I know, I know. Curiosity killed the cat. But sometimes when I blog "something fancy", I totally want to know who's looking at it. Or why some things are so popular... (darn image stealers...)

Question mark. CC-licensed. From LeoL30, http://flickr.com/photos/lwr/12364944/-- Knowing that my RSS feeds get a few thousand hits a week sometimes just isn't enough to know :)

Thank heaven on my ISP's server, I have access to my apache log files.

So, let's find out the hostnames of the people reading my (imaginary) article about someting-fancy.

for ip in grep&nbsp;<em>something-fancy</em>&nbsp;access.log.current | awk&nbsp;'{print $1}' | sort&nbsp;-u; do resolveip $ip; done

... Host name of 128... is 128-...public.oregonstate.edu Host name of 128... is pxxx.wlan.cs.mu.OZ.AU Host name of 131... is Cs-xxx.CS.UCLA.EDU Host name of 147... is ...FSV.CVUT.CZ Host name of 132... is ...rz.uni-wuerzburg.de Host name of 210... is ...stu.edu.tw

You wouldn't believe how much information a hostname can give you. (Or sometimes not.) The usual customer lines don't give you much - however it's interesting what universities people sometimes come from. Who in Taiwan, Czech or at the University of Melbourne is reading my blog??

Anyway. Good to know that it's not just the usual search engine bots creating traffic on my blog :)

Curiosity appeased. For a while.

Read more…

Developing software that has been in use for quite a while (like the Maintain network management software I am currently working on), you frequently run into tiny little problems that are somehow the heritage of ancient times. Sometimes, they are easy to use, in other cases they start as small issues and turn into butt-biting monsters ever so quickly.

password...; CC-licensed: http://flickr.com/photos/piscue/36180001/One of these is MySQL's PASSWORD() hashing function. What was meant to be a good idea - having the RDBMS handle the passwords with its built-in hash - turned out to be a bad one: MySQL's password hash changes virtually with every release (okay I am exaggerating), making your hashes unusable, so your customers stay locked out of your software.

To provide some sort of legacy support, in former versions of Maintain the OLD_PASSWORD() alternative was used to authenticate, followed by a re-hashing of the password with the new PASSWORD() hash.

Still, it's only a matter of months until MySQL decides to change its hashes once again, leading to even more legacy code and less transparency in the authentication codebase. Plus, if people don't want to use MySQL at all, they have a big problem: Most other DB engines don't offer a PASSWORD() function.

Therefore the hash was changed to SHA1, leading to yet another special case in the password validation methods.

Anyway, in the upcoming Maintain 3, old passwords will only be supported through a legacy authentication module designed to re-hash the passwords to SHA1, hopefully one and for all times extinguishing issues with changing hashes in the database backend.

The moral: There is a reason for MySQL to discourage use of PASSWORD() in applications. Believe me. They are right.

Read more…

Currently, I have to work a lot with ant for class, and generally, I like it.

The XML format used to describe the build tasks is pretty straightforward, makes sense most of the time and is even pretty extensible, so that things like JUnit testing are as easy as the ABC. Well -- they should be.

When using ant with Eclipse, everything worked fine. But then, when I checked out the project on the command line and confidently ran an "ant test", I was presented with the following error message, which through its length alone has such a beauty that I should truly consider printing it out and put it on my wall to admire it daily.

BUILD FAILED /blah.../build.xml:51: Could not create task or type of type: junit. Ant could not find the task or a class this task relies upon. This is common and has a number of causes; the usual solutions are to read the manual pages then download and install needed JAR files, or fix the build file: - You have misspelt 'junit'. Fix: check your spelling. - The task needs an external JAR file to execute and this is not found at the right place in the classpath. Fix: check the documentation for dependencies. Fix: declare the task. - The task is an Ant optional task and the JAR file and/or libraries implementing the functionality were not found at the time you yourself built your installation of Ant from the Ant sources. Fix: Look in the ANT_HOME/lib for the 'ant-' JAR corresponding to the task and make sure it contains more than merely a META-INF/MANIFEST.MF. If all it contains is the manifest, then rebuild Ant with the needed libraries present in ${ant.home}/lib/optional/ , or alternatively, download a pre-built release version from apache.org - The build file was written for a later version of Ant Fix: upgrade to at least the latest release version of Ant - The task is not an Ant core or optional task and needs to be declared using <taskdef>. - You are attempting to use a task defined using <presetdef> or <macrodef> but have spelt wrong or not defined it at the point of use Remember that for JAR files to be visible to Ant tasks implemented in ANT_HOME/lib, the files must be in the same directory or on the classpath Please neither file bug reports on this problem, nor email the Ant mailing lists, until all of these causes have been explored, as this is not an Ant bug.

This is not an ant bug? Oh yes it is. "ant-junit.jar" is now shipped by default with ant and still, ant claims not to know about that task?

And anyway - why couldn't the developer who took the time to write such a cryptic error message use his effort instead to fix the bug?!

Unbelievable enough - however, since others did a much better job on ranting about ant's worst error message ever, I'm going to stop now and provide a solution for that problem instead (since ant developers obviously didn't feel alike):

Go to $ANT_HOME/lib and make a symbolic link to your JUnit's junit.jar file. The directories differ for most operating systems, but the system is the same: Ant apparently does not find JUnit in its classpath, resulting in the error message above. When JUnit is linked to Ant's library dir however, it can find JUnit and will call the unit tests as expected.

(Now it took me like 4 lines to describe a fix for the problem. Why such an easy fix is not part of the ant error message will probably remain a secret forever.)

I hope I helped some of you guys who have the same problem. Keep having fun programming!

Read more…

One thing reminding us constantly that OSX is almost as crappy as Redmond OS is the Spinning Beachball of Death.

Since I revently gave my Mac Mini a decent amount of RAM to waste for useless eyecandy, I don't meet the little spinning fellow as often anymore.

However, the installation of the Eclipse IDE the last week brought a nice, new beachball appearance: When I use spotlight to start the program (as I usually do, because it's so much faster than clicking through the menu structure), it will kill the system tray in the upper right corner of the screen.

The time stops counting and when I move the cursor over it, I see the cursor turn into the beloved beachball again! :)

I did not find any information about it on the net besides an old forum post in the google cache... But the solution seems to be, not to start Eclipse with spotlight but to actually click on it in the Applications folder or the dock.

Works for me, now.

Is that crazy or what?

Read more…

The popular IM chat service ICQ just upgraded their protocol (German link).

Usually, no big deal. The change should have been announced so everybody could adapt to it.

But, no, of course they just silently changed the protocol and thereby locked out the users of alternative (e.g. open source) IM clients such as Miranda, Gaim or Adium.

While this step is of course intentional (as the ICQ people want their users to use the original client for ad revenue reasons), it is another sign of why even such "trivial" things as closed source messaging protocols are bad. There is no security at all that the "owner" of the protocol will pay attention to your needs at all. Imagine you worked for a company. Would you rely on ICQ for your employees' instant messaging? (Disregarding the privacy issues...,) it would mean that right now, the protocol owner would have seriously impacted your whole company's information flow, costing you gazillions of money. You wouldn't do that if you were a manager, would you? Similarly, why should we put our private conversations into their hands and allow them to mute us at any given second?

There are other possibilities. Meanwhile the free jabber protocol has become so mature that it is flawlessly usable. And more and more people are at least getting a jabber account additional to the other IM chat account(s) they are using.

So, until my messaging clients get an update, my ICQ communication will remain quiet. :( Go §$%$% [*] yourself, ICQ.

And please, people. Get a free messaging client (such as the ones I mentioned above) and get yourself a free jabber account on one of the jabber servers in your country. You can still use your old messaging protocols with them but it's a great step ahead to not relying on un-free communication protocols anymore. :)

(and yes, if you ask, I will probably give you my jabber account address, so that you can add me to your list)

[*] all kinds of swear words to be inserted here.

Read more…

The king is dead -- long live the king!

Spam; CC-licensed by phil-it; Source: http://flickr.com/photos/phil-it/94372462/Most of us Blog authors have kind of a spam problem. So do I, since my blog engine is quite popular not only among publishers but also among spammers. There are several anti-spam plugins out there. The easiest ones use a Captcha, what I never liked at all. It breaks any single aspect of usability. And it keeps annoying the legitimate users of the weblog. I want people to be able to comment on my blog entries with as little effort as possible. If I start bugging them with hardly readable and ambiguous characters, I simply deserve getting no comments. I should not waste people's time.

Others work with some sort of embedded Java Script stuff (assuming the spammers' user agents, unlike regular web browsers, do not interpret JS). That's better, but not good either. Lots of these plugins refuse to take a comment from a user if he or she disables Javascript of course or if the page is accessed through a proxy or whatnot. Just getting a "sorry, I don't like your comment you just spent 10 minutes on writing" will certainly scare away also the most curious visitor of your weblog.

The best approach currently available is similar to the one used by email spam filters: Accepting every comment, but doing a Bayes propability check on it to find out how likely it is spam and putting comments under a specific threshold either into moderation or the waste bin. When I still had Wordpress 1.5, I used to use the fantastic SpamKarma 2 that did a wonderful job on filtering my blog spam. After learning a few legitimate comments, it did not make any mistakes for the last year-or-so.

However, its major drawback was that it kept filling up my database (which is restricted to 50 Megs by my ISP) with spam comments until they were wiped after a week. At times where I got a real flood of spam comments, I even once experienced a broken blog since the database literally did not allow to write any single new record.

When updating to Wordpress 2.0, I therefore decided to give Akismet a shot, a new anti-spam web service whose plugin is now shipped with WP. You have to obtain an API key (which, AFAIK, you currently only get by registering a free weblog on wordpress.com), activate the plugin, hack in the key you just got and off you go.

Since tons of users are contributing good and bad comments, the web service does an impressively good job on putting spam where it belongs: in the virtual waste bin!

While I am still checking it out, I can already say that it does not seem to have a high false positive rate at all. Some legitimate comments went into moderation (therefore asking me to mark them as ham) but none of them was flagged as spam in the first place.

Akismet++ -- and kiss your captchas goodbye!

Read more…

Just as expected before, I was called by the local Mac store the next day to pick up my Mac Mini.

Apparently, the graphics adapter was broken, so they just replaced the mainboard and put the rest of the components back in. So I could finally upgrade to 1 GB of RAM and the system works like a charm again.

It was clearly a warranty case, so I did not have to pay anything. -- Lucky me, as the replacement mainboard is worth $361,- as stated on the repair report!

Fortunately, also all my data is still there, so they did not tamper with the harddrive. At least not much: The technician was obviously intimidated by the Linux bootloader I used for dual-booting my system, so as sensitively as a goat to an endangered mountain flower, he nailed the original OS X bootloader back on the system. -- If he mentions that in his resume, Microsoft will immediately hire him.

However, currently I am working on OS X again and I can say, the difference in speed is enormous. How can an Operating System swallow more than 500 megabytes of RAM at any given moment? It's just unbelievable. That being said, after the RAM upgrade, Mac OS X actually became usable and it starts being fun: I don't stumble on the totally unlogical keyboard shortcuts so often anymore :)

You see, everything's alright in Mac Mini land again!

Read more…

Okay. My Mac Mini's graphics interface died after 6 weeks of usage. Just like that. The system ran well, (meaning I could play around with it via SSH) but it was kind of "headless" without displaying anything. Who needs a monitor anyway??

Mac Mini; CC-licensed; Source: http://flickr.com/photos/darice/85759173/Apparently, this is not a very rare problem, as there is already a support page by Apple addressing the problem. Anyhow, resetting everything doesn't really help a hardware error, so I brought the box downtown to the local Mac store.

From Germany, I am quite used to sometimes getting the worst customer service ever (though it has become better since the last European customer protection laws), so I was (and still am) sceptical how/if they will repair it and how much they want to get for it.

But, Apple is quite famous for its good customer service, so I am quite confident that they will do a good job to my Mini, too. For now, I am at least impressed that I can check the status of my repair online and get quite a few interesting pieces of information:

  • Your "mac mini 1.42 combo" was received at our Corvallis location on Friday, January 27
  • Your system arrived at our service center on Friday, January 27
  • Diagnosis was performed by our technician
  • We ordered parts for your system from the manufacturer on Monday, January 30
  • We received parts for your system on Tuesday, January 31
  • Work was completed on your system on Tuesday, January 31
  • Your system is being transported

Not bad! There are not many companies that have such a transparent repair process. Now they only have to call me tomorrow for picking the box up and not make me pay anything for their hardware problem and I am truly happy.

The real test if a Mac is worth its money, to be continued ;)

Read more…

We need a tagging extension for Thunderbird. Urgently. It's just a pain (and soooo "web 1.0"!) not being able to combine emails in an IMAP folder by other means than making yet another folder. I currently have a class whose mailinglist covers many different topics, and sometimes more than one in the same email. And even though there are only 30 emails so far, yet it has become near to impossible to find what I am searching for efficiently.

Wait - there is already a tagging extension available, right? Well, somehow. It's called "Tag the Bird" and provides some sort of automated tagging approach for your email.

Tagging; CC-licensed, by GliderKing; Source: http://flickr.com/photos/gliderking/71695530/However, I don't feel good about sending all my emails in full text to some sort of web service. No matter if I trust them or not. That's maybe nice for one or two newsletters a week you want to condense to a handful of keywords on the fly (just to find out that the current issue focuses on dancing hamsters so that you can delete the boring thing before even looking at it any closer).

But apart from any automatic tagging approach, I suggest to write a Thunderbird Mail Tagging Extension that allows the users to manually tag their emails (and of course includes searching for the tags). The on-the-fly search field in Thunderbird would not only have to handle sender and subject then but also tags.

Considering large amounts of email in some people's postboxes, it would be neat to store the tags in some sort of field that's searchable by the IMAP server (for not having to download all of the emails in order to execute a search). Additionally, the server itself is the only logical place to store the tags as everything else would require an additional storage facility (file? WebDAV?) that would totally kill every aspect of portability -- a step back to the times where POP3 was state of the art.

I could think of a custom email header called something like X-Tag or so. Still, I don't know if this is a) "legal" with respect to the E-Mail RFCs (it should be, though, considering the vast amount of "X-" tags already used by all sorts of MUAs) and b) if these fields are efficiently searchable by an IMAP server.

Any comments to my raw, unformed "web 2.0" ;) thoughts?

Update: I just found out that somebody seemed to have some sort of similar idea already and announced to be writing a proposal on it soon.

Read more…

That the local gas and water supplier of Lübeck, Germany also acts as an ISP for residential DSL connections is maybe surprising, but not particularly bad.

Painful, however, is that they apparently keep the administrative interface of their customers' DSL modems open to the evil, evil Internet. No prob, as long as it is password protected, you might think. Of course it is. But, to make attacking the poor customers a piece of cake, the current password is automatically provided in a value field of an HTML form.

Every, even only partly intelligent fifth-grader can probably write a script to use this invitation for playing around with other people's internet connection. Which - of course - did not lead the ISP to do anything about the situation so far. Even if they were already mailed a username-password list of all their customers...

This shining example of ISP insecurity really makes me want to cry.

And, considering I am a Comcast customer, I hope that at least they know what they are doing. The last time I had to do with their customer service, I honestly did not have that impression -- so I wonder who's possibly playing around with my modem in this very moment? ;)

(via a German story by Isotopp)

Read more…