You’ve probably seen it, but if you haven’t, check out Google Maps. I would not want to be working at MapQuest right now.
Category: Technology
Some notes on Apple’s new word processor/page layout software, Pages:
It is a decent enough word processor for pumping out text; it is a consumer-class page layout program that won’t fit the needs of anyone doing serious layout work. It’s been driving me nuts, trying to get stuff done in it. You can’t put borders around an in-line paragraph. You can put borders around a text box, but it’s all or nothing: you have four borders or none. You can’t shrink table row heights to an arbitrary size; there’s a fairly widely spaced point beyond which it will not go. You can’t delete a single page in the middle of, say, a newsletter. You can’t shuffle pages around.
All that said, it’s good consumer-grade stuff. You can do some fairly flexible things with layouts, including columns with individually controlled widths, multiple different column layouts on a single page, different headers/footers for even and odd pages, and so on. So it’s not a total loss, and it’s as good as anything for just writing in. But don’t expect to be formatting books in it.
For ten bucks less, you can get Nisus Express. Mellel is only forty bucks. On the other hand, for the $80 you pay for Pages, you also get a top-notch presentation program in Keynote.
If you keep a blog, this is important. You should read it and take heed. If you use Typepad or LiveJournal, you’re covered (or will be soon). If you use Movable Type, see this post. If you use Blogger or Blogspot… um, I dunno, but since it’s a Google initiative and Blogger/Blogspot is owned by Google, I imagine support will come pretty quickly.
Now, this isn’t going to stop spammers from spitting out comments all over your blog. It will make them less likely to benefit from those comments. It would be nice to think that less benefit means less spam, but let’s be serious — the people selling the software that generates this spam aren’t going to tell their customers that it’s a worthless activity. Still, you’re cutting back on whatever money spammers are making, and that’s a good enough reason to do it in my book.
The hot rumor is that Six Apart is about to buy Live Journal. That strikes me as a fairly bad idea for a number of reasons, mostly technological — if you’re not going to get economies of scale from merging code bases, then you’re setting up Six Apart as a conglomerate, and frankly Six Apart just isn’t big enough to support two completely divergent code bases and/or development teams. But if you do intend to merge the code bases, wow, that’s a can of worms which (IMHO) would bring new feature development to a halt for six months to a year, minimum, on both sides of the fence.
Now would not be a good time to slow down new feature development, what with MSN getting into the blogging mix, WordPress picking up steam, and so on.
There are also cultural/marketing issues, in that Live Journal is a community rather than a service or a product. That can be overcome with good PR and communications. Assuming Six Apart learned from the uproar surrounding their pricing announcements earlier this year, they’ll be OK in that regard.
“I used to be a contractor for Apple, working on a secret project. Unfortunately, the computer we were building never saw the light of day. The project was so plagued by politics and ego that when the engineers requested technical oversight, our manager hired a psychologist instead. In August 1993, the project was canceled. A year of my work evaporated, my contract ended, and I was unemployed.
“I was frustrated by all the wasted effort, so I decided to uncancel my small part of the project. I had been paid to do a job, and I wanted to finish it. My electronic badge still opened Apple’s doors, so I just kept showing up.”
Six months later, Graphing Calculator shipped with new Macs. This is how it happened.
So I had to send my laptop into Apple for repairs a month or so ago. My own fault: I dropped it. The next time I used the DVD drive, I noticed it wasn’t working. OK; I called Apple up and said “Hey, this happened, I need to get it fixed.” I kind of expected that they’d charge me for it, since chances are it broke when I dropped the laptop.
Nope. Since they didn’t catch it the first time round, they decided it was their fault and fixed it for free. I dropped my laptop in a box on Monday of this week, it arrived at Apple on Tuesday, they fixed it and sent it out on the same day, and it’s in my hands again on Wednesday. That’s what I call rapid turnaround.
Come to think of it, what I’d like to see in comment spam detection next is this algorithm: whenever three comments are submitted within an hour, and all three contain the same URL, add the full hostname in the URL to the spam filter list and notify me.
Yeah, it’s open to denial of service, but it’s a weak DoS in that anyone who’s denied service can get around it easily by not posting URLs with that hostname. And there are significantly more spammers than there are people carrying out DoS attacks on my comments.
cfengine is cool. I dug it. The tutorial was introductory and I was pretty sold on the concepts. If you already know about cfengine there is nothing useful for you in this post.
Cheap summary: a host is classified into a number of groups. Lots of classifications are automatic; there’s a linux group (any machine running linux), there’s a 129_120_10 group (any host on the 129.120.10 subnet), there’s a Hr02 group (any host running cfengine between the hours of 2 AM and 3 AM), etc. Why would you want that last? Maybe you only want to do some checks during that hour. Yes, this is yet another way to schedule periodic jobs in a manner that future sysadmins will be unable to find… but I digress.
You then can specify actions that should take place if a host is in a specific group. Some of the action classes are very generic — running shell commands, deleting files, checking permissions and owners of files, copying files from a central server, etc. Some are pretty specific — there’s a class that allows you to tweak the nameservers in /etc/resolv.conf. This will not work out so well if your nameserver resolver file lives somewhere else, of course. There’s a class that’s tuned for defining the NFS server from which a host mounts its mailspool. Cool but not necessarily of general use. However, there’s a class for editing files which is pretty featureful, so you can roll your own stuff as needed.
It kinda runs under Windows if you have cygwin installed. Hm.
It reminds me of the system we used at AltaVista, but it is substantially more featureful.
Our VoIP/Asterisk tutorial is going much more quickly than the presenter expected. This is not unusual for first-time presenters. Asterisk is pretty interesting, but shows signs of being an open source project. Hm — OK, some sample configuration file stuff:
exten => s,73,Playback(thank-you-for-calling) exten => s,74,GotoIfTime(6:01-18:00|mon-sun|*|*?s,76) exten => s,75,Goto(s,78) exten => s,76,Playback(have-a-great-day-goodbye)
In theory, the template is something like exten => <exten>,<priority>,<application>(<args>), but it’s been brutally extended into something that looks alarmingly like BASIC. See the line numbers masquerading as priorities? It looks like it was originally just a simple method of specifying extensions, but grew like kudzu. Soon there’ll be m4 macros for building these scripts which masquerade as configuration files.
My Monday LISA tutorial was on system log aggregation, analysis, and statistics. mjr taught it, and he’s as good a public speaker as ever. Also the topic was pretty damned fascinating. I’ll be dumping a pile of links into del.icio.us sometime soonish now.
Highlights, some of which are significant and some of which are just cool:
You can set up an invisible loghost. What you do is you specify a non-existent host as the loghost on all your DMZ servers. You’re gonna need to manually stuff an entry into the arp table so that your DMZ servers will blithely send syslog packets off into thin air. Then you hook the real loghost up to the DMZ with no IP address in promiscuous mode. Run tcpdump on it to capture all the packets, and write some cheap perl to strip syslog payloads out of the captured packets.
Or use mjr’s plog instead of tcpdump, since it’ll automate all that complex stuff for you. Neat.
Artifical ignorance. Cute term. It’s basically the same rule of thumb as “block everything, then permit what you want” but reversed. “It’s interesting unless I’ve explicitly said it’s boring.” At a very basic level, it looks like this:
First seen anomaly detection. It’s sort of like artificial ignorance, but different. You alert every time something completely new appears in the logs. There is a tool for this, also written by mjr, called NBS (Never Before Seen). It uses Berkeley DB and is very fast. You feed it input for a specified dataset and it tells you if it’s seen that particular chunk of input before. It can report on its database in a bunch of useful ways.
Example: record DHCP servers giving out IP addresses. (Sample string after a bit of log parsing: “10.0.0.10 gives IP 10.0.1.1 to MAC 0:2:2d:10:10:10”.) If a new MAC address shows up, it’ll be flagged by NBS as a new chunk of input, because that string is guaranteed to differ in that case. If an old MAC address gets a different IP address, that’ll show up too, but only the first time it gets that particular IP. As a bonus, you’ll find out if any new DHCP servers show up. Pure gold.
Another example, which happens to be the first use I thought of: turn it loose on my HTTPD log files. Filter said log files for referrer and URL pairs; report the first time a new referrer/URL pair is seen. I have something like this in place now but it’s written in perl and it’s fairly fragile; this will be better.
Or just dump URLs into the database. “Hm, someone just tried to load /cgi/foobar.exe for the first time; looks like a new exploit.”
So yeah, a very cool tutorial. I’m all jazzed about the possibilities. Check out his web site on the topic.