Get On, Clip In, Fall Off

For Those About To Authenticate Themselves - We Salute You

I have a lot of ideas in the shower. This is one of the sillier (but still almost plausible) ones.

The video game Guitar Hero isn't just a video game - it's also the foundation of a reasonably strong user authentication system.

People have been trying to find effective ways to authenticate users with biometrics for ages. It's now routine to see fingerprint scanners attached to machines, iris and retina scanners, and voiceprints. However, nobody has yet harnessed the power of rock as a method of authenticating that someone is who they claim to be.

Guitar Hero (and its open-source and therefore more useful for this exercise clone, Frets On Fire) is a game in which the player pretends to be a kickass rock star by playing notes on a guitar controller with 5 "fret" buttons and a bar which is hit to actually "strum" the selected note. A line of notes on an extended guitar fretboard scroll down the screen, and at the simplest level all the player has to do is to hold down the correct fret and hit the strum bar as the note scrolls across a line at the bottom of the screen. It starts out easy and gets very, very hard indeed at higher difficulty levels. Frets on Fire doesn't even need the guitar controller - it can be keyboard controlled.

What makes this interesting, though, is that every guitar player you listen to - every musician, really - will have a slightly different style. Nobody plays exactly on the beat and exactly according to the score - there are going to be individual patterns in the timings of the notes in a particular piece depending on who's playing them. Guitar Hero knows this - the player actually has a short but measurable window of time in which to play a particular note. Just measure the deviation from the "ideal" time for each note played, and you have a fingerprinting mechanism. This is similiar to the way in which telegraph operators developed distinctive "fists", enabling them to identify each other from the characteristics of the Morse they sent.

Even if someone miraculously plays every note right at the millisecond it's intended to be played, there's plenty of extra data to mix in from the timings of the players' manipulation of the fret buttons. Anyway, you definitely don't get style points in the world of rock for playing all your notes exactly in time (with the possible exception of some particularly tedious prog rock). That ain't rock and roll.

In short, it should be possible to make a reasonably good guess that someone is who they claim to be based on how they play a few of the widdly bits in Bark at the Moon. It doesn't have to be an entire piece - just a few licks will suffice. The more notes the better, obviously - just as longer passwords are more secure, rocking for longer is also more secure. Military applications and cryptoheads would probably insist on using the whole of Free Bird.

Higher levels of difficulty would also be more secure, as these involve progressively more notes and more frets. Thus, Guitar Hero practice would become a core job function for system administrators and others in positions requiring a high level of data security awareness.

There are vulnerabilities, but no more than other authentication systems. Impersonation is very difficult (everyone has their own rhythm, baby - even if you set up the sound to be identical, you can still tell if it's not Angus Young playing Back In Black), so the most obvious replay attacks would be resisted. However, this technique has unexpected strengths as well - alcohol and drugs will alter the player's reflexes and thus their timing fingerprint, enforcing sobriety requirements where these are necessary. That said, if while providing the initial sample the player is under the influence, they'll subsequently need to be drunk to be allowed to log in.

Interviewing at Google

I've now been at Google for, wow, 11 whole months! I thought I'd write down some stuff I really wish I'd known when I started, and especially some things about the interview process. Disclaimer: This is my personal blog, and these views are mine, and not those of my employer.

Don't worry too much about what to wear when interviewing at Google. If you wear a really sharp suit people will wonder why you own a really sharp suit rather than one you obviously keep just for formal occasions and hardly ever wear, but other than that it doesn't really matter. Don't go too far the other way, though. At least make sure you shower and put on something clean, as you'll be stuck in a small airless room all day for your onsites and if all that people remember about you when they come to write up their feedback is the smell that's a bad thing. You'll get irony points for turning up in a Yahoo! or Microsoft T-shirt, though.

Be nice to everyone. Be especially nice to the recruiting coordinator who's looking after you. And if you need a break for the bathroom or just need to get the hell out of that small airless room for a few minutes or whatever, don't be afraid to ask. One of your interviewers would probably quite like to go for a stroll outside rather than be sitting in a small room anyway. Similiarly, if you have a phone screen which turns out to be at a bad time or you're suffering from lack of sleep and can't think straight, don't be afraid to ask to reschedule. We want everyone to give us the best impression they can when they're interviewed, and if you don't think you can do yourself justice for some reason or another tell us.

Don't worry too much about getting 100% right or 100% wrong answers. If you don't know the answer to a question, try to derive it from what you do know. Theorise and hypothesise and think aloud. People who answer every question straight out are few and far between, and that actually tells an interviewer less about you than listening to you reasoning. Be interested in everything, or at least pretend to be.

Don't be arrogant or cocky. Leave your ego at the door. Arrogance and cockiness will kill you when it comes to assessing your culture fit. We're looking to hire Obi-Wan, not Luke, and we don't care if you used to bulls-eye womprats in Beggar's Canyon in your T-16.

Do come up with interesting questions to ask us, but do be savvy enough to know that questions like "Please give me a detailed description of your production infrastructure" and "How many servers do you guys have exactly, anyway?" aren't questions we can answer. Please don't ask us "How have I done? Will I get hired?" or "How much will you pay me anyway?". We really can't answer that one.

Don't make assumptions about how you've done unless you, say, ran screaming from the building halfway through your second interview of the day (and hey, you probably wouldn't be the first to do that).

Do poke your recruiter gently for an update if you haven't heard anything after a week or so. But be polite - they're insanely busy. Generally when they have information to pass on to you about your application they'll do one of the following:

• Call or email you immediately (call if it's good news, email if it's bad)
• Go away skiing for a week

Do understand that while the hiring process is tedious and frustrating, it's tedious and frustrating for just about everyone. It does mean that if you get through it alive you get to work with lots of insanely smart people, and it's worth it in the end. I promise.

History of Computing

Having been born in 1973, I sometimes find myself thinking that as far as computing is concerned I missed the true pioneer days. The late 1970s and early 80s, when intrepid hobbyists burnt their fingers soldering stuff together in their garages (or on their kitchen tables if they were in the UK, where the garage is generally too small or too cold for such things) and accidentally started major computer companies, were times when I was just too young to appreciate the significance of what computers were going to do in the future. They were neat toys to play games on, or maybe type in the occasional listing from PCW or Acorn User (which probably didn't work), or attempt to write programs of my own (which probably didn't work either). I'd even try the occasional hardware experiment (which usually didn't work either, except for causing damage). Ultimately, though, I just didn't have the patience to be a computer programmer.

Programmer or not I've been using computers ever since, and making my living from them more or less since I started working. One of the things which has always interested me is the history of computing. The story of how computers developed from the earliest piles of semi-mechanical metal through valves, transistors and succeeding generations of integrated circuits is a fascinating one not only because of the pace at which technology has progressed but because of the personalities involved. Apart from the pace of technical development and the human drama surrounding the breakneck pace at which the industry has moved, there are also the shifts in public attitudes in technology to consider, from the anything-goes attitudes of the early years of widespread computing to the privacy activism and, sometimes, downright mistrust of today as people start to wonder just what the outcome of the computer revolution will be.

It all makes for a fascinating story, and I'm rather surprised that other than within the rather restricted scope of series like Cringely's Triumph of the Nerds nobody seems to have filmed a definitive history of computing yet. Now would be a very good time for this to be done while memories are still fresh.

Hey, BBC - I've got a splendid idea for an epic 13-part documentary series! Can I present it? I'm good-looking, presentable, just the thing you're looking for, and hell, I know a little bit about computers...

More software updates..

After casually noticing that it was now possible to get my dedicated servers reimaged with Debian instead of the generally painful Fedora Core I casually decided to upgrade igor, the web server. As with most casual upgrade decisions it actually turned out to be a bit of a pain - mostly down to 1and1's update server being unavailable yesterday - but now not only is the machine back up and running sarge, I've also taken the opportunity of upgrading MT to version 3.2 and migrating the web service itself to the lovely lighttpd.

Very little of this will be visible to anybody reading stuff here, but hey, it makes me feel better...

Please hold.

After spending 17 minutes on hold to BT Openzone while I was sitting in a Starbucks on Tottenham Court Road recently, I gave up waiting when I realised that my coffee would be cold by the time everything was sorted out anyway.

Being put on hold doesn't annoy me in itself. Wandering through a couple of menus before being transferred to a human doesn't annoy me either. But sitting on hold for ages simply to get to talk to a person at all infuriates me. I just don't see how some companies think it's okay to have customers and potential customers twiddling their thumbs for 15 minutes or more while your call handling system repeatedly tells them how important their call is. Most people have got better things to do, and being told that "your call is very important to us" at the same time as being told to hey, just stay on hold and be patient is, well, as Sparks once put it, sending mixed signals.

Yes, there are various allegedly-magic digits you can dial while navigating various phone systems' menus, but these only dump you out of the menu systems and into the hold queue. And even if they bump you up the hold queue.. well, that's not really fair on everyone else who still has to wait.

Also, I was in need of a small project to learn about Ruby on Rails, so I sat down and fiddled with things for a bit and behold, the first incarnation of Holdlog is now available. It's pretty ugly because I'm not a web designer or CSS guru, but it works. Well, there are probably some bugs too, but nothing fatal that I know of.

Please do have a look at it (not that there's much to see at the moment - it needs people to start inputting data for it to get useful) and start timing your own holds... Oh, and tell your friends, of course. Naturally.

Life in a terminal world

There's a rather philosophical Wired article out about the forthcoming switchoff of the Asheron's Call 2 game servers. AC2 has been the first high-profile casualty of the tidal wave of migration from existing massively-multiplayer games to World of Warcraft - a game which I played continuously for a few weeks, but which rapidly lost its "ooh, shiny!" appeal. Rock the dwarf paladin continues to languish at level 43, in protest at being ordered yet again to go and kill a zillion identical monsters as busywork. (Being highly averse to the level grind, I have hopes for D&D Online, which seems to be more about content than about advancement.)

As the article says, there must be something very strange about wandering around a world which you know is going to wink out of existence in a couple of weeks.

The sorry saga of SAGE and LOPSA

I've long had an interest in system administration as a profession. Over the years, the business of keeping computers running has changed from being a part-time job that someone would do in their spare time as part of a more general system programming task to a profession in its own right. As it has developed into a profession, various bodies have sprung up to cater for the growing numbers of professional sysadmins.

For many years now, the USENIX Association has had a Special Technical Group (a semi-autonomous entity within USENIX) called SAGE - the System Administrator's Guild. SAGE has been successful in its own quiet way, and has spawned several SAGE groups in countries other than the US. SAGE-AU is highly active in Australia, while the UK's SAGE-WISE has been more dormant of late. I blame the name, which I believe I may have coined (WISE = Wales, Ireland, Scotland, England) and for which I grovellingly apologise.

Over the last couple of years, SAGE itself has been more or less paralysed by a plan, encouraged by the board of USENIX, to split away from USENIX and become an independent entity in its own right. This has been the subject of much politicking, and the activities of SAGE have been largely dominated by talk of Boards and Committees and Bye-Laws and the like. To a random member like me, it suddenly seemed like the membership dues I was paying were going to support a bureaucracy rather than an organisation that actually did anything beneficial to the field of system administration. This was particularly relevant to me, as many of the benefits of being a SAGE member were effectively unavailable to me as I was outside the US and therefore unlikely to be able to attend the conferences which USENIX/SAGE sponsored. Membership to me was more a mark of solidarity with my profession as a whole, and after some thought earlier this year I decided to hold off on renewing until it became apparent that SAGE was going to regain some functionality after the seemingly neverending upheavals. My SAGE membership has now been expired for many months.

More recently, just as things seemed to be settling down and the separation process seemed to be on course for a peaceful transition to an independent SAGE, there was a dramatic change of position by the USENIX board, which narrowly voted not to accept the plan for the separation of SAGE. This was seen as a bewildering betrayal by many rank and file members of SAGE. The separation was, it seemed, dead in the water, and despite dissenting views from other board members USENIX President Mike Jones made very clear that he, at least, considered this to be the state of things. Not only that, but USENIX was no longer interested in transferring any resources at all to the new organisation. As I'm sure you'll appreciate this caused mucho controversy, divers alarums, and lots of flamage on the sage-members list.

In a further twist, yesterday the board of the newSAGE organisation announced the formation of a new organisation - LOPSA, the League of Professional System Administrators. Henceforth, they would be putting their efforts into this new organisation, and while they would still be happy to talk to USENIX.. well, it's unlikely that there's going to be much of a reconciliation on the cards. Many people are saying this is a good thing, and a new baseline from which to move forward.

I don't agree. This schism, after the last years of politicking and deliberation and bureaucracy, is the worst possible outcome for anyone wishing to see an organisation dedicated to the advancement of system administration as a profession. Too much has been invested in the SAGE name in the past for people to simply decide to throw their toys out of the pram, form a new organisation, and expect everybody to follow them. Now there are two organisations for me not to see the point of being a member of, rather than just one. I'm worried that LOPSA is going to be hamstrung with yet more obsession with procedure and bureaucracy for the foreseeable future, and I can't yet see any compelling reason why I should currently want to be a member of USENIX, SAGE or LOPSA.

The problem is in the top-down nature of both organisations. You don't get anywhere by appointing a board before you've achieved anything else. System administration is basically a hands-on profession, and the grass roots of system administration are more interested in action than in yet more months of administrative paralysis. The last two years have shown just how dysfunctional this model can be, and I don't see it improving too much under a newly-formed LOPSA - at least, not for the time being.

A lighter touch is needed. As a fast-moving, responsive profession, I believe system administrators everywhere would be better served by the encouragement of far greater grass-roots participation in the life and development of the profession. Networks of local groups are the way to go. They don't have to be big local groups, and they don't have to be all that local, but local, in-person activities and support networks are going to deliver a lot more to the average sysadmin than one over-arching body declaring itself to be representative of system administration as a whole and expecting other activities to flow downwards from there. With the ubiquity of the Internet, an umbrella organisation need not really be anything more than a support organisation which is able to make use of resources and economies of scale which are out of reach to smaller, local bodies.

What professional representation for system administrators needs is a participatory, loosely federal structure rather than a top-heavy bureaucracy. I'm sorry to have to say this - I was a member of SAGE for several years - but after the last couple of years I really have come to believe that the existing organisations have decayed far too far to have much to offer the average sysadmin. The only real hope is for local and regional groups to start organising themselves and working together to provide support, development activities and professional representation for the system administration community. Encouraging this sort of activity will deliver far, far more in the area of actual tangible benefits than just unilaterally launching what is, after all, basically a rebadged SAGE and expecting everything to be made better that way.

I've found this whole business to be profoundly depressing, to be honest. While I wish LOPSA all the very best and fervently hope that it is a success, I can't help but feel extremely pessimistic based on the total shambles of the last few years. I wish everybody involved well, but if half the effort that has been put into politics and bureaucracy over the last two years had been put into supporting and encouraging the development of locally accessible, practical support for current and would-be sysadmins, the overall picture would look much different.

(Final note: I certainly don't mean the above to imply that I don't think there's any place for organisations like LOPSA. There most certainly is, and if I could find it in me to be anything but almightily depressed about the whole situation I'd be delighted to do anything I can to help, but now I can't think of much I actually can do. I just think that the enthusiastic encouragement of local groups is going to do more for the development of system administration as a profession, at least in the present climate.)

Geek retreats

I've been a computer geek for most of my life, and self-employed for just over a year. Being self-employed means that you have to spend more or less all your time worrying about getting work done, unless you're one of those geeks who's lucky enough to be able to turn down work because you're making quite a nice enough living already. Heavens, most full-time-employed geeks also have problems stopping thinking about computers a lot of the time.

As a result of this, many geeks get all twitchy and alarmed when it's suggested that they should take a holiday or go somewhere where there's a risk of Internet connectivity being limited or unavailable. Apart from that, traditional holiday resorts - sun, sand and sangria - have not historically appealed very much to the dedicated computer geek, in my experience. As a result of this, it seems to me that many geeks either never take any holidays at all, or take holidays spent at home so they can play with computers in peace and quiet.

The other side of the coin is that many people today do basically all of their work over the Internet. With a laptop and an Internet connection, it's possible to work from just about anywhere - you'll regularly see people with headphones on working from local cafés or from hotels or wherever. Unfortunately, most of the places where wireless access is readily and predictably available are fairly boring - cafés, business hotels, some guesthouses. Some resorts will have internet access available in the lobby and maybe in rooms, but it's not always reliable, it's sometimes expensive and it rarely extends as far as the beach. Anyway, hotel rooms never have enough power points available, do they?

IT workers also tend to have (by no means inevitably, but often) rather more disposable income than the average worker. They can easily afford to take time away from home or go on holiday, and in many cases they can take a laptop along and be able to keep working on whatever it is they need to work on - or whatever they find interesting. A lot of people do this stuff for fun as well.

In theory, there are plenty of people who could take a couple of weeks away to go and sit by the sea with a PowerBook, getting on with work while still being able to get away from it all and enjoy a break from the norm. Indeed, an annual "retreat" of some form has been used by a lot of senior managers and the like for a long time as a way to focus on what they want to do away from the distractions of day-to-day life. Unfortunately, for people who aren't rich enough to afford their own well-wired mountain hideaway or beach house, this generally isn't a possibility. Conventional holiday resorts just don't cater well to the geek market - they're usually more about consumption of enormous amounts of alcohol (not that there's anything wrong with that) and large numbers of families, which means screaming children and other distractions for people who want to concentrate on intellectual pursuits even while they're away from home. And as mentioned above, they don't generally have good Internet access.

I have therefore come to the conclusion that what the world needs is a purpose-built Geek Retreat, or a holiday resort catering to IT workers who either want a working holiday, to take some time away from home or the office to learn about new things, or to work together with others in an atmosphere that makes it easy to do so while still being able to have some fun if that's what's wanted. After all, it should be possible given current technology to sit at a table on a palm-fringed beach at dusk drinking wine... while still being able to work on that piece of code you've been trying to find the time to finish off for the last month. It should be possible to gather with other people to work on stuff in a quiet corner, then be able to go out for a swim afterwards or a run along the beach. It should also be possible for such a place to have comprehensive broadband wireless Internet access covering every square metre of the site, and power points available even at those tables on the beach. It should be possible to spend one day tackling a particularly irritating problem in Perl, and the next day learning to dive.

It should be possible for such a place to have geek-friendly rooms with plenty of power points and external keyboards and monitors available for a little extra comfort. It should be possible for such a place to have on-site hardware support, a well-stocked reference library on site so you don't have to bring a pile of O'Reillys and lots of opportunities for networking with other people (a lot like the "hallway track" at major conferences like LISA and SANE. It should be possible for companies to send groups of employees for a couple of weeks to get their heads down for some serious coding away from the office, but still with everything they need to do their work on site.

I think such a place would cater to a lot of people - from lone workers looking for a place to get some peace and quiet at the same time as being able to enjoy themselves when they want to, from disparate groups of people gathering to work on a particular project, right through to people who just want to take a holiday but want to take a holiday in a uniquely geek-friendly environment. Special events could be organised - masterclasses and courses similiar to those on the existing geek cruises, but with a less claustrophobic environment and far better computing resources available on site (not to mention proper Internet access).

Unfortunately, I haven't got the cash to hand to develop this idea myself, but if anyone feels like lending me the capital I'm pretty sure that such a venture would be a huge success. There would be various pitfalls and risks and areas where very careful design and marketing would be necessary in the initial stages, but I have some other ideas which I think would address most of these. (You don't market to geeks directly, for starters. Oh gosh no, you don't. That way lies Certain Doom.)

What do you think, massed brains of The Internet? Could a geeky version of Club Med be a viable project?

Okay, so here's the deal...

I've had an idea bouncing around in my head for a couple of years, which I've run past various people at various times. Most of them seem to think it's a good idea, and the only major thing which worries me is that it seems to be an idea nobody else has tried to implement before. (I'm being deliberately vague about the exact nature of the idea here, as I'd be gutted if someone else did it first.)

Over the last couple of weeks, my new-found self-employed commercial brain has been telling me that I should just go ahead and implement this idea to see if it really does work or not. It's a fairly simple idea, but there's some fairly complex coding, database work and payment processing stuff which would have to be done. I don't have the knowledge (or web design abilities, for that matter) to do it all by myself, so it's going to need help from outside to do it. Yeah, I know I have a history of having grandiose ideas and never getting around to implementing them, but I think this one might just break the habit.

If I'm going to implement this I'll need to team up with a good coder - either mod_perl or PHP seems like the sensible option for this project - who knows about things like integrating web stuff with databases and implementing e-commerce sites. A web designer, or someone with better design skills than me, will also be needed at some point to make it look nice. Of course, being a penniless consultant I don't have any actual money to pay people with and the era of venture capitalists handing out kajillions of pounds to Internet startups is long gone, but I'm sure something can be worked out in the event of it being a success. It might be a complete flop, but if you fancy getting involved with something like this just in case it actually does make some cash, drop me a line. If I already know you it'll be a bonus. You probably need to be in or near enough to London to get together on occasion, but I don't see that as being a regular occurence.

As it's being implemented from scratch the architecture is, so far, completely open, but I don't exactly see it running on IIS. Might be fun to use OS X Server...

Instant server, just add Mac

For a long time Apple have sold a specialised version of MacOS targeted at servers, which goes by the unsurprising name of MacOS Server. It generally comes bundled with server-grade machines (which right now means the XServe), but if you need to buy it seperately it's pricey - £399 for the 10-client version or £799 for the unlimited-users version.

It's a good product - it does mail, file service, DHCP, you name it - and mostly uses the same open-source tools which power a lot of the Internet. The magic, however, is in Apple's custom administration tools, and that's also how the price tag is justified. If you're running a large network it's just the ticket.

But how about if you just want a home mail server or whatever? The Mac mini is an excellent candidate for those looking for a microserver which can just sit unnoticed in a corner - it's tiny, it's aesthetically pleasing, and it operates headless (without a keyboard or monitor) without batting an eyelid. Its main drawback is the relatively slow 4200rpm hard drive, but for low-demand applications that isn't really a problem.

The mini will run OS X Server, but it seems a little weird to spend the same amount as the cost of the machine itself again just to provide lightweight mail and web services for a home or small office network. At the same time, large parts of OS X Server are made up of open-source software. Its mail server uses Postfix and Cyrus, while its webmail system is, I understand, based on SquirrelMail. Some other things, such as web and DNS services, are already installed and just need a few tweaks.

However, compiling and installing things like Cyrus from scratch can be a real pain, and MacOS X isn't necessarily an easy platform to work with when building some bits of UNIX software - it can be time-consuming and fiddly to figure things out from scratch. Such things are generally well beyond the reach of the average user who doesn't like the command line, wrestling with compilers and autoconf, or editing cryptic configuration files. So I thought I'd see if it was possible to build an easily-installable binary distribution to provide basic network services on a MacOS X machine without excessive fiddling and for free.

After a couple of days of hacking I've more or less managed to do just that, and have produced the first version of a ready-to-install binary package which can be installed (using the OS X installer) easily, and which then requires the editing of a couple of files and a couple of other steps to make it work. It installs Cyrus (including saslauthd, as PAM is the order of the day) and SquirrelMail for an instant webmail and IMAP server. I've tested it on a virgin installation of Panther and it works fine - instant mail server!

As I said above, there's no pretty configurator yet so it's still necessary to edit a couple of files to and jump through a Cyrus-mailbox-creation hoop, but that's still an order of magnitude easier than building and installing it yourself.

It's good enough for a provisional tentative this-is-how-it-works release - if you want a copy, then help yourself (19MB .dmg). While there are a couple of similiar packages out there, this is 100% freeware. Enjoy.

Future plans include adding extra services to make it a more fully-featured server package and, first and foremost, a configurator to take care of the trivial bits of administration which need to be done at install time, especially the Cyrus administration stuff (additional users still have to have their mailboxes created manually with cyradm).

Voiding guarantees for fun and profit

So I finally gave in. My plan to "just happen to go for a visit to the Apple Store and not buy a Mac mini" failed miserably and I came home with a dinky tiny 1.42GHz G4 with an 80GB hard drive in a box which is, it has to be said, small. It's hard to figure out just how small it is until you see it in action. There are a million reviews out there which will tell you this, so I won't go into detail about such things.

Suffice to say that I now have a small box sitting like a limpet on top of my hunky great G5. With a VNC server installed (and fortunately, the Apple Remote Desktop server side which is installed with MacOS X already speaks VNC) it will happily work with just power and networking connected - just right for the project which I have in mind for it. But first I thought I'd pull a 512MB DIMM from my mostly-idle PC, which will be quite fine with the remaining half-gig, to upgrade the Mini to 512MB. There are plenty of web pages out there with instructions on how to open a Mac mini, most of which involve putty knives. Well, I don't have a putty knife, but after an hour or so of mucking about with a couple of kitchen fish slices, a random piece of thin metal and a couple of expired, edge-filed-down Irish credit cards I was in without causing any visible damage.

Exchanging the DIMM is the easy bit, but what people don't tell you is that putting it back together can be tricky too - there's a row of metal fingers on the edge of the I/O panel which have to be positioned just right as you squeeze the machine back together, or it's fish-slice time again to get the lid off and try again. Apple have confirmed that although the machine's tricky to get into, opening it up doesn't void the guarantee unless you break something by taking it to bits, which is quite reasonable.

Now that that's done, the machine happily reports 512MB at boot time and it's time to get going on part 2 of my Evil Plan for the Mac mini.

A Steve Jobs Concordance

Just for yuks I watched Steve Jobs' keynote at last week's Macworld SF with a tally sheet and a pen, noting all the superlatives used in his speech and how many times they were used. Given that this was coming from the man who gave the world "Insanely Great", there were quite a few of them. So, just as proof that people really will post the most ridiculous rubbish to the Internet, here's my Steve Jobs Concordance Of Superlatives (as well as various other bits of "interesting" speech which I observed). It's all entirely unscientific - I may have missed some or tagged some twice or whatever and I'm certainly not going to watch the whole thing again just to verify the numbers.

It's interesting to observe that what have been seen as the most significant product announcements, the Mac mini and iPod shuffle, seemed to have the lowest SPS (Superlatives Per Sentence) ratings. I presume this is because things like the price and tininess of the mini are significant enough to speak for themselves without needing further emphasis.

The numbers above relate only to Steve's speech - the various other people who spoke are not included as it's not their speech patterns we're analysing. The CEO of Sony, it's interesting to note, hardly used any superlatives at all other than to suggest that people might be "blown away" by some of the stuff they have in the pipeline, and even that sounded a little forced. Of course, he's Japanese rather than Californian...

Of Steve's most famous construction, "Insanely Great", there was no sign at all. The closest match was one description of something as being "Incredibly Great", which is not quite the same.

A significant moment for Apple

While I'll happy admit to being a relatively recent convert to using Macs, I'll deny being a swivelly-eyed zealot. Zealots can see no wrong with the chosen target of their zealotry, and I can list a good few things that I don't like about my Powerbook, not the least of which is the inability to use both the keyboard volume controls and Exposé without holding down Fn for at least one of them. And hey, I don't see the point of the iPod Photo either.

One thing which I do religiously, however, is watching out for new product releases from Apple. The main reason for this is to see what a company that's both fantastically imaginative and ferociously secret about its works in progress will pull out of the hat this time, and they're rarely disappointing. When Steve Jobs delivers one of the big keynote speeches at Macworld there's a pretty good chance that he'll announce something jaw-dropping, surprising, or just so plainly obvious that it's amazing nobody's thought of it before. And that's why I'll happily admit to having sought out a phone with a web browser attached upon arrival at Heathrow to find out what had been announced during the Macworld SF keynote. And my, what had been announced..

The iMac G5 is a design tour de force, and the PowerBooks are probably about the best notebook computers on the market, but I'm finding it hard not to conclude that the Mac mini is the most important computer Apple have produced since the original iMac back in 1998. There's much more to it than that, though. While the original iMac was a signal of Apple's intention to get serious about producing affordable machines which everyone could use, the Mini is a signal that Apple wants people who already own computers but are frustrated with them to chuck the system units away and recycle the keyboard, mouse and display into something more productive. Because of the potential growth in sales that breaking into this market would represent, it's probably not unreasonable to suggest that this is the most significant machine Apple has ever shipped.

This is long overdue, as the more recent versions of the iMac have been significantly more expensive than other home computers. While the dollar price has remained more or less constant since the $1300 iMac was introduced in 1998 (the 1.6GHz G5 costs $1299) the price of competing Wintel-based machines has dropped through the floor, making the iMac substantially more expensive compared to the competition. What was needed to fill the gap was a machine the price of a low-end mass market PC, and that's what Apple have delivered.

The reaction to the mini's announcement in the Mac community has been confused - admiring and muted at the same time, with lots of dismissive comments made about the relatively low-powered G4 processor and the fact that it costs an absolute packet to spec a mini with 1GB of RAM rather than the default 256MB. Claims are appearing that the "minimum usable configuration" costs anything from $1000 up, which is generally the result of maxing out all the specs and adding a keyboard and mouse. At the same time, people looking for a second (third, fourth..) Mac and UNIX nerds in general are eyeing it hungrily as a small home server machine or terminal.

It seems to me that a lot of people are missing the point. If you're the kind of person who thinks that a computer needs a gig of RAM to be usable, then guys, pay attention: YOU ARE NOT THE PRIMARY MARKET for the Mac mini. If you're a high-powered Mac user who wants a high-powered machine, go buy an iMac or a G5 Power Mac, as they're the machines which are aimed at your demographic. Complaining that it only has a 1.2GHz G4 is like complaining that a Smart car has a small engine. Maybe it does, but the Smart will still get you from A to B. It just won't do it quite as fast as a Golf.

If you're the average home user - there are a whole lot more of them than there are power users - and you're frustrated with your Windows box, then hi! You are the target market and this machine is for you, at least as far as Apple are concerned, and they're hoping that you'll buy one, and that when a friend mentions how much trouble they're having with their computer you'll suggest that they buy one of these inexpensive little boxes too. They aren't the fastest Macs out there, and if you do much more than read mail, browse the web and manage your music with iTunes you'll want more than the standard 256MB of memory, but they'll certainly do the trick if you just want to replace the Dell that you currently use for reading mail and browsing the web.

Hardcore computer users have a nasty habit of assuming that everyone's usage patterns are the same as theirs, and will often pretend that the "frustrated home user" category doesn't exist at all other than as phone calls from family members looking for tech support because they're so frustrated with their Dells. In reality, these are the silent majority of computer owners nowadays and the mini is aimed squarely at this majority who just want to do their stuff with the minimum of fuss and stress and phone calls to irritable relatives who "know about computers".

With this in mind, it seems to me that Steve's hardly going to need to deploy the reality distortion field much to convince an enormous number of people to buy the mini. In combination with the iPod shuffle, the Mac mini represents a newfound conviction in the mind of Steve Jobs that the time is right to make a serious assault on the mass market and I've got a nagging feeling that he's right.

IPv6 tunneled subnets with MacOS X

At SANE last week they were giving out cool T-shirts promoting IPv6. I wasn't quick enough to get one on the Thursday (but was quick enough to watch Dónal apply his +15 Diplomacy Modifier when persuading them to let him have the last one on someone else's behalf), and on the Friday you had to produce the IPv6 prefix of your network in order to get one. Unfortunately, it had been a while since I'd touched IPv6 - the last time was at TCD a few years ago (NetBSD router with KAME and two network cards) and I couldn't remember our old prefix off the top of my head.

Stung by having missed out on a cool T-shirt (something that's guaranteed to kick a geek into action) I decided to see about getting an IPv6 tunnel into my home network. Now, my main home machine runs MacOS X, so I wasn't entirely certain whether this would be easy or, indeed, at all possible. 6to4 is usually the easier solution for home networks and has a fairly well-hidden GUI in MacOS 10.2 and 10.3, but NAT breaks it, so a tunnel it had to be. Besides, playing with tunnels and routing your own prefixes has more hack value.

The BT Labs tunnel broker provided an IPv6 subnet and a tunnel endpoint and mailed me setup scripts for a FreeBSD box. Happily, these scripts only required a very very few changes to make them work - I'd been expecting a struggle which didn't materialise. The only differences were, for the record:

• Replace "gifconfig" with "ifconfig gif0 tunnel your-ip remote-ip"
• It seemed necessary to use the globally-allocated IPv6 default gateway (local end of the tunnel) rather than the fe80::%gif0 syntax for referencing the link-local interface address .
• Replace "fxp0" with the name of your LAN interface - in the case of the Airport interface on my G5, en1.
• If you're using NAT, specify your IP inside the gateway as the local end of the gif tunnel and make sure your gateway knows what to do with incoming traffic.

And that was, to my surprise, about it - traffic was flowing. After turning on rtadvd(8) on the G5 my Powerbook noticed there was a v6 router present and quietly reconfigured itself to use it. Miraculous! Total time taken - about half an hour, mostly my working out how to configure a gif tunnel when the evil NAT is between the machine and the big wide world. Apart from that, as with most things Mac everything Just Worked as it should.

Too easy, you think? You want proof? Okay, here's proof - a screenshot from Safari talking IPv6 to a web server. It takes a bit of Debug menu hackery to make Safari prefer v6 addresses where available, but it can be done.

Remedial system administration

More of a question than anything else, but..

I'm thinking about sitting down and writing a little paper on "remedial system administration" - basically, dealing with situations where a sysadmin comes into a site or shop and finds that the systems they're supposed to administer are going to require major work for whatever reason to bring them to a manageable state but without causing major user disruption. It's kind of an interesting little field which seems to have been written about very little in the past ...

So, can anyone point me to any prior work in the field? There are probably book chapters in the major system admin books, which I'll check when I get home, but I've been scratching my head for a while and can't think of a great deal of work on the subject.

Small SANE update

It seems that a number of free software people were involved in a car accident on the way from SANE to Paris. This page here is following the news as what's happened becomes clear.

Conference time

I'm taking a couple of days off from trying to write documentation to visit SANE 2004 in Amsterdam. This is one of the biggest conferences in Europe for UNIX geeks, and after being here in 2002 I've been looking forward to the 2004 incarnation of the conference. The big difference this time is that I have to pay for it myself (although hey, it's tax-deductible), but it's still very much worth the investment.

I arrived yesterday afternoon (after a morning spent with that sinking feeling which appears when you know you're going to have to go to Heathrow airport shortly) and, after finding the hotel and checking in, ran down to the RAI congress centre where the conference is being held to pick up my registration stuff from the desk. The T-shirt this year has an "I, Root" theme which is slightly more subtle than the T-shirt from last time, which has "I (heart) ROOT" on the front in huge letters and which I reserve for when I'm going somewhere where there will be Australians. After saying hi to a couple of people I ran back again, for a total of just over five miles. My calf muscles are still reminding me of this this morning.

Owing to a bit of time zone confusion this morning (the iCal entries for the programme were converted to UK time) I arrived about half an hour early thinking I was late. I guess I should have figured out that 0830 would be an insanely early time to kick off an event full of computer geeks, something which I put down to having slept badly last night, but I got to spend some time wandering round the Internet before the event proper began. After the usual introductions and welcomes, Paul Kilmartin of little-known e-commerce startup eBay delivered the Thursday morning keynote - Inside eBay.com: The System Administrator's Perspective.

It was interesting to see how eBay have coped with their absurdly huge rate of growth - from something like six peanuts sold in 1995 to twenty-six billion trillion dollars' worth of merchandise sold last Tuesday alone and now turning over more dollars than there are atoms in the universe - and how they've had to modify their thinking and design philosophy to cope both with this huge growth rate and the constantly-changing technology that supports it.

Interesting, sure, but from my point of view fairly alien - as most of my experience has been in penniless academia, the first thing that sprung to mind was that yes, if you've got the money and your budget is tending towards infinity then you can just shout at your vendors until they deliver the stuff you want to solve your problem. For the rest of us, however, budget is usually the primary limiting factor rather than the hardware that's available on the market, and it's a sad fact of life that the amount of attention your vendor support people pay to you is usually proportional to how important a customer you're considered to be.

After a bit more time spent playing with computers I returned to the hall for Wietse Venema's invited talk - Open Source Security Lessons. Wietse is one of the most authoritative and worth-listening-to people out there when it comes to computer security - among other things he's the man behind numerous tools including tcp-wrappers, Postfix, SATAN... and so on.

Wietse presented an interesting overview of some of the lessons learned over the years, possibly the most important of which from my point of view was:

"If your resources are limited you have to be creative"

Of course, most peoples' resources are limited, which means that this talk worked as an interesting counterpart to the keynote. It's fantastic if your resources are unlimited (well, practically unlimited), but for most people creativity is going to be what solves problems.

Another lesson learned from Postfix which was close to my heart was that:
"Spammers don't destroy the infrastructure, it's the well-meaning people with poorly designed countermeasures"

which is, as Wietse says, just another way of saying that SPF is evil. And this is just one way in which it's evil.

(Incidentally, during the talk Wietse had to pause while his radio mic was seen to, and afterwards restarted the talk speaking Dutch rather than English, causing me to have one of those "Urk, my brain's lost the ability to parse English" moments that happen when people around me suddenly start speaking Dutch. Reboot!)

The new iMac G5!

Well, that took me by surprise - Apple's website now has details of the new G5 iMac. It basically looks like a fat flat-panel monitor - slot-loading optical drive on the side, 1.6-or-1.8GHz G5, lots of ports on the other side, you know the score. The 17" version is 5cm thick, the 20" version is 5.5cm thick.

Elegant design, though - looks like Ives and co. have done it again.

Prices from £919, or about 1299 Yanqui greenbacks.

Damn technology

So last night I got home fairly late after having a curry in Euston, and because it seemed like an appealing idea at the time sat down to quickly hammer out my last entry here. I didn't want to take too long on it as it was late, it was past my bedtime, and I had to get up in the morning and go to work.

Being sensible, I therefore regularly kept an eye on the clock in my Mac's menu bar. Every time I looked it was saying 00-something, so that was fine. I kept typing a bit more, did a quick editing job. After a time I looked at my watch instead of the menu bar clock, and found to my surprise that it wasn't 00-something at all, it was 0145!

The menu bar clock had stopped an hour earlier. I have no idea why. Maybe the little gnomes inside my machine had forgotten to wind it up. Still, this is a fine example of how technology is fallible, and also explains why, whoa, I feel really rough this morning.

Konfabulator, LaunchBar and Tiger

During his WWDC keynote last week Steve Jobs gave a preview of the next release of MacOS X, Tiger. There's a vague stink in the shareware developer's community at the resemblance between one function, Dashboard, and long-standing shareware desk accessory thingy Konfabulator.

There's a pretty good and comprehensive refutation of the claims that Dashboard is just a ripoff of Konfabulator at Daring Fireball. The real point of this post is to highlight a tool which was recommended to me as providing similiar functionality to another Tiger feature, Spotlight.

Spotlight is a system for indexing the contents of your machine and making them easily searchable. But wait! An application that's available today for adding a fast search function to your machine is LaunchBar. Version 4 is currently in beta testing, but the continued availability of a NextSTEP version kind of hints that LaunchBar has been around for a while.

While Spotlight searches the contents of files LaunchBar only indexes filenames and metadata, but as this includes things like Safari bookmarks and your iTunes library it's still incredibly useful. The beauty of it is that's accessed via a system-wide hotkey (Command-Space by default) which pops up a smart search bar at the top of the desktop. Just enter a few characters of what you're looking for, hit Enter and bam, LaunchBar opens it for you.

Want to fire up Safari? SAF is enough for it to be the first hit on LaunchBar's list. Want to hear "Polkas on 45" by Weird Al Yankovic? POLKA will find it for you. Want the BBC News website? NEWS will probably do the trick. What this means is that there's a whole lot less moving to and fro between keyboard and mouse, speeding things up considerably. It doesn't just search, though - you can navigate around the filesystem using the arrow keys, pick documents from an application's Recent Documents list, whatever. It's very, very intuitive, very, very clever and very, very useful.

The full functionality is hard to describe, but I highly recommend checking out the features list, then downloading the beta of version 4 and taking a bit of time to get to know it.

It is indeed a thing of beauty. I'll be registering Version 4 as soon as it's out of beta.

Gmail accounts

Just a quick note to say that I have (as do a lot of people) a number of Gmail account invitations to give out. If you don't already have a Gmail account to play with and would like one, drop mail to <mike.knell@gmail.com> and I'll send you an invitation. First come, first served.

The only reason I mention this is that there seem to be a huge amount of people flogging invitations on eBay, and although the increased number of invitations doing the rounds has caused something of a price crash I'm happy to openly offer my spare invitations in order to annoy such cash-in merchants. (Got spare invitations of your own? Why not do the same and give yourself a karma boost?)

[EDITED 10 July: I've pretty much burned through all my invitations now, folks. Sorry.]

[EDITED again 1 August: As said in the last edit, I really DON'T HAVE any more invitations to give out. You can stop mailing me now. Sorry.]

Things of beauty

Apple are known for making product launches into events - not events in the sense of "hiring the Rolling Stones and flying in journalists by helicopter gunship", but events as in major conference keynotes with Steve Jobs unveiling the new goodies in front of a crowd of the Apple faithful. This month there's a keynote coming up at the Apple Worldwide Developers Conference which suggests a new product or two. In addition to this, Apple are holding a press event next Wednesday which is widely rumoured to be the European launch of the iTunes music store. With all this going on, it's unsurprising that the product launch that slipped out yesterday sort of caught a lot of people on the hop.

The product which slipped under the rumour mill's radar to emerge out of the blue yesterday was Airport Express. It's a wireless base station in the handy format of what Americans call a wall wart - a small plug-in mains adaptor, 94x75mm. That in itself is cool. It's even got a USB port for sharing a printer, just like the full-size Airport base station. But even more than that, which is why it's a Thing of Beauty -

it has an audio output that speaks standard analogue audio and optical S/PDIF.

What this means is that you can plug it into your stereo or your AV amplifier and play music through it from iTunes. No need to run cables - just plug it into the wall, plug it into the stereo's line in sockets and away you go. No need to listen to your music through the cruddy speakers on your Powerbook, no need to sit in front of your desktop machine to listen to music. The form factor makes the whole thing sufficiently portable that you can just throw it in your laptop bag and take it with you when you go away.

It's a beautiful piece of technology and a fine example of the kind of slightly out-of-the-box thinking which keeps Apple so far ahead of the rest of the world as far as building cool stuff is concerned. Add to that the fact that it's pretty good value at 99 quid in the UK ($99 in the States, of course) and they'll probably sell a bazillion. I need one, right? No, I need several. I'll just go and look at the Apple Store UK, no, really, I'm just looking there, I swear.

The end of the world is nigh!

Seeing as how I was all excited (in that geeky kind of way) at the prospect of the ADSL connection in the new flat going live next Thursday, I spent some time yesterday evening connecting everything up and configuring the ADSL router so that everything would be ready when the connection went live.

Imagine, therefore, my annoyance when I was online earlier today over some steam-powered device called a "modem" and the connection went down. No dialtone on the line. I was about to ring BT and moan at them when the words "jumpering onto a DSLAM" floated through my mind. Could it be...?

Dialtone returned a few minutes later, so I powered the ADSL router up experimentally. It synced up happily and the PPPoATM link came up. I had ADSL five days earlier than scheduled, and only six days after placing the initial order through Demon. I'm in shock. This must be an omen.

Still, it's nice and fast. As I said before - once you've had fast network access at home it's kind of a shock when it goes away.

ADSL! Need ADSL!

Since moving I've realised exactly how much I'd got into the habit of assuming that high-speed Internet access at home is something that's just, well, there. Being able to pop the screensaver on the desktop machine or open the PowerBook and have decent wireless connectivity had become a habit, and now I'm back to using a 56kbps dialup it's something of a culture shock. Having to, like, dial up, and having the phone line tied up, and then having things run so sloooooowly...

Still, kudos to Demon and BT - having placed my order for self-install ADSL on Sunday I've just had confirmation that it will be going live next Thursday. This is much faster than the last time I ordered an ADSL circuit, and as far as I'm concerned it can't go live soon enough. It's certainly moving much faster than the standard three week lead time.

High-speed Internet access at home is certainly habit-forming stuff.

The politics of broadband

A couple of weeks ago I was alerted to the fact that Ian Liddell-Grainger, Conservative MP for Bridgwater in Somerset was presenting a ten-minute-rule bill in the House of Commons on the subject of rural broadband. He thinks that tax breaks for installers of broadband networks would be a good idea, and I agree with him.

For those who don't know, a ten-minute rule bill is most often used as a means for Members to express an opinion or to gain publicity. They stand little chance of becoming law without Governmental support.

Now that Hansard from that day is available, I've gone back to take another look at what he said to see if he really dropped some of the clangers which I thought he did when I watched the speech on the BBC's Commons feed. The official transcript of Liddell-Grainger's speech is right here. Let's take a look at a few choice quotes, bearing in mind that Members are allowed to check transcripts of their speeches for accuracy and errors before publication:

"I notice that the Prime Minister's own website—for those who do not know, it is pm.gov.uk—now carries a range of extremely well made and informative propaganda films. The only trouble is that even at 512 kilobytes per second of British broadband, we still have to struggle to watch those movies in a tiny window screen the size of a postage stamp." - Well, I regularly watch 256kbps streams from the BBC's broadband service and they come in at a pretty decent resolution. Even running my monitors at 1280x1024 they're still a decent size, and while not broadcast quality, they're perfectly watchable. Don't forget that "television quality" is actually quite a low benchmark to aim for - broadcast TV has resolutions far below that of the average computer monitor.

"In Japan and parts of America, broadband is really fast— 4 megabytes per second. That means that a computer can be used to watch a full-length movie in very high quality indeed, just like a television. That makes Britain's best broadband resemble Mickey Mouse, but then it is completely different. It is run on fibre optics, not old-fashioned copper cable. Unfortunately, it costs an arm and a leg to install, but companies and private users sign up willingly and pay on the nail, because it really works." - Where do I start here? Do I start with the "I was told they have this in America" assumption which conveniently forgets that broadband access in the US is often hard to come by outside metropolitan areas unless it's, say, via satellite, which has its own set of technical problems? Do I point out that broadband access at speeds of up to 2 or even 4Mbps is readily available across large swathes of the UK, and certainly in the same kind of areas which would have access to such things in the USA? Do I point out that broadband in the USA is often slower than services which are available here? And do I point out that all these speeds are available over old-fashioned copper line pairs without running a fibre local loop? I really don't know. Finally, I think I'll just let the "four megabytes per second" claim slide as obvious unit confusion. Life's too short, you know?

"Broadband can be 10 times faster than an ordinary phone line, but frankly, that is not actually very quick. The technology for British broadband is known as asymmetric digital subscriber line. To many people, it is a lot better than nothing at all, but ADSL still stands for "another disappointingly slow link"." - Come now, Sir. I know you desperately wanted to get the bad joke in about what ADSL stands for, but at least employ a fact-checker next time. Available technologies for end-user broadband Internet access in the UK include ADSL (up to 4Mbps or possibly more), cable TV-provided links (up to 3Mbps) and, in some areas, wireless access at various speeds.

"It does not have to be this way. Fibre optics is the answer, and that technology will eventually come. [...]" - Right now, I'd say that wireless technologies and community broadband initiatives are the answer for rural communities who are either not yet enabled for ADSL or too far from exchanges for ADSL to be possible. Work on the regulatory framework surrounding such things (a good model would be the "self-help" TV relay scheme which has been a great success) and assistance for communities looking to connect themselves up would probably deliver better and faster results than crossing your fingers, providing a bit of a tax break and relying on the benevolence of the telecomms companies to come up with the goods. Fibre to the kerb is hardly happening even in big cities, so it's going to be a really long time until farmhouses on Exmoor get such a thing. Broadband technology right now does not require fibre to achieve multimegabit speeds.

I think I can see what happened here. Rural MP got demands from constituents for broadband access. Corresponded a bit with BT who complained about how much it would cost them to provide ADSL to the whole country and pointed out how this would require cross-subsidisation from their more urban customer base to provide. Asked what Parliament could do, was told "tax breaks, please!" and worked on the assumption that that would make BT happy. Of course it would - major corporations love tax breaks.

Parliamentarians should really seek independent technical advice before making fools of themselves in this way. While I'm sure that Mr Liddell-Grainger's aims were entirely honourable and well meant, he undermined himself fatally by demonstrating a fundamental lack of understanding of the subject he was talking about as well as a serious lack of research. That's a shame, not to mention a missed opportunity.

Footnote added on December 2 2004: It's come to my attention since writing this piece that it's been picked up and used in ways which I would not agree with. Just in case a clarification's necessary despite it being hopefully fairly clear from the article itself, I don't wish to imply any form of incompetence on Mr Liddell-Grainger's part as far as his parliamentary and constituency duties are concerned. The fact that he took the time to prepare this bill in the first place is something which should be commended. My reason for writing the above was to discuss a few technical errors in his speech, not to lambast him for being concerned about the important issue of rural broadband in the first place. The digital divide is pretty wide even in the UK, and even wider in the developing world, and increasing access to the kind of communications and information resources that many of us take completely for granted is a very worthy cause indeed.

Oh, the terrible injustice!

Cory Doctorow over at Boing Boing passes on a quote railing against what is for some reason seen as a terrible, awful injustice being perpetrated against students at Penn State. Apparently, they aren't allowed to run servers in their dorm rooms any more unless it's for bona fide academic use and they get it signed off.

Quelle horreur! The awful injustice!

As an academic sysadmin, I see this as a fairly reasonable and fair policy. It's certainly perfectly normal in a lot of places. While students often like to think that they have an automatic entitlement to do whatever they want with network connections in their rooms, as long as they're connected through a university's network they're using university facilities and have to follow the rules. The university, in turn, have to follow other rules as well which are laid down by their own network providers. It's certainly not a given right for students to run servers in halls, and a lot of institutions NAT the halls off as well for good measure.

The last thing universities want is to open themselves up to threatening letters because their students are sharing vast amounts of copyrighted material which they don't have the rights to distribute. IT staff have got better things to do than wasting huge amounts of staff effort on investigating and responding to such complaints, such as running and developing network services. And hey, JANET-connected institutions pay by the byte for their external traffic - not very much, but it soon adds up, especially if you're being used as a giant warez/porn/copyrighted-music/movie archive by the occupants of your halls of residence.

Ultimately, most universities (and all the ones I've worked at) have the policy that their network is an academic network and is there for bona fide academic purposes only. Although (obviously) reasonable personal use is tolerated, serving out gigabytes of legally-dodgy material isn't. That's not only an infringement of both the university's and JANET's AUPs, it's also usually illegal, and it's definitely not reasonable. That's all. At Penn State, if students have stuff they want to do which involves running servers then there's a mechanism for them to be allowed to do that, so anyone doing actual interesting work rather than just running a giant archive won't have too many problems. Claiming that this policy is somehow going to harm education seems to me to be simple hyperbole.

While it's possible for digital rights campaigners (who I have to admit I often find disturbingly shrill and, on occasion, out of touch with harsh reality) to do important work - and don't get me wrong, they do - I get annoyed by this kind of unconsidered blustering against what they see as unfair policies which may, in reality, have a perfectly reasonable background. Too many of these pronouncements are made by people who don't have to deal with the live technical and policy issues on a day-to-day basis. Yes, I agree that the enforcement of copyright law in some places is getting a bit ridiculous, but no, I don't accept that the acceptable use policies of academic networks should be dictated by anyone other than the people who operate and pay for them.

So there.

[LATER EDIT: Jason has written an interesting and thought-provoking response to this. I recommend it to you - see the Trackback links. --mpk]

A little more on the EQ/Mac debacle

Now that the news about SOE freezing maintenance of the Mac EverQuest servers for eight months without making an official announcement has appeared on Slashdot, I've been doing a little more digging around in the user forums at eqmac.com and SOE's support board and discovered a few interesting tidbits in addition to what's already been reported here and elsewhere.

• Unless I'm missing something really important, even SOE customer service representatives were unaware of this policy, continuing to assure players in the official forums that reported problems and bugs were being looked into when the decision had long before been taken to close down further development.
• Posts on the official message boards complaining about the reported freeze are reported to have been routinely deleted by SOE.
• As far as I can tell, there has still been no official announcement of the maintenance freeze. This needs to be emphasised - the only official, SOE-published announcements have been a couple of vague things about server status, and the EQ for Mac web pages make no mention of the fact that they're still selling a game which effectively has no support beyond the most basic.
• There are zones which are simply not accessible to Mac users even though they should be, namely the Planes of Power zones above Tier 1.

It's obvious that many players who are still playing the game don't want to give up and don't want it to go away, so the worst thing SOE could do right now is to close down the server. That would probably make things worse rather than better from a PR point of view. What they could do to make things substantially better would be to demonstrate concern for their customers and for their public image by hiring a couple of people to fix these bugs. It would only be fair, really.

In the interest of fairness and full disclosure I'd be happy to post any rebuttals that anyone able to speak in an official capacity on SOE's behalf can provide, as I'm still happy to accept that there's just a terrible mistake somewhere and the explanation's perfectly simple. Please don't hesitate to mail me if you can help with this, or if you have any other interesting bits of information about this story.

SOE roundly stuff Mac users

I think this story from MacWorld and the forum posting it refers to need to be highlighted.

While my home Mac is not really my primary gaming platform (although it runs Halo very nicely indeed), I've got a desire to get rid of my gaming PC entirely to save space. I even thought about trying the Mac version of EverQuest instead of my current MMORPG crack, Dark Age Of Camelot. DAoC is a better game than EQ by a long way and right now is what I keep my PC around for, but if I could satisfy my MMORPG cravings and be able to get rid of my PC that would be a bonus.

However, the underhand way in which Sony Online Entertainment have treated Mac users over the last eight months is utterly shameful. I know they have a reputation for poor customer service even over on the PC version of EQ, but to make an executive decision to withdraw any bug-fixing and development support from the Mac game server and not even officially acknowledge that this has happened for eight months is underhand and shameful. What's even more shameful is that EQ for the Mac is still on the shelves , or at least was when I was in San Francisco last month. To continue to distribute a game which has already been effectively on hiatus for eight months is beyond shameful - it's getting on for fraudulent.

The sales figures may have been poor, and I know the Mac game server is underpopulated, but SOE would have lost far, far fewer friends had they been open about this from the beginning rather than making an executive decision behind closed doors and just letting their customers stew for months on end while continuing to take their subscription money. To add insult to injury, this decision was only officially acknowledged after months and months of questions and enquiries from users, and then it only became public through a mail message posted into a web forum. How much more disdain is it possible to show for your customers?

Still, at least I didn't buy a copy of EQ/Mac, although plenty of other folks did and maybe even still are, assuming it's still on the shelves. I'm sure as dammit going to think very hard next time my PC EverQuest subscription comes up for renewal, though.

[LATER EDIT: There's a little more on this right here. --mpk]

Lycos fail to get the point

Macworld have reported that Lycos have announced the launch of their own 1GB mail service in competition with Google's Gmail, which I've previously reviewed here.

Alex Kovach, Lycos Europe vice-president, makes a great deal of this service, which he seems to assume will be much better than Gmail because it doesn't have advertising, use spyware or store deleted messages. Don't get me wrong, but he's comparing apples and oranges, not to mention being faintly misleading as to the best of my knowledge Gmail doesn't use spyware or store deleted messages either. The hoohah over deletion seems to be a misinterpretation of Google's conditions of use for Gmail making it clear that even after mail's deleted it may still exist for a time on backup tapes, which isn't exactly a shocker, and as far as spyware's concerned... well, I don't see a mail service doing a keyword scan on mail before it's displayed to display the right targeted adverts as spyware. The tinfoil-hat brigade might, and there are plenty of kneejerk rentaquotes out there willing to froth on command, but for Lycos to imply that they're occupying some kind of moral high ground seems highly dubious at best.

Ultimately, Lycos just don't seem to get the point. The 1GB-of-storage thing (well, a hard-drive-manufacturer's gigabyte - 1000MB) is really just incidental to how Gmail works. It's a highly different webmail service to anything that's been done before, and the point of the huge amount of storage is that it just means users don't have to worry about deleting mail and tidying their inbox in order to keep it manageable. It's the searching and tagging facilities for navigating huge piles of mail with ease which make Gmail a winner (not to mention the clean user interface), and that doesn't change whether the mail quota's 50MB, 100MB or 1GB.

Anyway, Lycos are offering this service as a chargable option, so it's not that surprising that it's advertising-free. That's the reason most people pay for services like that - to get rid of the banner ads. Nice try, guys, but there's a whole lot more to building a Gmail-beating webmail service than cranking up storage limits. I detect a little panic here - could it be Lycos rushed this service to market in order to get there before Gmail comes out of beta and is opened up to all comers? C'mon, chaps. Get some imagination. If you can't compete on functionality or don't have the imagination to do so, don't try and compete based on cheap tricks and half-truths.

Tools for the machine room

Having preached recently about (among other things) the need for every machine room to have a toolbox, here are some further pontifications about exactly what tools should be in that box. I write this because a lot of pre-cooked tool kits are just not right for this application - rinky-dinky PC toolkits don't have the heavy stuff and the big screwdrivers while more mechanically-minded toolkits don't have the stuff needed to navigate the intricate innards of computers. I'll admit that sometimes it is tempting to repair a computer with a lump hammer, but that's not always productive as far as getting the machine back into service quickly is concerned.

The other thing to take into account is the number of service engineers and other assorted technical types who'll turn up without their own tools, or without just the right size of screwdriver, or without the serial cable that's necessary to talk to the piece of kit they're here to fix. I've had this happen a number of times, owing to a combination of suppliers failing to supply their guys with the tools they need to do their jobs and service engineers, particularly in London where many of them get around by Tube, wanting to travel light.

What I'd recommend from experience is to buy a reasonably-sized toolbox with a lift-out tray. Don't get one that's briefcase-shaped and insists on every tool going in its own little elasticated loop, get one that's box-shaped which things can just be thrown into. Then buy one of those PC toolkits that comes in a wee zip-up case and chuck that in the bottom. This takes care of all the little nut-spinners and so on that are needed when working inside machines. Get one with an antistatic wrist strap (while the risks of static damage are at least slightly exaggerated, mostly by suppliers of anti-static wrist straps, these things are a sensible precaution to take whenever possible) and a soldering iron. You may never need the soldering iron, but if it comes to the crunch and you suddenly find you need one, you'll be glad it's there. Consider it to be an insurance policy.

Once you've done that, it's time to fill the box with the rest of the useful goodies you'll need:

• Lots of screwdrivers, preferably ones with comfortable grips. Large and small flat-blade and crosshead should do you - just make sure there are plenty of them. Screwdrivers disappear remarkably quickly. Some people suggest issuing everyone who asks with their Own Set Of Screwdrivers, but to me this seems far too anal, not to mention making it extremely likely that just when you need them all the screwdrivers will be locked in peoples' desk drawers. Easier to just have lots of them. Electrician's screwdrivers will hopefully never be needed for their insulating qualities but I find them comfortable to use as regular screwdrivers anyway, so you might as well get a set of those too.
• You might never need them, but get a set of Allen keys, jeweller's screwdrivers and TORX drivers as well. (If you have Macs in your workplace, I believe the indispensable tool is a TORX 8 driver). Chuck them in the bottom of the box.
• You will definitely need a pair of decent heavy-duty wirecutters, a Stanley knife and (if you don't strip wire with your teeth like I do, which is both irresponsible and dangerous) wire strippers.
• An RJ-45 crimping tool and the corresponding doodad for stripping Cat 5 will come in very useful - even if you have one already that's used for general work, keeping one in the machine room box is a good plan. Throw in a handful of blank RJ-45s and a couple of inline couplers as well. If you don't have the pinouts for straight and crossed patchcords embedded in your brain (I always forget how that weird twiddle in the middle works), consider printing them out and taping them inside the toolbox lid.
• Tape, tape and more tape. Get a few different colours of insulating tape and, if you have three-phase power, make sure you have the relevant phase colours. You might find gaffer tape and masking tape useful as well.
• For the heavier work, a pair of pliers, an adjustable spanner and a soft-blow hammer will be useful.
• Spare bits and pieces of rack-mounting hardware are essential - screws, washers, cage nuts (if your racks need them) and one of those springy steel cage-nut tools should be readily available.
• Cable ties of various sizes - both releasable nylon (cutting them off can be a pain) and Velcro for taming the cable jungle.
• It's unlikely that you'll have to replace any fuses now that MCBs are standard everywhere (the only fuse that's needed replacing in my machine room in the last three years was the 100A fuse in one of the output phases of the UPS), but having a few spare plug fuses is probably a good idea.

Other things I'd suggest having to hand in the machine room include:

• Spare SCSI cables for every SCSI connection standard in use at your site.
• A comprehensive collection of serial cables, labelled to indicate how they're wired. Serial cables are one of the biggest pain-areas in system administration, especially if you have a heterogenous mixture of hardware. If you haven't done it already, consider using something like the Yost Serial Device Wiring Standard to make life easier. If you do this, keep plenty of adaptors in stock. I do recommend considering putting the work in - it will make your life much, much easier in the long run.
• A few Cat 5 patchcords of various lengths (including at least one really long one) and, if you have space, a box of cable in case you need to make up anything special.
• Spare mains cables, extension cables and multiway blocks. When you really, really need one right now and there aren't any spares, you will understand why. Try and stash these somewhere that passing people who need one for their office won't nick them.
• If you have a raised floor, get two tile lifters rather than one. Anyone who's ever been working under the floor at the same time as anyone else with all the accompanying cries of "Who's got the tile lifter?" will understand why.
• Label stuff! Buy a labelling machine and use it religiously. Don't buy a really cheap one as you'll be using it a lot. Having inherited a machine room three years ago in which virtually nothing was labelled, I can't emphasise this enough.

I think that's just about everything. I've doubtlessly forgotten something or another - if I have, or if you think I'm just plain wrong, then feel free to comment.

Advice for a happy machine room

A lot of companies (and universities) invest a lot of money in a proper machine room with conditioned power, air conditioning, fire suppression systems and plenty of cable management for their central computers. This is an excellent idea as computers love air-conditioned rooms, and the improvement in failure rates and other troubles when they're not just being kept in a hot, dusty room is remarkable.

But where some places don't pay as much attention as they should is in the detail - you may have a nice machine room, but is it in a condition where you'll be easily able to work in there efficiently, particularly when disaster strikes and you're under pressure to restore service as soon as possible, maybe on your own late on a Sunday evening? Having considered this earlier today I'd like to make the following recommendations, mostly based on bitter experience, to anyone with system administration responsibilities - whether your machines live in a cupboard or in a nice big spacious machine room.

• The machine room is not a store room. Empty boxes, redundant kit dumped on the floor and any other extraneous junk are just things to get in the way when you need to work around them. Pay particular attention to this if you have a raised floor - if you're in a hurry, having to move a pile of junk PCs to lift the tile you need to lift to get access to a power feed right now isn't something you want to do. This can be a real problem if you have a generously sized machine room as people will often just dump stuff in there "so it's out of the way". If that happens, I suggest dump