Dead Trees and eBooks

Last night, as I wrestled with Monday night insomnia, I was thinking about how I prefer reading a dead tree to trying to scan pixels on a screen. My thought process usually ends there - I accepted my preference and moved on. Last night I happened to have a lot of time to kill, so I pondered the root cause - why do I find it difficult to process information from an eBook.

After a while, it finally clicked! I have a very specific reading style - I’m not linear in any way. When I open a book, I’m actually looking at two pages at the same time, taking all of it in. I don’t so much read each word as take a snapshot of the pages. I also flip around - when something catches my eye, I’ll stick my finger into the book as a placeholder, and search for more information about whatever I noticed.

An eBook is a different beast - if I want to be able to read the text, I can only see a paragraph or two on screen at the same time. When I want to see the full page, I have to zoom out so far that the text might as well be hieroglyphics - certainly doesn’t enable me to see two pages at the same time.

Based on that, I’ve decided to try to fiddle around with Acrobat and try to re-create my preferred knowledge hoovering style. I’ll see if I can shrink/widen thing, maybe rotate a monitor or two, maximize across multiple monitors, etc. Unfortunately, dead tree printing won’t be around forever, and all signs point to eBooks in one form or another. Time to adapt.

All of this came about because I snagged a few books about Drools and jBPM - the physical medium had the virtual as a bonus. While I’m waiting for my books to arrive, I’m trying to glean some knowledge from the digital edition.

Business Etiquette

You know what - yes, I was printing a big ole’ document. You wanted to do something using the same multifunction device at the same time? Guess what, you didn’t have to cancel what I was doing! It can scan AND print at the same time! I know that it is a pretty crazy scenario, but still. Next time, just let it go - I promise we can both be happy.

This is Interesting

Apparently there is another Michael Laccetti in the world - seems he lives in the US and went to UAlbany. I can still claim to be somewhat unique as Michael is my anglicized name, but still. The interesting part is that it would appear that he is donates money to UAlbany.

How do I know this? Well, this is where the fun comes in - Google is screwing up pretty hard. You see, I have michael.laccetti -at- gmail.com, and it would seem that my counterpart has michaellaccetti -at- gmail.com. Google is busy sending me his e-mail.

I actually thought it was spam, until I realized it was thinking me for a donation, not asking for one. I looked at the message headers, and yup, it is actually coming from the right place. That means that Google cannot figure out that an e-mail with a period goes to me, and without goes to him.

Seems to be a pretty big problem entirely a feature.

Edit:
As it has been pointed out (some times more politely than others - I don’t quite understand why people miss out on being polite, costs nothing), this isn’t actually Google’s fault.  Their MTA actually does this on purpose.  Yip yay Google.  Just means that whomever donated to UAlbany forgot their e-mail address.

A Computer in Pictures

x 2
x 4

x 4
x 3

Quote of the Day

“We’re working against opponents who make politics personal—who distort and deny the truth and put partisan gain ahead of the national interest.”

— Michael Ignatieff

Getting Solaris 10 to Authenticate Against OpenLDAP

Brief History:
I’m busy setting up a new debug/staging environment at work so that we can consolidate the many tens of old FreeBSD 4.4 (ohgod) and Solaris 9/10 servers into a few distinct Solaris 10 servers.  Personally, I would have gone with some sort of Linux distro, but for some reason somebody thinks that Solaris is the way to go.  Now, if we were switching to OpenSolaris, I might not complain too much, as it has a proper package management system and recent versions of applications, but Solaris 10?  Short of me becoming a certified Solaris admin, it is pretty painful to deal with - the install is designed more as a right of passage than an application, finding out what went wrong where is better left to those with an ability to see into the ninth dimension, etc.  However, Solaris 10 is what I have to work with, so on we go.

The Servers:
The idea is relatively simple - one Sun V40z with a large RAID 5 array running openfiler connected two two networks, one for debug and one for staging.  The debug environment would then have two V40zs with an iSCSI mount that stores data that needs to be shared between the servers (configuration files, J2EE apps and the like) along with some zones to allow us to run WebLogic 9.2 and 10.3 side by side plus zones for Apache/Perl/PHP stuff.  There are also two V20zs that will be setup with an iSCSI setup to support an Oracle RAC instance.  There is a final pair of V20zs that are to be used for any Windows-specific services (we have one or two).  All of these servers will be setup to talk to the OpenLDAP server that openfiler ships with, so that we can have a centralized location to store credentials.

The Implementation:
After doing some digging, it appeared that there were two ways of setting Solaris 10 to use LDAP - use PADL’s pam_ldap module, or configure Solaris natively using a tool called ‘ldapclient.’  After doing some digging, I chose the former, since it is the native way of doing things, and I didn’t want to download/compile/manage anything special.  More digging ensues, and I run into a ton of documentation talking about setting ldapclient up under Solaris 8 or 9, but not much for setting up Solaris 10.  This is pretty odd, since Solaris 10 is four years old at this point; not exactly new.  Thus began the travails into trial and error - and into seeing how far I could push myself before I lost my grip on reality.  With that noted, on we go!

The first step is to setup openfiler to use LDAP - not a very difficult task to do!  You just need to login to the openfiler administration UI, tell it to use LDAP, and off you go.  Some of the defaults that openfiler used didn’t sit well, so I hacked at it for a bit.  Pop open the file /opt/openfiler/var/www/includes/ldap.inc in a text editor; I changed the home directory from “/dev/null” to “/export/home/”.$username so that the directory would be valid.  I also changed the shell from /bin/false to /bin/bash as I actually wanted my users to be able to login to remote places.  I also modified the create_slapd() function as the LDAP config will be (re)written when you enable LDAP and Solaris needs a more special setup.  You need to download the nisdomainobject schema, DUAConfigProfile schema and solaris schema to /etc/openldap/schema/ and then add them as includes to the slapd.conf file.  I also added in a section at the bottom of the config generator to add in TLS support as transmitting credentials in cleartext is a no-no.  (Of course, I discovered that ldapclient has issues talking TLS, but that’s a problem for later.)

So, openfiler is now serving up our LDAP content, time to modify the LDAP itself!  Step one, your root DSE needs to have two additional object classes added to it - domainRelatedObject and nisDomainObject.  Both will require new attributes to be set, and both should have the same value, corresponding to your domain name.  So, if your root DSE is dc=blah,dc=me the attributes would both be set to blah.me.  With the root DSE added, you need to add a profile that ldapclient will use to configure itself.  This requires two entries to be created - a new OU and an entry underneath it.  Here is the LDIF - change the IPs and off you go!

dn: ou=profile,dc=blah,dc=me
objectClass: organizationalUnit
objectClass: top
ou: profile

dn: cn=Solaris,ou=profile,dc=blah,dc=me
objectClass: DUAConfigProfile
objectClass: top
cn: Solaris
authenticationMethod: simple
bindTimeLimit: 2
credentialLevel: proxy
defaultSearchBase: dc=blah,dc=me
defaultSearchScope: sub
defaultServerList: 10.10.10.10
followReferrals: TRUE
preferredServerList: 10.10.10.10
profileTTL: 0
searchTimeLimit: 30

Next step - configure LDAP on Solaris!  Run this magic little command, replacing the password with the openfiler password, and the correct IP of the openfiler server:
ldapclient init -a proxyPassword=somepassword -a proxyDN=cn=openfiler,dc=blah,dc=me -a domainname=blah.me -a profileName=Solaris 10.10.10.10

When it is done (may take a while, and doesn’t tell you SQUAT about what it is doing), you should see this:
System successfully configured

If you don’t, you are in problem town; run the previous command, but throw a -v in there so you can see what it is doing.  On one of the RAC clients the LDAP service (svc:/network/ldap/client:default) was stuck in maintenance mode, which was hoofing everything up.  I had to manually create the /var/ldap/ldap_client_cred and /var/ldap/ldap_client_file files, fire the service up, then try again.  Hopefully you don’t have any issues as it is very difficult to figure out what is going on and how to fix it - I wasted a HUGE chunk of time yesterday trying to get the ldapclient command to work.

At this point in time, you should be done, and should be able to create a user in openfiler and login to using that user on your Solaris 10 machine.  Two notes to this little guide: I still haven’t figured out how to get Solaris/TLS to work yet, and I also need to find out how to have a user’s non-existent home directory created automatically when they login for the first time.  But hey, that is what Friday is for!

Good luck!

I unlocked the Coming Down! achievement on Red Faction: Guerrilla! http://ping.fm/1wBha

DoneDone guys got back to me - seems that there is a cookie coming back that I need to rip out and send back in with other requests. Eek!

I unlocked the Bling achievement on Trials HD! http://ping.fm/rxjFl

I unlocked the Tank Buster achievement on Red Faction: Guerrilla! http://ping.fm/6hEDt