Mac@Work : The Ultimate Business Machine

The
Ultimate
Business Machine

Technology, business
and innovation.

And, not least, about
the Mac.

Weblog • Archive • Cutedge

by: Bernard Teo

Tue 05 Feb 2008

Pain

Category : Commentary/pain.txt

Talking about pain, there's a very good book for aspiring high-tech or IT entrepreneurs to read to get a feel for what they're going to be in for - the book is called, "Founders at Work". Here's an excerpt :

At an HBS (Harvard Business School) reunion, we had a roundtable for all of us who had been entrepreneurs, and one of our professors asked, "What didn't HBS teach you about this?" And I said, "Pain."

I only remember one class that came close: the professor walked out of the class with tears in his eyes, having recounted the story of his friend who had started a cable company, and it destroyed his life, destroyed his family, and moved him to a place where his life was a waste of time. That was the only indication I had at HBS about how painful this is.

"Go out and be entrepreneurs" - that seems to be the government's message of the day. Mostly, it is people in safe jobs telling others to go out and do their thing. As if you can just turn on the tap.

It could be a great life. But it could also go oh so wrong. Imagine spending ten to twenty years pursuing a dream and ending up in a street corner muttering to yourself. There but for the grace of God, go I.

Okay, so the country, any country, would need entrepreneurs. But let's not hear it from those who couldn't or wouldn't do it themselves. Listen to those who have. And survived.

And it may be that you come to realise that the words of The Desiderata have more meaning, and value, than any number of government handouts, when you're struggling to survive.

Posted at 4:47PM UTC | permalink

Mon 04 Feb 2008

MailServe for Leopard 3.0.4

Category : Technology/MailServe3dot0dot4.txt

As promised, I've released MailServe for Leopard 3.0.4, with the Mail Queue feature from Tiger re-instated.

It should have been easy, right, just getting the features from MailServe for Tiger over to Leopard?

It's not so easy.

The one thing that MailServe for Leopard has, that the one on Tiger doesn't, is the ability to allow the mail server to be administered from a non-admin account, so long as you can provide an administrator's credentials.

I used Apple's security framework to do that. Among its benefits is that, next time, I could plug in an alternative method to do the authentication, e.g., via a smart card or any of the emerging biometric methods, and all other things in the code should still work. And I'm one step closer to being able to support remote administration of the server. Plus, I don't need to store the password. I don't want to have anything to do with people's password. I just pass it on to the authentication mechanism.

But one thing that Apple's recommended method of implementing the security framework also does is that it interferes with the workings of Postfix's postsuper command, which is needed to delete messages in a queue. I just can't run the postsuper command now.

But I'm loathed to lose all the benefits that I've gained so far.

So, what to do? That was why I couldn't do this feature the last time round. I didn't have the time, in all the mad rush to get MailServe for Leopard out to all the guys who needed the mail server running again within a day of Leopard being released.

Even now, it took me three, four days to figure out a way.

So how did I do it? I answer with a laugh that comes from deep in the belly. A laughter born of pain. To all the people who're "not so jazzed up" about having to pay for MailServe for Leopard again, since there are "no new features", I can now afford a wry smile. If only it were that easy...

I can move on to the new features now.

Posted at 2:56PM UTC | permalink

Mon 28 Jan 2008

DNS Enabler for Leopard, version 3.0.3

Category : Technology/DNSEnablerForLeopard3dot0dot3.txt

Leopard uses BIND version 9.4.1-P1, whch is set up by default to disallow recursive queries from outside the subnet that the server is on.

So, I've built a new version of DNS Enabler for Leopard, version 3.0.3, that allows the user to change this behaviour (by clicking on the "Allow recursive queries from outside subnet" checkbox, below).

I've also updated all the screen shots on the DNS Enabler for Leopard web page today.

For a future version of DNS Enabler, I'd like to work on allowing a variety of BIND options to be set from the interface, like Log Level, etc, and also to see if I can implement views, so that you show the local IP address of a host name to queries coming from the local sub-net, and the public IP address to queries coming from the public network. This is going to be more intricate, so I'll need a bit more time to think about it.

For MailServe, I'll need to put back one feature from Tiger that is missing from the Leopard version due to the lack of time - i.e., the ability to flush or delete a message from the mail queue. I hope to do that by the end of the week, and then, after that, to really get going on the Dovecot version.

For WebMon for Leopard, I'd like to add the ability to set up Virtual Hosts, while still being able to set up SSL for the main domain. Wonder if that's possible to be done?

So, broadly, these are what I would be working on. There's more to come, of course, from my ever-lengthening to-do list (which I would try to publish, one day) but, for now, one step at a time.

Posted at 7:17PM UTC | permalink

Tue 22 Jan 2008

10,000 Customers From Around the World

Category : Commentary/10000customers.txt

We have 10,000 unique customers from all around the world. Somehow I thought that when this day comes I'd be ecstatic, that it'll really mean something to have crossed this mark. Strangely, it's just another day.

Maybe it's because I've reviewed the To-Do Lists and I'm feeling grim because there's so much more to do.

Ever wondered why artists are such depressed people? It could be the awareness that there is something missing, that the world is still not quite right that propels the search for a solution. It's the agony and the ecstasy - one or the other - there's nothing in-between.

Posted at 4:55PM UTC | permalink

Thu 10 Jan 2008

Things to Do

Category : Commentary/ThingsToDo_Leopard.txt

I've just gone through my lists of things to do for each of my application - MailServe, DNS Enabler, and all - and updated them with the feature requests I've received since Leopard shipped.

I started compiling these lists since before Leopard shipped but it was a hard task already just recovering every feature that used to work in Tiger and making sure they continue to work in Leopard that I needed to leave out work on the new features for the moment.

Even then I left one thing out in MailServe for Leopard - the managing of the mail queue - and the users weren't slow to let me know.

And I knew I was going to have to allocate energy for this big move to our new place in December.

So that's all done and out of the way and so I hope to be able to move on quickly to those unfinished business.

Now that I've got my books surrounding me, or at least the books I don't want to sell or give away, I feel I could stay in this room the whole day just working on things.

I don't believe in Feng Shui, I find the so-called Feng Shui masters accompanying property buyers and prospective tenants to be rather unsavoury characters, but I believe there is a feel or aura attached to each place, and it's important to test that feel against the conventional logic of a property acquisition - weighing location, costs, convenience, etc. Some places you feel immediately at home with, some places never.

I'll try to put up the To-Do Lists soon so people can make suggestions to add to them.

Posted at 3:32AM UTC | permalink

Tue 08 Jan 2008

"A house is a machine for living in.”

Category : Commentary/HouseMachineLiving.txt

I've finally settled in at my new place (though I've still ten boxes of books downstairs in the shop space that I don't yet know what to do with - perhaps I should just start a second-hand book store). It's been hard - I was wondering why this move was so hard, harder than I've ever experienced before, when I realised, of course, I was moving both my home and my office, together for the first time, and it's what I'll probably be doing for the rest of my life, having an integrated work-life, and that I'll be moving both my home and my work life together, wherever I would be going next. And so I've been paring down on all the junk, jettisoning all that's not essential. And it's been exhausting and time-consuming, but I think I'm ready to get back to work now.

It's Le Corbusier who said that "a house is a machine for living in”. And so it is. I'm surprised to find ourselves liking this place quite so much. As you come up the stairs from the shop space below, you're hit by so much light you think you've left the lights on. But it's all streaming in from the window.

And you feel the wind, not just the breeze, as you walk towards the window, and you know somehow, somewhere there is water, and so there is.

This could be probably be the coldest place in all of Singapore. For the first time ever, for a very long time, I could sleep without air-conditioning, and if I do my work in the kitchen at night, with the wind in my face, I would need a sweater.

The wind is good here. Good enough, and space enough, for wind surfing and sailing. So they're building a jetty where it's currently boarded up by the green hoardings. And they're building new tracks for the cyclists, skaters, joggers, etc, to bring the people closer to the water.

This is a most peculiar place. At the front, from the hall, and from my kid's room (and it's such a big room we could all sleep in it and we do) we look out into the park and it's mostly quiet and it's like a resort.

But at the back, the kitchen looks out over the back-entrance to a 24-hour foodcourt, so there's life round the clock. There's grime, sweat and noise. Contractors loading pipes, traders loading rice sacks and jars of sauce. Lorry-loads of them. It's not where one would like to park a BMW. And we live right next to a rag-and-bone lady. Although we worry about rats, etc, if we have to live next door to rag-and-bone person, then we're glad it's her because at least she's neat, and there's a story in there somewhere.

She works till 3 a.m. every night. Right now, it's pouring and the stuff she's collected are all drenched and our heart goes out to her.

So, that might answer the question why not more people do what we do, i.e., choose to live in such a place. People take one look at the scene at the back and it's like living in a hovel. Yucks. No thanks.

But if you trace back the ideas that went into mass-produced public housing, you'll reach back eventually to Le Corbusier, and the idealism that underly it all. Like Corbu's Unité d'Habitation, if we think different for a moment, we can find beauty if we look past the surface ugliness and the brutality of the concrete. (Like the way a Bernini can see a St Theresa in a block a marble.)

Posted at 6:29PM UTC | permalink

Sat 08 Dec 2007

Way Stations

Category : Commentary/WayStation.txt

I've got a change to make in MailServe and one to DNS Enabler. And I've got at least tacit permission to use Dovecot in MailServe for Leopard and so I'm looking forward to working on it. But all these have to wait till after Christmas because I'm moving house. In another week, we should be done with the renovation at the new place and be ready to move.

I hadn't planned on moving this year. We bought an apartment to move to at the end of next year (it's still being built). Both my wife and me had felt that we would rather spend more time on our respective work than tending to the garden and killing the weeds and removing the awful droppings from the stray cats (somehow they all seem to love coming over to our garden). But Singapore is experiencing, right now, one of its periodic irrational exuberance over real estate and we got an offer for our house that we'd be rather dumb to refuse. So we took it and found this shop house that overlooks the Bedok Reservoir.

There's plenty of green, nice trees, birds, a serene lake-view, and the perfect place to run - 5 km around the reservoir. And we're on the Singapore Park Connector, which connects the major coastal parks on the eastern side of Singapore over 42 km. Great for cycling, too.

There's a 680 sq-ft working space on the ground floor for our office - with a lovely 15-foot ceiling. And we live in the two-bedroom residence upstairs. So, we may stay here for the one year, or even longer if it turns out to be fun.

It looks perfect. Which leaves me wondering - with the residential real estate prices overtaking the all-time high, and with office rentals having more than doubled - why did no one else try to combine the two - buy something like we did? We'll know very soon - if people know something that we don't. Anyway it is, at worst, only for a year. I'm game to try anything. So, yet another way station on the road less traveled.

Posted at 2:55AM UTC | permalink

Sun 11 Nov 2007

From Postfix Enabler to MailServe for Leopard

Category : Technology/FromPFEToMSL.txt

While re-reading the previous post about testing MailServe for the Leopard 10.5.1 Developer Build, besides spotting a couple of grammatical errors (a weblog is performance art - mistakes are part of the art), I realised I forgot one huge chunk of the testing process - outgoing smtp, i.e., the process that sends mail out the server.

How can I ever forget that? This was the other bug I spotted on Leopard and it was only corrected at the very last developer release.

I couldn't get outgoing smtp authentication working on Leopard for a very long time. This is the process that authenticates your server with another mail server that you are trying to use as a Smart Host, so you can relay mail through it and not have your mail (coming, as it is, from a dynamic IP address) flagged as spam.

I needed to use this feature myself, so I set to debug it doggedly. Then I found it was due to a couple of files missing on Leopard and reported that as a bug and, thankfully, that was fixed by Apple in time for the final release.

So I test it now. But first, check that the domain name works by hitting the web server. Always check that you can actually hit the server, either via the web browser or via the command line by pinging it, before you move your mind onto the mail server. I can't emphasise that enough.

I have an image I hold in my head of problem solving as a series of concentric circles. Every step you take must shrink the number of possibilties, the number of possible errors, that you have to consider. Otherwise you're going backwards. With every step you take, the possibilities must converge, so you get to the point, eventually, where you're able to decide that it's probably this, or that, but no other. So the decision as to which step to take, among the many, is very important. Take the step that reduces the number of possible outcomes. I've found that when people come to me to help them debug their systems, most of the time I'm actually helping them devise a problem solving strategy. It's nothing more than that.

I first test that I can send mail out without using a Smart Host. See? Don't complicate things. Be patient. Take the step where the outcome tells you something definite - that you have a working smtp server that knows how to send mail to another mail server (even if your mail gets rejected eventually due to its contents, or due to the prevailing anti-spam rules at that particular receiving mail server). If you didn't even get this to work, there is no point testing against a smart host, with all the attendant complications with the authentication parameters.

Even if you're having to use the Smart Host feature because your ISP is blocking port 25, you can check that your mail server is actually able to send mail out by using a test setup on your local network, using local private IP addresses instead of domain names.

So if you're able to send mail the default way, next, make the server go through a smart host. If you know an smtp server that'll allow you to use it as a smart host without authentication, so much the better, test against it.

That worked, so I test against a server that does require my server to authenticate against it. And then I test it with SSL.

Because I have two broadband lines coming into my home, I do all my tests against my own live server (cutedgesystems.com) on which I can set all sorts of conditions to act like any smart host would.

So, everything seems to be working on 10.5.1. But of course, I have to test it all again when the "real" 10.5.1 comes out for everyone.

So, I'm thinking. It really is a disadvantage calling my application Postfix Enabler, when it does so many other things beside enabling Postfix. It's like, I have the temerity to charge for something that others offer for free. But are they? Offering the same things, I mean. But like my auntie always tells me, life is too short for one to be resentful. It's a beautiful day out there. I have a date with my wife :-)

Posted at 5:44AM UTC | permalink

Fri 09 Nov 2007

Leopard 10.5.1 - just testing

Category : Technology/JustTesting.txt

I've downloaded the developer build of Leopard 10.5.1 for testing. This is what I have to go through to test each release of OS X.

First, I've started a test machine on my other broadband line, running Leopard 10.5.1. This will host a domain that I always use for testing - lifeassets.com (a domain that will eventually be used by my wife, who is a financial adviser).

I'm so glad I snagged that domain name before someone else did because it sounded so right - Life Assets. It's about financial independence, health, a balanced life, family, happiness - all assets in life's balance sheet. There are loads of ideas we can build around this core concept.

So, the first thing to test is that the domain name works - that it will lead people looking for the lifeassets.com server back to my test machine (which, incidentally, is an Intel-based MacBook running OS X Leopard 10.5.1). I use DNSUpdate to keep my public IP address sync'ed with the domain name, even though I'm on a broadband line, where the IP address changes periodically.

I have a Unix shell script written by my friend, Hai Hwee, that does this, too, and I plan to merge this into MailServe for Leopard so people running mail servers on dynamic IP addresses will have one less piece of software to worry about.

I keep looking for things to eliminate - buttons, fields, tab panels, whetever - e.g., in MailServe for Leopard, I've combined the Start/Stop/Restart buttons into one button. There used to be one set for each function - Postfix, POP, IMAP, Fetchmail - so, that's a lot of buttons eliminated.

To test that the domain name works, I've started up Web Sharing in the Sharing Preferences for the server machine and I try hitting lifeassets.com using a browser on my other broadband line. The Apache test page comes up, so I know I'm set and I can move on to concentrate on my mail server.

I'm amazed so many people skip this step. When they can't hit their mail server, they may already have the mail services, like SMTP, POP and IMAP, running correctly, but they simply can't reach their server because they hadn't managed to get the domain name-IP address mapping set up correctly. So they thresh about, solving the wrong problems in an ever-widening circle.

You need to check that you can reach the server via its domain name, both from outside and also from inside your local network if you've situated the server behind a router (because you may have one of those routers that don't know how to route outgoing packets back to a local machine that has been port-mapped to a public IP address). You need to do this so that you can be sure that any problem that arise after that step would be solely due to the introduction of the mail server.

So, if the domain name-IP address mapping works, I launch MailServe for Leopard and start up Postfix and the POP and IMAP services.

With SMTP authentication turned off and the server set to relay mail for machines on the same network (the default setting), I try to send mail from a client machine on the local network to, say, my .Mac account.

I look into my .Mac mail and, true enough, the message arrives and I reply to it. With the mail client set to retrieve from the lifeassets.com POP server, I can see the reply coming in, signalling that outgoing SMTP and POP work on my Leopard server. I turn off POP and create an IMAP account, and I can see the message in the IMAP Inbox. Then I create an IMAP folder, and move the message into it, and all is well on the IMAP front.

So ports 25, 110, and 143 are all working. What about SSL?

I create a test cert using the MailServe interface and turn on SSL modes for POP and IMAP and repeat the process described earlier. If all goes well, I can conclude that ports 993 and 995 are working properly. And the cert creation process, too.

Next, onto SMTP Authentication. For that, I move my mail client onto the other broadband line. Now that I'm not on the same network as my server, I'll need to authenticate with it to send mail through.

But first, I need to test that I can't send mail through it without authentication. You wouldn't want your server to relay mail for all and sundry on the Internet.

So, I send mail and it gets stuck in the Outbox and that's good.

I set MailServe for Leopard to relay mail for clients who authenticate and I choose the simpler OS X built-in accounts method as the authentication mechanism.

I change my mail client setting to send the authentication parameters to the server and try sending the stuck message again. This time it goes through and I'm smug. Lovely, isn't it.

Then I try to do the authentication via SASLDB. This was where the smile was wiped from my face for two whole months. Stuck while I try to solve it. Until I found it was an Apple bug.

Now, I try to send a new message and ... it doesn't go through. The worry comes back. But the I remember. Of course, it doesn't go through. I hadn't changed the authentication parameters on the mail client to use CRAM-MD5. I make the change and, swoosh, the mail goes through. Phew! I never stop worrying aboout this - that Apple will break it with each software update.

Now I test SSL all over, and POP and IMAP all over again, for the mail client connecting over the remote network. It all gets to be boring, until something doesn't work and then I'll take boring, anytime.

What else, do I need to test? Oh yes - "Require SSL" - for all three protocols. If you don't use SSL, you can't connect. Period. MailServe users wanted this, so MailServe users get this.

Also, alternate SMTP ports - MailServe has the ability to open up more ports, e.g., 2525 or 52525, for mail clients. Of course, we have to test SSL and non-SSL modes all over again for these ports.

And the ability to receive mail for additional secondary domains. There's also the Virtual Alias Domains variant, where mail for the same user in different domains go to different mailboxes.

What else? The log buttons - the Postfix and Fetchmail log. Even a simple thing like this could freeze the first release version of MailServe for Leopard.

Which reminds me, we've got Fetchmail, too. How can I forget? Such pain, so many more permutations. Fetchmail accessing POP, IMAP mailboxes, with or without SSL, keep, no-keep, polling intervals, time-out intervals, multi-drop mode.

At this point, if you're not tired reading this, you're a masochist, just like me.

I can go on and on.

In MailServe for Leopard, I have a new mode for configuring the mail server - as an admin user logged in using a non-admin account. So that creates another cycle for testing.

Then I always have to remember to test against an installation without Xcode loaded - in case I've inadvertently used a Unix feature that's only available if Xcode is installed. Of course, a lot of Mac users don't know Xcode from the Da Vinci Code.

So, all that testing. It really is a lot of work.

Posted at 3:35PM UTC | permalink

Wed 07 Nov 2007

Maven for Leopard

Category : Technology/MavenForLeopard.txt

The current version of Maven already works on Leopard. I've just tested it on Leopard. So, Luca and Maven, for the moment, now work on both Tiger and Leopard.

But I'm planning new versions of both applications that will take advantage of unique Leopard features. So it's possible that future versions of Luca and Maven will only run on Leopard.

But I'll get back to them in late December when I've cleared a few things I plan to do on MailServe, DNS Enabler and WebMon. It has been an exhausting last two weeks, and I hope to take a couple of days break to rest and to think. And then, I'll start work again.

I've been asked, why do I want to work on Maven when there are already competing solutions like CocoaMySQL, etc. The only answer I have is that I build Maven for myself, so that I can build Luca faster.

The important thing about Maven is not (at least, not yet) the CocoaMySQL-type GUI. It's the database access frameworks that I've embedded inside it and which do the heavy-lifting of talking to the databases in a consistent programmer-productivity-enhancing way, and which are the exact same ones I use in Luca. Maybe because I've spent so much of my working life in PC/Windows-dominated IT/MIS environments, I have a different view of the requirements for data-access and data-mining tools than, perhaps, most other Mac developers. I'm trying to marry the two - to build tools that won't be scoffed at by IT/MIS folks; if possible, to build tools that could make their jaws drop in areas where they appreciate - e.g., raw power and performance and the ability to express difficult concepts to get at the data - and yet still have the elegance we come to expect as Mac users. For that, we need minute control over the database access layer.

Another question. Why do I persist in calling it Maven, when there's already an Apache project by that name? In time, the name may change. But for now, Maven captures the essence of what I want the user to be when he or she is using this tool to navigate, access, and understand the database.

For now, all this is just a dream. But now and then, I get a glimpse of how to achieve it.

Posted at 1:58PM UTC | permalink

Wed 31 Oct 2007

Luca for Leopard

Category : Technology/Luca2dot6.txt

I've updated Luca to work with Leopard. It's in the 2.6 version.

Posted at 11:05PM UTC | permalink

Sat 27 Oct 2007

MailServe, WebMon and DNS Enabler for Leopard

Category : Technology/ForLeopard.txt

I think I'm ready to release them all now.

I've merged Postfix Enabler into MailServe so I'll just have that single product to support for Leopard.

So, MailServe for Leopard is at http://cutedgesystems.com/software/MailServeForLeopard/

DNS Enabler for Leopard is at http://cutedgesystems.com/software/DNSEnablerForLeopard/

and

WebMon for Leopard is at http://cutedgesystems.com/software/WebMonForLeopard/

Thanks for waiting, all those who've been coming over here to check for their progress. I'll continue to work on them and on their documentation, but I'd better not hold you up any longer.

I've done as much testing as I could on them, with my friend Hai Hwee's help, who's now camped out at our home - we've tested it on Intel , PPC, admin user, non-admin user, SASLDB, smart host, SSL, no SSL, Fetchmail, you name it, she's tested it. But if anything can go wrong, it will, especially when real users get their hands on it. So I'll just keep the announcements to these pages, to keep the workload manageable, and let's see how well these versions hold up.

I hadn't had much sleep these last two or three days. So I'm all ready to crash. I hope the apps do hold up, This is really living on the edge.

Posted at 6:53PM UTC | permalink