Mac@Work : The Ultimate Business Machine

The
Ultimate
Business Machine

Technology, business
and innovation.

And, not least, about
the Mac.

Weblog • Archive • Cutedge

by: Bernard Teo

Sat 25 Jun 2005

WebServer Monitor 1.0.8 Released

Category : Technology/WebMon108.txt

While WebServer Monitor itself will run on either Panther or Tiger, there is a bug when the web server is on Tiger. WebServer Monitor doesn't SSH (login) into the remote (Tiger) machine correctly and therefore cannot set up its server log format properly. This release fixes that bug.

Also I've re-arranged the Navigation menu, changed its keyboard short-cuts, and added a menu item to revert to the last search done on the Search History List (in the Search Field). Hopefully, these will make it even easier to move around the log data.

WebServer Monitor can be downloaded here.

Posted at 3:04PM UTC | permalink

Stay Foolish. Because God Rewards Fools.

Category : Commentary/stayFoolish.txt

The trio of Martin Hellman, Whitfield Diffie and Ralph Merkle had been the first to find an answer to the key distribution problem of cryptography (see previous post). Or, at least, a conceptual answer, because they were followed by another trio - whose initials made out R, S, and A - who actually supplied an implementable solution. That's why PKI encryption is also known as RSA encryption today.

But, anyway, here's a quote from Martin Hellman, from Simon Singh's book :

"The way to get to the top of the heap in terms of developing original research is to be a fool, because only fools keep trying. You have idea number 1, you get excited, and it flops. Then you have idea number 2, you get excited, and it flops. Then you have idea number 99, you get excited, and it flops. Only a fool would be excited by the 100th idea, but it might take 100 ideas before one really pays off. Unless you're foolish enough to be continually excited, you won't have the motivation, you won't have the energy to carry it through. God rewards fools."

Remember the end of Steve Jobs' Stanford commencement speech where he said, "Stay Hungry. Stay Foolish"? Because God rewards fools.

Posted at 6:07AM UTC | permalink

Alice and Bob Go Public

Category : Commentary/PKI.txt

I was reading Simon Singh's "The Code Book - The Science of Secrecy from Ancient Egypt to Quantum Cryptography" and this is the first time I really understand this concept called the Public Key Infrastructure (PKI) which we use in mail and web servers when we "turn on SSL".

If you start with Simon Singh, then move on to Steven Levy's "Crypto", and then reach David Kahn's "The Codebreakers", you should be able to get a very good grounding as to why having an understanding of this dismal science is really so important to running a business in our Internet age.

This is the first time I've found someone who could draw a meaningful picture around PKI - i.e., the problem it was meant to solve, how it solved it, and why that's significant. And so I'll quote that part of the book that created that Eureka moment and encourage you to read it, too. If you're concerned about running a business on the 'Net, this will be a meaningful journey :

"The whole problem of key distribution is a classic catch-22. If two people want to exchange a secret message over the phone, the sender must encrypt it. To encrypt the secret message the sender must use a key, which is itself a secret, so then there is the problem of transmitting the secret key to the receiver in order to transmit the secret message. In short, before two people can exchange a secret (an encrypted message) they must already share a secret (the key)."

"When thinking about the problem of key distribution, it is helpful to consider Alice, Bob and Eve, three fictional characters who have become the industry standard for discussions about cryptography. In a typical situation, Alice wants to send a message to Bob, or vice versa, and Eve is trying to eavesdrop. If Alice is sending private messages to Bob she will encrypt each one before sending it, using a separate key each time. Alice is continually faced with the problem of key distribution because she has to convey the keys to Bob securely, otherwise he cannot decrypt the messages. One way to solve the problem is for Alice and Bob to meet up once a week and exchange enough keys to cover the messages that might be sent during the next seven days. Exchanging keys in person is certainly secure, but it is inconvenient, and if either Alice or Bob is taken ill the system breaks down. Alternatively, Alice and Bob could hire couriers, which would be less secure and more expensive, but at least they will have delegated some of the work. Either way, it seems that the distribution of keys is unavoidable. For two thousand years this was considered an axiom of cryptography - an indisputable truth. However, there is a thought-experiment that seems to defy the axiom."

And so the stage is set ...

"Imagine that Alice and Bob live in a country where the postal system is completely corrupt, and postal employees will read any unprotected correspondence. Alice wants to send an intensely personal message to Bob. She puts it inside a strongbox, closes it, and secures it with a padlock and key. She puts the padlock box in the post and keeps the key. However, when the box reaches Bob he is unable to open it because he does not have the key. Alice might consider putting the key inside another strongbox, padlocking it and sending it to Bob, but without the key to the second padlock he is unable to open the second box, so he cannot obtain the key that opens the first box. The only way around the problem seems to be for Alice to make a copy of her key and give it to Bob in advance when they meet for coffee. So far, I have just restated the same old problem in a new scenario. Avoiding key distribution seems logically impossible: surely, if Alice wants to lock something in a box so that only Bob can open it, she must give him a copy of the key. Or, in terms of cryptography, if Alice wants to encipher a message so that only Bob can decipher it, she must give him a copy of the key. Key exchange is an inevitable part of encipherment - or is it?"

And now the denouement ...

"Now picture the following scenario. As before, Alice wants to send an intensely personal message to Bob. Again, she puts her secret message in a strongbox, padlocks it and sends it to Bob. When the box arrives, Bob adds his own padlock and sends the box back to Alice. When Alice receives the box, it is now secured by two padlocks. She removes her own padlock, leaving just Bob's padlock to secure the box. Finally she sends the box back to Bob. And here is the crucial difference: Bob can now open the box because it is secured only with his own padlock - to which he alone has the key."

"The implications of this little story are enormous. It demonstrates that a secret message can be securely exchanged between two people without them first exchanging a key. For the first time we have a suggestion that key exchange might not be an inevitable part of cryptography."

And so this is the start - having a clear mental model of the basic issues to make the mind more ready to consider a few other possibilities. It takes a couple more steps from here to reach how public key encryption actually works today in our systems. And then one more step to understandiing something called PGP - Pretty Good Privacy.

I believe it's going to become very important to learn how to make these things work for us in our businesses. We've already got all these stuff built into our little Macs. All we need is to figure out how to turn them on. Right. The Mac Way.

Posted at 5:22AM UTC | permalink

Fri 24 Jun 2005

Singapore Map Plug-In for Address Book - works on Tiger

Category : Technology/addressBookMapPluginTiger.txt

I've finally found the time to fix this. The Address Book Map Plug-In works again for Tiger. And thanks to Ashwin Kumar's code snippet, it should continue to work on Panther.

You can download a Tiger-compatible installer for the plug-in from here. There's a short write-up on how to use it, here.

Posted at 2:32AM UTC | permalink

Perfect Enough?

Category : Commentary/PerfectEnough.txt

We know that Mac users love their Macs, while PC users... Well, how much do PC users care about the PC? Perhaps, this is in direct proportion (and response) to the care that had gone into building it.

I've finished reading "Perfect Enough - Carly Fiorina and the Reinvention of Hewlett-Packard" but there's this part I'd like to quote. It's the part where the McKinsey experts (!) were taking the HP directors through the merits buying Compaq :

Sam Ginn voiced his doubts about moving deeper into personal computers. "We've never made much money at it," he said. "Our returns are lousy and so are theirs." The McKinsey experts retorted that HP and Compaq had much less at stake than most people realized. Together, the two companies rang up $20 billion a year in revenue selling personal computers. But they didn't make the hardware or software; they didn't even assemble the machines. Intel, Microsoft, and contract manufacturers such as Flextronics handled such chores. The PC business consisted mostly of brand-name sizzle and some legal agreements in a file cabinet (italics added). If the two companies could coax out a few marketing efficiencies and post even a slim profit, that would translate into a decent return on invested capital.

You see those shiny HP and Compaq laptops in the computer superstores. Not a scrap of soul in them. They weren't built primarily to be used by people. They were built "to post a slim profit".

As the afternoon played out, Dick Hackborn became one of the most vocal proponents of the deal. He had been arguing for years that industry standards almost always won out over proprietary architectures in the computer business. As a result, he believed, Hewlett-Packard ought to seize command of the standardized - and increasingly popular - Windows NT server market and rely less on its customized Unix machines. An HP-Compaq combination would finally get the company pointed in the right direction.

Windows is "open" and Unix is proprietary. Why are big corporate guys so smart? DEC, Tandem, Compaq, even the IBM PC - they're all gone. And we're still using Macs. For whom does the death knell toll?

Posted at 2:32AM UTC | permalink

Mon 20 Jun 2005

Fetchmail and other things

Category : Technology/fetchmailGUI.txt

I've created an interface to configure Fetchmail. It's going to be part of an "enhanced/improved" version of Postfix Enabler that I'm working on.

It's also part of this whole idea that we could use the Mac to build a business on. For example, carrying forward the idea about "working without a safety net" (see previous post), imagine you're on your own now and you've decided that, instead of spending a couple of years applying for job after job, you would stop to think - about "what economic value could you contribute to the marketplace" and "what tools do you need to get on track again"?

Over and above the technical details about doing "sudo" and launching Unix services, this is what I've always felt - that I should be spending a lot more time thinking about the real-world issues, like what assets do I have that people would be willing to pay to use, and how each could be made into a stream of income.

That's why I built these tools - so that I won't have to spend any more time than I need to get these services turned on to help me be in business.

So what do we need? For a start, I think, a mail server. Firstly, it's convenient to have this totally under your control and it's really the foundation for a lot of future automation. Then there's the web server, but you need to be able to turn on a few services to reap its full power (e.g., WebDav for sharing calendars, PHP for running a weblog), and, even more importantly, to be able to know what people are reading when they stop by your site. Do they stay, or do they move on? And, finally, you may or may not need a DNS server configurator yet, but it's important to have that handy when you need it.

So there's this whole Internet-in-a-box idea. You could use an XServe and OS X Server. Or you could use an ordinary Mac and concentrate not on every conceivable Internet service, but only on those very focused activities that could help you get a business going.

So, I'm working on this "iBox" idea that could help people run a business on a Mac. There's going to be a lot more changes to all the stuff that I'm working on by the time I'm done. For example, this is what the Fetchmail interface looks like now. But I'll need to move a lot of things around by the time I'm done. (So, I'm just sending this to a couple of people to try out, for a start. But I'm reviving a bulletin-board/forum idea that I had for the site so that people can chime in on what they want to see being built.)

While on the topic of building systems, I don't think I would have spent as much time building all these applications if Cocoa hadn't been so much fun to use. For example I don't think I'd bother writing Mac applications if we're still on OS 9's programming APIs. I've had the five or so volumes of Inside Macintosh but I've never managed to build more than a couple of applications (in C) in a decade of use and, even then, these were of limited usefulness. (I've always had to use things like 4th Dimension or FileMaker Pro, instead).

If you look at the interface above, I used Cocoa Bindings to create and populate that table and it was very fast. The only problem is that there seems to be a bug in Cocoa Bindings when it's handling a table column with a NSSecureTextField cell (the "password" column, above). It doesn't update correctly when a user edits the column. I've got a couple of other places in Postfix Enabler that handles passwords and I've always been concerned that these passwords were left in the clear. So I very much want to find a way around this. (While Googling for it, I found just one other guy who had reported this problem, but I'm sure it's a Cocoa Bindings bug because the NSSecureTextField cell works OK on a table that's been created the "traditional" way, without Cocoa Bindings). I've actually spent more time trying to make the password column work than I took to create the whole Fetchmail interface and I'm still looking for a solution. So it's still quite a bit of work.

There's this "patcher" for Postfix Enabler 1.1.6 floating around that will let you use it without a serial number. Plus, I know of at least one working serial number, also floating around the web. I don't understand it. It's only 10 bucks. I thought we all believed in capitalism :-) Only God knows why the world works this way.

Posted at 2:08PM UTC | permalink

Sun 19 Jun 2005

Working Without a Safety Net

Category : Commentary/safetynet.txt

Or is it, working without chains? We visited this cute little place called The Animal Resort somewhere in the north of Singapore, not too far from our home. The great thing about this life we've slipped into is that we can take time off whenever we want, and go wherever we want, without any guilt.

Living without a safety net, I've learnt that I need to watch my health like a hawk. Any mishap in the form of a debilitating illness will throw even our most carefully wrought plans into disarray.

I'm a borderline diabetic, having inherited this condition from my father and his parents before him. (My father had Alzheimer's - will I have it, too?) I've been watching my diet. Working from home, I get to eat good healthy food, bland though it may be. To think that I live barely 200 metres from a gastronomic paradise. But food I can resist. I've lost half of the ten kilograms that I'm supposed to lose.

And I'll get the other half gone if I can make myself go running every day. If I go 200 metres in the opposite direction, I hit a trail into the Nature Reserve bounding MacRitchie Reservoir. I did a run the other Friday morning at about ten and passed quite a few people who looked like they didn't have to go to work. They looked pretty happy to me.

I was looking at the latest issue of Fortune over the weekend - about people in their forties or fifties who've lost their jobs and not likely to find another one soon. I read about a guy who's been told by a recruiter that "he's got a lot of maturity".

This is a terrible time, if you're not prepared. I think the forties is both the worst and yet the most likely time a person would lose a job. My cousin at Sun tells me that every time he survives a cut and moves up the hierarchy, there are seven less people around him who've been culled. Eventually, it'll be his turn.

It's been eleven years now since I've had to learn to work without a safety net. It's not that I'm totally comfortable all the time. But I've at least made peace with the idea and learnt not to panic. There are levers and gears you can use to keep yourself afloat. And I've come to realise that the only person who can guarantee yourself a safety net, after all, is ... yourself.

Posted at 3:27PM UTC | permalink

Fri 10 Jun 2005

WebServer Monitor 1.0.7 Released

Category : Technology/WebServerMonitor107.txt

I've released WebServer Monitor version 1.0.7.

I've needed a way to quickly filter the log records by a visitor's IP address so that I can see how he has traversed through the web site. In order to do this, I've added a Navigation menu so that if you do a Command-Option-C, you can copy the log record's IP address to the Search Field, at which point the log records instantly shrink to show only those from the same IP address.

If you've sorted the columns by time, you can see how the visitor has come into the site, what pages he has looked at, for how long each page, and when did he leave.

Other items in the Navigation menu clears the Search Field (Command-Option-X), scrolls back to the currently selected log record (Command-T), and launches the referrer's web page (Command-R), which can also be done by double-clicking on the log record.

There's also the new "Check for Updates" menu item under the Help Menu that will bring you back to the WebServer Monitor web page, if I have a new release ready.

Actually, I'm thinking I could use the WebServer Monitor to be an Apache configurator, e.g., to set up WebDav, PHP, etc. Together with a log analysis tool, that's probably going to be the next improvements.

Posted at 5:44PM UTC | permalink

DNS Enabler 1.1.3 Released

Category : Technology/DNSEnabler113.txt

The domain name server now listens correctly to all its network interfaces on re-boot, and this seems to work reliably (about a minute after reboot). You can find DNS Enabler here.

The important thing is that the mail server gets its domain name correct when it refers to its name server, so that it can broadcast this correctly to other mail servers, rather than the xxx.local that it would otherwise report.

This increases the chances that its mail will get delivered. (Except for those picky mail servers that check further about whether its IP address is coming from a dynamically allocated block - something that I feel is beyond the call of duty).

Anyway, it's still an interim solution. It's neat because I avoided changing the system-supplied Launch Daemon plist, but it's at the expense of making the server check a lot more frequently for changes to its network interface.

But, at least the system is now working like a name server should.

There is a Check for Updates menu item in the Help menu so that you'll get to know if there's a new version out. And this will be added to all the other stuff we're doing, like Postfix Enabler, WebServer Monitor. And Luca.

Posted at 10:50AM UTC | permalink

"He who's not busy being born, is busy dying"

Category : Commentary/busybeingborn.txt

"He who's not busy being born, is busy dying". That's Bob Dylan, and I wrote about this sometime back in connection with a book I was reading then, "The Creative Economy - How People Make Money from Ideas" by John Howkins.

I picked up Andy Grove's book, "Only the Paranoid Survive" from my book shelf, turned to the back cover and, whaddaya know, there's a blurb from Steve Jobs. (This book came out, let me see, in 1996.)

"This book is about one super-important concept. You must learn about Strategic Inflection Points, because sooner or later you are going to live through one." - Steve Jobs, CEO, Pixar Animation Studios.

So, what is this Strategic Inflection Point of which he speaks? From the jacket notes :

"Grove's contribution to business thinking concerns a new way of measuring the nightmare moment every leader dreads - the moment when massive change occurs and all bets are off (italics added). The success you had the day before is gone, destroyed by unforeseen changes that hit like a stage-six rapid. Grove calls such moments Strategic Inflection Points, and he has lived through several. When SIPs hit, all rules of business shift fast, furiously, and forever. SIPs can be set off by anything: mega-competition, an arcane change in regulations, or a seemingly modest change in technology.

"Yet in a watchful leader's hand, SIPs can be an ace. Managed right, a company can turn a SIP into a positive force to win in the marketplace and emerge stronger than ever."

Apple is heading into one such tornado. And Steve Jobs looks like he's prepared.

Posted at 4:05AM UTC | permalink

Wed 08 Jun 2005

Never a Dull Moment

Category : Commentary/Macintels.txt

Macintels! This reminds me why I'm a Mac user. We never have a dull moment. I'm actually looking forward to it.

Ralph of Apfelger�chte asked me what I think. This is what I wrote :

"I think it's a good move because it's good that Apple has two chip suppliers, or even three, and the OS is processor-independent, so why not take advantage of it anyway. And I believe that it'll turn out to be transparent, at the end, to the end users because Apple's strength is, of course, that it has always taken responsibility for building the whole box and defining the user experience, and it'll be just another Mac even if it has Intel Inside, and we wouldn't even know unless we go and take a look. Of course, I'm speaking as a Cocoa programmer and I see mostly good and I'm looking forward to it."

While Apple's switching processor may not make much of difference to either IBM or Freescale (but they couldn't scale!), as they have been quick to report, or even to Intel, as some analysts have suggested because of "the tiny sliver of marketshare that Apple has", I'm thinking beyond the numbers. Of the Intel that believes "only the paranoid survive".

On the one end, we have a chip-maker that's proud of its ability to constantly innovate its way out of dead-ends (remember RISC vs CISC?). And on the other, we have a computer maker who'll drink the innovations like water from a fire hose. We live in interesting times.

Posted at 3:50AM UTC | permalink

Mon 06 Jun 2005

Collect All 3

Category : Commentary/CollectAll3.txt

I remember being amused by Apple's print advert of the original iMac - the iMac with five colours - and its sub-head, "Collect All 5".

So, now, I've got a web page each for Postfix Enabler, DNS Enabler, and WebServer Monitor. Go ahead and collect all three, please.

I built all three because I've needed them.

WebServer Monitor allowed me to track how people buying Postfix Enabler were traversing through the web site. And that's how we noticed why they weren't seeing the serial number page, even though we've had that page up from day one so they'd get their serial number immediately. It's a short step from knowing why to knowing how to solve it, and I've been able to sleep a lot better now without worrying that someone's paid and not getting their serial number.

And it's amazing seeing downloads of DNS Enabler going to places as far away as Peru and New Zealand. (I'd like to go where those bits are going.)

DNS Enabler has been invaluable when we're doing our testing, when we need to mock up, say, how one mail server could authenticate and relay mail through another.

So they're all available for download and they can be improved no end.

I may be able to make DNS Enabler and WebServer Monitor so good that people would be willing to pay for them eventually, but I'm out of this Shareware thing. It's either going to be free or it's going be commercial. In-between is stupid. Believe me, I know.

Posted at 9:59AM UTC | permalink