![[SJF Logo]](../../images/sjflogo.gif)
My favorite low-end router is the Netopia R series (mine is an R9100), and it supports IPSec VPNs. I configure enough of these that I can more or less get it right the first time, but customers have a harder time of it. So I decided to write a small "wizard" web application that computes the whole set of entry parameters given the few key inputs: a customer has tried it and seems happy with it.
I expect to extend this quite a bit, but for "beta testing" I can let the world see it.
Unixwiz.net Netopia VPN Wizard
Feedback welcome.
I am terribly disheartened that so many *ix zealots are so blinded by their hatred of Microsoft that they cannot engage in any kind of honest debate. Yes, there is much to to dislike about Microsoft, and if anybody wants to believe that on balance, Microsoft is evil or bad or whatever: that's fine. Want to break up Microsoft? Great. Want Bill Gates in jail? I can live with that. Microsoft sure as hell doesn't make themselves easy to like.
But when this hatred becomes so ingrained that one cannot even have a narrow technical debate without getting "Yah, but Microsoft sucks" in response, this is blind zealotry.
The Register ran an excellent piece on some of Microsoft's internal memos about their experience converting Hotmail from BSD to MS Exchange, and unlike most MS-vs-*ix discussions, this one had technical details that were simply delicious.
"A Windows server out of the box is an elaborate system. Although it performs specific tasks well (such as being a web server) there are many services that have a complex set of dependencies, and it is never clear which ones are necessary and which can be removed to improve the system's efficiency."They are singing a popular song here. How many of us NT admins have looked at the dozens of services running on a new box and thought "How in the hell do I know which ones I can turn off without breaking something". This is a nightmare, and *ix systems have a much more transparent set of dependencies, making it dramatically easier to "just try it". Furthermore, *ix systems make it easy to configure one global set of services at startup time (by simply replacing the /etc/rc.d tree with rsync) - this is hard to beat.
The previous bit was a technical discussion, and at no point did we use the words "monopoly", refer to Bill Gates, or make this about a great conspiracy to crush open source or rip off the consumer. Even a Windows lover would have to grant that the point had merit without having it undermine his whole case. All parties learn something by this kind of rational discourse.
But let's take a different point that some could argue is in favor of the Windows platform (there are plenty of them, and it doesn't matter which one is chosen) -- is it possible to have a rational debate? In many cases the answer is no. The all-too-often approach is to treat a narrow technical discussion as attempting to "defend Microsoft ripping off consumers", so the merits of the narrow issue are completely ignored. It doesn't matter which side one comes down on the narrow issue - opinions will vary - but when the response is "Yah, but Microsoft sucks" it's pretty clear that the person simply is unable to engage in a rational debate.
Granting a narrow technical point does not undermine one's argument: instead it shows an intellectual honesty that makes one open to the evidence. It is entirely logically consistent to grant Microsoft broad "points" in technical areas but be revolted by their business methods, but to presume that the second obviates the merits for discussion on the first is blind zealotry.
A friend of mine does logo design, and I'm always amazed when I see talent for things I'm lousy at. Visit Ovations Design for excellent branding input. I wish I needed a logo.
Many observers of the fight against spam bemoan "collateral damage", the blocking of "valid" emails, but much of this criticism is misplaced. Though content-based blocking (alá SpamAssassin) is likely to block valid emails with no upside, the same cannot be said for the blacklists based on pinpointing insecure or spam-friendly servers. Blacklists like ORDB or MAPS RBL+ block based on mailserver IP address, and in these cases, "collateral damage" is a feature.
The only way to pressure people who run insecure servers to clean up their acts is to make it painful for them to be bad internet citizens. Perhaps they don't care that spammers are using their computers to relay trash to everybody else, but if people they care about stop accepting their mail, perhaps they'll be moved to act.
Most sites that have open relay have no idea, and they only find out when ORDB blacklists them. Then their mail is refused, and those who look at their mail logs can see who's gotten bounced. I wrote a small ordbscan tool for just this purpose, and I have a customer who's gotten quite a few business partners to secure their machines. This would not have happened without the blacklists.
If somebody complains about content-based blocking eating their mail, this is fair, but whining about IP-based blocking mostly reflects self-inflicted damage.
I can't believe that I'm using my weblog for a music entry, but this is too fun not to talk about. On public radio the other day I heard about this song that's a runaway hit all over the world except in the United States, and this lack of American airplay was the story.
Three daughters of traditional flamenco guitar player Tomate formed a group, and their name "Las Ketchup" is obviously playing on the name of their father. The girls are very cute, they can sing, and the video is fun to watch. The song is in Spanish, and the chorus is in made-up, nonsense Spanish: this allows one to make up anything one wants while singing aloud.
The web site is at www.theketchupsong.com, and the video is provided in several formats.
I'll be tapping my toes to this for weeks.
Either I've got a seriously confused Windows 2000 installation or Internet Explorer has gotten really bloated.
Looks like I have a wipe-and-reinstall in my future :-(
I've been setting up and administering UNIX systems in Southern California since 1985, and several current customers run SCO UNIX as their main production machines. I have long wanted to migrate them to Linux - SCO has the worst compilers on the planet - but I can't do it. It's not about "open source" or support or anything else obvious. It's the LP Spooler.
System V has a sophisticated line printer spooling system, and it supports per-printer "interface scripts" (shell scripts) that process user-provided options and construct the stream that talks directly to the device. Many of these scripts are quite sophisticated, and after 15 years of development, entire operations depend on them.
Of critical importance is the ability to pass options from the "lp" command line to the interface script, and these options are defined by the script itself. A typical System V lp spooler command line might be:
here, and "-oduplex" and "-o4up" are meaningful only to the particular script associated with the printer of interest, and some scripts take dozens of custom options as required by (say) an accounting package.
$ lp -oduplex -o4up file.txt
Linux mostly has the really crappy Berkeley LPD system, and though there are provisions for custom scripts, there aren't really any good ways to pass in user-defined scripts. There are much more full-featured printing systems (CUPS, for instance), but none of them take a System V interface script. This means that no matter what road we go down, significant re-engineering is required.
I have at least three customers that I would dearly love to convert to Linux, but this LP thing is the hangup. At some point I'll probably write a front-end that does the options processing and simply presents the final data stream to lpd, but this requires work I can't really bill for since I'm the one pushing for "open source".
Suggestions welcome.
I've never been much for online music (famous SJF quote: "multimedia is an abuse of bandwidth"), but after playing the same 100 songs over and over on my (100% legal) playlist, I decided to try Music Match's "Radio MX" service - I love it.
For $40/year I can stream damn near any kind of music I want, and so far the "New Age" selections have all been exactly what I like. I'm not much of an audiophile, so even the low-quality settings are plenty good for me. I'm amazed how little bandwidth this uses.
For as much as I sit in my office working, a dime a day for a way to expand my music horizons, this is a bargain and a half.