From Halley’s Comment:

With a resident 5-year-old, you’re either trying to do too damned much, or just having too damned much fun.

So true. It’s 11:15 and I need to be up at 6 and I haven’t been getting enough sleep. I’m going to bed.

Since I’m in a writing mood, a quick comment about New Orleans politics. In the past couple of years, there has been a bit of ruckus about the payroll system that the public school board put together with Oracle’s help. Instead of out-sourcing payroll like any sane corporation would do, they spent a few million dollars to beta test there own system on the teachers. Since so many people (including a friend of mine) didn’t get paid or had the withholding done wrong, there was a lot of negative publicity about it. Oh, and the school board also lost almost all the people they had trained in Oracle (probably because those people soon learned they could double what they were making elsewhere).

That, of course, led to payroll snafus — like the superintendent’s father, a janitor, being paid more in overtime than any principal in the system got.

More great grist is provided by the mayor, Marc Morial, who recently attempted to get a third term by requesting an amendment to the city charter just for him. Today, in an op-ed piece, James Gill recounts a recent Sewage & Water Board meeting on the privitization that they Mayor is pushing. People had questions about why the Mayor was trying to make the privitization happen so fast, but Morial couldn’t be bothered with all the questions and responded “We do not appreciate being consistently and constantly questioned.”

And they wonder why we can’t attract any businesses to New Orleans.

Today I cycled a few miles on the levee. It reminded me that the romance of the Mississippi river is one of the big reasons I like New Orleans.

On this side of the levee, there is a track where trains move containers between the docks and shipping yards. Today there were two trains moving stuff in opposite directions. I rode a few hundred yards just a few feet from one of the trains. You can feel the massive power as you ride beside several tons of steel. It rumbles.

The Jungle over the LeveeOn the other side of the levee, it is pretty wild in some places. Between the levee and the river, it ranges from swampy to woodsy. A boy could have a lot of fun down there. My three year old had fun when I took him down there. We looked at the barges tethered by there long steel cables (as big as his arm) and pretended to run from the “Indians”. Along that side of the levee, you can get the feeling that Huckleberry Finn could still ride his raft down the river and, except for the fact that the steamboats would now be non-existent, replaced with other more modern ships, he would have much the same experience.

I’m starting to cycle again (besides my commute to work) because I weigh about 20 lbs. too much and I was reminded by a recent article in the Times Picayune how much energy cycling can burn (sorry, link will expire as there is only 14 days worth of archiving).

On the ride today, I noticed some things that need to be done with my bike. I plan to do some of those with my kids.

Here is a copy of a great article from the Wall Street Journal titled IP: the web runs on love, not greed. The internet is an amazing success:

Why don’t we see this miracle? Because large amounts of money can obscure larger evidence. So much money flew around dot-coms, that it hid the main event on the web, which is the exchange of gifts. While the most popular 50 websites are crassly commercial, most of the 3 billion web pages in the world are not. Only thirty percent of the pages of the web are built by companies and corporations like pets.com. The rest is built on love, such as care4pets.com or responsiblepetcare.org. The answer to the mystery of why people would make 3 billion web pages in 2,000 days is simple: sharing. While everyone was riveted by the drama of companies such as pets.com, we overlooked the steady growth of enthusiast sites and governmental depots such as Usenet and nasa.gov, to name some larger ones.

How disappointing… I can’t point you directly to Tina Cassidy’s article in the January 3rd issue of the Boston Globe on beards. It contains this quote:

Those who don’t [shave] choose not to for a reason, conscious or unconscious.

Well, of course!

I, for example, cut myself when I shave. My brother started shaving when his girlfriend said she thought he would look better beardless. Since shaving takes more concerted, consistent effort than not shaving, a more interesting question would be “Why do men shave?”. Another priceless quote that must be taken out of context (surely they are referring to the beardless men):

The gesture of changing one’s face is simply too powerful to be strictly conscious.

Uh… Aren’t those who shave the one’s who are changing their face? Beards, if I recall, are a natural occurance on men’s face.

Anyway, I wonder what Dave Winer would think of the article, especially given that he is a man of many opinions and that he has a beard

I’ve been wanting to move everybody.org to LDAP-based backend for email and authentication. For the longest time, I was stuck on the idea of using Cyrus IMAPd — the server is the basis for much of what is done with IMAP. However, although it is designed for large sites, it is not designed with virtual domains in mind. I was so stubborn when it came to using Cyrus that I even looked at embedding a Perl interpreter into Cyrus to help it at the Authentication/Authorization stage. It worked — somewhat. This is impressive because I am not a C programmer. It is a huge credit to the authors of the documentation that comes with Perl. I certainly have very few qualms now about embedding Perl wherever I feel it would help me.

Still, for all my stubbornness and grunting, Cyrus wasn’t designed for virtual domains. It is a bit too monolithic as well, which makes it less flexible. After looking a bit, I dug a little deeper into Courier IMAPd and found that it would do what I wanted and it is packaged to do what I want out of the box on Debian. And, although there is a Courier SMTP server, I decided to stick with Exim since it already has Perl embedded and, as a result, allows an enormous amount of flexibility.

Last night, I successfully got Courier IMAPd up and running. Since it authenticates using an email address for the username, it is perfect for virtual domains. I was a little leery at first, but it turns out that the Authdaemon backend (which supports LDAP) actually works quite nicely.

It is all maildir, though, so that will be a change for our shell users. (Though, technically, I could allow them shell access to mbox mail or POP/IMAP access to maildir mail.) The stats seem to show that only Jeff and I really use the shell access, so I’m not really worried about that, though. New shell users (if we get any) will have to use a maildir client.

Since I have that done, I plan to write up the plan for transitioning everybody.org to Debian tomorrow, test it this week and execute it next weekend.

The major changes that will be happening are:

  • Move from FreeBSD to Debian
  • LDAP-based backend.
  • Kerberos support implemented.
  • Virtual domain support for email.

All this should be transparent to the end users if it is done right. Which is why I’m writing up the migration plan and testing it thoroughly.

Since I’m busy implementing LDAP v3 as the backend on everybody.org for authentication and such, I thought I would get a IANA Private Enterprise Number in case I want to create any schema.

Well, I finally got it yesterday. My OIDs will be prefixed with 1.3.6.1.4.1 and my IPEN: 12038.

Woohoo! Rafe Coleburn pointed to me!

He makes it sound like I was one of those involved in the recent hack related to the court case, but I wasn’t. This all happened a couple of years ago. And he is absolutely right that it is a good thing they didn’t panic — we’ve seen what happens when big organisations panic.

I did call up an old co-worker there after writing that up and he said that yes, they were off the net. Not a good thing with a big lease sale coming up.

p5rn7vb

I hacked DOI.net.

Now that a judge has banned the DOI from the ‘net because of how easy it was to attack them, I can reveal that I was an inside hacker at the DOI.

A little over-the-top, I know, and since everyone knows how easy hacking the DOI would have been it doesn’t really merit that kind of build up, but back when I worked at MMS as one of their UNIX sysadmins, I, being a foolish, consious person, decided to run a port-scan on the network. Now, being foolish, I didn’t discuss this with anyone — they would just tell me to stop. And, as further proof of my foolishness. I decided to scan the entire class B subnet that the DOI owned, not just the segments used by MMS. Finally, I put it in a cron job so that it would run every Tuesday.

Now, this is all looks pretty stupid in hindsight. Especially the cron job. But the reports I was getting back were facinating. For example, the story on what the investigators found reveals:

Certain Interior computers were also running web servers, file transfer programs, remote access servers and other technologies that could allow anonymous access by outsiders.

It was all these machines I was seeing. Hundreds running default IIS installations (from 2.x on). Printers with web interfaces, routers, switches — you name it, I saw it.

I was just curious, but even unrestrained curiosity can be dangerous. The people at Indian Affairs noticed problems with their mainframe and were finally able to track it down to my machine — to me.

They told me that the portscan crashed the mainframe’s TCP/IP stack (which indicates a fragile stack that needs to be patched, really) every time it ran. Not too surprising since I was using the default scan mode of nmap — hit thousands of ports in rapid succession — instead of any of the more stealthy methods. But how did they find me? Their logs showed attempts to access rlogin and rsh — two ports out of thousands.

Yes, I learned quite a few things from that episode, not the least of which was Don’t portscan using nmap’s default settings.