Technology - Page 20

SLA

Last night I was part of a panel speaking to the SLA WCC. This is an interesting bunch of people, the librarians for various companies, government departments, and of course universities. The panel (everyone else was a librarian) was speaking about blogs and wikis and how they are being used within their organizations. To be more precise, the other four speakers talked about how their organizations use these technologies, while I did a bit of a wrap-up at the end with lots of pretty pictures, talking about some of the things people need to think about when deploying. My slides are here; be warned that the file is fairly big (all those pictures!)

With five speakers in not much more than an hour, we didn’t have a lot of time to go into detail. Check out the programme for the list of speakers and a brief summary of what they talked about.

One thing I found interesting when talking to people at the meeting was the almost universal theme of how hard it was to get the IT department to do things. The successful deployments either had the initiative come down from on high, so IT had to implement it, or they were using outside-hosted free services (which has its own issues).

And then there was the issue of getting people to contribute to the wiki or blog; not as easy as it may sound. Tracey Carmichael talked about how the BC Securities Commission uses a wiki internally to track new types of investments, and pointed out that many people who have strong opinions in discussions didn’t want to commit those to a wiki. She thought maybe they were nervous of writing something that was later found to be incorrect; I wondered how much is due to people not wishing to be seen to speak for others. These sorts of issues probably also have a large organizational culture component to them — in Sun I haven’t noticed any reticence to using wikis (except for maybe a lack of time and motivation for contributing content) so they are used a lot for projects in my experience.

Naming Names

Phil Karlton said (at least once in my hearing anyway) that naming things was one of the two hard tasks in computer science (reading X Toolkit Intrinsics — C Language Interface, to which he contributed, will give you some idea why he said it); I discovered the truth of this yet again when writing the FAQ for our Identity Provider for OpenID. In this case, it was even more convoluted, being about what to name the thing that names names.

When a Sun employee signs up at the Sun IdP there is no necessity for them to put their real names in the fields marked “first name” and “surname”; they can use a fictitious name if they choose (or put nothing at all). In common English, this fictitious name is often called a pseudonym. The various dictionary.com definitions of pseudonym would seem to fit this usage very well, so I was preparing to use it in the FAQ. Except for, it turns out that those steeped in identity management terminology tend to find that plain-English usage of the word confusing.

In SAML, for example, a pseudonym is defined as A privacy-preserving name identifier assigned by a provider to identify a principal to a given relying party for an extended period of time that spans multiple sessions; can be used to represent an identity federation. In Liberty Alliance work, the definition is An arbitrary identifier assigned by the identity or service provider to identify a Principal to a given relying party so that the name has meaning only in the context of the relationship between the parties. The same or similar meaning is used within WS-Security (the user identity [is] provided in a SAML assertion as a pseudonym) and WS-Federation (A pseudonym service allows a principal to have different aliases at different resources/services or in different realms, and to optionally have the pseudonym change per-service or per-login).

So in order to make life easier for those poor, easily confused identity management experts, I’ll be using the term “fictitious name” in the FAQ, where I would otherwise have used “pseudonym”, an added cost of one letter and one word per usage. I hope they appreciate my efforts to help them.

Miscellaneous Sysadmin

I’m usually the chief sysadmin in the family for the things like the printer and the Windows boxes. In the interests of making it easier for myself in the future and hopefully others, here are a couple of things I fixed this week.

For some reason the printer, an old but still very productive HP Color Laserjet 4550 that cost a horrendous amount when we first bought it back in 1998 or thereabouts, started having conniptions when we wanted to print out files. Mostly it blew up on OpenOffice or Microsoft Word documents. The error was 49.4C04 Service Error. Poking around on the web revealed a bunch of completely useless information:

Turn the computer off, wait a minute, turn it back on, this only ever happens once and rebooting the printer solves the problem: Wrong! The next thing I printed caused one line of wingdings to be printed per page for many pages despite pressing the cancel button; turning the power off resulted only in paper jams and the same error message.
Caused by a defective network card; replace: Not in this case; it’s a parallel (LPT1) connection directly into the networked PC
Caused by third-party memory; take it out: Again, not in this case since I never bothered installing more memory

What did work was reinstalling the drivers. Not the PCL 6 drivers that Windows tried to tell me to take, the PCL 5 drivers. Those PCL 5 drivers actually work on our system, unlike the PCL 6 drivers.

The other problem that I found the solution to was the size of the Norton Protected Recycle Bin. I installed this some years ago, have never used it, and found that it kept growing. And growing. And wouldn’t let itself be cleaned up, no matter how often I told it to purge itself. So I uninstalled and then tried to delete the recycler/nprotect directory files. No dice. The Norton website suggestion didn’t work either (sounds weird, but it’s true); what did work was the suggestion I found online: rmdir /s \\?\C:\RECYCLER\NPROTECT. I suspect the Norton recycle bin will not be reinstalled on my system.

Sun and OpenID

I’ve been heads-down on a project which was just announced (though not yet up and running, so I’m still working hard with the rest of the team on final details) about Sun putting up an OpenID IdP (identity provider). The idea is that this IdP will verify that the person using an OpenID of the form http://openid.sun.com/username is a Sun employee. Everything else is self-asserted, so people can use pseudonyms and non-Sun email addresses, but they will be a Sun employee. It’ll be interesting to see what happens and how we can use it, once it’s live. That info will be posted to developers.sun.com/identity as soon as the IdP is up and running.

I’ll be posting some technical details of what I’ve been doing, and some tips and tricks to help someone else take the OpenSSO code and customize it; others on the team will be blogging about their pieces.

It’s been a fun project and it will be even more fun seeing what people do with it. We’re using the tag sunopenid, or you can follow along on Planet Identity.

Debian 4 and PPP

Yesterday the latest release (4.0) of Debian came out. I decided to be big and brave and upgrade immediately; I’ve never had any problems with upgrading Debian before and didn’t expect to now. It took forever to download, ages to install (with me keeping all the old config files as I always do). And then, at the end, our internet connection was dead. Our internet connection is via PPP, which was tricky to set up, so it seemed best to tackle the problem in the morning rather than risk making things worse.

This morning I found that the ppp script in the /etc/init.d directory wasn’t there, but a #ppp# script was, with the right content. So I renamed the file back to ppp, checked the backups to put the right symlinks into the various /etc/rx.d directories, and rebooted. Voila! An internet connection. Now I just have to figure out why apache2 isn’t running. [Update: because it was upgraded to version 2.2 and the authentication config file syntax was changed, that’s why.]

I have no idea whether the PPP problem came from the distribution, or something odd in my configuration (although I’ve done full dist-upgrades before with no problems). I did a hunt on the Debian wiki and found that Debian has added more PPPoE support recently, so maybe there was a clash in there somehow. I’m glad I was paranoid enough to make backups of the /etc directory to compare with. At some stage I guess I should figure out whether to replace the current configuration with the new Debian system, although I don’t like mucking about too much with things that actually work, especially when it comes to something as vital as being able to connect to the Net.

Bad Behavior

I’ve started using the Bad Behavior/Bad Behaviour plugin for WordPress, which is meant to cut down on the number of spambots that attempt to access my site. In theory it shouldn’t block any real visitors, although this has been known to happen, so if you notice any problems (e.g., can’t get to my blog from a feed, or from a link or search), please let me know. The plugin has been installed a week and nobody’s reported any problems so far. It works nicely with Spam Karma, the spam blocker I use.

I can recommend this plugin based on my experience so far; I’ve noticed the amount of spam that I get is much less, which means that I will be able to check the Spam Karma logs for any real comments that were inadvertently caught. If you’re plagued by spam bots on your blog and you have some control over the environment, it might be worth trying out.