My Best Teaching Is One-on-One

一対一が僕のベスト

Of course, I team teach and do special lessons, etc.

当然、先生方と共同レッスンも、特別レッスンの指導もします。

But my best work in the classroom is after the lesson is over --
going one-on-one,
helping individual students with their assignments.

しかし、僕の一番意味あると思っている仕事は、講義が終わってから、
一対一と
個人的にその課題の勉強を応援することです。

It's kind of like with computer programs, walking the client through hands-on.
The job isn't really done until the customer is using the program.

まあ、コンピュータプログラムにすると、得意先の方に出来上がった製品を体験させるようなことと思います。
役に立たない製品はまだ製品になっていないと同様です。

Sunday, August 30, 2009

rice shortages

Saw this old post from last September (August 30 in the States, I guess):

News on the radio this morning about how the rains have destroyed the rice harvest this year for many farmers in Japan.

I don't really listen, so I didn't catch that the problem is the mudslides, not just the water content. So I was thinking, I hope they don't just throw it away, just because it isn't going to be high grade race. We're going to need all the rice we can get this year.

Jumping to conclusions. And as it turned out, the price only went up about 10% for a few months, and now it's back down to normal.

However, I have somewhat of reason to jump, when it comes to throwing food away in Japan. Some years ago, when I lived out in the country in the middle of Hyougo Prefecture, my wife and I were out for a walk and saw a wheat field burning. We were naturally worried, but when we got close, we saw that the farmer was watching it burn, keeping the burn under control.

We asked whether we could help try to put the fire out or something, and he said, no, he had just made a mistake in planting the crop and had to clear his field. It was some sort of 麦 ("mugi" == "wheat", but probably barley), intended for making beer or some other kind of alcoholic beverage.

The mistake? The stalk was too short for the powered (mini-) harvesters he had available. (Should put a picture of one of those miniharvesters up.)

I was shocked. Aghast, really, although probably too polite to show more than disappointment. One of the few things I physically miss in Japan is wheat. There just is not enough, and, what there is, usually has most or all of the germ ground off.

Think of your favorite American brand of starch mislabeled bread.

Well, okay, only about half the bread in Japan is really that bad, but good, whole grain bread is hard to come by. What they think of when I ask for whole grain is the commercial stuff you buy in the States that is basically white bread with about 10% whole flour and cracked wheat kernels added, that usually tastes slightly like cheap vinegar.

Anyway, my Japanese at the time was not up to making the kind of request I wanted to make, and it was a bit too late, anyway. It would have been an awful burden to him to have him stop the burn in a corner of the field so I could come back and harvest a bit of it by hand. But I really was feeling mixed feelings. Even just ten pounds of fresh (unpearled) barley would have been wonderful.

Sunday, June 7, 2009

What's wrong with the economy?

I'll tell you what's wrong with the economy:

Too many greedy people.

And the worst greed of all is when people are making well more than they need to get by, and still insist on working 80 hour weeks.

Chronically working too hard does not display any sense of social responsibity. It's bad for your health and for your family life, too.

It's the same kind of behavior that made Microsoft and INTEL too big. And GM and AIG, too. It's not good for the company either, in the end.

If you have more than enough, be responsible. Share the work.

Saturday, May 9, 2009

Fedora on an old clamshell iBook

I have an old clamshell iBook. I'm editing this post with it, in fact. Firefox 3.5 beta 4 on Fedora 10.93. (Fedora 10.93 is what Fedora 11 release candidate is currently called.)

Startup is slow. No doubt about that. But once things are running, it's quite useable.

I am currently triple-booting it, with Mac OS 9, Mac OS 10, and Fedora. Not in VMs, of course, I have to re-boot to switch, and all that. Here's how I did it:

First, dual-booting Mac OS 9 and Mac OS X on these old Macs is not really difficult at all. You just need installable media.

The last officially installable version of Mac OS 10 that runs on these old clamshells is 10.2, Jaguar. I'm not going to point anyone in the direction of the tools that help run later versions. (Was it post-facto or X-post-facto?) I've never gone there, myself, although, if Apple drops PPC support in 10.6, I may do so. (No love for INTEL from me.)

I don't want to get on-line with Safari 1 or Firefox 2, and I've wanted to keep this clamshell in use for my kids, so I've been trying to get Fedora running on it for a while. But they want to play Bugdom and Nanosaur, and I have some dev I think I may want to get back to that requires old systems, so I want to triple-boot it.

About a year ago, I bought a 160G disk and installed it. (Directions can be found elsewhere on the web, I don't have time to put all the pretty pictures I took up.) Only the first 120G was visible to Mac OS 9, and trying to format beyond that with Mac OS 10 prevented Mac OS 9 from booting. So, I needed a machine with a battery that worked anyway, so I bought an iBook G4 at the end of summer and installed that 160G hard disk on the G4. Runs very nice, have it triple booting Mac OS 10, Fedora, and openBSD. Mac OS 9 runs via classic on it, of course.

The iBook G4 was fairly straightforward. This iBook has not been.

First, Fedora would not install with the 160G drive. gparted would refuse to make a 1M partition and the installer would refuse to install the boot stuff in anything bigger than 1M. (More on that further down.) This was not the case with the iBook G4, only with the iBook G3.

First and a half. You must have more than 192M of RAM to boot Fedora. Live Ubuntu was painfully slow, although it did actually boot. An old live Fedora also was painfully slow, but did boot. Fedora 8, 9, and 10 would not boot. That's okay. You want to max the RAM anyway. Don't get the old 66 MHz RAMs, they're way too expensive. 100MHz RAM works just fine in most cases, and it's way cheaper.

And get 512M. Apple doesn't guarantee it, but it usually works, and you really want all the RAM you can get.

Second, Fedora walks on the Mac OS 9 drivers every way I've been able to install. That means that when you select the Mac OS 9 partition to boot from, Mac OS 9 won't boot. Classic will run, in Mac OS X 10.2, but Mac OS 9 won't.

That means you need to make sure you can boot up Mac OS 9 from something else, and the only other thing available on the old pre-firewire clamshell iBooks is the CD drive. (No booting from USB on these.) Catch 22 if your Mac OS 9 install CD is 9.1 and you update to 9.2.

If you do update to Mac OS 9 9.2, copy the Mac OS 9 partition off to a USB drive and burn a bootable CD ROM with that. (CD-R/W probably will not work.) And don't complain to me if it doesn't work, I haven't tried it here, I'm just speaking from theory. (Yes, I should try it. But I wouldn't have time to post this if I did.)

Third, well, it takes a long time. Even if you have installed a DVD drive in the machine, you probably want to use the netinstall CD. Otherwise, you'll be waiting for the install to finish, and then you'll be waiting forever for the first update to finish. Think in terms of more than 12 hours after you select the packages and start the downloads.

Fourth, well, if you don't have any nostalgia (or other reason to use the old systems), Fedora by itself was quite straightforward. Except for the 120G limit on the hard disk size. (I tried it last summer when I thought I had some extra time.)

So. Procedure:

HD -- 30G or greater. (The G4 had a 30G hard disk in it, so I used that.) Get a USB enclosure for the drive that you'll be removing.

RAM, as I said, more than 256M, recommend 512M.

Mouse. You want a mouse with at least two buttons. I promise you.

Backup your data, of course.

Partitions: 512M is probably enough for Mac OS 9, but you'll want more for the old apps that must be the reason you're wanting to multi-boot it. I used 1.5G, and that leaves enough room for the Mac OS 9 virtual memory space (576M).

I suppose you can put Mac OS 10 and Mac OS 9 on the same partition, but my set of superstitions suggests against it.

For Mac OS 10, you probably want about 9G or more to boot from, with another 1.2G for swap. That makes 10G if you leave the swap on the boot drive.

I used 9G for boot and 1.5G for swap. There are other places you can read up on moving the swap space off the boot partition for Mac OS 10, so I'll set that topic aside, here. Except for one point: drive label issues are much simpler on the clamshell iBooks. Plus side of a minus point, there.

(I have used Mac OS X 10.2 on a 5.6G hard disk, and it's okay, but I was continually watching the freespace and moving stuff off the main drive on that setup. And I only had 192M RAM in it at the time, so I wasn't losing a lot to swap space. I did move swap space off the boot partition for Mac OS X, just to force myself to keep room for the swap space.)

(Oh. The theoretical 8G limit on old machines. That does not cover the clamshell iBooks, even though some people within Apple, even, have been confused on this point. I have the README files to prove it, along with the booting system. 'kay?)

(Hmm. That 8G boot partition limit on the biege G3 desktops. Put Mac OS X in the first partition, cut it to about 7.5G, and you're golden. Mac OS 8 or 9 will boot above the 8G limit, so put that in its own partition, up above the Mac OS 10 partition. At least, that's the way I remember it. But that's got nothing to do with the iBook.)

The order of the partitions doesn't seem to matter on the iBook. Fedora moves things around, by the way.

You'll want one more partition, about 500M, for moving things between Fedora and Mac OS.

That makes four partitions so far. On the iBook, the partition count is important. You don't want more than 7 partitions total. (Or was it 8?) I like to cut lots of partitions, to keep things separate, but I had to give that habit up for this install. Sort of.

Ergg. Okay, no more than 16 partitions, but the drivers (and some other low-level stuff) are loaded in the first 8 partitions in the old Macs. The first partition you cut will actually be partition 9. So, the number of partitions we are cutting here must be limited to 8.

The partitioning software for Linux will allow you to cut more than that, but then Mac OS 9 refuses to boot and there is no way I could find to get around that.

Leave the rest of the disk unpartitioned, for Fedora to do its stuff with.

Install Mac OS 9. Then install Mac OS X. Or vice-versa. Make sure both are booting.

Get your install media for Fedora ready. (Again, I recommend netinstall. It seems simpler that way. If you're going to do this to a lot of iBooks, set up a private mirror instead of trying to install from the 7 CDs in the current install set.) It takes about a half hour or so at 1M ADSL transfer rates.

I'll defer to the Fedora wiki for how to get the install media.

Insert the netinstall CD, (re-)boot, hold down the C key. Fedora walks you through the several selections, pay attention.

Once you are into the graphical installer, you should use the mouse and its buttons instead of the trackpad and its buttons.

The trackpad driver is set up to take taps on the trackpad as mouseclicks (gag), and it's way too sensitive. Far and away too sensitive. If you don't use the mouse, you'll find yourself missing important setup dialogs because the drivers thought you clicked twice. You don't want that. (I really should write that up on bugzilla, but, you know my excuses about time at this point.)

Now, when it comes time to set up the Linux partitions, select the option to let the installer use the un-allocated space and automatically set up the partitions. But,
also select the option to check the partitions it sets up.

Why? It needs to set up two (count 'em 2) boot partitions for Fedora. (Why!?!?!?!?!? I wish I had time to look at the code on that.)

You were wondering why I was worried about the number of partitions? Heh.

Okay, it needs to cut one very small HFS partition to relay the boot from the usual (Open Firmware) Mac boot procedure from the PPC days. (openBSD allows you to do that on a partition you're booting Mac OS 9 from, but they are using a different technique.) As I mentioned above, that's a 1M partition. It's also marked appleboot or something. Let Fedora's installer handle that.

It needs to cut one partition for /boot in the Fedora file system, to handle the actual Linux boot processes. Currently, 200M is sufficient, but, again, you can let the installer take care of that. The next partition can be cut as an LVM partition, and swap space and other stuff (including the root partition) allocated in there.

So, seven Mac OS visible partitions minimum:

Mac OS 9,
Mac OS X,
Mac OS X swap,
HFS shared partition,
appleboot boot relay partition,
/boot partition,
LVM

and that leaves one more possible partition before Mac OS 9 refuses to boot. I don't remember, actually, if number 16 was actually useable, and I'm not interested in going back to check. So keep it at seven Mac OS visible partitions.

Within the LVM partition, of course, if your hard disk is big enough, you can divide the partitions up as you want. With the 30G drive, I felt it was wiser to just let everything fall into the 14G or so root partition. With 60G, I'd have separated out /etc, /var, /tmp, /home, etc., but I only had 30G. No big deal for what this machine will be used for.

I might, later, dedicate this machine to be a server. If so, I'll load openBSD and no X11, I think. And I'll partition it properly.

The install takes, as I said, a long time. Because the CPU is relatively slow, all the dependency checks take about two to three hours, but once you've selected the packages to install and told it to go, you don't need to worry about that. Just start it in the evening, and come back to it the next evening.

Make sure your family won't be tripping over the ethernet cables. Last summer, I got the install started Saturday night, went to church Sunday morning, and came back in the afternoon to find that someone had knocked the ethernet cable loose. (Broken connector, I'm to poor to fix it.) And the install had timed out and there was no way to recover. Oh, well.

Choosing your packages -- last year, there were still a lot of packages that still didn't run on PPC. Open Java was still not quite there, yet, especially for PPC. Most of the packages run okay, although you'll wonder sometimes when initialization takes a long time, and the splash screen doesn't show up until about a minute after you selected the app. But the responsiveness, once the app starts, is not bad. And, once the first run sets up the initial states, the next startup is quite a bit faster.

Yes, openoffice works reasonably well, too. So do the GIMP and inkscape. (wow!)

One more thing. If mono disgusts you as it does me, you'll want to go back and uninstall the mono packages. Nothing really necessary there anyway.

Finally, after Fedora is installed and running, you need to do one more thing to re-enable booting from Mac OS 9. Get your Mac OS 9 install (or bootable) CD and boot it. (Hold down the C key after the chime, again.) You'll notice that the hard disk is not mounted by the install CD. Run the hard disk setup application in the utilities folder.

You'll see that it says the hard disk is unrecognizable. Select it and click the format button. (eek!)

Well, yeah, be careful here. If you don't click more things than need to be clicked, it will take you to the dialog that allows you to set up partitions. There is an "Options" button, click that. (I'm reciting this from memory, I should check it, but I'm running out of time.) There should be either a dialog or menu selections at this point that allow you to refresh or install the drivers. Do that.

Now cancel the format dialog.

(Of course, cancel the format dialog. I mean, it took you two days to get this far, you don't want to go through that again for no reason.)

Quit the hard drive setup utility and re-boot.

Hold the option key down to get the boot volume selection screen. The Mac OS 9 and Mac OS X partitions are visible with the names you gave them when you formatted them. (Unnamed 1 and Unnamed 2? Heh.) They also have icons which help tell them apart. You can now select the partition to boot and away you go.

One little niggle remains. You can use the Mac OS boot select dialogs to change away from defaulting to Fedora. You can't go back, though.

Except, the next time you update Fedora, it will re-select Fedora for you.

Heh. Fun times.

(Now, I'll see if I can get my kids to play with Fedora on this machine instead of playing Marble Blast on the machines I need to work on.)

[update: pictures from the preparation stage on youtube.]

Monday, April 27, 2009

sub addresses to help manage junk e-mail

RFC 5233 came up in a thread at /. today.

Came up in another thread just a few days ago, but I can't seem to find it right now. I'd link to that thread if I could, because it was the thread that made me aware of the RFC. Oh, well.

Anyway, I posted this in today's thread, and I don't want to lose track of it, because I want to start setting my filters up this way.

It won't be perfect, but it will surely help find false positives among the junk e-mail.

This looks a bit complex, but you don't have to do it all at once.

Until the Internet has a bit better standards for e-mail, and until the ISPs quit being miserly with domain names, RFC 5233 addresses can help a lot, if used wisely.

RFC 5233 describes a way to implement sub addresses for your primary e-mail addresses. Simply put, you hang a "+" on your basic address, and then you tag some string on it after that.

Let's start with an example basic address:

user@isp.example

(Think of exampleisp.com or exampleisp.org or exampleisp.jp or some such, but the example top level domain is reserved for, hey! examples, where the example 2nd level domains are not.)

A sub address could look like this:

user+subaddress@isp.example (or, something like user+subaddress@exampleisp.com)

Another kind of sub address could look like this:

user#boxnumber@isp.example

If your mail provider supports these, they allow you to make the sub-addresses up as you want, and route your mail to you via the base part. That lets you filter the "to" address by the sub-address.

Okay. Now you know what they are. What else should you know about them? Many ISPs do not yet implement them which may be a problem. Google mail does, which helps a lot.

Obviously, if the spammers can steal your user@isp.example address, they can steal your user+subaddress@isp.example address as well. How does this help?

How do use these RFC 5233 addresses wisely?

First, assume that your base address will soon be harvested, if it isn't already. Thus, your base address of user@isp.example is essentially an alias for user+spam@isp.example . Pre-filter it that way.

Second, set up a suffix for bulk purposes, such as user+bulknnnnn@isp.example . "bulk" is okay, but you might prefer something a little more original to yourself, like "klub" (mix it up), or "hanbai" (Japanese for "sales"). The serial number could also come before, nnnnnbulk, or in the middle, like bunnnnnlk, and you might want to use pseudo-random serial numbers instead of just cycling through from bu00000lk to bu99999lk.

Hmm. bu23645lk would be harder to filter than bulk23645 with the simple non-RE filters that are most common. Okay, for this, let's stick with the sequence number after the tag.

Now you can give "bulk" sub-addresses out when you sign up for stuff on-line, instead of your "important" addresses. Write the made-up address down. Then, when you open up your MUA (your mail browser), you can set up a filter to grab that address and filter it to a filter for that kind of whatever it was to be filtered to. The first few mails you get from them, you find out what domains to expect.

If you start getting unrequested advertisements at that address, you can contact them and tell them they're somehow leaking their users' addresses, or you can change your filter to dump all mail to that address in Round File Q. Or you can add the sender address to the filter so that only legitimate senders for that address go to that folder. And then you can add another filter that dumps any mail to that address that comes from any other sender to the SPAM dump for consideration when you have the time, and/or for automatic deletion.

You can set up similar sub-address suffixes for mail lists. For example, user+listnnnnn@isp.example or user+listname@isp@example .

Then you can do the same thing for friends, family, church, school, clubs, etc. Maybe have filters for user+churchnnnnn@isp.example, user+schoolnnnnn@isp.example, and so on. For family and friends, maybe something user+frankl@isp.example for Frank Lemmon.

(You might expect spammers to try things like automatically cycling through user+joe, user+mary, user+john, etc., so you may want a little more than that. Or, you might adjust the address for joe, mary, and john when the spammers start doing that.)

And if Suzanne Roberts's computer suddenly gets infected with something, and you start getting spam for user+suzier@isp.example, you write her and urge her (yet again) to switch from MSWindowsX 10.77 to Ubuntu 12 or Fedora 15 or openbsd 6 or whatever. Tell her you'll send her a new address once she has either re-installed and MSWindows with service pack 109 or whatever the latest is, or moved to a reasonable OS. And warn her that, until she does, you might lose mail from her in the deluge.

Okay, while she is recovering from that, you have set up additional filters on the sender address, so that the spammers have to at least spoof her address as the sender to get into her folder, and that might actually be enough, but at least she'll have a little of the fear of nature in her, and maybe she'll start being sensible and start looking at alternatives to MSLeviathan.

In case you're curious, this is what private white listing works like. It can be controlled, because you have an idea who and where mail should be coming from, by the receiver address it is sent to. Two or three sets of filters for each address or set of addresses, one that white-lists known senders, one that diverts unknown senders to a "probably-junk" folder, and maybe one that (temporarily or permanently) black-holes known offender senders who have latched onto that group of suffixes.

Finally, you have a set of doorbell or knock addresses that you give out at business meetings and other parties: bellnnnnn@isp.example . You enable filters for the one you gave out last night, then, after a week or a month, you disable them again. Or, if the spam to that address is not too bad, you just leave it enabled and keep using it.

When you get legitimate mail at that address, you reply and tell them the real address they should send stuff for you at.

Of course, with a little time, you can actually set up a domain of your own for cheap with a little help from a place like google.com and a place like dyndns.org. Google will run your mail server for you if you have a web server and a domain name pointed to it.

Of course, there's that thing about letting Google spool your mail, but it is possible. Read the terms of use and make sure that's okay for the kind of mail you expect first.

If you understand the way to use sub-addresses, the way to use your own private domain name should be fairly clear. And it should be fairly clear why that's going to work better than sub-addresses.


Thursday, April 9, 2009

daydreams

Okay, so I'm having trouble getting out of the daydream mode. I have to go back to work tomorrow, and I have accomplished none of the projects I had lined up for myself over the break -- drupal, finishing my shiftJIS ctype project, getting my BIF dialect of figFORTH moved to C so I can port it to whatever I use, fixing RanBunHyou and extending it for scrambles, etc.

I did almost get Drupal up on my portable. And I sort of got a start on rebooting the shiftJIS ctype project.

Too many things I want to do.

So, I'm going to list the things I daydream about here and see if that helps me get a better grip on my prioities.

So --

First big dream. Buy Apple. (Where do I come up with a cool 60 billion or so?)
  1. Bring back PowerPC Macs, starting with a dual-G4 Mac Mini. (Let's see just how much "better" Intel's core really is.)
  2. Start a line of ARM Macs, not just iPhone and iPods, but netbooks and ARM Minis.
  3. Add one more ethernet port to all Mac Minis.
  4. Start a line of Macs for tinkerers, cheap, slots for additional ports, breadboard cards.
  5. Start a line of Mac Word Processors, essentially netbooks with built-in thermal or light-weight ink-jet printers.
  6. Etc.
Second big dream. Take over Microsfot. Microsoft, I mean.
  1. Freeze all current products, except for security and other serious bug fixes.
  2. Split it down the product lines. (Some guy who calls himself joudanzuki blogged about this.) Make the APIs all open and free.
  3. Fund the Wine project and a couple of others, and add paid engineers.
  4. Start a new OS product, MSWindows Mars, based on BSD code and Wine, under whatever license Wine is under for the MSWindows interface layers, and keeping the BSD license(s) for the BSD infrastructure. But ACLs (Access Control Lists) will be an add-on. The security model will be based on the Unix model.
  5. Make a real mail system somewhat compatible with Outspook, I mean, Outlook, but designing out the intentional holes. Put the thing under a true open source license, preferably GPL, but at least as open/free as Apple's APL v. 2.
  6. Etc.
Third big dream. (My real dream.)

Start an open source computer company to compete with Apple and Microsoft.
  1. Build and sell systems with free/open hardware design, with drivers licensed under a two-clause BSD-class license so they can be used in either Linux or BSD OSses. Netbooks, home and small office NAS/routers/servers using low power processors (most likely not Intel).
Once that company is up and running, start a new OS project that would borrow significantly from Unix.

  1. The run time would explicitly separate the program flow stack from the parameter stack, and explicitly provide a hierarchical local address space access mechanism (with the means to close it off).
  2. Users in said OS would be effectively virtual systems of their own, running their web, mail, and other external resource browsers as separate (sub-)users not privileged enough to access the primary user's data space or even other browser's data space.
  3. As a benefit of the user model, secure special-purpose browsers would be implemented to access banks and share credit information with stores, etc.
  4. Said OS would need a CPU that would cache the stacks efficiently and efficiently implement the address space separation in hardware, so I'd need to design a family of processors optimized to that kind of run-time.
  5. I'd need to build a language back-end that would take advantage of the OS, run-time, and CPU.
  6. And then build various front-end languages, post-fix, in-fix, and pre-fix. (Yeah, I like FORTH and C.)
  7. Etc.
And while I was balancing those two projects, current information encoding schemes are really messy. That's okay, but the URIs and other stuff that computers process need an encoding that is less ambiguous. So,
  1. Design a new standard for information encoding that would have an international encoding and international display/parsing context for use in things like URIs, and include most of the current encodings shifted, so that you could work with just about any language in its own context and not fight the production rules of all the other languages.
  2. It would also include a binary encoding, so that burying binary data would be less of a problem.
  3. And it would include separate tag characters so that parsing tags would not be such a headache.
  4. Extensible IP type addresses would also be defined in the encoding, although I suppose it's too late to replace IPv4 and IPv6 with extensible IP addressing. High-bit extension could be used, although it would require re-possessing most of the current IP addresses. Another possibility might be to start appending the internal, NATted addresses to the router address to get longer addresses, although that would require some standards beyond NAT to allow nested addresses to be physically independent of the router.
  5. Something like ASN.1 would be built into the encoding, as well.
And while that's eating my lunch and taking more time than a guy my age can manage out of every day, I'd set up a personal data service that would provide e-mail and web sites with a few more guardrails than we presently have. Specifically,
  1. Customers would have their own domains, and the personal data server would provide dynamic DNS mapping, so that the customers could even run their own domains on their own servers if they chose to do so.
  2. Customers would by default be routed IPv6, although I would prefer to use an extensible system, now that the processing resources are available to support an extensible numeric (index) addressing scheme.
  3. A mail system that would take advantage of the customers' private domains, to allow them to define their own mail addresses as they choose. This would help with spam problems, because the customer could even make up new addresses on the spot for new contacts, then go home and register filters for those addresses, and know who is trying to do what with his or her personal information.
  4. An on-server mail viewing system that assumes that the user wants to sort most of the mail before looking at it, and lets the user sort based on header and envelope contents, setting up persistent sorting rules that would, for instance, send all posts with variants of "viagra" and the like in the subject or sender headers to a folder labeled "fraudulent medical ads", and so forth: select the text, right-click for a list of context elements to trigger on, left click to commit the rule, and the sorting rule remains in effect until the user edits it. And the destination folders have rules like, hold one week and then dump, or dump oldest first when the folder hits a limit on size or number of messages. (Google mail does get close to this kind of thing, but, yet, not so close after all.)
  5. Web sites are where I get lost, but the point here is to refrain from restricting the knowledgeable customer, but not expose the less knowledgeable customer to the dangers of letting machines be their proxies. Domain management for customers hosting their own, web hosting for customers who want that, and bulletin boards and blogs for customers who want that. Google already does this one, pretty well, given the technology that's available to them.
Looking back on that, Apple and Microsoft are responsible for their own problems. So I really don't benefit from daydreaming about fixing their problems.

The web services companies, if the technology were available, Google, Yahoo, etc. would be able to do the things I'd like to do. The only issue is whether we can get the ISPs to quit trying to hold domain names and IP addresses for ransom, but I think competition would eventually take care of that.

The biggest problems are
  1. that the underlying information encoding is too cluttered by kludges to efficiently process in the way we need to get this kind of stuff to work,
  2. that the run-times of the various OSses are too cluttered by kludges and cruft from technologies that lead in other directions,
  3. that the programming languages we have are at once too inflexible in expression and too loose in semantics to support the kind of systems I'm trying to describe here.
  4. I'm not sure whether the current crop of CPUs can efficiently run this kind of system. I'm pretty sure the Intel CPUs have too much cruft, and not enough memory support for efficiently managing memory. Most of the other CPUs are oriented towards the limited execution model that the 8086 supported too efficiently, too, as a result of having to compete in a market where the 8086 was seen as the leader.
Hmm. Do I see anything in the above that would help me weed out daydreams I can't or shouldn't reach for, but leave me something to work on?

Can't say that I do.

value vs. price

The news on the radio this morning seems to be about a big data spill from Mitsubishi-UFJ or whatever's investment. (I'm thinking, I'm glad we don't bank there, then I remember, ...)

I was reading a lot yesterday, cleaning up old stuff, scanning some newspaper articles for possible use in classes, and I notice a theme -- the war on drugs, the war on terror, it's all driven by a disparity in price and value.

Most private data is of perceived value precisely because people protect it. The rest is only of value to the people who protect it. Well, if I take you down that path, you'll scream "Transcendental!" and run away.

Hmm.

Let's see. Sure, spam is a problem in your mailbox. It clogs the internet and wastes a lot of energy and a lot of user and administration time. It draws people into wasting their money and, in many cases, putting themselves at risk.

It took several years to train myself to recognize and delete the bad-ads, and I don't want to claim that I don't regret the time I wasted on that. But the primary problem was/is that I, like most people, am still a little susceptible to the lure of the quick fix.

Yeah, it's easy to get lost in a daydream about what I'd do if I won the lottery. But I'm getting pretty good at reminding myself that I just don't play the lottery, and you don't win if you don't play. Then I can ask myself what I really want to do, what is it that is distracting me from whatever job is in front of me?

After a little bit of thinking, I remember that the primary things I want to do, I have the means.

I don't need to win a lottery and start a company that sells just machines pre-loaded with a Linux or BSD class OS, even though it would be nice to have more such companies in the world. It would be fun, but it isn't the project I need to be working on.

Yeah, I'd like to have an ARM Kurobako to load openBSD on and run as my home server, and free up the Mac Mini for my kids to play with. But, again, my kids don't need to think they are free to load any web page that looks interesting, and I have another project or three that need my attention first. When/if I really need to get Drupal running on my home server (and therefore need to separate it from the family Mac), the Lord will help me get an appropriate server.

It's basically the same with drugs, pornography, private data, etc. Sure, I'm not invincible, but if I get uptight and do unreasonable things to prevent others from doing whatever they are doing, that raises the perceived value of whatever it is they are doing in their minds.

Like the kid in class who insists on disrupting. The more you try to prevent him from doing so, the more attention you're giving him, and the more he thinks that, even though your words say it's wrong, what he is doing is in some hidden sense "right".

What is the reason for the door lock on your car. Is it to prevent theft?

No.

It is to declare that the car is not public property.

If the society in which you and your car exist do not recognize private property (think, slums), the lock does no good. Period.

The real thing that protects your car is that its perceived value is lower than the hot car down the street. Well, the perceived value, less the trouble the potential thief has to go to.

So-called "speed bumps" really are useful, when used correctly.

So, what does this have to do with private data?

Maybe it has a bit to do with one reason why I wouldn't really want to win the lottery, even if I did play it.

The real key to security is to refrain from having things worth the trouble of taking.

Drive used cars, carry a used notebook PC.

Sure, use a password to keep the speed bump up, but don't put important information on the PC you carry around. (Leave it in the office, where it belongs, really.)

Don't use the internet for financial transactions, unless you have an account you can afford to lose money from every now and then.

(Yeah, one of the projects I have on a back burner somewhere is a dedicated internet terminal that could be safely used for on-line transactions, if the stores and banks would cooperate, but even that is relative. It would be more secure than what we currently have, but not unbreakable. You still would not want to regularly access your retirement fund with it.)

Tuesday, April 7, 2009

drupal on apple

I was going to install drupal and play with it, see whether it would save me time and otherwise help on my personal website.

Yeah, right. Maybe on a current system, 10.4 or 10.5. I have reasons for trying to install drupal on an iBook running Mac OS 10.3, but, right now, rather than explain to the world why, I want to record what I did and where I ran out of time. (This is from memory, I'm probably forgetting something.)

Drupal can theoretically run on the stock apache+php on 10.3. PostGreSQL seems to run fine, so I should be able to run basic drupal functions.

But there were some critical security issues with both php and apache between the latest updates available from Apple for 10.3 and the latest versions of both php and apache.

Well, the notebook is not a production server, and is generally behind a firewall not configured to show it to the web, so I really don't need to be that concerned about security. (Oh, yeah?) But, I'm installing stuff anyway, and I've become used to the idea in the open source world that there are often less bumps if you go ahead and use the latest versions applicable.

So, I tried installing apache 1.3.41 over the system version. I thought about parallel installs, the way I do with perl, but I looked at all the tweaks I'd have to do to php, and balked.

So, after backing up /usr/libexec, I downloaded apache 1.3.41 from apache.org, unpacked it in a local build directory, read the READMEs and the INSTALLs,

cd ${my local build directory}
gnutar czvf libexec_httpd_old.tgz /usr/libexec/httpd
cd apache_1.3.41
./configure [bunch of arcane parameters that weren't what I wanted]
make
sudo make install

and mod_rewrite bit me. Could not get a valid copy of the re-compiled mod_rewrite to install to /usr/libexec/httpd. More reading, and I discovered that, for some modules, the make file seems to want you to say,

--enable-module=mod_xyz.c --enable-shared=xyz

That effectively doubles what was already a lot of typing arcane parameters anyway.

Deep sigh.

Next place I got hung up was mod_hfs_apple. It is compiled outside the apache source tree, so I had to figure out how. Late last night, with my mind buzzed by lack of sleep, I tried the obvious thing. (Well it was obvious last night, after re-discovering where Apple puts the source for Darwin, not so obvious yesterday afternoon.)

I downloaded the apache_mod_hfs_apple-5 tarball from Apple's darwinsource for Mac OS 10.4.11 archives, unpacked it in the local build directory and, after reading more and just trying configures and makes in various places, I downloaded apache from Apple's archives, as well. They have apache 1.3.41 in the archive directory for Mac OS 10.4.11, as well as in the latest directory for 10.5, and it is buried in a directory containing some (but not all) of their customization work. For some reason, I got the one from 10.5.6. (Late at night, you see.) I'm not sure whether that caused me the problems that have me stumped right now.

cd ${my local build directory}
gnutar xzvf ${my downloads for 10.5}/apache1-697.tar.gz
cd apache1-697
ls

hmm. There is apache_1.3.41.tar.gz sitting there. Okay,

gnutar xzvf apache_1.3.41.tar.gz
cd apache_1.3.41

and I looked around for a few minutes.

./configure [tons of arcane parameters]
make
sudo make install

and, of course, it's not quite there.

cd ..
make
sudo make install

and now I see something that raises my eyebrows: apxs-1.3?

After nosing around the net, I decided to just go into /usr/sbin and

ln apxs apxs-1.3

No, this was not last night, it was this morning. My mind is not as clear. After more fussing around with make files and such,

cd ${my local build directory}/apache1-697/apache_1.3.41
./configure \
--with-perl=/usr/local/bin/perl \
--server-uid=70 --server-gid=70 --with-port=80
--disable-shared=vhost_alias --disable-shared=env \
--enable-module=log_config --enable-shared=log_config \
--enable-module=log_forensic --enable-shared=log_forensic \
--disable-shared=mime_magic \
--enable-module=mime --enable-shared=mime \
--enable-module=negotiation --enable-shared=negotiation \
--disable-shared=status --disable-shared=info \
--enable-module=include --enable-shared=include \
--enable-module=autoindex --enable-shared=autoindex \
--enable-module=dir --enable-shared=dir \
--enable-module=cgi --enable-shared=cgi \
--enable-module=asis --enable-shared=asis \
--enable-module=imap --enable-shared=imap \
--enable-module=actions --enable-shared=actions \
--disable-shared=speling \
--enable-module=userdir --enable-shared=userdir \
--enable-module=alias --enable-shared=alias \
--enable-module=rewrite --enable-shared=rewrite \
--enable-module=access --enable-shared=access \
--enable-module=auth --enable-shared=auth \
--disable-shared=auth_anon --disable-shared=auth_dbm \
--disable-shared=digest --disable-shared=proxy \
--disable-shared=cern_meta --disable-shared=expires \
--disable-shared=headers --disable-shared=usertrack \
--disable-shared=unique_id \
--enable-module=so \
--enable-shared=setenvif \
--add-module=/local/build/apache_mod_hfs_apple-5/mod_hfs_apple.c \
--enable-shared=hfs_apple
make
sudo make install
sudo /usr/sbin/apachectl start

And no go. Now it's hung up on mod_rendezvous_apple. So I go looking around for a more recent apache_mod_rendezous_apple on darwinsource. Nope. Download mod_bonjour_9 from the Mac OS 10.5 archives and try compiling. Lots and lots of errors.

Download apache_mod_rendezvous_apple-8 from the Mac OS 10.3 archives. Just a few link errors, and I might have a hope of actually finding a way to clear them. But I have other things I wanted to do today. I don't really need mod_rendezvous, I think. So I disable mod_rendezvous in httpd.conf and go back:

cd ${my local build directory}/apache1-697/apache_1.3.41
./configure [the list above]
make
sudo make install
sudo /usr/sbin/apachectl start

And apache tells me it started successfully. I suppose I could have used the apachectl test command. Anyway,

sudo /usr/sbin/apachectl stop
cd ..
make
sudo make install
sudo /usr/sbin/apachectl start
sudo /usr/sbin/apachectl stop

And that is how I got apache 1.3.41 on this iBook running Mac OS X 10.3.9. I think it will serve for my development work, but I'll tell you. This is one of the huge reasons I want to leave Mac OS behind and switch to Fedora full time.

The reasons I don't switch now?

I need some time to read up on loading the binary blob to the wireless card. --Bleaugh-- Stupid hardware companies that still believe in security through obscurity.

Trackpad. I need to figure out how to unset some "advanced" behavior for the trackpad and find all those notes that I can't find any more on setting up right-click emulation.

ClarisWorks/AppleWorks. I'm using draw documents with embedded spreadsheets (with randomized lists), and, last time I looked, iWork is not quite there yet.

MSOffice? Are you kidding? Microsoft has no idea how to do this stuff. They just don't know how to get out of the end-user's way any more.

One of these days, I hope to be able to figure out how to load java extensions to openoffice, and maybe then, but openoffice basically inherits the clumsy interface from MSOffice. (Quoth Bill Gates: "Let us help you do things the MS-OUR-WAY!")

I suppose, if teaching English paid enough to squeeze JPY 200,000 out of a year's wages, I'd go for a new Intel macbook and appropriate software, or even the macair or whatever that is. (A light-weight portable would ease some of the stress on my back quite a bit.) Maybe. I prefer AMD or other non-Intel on principle, if I have to put up with x86.

Or, I could spring $300 for a family pack of Mac OS X 10.4 original install CDs from some dubious internet company, and keep using AppleWorks. Or I could get new dictionary software and finish re-writing ranbunhyou to run on Mac OS X and get Mac OS X 10.5 on this iBook for a bit less. Or something.

I have something else in my queue now. Hopefully I'll get back to Drupal later.

Wednesday, April 1, 2009

A Parable of Drive-in Banks and Cars

Well, okay, this isn't really a parable. Parables come from the real world, and this analogy comes from an alternate universe.

In this world, there is one major automobile manufacturer. It sells more than 80% of all cars. It also sets a bunch of implicit standards relative to the way cars are built and used. For instance, all cars have a driver's-side window at a specific height, of a specific size and shape, to match drive-in service facilities, and all drive-in service facilities are built to match the standard driver's-side window.

Moreover, all drive-in service personnel are trained, and required by law, to only serve windows of the standard height.

The reasons for this standard are said to be safety and efficiency, but there is one other reason that over-rides the rest. The window also has a special encoded certificate in it that identifies the person who is authorized to drive the car. This certificate, of course, is hidden, so that the casual thief won't have an easy time of copying it.

The certificate was originally intended only for banks and other financial institutions, but they proved so convenient that even the fast-food industry has taken to using them. They weren't supposed to be trained to read them, but you know how it is with secrets.

Besides, it provides another revenue stream for the banks, to handle the money for other drive-in services automatically. It's considered a win-win situation.

This works for a little while, because the "bad guys" go along with it for the most part. They knew that they could get away with copying only a few certificates and using them only occasionally. The banks and other companies are insured, so the customers don't lose money, and if the bad guys don't steal too much, nobody gets overly concerned.

But, just like in this world, not all countries are created equal in our alternate universe. And there are some countries that, because of war, or graft, or by tradition, or other reasons, have a large number of people who have no prospects of finding work, and very little access to the charity hand-outs.

These people have grown up without the traditions that would help them plan ahead and not steal too much. So, now, suddenly, certificates are being copied all over the place, and the insurers are losing so much money that the economy is threatened.

Okay, it's not a really great analogy. Don't try to push it too far.

Sunday, February 15, 2009

undun

On the train to work the other day, I was reading the headlines about the economy and, for some reason, the song Undun was playing in my head.

It's too late. She's gone too far. She's lost herself.

She's come undone.

She found a mountain that was far too high.
And when she found out she couldn't fly.
Mama, it was too late.

It's too late. She's gone too far. She's lost the sun.

She's come undone.

And so forth.

Memory is not nearly as accurate as digital recordings, and there is that thing about "she's lost the sun," or "she's lost herself." Either way, the American Woman's come undone, and the reasons are listed in the song:

Looking for truth in lies.

Not knowing where she was heading.

Too many mountains, and not enough hills. 

Okay, stairs, the metaphor still works.

Too many churches ...

Okay? The Church of Microsoft, The Church of Wallstreet, The Church of Automobile Manufacturing, ...

Too many people around her unwilling to see that when she comes undone, the rest of us do, too.

Too many lives people want to lead, and too much getting toys that make it possible to pretend to have lived them, without the time to do it right.

I think it's that last one that is really killing us. We have to slow down.

(Speaking of toys, I used my iBook to record me doing the song unaccompanied. Hopefully I can get a chance to upload it to youtube, so you can torture your ears.)