Community Matters

While I was gone K2 heard about a new restaurant in town, Sel Gris. So she made arrangements to have our very good friend Denise come over and watch the kids and made reservations for us to go explore.

All I can say is YUMMY! We sat at the bar, overlooking the open kitchen and saw Chef Daniel Mondok work right in front of us. To quote “everything is better with butter”. And he’s right - the food was amazing. I had sweetbreads with an egg yolk in cake batter as starter, K2 had foie gras. Simply wonderful. After that I had three different preparations of beets and K2 had a delicious endive salad. And as main dishes we had duck breast with mushrooms and rice and salmon on risotto with shrimp (gee - that sounds so mundane - I didn’t steal a menu so I can’t reproduce the correct description of the food). Triple chocolate mousse and an assortment of sorbets closed the dinner.

I’m not a food writer, I can’t do the food justice with words. You’ll have to come and eat (and see) for yourself. It was truly fantastic. And we already made reservations for a second visit - there’s too much left to explore on the menu (with a clear view of the kitchen we got to see many delicious looking dishes - very very tempting).

I love my life!

Thanks for visiting!
I hope this was helpful - if not, please leave a comment and let me know why! Were you searching for something else? Did I miss an important aspect?

This took longer than I thought. Inertia. It’s a bad thing. The blog, mail server and everything else was sort of working (if slowly) on the old laptop. So I never had a lot of pain that would make me jump up and make all the changes to the infrastructure that I wanted to make.

But finally after more than a month I think we are getting there. Now we have an ancient x86 laptop (sounds like a theme, doesn’t it? I think this one is an original Pentium M Banias at 1.4GHz) running as firewall/router. It cleanly separates the external network (including the wireless cloud that I have our neighbors on) from the internal network and the DMZ. I started with some very basic (and very restrictive) Shorewall rules and slowly and carefully opened those ports and connections that I really needed.

Behind that sits an upgraded Mac Mini (hooray for eBay and the online instructions that tell you how to open and expand the Mini) running an Intel Core Duo T2400 at 1.83GHz with 2GB of memory (this used to be a low-end 1.5GHz Core Solo with 512MB). And the PowerBook G4 as backup server in case I need to take the Mini off-line for something.

All three systems are running Debian Etch with the latest patches and some backported newer components (for example a 2.6.23 kernel and a newer version of SpamAssasin and Shorewall than are currently available in Etch).

And while I was at it I upgraded the second Mac Mini as well (similar specs, only the second cpu I got through eBay was a T2300 at 1.66GHz) and am running the latest pre-release of OS X Leopard on it. Nicer than Linux as a client. But I’m very happy that my whole server infrastructure is back on Linux - much easier to work with and much easier to keep up-to-date.

I was running this blog (and a couple of others, as well as a mail server for a few domains and a few misc other things) on a Mac Mini Core Solo running Mac OS 10.4. But as much as I like OS X as a client OS - for a server it’s just more trouble then it’s worth. Yes, I can get most open source unix software for it, but then I need to maintain all this manually (OS updates just bring security fixes for the software Apple provided - so you keep having to look to make sure you are running the latest versions of everything else). And with the artificially messed up file system structure and some of the very odd defaults that Apple picked… I simply decided to give up.

Right now I am in the process of migration - and in order to make this smooth and easy and not to risk prolonged downtime, I decided to do this as a two step process. First migrate the server onto a different system running Linux, then once everything is tested and works and all data has been transferred, install Debian on the Mac Mini and transfer the server duties back to that (I just love the Mac Minis as servers - fast enough for a low traffic site like this and cool and quiet).

What are we running on right now, you ask? A PowerBook G4 12″ running Debian Etch ppc :-)

My apologies if the server feels a little slower than usual…

There were many very interesting talks at DefCon. Definitely worth the price of admission - actually, if I compare the $100 for DefCon to the several hundred and often more than a thousand dollars that other conferences charge, I have to admit that it might be the best conference in term of value for dollars that I have attended in a long time…

One of the highlights today was the talk by Oskar Sandberg about “Network Mathematics: Why is it a Small World?”. Here are two of my favorite quotes: “… for some definition of ‘most’, which is different from most definitions of ‘most’” and “Not knowing how to count is a basic skill if you want to be a mathematician!”

Before people wonder - I have a degree in math…

I’m at DefCon in Las Vegas. One of the more interesting conferences, if I may say so. Cash only - no name on your tag - the organizers actually don’t want to know your name at all; that way even if someone were able to force them to release the list of attendees, they simply couldn’t do it. Neat.

And the things that you can learn here are interesting, too. Lockpicking. How to get into WEP protected wireless networks. Why the security model of web browsers is fundamentally flawed. How to detect if your ISP is routing fairly or whether they are doing traffic shaping. Lots of cool stuff.

Oh, and there’s an interesting warning on their web site. Yes, there’s a free wireless network. But it is not recommended to connect your computer to it, unless you are ok with hackers breaking into the computer and potentially installing software on it… very cute!

Overall it is clear that the sense security of most users of the internet (and of other technologies like Bluetooth or RFID) is completely unjustifiable. Thankfully the people here are the good guys. But of course that makes me wonder what the bad guys can do…

Ok, it’s been way too long since I posted here. Even though according to Feedburner this blog has 151 subscribers (clearly a bug in their algorithm). Anyway… this was too cool not to post about, especially since a ViC-20 and then a C-64 were my first two computers in high school…

A Wordpress C-64 Theme. Priceless.

Yeah right. And pigs fly.

Or so I would have said until very very recently. And here I am, posting comments on Intel’s Opinion Center on /.. Crazy. And in a weird way, fun.

So far the comments are actually closer to a conversation than to a flame-fest. And with some heavy guidance the geeks have managed to get the marketing folks to take it easy. It’s early and I reserve the right to adjust my view on this after some more experience, but maybe this isn’t all bad (hey, I’m trying to keep my enthusiasm at bay here…) :-)

Take a look and let me know what you think!

It’s just driving me insane… now my brand new MacBook Pro (Core 2 Duo) is broken. After an hour or so, its keyboard and touchpad stop working. If I connect a keyboard / mouse via USB everything is fine, but the built-in devices are simply dead.

Karen must be right - I have bad Apple karma or something; it is just astounding how frequently Apple hardware breaks for me.

So after my personal blog I now also moved the technical blog to WordPress.

As in the first case there are again a few things to point out:

• in order for existing links to continue to work (and search engines to continue to be able to find old postings), the old blog will stay online, but won’t be updated anymore. In order to get to the Community Matters blog in the future you’ll have to use the new URL http://www.hohndel.org/communitymatters.
• if you are using a feed reader like Bloglines or Netvibes or if you are using the RSS readers built into modern browsers like Firefox or Safari, you’ll have to resubscribe to this blog. I know that’s a pain, but given the way Wordpress creates the feed, trying to use ModRewrite to make this happen automagically turned out to be a lot harder than I thought. On the plus side, you can subscribe to the nice new Atom feed (which most of those readers should pick up by simply clicking on that link Update: it seems that some readers want this as http reference instead of a feed reference as in the previous link - please try either).

Any problems, issues, complaints, compliments, praise, concerns for my mental health, etc… please leave a comment on the new site using this link.

This will also be the last posting to the old Blosxom blog. :-)

Wow, now that I have the blog at Intel, I seem to be writing less here again. Go figure…

As I mentioned in my personal blog, my Mac Mini died a sudden and untimely death yesterday morning. And that Mini (Intel based, of course) has been the server for both email and blogs here at hohndel.org. Oops.

While I wait for the Mini to be fixed, I decided to migrate everything to my desktop system (a G5 Dual-Core PowerMac). Getting the web server up and running was almost trivial: make the system have an alias on the correct internal IP address (the one that the firewall sends all external traffic to). Since I used that system as my internal “staging area” for the blogs everything else was already there.

Getting the mailserver set up, however, was a different experience. For the Mini I had simply paid ten dollars for the very well done Postfix Enabler. That sets up both postfix and an imap daemon. But since this was going to be a very temporary solution, I figured I’d just hack it myself (after all, I had set up postfix on Linux many many times).

Since anything on the web tends to stay around, let’s start pointing out that these comments are about Mac OS X 10.4.7 (the latest version of Tiger as of this writing).

The oddities begin with the firewall setup in the System Preferences. There are no default settings to allow smtp through (nor domain name service, which was the other internal service I had to enable, but after opening that port in the firewall that was fairly straight forward). Adding them isn’t hard, but it seems like something Apple should add a default for.

In order to set up postfix as a simple recipient for my domains and as a simple forwarder using my ISP’s relay-host was easy (just a few edits to the postfix/main.cf file) and worked right away on the localhost interface. But any connection attempt to one of the external addresses of the system failed. I checked and re-checked postfix/main.cf. And it literally took me an hour to figure out that there was a second set of entries at the very end of the file for some of the key variables under the heading THE FOLLOWING DEFAULTS ARE SET BY APPLE. And those overwrote the setting for inet_interfaces that I had changed earlier in the file (at it’s normal place in the file).

I already complained to an Apple software developer whom I know, but please, if any of you know someone inside Apple’s software team… please tell them to fix this (or at least add a pointer to that location at the end of the file in the part of the file that documents each of these options).

Needless to say, after that change everything worked smoothly. I’d just like to prevent anyone else from having to waste their time.