May 2003 Archives

More and more people are asking me questions about replicating their computing environment in multiple locations. One client recently asked how he could have his Internet Explorer favorites at home be available at the office.

Since I am a bit sarcastic, and I had setup an Exchange Server and VPN for this client, I was tempted to answer:

With a domain login and portable profiles.

The sarcastic part is that my client asked for an easy solution, and portable profiles usually deploy with limited success in the wild. The answer that will work better for most of you is to export your favorites to a floppy disk, and import them at the office.

Recent versions (tested on 6) of Internet Explorer have an Import Export wizard that you can use to export the files at home, and then import the files at the office. To start the wizard, users choose

"File->Import Export..."

Another client asked about web mail. (The official answer is: I am working on it.) The concern was checking mail from the road.

I got to thinking about this one too. Last time I upgraded IE, Outlook Express a mail and new client was a fairly integrated part of the installation. (This is a technical, not a legal, opion. ) This leads me to think that Outlook Express is on almost every PC where Internet Explorer is, including I believe the Mac.

Understand that web mail is just a mail client that lives on a web server somewhere and you'll know why networking professionals think things like:

So if users can remember a URL and their ID and password, why can't they remember a hostname, their ID and a password?

As more and more users need access to information when they are in remote environments I think these tasks will be as easy as turning on a computer and starting Windows. Until then, I think it is still within the technical grasp of most users today, sometimes they just need a shove in the right direction.

As most technical web professionals know, read any CGI programming news group, mailing list, or web based forum long enough and someone will ask a question about uploading files to the server via a form in the user's browser. Its something we all have to do for clients from time to time, and as an administrator, I can tell you it does represent a security exposure.

One should be careful how they accomplish this, pay attention to authentication and authorization, and be careful what is done with the uploaded files until it is known what they are.

Over the years, I have used a variety of CGI programs that have accomplished this for me, and those of you who use perl and use CGI(.pm) will be glad to know that this is supported.

This article is not about programming or even the perl way to accomplish this specific task. This post is to point out a php program for posting photo's to the web in a photo album format. There are tons of other programs that do this, in a variety of languages presumably larger than the two I have mentioned.

But I used Gallery, and you can see the example here. What is useful to some of my clients is the ability to upload binary image files right in a browser, without needing to use FTP. It is limited in the kinds of files that can be uploaded, only pictures are allowed for saftey.

Here are some useful (you figure out how useful) things one can do with the amazing Dave's Toolbar I mentioned last week:

Convert temperatures right in the edit box:

temp 70 /f
results in
70°F = 21°C 294°K 530°R

Web designers will find it particularly useful to open a browser window at a certain resolution. For instance I am writing this in the window that opened when I entered this in my toolbar:
winres 800 600 http://www.advisorbits.com

(Or a URL like that anyway...)

Here's one to gererate dummy text for web page mock-ups:

lipsum 12

(If you don't want to get Dave's tool bar just to see what that one does, check this out: http://www.lipsum.com/ for a useful web designer's tool.)

Track Packages :
UPS 1Z23495743892095 (*example tracking number only)
Brings up the summary package tracking information for this tracking number in a web browser window. Haven't tested all shippers, but the menu has UPS, FedEx, DHL, AirborneExpress, and the US Postal Service. (Does this mean Dave's toolbar can "Go Postal?" I'll have to do a security audit. )

While this is not the first time I have seen any of these tools, it is the first time I have seen them neatly gathered together in one place on my Windows desktop. Look for future editions of Stupid (useful?) Pet Tricks (with Dave's Toolbar) as I find other cool things it can do.

Yesterday I got the Garden Party Web site majorly tuned up. It's all pretty well managed through the same tool I use to publish AdvisorBits, Moveable Type.

Moveable Type supports plug-ins and there is a small but active group of independent programmers contributing modules. If you use moveable type as part of your marketing strategy, or even just for personal use, you should get over to mt-plugins.org and check out the stuff they have!

The plugins are really easy to install. All I had to do was create a plugin directory in my MT installation, and put the downloaded plugin files there. The plugins are written in perl, and Ben, the author of MT, has written the API very nicely; according to most reports it is easy to use.

I installed RelativeDate by David Raynes to do the countdown to Garden Party. This one generated errors because I needed Date::Calc. This is in the instructions and there is a way to see if it is installed on your system. If not, it installs pretty easy with CPAN, but you also need Bit::Vector, which required some time to test. This should not be a problem for most users, and most systems administrators should be willing to install the modules needed, if perl is a supported part of your web account.

I also installed BlogTimes, which generates funny little graphs detailing the distribution of time of day when I post to the Garden Party Journal.

The MT Plugins site is maintained by Kristine and other voluteers who have been very helpful. BlogTimes was off line a few weeks ago and I wrote one of those notes that never gets answered "Where is ....?". Kristine answered it when the site cam back up, I thought that was nice. And among other things, she makes templates for Blogs. So if you need a blog design, you might want to see: http://love-productions.com/portfolio/ I may as well warn you now, the site is pink.

This article describes a good basic strategy to take when you are forced by a security compromise to reinstall your servers. It hasn't happened to me in a couple of years, but Mathew Tanase struck a cord with me in "Starting from Scratch: Formatting and Reinstalling after a Security Incident" when he says:

There is a point you reach in the recovery process, after you have done a little digging, put a finger on what might have gone wrong, where you come to the proverbial "fork in the road". Every security professional or systems administrator has faced the decision at some point in his or her career: is it better to try to repair the damage, or just reinstall the system and start from scratch?

I already mentioned this list. But this week I was reminded how simple things like putting prices on the page can make a big difference. As Neilson says:

Price is the most specific piece of info the consumers use to understand the nature of the offering, and not providing it makes people feel lost and reduces their understanding of the product line.

This week, I was given a referral for a subcontractor. I reviewed the very nicely constructed web site, and the site convinced me that the contractor could do the work I needed. The only question I had was how much it was going to cost me. It was the only thing standing between him and a decent opportunity to gain an on-going client for his professional services.

I could not find the pricing information on the site. So I sent an email with the stated purpose of obtaining pricing information. Two phone calls later, I am aware that this contractor has had a routine, not major dental appointment, and that while he does have a relationship with his banker, he does not think he is an "A" list customer because of the interest rate he gets. (How ironic, his banker doesn't give him a good price. )

But I don't know anything about how much it will cost me to him to do the work I need, other than "It will be expensive to do what you want."

So I will probably find someone else who will tell me how much they charge.

I am learning from the rule too. On my business pages the prices will be more prominently featured. I am also going to mention this to several of my clients who don't feature pricing on their sites now.

Dave's Quick Search Deskbar is a likely to replace my Google Toolbar as most useful Internet Information tool. The idea with both is simple, to put a search box on every screen. Google does this with its Internet Explorer Google toolbar. The downside to this is that the broswer has to be open in order for the search tool to be accessible, and although its ability to search parts of Google is extreamly strong, it searches only Google.

Dave's Toolbar sits in my Windows task bar. (So I guess it won't work for Mac or Linux.) Dave's Toolbar searches Yahoo, and CPAN, both other places I look. It searches SlashDot, the Bible, Walmart On-Line and the Yellow Pages to give you an idea of how many places it works with. It even tracks packages with UPS and FedEx I guess.

The interface is a little tough to get used to, there is only and edit box and on menu button. That may be a matter of of my taste or experience, but I wonder if the average user will understand and use all the extra fetures. There was a glitch unlocking my XP toolbar, but other than that it installed very easily. As an added bonus it shows the time so I was able to recapture some screen real estate by turning off the Windows clock.

Both tools are worth having. (And to disprove the free lunch theory, they're both free.)

Talked to Antec. Total failure of ecommmerce. Their site does not mention the part which I so desparately need. SL300XR. You can only get it if you call their 800 number. Which was answered by a human on the second ring, who was able to tell me how to obtain the part. (Only by calling.)

They do tell me very clearly on the web site how to test it, this is how I knew it need to be replaced. I guess if the manufacturer tells you to put power supply outputs, it's OK, no matter what Mom said when we were kids.

5 minutes ago I upgraded a simple installation of RedHat 7.3 to RedHat 9. I'm not sure what I had installed that required disc 3, but I was required to use all three of the distribution discs. This strikes me as a lot of discs for a Linux web server.

(If the first paragraph left you cold, give up now... Read a different AdvisorBits post, because it's only going to get worse.)

In terms of features, don't ask me about the GUI, it isn't installed. It seems RedHat is all jazzed up about their "stunning Bluecurve interface". The installation program let me fix a problem I had noticed on the boot loader previously, and had no problems rebooting from the software RAID. These things make systems guys anxious sometimes, if you don't already know that.

I was impressed that all the daemons I had running including Apache with mod_perl and mod_ssl upgraded without trouble. Still sendmail, no qmail choice yet. The single biggest upgrade or improvement thing I noticed right off the bat is the iptables, or Netfilter, support built into the 2.4.20 kernel. This means I will be able to update the kernel on my firewall without recompiling every time.

All things considered this is a decent distro, of course there are already updates required. If we're going to have to upgrade every year, which it seems we may, at least this one went smoothly.