TSG infrastructure upgrade (part 1)

So I just upgraded our NT4 domain controller to Windows 2003 Server. We setup an NT4 BDC in VMWare and replicated the domain to it (in case of emergency). That went wonderfully (VMWare GSX Server is an amazing tool, BTW). Then we ran the upgrade, and our entire domain upgraded gracefully. Sweet.

The next step is moving to Exchange 2003. So far, this is tedious but going well... although the DHCP server is refusing to give out addresses while the AD Forest upgrades. I hope its just a load issue - if its more than that, I'm going to be here all night!
Mood: relaxed
Music: Server hum

Next Generation Secure Computing Base

I just read a
really scary article. I've had mixed feelings about Paladium (now
NGSCB) since I heard about it; in fact, while Stallman somewhat over
dramatizes the situation in Can
you trust your computer?, as in many things... he's apparently
right on the money.

Some choice quotes from the cited scary article; emphasis added is
mine, since I wanted to share the ooginess.

"Today most people who have a computer do not
really completely control their computer. They run a Microsoft
OS, and they will never put any sniffers on their connection to the
Net. Viruses, Trojans, and worms parasitize their machines. In
general, it is hard to get any Microsoft system to do what you want.
But some folk actually have pretty good control of their computers.
Palladium is designed to ensure the continuation of the situation
for most users, and to prevent the sale and use of computers
which can be controlled by the user. "Since today
Microsoft's control is not complete over machines running a Microsoft
OS, many home users copy and re-distribute popular songs, whose
copyrights the home user does not have. So the real issues are not
clear, and discussion of Palladium in most newspapers is centered on
political questions of copyright law and practice." - John
Manferdelli, General Manager for Windows Security, Microsoft.

Since I've quoted a fair amount of the article, fair use dictates
that I attack it. Looking at Manferdelli's statement, it is clear
that he is in fact talking about X issues:

• Copyright & Digital Rights
  Management.
  

  
  

• Restricting what you can run on your PC.
  

  
  

Dealing with these issues in order:

Digital Rights Management (DRM)
DRM has been tried in a
few forms, and generally gets cracked pretty quickly. MS are really
pulling out the stops with Paladium; they have invented “secure
digital path” technology for sound and video (in theory making
it impossible to rip DRM-protected media, or at least preventing
ripping while maintaining a high degree of quality). Ignoring
technical issues such as “will it work”, there are other
problems with DRM as a concept. In particular, DRM has no
understanding of “fair use” and other safeguards built
into copyright law. For example, if the linked article had been
protected by DRM, do you think that the Paladium system would
recognize my right to quote a large chunk of it for critical
analysis? Likewise, if I buy a DVD and want to back it up to my PC (a
perfectly legal task; it would be a copyright violation for me
to redistribute the copy), will Paladium recognize that right? If I
backup some data and need to read it years later, can I guaranty that
Paladium will even recognize my own right to my own data?
Finally,
why does the OS care what I do with my data?
Copyright violation is not a crime, violation is a civil suit –
with the copyright assignee having the sole power to pursue violators
(and only then for provable losses). Since copyright violation is not
a criminal act, Microsoft and other OS vendors at worst have common
carrier status in regard to violation: they simply provide a tool,
and that tool can be used for good or evil. By interjecting
themselves into this, and providing tools that both make life easier
for copyright holders, and infringe on every user's guaranty to Fair
Use, MS not only make themselves a target for deliberate erosion of
every user's rights, they also make themselves liable on one level to
copyright holders (actual liability is probably avoided in the EULA)
since they promise a solution to the assigned copyright holder's
problems.

There is an additional angle to DRM
that merits discussion. MS have indicated that they wish to limit who
can read documents. Imagine if Enron or a similar company had an
extensive signed-DRM system in place. Whistleblowers would have a
much harder time showing documents to the world if they were set to
be unreadable without an Enron-signed key! MS have talked about this
aspect of Paladium extensively, going so far as to have
Paladium-enabled documents not display when they do not have focus,
and screenshot blocking elements of the OS. I guess whistleblowers
will just have to buy cameras or use a printer!

Restricting what I can run
From
what has been released, Paladium relies on a private key embedded in
a PC's BIOS – in such a way that it shouldn't be accessible
through normal code. The BIOS can then refuse to execute OS code that
isn't signed as 'safe' (“signed by whom” is the obvious
question here, and one nobody seems to want to answer!). Does this
mean that users who wish to install Linux, BSD, or even a home-grown
OS (they exist, ask any embedded systems developer) will no longer be
able to do so (without some obscure 'crack')? That will annoy a lot
of enthusiasts, not to mention corporations who extensively use
alternatives. If this is too draconian, it could represent MS
shooting themselves in the foot; that's why I suspect a more gradual
adoption: the system will start with 'safe' defaults, and gradually
permit less and less over time.

There is actually
something to be said for the ability to restrict what can be run on a
system. You can do this already: setup Active Directory Group
Policies for your end users at work, and they won't be running
anything you don't approve of! This is a good thing. Applying a
similar level of control – but with MS in control, and not a
company admin (work)/enthusiast user (home) – and suddenly Pcs
are more like Xboxes... no more installing that neat game you found,
for example!
MS have yet to comment on how homegrown software will
work with Paladium. If the objective is to block all malware, then
software should only work if it is signed – which presumably
means that all software needs to be signed by a higher authority (who
have to check it, since otherwise malware could just be self-signed
and go on its merry way destroying stuff!). I'm really interested to
see how this will work.

Trusted Computing
Stallman's
critique of Paladium hinges on the word “trust”.
Amusingly enough, in security circles a “trusted system”
is one that if it fails you are in deep trouble. Presumably, “trusted
computing” is more an attempt to play on the cuddly aspect of
the word than a clever reference to the house-of-cards that is
network security. Historically, software has trusted its users. This
isn't always true (hence the proliferation of access control tools!),
but ultimately the software trusts the programmer and the
administrators who make it run. In other words, if I ask my trusty
FreeBSD server to run Qmail with my chosen set of patches it says
“sir, yes sir!” and tries to get Qmail running. The big
downside of this model is that if I were to make a mistake, the PC
would also say “sir, yes sir!” to a program functionally
equivalent to “rm -rf /” (i.e. delete all files).
Stallman, most of the Free Software community, and even my humble
self would argue that this is exactly how it should be (and that you
are dumb if you let your users have the permissions to delete
everything; the administrators however should be able to do so!). MS,
and Manferdelli would appear to disagree. In a Paladium universe,
the PC does not trust me – even though I bought it. If I try to
do something it has been told not to allow, I won't be allowed to do
it. That may be okay for game consoles (even there, I object on
principle; if I want to boot Linux on my Xbox, that's my right when I
pay for it!), but the strength of PCs has always been their general
purpose nature. A general purpose tool that won't let you play with
it is useless: you can no longer create new uses for the tool.

Finally, it has to
be said that I don't trust Microsoft to know what I should trust.

Mood: bitchy
Music: Joe Satriani - Surfing with the Alien

I wish I believed this quiz!

Apparently my kissing is....

You have an entrancing kiss~ the kind that leaves
your partner bedazzled and maybe even feeling
he/she is dreaming. Quite effective; the kiss
that never lessens and always blows your
partner away like the first time.


What kind of kiss are you?
brought to you by Quizilla
Mood: amused
Music: Kitty snoring

Rapier, eh? (I scored Katana but changed an answer!)

You are a rapier! You"re fast and very sharp.
your only weakness is that in certain
situations you can be thin and easily
breakable.


What kind of sword are you?
brought to you by Quizilla

Mood: tired
Music: Roxette: Cinnamon Street

Ah, sleep!

So the trick to sleeping turned out to be blanking my mind with articles written by Fabian Pascal. Pascal has some good things to say about database theory, but manages to be as interesting/pedantic as Henry Kissinger...

I'm awake now, and feeling a bit better. Sleep really was what I needed! Now I just need a semi-quiet day at work and to escape at a decent time... oh, and some breakfast!
Mood: calm
Music: None

Verisign are asshats

I really wonder whether Verisign are [incompetentstupid] (and therefore incapable of running a DNS registry), or [greedyevil] (and therefore unsuitable for running a DNS reigstry, let alone an SSL hierarchy of trust).

Verisign have modified their root servers so that queries to nonexistent domains no longer return "domain does not exist", but instead return an A record pointing at one of Verisign's servers. In English, this means that if you type in "www.verisignsuckdonkeyballs.com" into a browser, you will no longer get a 'no page' message - but you will hit Verisign's half-baked search engine.

Why does this affect me - or more importantly, why does it make me hopping mad? Ignoring the corporate greed aspect (typosquatting is illegal for some companies...), this breaks things on a fundamental technical level. Spam filters that check for the existence of sender domains are now all broken - because all .com and .net addresses will appear to exist. Worse, in the event of an MX record failing some MTAs fall back on delivering to a regular A record - which will show up as Verisign! So mail that would have been queued will now bounce (Verisign helpfully put up a daemon on their box to bounce everything; I'm not sure if that's better or worse than having them catch all the lost mail). There are also training issues: I know a few people who look for domains by typing ideas into a browser, and if nothing comes up they go to see if they can buy it. That won't work very well if you get a search engine redirecting you when you search! Likewise, diagnosing bad DNS servers is a lot harder now that all .com or .net DNS queries will give a reply.... dnsdoc, my saviour in the past, is definitely confused by these changes.

Fortunately, I'm not the only angry one. ISC, the people who make BIND (the world's most popular DNS server) have issued an emergency patch blocking Verisgn's behavior. The IETF and ICANN called Verisign's behavior a breach of RFC, although they don't seem willing to do anything about it. In a few hours, TSG and associated DNS servers (including mine!) will be upgraded - and I'll be able to ignore Verisign's idiocacy... as long as I'm at home. Without fundamental change at Verisign, we will face a cat-and-mouse war between those of us who use the Internet, and the idiots who see it as a cash crop...

In other news, I'm feeling a bit better - but a tad feverish, still. I haven't got much done today. Yick.
Mood: cranky
Music: Queen - Delilah

I'm really not sure that I agree with this, but...

You are Neo, from "The Matrix." You
display a perfect fusion of heroism and
compassion.


What Matrix Persona Are You?
brought to you by Quizilla

Mood: amused
Music: None

The more things change...

Despite my Master's in Defense & Strategic Studies, I really don't like war. Unlike many of the superhawks with whom I had the 'pleasure' of studying, I believe that while war is politics by other means, diplomacy is about achieving one's objectives without recourse to actual violence. In other words, a system of defense has failed when you actually need to fight.

Anyway, Matsuo Basho wrote a series of haiku about the 17th century wars of Japanese 'unity', and this one struck me as being particularly poignant:

The summer grasses
All that remains
Of brave soldiers dreams

-- Matsuo Basho

Mood: contemplative
Music: The Distillers - Gypsy Rose Lee

Shredded drives in NT4

The goods news: I'm feeling quite a bit better. A tad hungry, but better. :-)

So our venerable NT4 server finally exhibited hard drive problems (its been running for a really, really long time flawlessly - this was expected). I'm currently making use of NT's fault tolerant disk option to mirror the whole server to a new drive - and hopefully it will run for many more months. In the meantime, nobody in TSG can check their email (our paying clients are fine!). Its funny how timewithout email reminds one of how dependent upon it we have become... the buffer queue grows, and the consultants start to wonder if anything important is happening. Its good to know that I can induce neuroses in my coworkers!
Mood: relaxed
Music: All About Eve: Every Angel

Quizzes are addictive!

You're An Intellectual!
You can always be found reading or on the computer.
People always come to you when they need
information. You don't really care about love
at this point, your only goal is to improve
your mind. After all, knowledge is power!


What Type Of Anime Character Are You?
brought to you by Quizilla

Mood: accomplished
Music:

Movies...

Everyone remembers the 'faked-orgasm-in-a-deli'
sequence from your kind of movie When Harry Met
Sally. It seems that you're falling for a buddy
or have already fallen for them. Uh-oh. You're
probably caught between the possibility of
having a great relationship and wrecking the
one you have now. You know what they say, it's
better to regret something you did than
something you didn't do.


What Romance Movie Best Represents Your Love Life?
brought to you by Quizilla
Mood: bouncy
Music: Joe Satriani: Tears in the Rain

I love this movie!

The B-Movie That Suits Me Is: Mr. Vampire: Hong Kong, like Hollywood, is not known for creativity. Although similar to A Chinese Ghost Story, this movie is unique in many ways. Well written and played out, this funny horror is a true treat. Find out which b-movie suits you.

Mood: amused
Music: Led Zeppelin: Whole Lotta Love

I am popular science! Good to know...

What magazine am I? I am Popular Science: The only thing more exciting then the present is the future. I am always the first to hear about whats going on in the realms of human achievement. What magazine am I?

Mood: tired
Music: New Model Army: Never Going To Save The World

Its amazing...

... what a nap, a chocolate malt, and a brush with fuzzy cute hamstery goodness can do for one's mood. Suddenly, I feel human again!
Mood: relaxed
Music: Nothing at all

Transfiguration! It must be the ice cream!

You excel at Transfiguration. One of the most
dificult classes, you seem to be a natural at
turning a coke bottle into a homework pass.


Which Class at Hogwarts Would You Excel at?
brought to you by Quizilla

Mood: amused
Music: Bad Religion - Sorrow

UT2003

In my earlier update, I promised to talk a bit about UT2K3... and completely forgot to do so. Here are my views:

The Unreal Engine renders beautiful scenery, although I had to turn some visual details down to get a consistently high framerate (on my P4 1.6ghz, 512mb RAM, GeForce 4 Ti 4200 128mb). Some of the levels are really, really pretty - and really pretty big! The Unreal engine's handling of outdoor areas continued to impress, although it is still obvious that tricks are used to ensure that you can never see too far away (occlusion culling keeping framerates high); on the few levels where this isn't the case, framerate stutters. Sound quality is crisp (despite awful voice acting!), especially the music which is excellent (the intro music really made me want to play Deus Ex!). Control is reasonably sharp, but has the 'slightly squishy' feel that dogged Unreal 2 (but not the original UT); it is less like QuakeWorld's fast turns and tight air control, which is more realistic but also more frustrating.

The game itself is a mixed bag. Double domination (like Domination from the original UT, but tweaked) and Bombing Run (basically rugby with guns; it reminds me a lot of Urban Brawl from Shadowrun!) are both great, CTF is decent, and deathmatch isn't bad - but the squishy controls prevent it from feeling great. The instant action mode is nice. League play feels like a bad attempt to squash EA Games style management into an FPS; if the bot personalities were a bit more differentiated, it might be worthwhile. As it is, they universally suck - so it really doesn't matter who is on your team. In one Bombing Run game, neither side's bots ever actually found the ball!

Map design is mixed. All the maps are beautiful, but there are fewer 'flavour' maps than in the original UT; no ships, flying fortresses, or low gravity maps (at least that I've found so far). Maps instead focus on being balanced. This leads to solid, predictable games; fun, but not as fun as flying around a low gravity parking lot!

Weapons are a very mixed bag. The bio-rifle is back (ugh). The flak-cannon has a slightly less spammy spread than the original UT, but is still nice. The shock rifle is about the same as before, albeit slower moving (MUCH easier to perform combos!). The sniper rifle has been replaced with the lightning gun, the single most stupid weapon ever: its zoom is slow, it has a recharge time, and it looks goofy. It also seems to require less precision than the old sniper rifle, while having a little lead time on firing. So you are more likely to hit, but less likely to get a headshot. Sadly, a lone sniper can no longer hold a base in CTF!

Overall, this game would be good for $20, but isn't worth full price. It is a really hard product to place; it is heavily tournament oriented, quite balance obsessed - but lacking much required skill to make yourself noticed (lots of spammy weapons, reduced emphasis on headshots!). Epic have announced that UT2004 is coming out - maybe it'll be better!
Mood: geeky
Music: Ozzy Osbourne: Crazy Train

*NIX

I learned a lot from SunOS at college, and Linux at home. I love FreeBSD to death. But surely there is something wrong when this is considered intuitive syntax:

find . -type f xargs sed -i.bak "s/oldtext/newtext/g"
Mood: busy
Music: Sisters of Mercy: I Was Wrong

Object Relational Mapping (again)

So my ORM system was conceptually validated again yesterday, when I implemented the 'ledger manager' part of the TSG Office Assistant. It was really nice to simply inherit an object that understands the basic database primitives required for business logic, and completely avoid writing SQL in the presentation layer. It isn't quite model/view - I didn't formalize it to that extent - but it is nicely stratified.

I did some searching around for other object-relational systems for .NET, preferably a lot more advanced than mine - considering only free software (both as in beer and as in speech). I found two on SourceForge. NHybernate appears to be a dead project, largely because the designers tried to copy a mature Java project class-by-class, rather than realising that the .Net Framework and Java libs work very differently in some cases. It does serve as a great example of database-agnosticism, though. (Hibernate for Java appears to be a pretty impressive ORM system, although I think that I might get angry using it; it tries to abstract away all of the little databasey details such as when to cache and when to commit to disk!). A more promising contender - at least in that it is still alive - is OBJ.NET. This is based on OJB/Java, part of Apache. It exhibits some very nice design, including transactionality (with explicit commit), not saving until you mark an object as dirty, and cacheing. It also features some horrible database code (OLE.net only!), but the developers say this is due for fixing in a later release (it is still very pre-alpha). The XML mapping between tables and classes isn't bad, but it looks like it might add a bit more overhead than I would like. Definitely a project to watch!

This got me thinking about ORM in general. It seems to me that in a traditional n-tier system, several tiers are all struggling to gold-plate their job and take over - and fuzzy thinking has allowed this to happen. Looking at a typical 3-tier system:

• The Database Tier handles storage. At this level, you want normalized data, formalized set theory to ensure referential integrity, pure storage worries (replication, etc.). You may also want triggers to help keep everything in order (not strictly necessary if you implement referential integrity correctly), and stored procedures to ease/speed-up data access. In other words, just storage and related worries. (This should itself be broken into physical and logical storage, since the two are separate; fortunately, the DBMS should worry about physical for you!).
  
• Business Logic Tier. This tier typically needs code to talk to the database tier (preferably in an agnostic way in case the physical medium changes), code to talk to applications, and lots of objects encapsulating business procedures. Lots of safety net code is a good idea here, too, since apps programmers can and will break things!
  
• Application Tier. At this level, you worry about things like displaying data, having a user do stuff with it, and then sending the results back (via the business logic tier). Typically, you need a means of talking to the business logic tier, and lots of UI code.
  

The 3-tier model above makes a great deal of sense. It separates out three very different types of problem. So far, so good. Unfortunately, vendors just don't get it - and seem to be working pretty hard to make it easy to break this mold. For example:

• Oracle can run fully-fledged Java in the DB server; they even advertise that the database can "help your business logic layer". Likewise, SQL Server will soon be able to host CLR programs. MySQL - barely an RDBMS anyway - can already run C code locally.
  
• On the business-logic level, you need to resort to 3rd party items for truly seamless Object-Relational Mapping - or you need to waste scads of time writing plumbing on every project (in other words, the language vendors don't properly support the model they espouse, maybe because they want to sell bigger databases/database servers!). Worse yet, many business logic level applications become concerned with physical storage, particularly cacheing systems. Even worse - "object stores" designed to avoid having a relational database at all, save as a unit for storing BLOBs (binary large objects) holding serialized class data. You aren't going to get any benefit at all from your RDBMS if you don't let it do what its good at!
  
• On the application level, the sins are countless. .NET offers some really nice platform agnostic data handling - and then plugs it directly into user interface objects! You can wrangle it to require separation, but I've seen so many projects - particularly ASP projects - that embed some of the business logic IN the display logic that it isn't even funny. (PHP, ASP and similar scripting langauges are particularly prone to this). Also, there needs to be a way to have the compiler shoot a programmer who needs a quick query from the database - but doesn't want to go through all the tiers to get it - and decides to embed a direct statement in the display logic.
  

All of the above problems can be avoided by avoiding fuzzy thinking, and applying some discipline to development. Everyone has made at least one of these errors (myself included), and it is really easy to make them over and over. Vendors screaming and shouting about their latest solution to a nonexistant problem (ie. a way to break a rational system by offering shortcuts) certainly don't help. (The general disdain for applying scientific method to business computing doesn't help, either!)

What seems to be needed is an easy way to create formally-correct tiers from a logically-correct data representation. Ideally, I would be able to create a logical representation of the data I wish to store - and it would be created in an RDBMS (with full integrity constraints), skeleton object mapping code would be created for the business logic tier, and an easy way to expose objects to apps would be presented to me. Oh, and if the database changes - as we add more requirements (reqs. are never static in the real world!), I want it to update the framework without (substantially) breaking higher levels of the system. I can do all of this with separate tools and much time/effort - why isn't there a one-stop-shop, yet? Am I asking too much?
Mood: restless
Music: Robert Plant - Tie Dye On The Highway

DSL Hell

Last night's Mage game was a lot of fun. Daffyd got drunk, and hit a 'mummy' over the back of the head with a beer-bottle... and lived. He even managed to make a vampire frenzy and eat another vampire. Quite a productive night!

Today has, thus far, been somewhat less useful. Our CenturyTel connection was flaking badly this morning. Received mail was working fine (it automagically uses the other connection as needed), but not being able to deliver to remote servers had the Charizard queue growing by several hundred messages an hour. Fun! Anyway, by the time I'd failed everything over to the Tranquility connection, CenturyTel were fine again. Grrr.

Anyway, I learned a bit from this. No matter how nice your automated ping-failure detection, sometimes errors don't show up in ping times. DNS-based failover is nifty - with the right TTLs, you can keep downtime down to minutes rather than hours; combine with MRTG graphs, and you can see success/failure in near-real-time, too. Nifty. Also, DNS_Balance, by Hiroshi Yukota is sweet. x.farm.tsghelp.com redirects to a copy of Balance, which dynamically replies with either of our connections based upon a simple text file. That file is trivial to update (I'm working on scripts to do it automatically), and traffic gets directed as needed. Nice and simple, and its in Ruby so no buffer overruns!

My TSG database programming continues apace. Last night, I validated by LightWeightList design - it is MUCH quicker than DataSets, which is good. I should have a somewhat-working prototype soon.

Also, SqWebmail is a great product - fast and lightweight, but butt ugly. My new mission is to make it look prettier!
Mood: hungry
Music: New Model Army - Ballad of Bodmin Pill

.NET Framework 1.1

I upgraded the server to the 1.1 framework yesterday... and it looks like I have to go around switching off automatic validation of text boxes on projects on Monday. This blog is even a victim of an attempt to be overly helpful - everytime I try and include HTML formatting tags, the framework rejects it without even letting it reach my - perfectly safe - validation routines. Grrr.
Mood: geeky
Music: Inkubus Sukkubus: Wytches 2000

Conversations you can only have with Masons

Steve was chatting with some people from the Grand Lodge this morning about sprucing up their website. This is a Good Thing (TM), since it gets quite a bit of traffic and is starting to look a little dated. Anyway, one of the Lodge employees asks "So who did the Geocities pages we used to have?" We tell her. "Oh! He's going to die on Thursday, I'll talk to him then about removing them."
Steve and I sit in shock, the words WTF? floating above our heads.
Ceremonial death... apparently its a promotion. Phew!
Mood: bouncy
Music: Red Sky Coven - Home

Mystery!

One of our clients was broken into over the weekend: the front door lock was damaged (the police state that it appears to have been picked, which seems kinda odd for a double dead bolt!), the door to the server closet is lightly damaged (but was not opened - the thief didn't get in there, fortunately), all the workstations were powered up, seats and cushions were out of place. The really wierd thing: all the petty cash was still in place, there was no record of login attempts, no odd network traffic, and no apparent hardware changes (ie. no keyloggers inline, no visible network device additions). Very wierd. Who on Earth breaks into a rich charity, moves stuff around a bit, and leaves without touching anything?
Mood: confused
Music: Queen - Open Windows

Stupid Zip Library

The entirety of the missing field problem for the Masons turned out to be a brain-dead zip library that decided that a decent way to expand "50YrDate" was "_x0035_YrDate". Duh.
Mood: accomplished
Music: Incubus Succubus: Witch of Berkeley

Updated twiglets

So I just called the Student Loans Company. They had lost my address, lost any record of my deferral, and lost the fact that I don't live in the UK! Anyway, the bulk of my loan is now deferred once more. Stupid, stupid people!
Mood: working
Music: Dio: Throw Away Children

The twiglet zone!

(For non-UK readers, "Twiglets" are a long, thin pretzel, most notable for tasting of sawdust and repelling the Undead.)

The last 12 hours or so have been strange. After sweltering my way through a long day in an un-airconditioned office, I headed to Sonic with Kris. Last time I ate at Sonic I was really sick - so this time I avoided anything cheese-like, and survived! Pancake on a stick is definitely an oddity - take a regular sausage, wrap pancake around it, and deep-fry; the result is then dipped in syrup. Whacky, but tasty.

After Sonic, we headed to Wal-Mart, bought some acrylic paint, and headed out to John's house to paint Warhammer figures. On the way, the Red Peril (Kris' cellphone) goes off - and Eric "Gustav" Johnson is on the line! He went missing three years ago, and had been successfully avoiding every effort at finding him - and now he's back in circulation, and on his way to CoMo! So, we sat down and painted figures - my Dark Angels don't suck quite as much as they could, but they are definitely testament to my failing eyesight. Ah well, at least they look angry! Kris did a really nice job on most of her Dark Eldar. Towards the end of the evening, she went off to find Gustav, and I went to bed.

Sleep was very poor: Boda the Hamster was at her noisiest, knocking stuff over, dancing, making her wheel squeak, etc. - definitely enough to keep me awake! On top of that, I never sleep well with strange people in the appartment; for some reason, my system just won't rest until the second or third time someone has slept over.

Around 8 this morning, my Mother called my cellphone to let me know that the Twiglet Zone has now encompassed Glasgow - or at least the Student Loans Company. Everyone's least favourite quango has apparently completely forgotten that I have an address (to which they have written many times, and from which I have responded many times!), and instead decided to send mail to my mother - even though noone ever gave them her name, let alone her address! For some reason, they are sending me a collection letter - even though I filled in my deferral forms, etc. Wankers. I'll call them later today.
Mood: confused
Music: Incubus Succubus - Pagan Born

Well, ick

Nothing ruins an evening more than a dead pet. I just found our elderly rat dead. She was just fine when we got back from Waynesville, too. Ugh.
Mood: sick
Music: None

Waynesville and Back, .Net Remoting

Well, I'm safely back from Waynesville. We left late Thursday night (11pm or so - after Kris finished class, giving us both time to talk to our other significant others online). The journey wasn't some bad: we dodged some deer, managed to stay awake (note for future reference: starbucks energy drinks are weaker than my normal coffee!) - so it wasn't too bad. We arrived exhausted, and pretty much went straight to bed.

Friday (July 4th) was a mixed bag. It was hot during the day, as well as being really humid - so we lurked and watched Buffy for much of the day. Kris' Mom took us out for Mexican early afternoon, and I really enjoyed a Mexican ommlette (it made me very full, too!). Later on, Judy came over and we ate ribs, chicken, coleslaw and beans. The food tasted great, but was really greasy - so I couldn't eat very much, and it repeated for much of the night! Judy was talking a lot about her online gaming/chatting habit; I was overcome by a sense of dread as she started talking about how someone else she new could "make emotes in chat". Poor Kris was bristling, ready for the strike even more than I was. Finally, she asks "can you emote?" Ignoring the temptation to demonstate how bad I am at drama emoting (although my face is stretchy!), I tried to narrow the scope. Eventually, it turns out that in Yahoo! chat there is a method of emoting (that is, producing text along the lines of "Herbert strangles the stupid end user"), but it confuses Judy. Judy complained that when she examined it it was all gobbledegook, with thinks like "left bracket font right bracket some text left bracket" - stuff, and I quote, that nobody can read. (I write this in raw HTML, for the record!) :-)

Anyway, our brush with end users and an overdose of food hadn't left Kris or I in the greatest of moods. After more Buffy (waiting for darkness), we headed out to Rittle Bridge to set off fireworks. Kris's Mom brought along a lawn chair, and things should have been great... in fact, they started out pretty well, with lots of neat explosions, pretty lights and similar. Unfortunately, people started showing up - first a Sheriff (who was really nice!), and then some people making drug deals. Not good! We headed for the hills - and ended up in Walmart. As Kris pointed out in her blog, long periods of time in Wal-Mart are bad for me. General Waynesville-inspired-twitchiness, repeating food, horrid Wal-Mart light and an alarm that kept going off had me pretty close to the end of my tether. Nobody died, but I'm sure that I wasn't great company. :-(

After Wal-Mart, we went home, and went to bed. I slept surprisingly well until about 8am, at which point the dogs made sleep difficult by getting excited about, well anything, really. Not long after we got up, we drove home - a nice, uneventful drive. After that: a nap!

This afternoon, I've been experimenting with some C# programming. My programming has had two focusses: .Net remoting using semi-persistent objects with a PostgreSQL back-end, and creating a Windows Service.

Remoting with PostgreSQL Persistance

I was really torn as to how to approach this, and there isn't as much literature around on the topic as I would have liked. Remoting itself is easy: you build a marshalling object, make it available as a channel (using TCP binary channels, since I don't need webservices) and ensure that any object I send over the wire is easily serializable - about 5 lines of code on the server-side, and 2 (more if you want to tweak options, particularly for performance) on the client. Really, really sweet! The difficulty comes with deciding how to persist data. The options I could see were: (a) simply stream objects to a datastore, (b) write objects that match the back-end with load/store/storenew methods per object, and (c) the Broker/Controller model in which I stream DataSet and similar data types with all logic controlled from a Broker object on the server side. There are advantages/disadvantages to all three. (a) suffers from versioning issues - if the objects change substantially between versions, I have to figure out how to get the data out of the old binary format and into the new one. Ick. Even with XML transforms, that sucks - so i didn't go that route! (c) is what I tried with the last incarnation of the TSG Office Assistant; it works very well, but it is ugly, and I'm not sure I like having to rewrite huge chunks of code when the storage-tier changes. Also, DataSets are heavy, and DataSet updating proved to be less reliable than one would like; so I'm not pursuing (c) this time around. (b) suffers from creating a lot of objects, leading to heap fragmentation - and potentially poor performance under some circumstances. It also lends itself to elegant code; I greatly prefer having classes for each data item derived from an abstract class (forcing me to implement GetID/Store/Load/StoreNew, and adding serialization automagically). This is also the most OOP approach. So far, performance is good, the code is elegant (although I dislike writing all of the INSERT/UPDATE/SELECT queries and parsing necessary!). I'm thinking of adding unit tests into the mix, as opposed to broad testing. More on that in another update, when I've tried it!

Windows Services in C#

I always hated writing services (that is, processes that show up in Admin Tools->Services) in MFC/C++ - it was clunky and horrible! .Net has streamlined this process a lot, although it still isn't as easy as I'd like. The Windows Service Wizard creates the basic structure very nicely, but it completely skips the need for an Installer class - leading to services that work but cannot be installed/used without additional programming. Fortunately, I found some tutorials (via Google) that helped me figure this out. It is also clunky having to install services via the command line, and then attach to them for debugging - but it could be worse. I guess having service installation/uninstallation in the GUI could cause more problems than its worse - getting rid of rogue services in the registry is no fun at all.

On the upside, a windows service makes a great remote channel host - and performance is noticably better than a console based server.
Mood: curious
Music: Incubus Succubus: Goblin Jig

DNS Ickiness

If you can read this, then our DNS issues are largely fixed.

DNS is a clever system, with redundancy built in - designed to withstand major damage to the 'net. Unfortunately, it is also damned fragile to unlucky coincidences!

In this case, two bad things happened at once: New Franklin's firewall stopped responding (after a T1 outage - thanks, more.net!), and Network Solutions for some reason reverted ns4.tsghelp.com to the wrong address. This is bad, because one of ns4 and New Franklin have to respond for most of TSG's hosted services to respond properly! The result: about 20 domains are working sporadically, email isn't moving, and my hair is going grey. Yick.

Long term solution: TSG will be redoing a whole load of DNS. dns1 and dns2 will be in our office, on each of our lines. dns3 will be New Franklin, and dns4 will be over at Tranquility. Unfortunately, this will take 24-72 hours to take effect.

Short term solution: Why is it so hard to get New Franklin interested enough in their own net connection to have them reboot the damned firewall???? As soon as it is back up, everything else will resume.
Mood: frustrated
Music: Angry phone calls

MS Proxy Server

Sometimes, things work perfectly - and in doing so, they appear to have failed totally. Re/max's proxy server is today's example of this: it came under attack from a kiddie in Asia today, and the log files filled up with details of his attempts to get in. Filled up = several hundreds megabytes of data, enough to fill the partition. At this point, MS Proxy Server did what it is supposed to: it failed safe, and decided to deny every piece of data it didn't have an explicit 'approve' filter for (I could still administer it remotely). In failing safe, the SMTP Server, Web Service and Winsock Proxy Service all stopped (cleanly - nice!).

Now, for the end-user, this appears to suck: they can no longer access the Internet. From the point of view of keeping things safe, this is exactly what you want: the hacker gave up and went home, and restoring service was just a matter of moving the logfiles to a different server. Score one for Microsoft!
Mood: geeky
Music: None, I'm at work

UO Last Night

UO is like crack, only it doesn't have the beneficial side effect of weight loss. Still, it is very satisfying - and I guess it helps that it won't kill me!

Leoana is doing well in her quest to become a good miner/blacksmith. Her mining is now 83, and her blacksmithing is in the mid 50s - not bad at all, considering that I'm doing it by hand. Macros are evil, and all who use them shall burn!
Mood: sleepy
Music: Cows With Guns

Power

The whole Crum building just faced a 15 minute power outtage. No fun! One of our UPSes (the Belkin one) couldn't take the strain, and died after 5-6 minutes. It died cleanly, though - and our servers went down gracefully. The other UPS made the full 15, but I shut the servers attached to it down as a precaution anyway. Amazingly enough, everything that should have restarted after the outage did, with two exceptions: authdaemond, part of SqWebmail really doesn't like the rc.d mechanism in FreeBSD, and Apache on Charizard. The latter is pretty odd, but it turns out that Apache is helpless without a good DNS server - and our DNS server hadn't restarted. "apachtctl start" fixed that one just fine.

So all is well on the power front, at least for now. Hopefully, brown outs won't be too common this summer; last year, they hit Re/Max a few times, as the City of Columbia power completely failed to keep up with demand for air conditioning in 100F weather.

Ironically enough, one of our problem children is called "ipowerweb" - apparently, it is bad power day! They run Exim as their mailer, and it is setup really stupidly: when TLS is denied (for whatever reason), it refuses to deliver at all, rather than failing gracefully. This is permissable but stupid (it breaches ALL the mail RFCs that mention TLS) for an individual trying to make a statement about the need to encrypt email at the envelope level. This is really, really stupid for a hosting company given that about 80% of the world doesn't speak TLS - so mail to 80% of clients will not deliver correctly.

To add insult to injury, not only do their servers require TLS - but they require TLS with very specific protocol requirements (failing to fall back when their protocol of choice is refused), and simply timing out the connection if any sort of DNS mismatch appears. Stupid!
Mood: accomplished
Music: None

Ugh, morning

This morning wasn't bad, it just existed. Simply by existing, it was in the way! Roll out of bed, notice that Kris is still comatose, check email, get dressed, count coins, run to meeting. Sit in meeting, talk to Gary, Steve & Roxane. Find out that I have a 2pm meeting with Re/max. Ugh... long day, nothing billable! On the upside, it looks like TSG will be adopting a TSG-wide instant messenger to try and improve communication. Jabber looks like fun!
Mood: blah
Music: None

Mining

Leona, my UO blacksmith/miner on Chesepeake continues to develop nicely. Tonight, I managed to get her mining up to 82, and her blacksmithing up to the low 50s. The only annoying thing is that with such a high mining score, she's starting to get quite a collection of metals she can't even hope to use for quite a while - and they are gathering dust in her bank vault. Still, the blacksmithing guide at Stratics is proving invaluable; between following it (minus the macroing - macros are evil!), and fulfilling Bulk Order Deeds, I'm a happy crafter. :-)
Mood: content
Music: New Model Army: Small Town England

Lawyers and Episcopaleans, Oh My!

I woke up this morning convinced that I was late for an important meeting; threw on clothes, got to the bus station, called in late... and discovered that I had four hours to spare. So I crawled home, cleaned up, and dressed respectably (meeting lawyers requires that!). I quickly posted the West Missouri Episcopalean Diocese website, and went in flustered but at least looking okay. The meeting itself was boring, but at least they said 'yes' to our proposal of 'give us lots of money, and we'll use PostgreSQL+PHP to design you an Intranet'.

Tonight, I will play UO, add more to the site, and hopefully... SLEEP!
Mood: relieved
Music: Train, 4 Non-Blondes

HTML Textboxes

It turns out that AspUp's HTML TextBox really does not like Mozilla at all! So much so that when logged in as admin (and able to see the box), I would have junk all over the place. Oops. So, for now I've disabled it. That's probably for the best anyway - now I won't be tempted to use stupid formatting all the time, since I'll have to remember HTML tags!
Mood: blah
Music: Roar of a Compaq server

First Ever Entry!

Well, here it is: my blog. This is a bit more advanced than some blogs - it is entirely database driven (Postgresql on the back-end, .NET on the front), has a nice HTML editor for text input, and isn't too much of a pain in the arse for me to update. Hopefully, that gets rid of another barrier to regular updates; maybe one day I will run out of excuses, and have a site worth reading!
Mood: creative
Music: Queen - Scandal