| The Ultimate Business Machine Technology, business And, not least, about by: Bernard Teo
|
Tue 26 Jul 2005 Sendmail Enabler's New HomeCategory : Technology/SendmailEnablerHome.txt It seems like there's still quite a lot of people using Sendmail Enabler. Remember Jaguar? That's a long time ago. I'm moving things around and Sendmail Enabler gets a new home to see out its days. Sendmail Enabler for Jaguar can now be found at : http://www.cutedgesystems.com/software/SendmailEnabler/index.html. Sun 24 Jul 2005 AuthenticityCategory : Commentary/authenticity.txt I remember why I brought up the book, "Trading Up", a couple of posts ago. I enjoyed that book (e.g., the story about how Victoria's Secrets came to be) and I'm probably not doing it enough justice, but the gist is, you either position your products at the low end when you can slog it out on price, or at the high end where you've developed an unassailable brand. But the worst is to be caught in the middle where you'll be decimated. The best is to have what is called a "mass-tige" product, that is, a prestige product that confers status, which costs somewhat more than a standard product, but not too high that it's out of reach, yet will return significantly higher returns, even as you sell a whole lot of them through your ability to make them in consistently good quality. This turns the traditional supply/demand curve on its head because when you're in the happy position of owning a masstige product, you can sell it at a high price and find that instead of selling less of them, you can actually sell even more of them because the price reinforces the perception of quality. What, then, are the characteristics of such "masstige" items, so we'll know one when we see one, preferably when it's within our power to bring one into being? That was the purpose of the book to describe. But among the characteristics are the following, if I remember them off the top of my head: they've firstly got to be clearly better built - better made, better designed, with a thoughtfulness that comes from an attention to detail - and they've got to be consistently good, even where they have idiosyncrasies and variations. They've got to include a fair measure of technology, otherwise you wouldn't be able to reconcile the conflicting objectives of achieving consistently high quality while making production in quantity. Yet the technology is tempered by the existence of a story, to wrap the product in meaning, so that it speaks with a voice or an authenticity that will connect with the heart of the user. There are other characteristics but these are the major ones. And they're the ones that have a connection with why I felt that the Mac had been the right business machine all these years. It's the idea of authenticity. It's the idea that we have thought through all the reasons why we're in business, and that we've taken the utmost care to breathe life into our products, and that we will not stop at anything but the best to deliver that experience to the user - including harnessing the best supporting information systems so that it radiates quality and life and thoughtfulness and craftsmanship at every step of the way. Of course most of those businesses covered in the Trading Up book probably aren't using the Mac but my point is, if you really know, would there be any question what you would choose? For me, the decision is obvious. I can't achieve the authenticity, so to speak, if I didn't choose the Mac. It's not like I'm a crazed Mac freak, but it's clearly the only one that has a chance to resonate with all the other good intentions, if all I have is a choice of Windows, Linux, Unix, or the Mac. I mean, how can you speak with a singular voice, if you choose to use something simply because everyone else is using it? It's like, while reflecting on the potential of the technologies to properly support the business, have you asked "what does the brick want to be"? Have you listened to that inner voice and see how you can harmonise every aspect of the business so that it speaks with a consistent tone, colour, grace, and optimism? It's hard to see how the answer could lie in something as dead and soul-less as Windows. That's why it's so hard to do the truly authentic thing. It's running against the crowd and listening to that inner voice. And keeping the faith. Airport Extreme Base Station Firmware UpdateCategory : Technology/AEBS551.txt There's a problem with the Airport Extreme Base Station Firmware Update 5.6 that prevents the base station from connecting to the ISP over PPoE. It's not consistent. An AEBS updated to 5.6 continues to work with PacNet but fails with Singnet. I managed to find the previous 5.5.1 update at the Apple site. After loading that in, the Base Station works again. For a while I thought I had lost a base station. Avoid the 5.6 update if you can. (Actually, avoid it like the plague.) Sat 23 Jul 2005 To The LibraryCategory : Commentary/library.txt Where I really want to go today is to the library. A few years ago, they decided to tear down our historic, original, very first National Library, amid much wringing of hands and gnashing of teeth. In order to provide the new in-city Singapore Management University with contiguous access to the Singapore History Museum so that they make one lush campus (will it ever be?), a roadway has to be diverted and the Library had to be sacrificed. Whatever the merits of the decision, a new high-tech replacement was opened yesterday. And since the Library is the institution I cherish the most as a citizen of this country, this is where I want to go today - to re-establish my connection with the Place, shifted though it has been a couple of roads away. I need to return a book that I had finished, "Trading Up", so that I can borrow "The Company of the Future". The last I check, that's still there. Just a word about "Trading Up" before I return it. I've learnt that it's important to try to understand what makes people value what they value and are prepared to pay for. I've sat in meetings and faced countless inquisitions about why I favour wasting tax payers' money on Apple's high priced gear, why not the cheapest possible PCs, and after coming out from the battering, I see these same guys driving away in their red Honda Preludes, BMW, whatever, and I want to ask, how much is your mind worth? And as an IT sub-contractor, don't you know that a customer would rather pay for his Merce, than spend anything more than peanuts on the IT system? The more the Mercedes costs, the better he feels, because it shows he's rich. The less he pays for an IT system the better, because it shows that he's smart about controlling his operating costs. Between these two forces, a guy trying to make a living as a software/systems developer dies a thousand deaths. For years, Apple has suffered through these with the Macintosh. Because we don't value the mind more than we care about showing our status, Macs have been consigned to the ghetto while BMW sales rise, Steve Jobs' fruitless attempts to compare Apple with BMW be damned. Until the iPod. Which is Apple's sweetest revenge. So it's important to understand the psychology of buying - if only to know when to get out of the way of the tsunami of people's self interests. I say this with a lot of feeling for the idealists. Even if you don't want to go with the flow, you should know enough to get out of the way. And live to fight another day. And perhaps, like Apple, learn to turn the force your way? Where do you want to go today?Category : Commentary/wheretogo.txt Okay, I'll borrow MS's slogan for Windows, and back up a little to reflect on where I'm trying to go with WebMon, DNS Enabler, and Postfix Enabler. I've started building these things, initially, for myself. The web, mail, DNS, calendaring system, accounting system, integrated business database system, payments system - overlaid with security and encryption - these are what I think of as the life-sustaining elements of any business. Of course, you've still got to go out and sell your wares. But these are the stuff you'll need to back you up, and they, in turn, need to work flawlessly and easily if you're going to channel all your energy towards making the products and services, and bringing in the revenue. And none towards feeding the system. I'm making all these so that I can turn them all up quickly if I need to change a server, move to another home, another country, anywhere where they have an Internet connection. I've got the web, the mail, calendaring and file sharing over WebDAV, DNS, and SSL done (or at least the basics). Coming on is the accounting system, and a way to snap on a PayPal payments interface, and link it to the accounting system. And tie in this no-frills blogging system with perhaps a GUI editor. Currently Postfix Enabler and DNS Enabler lack the ability to help you migrate the data over from an older machine or system. I had thought that I've already eliminated a lot of things a person has remember. But I understand now that people would need a way to restore their previous configuration with just one click. After all, that was what I said was my stated goal - to get back on-line fast. I'm not there yet. It needs more work. And some people have problems with PayPal. But believe me, I couldn't do this without PayPal - not if I'd like to get paid for sharing the tools and providing the support. I hope PayPal gets better because I don't have a better or cheaper alternative now, and I think they will get better. So this is where I want to go. I hope that others will also find the tools useful and agree they're worth paying for, and that they could build their businesses on the Mac, which would be nice bonus because two years ago when I took this route it was really to find a non-IT business we could run, but with all our own tools, because Hai Hwee, my wife, and me got tired of working with PC-myopic IT managers, overseers/information architects, Windows, and all that corporate IT scene, and I wanted to be near our kid, and be a daddy rather than a wallet (as someone puts it). And we're still looking for it - a business we could run like a high-performance machine - so that we, and everybody else working in it, could live our lives like human beings. But watching the payments coming in for Postfix Enabler has given us a glimpse that maybe, if anything, the underlying systems do actually work. And they can scale. And they're all running beautifully on the Mac. As I've argued they would. And so, on with the search, to build a real business on it. Fri 22 Jul 2005 A Standalone Web Server Configurator?Category : Technology/WebConfigStandalone.txt I'm still not sure I can guarantee near faultless SSH Remote Login set-ups because there seems to be a wide variance in the state of people's machines. For example, WebMon will break if somebody has used SSH Helper to set up SSH before. Now, with WebMon as it currently is, if you can't get past the SSH Connection part, then you can't get at all the other goodies, like WebDAV and SSL. Like Postfix Enabler before it, WebMon works best with a plain un-customised OS X machine. If you take a freshly installed Mac Mini, say, then Postfix Enabler, DNS Enabler and WebMon will all work fine, out of the box. The SSH part makes WebMon a little bit more brittle than the other two, which currently only work on the local machine. So I'm mulling over doing a standalone Web Server configurator. (But it's on to DNS Enabler, next.) However, if WebMon's SSH set-ups really turn out to work OK, as I get feedback from the people using it, then this configuration could prove to be potentially very powerful. For example, one could use WebMon running on a PowerBook to configure (and monitor) any number of different servers. And WebMon will keep all their configurations straight. So I haven't given up on this, yet. WebMon 1.1.2 with SSLCategory : Technology/WebMon112.txt WebMon can now set up PHP, WebDAV, and SSL for a plain Mac OS X machine running Apache via the Personal Web Sharing panel in System Preferences. This is WebMon 1.1.2 with SSL support.
It'll allow you to serve out encrypted web pages on the alternate Port 443, using the self-signed "test" SSL certificates that it'll help you create. And all with just one click. If you find that SSL works OK using the test certs, you can proceed to get "real" "live" certs from any of the certification authorities (CA's) using the Generate Certificate Request button. This will generate a block of text called the certificate request that you'll need to send to a CA. WebMon provides the interface for setting the various fields that a CA will require, e.g., the domain name, organisational unit, locality and country code.
The workflow works like this : after you've found yourself comfortable using SSL and things work OK when you type https://yourwebsite.com on your browser rather than plain http, you can check that the data you need to submit to a CA is correct. Then hit the Generate Certificate Request button. The block of text, above, that you see actually contains all the data that you entered into the WebMon fields. Now you can go to a CA like freessl.com and try out their free one-month live certificate. I encourage you to try it because it's fun and it won't cost you a thing (yet, unless you opt to buy the cert in which case it's actually [Ok, admittedly] quite cheap now compared to a couple of years ago). When the CA asks you for the Certificate Request (CSR in their parlance), paste the block of text generated by WebMon. Then follow thru with the CA's procedure. (Freessl's system is really smooth and I think there's a lot any web-based business can learn from them.) At the end of the process, which takes less than 5 minutes, you get your cert, which is another block of text that looks like the CSR. You copy this block of text, click on WebMon's Save Certificate From CA button, paste it into the field provided, and hit the Save Cert button. Then close the dialog box, make sure Use Test Cert is unchecked (because you're going to use a "live" cert now), and hit the Configure SSL button. This time, Apache will use the "live" cert. If everything works OK, you can check this via your web browser - that you've got a legal functioning live cert (albeit for a month). This is the process that I've always wanted to build, ever since I've learnt how to do it all manually. Before, if I didn't do this for a month, I'll need an hour just to figure out all the steps again. Now, it's just like Postfix Enabler - once I've systematised all these steps into just a few clicks, I'm able to clear the space in my brain for a lot more useful other things. Sun 17 Jul 2005 Certificate Signing - Dead EndCategory : Technology/chainOfTrust.txt I'm going to wrap up my exploration of digital certificate signing, at least for a while until I get better ideas, but this is why I think I've hit a dead end. According to the man page on the OpenSSL verify command, which is used to verify that a cert is OK all the way up its trust chain, one of the checks it does is to make sure that the issuer of a cert is actually allowed to sign certs : ... in addition the keyUsage extension of the candidate issuer (if present) must permit certificate signing ... So, the freessl cert that I bought, which I was hoping will allow me to sign certs in turn for Hai Hwee, Bee Khim, Brendan, etc..., does not include cert signing among its allowed uses. It has "Digital Signature, Non-Repudiation, Key Encipherment, Data Encipherment". But nothing like cert signing. (It takes less effort to set it to "all", like freessl's own root cert). So I think it's not the technology. We've got everything there in OS X, under the OpenSSL umbrella of commands, to do it - , i.e., sign certs as a valid intermediate Certification Authority, so long as we have a valid cert that will allow us to establish that "chain of trust". Whatever limitations now are man-made. This is what irks me about the whole SSL, digital certs thing. It does use some relatively esoteric Unix incantations but it's all clearly understandable. The first time I bought a Verisign cert, I was awed by all this PKI "our facility is protected by seven rings of security" thing. But you could do all this on your Mac. We need digital signatures and message encryption more than we need these guys to insert themselves into the "Chain of Trust". Airport Base Station Firmware Update WarningCategory : Technology/AEBSFirmwareUpdateWoes.txt I've tried to connect my "old" Airport Extreme base station (the one that went PPoE dead after the firmware 5.6 update) to the broadband modem and again it fails to connect to PPoE. But it worked fine at Hai Hwee's house after a hard reset. So now, I'm not sure if it has somehow acquired an incompatibility with the Efficient Speedstream 5250 ADSL modem or is it with Singnet itself. Hai Hwee's house is on PacNet, using an Aztech DSL 305E modem. Anyway, this is a warning for Singapore-based users. Think twice before you do that 5.6 firmware update. ThawteCategory : Technology/thawte.txt Right after making that last post, I realised I forgot to mention Thawte. You can get a free cert for use with mail from Thawte, as did almost everyone who has ever sent me signed messages. But the Thawte application is a tortuous process. After about ten pages, I get to the page to download my cert and hit a ".exe cannot be downloaded" error. Seems like you've got to use Mozilla download it but the page warns that you've got to use the same browser throughout the whole process. I remember vaguely that I've done this before. It's the .exe that shuts my brain. There's got be a more Mac-like way. There should be this democratisation of the process. Buy a cert for each company or organisation and then use it to vouch for the people in it, using tools like the Certificate Assistant. Maybe Apple should get into this business and offer certs as part of the .Mac experience and tie it into the Certificate Assistant, because frankly, if I have to pay for a cert each year, it makes no difference whether I pay freessl or Apple, so it might as well go to Apple. It looks like it's going to be a great Sunday. Time to get out. WebMon, SSL, Mail, and Digital CertificatesCategory : Technology/sslUpdates.txt Just some updates about WebMon and SSL. I'm almost done with the interface. I'm able to get WebMon to generate a certificate request (a CSR in SSL parlance) and display the block of text containing that CSR, so that the user can paste that into his application at one of the certification authorities. I enjoyed the fluidity of the process at freessl.com, or rapidssl.com as they're now known, and I'm going to recommend it. I just need to wrap it up by providing an interface for the user to paste the returned certificate, so that WebMon can copy that to the right location and restart the server. I've been experimenting Apple's very excellent Certificate Assistant (that comes with Tiger's new Keychain Access application), but I think that serves a more mail client-centric need. If you use WebMon's SSL-enabler, you should be able to set the web server up for SSL, and get the certs and keys stashed into all the right places in one fell swoop. Or at least that's what I hope I could do. But, back to the Certificate Assistant. I think it's very well thought out. I've used something similar in Windows 2000 (I haven't thought about Windows in ages) but Apple's implementation is better. "Better" because, if good design is about stripping things down to the barest minimum that the user needs to touch to get something done, then Certificate Assistant has succeeded in this respect. I now know how the process works, both via Certificate Assistant, as well as manually via the OpenSSL commands. But I still haven't found the answer to the question : if I have a valid live SSL cert, can I use it to sign other certificates so that other mail clients don't complain when they receive mail from all of us here at cutedgesystems.com? (- because currently I could only use a self-signed cert, and that is not linked to the so-called "chain of trust" - unless I know how to bring the live cert into the equation). Currently, Certificate Assistant works with self-signed certs. If I make myself a Certification Authority, I can't issue a cert for Hai Hwee, say, and link that all the way back to the root certificate used by freessl.com, even though I, as the sub-level Certification Authority, has a valid certificate from freessl.com. I've been banging my head over this the last couple of days. Sending mail without signing and encrypting it is, like someone said, sending business information using postcards, for everyone to read who handles its delivery. We really need to get to this next stage of e-mail usage. And the process has got to be simpler and cheaper than it is now. Airport 4.2 and Airport Base Station 5.6 UpdatesCategory : Technology/airport5dot6firmware.txt I applied the Airport Base Station 5.6 Firmware Update and it stopped being able connect to the broadband modem. So for a couple of sessions over the weekend, we were off the air (or blogosphere) for about half an hour each. If you're trying to get here and couldn't connect, that was the cause. Fortunately I have a spare base station somewhere else. While I went to retrieve it, we were running the server directly off the broadband modem, and using the server's Airport card to share its connection with the other machines on our network. And I was thinking about how things still work while we're getting flustered. At times like these, you can't think, you just want to get back up as quickly as possible. And thankfully, just three clicks later, we've got server's Airport card sharing its broadband connection to everybody else on the network. So our Disaster Recovery Standard Operating Procedure (SOP) works. I'm now running the system off the spare base station. As for the "spoilt" one, we went over to Hai Hwee's house, did a hardware reset, and found that it worked again on her broadband connection. So I'm going to switch everything back, later today, at about three or four in the afternoon, when my server's at its quietest time of the day. Read more ... |
Mac@Work
Services running on this server, a Mac Mini running Mac OS X 10.9.2 Mavericks:
all set up using MailServe, WebMon, DNS Enabler, DNS Agent, VPN Enabler, Liya and our SQL installers, all on Mavericks. |
||||||||||||||||||||||||||
