is stolen or the building catches fire.
In addition to keeping backup tapes and discs off-site, I keep
the original software installation discs off-site.
I make copies of the installation discs and use the copies for
re-installs and maintenance.
That way, I'm very confident that the off-site
discs are sufficient.
(11/20) Outside/Inside Maintenance, Part
I
I like to mow the lawn. Gardening, even weeding, can be satisfying.
I like to apply preservative/stain to the deck
(before or after summer!). Outside work frees me to think
about things. This has been especially valuable when making
major transitions, for example, when I left IBM to
join Dell in 1989. (In 1989, Dell was just barely a public company.
Everyone thought I was crazy. I said that Michael Dell would be comparable
to Henry Ford. The people at IBM did not like hearing that, but Michael
has justified my claim.)
I think I've mowed the lawn the last time this year.
The chard is still producing and the Fall tomatoes are ripening.
The deck is in good shape.
But two different catalysts on Friday have set me about maintenance
of most of the Technologists computers.
First, a bad splice in an Ethernet cable in the wiring closet stopped
working. I'd been sloppy and got caught.
Second, stepping
back from LDAP, I zoomed through a bunch of instant messaging
explorations: refreshing my knowledge of "the big three" (AOL,
Microsoft, Yahoo), quickly getting Jabber working on a test server, etc.
I like system administration.
Doing system administration right is challenging and rewarding.
The Jabber successes quickly made me think about putting Jabber into
production, and I knew the servers weren't ready for that.
The bad splice was also a wake-up call.
So the last five days have been mostly spent on sys-admin things:
- Testing disaster recovery by re-installing the main Linux server
from the latest Red Hat 8.0 (vs. the two levels down Red Hat 7.2 that
was in place) and the backups.
(The primary Windows server continues to
run NT4, avoiding upgrades to avoid the cost of new Win 2K and
SQL Server licenses.)
- Having succeeded (aside from minor glitches), the secondary and
test servers were brought up to date. Either of these can be
quickly reconfigured to take over the primary Linux or Windows
server role.
- Creating an up to date network diagram. Though Technologists is a
relatively simple environment, there are four servers, four
routers, half a dozen other active Ethernet devices
(hubs/switches/WiFi access), four desktops and two notebooks.
- Getting the desktops back to being as homogeneous as possible so that
they can continue to be used interchangably.
- Getting the notebooks back to being homogeneous and
disposable.
Not that I want to throw them out, but
if a notebook gets stolen going through airport security,
I don't want to think about anything but losing the hardware.
Like the work outside, the time spent on maintenance has allowed me to
think more about
the other things (LDAP, instant messaging, VPNs, RSS, etc.)
I've been working with.
Next time I expect to say a little bit more about sys-admin stuff and
more than a little more about how all these things fit together.
(11/14) Small Successes and a New
Course
I said before
that I was overwhelmed by LDAP and that it fits a 90/10 rule, that
most of what is there will go unused. I could repeat and amplify on all that
after my last few days. This morning I was ready to give up, but
somehow didn't. After plodding through a couple of tomes, a dozen
LDAP "tutorials" and more utilities than I want to remember,
I succeeded in getting a working directory server based on
OpenLDAP, and had added a few
entries to the directory.
All of the books and tutorials seemed to omit key information, but
the union of the tutorials got me through.
The next step was to get e-mail clients to use the directory.
But I couldn't get Outlook Express to find any of the entries.
The success finally came when I tried Mozilla's mail client.
Then I went back to Outlook Express, figured out I needed to go to
the "advanced" settings to set a parameter, and O.E. started
working. Next (non-Express) Outlook, and it is working, too.
But these are small successes, and the best I can say for LDAP at the
moment is that it is still probably better than the alternatives.
LDAP is not focused on a "directory" in the pre-computer
sense, for example, the phone book,
nor is LDAP analogous to a file system "directory".
LDAP is more oriented toward displacing "/etc/passwd" in *nix
systems and equivalent primitives in other operating systems.
I still have a ways to go before I'll use LDAP regularly myself; in
particular, I need to figure out how to easily add/modify/delete entries
without resorting to an "LDIF" file and the "ldapadd"
command.
Before I recommend LDAP to others, I need to navigate through the
incomplete work on access control to figure out how a non-administrator
should access/add/modify entries.
But for now I'm relieved that I got this far, can step back from
LDAP, and get to the next items on my priority list.
(11/8) B.B. King & Slack Key & Back To
LDAP
In Legendary
R&B guitarist so happy to play the blues, Derek Paiva writes:
"It's not every day a Rock and Roll Hall of Fame inductee asks you to recommend a few slack-key guitarists he should have in his CD collection. But B.B. King (class of 1987) made me promise to do just that. ... "I like the sound, but ... I don't know who to listen to." ... "
Paragraphs later Derek answers "Oh, and about that promise,
sir? I recommend you start your collection with CDs by Gabby Pahinui,
Ray Kane, Sonny Chillingworth, Led Kaapana and Keola Beamer.
But remember, that's just my opinion." That's a couple
more players than my initial list, but those additions
look great to me.
This article resonates with me for lots of reasons. I listen to
slack key as much as any music these days.
I've been a B.B. King fan since I first heard him in the mid-60's.
One of my proudest moments as a musician was when
my band
was on the same bill with B.B. King in Houston in 1970.
Back to LDAP. I made good progress prototyping yesterday. I started reading
the tome
Understanding and Deploying LDAP Directory Services. I just
weighed the book: 4.5 pounds.
(11/6) Truth In
Naming
Most software is too complex.
The so-called "80/20 rule" is really the 90/10 rule -- 90% of
the users of a software application use less than 10% of the features.
It's not just the software -- the associated protocols and data
representations are comparably bloated.
Browsers, HTML and HTTP started out simple, exceptions to the 90/10
rule.
Their collective lack of complexity was a catalyst to the Web/Internet
explosion.
Naysayers said "too simple", but the populace said "good
enough".
A decade later, inevitable pressure for features has taken a toll,
but not noticeably in comparison to most software.
The other day I set my sights
on making LDAP (Lightweight Directory Access Protocol) more usable.
I've immersed myself in that pursuit and
been overwhelmed.
"Lightweight, my a--"!
If this is lightweight, we need weightless.
No wonder no one uses directory software and directories.
The "lightweight" started out as a comparision to X.500.
Probably still applies. Everything is relative.
Novell has been a leader in directory products, but the 90/10 rule
applies.
Active Directory doesn't have simplicity credibility, either.
Next step: try to prototype and subset something useful out of all of the
LDAP options. As an inventory of the options, and much more,
I've found Adam
Williams' LDAP
and OpenLDAP (on the Linux Platform) very helpful in sorting through
all the options. There are 402 charts in that file, so it is not
"lightweight". Though Linux-centric, it does touch on
Windows software, Active Directory, and non-Linux Unix.
(10/29) It's 10 p.m. -- Have you posted your
blog today?
You've read email today.
You've probably sent email today.
But if you're like most Internet users, you don't have a
weblog and wouldn't distinguish a 'blog from any other web site.
Irregardless, there are hundreds of thousands of active blogs and
millions of blogs total.
Until now, I've not called this site a "blog".
I've avoided the label, but the site fits the usual
definitions, especially now that I've added an
"RSS feed".
Much of the focus of blogs is cultural, especially the sites
with creators passionate as if their blogs were progeny.
That may be overstated, but thoughts along that line prompted
the "10 p.m." title.
Serious blog authors update their sites multiple times per day,
those who update less than daily seem compelled to defend their
"at least twice a week" committment.
Bloggers are passionate about what they have to say and reaching
an audience with their ad hoc journalism.
(i) The labelling and the passion have a downside to the extent that blogs
are treated as a category unto themselves instead of an organic part
of Internet communications.
(ii) Moreover, there is pervasively useful technology
underlying blogs:
- RSS feeds, used for syndication and aggregation of blogs,
are probably the most widespread application of XML.
- XML-RPC seems to have been primarily inspired by blog
requirements.
- XML-RPC and other aspects of blogs seem to have had a dramatic
behind the scenes impact on Microsoft's .NET initiatives.
I'm still sorting through what all this means to enabling better
Internet communication amongst small and medium-sized teams. As I
better understand what is happening with Chandler,
it becomes evident that they are heavily influenced by blog-oriented
technologies, and probably ahead of me in thinking about this.
(10/25) One, Two, Three... A Few
Dozen
I think I first became aware of the traditonal definition of
"google" (ten to the hundredth) forty years ago when I read
Gamow's One,
Two, Three... Infinity.
Similar to Chandler's
orientation towards small and medium organizations, much of my
my thinking is oriented toward software that facilitates communication
and collaboration amongst groups of "one, two, three... a
few dozen".
This is not just the sort of things Chandler aspires to, and not
just the media breadth I referred to before (publishing, photos and
video as well as interactive text), but also things such as
providing directories that are simple enough for everyone to use.
(That is probably not Active Directory or LDAP implementations in
their current forms.)
This probably DOES include "presence" in the IM sense.
I'm approaching this in a mathematically inductive sense, and
think I'm almost up to two or three (users).
(It works for one, maybe it works for
two, so it should scale to dozens?) I'm almost ready to write
a requirements document. I don't know if I will literally write
one, but being able to write one is necessary. I'm also ready
to do more prototyping. At the moment, making LDAP implementations
more usable seems near the top of the priority list.
(10/23) Chandler and/or Conan
Doyle?
In concluding "The Big Picture" in Mainstream
Videoconferencing we wrote: "But first, we seek
inspiration from Sherlock Holmes! In the early pages of "The
Adventure of the Cardboard Box," Holmes and Watson are sitting
in the same room. Watson believes that Holmes is not paying attention
to him. After prolonged silence, Holmes tells Watson what Watson
has been thinking, based on the visual clues from Holmes'
observation of Watson during the silence. Predictably, Watson is
amazed and Holmes represents his observations as "very
superficial."
Though fiction, the Holmes stories are replete with examples
of the usage of all senses, particularly vision, to gain
understanding. Attempts at a distance meeting with only audio seems like
sensory deprivation. This is a conscious phenomenon for someone used to
using videoconferencing. For others, the deprivation is no less
real, but less likely to be consciously recognized."
This week, Raymond Chandler's ears are burning, thanks to
the announcement of his namesake product
from OSAF.
I like much of what they are saying, especially today's
Chandler
Not Outlook Killer, After All?:
- open source
- targeted at small and medium organizations
- not having "the administrative burden of Notes or
Exchange"
- "empowerment through decentralization"
I've been thinking along related lines, but more broadly
regarding media (static publishing at one extreme, still images
and video at the other end) yet more simplisticly (less feature depth)
than Chandler.
Trying to understand OSAF's plans and relate them to my own
meanderings brought me back to Holmes and "The Adventure of the
Cardboard Box".
More next time.
(10/18) Public WiFi Privacy, Part
II
Part I set the
stage for discussing the state of VPNs. This is both highly relevant
and of broader interest, so please forgive me if I lose a little
focus. VPNs are relatively mature, increasingly common, and
sufficiently confusing that there is still room for new technology to
make VPNs more useable and more secure. There are at least four
approaches to encryption-based VPNs. (To me, private
networks without encryption are not VPNs, but others would count
things like MPLS, which I tend to ignore, as VPNs.)
- 1. IPsec
-
IPsec seems to dominate current thinking. IPsec is the most
comprehensive, the most widely implemented, but also
dauntingly complex. Unless something changes dramatically,
IPsec will never be something for ordinary users without administrative
assistance.
- 2. SSH/OpenSSH
-
SSH is a good option, and has plenty of advocates, but will
probably remain in the province of the "tech-nerds" and
those with administrative assistance -- it
seems unlikely that SSH will become pervasively useable. In the short
term, I suspect that SSH will be my best option for "Public
WiFi Privacy", but I need to do more testing before I'm
sure about that.
- 3. PPTP
-
The original, "legacy-Windows" versions of PPTP were both
insecure and unstable. Starting with Windows 2000, PPTP seems
stable, is relatively easy to configure and is relatively secure if
you disable the legacy options.
However, at least one public access environment
that I've visited seems to block the ports needed by PPTP, and
robust support for non-Windows platforms seems unlikely. (There are
non-Windows implementations out there, so I'll hedge and say
that PPTP might be the best option. But even Microsoft seems to think
otherwise.)
- 4. TLS/SSL
-
There is lots of activity in this area. I prototyped some code for my
own implementation of TLS-based remote access last year,
and keep thinking I'll implement a robust version
myself. If I do, it means I've reaffirmed my enthusiasm for
this approach.
(10/17) Public WiFi Privacy, Part
I
Privacy in Public?
- An oxymoron? Yes
- Achieveable via encryption? Yes
- Practical? Not yet
For WiFi privacy at home, I've done the simple things:
- Access point antenna located to minimize off-premises signal.
- Set non-default SSID
- Turned off SSID broadcast
- Filter out unknown MACs
- Turned on WEP
Someone with a good enough antenna and the right software on their
notebook could defeat all that, but I don't lose sleep over this
possibility (especially since I have better measures in sight).
At an airport, or a Schlotzsky's,
or a client's office, none of the simple measures help: 1
through 4 contradict the intent of public access, and impracticality
of key distribution eliminates WEP.
There are other options:
- VPN based on PPTP, IPsec, TLS/SSL or SSH.
- Application level encryption, email being the first
candidate.
- Wait for something better than WEP to get deployed.
Of these, only a VPN approach seems close to practical now.
"Close to" because there are plenty of challenges with VPNs.
But even those arguing against VPNs for WiFi security (for example,
see David
Berlind) seem to accept VPNs as the right answer for public access.
More on VPN approaches in Part II.
(10/16) Lull in PDA Phone market?
My Samsung
I300 has pleased me since I got it in February. This has been my
first PDA -- I'd waited until I could get Internet connectivity
without a big monthly fee. I mostly use it as a phone, but having
a browser, email, VNC, and an SSH client in my pocket is
very appealing. I've even started to use traditional PDA apps!
However, the I300 seems to have gone out of production, as have
many of the competing products. Checking out the wireless carriers'
sites this week, I found no PDA phones at all at AT&T and
Cingular, one Pocket PC phone at Verizon, one each of Pocket
PC and PalmOS at SprintPCS, and three (RIM/PocketPC/Sidekick) at
T-Mobile.
A couple of conclusions:
- Pocket PC phones are still way too expensive, but will become
more popular as prices drop.
- 16 bit PalmOS phones are history, but ARM-based PalmOS phones
may still compete when they become available.
(10/15) Aloha! Changes are afoot:
- hotlists has been
reorganized.
- A music section has
begun, starting with my favorite Hawaiian music.
More to come!
Security: Stop ignoring the obvious mistakes (ZDNet 9-19)
Navigating the Embedded Java Maze (SD Times 9-15)
10 choices that were critical to the Net's success (SiliconValley.com 9-8)
Remembering Vignette (Scripting News 9-3)
What PDA/phone can pass the test? (ZDNet 8-15)
Tech's 'dirty little secret'--cybersecurity (ZDNet 8-14)
Minding Your Language (SDTimes 8-1)
XML security: A who's who (ZDNet 7-8)
Hot Spots for WISPs (ZDNet 6-28)
Tempest in a coffee pot (ZDNet 6-26)
Watch this airspace (Economist 6-20)
Getting Started with C# On Linux (C# Help 6-10)
Campus WLAN Design (Network Computing 5-13)
P2P Makes a Corporate Play (ZDNet 5-7)
.NET: Microsoft's Enterprise Ticket? (ESJ 5-2)
Just How Trusty Is Truste? (Wired 4-9)
Apple Ties the Wireless Knot — Again (DDJ 4-6)
IBM's unfolding power play (ZDNet 4-3)
Dan Bricklin review of Handspring Treo 180 (found on useit.com 3-24)
Sun blinded by paranoia (Financial Times 3-13)
AT&T Privacy Bird (2-22)
Grid Project to Wed Web Services (NY Times 2-19)
Videoconferencing Snapshot (CHS 1-30)
Understanding the value of Web services (ZDNet 1-28)
Shadow initiatives: .Net and Java (ZDNet 1-24)
10 things Google has found to be true (Google Corporate Information)
Open source, standards and Windows (ZDNet 1-22)
The MIT Lightweight Languages Workshop (Dr. Dobb's Journal, February)
|
[koko] tales of sensory power in today’s worldNovember 26, 2024
USA choice: self-obsession or beacon of hope?November 4, 2024
always a technician – thanks to Mom & Uncle ClintJuly 8, 2024
[koko] rarely one to avoid controversy…May 28, 2024
[koko] knowing and accepting limitationsFebruary 6, 2024
[koko] keeping warmAugust 7, 2023
[koko] still learningJune 18, 2023
Roe is gone, one more roundJune 28, 2022
“just as good as Caruso” – props for Kim Wilson & Charlie McCoyMay 5, 2022
Mel West, engaging people to help people in NicaraguaApril 25, 2022
Glimpses from the Vulcan, 1969-70February 14, 2022
[koko] MISP 2022Janary 10, 2022
Why I continue to serve — I remember NicaraguaDecember 13, 2021
Making private 1960s and 70s recordings publicAugust 21, 2021
Jimmie Vaughan set w/ Storm track I recordedAugust 4, 2021
Celebrate Ramblin' Jack Elliott's 90th 91st 92nd 93rd birthday!August 1, 2024
[koko] LP digitizing milestone approachingMay 18, 2021
remembering Denny FreemanApril 28, 2021
[koko] Dell Unix sustainable!January 19, 2021
Computer Systems Performance ModelingAugust 25, 2020
Remembering RESQAugust 25, 2020
[koko] (welcome to …) eight Jurassic O.S. on 1992 Dell 486D/50September 26, 2019
[koko] reviving timbl's WorldWideWeb browserJuly 1, 2019
[koko] exploring NEXTSTEP 486July 1, 2019
1992 JAWS demo for Stewart CheifetMay 17, 2019
Let's start at the very beginning... 801, ROMP, RT/PC, AIX versionsMarch 8, 2017
NeXT, give Steve a little credit for the WebOctober 8, 2011
Mainstream Videoconferencing available againFebruary 14, 2008
A brief history of Dell UNIXJanuary 10, 2008
|