FTP for Windows – FileZilla is the way to go.

Windows IIS comes with an FTP component. I wish it didn’t. Because it is there, one would be tempted to use it. Do not succumb to this temptation. Pain and misery will ensue.

First off, IIS FTP is painfully slow. You can actually feel it in your bones how slow it is if you have used anything else. Second, it is completely dangerous. Here is what I mean by that. IIS FTP uses real Windows user names for authentication. It’s possibly to use the same real user and password as on the startup screen on your domain-cotrolled desktop or laptop.

This means that anyone can use FTP to attempt to locate usernames and passwords that work all over YOUR network! Yikes. Even worse, the bad guys will attempt to find your DOMAIN ADMINISTRATOR username and password. This is a search for the keys to the kingdom. It is possible to limit the exposure, but by default any user could be at least exposed as being a valid username, even if that user can’t login to FTP.

There is hope here, in the form of FileZilla Server. It is fast, it uses its’ own list of users, not the local computer’s or the domain’s, and you can set individual user directories with per-user rights. It’s quite simple to set up and has a great Windows FTP client available. And it’s free, but you can make a donation to the cause.

BIND and DHCP – More of an adventure than it should be.

Running DNS and DHCP together should be easy.

It is in Windows, for instance. One would load the services, preferrably on an AD, and everything works together. DHCP updates DNS. DNS provides what DHCP needs. All nice and neat. One doesn’t even have to tell either service that the other exists. It figures it out.

Not so much on Linux. First off, they are completely separate services. I don’t have a problem with that. The problem comes when trying to get them to work together, where DHCP can update DNS with its lease information. There are keys to be handed over, journaling files to be written, plus SELinux and standard file access issues.

Once it works, it’s just fine. But getting it there can be interesting.

For instance, the named service entry in init.d reverses out a very important SELinux boolean. I set the variable by hand with setseboolean -p named_write_master_zones 1, which allows named to write DNS entries in a master zone. That’s pretty important to be able to do. Then I go to start named and the messages log tells me that the named_write_master_zones was set to 0 by root! Huh? What’s up with that? For some reason, the init.d entry always toggles the value. So I edited the init.d entry so that it always sets it to 1. This could cause other problems down the road if I ever turn this server into the secondary DNS server. I’ll burn that bridge when I come to it.

There goes an hour of my life I’m not getting back.

vsftpd FTP server with MySQL Authentication

I like FTP servers. Everyone should have one or two. Don’t know why I like them so much. I just do. They make me feel all techie.

Given the choice, I will usually install vsftpd on a Linux box. Fast, secure and stable. One thing I don’t like to do is to create real Linux users just for those folks who are going to use FTP or HTTPS logins. It’s a pain and a security risk. I almost always use virtual users when I install FTP servers.

A virtual user in this case (as in most,) is a username and password that can be used for service (such as FTP) that does not really exist on the system. It will exist only in a database in mySQL. Even if a username and password are discovered, only the FTP service (or specific other services you identify) will be affected. And it will only affect those areas where that virtual user has access on the FTP server.

Another huge advantage is that you could have almost limitless numbers of users. An additional user is just an entry in a database. There are no new system-wide rights additions or changes, no new groups to maintain, no linux home directories to maintain, just new subdirectories to one existing directory. All this will run on one single, limited access Linux user. Nice and fast. Nice and safe.

For more detailed information on doing this yourself, I have a drupal-based WIKI on this here:https://tboland.homelinux.org/drupal/?q=node/11

Can't remember as many telephone numbers as you used to?

It’s not just you. The difference in the ability to remember 7 digits, chunked into 3 and 4 digit chunks (123-4567) versus 10-digit chunked into 3-3-4 (123-456-7890) is HUGE! Nobody can remember phone numbers any more. This explains the panic when:

  • you can’t find your PDA, or your organizer
  • your wireless phone dies and you have to replace it and you can’t get your contacts off of the old one
  • you leave the wireless phone in the car for five minutes.

In case you are interested in this kind of thing, here are some links with more information on the subject:

  • This is from Norway, which uses different telephone number “chunking”, but has some really neat information on memory, digits and chunking.
  • Even more is here, specifically about memory and the “magic number seven“.
  • Original source material, Miller 1956, The Magical Number Seven, Plus or Minus Two: Some Limits on our Capacity for Processing Information as html or pdf


What I learned from Anna Kournikova

I certainly didn’t learn anything about tennis from her. What I did learn is that in certain areas, computer training gets trumped by human nature, just about every time. In the words of Robert Heinlein, “Never try to teach a pig to sing. It only wastes your time and it annoys the pig.”

Many moons ago, there was a computer virus called Melissa that required users to open up an attachment to an email. There was this big sturm und drang all over the place in corporations and offices and the media all over the country about not opening email attachments you weren’t expecting. Big push on this. Not three months later, the Anna Kournikova virus comes to town where you have to do the same thing, open the attachment.

These viruses (virii?) used classic, hard core, brute force, social engineering. Melissa was also known as the I love You virus, where you received an email purportedly from someone who loved you and they sent you something nice. The Anna Kournikova virus was much simpler – it promised nude photos. You can’t get more basic than that, now can you?

What it taught me is that people are not very good at learning something in the virtual world and applying it in the virtual world. They thought these two things were different, while every network admin in the world saw these as exactly the same thing. This is not something that gets trained very well. Some people get it, most people don’t.

What this means to me is that I am loath to teach computer users too much about their computers because it ends up not being a good use of any one’s time. If something is important to them or their jobs, they will find a way to do it. That might include asking me – and that is great!! I am there in a shot for training like that. But if it is a conference room full of people who are required to do it, the only thing anyone gets out of it is possibly the free sandwiches and soda.

I am not saying that people can’t be taught computers; I am saying that most people will figure it out on their own, or not. They have to have the first step of motivation and action. Without that, training is pretty much a waste.

As far as viruses and spam are concerned, I have three levels of virus protection enforced on email, and two on everything else. There is no user intervention. I don’t tell them what or how I deal with viruses unless an individual asks.


Revisiting CD’s after iPod

Using the iPod for two or three years, I thought I was pretty much over CD’s. It was kind of a “How ‘Ya Gonna Keep ‘Em Down on the Farm?” kind of thing. How can you go back after the convenience, selection, portability, quality, etc.

Don’t get me wrong. I love the iPod. The design is brilliant to this day. The first time I put it in my hand and made some song selections, I went “this is the way it’s supposed to be.” I even splurged on a set of very decent headphones. I ripped my entire CD library to MP3, just like everyone else.

Something was missing. Some depth, some space, some imaging, some something. I found that something on the source CD’s played on very decent audio system with real speakers. I’m not sure this is going to make sense, but when I play an exceptional song on the iPod, I hear the music, and very well, too. When I play the source CD on my home system, I not only hear the music, I see it. I can tell where everything is placed in my head.

Most of the sound is there when I listen to the iPod. But there is a dimension missing. A dimension of space.

I have had a similar problem with remastered CD’s of albums that were originally released on vinyl. There is often something missing there. Usually, the CD sounds “colder” and “brighter” than what I remember the vinyl to be. Plus, if it is a remix, it’s usually pretty bad.

Will I go back to CD’s only now? Of course not. I’m not stupid. What I will do is to listen to my CD’s a bit more so I can remember the dimensions that I am missing and then use the iPod version to basically recall the images I hear when listening to a CD on good equipment.

This means that Anne is stuck with me having expensive equipment with pretty good size tower speakers. Sorry, dear.


“No” means “No”, maybe

The interaction between the sales department and the IT department can be a very interesting thing. A lot of it relates to how you view the word “no.”

In IT, when we say “no,” we usually have a really good reason. The usual suspects for saying “no” are:

  • Something is going to fail
  • It won’t do what you want
  • It will be ridiculously expensive
  • It will be an horrendous amount of work for everyone.

I don’t want to say “no,” but when I do, I really mean it. I’m not being capricious, rash, or nasty (most of the time.) I have thought about it or have enough direct experience that I know what will happen. “No” is a conclusion , a result of rational and reasoned thought. That’s a lot of what IT folks get paid for.It has been my experience with better salespeople that “no” is the place where negotiations start. In their line of business, they are trained to overcome the “no” to get to where they think they need to be.

Thinking about it a little further, it is not only salespeople, but sometimes lawyers and anyone who have read too many books on the art of the deal or negotiations. Those folks seem to cluster in the sales department more than other areas, but they can exist in almost any department.

The IT department comes off as being hard-nose blankety-blanks who always get in the way of progress and the salespeople come off as selfish, not listening or not understanding basic English. Neither is true, but it certainly feels true to both sides.

I think part of the issue is also how you view decisions and opinions. When asked a question or for an opinion regarding a subject for which I am responsible, I take it very seriously. It may not take a lot of time, but the answer you get from me will be my best effort to make what you want happen to happen in the best possible way. Sometimes, given certain restraints, you are better off not doing it the way it was presented.
When the negotiations over “no” start, I can get to the point where I feel that you asked for my somewhat expert opinion, I gave it to you, and the negotiations are not adding any new information that will change my mind. You asked for my opinion, I gave it. Normally, you are not going to be able to negotiate me off of a technical concern. If you want to overrule me, that’s OK too. I understand that I am not going to win every battle. Just don’t ever think you are going to win the technical argument. When I get overruled over a “no”, that’s usually not fun, because of the reasons for “no” outlined above. I just have to change the parameters to mitigate the damage or live with consequences. That’s life. It’s OK.

It took me the longest time to understand what was happening. Now that I do, I try to remember what “no” means. That’s something I thought I learned when I was about 2 or 3. Live and learn, I guess. TomOriginally written on 25 June 2007, heavily modified 26 June 2007, 7:00am PDT

$200 trash cans

I was at Linens ‘n Things last night. Anne was looking for something, I forget what. In touring the store, I noticed a standard, everyday kitchen trash can for $200. Now, who really needs a $200 trash can? If you want a trash can that expensive, I would normally say that’s your business, and why should I care?

There is a problem, though. Just by the fact that there are $200 trash cans in the market, all of a sudden almost all the prices of standard trash cans have gone up. Because in comparison to $200, they are still inexpensive. I have been noticing this a lot recently, where the entire market for an item is being pulled up by the craziness at the top.

Stop the insanity! Don’t buy the $200 trash cans or the $30+ lb Yukon River salmon. It raises the entire market and we end up paying more for normal wares. So you buying that expensive stuff you really don’t need costs me money. Cut it out.


p.s. If you are going to buy crazy stuff like this, please do it for wine, beer, liquor, cigars, cigarettes or a junket to Las Vegas. I don’t participate in those markets. So I would much rather you buy a $200 bottle of wine than that stupid trash can. Yes, I am being petty and greedy. That’s what free markets are all about.

Quick Browser Comparison

So Apple thinks Safari is a good browser. Internet Explorer is the 500-pound gorilla. FireFox is the upstart, open-source, viva la revolucion, browser. Opera is, well, Opera. Are there differences? Does it matter?

In order, yes there are some differences and it sort of matters.

They all are going to take you to the same pages. They all are going to let you search. So in that sense, it’s not that big a deal.

I already had IE7 loaded on my computer, so I downloaded the newest version of Safari (beta), FireFox ( and Opera (9.21). They were installed within 30 minutes of each other. All 3 installed flawlessly, including picking up some tricky proxy settings from the Internet Explorer connections settings.

There are differences in how pages display. While this is somewhat subjective, I think that, in order, the displays go to Internet Explorer, then FireFox, then Opera, then Safari pretty far behind. The links are a sample screen shot of the same page in each of the browsers.

  • Internet Explorer has the advantage in that a lot of sites are designed to look good in IE over anything else. It is never the worst looking page, and usually the best looking overall. Sometimes Safari does a better job especially with larger headline and caption fonts. It is not as fast as FireFox to refresh a page, but faster than Opera and Safari.
  • FireFox does a good job on matching the vertical and horizontal spacing of IE, but uses a slightly different font set that may not be as appealing. Usually, body text is fine, but larger headlines and captions can be pretty bad – sometimes the worst of the bunch. It is the fastest to refresh a page.
  • Opera displays the fonts better than FireFox, but it’s vertical spacing is way different than FireFox or Internet Explorer. It is pretty fast, but not noticeable faster than IE, and slower than FireFox. It also does not have a home page button out of the box. You have to add it to your toolbar.
  • Safari for Windows is a beta, so I am not that upset yet. It has the most inconsistent display fonts. Some pages look great (maybe the best of the bunch) and some pages look horrible (the worse of the bunch.) The vertical spacing is better than Opera, but still tighter than FireFox and IE. It had the sllloooowwwwest refresh rate of any of them. It also does not have a home page button out of the box. You have to add it to your toolbar.

So, what does this mean?

  1. Internet Explorer is still the browser to beat.
  2. FireFox could be the browser to do it, but it is just short of slaying the Microsoft beast. I can certainly see using this as your primary browser.
  3. Opera is still pretty niche. It’s vertical spacing problem really can mess up the comparisons.
  4. If the full release version of Safari is not a vast improvement over this beta version, skip it.

Tomp.s. This is ongoing project. I will make updates to this post or add comments as appropriate