I've finally taken the step forward and setup comments on my blog. I require a login to post comments to mitigate spam, but rather then create a whole crappy registration system, I have "OpenID enabled" my blog.
Being an OpenID consumer is pretty easy. Especially since there's this facility called "simple registration" such that the OpenID server can provide a lot of common registration fields. The one I use, for example, is "nickname". Rather then lots of form input from the user, I just request the data from the OpenID server and use that instead. Very nice.
All-in-all, building a comment system in to my blog was pretty easy. They're not syndicated, but I'm okay with that. It's just enough to allow some discussion.
Wednesday, 24 January 2007
Monday, 15 January 2007
New Year and New Identity
I've finally taken the plunge and setup an OpenID. After humming and hawing for a while, I came across this blog where the author explains how to setup your personal site (blog or whatever) to be a proxy for an OpenID. Well, I knew about this in the past, it was really some of the other stuff on his site that convinced me to create an OpenID.
First of all, it is important to understand what this "identity" does and doesn't do. It's a bit, well, it's a bit of an existential problem. "Who" am I? And "who" are you? If you give me your name and I give you mine, what do we know about eachother? Not much. As it turns out, that's basically what you get with an OpenID. A name, nothing more, nothing less.
As it turns out, following the above blog is a good illustration for how an OpenID works and what it does, so:
Okay, in "step 1", you create your identity. This is like getting your Social Insurance Number or passport. It's your official identity. It's like having your name and number on a little plastic card only in this case, the "number" is actually a URL for your OpenID. Mine is http://dlepiane.myopenid.com. Just like a SIN number, it's kind of a pain to remember, but after using it enough times, you'll remember it ;)
Now "step 2" isn't really necessary. However, just like in real life, my "official" name isn't really the name I like to use everyday. My SIN card says "Joseph Dominic" but I prefer "Dominic Joseph", so I setup a proxy for regular everyday use. Following the instructions in the blog (which involves adding two lines to my blog), I have setup my preferred name (http://dl.nibble.bz/~archangel) to be equivalent to my "official" name.
Now in "step 3", I actually use this identity which really shows how this all works. I go to LiveJournal and when I post a comment, it asks me "who are you?" Rather then debate "who" or even "what" am I, just just give my preferred name (http://dl.nibble.bz/~archangel). My name doesn't *really* mean anything, it's just something that's going to show up in my comment so anyone that actually knows me will say "hey, Dominic left this message, I know that guy!" Now LiveJournal is a bit of a stickler. It requires my official identity so what the site does is it goes to my identity page, the http://dl.nibble.bz/~archangel one, and tries to get my identity verified. What it finds is that my given identity is not my real identity and so LiveJournal gets redirected to my real OpenID, http://dlepiane.myopenid.com. Once it gets there, MyOpenID.com doesn't just hand over my information, it requires me to a) login, and b) authorized LiveJournal to access my identity. So if I'm happy with handing my SIN over to LiveJournal, I login and confirm that LiveJournal should be able to get my "official" identity.
And that's it. An OpenID is just a name and some sort of verifiable "official" number.
There are many things that an OpenID does not do. It does not create an account for every site. Like for LiveJournal, you don't get a blog just by having an OpenID because you need more then an identity for that, like some web space and such. It doesn't stop spammers, they can register any number of OpenIDs they want to spam you. It doesn't make you anonymous on the web, neither does it reveal any more information then you give.
However, for even these "flaws", having an identity helps address the problems. You may not get a blog on LiveJournal, but you can comment on LiveJournal without a blog. It also can make registering for LiveJournal easier. It may not prevent spammers, but if you could keep an OpenID address book, then you would have a better idea of who's messages were legit, and who's were spam. And even though your "identity" doesn't hide itself, it's just a URL. It doesn't say who you are.
I hope that eventually, OpenIDs will replace all the crappy centralized identities, .Net passport, we're talking about you here, and eventually have wide adoption on the web. It's useful enough that I will use one, but I think it should, and could, become ubiquitous someday.
And that's all I have to say about OpenID.
First of all, it is important to understand what this "identity" does and doesn't do. It's a bit, well, it's a bit of an existential problem. "Who" am I? And "who" are you? If you give me your name and I give you mine, what do we know about eachother? Not much. As it turns out, that's basically what you get with an OpenID. A name, nothing more, nothing less.
As it turns out, following the above blog is a good illustration for how an OpenID works and what it does, so:
- Go to http://myopenid.com and register for an OpenID,
- Configure your homepage as a proxy for that OpenID,
- Go to a site that supports OpenID, like LiveJournal, and post a comment.
Okay, in "step 1", you create your identity. This is like getting your Social Insurance Number or passport. It's your official identity. It's like having your name and number on a little plastic card only in this case, the "number" is actually a URL for your OpenID. Mine is http://dlepiane.myopenid.com. Just like a SIN number, it's kind of a pain to remember, but after using it enough times, you'll remember it ;)
Now "step 2" isn't really necessary. However, just like in real life, my "official" name isn't really the name I like to use everyday. My SIN card says "Joseph Dominic" but I prefer "Dominic Joseph", so I setup a proxy for regular everyday use. Following the instructions in the blog (which involves adding two lines to my blog), I have setup my preferred name (http://dl.nibble.bz/~archangel) to be equivalent to my "official" name.
Now in "step 3", I actually use this identity which really shows how this all works. I go to LiveJournal and when I post a comment, it asks me "who are you?" Rather then debate "who" or even "what" am I, just just give my preferred name (http://dl.nibble.bz/~archangel). My name doesn't *really* mean anything, it's just something that's going to show up in my comment so anyone that actually knows me will say "hey, Dominic left this message, I know that guy!" Now LiveJournal is a bit of a stickler. It requires my official identity so what the site does is it goes to my identity page, the http://dl.nibble.bz/~archangel one, and tries to get my identity verified. What it finds is that my given identity is not my real identity and so LiveJournal gets redirected to my real OpenID, http://dlepiane.myopenid.com. Once it gets there, MyOpenID.com doesn't just hand over my information, it requires me to a) login, and b) authorized LiveJournal to access my identity. So if I'm happy with handing my SIN over to LiveJournal, I login and confirm that LiveJournal should be able to get my "official" identity.
And that's it. An OpenID is just a name and some sort of verifiable "official" number.
There are many things that an OpenID does not do. It does not create an account for every site. Like for LiveJournal, you don't get a blog just by having an OpenID because you need more then an identity for that, like some web space and such. It doesn't stop spammers, they can register any number of OpenIDs they want to spam you. It doesn't make you anonymous on the web, neither does it reveal any more information then you give.
However, for even these "flaws", having an identity helps address the problems. You may not get a blog on LiveJournal, but you can comment on LiveJournal without a blog. It also can make registering for LiveJournal easier. It may not prevent spammers, but if you could keep an OpenID address book, then you would have a better idea of who's messages were legit, and who's were spam. And even though your "identity" doesn't hide itself, it's just a URL. It doesn't say who you are.
I hope that eventually, OpenIDs will replace all the crappy centralized identities, .Net passport, we're talking about you here, and eventually have wide adoption on the web. It's useful enough that I will use one, but I think it should, and could, become ubiquitous someday.
And that's all I have to say about OpenID.
Monday, 25 December 2006
I Dream of Debian
Last night I had several odd dreams. In my last dream, I dreamt I was working in some sort of office with my desk facing a coworker. We were sitting there and a colleague came in and started talking to my coworker something about installed packages. My coworker started typing away to figure something out when the colleague tossed in his two bits saying:
"Why don't you just rpm -qa"
This infuriated me! I jumped up and shouted:
"There's not fucking RPM in Debian, you son of a bitch!"
So the colleague ducked his head and bolted from the room and my coworker sat there flabbergasted. I sat down rubbing my jaw because I had yelled so loud I had strained it. And then I woke up.
So I guess this is just a subconcious warning: Don't make RedHat jokes about Debian systems. I get very upset, apparently.
"Why don't you just rpm -qa"
This infuriated me! I jumped up and shouted:
"There's not fucking RPM in Debian, you son of a bitch!"
So the colleague ducked his head and bolted from the room and my coworker sat there flabbergasted. I sat down rubbing my jaw because I had yelled so loud I had strained it. And then I woke up.
So I guess this is just a subconcious warning: Don't make RedHat jokes about Debian systems. I get very upset, apparently.
Saturday, 23 December 2006
Postfix Cleanup
The number of users and domains being hosted on Siona has been growing for quite a while. We're now up to 29 users and 13 domains. Being an order of magnitude beyond the single-user/single-domain setup means there are some complications even though the server configuration is pretty basic.
For example, it is getting important to ensure that domains only deliver mail for a subset of the users. For a while, the domains were all just being appended to the "mydestination" attribute in the Postfix configuration which meant that a) any changes required a mail server restart and b) there was no way to separate which users where in which domains.
A while ago, new domains were being added to the "virtual_alias_domain" hash file. This is really the way to go since modifying the list of domains and modifying the valid relay recipients was easy and allowed control over who was in which domains. The process is still manual, 13 domains is not that much to manage, but it is much easier.
So the latest cleanup issue in the configuration was to move all the extra domains out of the "mydestination" attribute and into the "virtual_alias_domains" hash file where they belong. Well, it was interesting. I had to check through the logs to see which users were actually receiving mail in which domains. Not too tricky at least.
It is really unfortunate that some of the old names, like "uro.mine.nu" and "dulcea.nibble.bz" still have to be maintained. It would be nice to retire those old domains. But the cost of keeping them is way less significant then the energy required to ensure that everyone has current email addresses for all the users.
So other then moving all logical domains to virtual domains, the other change was that I changed the server to no longer relay mail on the basis of "mynetworks". The SASL authenticated SMTP is working great so there's no need to just white-list the LAN. It's cool :D I'm excited because this is the way SMTP should be! Servers only accepting mail if they are either going to deliver the mail or if the connecting user or host is authenticated! Every SMTP server should be setup like this! There are fewer and fewer excuses to accept mail from an un-authenticated connection and more and more reason to validate all mail all the time.
All-in-all, the cleaned up Postfix config is a much better setup for my current and future needs. It's good :)
For example, it is getting important to ensure that domains only deliver mail for a subset of the users. For a while, the domains were all just being appended to the "mydestination" attribute in the Postfix configuration which meant that a) any changes required a mail server restart and b) there was no way to separate which users where in which domains.
A while ago, new domains were being added to the "virtual_alias_domain" hash file. This is really the way to go since modifying the list of domains and modifying the valid relay recipients was easy and allowed control over who was in which domains. The process is still manual, 13 domains is not that much to manage, but it is much easier.
So the latest cleanup issue in the configuration was to move all the extra domains out of the "mydestination" attribute and into the "virtual_alias_domains" hash file where they belong. Well, it was interesting. I had to check through the logs to see which users were actually receiving mail in which domains. Not too tricky at least.
It is really unfortunate that some of the old names, like "uro.mine.nu" and "dulcea.nibble.bz" still have to be maintained. It would be nice to retire those old domains. But the cost of keeping them is way less significant then the energy required to ensure that everyone has current email addresses for all the users.
So other then moving all logical domains to virtual domains, the other change was that I changed the server to no longer relay mail on the basis of "mynetworks". The SASL authenticated SMTP is working great so there's no need to just white-list the LAN. It's cool :D I'm excited because this is the way SMTP should be! Servers only accepting mail if they are either going to deliver the mail or if the connecting user or host is authenticated! Every SMTP server should be setup like this! There are fewer and fewer excuses to accept mail from an un-authenticated connection and more and more reason to validate all mail all the time.
All-in-all, the cleaned up Postfix config is a much better setup for my current and future needs. It's good :)
Friday, 15 December 2006
Blogging with WordPress on Debian
It turns out that there's a nice WordPress package in Debian (testing). It is both up to date, and the package maintainer (Kai Hendry) provides some handy helper scripts.
WordPress provides a handy sample Apache config that was easy to add to the installation on Siona. That took care of that. Then, there's a helper script called "setup-mysql". The way the installation works is that once you get the base install going, you can then just setup a server alias for each blog you want to create and then re-run setup-mysql passing it the FQDN of the server alias. Voila! Multiple blogs right out of the box! No fuss, no muss.
Very nice and I have to admit, I'm very impressed with WordPress as well. It very nicely handles creating a personal site. You basically have blog posts and simple pages. The blog posts are categorized, archived, can allow user comments, etc and those (usually) go on your main page. You can also write pages and those would just link off the main page. Oh, and you can add random links to other blogs and sites. WordPress has tons of themes and plugins available so you can tweak your look and feel the way you want.
Anyhow, enough raving! WordPress is very nice and the installation on Debian works great for creating multiple blogs for any number of friends/family/pets/whatever.
WordPress provides a handy sample Apache config that was easy to add to the installation on Siona. That took care of that. Then, there's a helper script called "setup-mysql". The way the installation works is that once you get the base install going, you can then just setup a server alias for each blog you want to create and then re-run setup-mysql passing it the FQDN of the server alias. Voila! Multiple blogs right out of the box! No fuss, no muss.
Very nice and I have to admit, I'm very impressed with WordPress as well. It very nicely handles creating a personal site. You basically have blog posts and simple pages. The blog posts are categorized, archived, can allow user comments, etc and those (usually) go on your main page. You can also write pages and those would just link off the main page. Oh, and you can add random links to other blogs and sites. WordPress has tons of themes and plugins available so you can tweak your look and feel the way you want.
Anyhow, enough raving! WordPress is very nice and the installation on Debian works great for creating multiple blogs for any number of friends/family/pets/whatever.
Wednesday, 13 December 2006
DD-WRT: Router Firmware Minus the Suck
So far I've tried the default Linksys firmware and OpenWRT. I think we all agree the Linksys firmware is hobbled and frustrating. For example, it limits you to 10 port forwarding rules, there is no signal strength tweaking, and there is some arbitrarily low maximum number of IP connections (I think around 500). All this means Linksys can neither forward all the ports I need nor let me run all the applications I want (specifically bittorrent will use a lot of connections).
OpenWRT was also hobbled but in different ways. The web interface was useless as tits on a bull, the community apparently rejects the idea that you can get port forwarding to work, and updating the software apparently bricks the router. Now the lack of web interface wasn't really a show stopper for me and in fact, I was pretty happy with straight terminal access. It was really the dead router that convinced me to dump OpenWRT.
Now DD-WRT has only had one problem so far. During installation, the router didn't come up properly. As per a comment for the v23rc2 installation, you have to do the manufacturer reset (hold the reset button and power-cycle) once DD-WRT is uploaded.
Otherwise, it's been great! The web-interface is *way* nicer then the Linksys web-interface. It supports an arbitrary number of forwarded ports, shows *way* more status information, let's you tweak up the max number of IP connections, and even lets you tune the wireless power levels.
We will see how long this experiment works for us, so far I'm optimistic.
OpenWRT was also hobbled but in different ways. The web interface was useless as tits on a bull, the community apparently rejects the idea that you can get port forwarding to work, and updating the software apparently bricks the router. Now the lack of web interface wasn't really a show stopper for me and in fact, I was pretty happy with straight terminal access. It was really the dead router that convinced me to dump OpenWRT.
Now DD-WRT has only had one problem so far. During installation, the router didn't come up properly. As per a comment for the v23rc2 installation, you have to do the manufacturer reset (hold the reset button and power-cycle) once DD-WRT is uploaded.
Otherwise, it's been great! The web-interface is *way* nicer then the Linksys web-interface. It supports an arbitrary number of forwarded ports, shows *way* more status information, let's you tweak up the max number of IP connections, and even lets you tune the wireless power levels.
We will see how long this experiment works for us, so far I'm optimistic.
Tuesday, 12 December 2006
Where are My Files?
Couple tidbits over the last four weeks: I "upgraded" to Edgy Efy at home and the Nibble installed Joomla and have tried using that as our portal.
In the case of the former, discussing all the problems I'm having would constitute an all-out rant. It is really a shame but I've just had problems with the last two releases of Kubuntu. Maybe it's just Kubuntu and not Ubuntu in general, but it's really feeling like "the distro of the week". You know, there's things you like about the distro, it gets lots of press, it seems lively, but there's just too many annoying problems that whatever comes out next week may just be better.
Anyhow, rather then just dig in and rant, let me just say that one problem I've fixed is to do with Konqueror not displaying files. Specifically, if I browsed to the root of the file system, I could only see home, media, data (for music and video), and windows. Not etc, var, or other folders that are useful.
It turns out that if there is a file called ".hidden" in a folder with one file (or folder) name per line, then Konqueror will not display those folders. Some dimwit thought that this would "simplify things" for "the average user". I'm sorry, but obfuscating the file system is not the answer. As it is, "the average user" pretty well sticks to "Documents" and their Desktop. No hiding of folders necessary. That seems like a Finder-esque thing to do. And though I love and respect Apple's OS X for its many fine features, Finder is a dreadful bug-ridden horror not deserving of emulation.
So in summary, if you're in Kubuntu (or maybe KDE on any system) and can't see a bunch of folders you know exist, just rm .hidden and you'll be good to go.
And then on to other news. The Nibble has been trying to setup Joomla for our portal site. We need some blogging ability, news feed aggregation, and some static pages for HOWTOs. We installed Joomla 1.5 beta which has several bugs we ran into right away (the "poll" feature doesn't strip backslashes properly, for example) and it's a little to abstract/complex of a system for our needs. We could really figure out how to just do what we wanted (blog, aggregate, static pages) and then theme it and be done. Time to move on. It seems like WordPress has all the features we need (and not much more) so we'll give that a try next.
Okay, back to work for me.
In the case of the former, discussing all the problems I'm having would constitute an all-out rant. It is really a shame but I've just had problems with the last two releases of Kubuntu. Maybe it's just Kubuntu and not Ubuntu in general, but it's really feeling like "the distro of the week". You know, there's things you like about the distro, it gets lots of press, it seems lively, but there's just too many annoying problems that whatever comes out next week may just be better.
Anyhow, rather then just dig in and rant, let me just say that one problem I've fixed is to do with Konqueror not displaying files. Specifically, if I browsed to the root of the file system, I could only see home, media, data (for music and video), and windows. Not etc, var, or other folders that are useful.
It turns out that if there is a file called ".hidden" in a folder with one file (or folder) name per line, then Konqueror will not display those folders. Some dimwit thought that this would "simplify things" for "the average user". I'm sorry, but obfuscating the file system is not the answer. As it is, "the average user" pretty well sticks to "Documents" and their Desktop. No hiding of folders necessary. That seems like a Finder-esque thing to do. And though I love and respect Apple's OS X for its many fine features, Finder is a dreadful bug-ridden horror not deserving of emulation.
So in summary, if you're in Kubuntu (or maybe KDE on any system) and can't see a bunch of folders you know exist, just rm .hidden and you'll be good to go.
And then on to other news. The Nibble has been trying to setup Joomla for our portal site. We need some blogging ability, news feed aggregation, and some static pages for HOWTOs. We installed Joomla 1.5 beta which has several bugs we ran into right away (the "poll" feature doesn't strip backslashes properly, for example) and it's a little to abstract/complex of a system for our needs. We could really figure out how to just do what we wanted (blog, aggregate, static pages) and then theme it and be done. Time to move on. It seems like WordPress has all the features we need (and not much more) so we'll give that a try next.
Okay, back to work for me.
Subscribe to:
Posts (Atom)