Today I cycled a few miles on the levee. It reminded me that the romance of the Mississippi river is one of the big reasons I like New Orleans.

On this side of the levee, there is a track where trains move containers between the docks and shipping yards. Today there were two trains moving stuff in opposite directions. I rode a few hundred yards just a few feet from one of the trains. You can feel the massive power as you ride beside several tons of steel. It rumbles.

The Jungle over the LeveeOn the other side of the levee, it is pretty wild in some places. Between the levee and the river, it ranges from swampy to woodsy. A boy could have a lot of fun down there. My three year old had fun when I took him down there. We looked at the barges tethered by there long steel cables (as big as his arm) and pretended to run from the “Indians”. Along that side of the levee, you can get the feeling that Huckleberry Finn could still ride his raft down the river and, except for the fact that the steamboats would now be non-existent, replaced with other more modern ships, he would have much the same experience.

I’m starting to cycle again (besides my commute to work) because I weigh about 20 lbs. too much and I was reminded by a recent article in the Times Picayune how much energy cycling can burn (sorry, link will expire as there is only 14 days worth of archiving).

On the ride today, I noticed some things that need to be done with my bike. I plan to do some of those with my kids.


Here is a copy of a great article from the Wall Street Journal titled IP: the web runs on love, not greed. The internet is an amazing success:

Why don’t we see this miracle? Because large amounts of money can obscure larger evidence. So much money flew around dot-coms, that it hid the main event on the web, which is the exchange of gifts. While the most popular 50 websites are crassly commercial, most of the 3 billion web pages in the world are not. Only thirty percent of the pages of the web are built by companies and corporations like The rest is built on love, such as or The answer to the mystery of why people would make 3 billion web pages in 2,000 days is simple: sharing. While everyone was riveted by the drama of companies such as, we overlooked the steady growth of enthusiast sites and governmental depots such as Usenet and, to name some larger ones.

How disappointing… I can’t point you directly to Tina Cassidy’s article in the January 3rd issue of the Boston Globe on beards. It contains this quote:

Those who don’t [shave] choose not to for a reason, conscious or unconscious.

Well, of course!

I, for example, cut myself when I shave. My brother started shaving when his girlfriend said she thought he would look better beardless. Since shaving takes more concerted, consistent effort than not shaving, a more interesting question would be “Why do men shave?”. Another priceless quote that must be taken out of context (surely they are referring to the beardless men):

The gesture of changing one’s face is simply too powerful to be strictly conscious.

Uh… Aren’t those who shave the one’s who are changing their face? Beards, if I recall, are a natural occurance on men’s face.

Anyway, I wonder what Dave Winer would think of the article, especially given that he is a man of many opinions and that he has a beard

I’ve been wanting to move to LDAP-based backend for email and authentication. For the longest time, I was stuck on the idea of using Cyrus IMAPd — the server is the basis for much of what is done with IMAP. However, although it is designed for large sites, it is not designed with virtual domains in mind. I was so stubborn when it came to using Cyrus that I even looked at embedding a Perl interpreter into Cyrus to help it at the Authentication/Authorization stage. It worked — somewhat. This is impressive because I am not a C programmer. It is a huge credit to the authors of the documentation that comes with Perl. I certainly have very few qualms now about embedding Perl wherever I feel it would help me.

Still, for all my stubbornness and grunting, Cyrus wasn’t designed for virtual domains. It is a bit too monolithic as well, which makes it less flexible. After looking a bit, I dug a little deeper into Courier IMAPd and found that it would do what I wanted and it is packaged to do what I want out of the box on Debian. And, although there is a Courier SMTP server, I decided to stick with Exim since it already has Perl embedded and, as a result, allows an enormous amount of flexibility.

Last night, I successfully got Courier IMAPd up and running. Since it authenticates using an email address for the username, it is perfect for virtual domains. I was a little leery at first, but it turns out that the Authdaemon backend (which supports LDAP) actually works quite nicely.

It is all maildir, though, so that will be a change for our shell users. (Though, technically, I could allow them shell access to mbox mail or POP/IMAP access to maildir mail.) The stats seem to show that only Jeff and I really use the shell access, so I’m not really worried about that, though. New shell users (if we get any) will have to use a maildir client.

Since I have that done, I plan to write up the plan for transitioning to Debian tomorrow, test it this week and execute it next weekend.

The major changes that will be happening are:

  • Move from FreeBSD to Debian
  • LDAP-based backend.
  • Kerberos support implemented.
  • Virtual domain support for email.

All this should be transparent to the end users if it is done right. Which is why I’m writing up the migration plan and testing it thoroughly.

Since I’m busy implementing LDAP v3 as the backend on for authentication and such, I thought I would get a IANA Private Enterprise Number in case I want to create any schema.

Well, I finally got it yesterday. My OIDs will be prefixed with and my IPEN: 12038.

Woohoo! Rafe Coleburn pointed to me!

He makes it sound like I was one of those involved in the recent hack related to the court case, but I wasn’t. This all happened a couple of years ago. And he is absolutely right that it is a good thing they didn’t panic — we’ve seen what happens when big organisations panic.

I did call up an old co-worker there after writing that up and he said that yes, they were off the net. Not a good thing with a big lease sale coming up.

I hacked

Now that a judge has banned the DOI from the ‘net because of how easy it was to attack them, I can reveal that I was an inside hacker at the DOI.

A little over-the-top, I know, and since everyone knows how easy hacking the DOI would have been it doesn’t really merit that kind of build up, but back when I worked at MMS as one of their UNIX sysadmins, I, being a foolish, consious person, decided to run a port-scan on the network. Now, being foolish, I didn’t discuss this with anyone — they would just tell me to stop. And, as further proof of my foolishness. I decided to scan the entire class B subnet that the DOI owned, not just the segments used by MMS. Finally, I put it in a cron job so that it would run every Tuesday.

Now, this is all looks pretty stupid in hindsight. Especially the cron job. But the reports I was getting back were facinating. For example, the story on what the investigators found reveals:

Certain Interior computers were also running web servers, file transfer programs, remote access servers and other technologies that could allow anonymous access by outsiders.

It was all these machines I was seeing. Hundreds running default IIS installations (from 2.x on). Printers with web interfaces, routers, switches — you name it, I saw it.

I was just curious, but even unrestrained curiosity can be dangerous. The people at Indian Affairs noticed problems with their mainframe and were finally able to track it down to my machine — to me.

They told me that the portscan crashed the mainframe’s TCP/IP stack (which indicates a fragile stack that needs to be patched, really) every time it ran. Not too surprising since I was using the default scan mode of nmap — hit thousands of ports in rapid succession — instead of any of the more stealthy methods. But how did they find me? Their logs showed attempts to access rlogin and rsh — two ports out of thousands.

Yes, I learned quite a few things from that episode, not the least of which was Don’t portscan using nmap’s default settings.

More from Rafe Colburn’s blog: ‘New’ U.S. War: Commandos, Airstrikes and Allies on the Ground

I’ve argued before that if we were going to fight in Afghanistan, we should have put our own troops on the ground. I thought that the “Bomb from the air, use the Northern Alliance on the Ground” was a bad strategy for achieving our ultimate goal — capturing bin Laden — and that it gave the Northern Alliance too much say in the post-war government. From what I’ve read, the Northern Alliance is, at best, marginally better than the Taliban.

So, it was with some interest that I read this piece in the New York Times about this style of fighting. They talk about the good points and the bad points of this style of fighting, but this sentence caught my eye:

But the American strategy also had a decided drawback: the decision to let proxy forces bear the brunt of the ground fighting may have allowed many Al Qaeda and Taliban leaders, and possibly Osama bin Laden himself, to escape.

In my mind, this calls the whole operation into question. Why were we there in the first place? To capture bin Laden, if I recall correctly. The Taliban refused to hand him over, so we had to go in with some force to get him.

While we succeeded in taking the Taliban from power, we evidently won’t be able to bring any of the leaders of the Taliban to justice. Though we did succeed in hitting a couple high-level people in the Taliban with our bombs, the head seems to have escaped.

But, I assumed this was just a side-show on the way to get bin Laden. At least, that was what ostensibly provoked this whole action, right? To me, the end result of this war seems to be helping the Northern Alliance

bin Laden’s apparent escape (for now) only serves to reinforce my pacifist leaning tendencies. Some will say that even if all we did was depose the Taliban, that is a good thing. To me, though, this looks like a diversion — we went for bin Laden, not the Taliban. The Taliban, terrible as they were with their barbaric torture, wasn’t the government that slammed those airliners into U.S. buildings.

Yes, I’m glad that the Taliban won’t be able to torture people any more. But how do we know that the new government in Afghanistan is going to be better? Is the U.S. going to actively support U.N. involvement there to ensure humane conditions for everyone?

My paranoia says it is in the government’s interest for bin Laden to remain free — they need a bogey man to fight, to ensure patriotism, etc. There hasn’t been much worth fighting for since the end of the Cold War, so now we’ll all have a rallying cry.

But I only think that in my more paranoid moments…

In an entry about the way government works in the U.S., Rafe Colburn says:

In a way, this should reassure us, I think. Regardless of whether George Bush or Al Gore won the election back in November, things were going to continue basically as before. In another way, it should scare the Hell out of us. We vote for this person or that one, and the bottom line is that a bunch of people we don’t elect determine how the government really affects our lives.

This is exactly why I don’t vote. Too much inertia. I care, but I don’t vote. Unfortunatly, I’m also lazy so I don’t vote in local elections, either.

Perhaps if I could care more about the national elections I would vote on the local level. I guess, though, that what really strikes me is the people who live outside of the local area but commute in (and thus can’t vote) and the way they complain about local politics. Their local politics are mostly dull (read: reassuringly so), but they are also largly irrelevent because what happens in the city has a bigger effect on them than their local politics.