Quod Scripsi, Scripsi

Obligatory Application List

I was reconfiguring yet another portable for work and meetings and thought it might be useful to me and interesting to others to post a standard “applications I use” list. These are the ones that I use most often and I try to put on any system I’ll be taking to meetings. Some things like Photoshop are missing because I don’t use them enough to install on every system I use.

• iWork
• iLife
• Microsoft Office 2008
• Adobe Acrobat
• TextWrangler
• Eclipse
• iStat Menus
• Firefox
• Flip4Mac
• iChm
• iTerm
• ManOpen
• OmniGraffle Pro
• OmniOutliner Pro
• Apple Xcode
• The Unarchiver
• VLC
• VMware Fusion
• Cisco VPN Client
• Cyberduck

There are many more applications that I use in specific circumstances, but they aren’t on my essentials list.

I Just Want a Phone

My Razr is finally dying, and I’m casting about for a new cell phone. I have an iPod Touch, and really like it, but I don’t always need a portable computer. It’s also not small, and I can’t really see carrying a phone that large. So I just want a phone.

I don’t want a camera, PDA, “web enabled device”, portable music player, video conferencing device nor even a full address book. I carry a phone to make and receive phone calls, occasionally a text message. I can handle phone keys for entering text, and I really don’t like downloading pictures and video on my phone. I don’t watch much TV, so zero need for that on a device.

I want the smallest, lightest, thinnest phone I can get, with excellent reception and call quality. I tried the Sony Ericsson W580i for a while, and it’s not bad. I couldn’t figure out how to turn off the face buttons, and I don’t need the music stuff. What really aggravated me was the proprietary charger. The Razr uses mini-USB, just like my kid’s Nintendos and my PlayStation controllers and my portable hard drives. I have those cables everywhere. I really hate having yet another cable to carry around or keep in multiple locations. Also, mini-USB can charge from the computer.

So, small, thin, light; excellent reception and call quality, no extraneous features, USB charging. I wonder if such a beast exists. All of the “simple” phones I’ve seen so far have been, frankly, ugly as hell. They’re not thin or light or small. I bet if they took most of the crap out of the new Razr it would be half the size and just what I want. Not likely though. I guess I’ll keep looking.

Great Article on Programming

This article sums up my idea of programming, and what I’ve been trying to express to many, many people around me for some time.

Unified Identity at Penn State

One of my favorite soapbox issues at work is the complete lack of a central, authoritative database of persons affiliated with Penn State and their statuses. I have worked on literally dozens of projects (some ongoing) that require some form of reliable, electronic method of determining whether an individual is affiliated with PSU and more importantly how they are affiliated. I know that there are dozens if not hundreds or thousands more spread out across the University in small IT shops and across colleges.

The main issue is of course political, but there are also technical hurdles to overcome. LDAP is a good start, but it’s far from authoritative and not always easy to work with. I’m currently trying to figure out how to limit access to a Wiki that’s using WebAccess (Cosign) and an extension that automatically creates user accounts in the Wiki based on the remote_user value. The problem is that WebAccess at PSU is not currently configured to use multi-factor authentication, so I can’t do an LDAP lookup in the same step that WA authenticates. I only need (and can only use) LDAP for authorization, but so far all attempts at using Apache modules to do the lookup after WA returns have blown up.

I tried the mod_authz_ldap module recommended by UMich with their patch for a basic auth. Of course the module wouldn’t build with the version of Apache on Red Hat Enterprise 4.5. I did plug through some of the Make errors, but it wasn’t really worth the time, since it turns out to have some serious flaws. I also tried the plain mod_auth_ldap that shipped with Apache on the RH box. It seemed to work, but then further testing revealed that it wasn’t applying the filters and the directive requiring the specific field I needed from LDAP would blow up – code 500.

The real irony here is that if the Wiki was written in Coldfusion, I could use some code I wrote for Dickinson Law last year and do the LDAP lookup in code. Instead, it’s a nightmare of hacked together PHP. Furthermore, I’m not sure that even with caching there wouldn’t be a performance hit from LDAP lookups on each request. What I’m now contemplating is a scheduled script, maybe CF or Perl or Python, that would query LDAP for the subset of users that I need and create a local file that could be used by the basic auth mechanism of Apache via a “require group” directive.

Even if that works, this is still a tremendous pain in the ass for a function that should be very straightforward. We really need to integrate our authentication and authorization systems, because most of us don’t have time to hack this kind of mess together – and we shouldn’t have to.

Update: Yeah, so I hacked an LDAP call into the auth plugin I’m using. It hits LDAP too much, but it seems to work. Bloody php hacks.

A Virtual Co-location Center

We’re moving forward with the virtual colo based on VMWare. It just seems that with the buzz around virtualization, the demand for space and cooling, the cost of setting up and maintaining hardware (not to mention securing the software), now is the time to offer an affordable hosted virtual machine service. It also helps that the physical colo is full.

Not surprisingly, there’s no central funding for the project, but the WebLion (plone) group is very interested and we’ve gotten very positive feedback from many IT managers around campus and from the commonwealth.