Mindmapping Like Cthulhu

I have finally started using a mind-mapping tool, Kdissert, and I have to say, it's pretty cool. Mindmapping tools are great for organizing many related ideas so you can map out what's what.

The other thing is that mind-maps can look kinda snazzy. In Kdissert, by default, it draws straight lines from one idea to another. However, you can make it draw splines instead and then the ideas look like they're being grappled by tentacles, it's really cool. Here's a mindmap I'm working on, apparently, my mind looks like the coming of Cthulhu:



Spooky!

More routers = more power

As per my earlier posts, my existing wireless router has been having problems. After "playing" with the transmit power settings using DDWRT, I managed to blow my wireless. Connectivity was intermittent no matter what I did, with or without encryption running on top. In summmary, the wireless was dead.

So then came the question of replacing the router. Well, since Linksys, in their grace and wisdom, has been selling the same router (the WRT54G) for at least the two years I've had this one but stripping down the hardware to be cheaper and crappier every year, my options were to either find another router to replace the current one that would be beefy enough for my needs, or else by the cheapest wireless AP possible and run it on the LAN in addition to my current router.

After some hemming and hawing, I decided to go with the cheapest and easiest option. So I bought one of the "new and improved" Linksys WRT54Gs. Well it turns out that since Linksys has been able to cut costs, they've decided to pass those savings directly to the shareholders. I paid the same f&^$%ing price for the stripped down version of my old router. But, at the cost of 70$ plus a sore ass, I now have a working wireless router.

So since I just wanted an additional WLAN to the existing LAN, the setup was actually really easy and is working really well. On my existing router, I configured a static router pointing to the new router. I setup the new router with a static external IP addres, setup the internall network on a new subnet, and changed it from "gateway" mode to "router" mode which disables the NAT. So now I have to networks at home, 192.168.1.0/24 for the wired LAN and external gateway, and 192.168.2.0/24 for the WLAN. Worked like a charm!

The last issue was, of course, wireless security. I have to say that the WiFi group and people implementing WiFi stuff still need to uncork their collective asses. On the router, I've got the option of WEP, WPA, and WPA2. For WPA, there's "personal" and "enterprise". Now, given this is a router setup, the terms "personal" and "enterprise" tell me nothing either technically (when they should be saying "pre-shared key" or "RADIUS/802.1x" instead) or as a non-technical user. Nevertheless, this was a moot point because on the client side, after fight with Ubuntu, I couldn't get it to connect to the WLAN with WPA encryption (pre-shared key) and I just didn't have the energy to trouble-shoot. So I ended up going with WEP (the "wireless sortof-encryption protocol") which was, if not secure, at least feasible to setup. Sadly, I think most of the local WLANs are encrypted (either WEP or WPA) so we're no more and no less a target. Ugh, stupid WEP.

On the other hand, since all the systems on our LAN/WLAN are firewalled and updated and basically good for taking care of themselves, I may yet go back to running wide-open. The only people likely to piggy-back are our neighbours and they're a pretty harmless lot.

Ooo! Email on the Web!

After having to cleanup the Squirrelmail config for work, I found that Squirrelmail is nowhere near as stupid as it might seem. You just can't use the default config.

So anyhow, I have installed squirrelmail on Siona here:

https://webmail.nibble.bz

It's up, it's SSL, and so far seems to be running sortof okay. It's a little weird about the folders with sub-folders but otherwise, it's working good. Check it out!

Ciao

Fragging root sucks

Siona, the server, for no apparent external reason started freaking out about errors on the root partition. The drive is a Western Digital which seems to lend credence to the decline in quality of WD drives... Anyhow, syslog reported that the filesystem hit a couple of IO errors. For better or worse, it looks like the damage was contained to a single partition but there was some data loss. The files in /etc/apt were all corrupted.

Argh! Why? Siona is a headless server so repairing the root partition means digging out a db15-type monitor cable and stealing a keyboard and mouse from Friday, and booting to Knoppix. Fortunately, the file system repair went well. It looks like it was some sectors went bad so reiserfsck was able to rebuild the filesystem (less the corrupted files, of course). A pain in the ass, but no worse then that.

Now if only there was a way to repair a root filesystem remotely...

And in other news, I've become pretty convinced that I've burned out the wireless in my router :P Sucks cause I liked that router! It's just been having a rough life... Well, if Linksys didn't make such shitty firmware, then I wouldn't have needed to replace it will third party firmwares. Jerks. DDWRT is *way* nicer then the linksys firmware, they should just ship with that.

So for the wireless, it is a pain not having wireless so I think I'm going to get a second router and then setup a static route on the current router so that the wireless can be on a separate subnet so a) clients don't have to get NAT'ed twice going to the Internet and b) I can keep my current router with it's current firmware and configuration.

We shall see how that goes.

Restoring from Backup

A while ago I started backing up the LDAP directory on siona, just a simple cron job to slapcat the directory really. But I hadn't tested restoring from backup. Well, unlike the usual game-plan of "wait for disaster and then beg God's forgiveness for your sins and pray that restoring from backup works", I actually tested the restore! Woo!

A while ago, I had installed a base Debian/Sarge system on chevette. At the time, all I did was take an image, then shut chevette down again. I have no idea how long ago that was... At any rate, fired chevette up the other day, ran the (many) updates, and then tried to manually replicate the directory service from siona by restoring from backup. I'm pleased to say, it worked great! I even found a config error on siona in the process so I'm definitely happy!

So basically, where I'm at is I have got the directory up on chevette. Since I have been having problems upgrading the mail sub-system on siona (e.g. Postfix and periferally Dovecot), I'm going to try to replicate the mail setup from siona on chevette and see if I can get it working with the new Postfix (and everything else). And *then* if it works on chevette, I'll try it all again on siona and that way if it goes haywire on siona, I'll at least know I can wipe siona and restore the config and data from backup.

We'll see how it goes...

OpenId and Comments

I've finally taken the step forward and setup comments on my blog. I require a login to post comments to mitigate spam, but rather then create a whole crappy registration system, I have "OpenID enabled" my blog.

Being an OpenID consumer is pretty easy. Especially since there's this facility called "simple registration" such that the OpenID server can provide a lot of common registration fields. The one I use, for example, is "nickname". Rather then lots of form input from the user, I just request the data from the OpenID server and use that instead. Very nice.

All-in-all, building a comment system in to my blog was pretty easy. They're not syndicated, but I'm okay with that. It's just enough to allow some discussion.

New Year and New Identity

I've finally taken the plunge and setup an OpenID. After humming and hawing for a while, I came across this blog where the author explains how to setup your personal site (blog or whatever) to be a proxy for an OpenID. Well, I knew about this in the past, it was really some of the other stuff on his site that convinced me to create an OpenID.

First of all, it is important to understand what this "identity" does and doesn't do. It's a bit, well, it's a bit of an existential problem. "Who" am I? And "who" are you? If you give me your name and I give you mine, what do we know about eachother? Not much. As it turns out, that's basically what you get with an OpenID. A name, nothing more, nothing less.

As it turns out, following the above blog is a good illustration for how an OpenID works and what it does, so:

1. Go to http://myopenid.com and register for an OpenID,


2. Configure your homepage as a proxy for that OpenID,


3. Go to a site that supports OpenID, like LiveJournal, and post a comment.

Okay, in "step 1", you create your identity. This is like getting your Social Insurance Number or passport. It's your official identity. It's like having your name and number on a little plastic card only in this case, the "number" is actually a URL for your OpenID. Mine is http://dlepiane.myopenid.com. Just like a SIN number, it's kind of a pain to remember, but after using it enough times, you'll remember it ;)

Now "step 2" isn't really necessary. However, just like in real life, my "official" name isn't really the name I like to use everyday. My SIN card says "Joseph Dominic" but I prefer "Dominic Joseph", so I setup a proxy for regular everyday use. Following the instructions in the blog (which involves adding two lines to my blog), I have setup my preferred name (http://dl.nibble.bz/~archangel) to be equivalent to my "official" name.

Now in "step 3", I actually use this identity which really shows how this all works. I go to LiveJournal and when I post a comment, it asks me "who are you?" Rather then debate "who" or even "what" am I, just just give my preferred name (http://dl.nibble.bz/~archangel). My name doesn't *really* mean anything, it's just something that's going to show up in my comment so anyone that actually knows me will say "hey, Dominic left this message, I know that guy!" Now LiveJournal is a bit of a stickler. It requires my official identity so what the site does is it goes to my identity page, the http://dl.nibble.bz/~archangel one, and tries to get my identity verified. What it finds is that my given identity is not my real identity and so LiveJournal gets redirected to my real OpenID, http://dlepiane.myopenid.com. Once it gets there, MyOpenID.com doesn't just hand over my information, it requires me to a) login, and b) authorized LiveJournal to access my identity. So if I'm happy with handing my SIN over to LiveJournal, I login and confirm that LiveJournal should be able to get my "official" identity.

And that's it. An OpenID is just a name and some sort of verifiable "official" number.

There are many things that an OpenID does not do. It does not create an account for every site. Like for LiveJournal, you don't get a blog just by having an OpenID because you need more then an identity for that, like some web space and such. It doesn't stop spammers, they can register any number of OpenIDs they want to spam you. It doesn't make you anonymous on the web, neither does it reveal any more information then you give.

However, for even these "flaws", having an identity helps address the problems. You may not get a blog on LiveJournal, but you can comment on LiveJournal without a blog. It also can make registering for LiveJournal easier. It may not prevent spammers, but if you could keep an OpenID address book, then you would have a better idea of who's messages were legit, and who's were spam. And even though your "identity" doesn't hide itself, it's just a URL. It doesn't say who you are.

I hope that eventually, OpenIDs will replace all the crappy centralized identities, .Net passport, we're talking about you here, and eventually have wide adoption on the web. It's useful enough that I will use one, but I think it should, and could, become ubiquitous someday.

And that's all I have to say about OpenID.