April 2003

Right now I'm running qmail for mail delivery and courier-imap for, well IMAP (and POP3 actually). Relaying is allowed for clients that has already authenticated successfully with the IMAP or POP3 server. This is accomplished with Bruce Guenter's relay-ctrl package.

Up until now I've been providing the IMAP and POP3 services over clear text channels only, but I recently added — with the help of couriertls, a component of the courier-imap package — SSL to the game. Now, even-though the relay control package operates as expected I'd like to get rid of it and instead support SMTP AUTH. The stock version of qmail's SMTP server doesn't have AUTH support so I'll have to use one of the many patches available.

However, as passwords will be sent over the wire I'd like this to be encrypted, just like IMAP and POP3. The idea I have is to separate SMTP service in two parts: one for incoming SMTP traffic as usual on port 25, one for outgoing traffic, SSL encrypted and AUTH enforced (i.e. don't accept any deliveries unless authenticated) on another port.

Bernstein's package mess822 contains an alternate (and experimental) SMTP server called ofmipd, the Old-Fashioned Mail Injection Daemon. It provides essentially the same functionallity as the qmail-smtpd program of the qmail package, but it is more forgiving, rewrites headers etc. In other words, it is intended for outgoing SMTP. Sadly, I've found no AUTH patches for ofmipd; doesn't seem too hard to apply existing qmail-smtpd patches though, of which qmail-smtpd-auth looks promising.

Now there are a few high-priority tasks I need to tend to before all this will happen. Stay tuned.

Yesterday I decided to upgrade my PowerBook G3 (lombard) to 10.2.5. Fired up Software Update and began installation. Crash! The machine froze into the ice age. Cmd-Ctrl-Pwr was the only effective measure.

What to do now? It hanged during installation, not download, so the system would certainly be quite instable. I booted up in single-user mode (Cmd-s at the boot sound). The installation package was — as usual — located below /tmp/ and I tried the /usr/sbin/installer on it. No luck. It failed while trying to copy the Info.plist from the package into the receipt package (at its temporary location). I wonder what the real problem was...

After examining the contents of the installer package I decided to try and extract the files manually using pax; the only alternative I could think of was a complete reinstall. So, holding my breath I cd / and gunzip -c /tmp/.../Archive.pax.gz | pax -r. A message on the console saying something like ``no default memory manager" made me shiver, but what could I do? The extraction did seem to complete without problems. Rebooted and loginwindow didn't start. Single-user again to read the logs: loginwindow crashed and it happened in library loading routines.

I went back to the package (yes, before trying to install it I first copied it to root's home folder) and decided I probably had to run the kextcache line from the postflight script. I did, and then ran update_prebinding -root / -force as well. Rebooted and still no luck with loginwindow. This time the logs spoke differently. Apparently the NavigationServices framework (found in the Carbon framework) didn't exist. But it did, with one exception: the executable was named NavigationServices.redo_prebinding. I figured this had something to do with running the update_prebinding; it should probably be named something else. I decided to interpret the extension .redo_prebinding as a request.

I ran redo_prebinding -c ./NavigationServices.redo_prebinding and the exit status was 1, which according to the man page means that the library prebinding needs to be redone. I made a backup and ran the redo tool again, then renamed the result to NavigationServices. Reboot. Lo and behold! There's the loginwindow!

I don't know how safe the upgraded system is right now, but it boots and I've run a few apps, and Software Update apparently believes 10.2.5 is installed. I'll post a note if the machine starts behaving weirdly.

It worries me a bit that this experience is quite similar to what happened to me two weeks ago. The machines involved have two things in common: they're old (G3) and don't have much memory. Could this have an impact? I mean, my understanding is that when a package is installed, pax is extracting the files directly to their ``live" location, so to speak. I.e. if a library routine is needed while the library executable is being written by the updater — crash! Perhaps the risk for such a failure increases with lower memory, as programs and libraries are more likely to have been swapped out?

Please do drop me a line if you have any comments.

I received a message from a friend in Norway with a hotmail account. The message was encoded in ISO Latin 1 (or even more probable Windows Latin 1). Nothing strange in that. One disturbing detail though is that no content encoding is provided, not in the mail headers nor in the HTML formatted content of the message. I wonder if there are preference options in the hotmail GUI that control this? But, even if there are such options, isn't it bad behaviour to leave out the encoding? Or is ISO Latin the universal default in every mail client should try first? Correct me if I'm wrong, but I don't think it is. Yet another deviously calculated measure in Microsofts plan to conquer the world perhaps?

Just gave OmniGraffle Professional 3 a try. It rocks! Haven't looked at it — and consequently, worked with it — for a long time and a lot has happened since. Try it out and see for yourself.

By the way, it's my birthday today if you didn't know that, and I just got back home after spending one hour writing an analysis of Selma Lagerlöf's Kejsaren av Portugallien. Great stuff.

Now I'll probably head off to something exciting downtown. A tasty celebration dinner perhaps, at one of the fine resturants here in Gothenburg.

Jeff Belle of EContent: Wallach, an avid fan of the Dilbert comic strips, found the layout of United Media's Official Dilbert Web site really lame. And so, taking it upon himself to offer the world a better layout, he linked–the better to skirt the copyright issue–directly to United Media's Web server. He called his creation The Dilbert Hack Page.

Copyright infringements through hyperlinking seem so absurd. The article on EContent tells the story of Dan Wallach, the creator of the Dilbert Hack Page. His idea was simple. He created pages with links directly to the comic strip images on the official Dilbert site, owned by United Media. UM of course complained.

The absurd part was that UM took the copyright infringement route. Instead they should of course have made the image URLs dynamic, and perhaps tried to make sure that they could be loaded only from within their site. How hard could that have been?

Found via Recent Lessig News (will perhaps show up under Lessig News Archives URL in the near future).

Tim Bray, RSS Needs Fixing: There are two big problems with RSS that aren't going away and are just going to have to be fixed to avoid a train-wreck, given the way this thing is taking off.

Steve Allen, The Future of Leapseconds: This is a work in progress which attempts to catalog all of the openly-available information about the process which may result in the discontinuation of leap seconds for UTC.

Inspired by something Urban showed me I hacked up a small program that produces calendars with events for week numbers as specified by ISO 8610 (the week numbering standard used in Sweden). It's a hack but works with iCal. The source code for the program can be downloaded here.

Last friday I upgraded a few machines to 10.2.5. One of the upgrades failed miserably and did so while writing /usr/lib/libSystem.B.dylib; the machine was rendered useless. We had for a long time been thinking of switching to newer hardware and I saw the crash as an opportunity to do just that.

After the OS was installed on the new machine and all updates applied I moved over the disk from the old server. Next step was to restore parts of the NetInfo database, namely user and group information. The new NetInfo administration tool (command line version) is called nicl and can work in raw mode, i.e. directly manipulate a database file. This is a great enhancement over the old tools (nidump and niload) that only work on live databases. I encountered one problem though: nicl apparently has no facilities to dump a database to flat-file the way nidump does.

Fortunately the local NetInfo domain is backed up every night using nidump, so all I had to do was copy the relevant user and group data from that dump and paste it into a dump made on the new system. A simple niload the merged data and the machine was essentially up and running again.

Lessons learned: first off, Software Update can be dangerous as it simply un-pax the data directly to its destination. This particular crash might have been avoided if the installer would first unpack the new file to a temporary name, then renam() it. Perhaps. Second, Google is your friend: I knew the NetInfo database was backed up nightly, but Google make me realize the backup was actually a dump, not the database itself. And lastly, I'll submit an enhancement request to Apple asking for a dump command in nicl. That'd be nice.