Mac@Work : The Ultimate Business Machine

The
Ultimate
Business Machine

Technology, business
and innovation.

And, not least, about
the Mac.

Weblog • Archive • Cutedge

by: Bernard Teo

Fri 17 Feb 2006

WebMon and real live certs

Category : Technology/WebMon206.txt

I've updated WebMon to 2.0.6. This update provides WebMon with the ability to configure the web server using a working, pre-existing, live certificate :

The interface allows the certificate and key files to be dragged from the Finder into their corresponding fields in the Certificate Panel. WebMon will then store them in the right places in the /System/Library/OpenSSL/ folder for http over SSL to work, and all with just one click.

Posted at 9:08AM UTC | permalink

Thu 16 Feb 2006

MailServe 2.0.7 Released

Category : Technology/MailServe207Released.txt

I've released MailServe 2.0.7 with Fetchmail support for multi-drop mode. From this version on, mail server configurations can also be saved.

Next up - WebMon - adding the ability to import pre-existing digital certificates.

Posted at 8:00AM UTC | permalink

Wed 15 Feb 2006

MailServe supports Fetchmail in Multi-Drop Mode

Category : Technology/MailServe207.txt

I've been working on this 2.0.7 release of MailServe which will configure Fetchmail to work in multi-drop mode. This is how MailServe's Fetchmail panel will look like :

For example, you may have all of your mail delivered to a single mailbox on pop3.demon.nl, under an account named node.demon.nl. This account receives mail for annie@node.demon.nl, jack@node.demon.nl, etc.

What you want Fetchmail to do is to log into your node.demon.nl account with your user name, node, and give your password, and get Fetchmail to download and split the mail into individual mailboxes - for annie, jack, etc - on your server machine.

Then these individual users will log onto your server, and read their mail via IMAP or POP, just as if their mail had been sent there all along.

Fetchmail does the job of splitting the mail into the individual mailboxes and the individual users can forget about the existence of the pop3.demon.nl server. This way, you can consolidate the mail for all your users, from any number of ISP POP servers, into their POP or IMAP accounts on your own mail server.

MailServe, with this improved Fetchmail integration, will now allow people to do all that. I've just got to test it a little more and release it tomorrow.

And this MailServe update will also let the user save the current configuration, including the log records. You can save any number of configurations into MailServe's .msrv data files, and double-click on them from the Finder to open MailServe. It's great for swapping or backing up servers or sharing a working configuration as a template for a friend.

Also, I'm now able to issue the Start Fetchmail, Restart Fetchmail, and Stop Fetchmail commands, all from the same button. To Stop Fetchmail, the user just holds down the Option key and the button name changes to Stop Fetchmail. The button knows whether it should be Start Fetchmail, when Fetchmail is not running, or Restart Fetchmail, when Fetchmail is already running. The point is, I took some point to figure out how to detect modifier key presses that will change button state in Cocoa. But with that figured out, I can look forward to cutting down all the buttons that mess up the MailServe/Postfix Enabler interface to just one each for Postfix, POP, and IMAP.

Posted at 6:07AM UTC | permalink

Fri 10 Feb 2006

WebMon 2.0.5 is Universal

Category : Technology/WebMon205.txt

I've released a Universal Binary version of WebMon (ver 2.0.5). With that, WebMon, DNS Enabler, MailServe and Luca are now all Universal Binaries.

WebMon may benefit more from a faster machine than either MailServe or DNS Enabler because it has to pull out and format the webserver log records. So we could do with more speed here.

I've taken the chance to improve WebMon's interface so that a user can set up everything now - including SSL, test certs, PHP, and WebDav - in one step rather two or three. Hope it'll work better now. If it does, I'll have the base to build further and turn on more stuff.

Once you've set up a WebDav folder, you may want to allow a Windows client to access it. This link leads to an overview of using WebDav folders on Windows. And this is the page to go to to download a Software Update for your Windows machine to act as a WebDav client. It may be evening by the time you get all these done. They're all built-in on a Mac. So which is the serious business machine?

Posted at 4:10PM UTC | permalink

Tue 07 Feb 2006

DNS Enabler 2.0.6

Category : Technology/DNSEnabler206.txt

I've released DNS Enabler 2.0.6, with a new feature to save the configuration into a .dns file, and you can double-click on the config file to open it. It'll all work like a Mac application should, the amazingly omniscient "Open Recent" menu being implemented and it has its own document icon and all.

Being able to save and recall different sets of configurations, representing different scenarios, can make DNS Enabler a useful teaching tool. I've already made use of it to allow people to download the configurations that I'm using as examples on the DNS Enabler webpage. Plus it'll make it that much easier to move servers, by allowing the current configuration to be backed up.

I've also implemented another feature request - the ability to set up MX records for the secondary domains and not just for the primary domain. In the example below, misery.movie.edu acts as the mail server for not just the primary domain, movie.edu, but also for domain1.com and domain2.com. In the MX[xx]for.which.domain notation, if the domain name component is missing, the primary domain is implied.

The more I use Cocoa, the more I believe this is Apple's crown jewels. It's fun, it's powerful, and it's economical. You can try to be absolutely parsimonious about the amount of code you're willing to write and still be able to express quite intricate concepts.

Posted at 5:49PM UTC | permalink

Sun 05 Feb 2006

Amazon Recommends ...

Category : Commentary/amazonrecommends.txt

I did a double-take when this popped out at the top of the page when I went to the Amazon site just now :

It's the one on the left - The Kite Runner.

"Why was I recommended this?"

That was the right question - because that book was exactly what I was planning to read next.

How did Amazon know? It's uncanny.

"Any sufficiently advanced technology is indistinguishable from magic." - so says Arthur C Clarke.

Posted at 2:41PM UTC | permalink

A New World Currency

Category : Commentary/FaCai.txt

You know, the Chinese greet each other during the New Year with a hearty "Greetings! wish you'll erupt all over with wealth and prosperity!", or something to that effect, and it's all done with somewhat more vigour than the average Westerner's genteel "Merry Christmas".

Gong Xi! It looks like we're finally going to turn a corner and Fa Cai this year. The prognostications look good because, for one thing, office rentals have gone up significantly towards the end of last year, and that's a sure sign of business expansion. Although it's not quite the seller's market yet, it's steadily getting there.

And the Singapore dollar's on the up and up. It's sliced 5% off the value of my software sales in just the last two weeks.

So my mind's thinking of schemes, like where and how do I stash the money to keep its value?

I never thought I'd see the day when I'd be rooting for the Singapore dollar to go down and down. The cheaper it was, the more Singapore dollars I had to spend when I moved it down from PayPal, where the money's kept in US dollars.

The point is not that I'm thinking like a big-time businessman. It's more like I'm amazed at the experience, and luxuriating at the opportunities, that the Internet economy has brought within reach of the average man.

A few years ago, a person can never hope to do this - get in touch with and sell your wares to thousands of people all around the world - without needing to leave your house and, better still, without even needing to play golf to "establish contacts and touch base".

There's this Brazilian businessman I like to read, Ricardo Semler - Maverick and The Seven Day Weekend - and he was reflecting about the business adage that one should go out to socialise to smooth the business relationships, and he's wondering why he should do that when he could use the same amount of time to make his products work better, and surely that would be what the customers want.

Contrast this with the way business is done in China, as recounted by James McGregor in One Bilion Customers - "Lessons from the Front Lines of Doing Business in China", and since it's clear which way I'm more at home with, it's no wonder, at least to my wife, that I'm going through an identity crisis.

But, anyway, back to the theme of this message. It's about two things - that the world is going through some really profound change, and the best thing to do is to jump right in and take part, to see where it's going. Like the old Reebok advert says, "because life is not a spectator sport".

For example, if I can make this software business work, then theoretically I can live anywhere in the world where I can get an Internet connection and, of course, if I may dream, it'll preferably be where the air is cooler and fresher and life is great. If money will flow to where we are, won't it make sense, then, to find a place where the money can be made to last a little longer?

What does this mean for nation states and citizenship, and loyalty and fealty and sovereignty? Nobody knows. Whatever it is, it won't be business as usual.

And one more thing - at the core of a lot of these changes is ... PayPal. PayPal has a lot of bad press. Some people hate it and refuse to use it. But it's reached 85 million users now, and that's going to be some network effect.

Read the PayPal Wars by Eric Jackson, about the ideas the original PayPal founders had and that gave birth to it. Some of these ideas are just emerging into fruition. Some day, we'll read about the creation of The New World Currency. And then we, who're using payPal right now, and its future progenies, will remember that we were there, present at the Creation. May we continue to live in interesting times.

Posted at 2:40PM UTC | permalink

DNS Enabler Universal 2.0.5

Category : Technology/DNSEnabler205.txt

I found a stupid bug in the first Universal Binary release of DNS Enabler, version 2.0.4. It was introduced by the Forwarders field. It's stupid because, if the Forwarders field is empty, then the name server will refuse to start up.

Programming needs a lot of commitment. To do it well, you cannot do it half-heartedly. Even with all the best intention in the world, these types of bugs can still trip you up. When you put things in, you need to check if things will still work when you take them out. Neglect even one step and it'll all come back to haunt you.

That reminds me of why we couldn't grow the company, a few years back, when the jobs were all coming in. We couldn't find enough good people. How do you get them to care the same way you do?

That's how it all started - this journey to understand how we can ever build a business that will work (perfectly) even when we, the owners, are not there to do every single piece of the work. This looks like it's going to take a bit more time to solve.

Posted at 9:59AM UTC | permalink

Fri 03 Feb 2006

A Happy Chinese New Year?

Category : Commentary/HappyCNY.txt

It's been a most productive week. I got quite a lot of work done over the long Chinese New Year weekend, once I had the brilliant idea I could hand off all the boring rituals over to my wife and nudged her out of the house.

Setuid root beats family reunion dinners? How far more do I have to go before I stop being a Chinese in anything other than name?

And yet I'm the one who's been discovering a whole new wave of books about China. Here's one I found and enjoyed - Balzac and the Little Chinese Seamstress. My wife's puzzled why she can't find the Chinese original in the library. Now I know why. The author, Dai Sijie, was born in China, survived the Cultural Revolution, "then moved to France, where he learned to read, speak and write French. The book was originally written in French and then translated into English by another individual", says one of the amazon.com reviewers.

Anyway, with those red shoes setting the mood, and though I'm now one week late, having just extricated my head from all that coding, a happy Chinese new year to all my friends.

Posted at 4:30PM UTC | permalink

DNS Enabler 2.0.4 Universal

Category : Technology/DNSEnabler204.txt

I've released DNS Enabler 2.0.4, which is a Universal Binary. It includes a couple of features that have been requested - a field for specifying forwarders and support for TXT records (see below) :

Seems like there is a new spam-fighting movement involving the use of SPF records (SPF = Sender Policy Framework), which are used in conjunction with TXT records kept at the DNS Server.

I don't quite understand this at the moment, but at least I've learnt there is something new. Also, if you're running a publicly accessible DNS Server, you can go to DNS Report and check how well your DNS Server stacks up against the standards.

Posted at 3:21PM UTC | permalink

Thu 02 Feb 2006

Luca and MySQL

Category : Technology/LucaMySQL.txt

Hai Hwee's been pretty busy herself these last two weeks. She's got a Universal Binary version of her SQLite Cocoa framework, as well as one now for MySQL. With these, she's able to build a Universal Binary version of Luca Accounting, that will support both MySQL and SQLite databases.

What we're trying to do is this : the user starts off using Luca, and entering his accounting data, with the built-in SQLite database. Then when he needs a faster, more scaleable database, with multi-user, concurrent access capabilities, he can go to Luca Preferences, point Luca towards MySQL, wherever he has installed it, and give Luca the rights to create the accounting database, populating it from the SQLite database.

Hai Hwee's got the hard part done - building Universal versions of the database access frameworks, as well as an architecture that will allow us to plug in support for other databases, like PostgreSQL, when we learn how to do them.

The next thing to do is build the user interface for switching between the databases.

If we're still working with 4th Dimension, we would now be able to build our own database plug-ins for 4D. We used to pay a lot of money for things like 4D for Oracle. We've learnt a lot since moving to OS X.

Posted at 8:57AM UTC | permalink

About Authorisation Services and the Security Framework

Category : Technology/securityFramework.txt

Over the long Chinese New Year weekend just past, I've also built an experimental version of MailServe that uses Authorisation Services which, together with the Keychain, is part of Cocoa's Security Framework.

I was trying to avoid having to use sudo to change things at the system level but, instead, use a shell tool that has its uid set to root to do all the privileged operations. But a setuid root tool is a dangerous thing. And that's where Authorisation Services come in - to make sure that the user is authorised to perform each privileged operation, and to authenticate that the user is who he says he is. With the Cocoa API's, you get to do all these in an orderly way.

And there are few other benefits to doing things "the right way". If the user is using a Mac that allows him to authenticate using smart cards, finger print or retinal scanning, in place of passwords, my applications will still work without my having to do a thing.

But what I was trying to do now was to avoid holding on to the user's password, which I have to do as long as I have to pass it on to sudo.

I almost got there. It turns out that the postfix command needs to be performed by a superuser. But somehow a setuid root process, which should be considered as executing with the privileges of a superuser, is not considered privileged enough by the postfix command. I still need sudo to run the postfix command in the setuid process, and there's something I'm missing here. I'm so close to getting it done. The code's a lot neater, and I may be able to kill the occasional problems I have with people's passwords not working, once and for all, since I'm using the same authentication services that you use when you log in to your system or change network settings.

When you meet these Security Framework API's the first time, they look very daunting. But there's a way to understand Cocoa if you learn how to skim off the key concepts quickly. Once the concepts are clear, then the more API's you find, and the thicker the documentation, the better it is, because it just means that there are a lot more variations to exploit the power of the tool. I'm just scratching the surface of what Cocoa can do. This is one journey that I'm happy to take one step at a time.

Posted at 8:57AM UTC | permalink