Random Thoughts

Tech, words and musings from an Englishman in Seattle

TSA == INS 2.0?

In this post, Seth Godin relates the non-customer centric nature of the TSA. As a non-US citizen and as someone who as travelled into and out of the US many, many times over the past twenty years, it seems like business as usual.

The difference is that this time US citizens are getting the obnoxious end of the stick.

The INS has been treating us non-citizens like that for years. We just understood that it would never change, as US citizens, i.e. the voters, were never exposed to it.

Now US citizens get their share of the pain.

It's interesting how things progress… First it's them, then it's you…

Tags: , , .

HD DVD Rocks

I got an HD DVD player for the Xbox 360 the other day and today I finally had a chance to set it up and sink into an evening's viewing of V For Vendetta.

Not only was the movie great, but so was the HD-DVD experience. The clunkyness of the DVD experience has finally gone…

Launch straight to the movie, unobtrusive menus while the movie plays, etc… All good.

Oh, and outstanding picture quality.

So if you have a 360, do yourself a favour and pick one up.

Verizon Idiots

Yesterday I got a final bill from Verizon for SwitchGear's office DSL line in the order of $26.44 with a billing date of 11/10/2006.

Today I get a letter from a collection agency saying the amount is past due, accompanied by all the usual rhetoric.

Given the time to inform the collection guys, plus the time taken for postage, etc… they must have sent the bill for collection at the same time as issuing it.

Verizon. Assholes.

Tags: , .

Power Outage Equals Family Time

This afternoon one of the powerlines on our street came down, dropped on two cars, sparks everywhere, flames, burning cars, tires melted to the sidewalk, etc…

Not your everyday occurrence.

This didn't affect the power to our house, but the power company switched it off anyway while they made repairs (which involved fire engines, lots of trucks, inspection of poles, etc…)

I went home early, before Nabila got home with the kids, as I wanted to get the front door unlocked (obviously the garage doors aren't going to open) and make it easy when bringing the kids home to an unfamiliar, dark environment.

I brought out the candles and lit them all around our house. It was really quite nice. Shortly after I got it all set up, Nabila and the kids arrived and we had some fun with no electricity - just us, talking and playing with flashlights.

We then went out for dinner. Well, Nabila, Julian and our neighbour did, Jasmine was playing up - she was just plain tired, so her and I took off and left the others to eat the good stuff at the Yarrow Bay Grill. Jasmine and I headed to the office and I fed her some food, let her sit on my lap and gradually fall asleep with her head on my desk while I wrote code.

At 9pm, Jasmine and I headed back to the restaurant to pick everyone up and then we all made our way home.

The power was still out, but we lit the candles again, talked, played and had fun.

At 10pm the power came back on.

“Hey Julian, was that fun or what?”

“I like it. Can we do it again?”

Nabila and I agreed that from now on, once a week, we're going to turn everything off. No lights. No computer fans. No random beeping.

Just candles and talking.

UK RFID Passports Cracked, Sorta…

I think I'll be keeping our latest UK passport renewals under a tinfoil hat.


Techdirt reports

There's been an odd rush by governments to move to RFID passports, even though there are serious concerns about how secure they really are. Over in the UK, where many RFID passports are already in use, a security researcher and a reporter were able to crack some aspects of the passport. It is, admittedly, a limited crack, but it could potentially be used to make a clone RFID chip for a counterfeit passport.

Noone saw that coming

Linux as a Windows Primary Domain Controller

With apologies to Karen for two geeky posts in a row, I present “What I did last night”. I promise I'll post a picture of Julian in the next post.

As I alluded to in my previous post, I recently decided to scratch a nagging itch and setup a Windows Domain at Casa Del Lacey. I've been wanting to do this for a while, but it's recently come to a head with two Windows desktops, a linux box, Mac laptop, Windows laptop, network storage box and the Xbox 360.

Having separate accounts and associated passwords plus having to setup the desktop “just how I like it” when moving to a new machine, browser bookmarks being different, etc… was just becoming a pain. I was also relying on my wireless router to provide DNS services (which was flaky).

Something had to be done.

Initially I thought about heading over to Best Buy and picking up the cheapest machine capable of running Microsoft Small Business Server. I'd had such a great experience with it at SwitchGear that it seemed like the logical choice, but it's expensive, even at the company store.

But then I thought “I bet those clever Open Source folks have figured this all out”.

And sure enough they have.

Samba supports operating as a Primary Domain Controller, serving up all that great single password, machine trust and roaming profile goodness. So with that, the plan of attack was to install all necessary software on my Linux box (an Apple PowerMac G5 running the Linux Debian distro

  • Install a DHCP server, and assign IP addresses to all the machines on the network.
  • Install the BIND9 name server, and have it serve up DNS locally for one of my domains, creating a 'home.judesoftware.com' DNS domain in the process.

Now, at this point I could have configured the magic whereby the DHCP server assigns addresses dynamically and updates the DNS server in the process, but that would have required setting up keys and trust, etc… between the two services, and I didn't have that much patience.

  • Install samba and set it up as a primary domain controller.

This part was fairly easy apart from one gotcha that I'll get to later. Basically I'm running pretty much with defaults, the trick is getting the clients set up. The following is my configuration file (/etc/samba/smb.conf) with a few modifications to protect the innocent:

workgroup = THIS_DOMAIN
passdb backend = tdbsam
printcap name = cups
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/userdel -r %u
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/groupmod -A %u %g
delete user from group script = /usr/sbin/groupmod -R %u %g
add machine script = /usr/sbin/useradd -s /bin/false -d /var/lib/nobody %u
# Note: The following specifies the default logon script.
# Per user logon scripts can be specified in the user account using pdbedit
#logon script = scripts\logon.bat
# This sets the default profile path. Set per user paths with pdbedit
logon path = \\%L\profiles\%U
#logon path =
logon drive = H:
logon home = \\%L\home\%U
#logon home =
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
idmap uid = 15000-20000
idmap gid = 15000-20000

comment = Home Directories
valid users = %S
read only = No
browseable = No

comment = Network Logon Service
path = /var/lib/samba/netlogon
admin users = root
guest ok = No
browseable = No
# For profiles to work, create a user directory under the path
# shown. i.e., mkdir -p /var/lib/samba/profiles/steve

comment = Roaming Profile Share
path = /var/lib/samba/profiles
read only = No
profile acls = Yes

This is a pretty standard setup and it gets you some cool features:

  • A domain named THIS_DOMAIN. Create user and machine accounts and the world is wonderful.
  • Each user's home directory on the Linux box is magically available as H: on their Windows box when they log in.
  • Roaming profiles. More on this later.

So, setting up a new user on the domain is pretty easy.

root# /usr/sbin/useradd -g users -d /home/sjl -s /bin/bash -c "Steve Lacey" steve
root# /usr/bin/smbpasswd -a steve

Pretty simple, huh? The first command creates a new unix account (you can skip this step if the users already have accounts) and the second command adds the user to samba's domain users.

You'll also need to make sure that you add a samba account for root as by default he's the domain administrator.

Next up, adding machine accounts. Except you don't need to. Just go to the Windows machine, and from the system control panel applet join the machine to the domain - you'll need to enter the domain account and password for THIS_DOMAIN\root that you created in the previous paragraph. All is good, just reboot the Windows box and log in to the domain!

And now the problem that I encountered.

Ahhh, roaming profiles. These are a wonderful thing. They enable your settings (desktop themes, start menu choices, browser bookmarks, etc…) to be cached on the server so that when you move from machine to machine your experience is exactly the same. It's a wonderful thing to behold (and interestingly wasn't enabled at Microsoft when I was there).

For me, a problem occurred because I didn't actually create the per user directory where the profile is stored. It's the only part of the process that isn't automated, which means that I didn't do it.

When I logged into the domain from a Windows box for the first time, Windows told me that it couldn't find the profile and was giving me a temporary one.

Ooops, I thought. I figured out what was wrong - I needed to create /var/lib/samba/profiles/steve and chown steve.users it.

So I did that, but Windows was stuck on the temporary roaming profile - no amount of restarting and rebooting either box could fix it.

The only way I could resolve the issue was by having the Windows box leave the domain, delete the machine account from samba, delete the normal unix account for it and then rejoin the Windows box to the domain.

For reference, the machine accounts are machinename$, but you can skip the trailing '$' when talking to samba:

root# /usr/bin/smbpasswd -m -x machinename
root# /usr/sbin/userdel machinename$

And that's it! It all works! Even my new Infrant NAS joined and participated in the domain without any problems.

After that I needed to geek out some more and installed an NTP server which goes out to the network timeservers and serves time for all the internal machines…

What's next?

Infrant ReadyNAS+ Goodness

Following up from a previous post, I went ahead and ordered an Infrant ReadyNAS+. This is a [N]etwork [A]ttached [S]torage device that sits on your network and acts purely as a fileserver (well, this box can do a bunch of other stuff too, like stream audio to other network audio devices as well as iTunes clients).

I ordered the box empty of drives (but with 1GB of RAM), and ordered four 750GB enterprise class Seagate Barracuda drives from NewEgg. The drives arrived earlier this week, and this afternoon I picked up the Infrant box from the local FedEx depot.

Late this evening was setup time.

Infrant NAS

First impressions are wow! It is incredibly small - just big enough to house the drives and as solid as a rock. The build quality reminds me of the PowerMac.


Setup was extremely easy. I just followed the instructions and installed the drives, connected it to the network and then booted it. By the way, like all good hardware manufacturers, Infrant not only included all the mounting screws needed for four drives, but also included extras.

Mounting the drives

Mounting the drives

Mounting the drives

The unit comes with some software for PC, Mac and Linux, but you don't really need it. If you know the IP address of the box you can just navigate to http://[host]/admin in any browser to configure it. Before booting the unit I had added the box to my local DHCP and BIND servers as, handily, the MAC address for the unit is printed on the bottom. Anyhow, the IP address, however obtained, is displayed on to LCD at the front of the unit, so you can just use that.


The box supports domain membership, so I just joined it to my home domain, setup some shares and that was it. By default it creates a user share for each user in the domain which is nice. It supports sharing by CIFS , NFS, AFP, FTP, HTTP, HTTPS and RSYNC, and also supports discovery via Bonjour.

Oh, did I say home domain Yup, I out geeked my self last weekend and setup a Windows domain in my house as there are now too many machines and running without “single sign-on” was becoming a pain. Did I mention that my Primary Domain Controller is Debian Linux running on a PowerMac G5 More on that in a later post…

Anyhow, the Infrant NAS provides a whole heap of other good features, but lets just say that the best one is that I now have a RAID 5 box on my network with over two terabytes of free space.

Two Terabytes of RAID goodness

And that's the best feature by far…

A Little Impact

So while I've been working on the other big thing. I've been getting my hands dirty on the frontend. Most of what I've been up to in this realm has been basically learning how stuff works. In my estimation the best way to figure out how something works is to actually roll up your sleeves, write some code and ship it.

So I present to you the “Play again…” button. Not much, I know. But it was educational. Go and watch a video through to the end and you'll see it…

Hey, at least somebody picked up on it :-)

Tags: , .

A Much Better Night Than Two Years Ago

As I sit here glued to the TV and various online feeds, CNN are predicting that the House of Representatives has gone to the Democrats and that they'll also take the Senate.

Six governerships too…

I wonder how the world will seem in the morning…

Google Reader

So I'm a devout user of NetNewsWire as my RSS aggregator of choice on the Mac. It's pretty damn near perfect but, of course, it's tied to your local machine. The subscription/read/unread sync to Newsgator is cool, but that's only really helped me when moving to a new machine.

Anyhow, I've been hearing good things about Google Reader, the online news aggregator from my new employer, so I thought I'd try it out and man does it rock.

Try it out. You owe it to yourself. It succeeds on every level. The River of News view is best of breed in MNSHO.

And best of all, it's free.

One Six Right - Aviation Nirvana

After reading reviews of One Six Right by Paul and Susan, I headed over to the movie's site and ordered the DVD on the spot. It arrived a couple of days ago and last night Julian and I sat down to watch it.


“One Six Right” is an exhilarating documentary film that celebrates the unsung hero of aviation - the local airport - by tracing the life, history, and struggles of an airport icon: Southern California's Van Nuys Airport. Featuring thrilling aerial photography and a sweeping original score, the film dispels common misconceptions and opposes criticism of General Aviation airports. Through the love story of one airport, past to present, the film shares the timeless romance of flying with all ages.

If you have a love of aviation, or love stunning film making, you have got to pick this up.

“One Six Right captures the spirit, joy and beauty of flight. One of the finest aviation films ever made.” - Harrison Ford

The movie basically follows the history of California's Van Nuys airport from it's humble beginnings through to the present day with lots of great footage and interviews with pilots old and young. A recurrent theme is the continual loss of general aviation airfields all over the country and the fact that once they're gone, they're gone forever. The movie also calls out the unforgivable rape of Chicago's Meigs Field by Mayor Richard Daley.

Highly recommended.

Apple Aperture Free Trial

As of today you can download a free thirty day trial of Apple's Aperture, it's photo management software. As a beta tester for Adobe LightRoom, I've been wanting to see how Aperture compares, but haven't wanted to shell out the serious bucks that they're asking for it.

Now I'm a happy camper.

Well, almost.

Apple are pulling something really sneaky, and almost unpleasant here. On the sign up form, you fill in the usual info and click a button to have them send you a serial number. It also has the usual checkbox saying something along the lines of “Please spam me with random announcements, offers, etc…”

Of course, everyone unchecks that box. But if you uncheck it in this instance you are not allowed to proceed with the request for a serial number. You get a dialog saying “Before you submit your request, please check the permission checkbox allowing Apple to send you the requested information.”

Bah! So to get the trial, you have to agree to being spammed.

Well, I'm on Apple's spam list already, so I just checked and clicked away…

Google Video

A number of people have been asking what I'm working on, so here's a pseudo-answer…

I can't say exactly what I'm working on, because it's incredibly cool :-) But I what I can say is that I'm working on Google Video, in the team that develops what we call the Video Frontend. That's what you see when you go video.google.com. Well, that's my 80% project - I've got ideas about the 20% one…

The majority of work on the frontend happens here in Kirkland, and it's a great team of very talented engineers.

I.e. it's a cool group of developers that I happen to find myself in.

It's a very interesting environment - with development encompassing the gamut of what it means to “deliver video”. Plus the fact that I've only been here a few weeks and some of my “getting my hands dirty” code is already live :-) Actually, the first little bit was live within a few days of me joining the group…

“Shipping software” really has a new meaning at this company. I love it!

Tags: , .

© 2001 to present, Steve Lacey.