njr 3.0

Michael McCracken writes about upgrading the memory in his PowerBook, the resulting performance improvement, and not buying an AirPort Express thereafter. Coincidentally, last week I had the same dilemma, but post-AirPort Express release: memory or music? My choice was the same; to upgrade my memory, and stay with my current bizarre music-broadcasting setup (which involves Nicecast, Shoutcast, and three computers) for a while longer at least. AirPort Express does exactly what I need, though; I hope it takes off, and Apple expands it beyond iTunes.

I had a tendency not to upgrade my laptops ever if at all—my PowerBook G3 still has the same 96 MB RAM it had when I bought it in 1998, and its predecessor PowerBook 540 didn’t get upgraded at all, memory, disk or CPU, from 1994 to 1998. But my PowerBook G4 has moved from auxiliary to main machine since I bought it: instead of having my desktop Mac at my research office, I have it at home, and use my PowerBook at school with an external monitor and Linux box through osx2x. Overall, it works very well as long as I don’t try to run simulations on it; but with 14 applications open, it bogs down a bit (Finder, iTunes, osx2x, Safari, Mail, Colloquy, Adium, Emacs, FileMerge, Terminal, OmniOutliner, Graphviz, Preview, BBEdit, to take an arbitrary sample).

If you’re buying memory, make sure you follow a link from a price-comparison site such as dealram; the price for 512 MB PC133 SDRAM at one vendor went down by $15 when I did so. Just knowing that vendor X will have the lowest price isn’t enough.

Update: my memory arrived yesterday; what a difference. With the above applications open, top reports PhysMem: 102M wired, 218M active, 355M inactive, 676M used, 347M free. Some room to run my memory-hogging research software. :)

2:34 AM | PyCS
No Comments

I couldn’t sleep tonight. I’ve been reading a lot of fiction this week, to the point that I had to put a book down because the imaginary world had become overpowering. I wanted to get back to planet Earth for a while.

In search of technical material, and having left my stack of research papers at school, I noted the lack of Mac publications I usually read in bed. I wasn’t dreaming—there’s a lot less than there used to be.

Consider MWJ. For a mostly-weekly journal (48 issues a year according to the Web site), it’s not doing so well with 13 issues so far this year. I’ve been a subscriber since January 2000; here’s what’s happened to the output since then:

How about MacTech, the other publication for which I have a paid subscription? There hasn’t been a MacTech issue since the Feburary 2004 one, the longest gap I can remember.

What’s going on here? Are mediocre Web sites enough for everyone, to the point that even worthwhile publications are struggling? Weblogs have done a bit to give me a steady stream of interesting technical news, but the number of well-researched technical articles (of which the best example was BYTE, RIP) is tiny.

Updates: Thanks for the comments, folks. Avi reports that he received an April issue of MacTech, and John the March issue. I might have the March one sitting around somewhere, but what led me to believe February was the latest was that its cover appeared on mactech.com (still does in fact). Guess I should find out if my subscription has been “misplaced.”

The y axis of the graph above indicates kilobytes: it was generated from the “size” column in a Eudora mailbox window. (Earlier versions of the graph had the units labeled, but I had to try so many times to get Excel to do my bidding, that I forgot to include it in the version posted above.)

Sven-S. Porst wrote:

The last time I’ve seen an interesting technical article in a computer magazine was well back in the past millenium. As far as I am concerned the magazines deserve to die. While lots of web content are mediocre, the printed magazines aren’t any better. In fact, authors often seem to be less informed than I am and ‘technically challenged’.

Indeed, this accounts for my lack of support for magazines that just shovel uninformed garbage issue after issue. My point was that even those few holdouts which deliver consistently good content, such as MWJ, are struggling, and I still can’t understand why. Not to sound like a marketer, but I get information in MWJ I see nowhere else—in yesterday’s edition, for example, an interesting point about a disappearing Apple board member and a terrific dissection of undocumented changes in the Mac OS X 10.3.4 update.

2:08 AM | PyCS
No Comments

Patrick Boettcher helped me figure out my problems using Authen::SASL::Cyrus with Net::LDAP.

Authen::SASL supports plugins for different SASL implementations: Authen::SASL::Perl includes pure-Perl methods, and Authen::SASL::Cyrus which talks to Cyrus SASL or SASL2. When it fails to find one of these modules, it gives the “No SASL mechanism found” message. But, in my case, the modules were installed and readable.

I was once again caught by my umask. I had installed a bunch of other modules from the CPAN shell, as root with an 077 umask, and the Perl module searching mechanism, I assume, gave up once it couldn’t access a file or directory, even though none of the inaccessible modules were dependencies of Authen::SASL::Cyrus. The Authen::SASL::Cyrus module, which I compiled manually, was installed and readable.

Finally, I needed to use SASL2; compiling Authen::SASL::Cyrus with SASL1 gave me a Perl equivalent of the useless “Local error” I was seeing in Python. python-ldap had been using SASL2 all along.

Here’s the script I ended up with:

#!/usr/bin/env perl

# Generate aliases from Active Directory users with 'mail' attributes.

use strict;
use warnings;
use diagnostics;

use Net::LDAP;
use Authen::SASL;
use Expect;

\$Expect::Log_Stdout = 0;

my \$timeout = 5;
my \$expect = Expect->spawn('/usr/kerberos/bin/kinit',
                           'postfix@MED.UIUC.EDU')
    or die "can't spawn kinit: \$!\n";
\$expect->expect(\$timeout, 'Password for postfix@MED.UIUC.EDU:');
\$expect->send("password\n");
\$expect->soft_close();

# empty callback so Net::LDAP doesn't override it
my \$sasl = Authen::SASL->new('GSSAPI', 'user' => '');
my \$ldap = Net::LDAP->new('med-banting.med.uiuc.edu',
                          version => 3) || die "\$@";

my \$mesg = \$ldap->bind('', sasl => \$sasl);
\$mesg->code && die \$mesg->error;

\$mesg = \$ldap->search(base => 'dc=med,dc=uiuc,dc=edu',
                      filter => '(&(mail=*)(objectClass=user))',
                      attrs => ['mail', 'userPrincipalName']);
\$mesg->code && die \$mesg->error;

open(ALIASES, '>> /home/lists/aliases');
foreach my \$entry (\$mesg->sorted('userPrincipalName')) {
    my (\$username) = 
        (\$entry->get_value('userPrincipalName') =~ /([^\@]+)\@med.uiuc.edu/);
    unless (\$username) {
        \$entry->dump;
        die "can't understand principal name\n";
    }
    print ALIASES \$username . ': ' . \$entry->get_value('mail') . "\n";
}
close(ALIASES);

\$ldap->unbind;

system('/usr/kerberos/bin/kdestroy');

I got the basic idea of the above from Chris Covington’s Postfix & Exchange 2000/2003 how to.

1:12 PM | PyCS
No Comments

More broken software.

I can’t get my RSS feed to rerender; it’s still stuck thinking it’s reStructuredText when it is HTML. Maybe, just once, PyDS would get it right and I wouldn’t have to rerender parts of my site every time I make a weblog post. I’m posting this as much to complain as to see if another post will cause the RSS to be regenerated.

For all its failings, Radio got this one right pretty much all the time. How I wish I had time to fix this…

10:58 PM | PyCS
No Comments

Any scripting language? Any scripting language at all?

My goal: to set up an virtual map in Postfix, mapping usernames to email addresses where present, using a LDAP server (Windows 2000 Active Directory) as a data source, in a reasonably secure fashion. Using OpenLDAP 2.0.27, Cyrus SASL 2.1.15, ldapsearch on the command line did exactly what I wanted, so I thought it’d be simple enough to script. Was I ever wrong!

• Attempt 1, /etc/postfix/main.cf:

  virtual_mailbox_maps = ldap:medicine
  medicine_server_host = med-banting.med.uiuc.edu
  medicine_query_filter = userPrincipalName=%s@med.uiuc.edu
  medicine_search_base = dc=med,dc=uiuc,dc=edu
  medicine_result_attribute = mail
  [...]
  

  What to do for the [...]? Can’t use a simple bind: too insecure. The AD server is not configured to support SSL. Postfix doesn’t support GSSAPI. That leaves anonymous binding, which I couldn’t, after many hours with ADSI Edit, get to do what I wanted. Even if I accepted the security problem of allowing people to enumerate all the users at our site, I couldn’t get anything beyond a DN for domain administrators, some of whom require the above email mapping. It does not seem possible to limit access via IP address.

  So, I resigned myself to running a cron job to populate a hash map or similar with periodic dumps of the LDAP information.

• Attempt 2, python-ldap 2.0.0, search.py:

  #!/usr/bin/env python2.3
  
  import ldap, ldap.sasl
  
  server = ldap.initialize("ldap://med-banting.med.uiuc.edu")
  server.sasl_interactive_bind_s("", ldap.sasl.gssapi(""))
  
  res = ldap.search_s("dc=med,dc=uiuc,dc=edu", ldap.SCOPE_BASE,
                      "(&(mail=*)(objectClass=user))")
  print res
  server.unbind()
  

  In competition for the least helpful error message of the century, up there with “An error has occurred: Success”:

  % ./search.py
  Traceback (most recent call last):  File "./search.py", line 8, in ?
      server.sasl_interactive_bind_s("", ldap.sasl.gssapi(""))
    File "/usr/lib/python2.3/site-packages/ldap/ldapobject.py", line 196, in sasl_interactive_bind_s
      return self._ldap_call(self._l.sasl_interactive_bind_s,who,auth,serverctrls,clientctrls)
    File "/usr/lib/python2.3/site-packages/ldap/ldapobject.py", line 94, in _ldap_call
      result = func(*args,**kwargs)
  ldap.LOCAL_ERROR: {'desc': 'Local error'}
  

  I am not the only person with this problem.

• Attempt 3, Net::LDAP (part of perl-ldap 0.31), Authen::SASL::Cyrus 0.11, search.pl:

  #!/usr/bin/perl
  use Net::LDAP;
  use Authen::SASL;
  
  my \$sasl = Authen::SASL->new('GSSAPI', 'user' => '');
  my \$ldap = Net::LDAP->new('med-brevis.med.uiuc.edu', version => 3) || die "$@";
  my \$mesg = \$ldap->bind("", sasl => \$sasl);
  \$mesg->code && die \$mesg->error;
  \$mesg = \$ldap->search(filter => '(&(mail=*)(objectClass=user))',
                        base => 'dc=med,dc=uiuc,dc=edu',
                        attrs => ['mail', 'userPrincipalName']);
  \$mesg->code && die \$mesg->error;
  @entries = \$mesg->entries;
  foreach \$entry (@entries) {
      \$entry->dump;
  }
  \$ldap->unbind;
  

  This looks so good, as just a month ago, people claimed it worked. It doesn’t for me.

  % ./search.pl
  No SASL mechanism found
   at /usr/lib/perl5/site_perl/5.8.0/Authen/SASL.pm line 62
  

After over eight hours of work on this, and assuming I don’t hear back from anyone by tomorrow, attempt #4 is going to be parsing the output of ldapsearch. I was going to get research work done today, too…

Posting code from PyDS’s RPC interface is a complete nightmare; it unescapes everything constantly, tries to interpret $-macros, etc… I guess Georg just uses reStructuredText, but that’s no use until I have a weblog editor that supports it.

10:33 PM | PyCS
No Comments