It’s not quite finished, since compiling with the patch still produces a bunch of deprecated symbols from the Zend PHP interface, but it makes it usable.

As a side note, this was all done on my venerable Atom CPU netbook with a whole 8GB of storage, with connectivity snaffled from the Melbourne city library, McDonalds, and over an epically slow cellular connection. I really don’t recommend this.

I’m also cheap. I refuse to spend several thousand dollars on a CD player and fiddling around with swapping discs, when I’ve already gone to the trouble of ripping all my music to highly convenient FLAC files. Instead, I cheated. I did buy some nice speakers and an amp, but I’m not going to discuss those. Suffice to say that they are nice.

What I did buy, is a tiny silent computer made by NorhTec in Thailand, and a USB soundcard, made by Pro-Ject Audio, who reside in the Czech Republic. The computer is JrMX Microclient. It has a one gigahertz 586 compatible processor, 512 MB of ram, USB and ethernet ports, and in my version, internal space for a half-terabyte 2.5″ laptop hard drive. The delivered cost for this to New Zealand was USD$149 + USD$49 shipping, plus another hundred odd for the hard drive.

On to the computer, I loaded the latest version of the Debian* operating system, and the music playing software mpd. Onto my phone, I loaded MPDroid, which let’s me control said music software from my phone.

All my music is now on this computer, which I can control from my phone. This means I can come home, pull out my phone, and have all my music instantly available. I have no need to turn on my desktop, mess about with a laptop, external hard drives, insufficiently sized iPods, fumble with a poorly designed TV driven menu, sort through CDs, or any other such nonsense, it’s all just there.

It’s running. In a month or so, I might put up some technical details of the software, and how well it works in practice.

* Ubuntu doesn’t support the Ethernet module. Nobody seems to be quite sure why.

Some software – Dovecot for example – is a joy to use, because it’s well documented, and just works, even when you want it to do slightly strange things. Other software, in this case Cyrus saslauthd, is so follicle destroyingly bad, that it needs to be taken out the back and drowned. Twice.

Having procured a shiny new Android phone and talked Vodafone into supplying me with lots of traffic, I set about setting it up to talk my email and Jabber server, and blog, and all that goodness, and everything is shiny.

Later, it occurred to me, that if my phone is stolen, and the thief is clever enough to extract my password, he has ssh and sudo access to my server. The odds of this happening are exceedingly low, but the results of this happening are catastrophically high. Compounding this is that everything on this server hangs off the Kerberos database for authentication, which means that my users don’t have different passwords for different services, but presents problems once users start saving these passwords on to their phones.

But, I had a great idea. Run up local SQL database that has a list of alternate hashes that only work for email, chat, blogs and other non-shell activity. Awesome. I built the database schema and connected dovecot to in the space of a lunch hour., and all was happy. Tonight, I attempted to connect up other systems. After spending an hour and half battling the mysterious server_set_id in exim, I tried to make the saslauthd connect to the database.

After much cursing, I have discovered that the saslauthd SQL plugin requires that the password is stored in plain text, because the SELECT string isn’t capable of substituting the password into the query string. It also doesn’t handle more that a single row response, which means the entire exercise is looking somewhat futile, because my blogging software (wordpress) and chat software (Openfire) and various other bits and pieces all go through the LDAP server which can only do plain text authentication to Kerberos via saslauthd. It is possible to get exim to use the dovecot sasl server, but this architecturally seems like the wrong way of doing things.

And this is why I hated being a sysadmin, so much software out there is just rubbish.

Update: I set exim to use Dovecots SASL daemon. Works great.

One of my little bug bears is that I see posters up for concerts and think ‘Oh that would be cool to go to’ – and then totally forget when the evening rolls around.

In theory, I can put these concerts into the calendar on my phone, but often, that’s just not feasible.

However, there’s a neat bit of software by ZXing that will scan in QR codes, or the equivalent for iPhones. QR codes can embed information in various formats, including events. Here’s one below.

I’d go to so many more events if posters had these.

Update @ 1350 17th Jan: Changed the iPhone link for a free App.

Update @ 1525 17th Jan: Replaced the QR code with one generated locally. Some reader implementations were returning very strange results. If you’re reading this and could try the above code and leave a comment with the software you use and the results it gives, that would be awesome.

xmpp.domain = murrell.co.nz

xmpp.fqdn = tin.murrell.co.nz

# This will generate an MD5 sum hash.
$encrypted_password = ‘{MD5}’ . base64_encode(md5( $newpassword,TRUE)) ;

# This will generate a SHA-1 hashed password.
$encrypted_password = '{SHA}' . base64_encode(sha1( $newpassword, TRUE ));

# This will generate a SHA-1 hashed password with a salt.
$encrypted_password = '{SSHA}' . base64_encode(sha1( $newpassword.$salt, TRUE ). $salt);

References:
RFC 2307
RFC 3112
OpenLDAP Faq-O-Matic

Versions:
PHP: 5.2.10 (Ubuntu Karmic/9.10)
OpenLDAP (Ubuntu Lucid/10.4)

Yes, I could use the various Internet terminals that are now available everywhere, but you just don’t know if those have key loggers or not. I’m not wildly enthusiastic about the idea of someone in Europe getting access to my bank and email accounts. This isn’t likely, because most of the terminals are running Linux anyway, but it’s just easier to take a one kilo netbook, and use for as long as I have a power source, rather than negotiating use of the shared terminals.

Oh yeah – I keep seeing Linux everywhere. I have yet to see another traveller – apart from Aaron – using Linux, although you could argue that facebook looks the same on everything – but I have noticed that a large chunk of web terminals, kiosks, PoS terminals, Wifi captive portals, in-flight entertainment systems, and various embedded devices are running Linux. Though in the case of Meininger Hotels, they use Linux for everything, with a quasi Windows XP theme on the web terminals.

I am curious what has led to this. Is it developer preference, better internationalisation support, customisability, or simply a case of escaping licence costs?

In a fit of misplaced brand loyalty, I decided to go for Asus components where possible, figuring that if everything was Asus, and I had some strange hardware issue, I could let them sort it out. I put in a EN9600GT Silent video card and massive Zalman CNPS7700-ALCU*, and things ran great – not to mention quietly.

A little bit later, I finally picked up a new DVD drive (again, Asus) and a new SATA hard drive to replace the well-out-of-warranty EIDE hard drive that I had been using. I have them on my desk right now.

The above kit has a single EIDE connector, and four SATA ports. For some strange reason, Asus has attached to the power supply four legacy molex connectors and a single SATA power connector. It’s just retarded. Nor did they include any converter cables. I have 1.5 TB of inaccessible hard drive space, because I need the optical drive to install the new OS!

* Photos to follow at a later date.

There’s some obvious benefits to this approach. Emails are unique to a person – or at least, unique to collection of interested people – and their use as a login ID makes it easy to send out new passwords. As a result, I’m sure more than a few people now have an entire IMAP folder full of emailed passwords.

There’s still the underlying problem that users now have lots of passwords, or have to settle for a bunch of websites having the same password, with the obvious security risk.

The plausible solution that’s frantically trying to get headway is OpenID. Currently, it does seem to solve a whole bunch of problems. Especially when all you want to do is leave one solitary comment on a blog that you’ve come across and are unlikely to ever read again. What it’s lacking, is traction.

The problem is one of usability. Users have had a good decade or more of seeing user@domain as a way of identifying or contacting a person, and http://example.com/file as a document or location which you can browse to. OpenID abuses the URI concept not only as a document about yourself, but also as a username, and a hook into the RPC mechanism.

This observation isn’t new. There’s already been large amounts of debate over the use of a URI as an identifier. A proposal was put forward a couple of years ago to solve this by abusing the plaintext authentication built into the HTTP protocol. The main problem is that it requires making certain assumptions about the domains DNS infrastructure, and overriding the authentication mechanism – which is a Bad Thing[tm].

However, the author of that proposal is on to something, and there’s a better solution. There’s a DNS record type called SRV. This record allows you to retrieve servers associated with a domain, much like MX records do for mail. By utilizing this it would be possible to specify the exact server used for OpenID authentication for a given domain.

This approach would also make spreading the load balancing and automatic fail over much easier due to the weighting system built into the SRV records return mechanism. In addition, it would also make it much simpler to virtually host OpenID domains on another hosts servers.

Thoughts?