Insentricity

I hate LDAP. NetInfo was awesome!

I'm building a new "NeXT lab" at work and this time around it's mixed with Macs, Windoze, and Linux computers. I want to share accounts and home directories on them all. The only choice is with LDAP.

On Monday I started hammering away at getting the LDAP server setup on the Linux server with openldap. I was able to get a test Mac running Leopard to see the LDAP server and the accounts. The next battle was to get home directories to mount under /home. I was able to do that after finding a working ldif example using auto_master and auto_home. After that I was able to get the Public share automatically mounted on /Network/Public. Wonderful!

Tuesday I came in thinking that the next battle would be with Samba. Unfortunately, somewhere in powering off the Mac and rebooting it, I lost all the share mounting! It still sees the accounts, but it absolutely will not see the mounts. In trying to figure it out I have wiped the LDAP database and restarted it, I have wiped the test Mac twice, I have made sure the Mac is running the latest updates, and still nothing.

If I go into dscl this is now what I see:

> ls Automount/
Record Name Unknown
Record Name Unknown

> ls AutomountMap/
Record Name Unknown
Record Name Unknown

> cat Mounts/10.110.1.1:\/share\/public/
dsAttrTypeNative:cn: 10.110.1.1:/share/public
dsAttrTypeNative:objectClass: mount top
AppleMetaNodeLocation: /LDAPv3/10.110.1.1
RecordName: 10.110.1.1:/share/public
RecordType: dsRecTypeStandard:Mounts

On the LDAP server, the records look like:

dn: automountMapName=auto_master,ou=mounts,dc=example,dc=com
automountMapName: auto_master
objectClass: top
objectClass: automountMap

dn: automountKey=/home,automountMapName=auto_master,ou=mounts,dc=example,dc=com
objectClass: top
objectClass: automount
automountKey: /home
automountInformation: auto_home

dn: automountMapName=auto_home,ou=mounts,dc=example,dc=com
automountMapName: auto_home
objectClass: top
objectClass: automountMap

dn: automountKey=*,automountMapName=auto_home,ou=mounts,dc=example,dc=com
objectClass: top
objectClass: automount
automountKey: *
automountInformation: 10.110.1.1:/home/&

dn: cn=10.110.1.1:/share/public,ou=mounts,dc=example,dc=com
mountDirectory: /Network/Public
objectClass: mount
objectClass: top
mountType: nfs
cn: 10.110.1.1:/share/public

It looks like for some reason it's either missing entries from the LDAP server, and/or it's ignoring some of the mapping and leaving them out. The Mounts entry is missing the VFSLinkDir which maps to mountDirectory. The Automount stuff is missing the RecordName which maps to automountKey and automountMapName.

What the heck happened? Why does the Mac refuse to see the LDAP server the way it did on Monday?

Posted this question to Reddit

Candy Cam, Part II: Audio & Video

If you haven't seen it already, check out Part I about Seven's Candy Cam

Since the original idea was just a bell and a camera to watch Seven, I decided to get one of those indoor/outdoor "security" cameras with the IR emitters. That way at night with the lights off Seven would still be visible.

The security cameras output an NTSC composite video feed which doesn't hook directly to a computer. Fortunately I had a KWorld USB thingamabob around which, besides having an ATSC tuner, has S-Video and Composite input. I wasn't sure if the device would be supported on Linux, and since my Linux laptop is old and slow anyway, I chose to use Windoze for the camera.

In the past when I've setup a video feed I always had everyone connecting to my computer at home. Of course that quickly saturated my bandwidth. In this day & age I expected there must be an easier way than me setting up some relay off another of my servers on a fast connection. A quick google search turned up several possibilities. The top of the list was Ustream so I gave them a try. They are free and I liked how they had somehow managed to get Flash to handle everything so I didn't have to install any software. The downside was that they had no way to let me choose which input I wanted to use on the USB capture card. It took quite a bit of battling with the crappy software that came with the USB device before I was finally able to get off the tuner and choose the composite input. Once I did that Ustream was up and running and streaming my camera.

The night vision on the camera didn't work very well though, it tended to make a bright spotlight right in the center. Plus being a cheap camera the colors were very washed out even during the day. The next morning I got out my old Sony Video 8 Pro camera to see if it would look better. It looked a lot better. But unfortunately it had a narrower field of view and I had to set it up right in front of a doorway in order to use it. I had to rearrange the entire dining room in order to turn everything so I could get a good angle with the camera. I also now have to leave the dining room lights on constantly to provide enough light for the camera. Fortunately they are compact fluorescents.

Audio

After adding Elmo to the display, I realized I was going to have include audio in the stream. The security camera I had picked up also has a built-in microphone. I patched the audio into the USB capture card too, but because of some bug in Windoze, Flash, or the Ustream software, I couldn't choose the USB device as the audio source. After repatching it into the laptop's built-in sound card I had the audio up and running too.

Elmo however is quite loud. Obnoxiously loud. Plus having the microphone picking up any noise around it bothered me a bit too. In order to deal with both problems I picked up a cheap 4 channel mixer from Radio Shack. I disconnected Elmo's speaker and tied it directly into one channel. I also did the same with Santa. The output was patched straight into the Windoze laptop's sound card. This also had the advantage of making Elmo slightly more understandable in the video stream. Elmo's circuitry tended to cause a lot of pops and clicks on the audio feed though when he wasn't talking. The quickest way I could think of to deal with it was to play music in the background. I patched the output from the Ubuntu laptop and started up a CLI based mp3 player called mp3blaster. Once the music was playing the pops and clicks were much less noticable.

One of the things I lost by removing the microphone was the jingling of the bells. The sound you hear now is simulated. When the program triggers the LEGO to jingle the bells, it also plays a sound file so that the video stream hears bells too. I still need to digitize my pachinko machine hitting a jackpot and play that when the candy machine is triggered.

See Also

• Part I: How it works

Seven's Candy Cam: How it works

I'll be posting this in multiple parts because there's so much going on. If you haven't seen it, check out Seven's Candy Cam

This all started out because I was ordering some electronic stuff and decided to order a couple of Arduino boards to see how they worked and what they could do. After I got them I was amazed with how simple they were to setup and started doing some searches of things other people had done with them. I stumbled onto a site where a guy had used a servo to ring a bell whenever someone visited his site. I thought that was cool and I might do something similar with Wishzilla.

A couple of days later I was thinking about it more and I had the idea that maybe it would be fun if I setup a web cam and I rigged up something so whenever the bell rang a treat or something would drop for Seven. And why not throw a webcam on it?

Over the last week this has evolved from bells and a webcam to watch the dog eat into a crazy mess of interactive toys, all controllable by visitors to the site.



Currently the system is using 1 Windoze laptop, 1 Ubuntu laptop, an additional 15" monitor, a LEGO RCX, an Arduino, an Elmo Live! toy, a D.J. Mixin' Santa decoration, a LEGO 9volt train, X10 for the Christmas lights, a little USB TV capture device, an automatic dog feeder, a 4 channel mixer from Radio Shack, and my ancient Sony Video 8 Pro camera. Why do I feel like I left something out?

The web server

An important consideration was making sure that the site would be unaffected by any glitches with my rig at home. This meant I didn't want the processes trying to connect to some IP at home or dependent on a daemon running locally all the time. I wanted to make it as simple as possible so I didn't have to keep coming back and checking which piece of software had crashed.

What I decided to do was make a FIFO on the web server which the Wishzilla software would attempt to open in non-blocking mode and then write a line to. Doing it this way meant it didn't have to open any sockets or have an IP address hardcoded into it that might change. The software running at home does an ssh into the Wishzilla server and does the reading from the FIFO. Very simple.

To be continued...

In the coming parts I'll show how the components are wired up and what software is running on them.

• Part II: Audio & Video

Wishzilla.com: Letter to Santa mode

Letter to Santa mode (aka Wedding Registry mode) is now working. What does this mean? You can sign up on Wishzilla.com and let anyone see and lock your wishlist, without adding them to your family.

All you need to do is login, edit your profile and change it to public, then click My Home Page. Up in the address bar will be a URL to your wishlist. Just copy&paste it and email it out, or link it from a web site.

Here's an example: Seven's wish list

Goodbye Gift Box Server... Hello Wishzilla.com!

I'm sure most of you probably already saw the email that we sent out to announce it, but for everyone else: The Gift Box Server has finally got a facelift! The new site is at Wishzilla.com.

For those of you who may be new to this thing (or just in need of a refresher), here's how it works: you and your family members each set up an account, and then start making wishes for what YOU want. Whenever you think of something, you can simply add it to your Wishlist. If you see it online, you can just use the new Wishzilla.com magic Wish Getter, right there from any website, no need to go back and forth! Then your family members can look at the things on your list and choose which wish they would like to fulfill for you, and you can do the same for them. But don't worry, this won't eliminate the fun of the surprise, and it's still the thought that counts: you choose which item you would like to give, and when you want to buy it you can lock the item away, so nobody else will buy it... all without the recipient knowing anything about it! This removes the stress from the holiday season and ensures many happy exchanges, without the hassle of dealing with returns later.

Some of the new features are integrated images, mobile devices, and multi-family. Put images on your wishes! Let people see exactly what it is you want. In the store and want to see what someone wants? Well there's iPhone and other mobile device support too. Plus, now you don't need to sign up for multiple accounts, a single account can be a member of multiple families! No longer do you need to maintain several different gift lists.

Come sign up and make gift shopping a lot easier.

Roman numerals and back again

Remember way way way way back in the days of the Apple ][, one of the magazines used to have a contest to write one and two line programs in Applesoft BASIC that did neat things? I think it was Nibble, but I'm not positive. Well anyways, here's a program that I wrote that I should have entered, but never did.

The reason I wrote it was because at the time, one of the Apple ][ magazines had included a sample program listing that would convert decimal numbers to roman numerals, as well do the opposite, convert roman to decimal. I was appalled by how long the program was, it went on for page after page after page. It seemed to me it could have been much much shorter. And so there was the challenge.

It turns out I was able to condense the whole thing down into two lines. Yes two! And it still accepts either a roman numeral or a decimal number, and converts it to the other. Sorry about the listing, it was a struggle to get the emulator to even cooperate enough to get the file transferred and get a listing.

I dug this program out because I need a quick & dirty converter for a new program and I thought I'd take a look to see how I did it and how I got it so small. Unfortunately it looks like I used a lot of dirty Applesoft tricks so the code isn't all that re-usable. Oh well, it's still cool.

Retaking my mailbox

I've had the same email address for well over 12 years. It's probably on every single spammer's list that's out there. I've been getting over 500 spams a day for a long time and I've had to resort to sorting spam out into another folder because my inbox was constantly alerting me about new mail.

Of course, sorting spam into another mailbox doesn't work. All you end up with is a huge mailbox so clogged with junk you'll never find a message that was falsely identified, if you somehow find out it got in there by accident. Plus it still means that you're looking at every single spam, so what's the point? It has been my goal for a long time to get rid of this system and block spam before it even gets to my mailbox.

Over New Year's, I spent a lot of time tweaking and adding new spam blocking systems. I have to say, the new methods were very successful. I was able to go from 500 spams a day to only 40 spams. Over a 90% reduction! At this level I was finally able to get rid of sorting into a spam box. Now I don't have to worry about false positives. Spams that are blocked are also now being blocked at the SMTP level, so if something is falsely identified, the sender will get a bounce back and know that I never got their message.

It's been strange for the last week. I keep expecting a ton of spam, but my mailbox is just as quiet as it was when I was sorting. And yet, there's no sorting and I have no spam box! It's just unbelievable! At this point I'm thinking maybe the couple of clients that are using an anti-spam service should be switched to this setup.

Dumber than advertised

For the last week and a half I've been working on doing a complete network rebuild for a client, including all the servers and desktops. They are very heavily Exchange based, so the new servers had to be running Windoze. In their old environment the users were storing all their files on their local computer. This created obvious problems whenever they changed offices or when there was a hardware failure on their computer.

When the time came to setup the new Windoze servers the first thing I wanted to make sure was that the Roaming Profiles were enabled. Having used the Roaming Profiles feature on a Samba server for over 5 years, I know how useful it is. It's certainly no substitute for true home directories, but it's better than all personal files always living on the local computer.

Because Romaing Profiles was a Windoze concept, I thought it should be a trivial thing to setup on a Windoze server. A couple of searches on the internet, and whoa! What a mess! Roaming Profiles have to be enabled on an individual basis for each account! What the heck was someone smoking, that's just plain idiotic! I want to turn it on and be done, not manually have to setup each user. On Samba, I add a line to the smb.conf and I'm done. More searching to see if maybe there's a Group Policy way to do it. Nope. Sigh. I suffer through with the lame Windoze-Way and get all the accounts configured.

Well it works, sort of. Lots of hiccups though. Often when people are logging on and/or off, an error appears claiming there's a problem locating the Roaming Profile and it's going to use a local profile. I never had this problem using Samba, why can't a "Genuine" Windoze server deal with this? Users of course freak out and complaining that they "can't log on." I made some adjustments to the server and things are better, but not perfect.

Next issue is getting backups going. The plan was to build a Linux server with a huge amount of disk space and set it up to mirror all of the servers nightly, then do nightly incremental backups to tape. The reason I wanted to do it this way is because of headaches on the old system from using Windoze backup. Windoze backup seems to have this idiotic idea that a tape needs to be "formatted" and "named" before it can be written. When using scheduled backups you have to make sure you have the right tape in on the right night, otherwise the backup fails because it doesn't have the tape named in the backup script.

I build the Linux computer, tinker with mounting the shares from the Windoze servers, and hit a huge roadblock: I can't read the files in the user's home directories. Lots and lots more searching and experimenting, and I come to the realization that the Windoze security model is just plain brain dead. If I am logged in as Administrator - even on the Windoze server itself - for some absurd reason I do not have permission to look at the user's files and folders! SAY WHAT?!? That is such a huge security hole! I am Administrator and I don't have permission to see exactly what is going on with my own system?! It's no wonder there are so many exploits for Windoze, and so many things you can't remove without reformatting! Apparently the only way under Windoze that you can have full access to your own files is through the "Backup API." Unfortunately mounting the share from the Windoze server does not use that method. What to do?

At this point I decided that the easiest thing to do was to turn my backup server into a file server. This meant not only installing Samba, but I also would need to convince Samba that it needed to authenticate using the Windoze Active Directory server, and not using local Linux accounts. This took longer than I had hoped, only because every site I found with example setups had incomplete info. Most of the instructions were found here, however it's missing a few key things. In the [global] section in your smb.conf, you need to add:

   winbind uid = 10000-20000

   winbind gid = 10000-20000

   winbind enum users = yes

   winbind enum groups = yes

And in /etc/nsswitch.conf, add winbind on the appropriate lines:

    passwd:     files winbind

    shadow:     files winbind

    group:      files winbind

With all the pieces together I was now able to connect to Samba and authenticate using a Windoze AD.

I created the shares on the new Samba server to serve home directories and profiles, went through each Windoze account one at a time and changed their Roaming Profiles to point to the Samba server, and now I had their files in an easy to backup location. As a plus, I also had their files on a server with no arbitrary connection limits, so the problem of "Could not find profile" has gone away.

I still can't get over how Microsoft can't even make their own OS work as advertised. I use free software which is designed to be compatible, and it doesn't "just work," it works better and is easier to administer. I think the next thing to do is see if I can make Exchange work without requiring a Windoze AD server...

No computer is an island

No computer is an island, unless of course it's a Mac with an operating system prior to OSX.

Last night after getting rid of most of the old Macs I had, I was wondering if there had ever been a version of MAME that ran on 68k Macs. There was, so I thought what the heck and maybe I'll continue with my scheme of turning these junkers into "arcade machines" in order to get rid of them.

I fired up both computers to verify they are working, and both booted up fine. Same as yesterday, I hooked up my laptop to act as a bridge. This time however, the computers are running 7.5.5, and have been seriously stripped and don't include any network drivers or software. They also don't have any removable media except for floppy drives. So the question is, how can I get MAME onto them to at least see how badly it performs?

I'm sort of stuck in a catch-22. MAME is too large to fit on a floppy, so I either need to get it from CD or from the network. But in order to do that, first I need to get CD or network drivers installed. And in order to do that, I'll need to be able to read those drivers from a CD or the network!

A little bit of hunting and I found Apple still has old versions of MacOS available for download. The plan is that maybe if I can install a fresh copy of the OS, it'll give me the CD and/or network drivers that I need. I downloaded the 19 parts of System 7.5.3, which of course brought up a problem.

Another catch-22 that happens with Macs stems from the heavy reliance of the old OS on resource forks and type/creator file typing. When you download a file from the internet, either directly to your Mac, or through another computer and then SneakerNet it over, it's pretty much impossible to convince your Mac that the data in the file is a Mac application or some other kind of Mac-specific data. There's no way for a user to set the correct type/creator through stock Mac software, and there's no way to get things moved into the resource fork. When I downloaded the 7.5.3 onto my Mini, I was stuck with a bunch of .bin files which it didn't know what to do with. Apple wisely decided to try to stamp out the stupidiy of people embedding .dmg files inside of .sit, .bin, and/or .hqx files by ceasing to bundle StuffIt Expander with their computers. StuffIt is legacy and it's time for it to die, and the .dmg format can not only be used natively by OSX, but it doesn't require any special type/creator and resource fork manipulation nonsense to be recognized by the OS.

Fortunately I still had Expander on my laptop, so I copied the files there and extracted the .bin files, then used hdiutil to convert the .smi files into a single .dmg which I was able to burn with DiskUtility. I'm not sure if the conversion step was necessary, DiskUtility might have been able to burn the .smi by itself, but since it was in 19 parts I didn't want to waste a CD to find out and was happy to see hdiutil merge all the parts into a single .dmg.

Oddly though, the 7.5.3 install CD doesn't seem to have a System on it, and so it won't boot! The other trick of having the CD in the drive when the computer boots isn't working either. Apparently the OS is so stripped that it won't even mount a CD that's there at boot.

This though is as far as I got. Before I could come back to it, there was a recycle event at a nearby college, so I took the last 2 Macs there to get rid of them.

Time for an episode of "Stupid Ways to Waste Time"

Yesterday I finally decided I needed to get rid of a bunch of old Macs that I took home to save from ending up in a recycler's scrap heap. They all worked so I have been resisting for years turning them in as junk since I figured there must be something they could still be used for. Most were 6100 series PPC Macs, and can run Linux and might be useful as Linux experimental test beds.

I knew I was probably never going to get around to installing Linux on them, and I have had them stacked on my utility cart since I brought them home. I could really use my utility cart back, so I setup a table in the garage and sorted through the pile to get an inventory and see how complete everything was (and to check if there was anything I really wanted to keep). I found I had a Mac Plus, 4 6100s, a 7200, a 6205, an LC II, and a IIci. I took a quick picture and posted the whole thing on Craigslist in the "free" section. I didn't really expect anyone to take anything, but it was an easy place to start before finding a place to recycle them.

It didn't take long before people were asking if they were still available. One guy claimed to be affiliated with the Boy Scouts and wanted to take them all because he could put them to good use. He of course never showed. Another guy was interested in a couple of the PPC Macs, as well as the Plus, but didn't seem to understand that he had to take it further than simply saying he was interested. He seemed to think the computers would magically materialize in his living room just by sending me an email.

By noon one guy had actually made it over and took the Plus away. I was actually quite surprised to see that be the first to go, I had thought it would be the hardest to get rid of. Unfortunately, as the day went on, it seemed that the Plus was going to be the only Mac that was going to be saved from the recycler.

Around 3pm I had the idea that maybe I could get rid of them if I turned them into arcade machines. No doubt this was going to be a stupid waste of time, but what the heck. I pulled one of the 6100s off the table and set it up on my utility cart with a 17" monochrome Radius Portrait monitor. I thought it might be neat to play some black & white vertical games on it. Plus the 21" color monitors are just too heavy to move around. I put my laptop on the cart and used it as a wireless ethernet bridge.

A little bit of searching revealed that I could still download a version of MAME old enough to run on MacOS 8.5. Of course finding the right file that actually would run wasn't easy. The first one I downloaded said it required 8.6. Well that's out, I'm not going to upgrade the OS. Another download and it didn't list any requirements, so I gave it a try and when it ran it complained it couldn't find "PowerMgrLib." More searching revealed that the 6100s don't have any kind of power manager which is why the library isn't there. But why the software even required it was beyond me.

Continuing on my quest, I tried an even older version of the emulator. This one launched and so the next thing was to get some ROMs loaded. I connected to the folder on my server that has lots of ROMs, and the poor Mac pretty much hung trying to sort and index the entire list before presenting it to me. Oops.

I rebooted the Mac, and this time I picked out ROMs one at a time on the server side, and placed them in a special folder that the Mac wouldn't choke on. I copied over Space Invaders, fired up MAME, checked the settings to try to get it to go fill the screen, and ran it. It worked!

Next I wanted to try something more popular, like Pac-Man. Digging through my ROMs I copied over everything that I thought might be related. Unfortunately none of the parts I found seemed to be complete. Either I didn't find all the parts, or the filenames in my newer ROMs weren't what this old version of MAME was expecting. I thought maybe if I tried some other really old game the ROM might be compatible, so I added Space Zap to the list.

Space Zap fired up, but sadly, it choked. Hard. And this is a very very simple game. Sound skipped and repeated, and the animation was very jerky. Half the time you couldn't see your own shots. Oh well, so much for getting rid of these as some kind of gaming machine.

Fortunately, at about 4:30 someone showed up to claim all the PPC Macs and the monitors that go with them. He showed up in a tiny little euro looking hatchback. The car was a loaner while his car was being repaired, and they only gave him the valet key and so he wasn't able to get the "trunk" opened. Neither of us could find any kind of release inside the passenger compartment either. Somehow though we managed to get everything piled inside on the seats. He is planning to personally take all the computers with him to Cambodia to give to a school there. He said he'd be taking them over one or two at a time on his trips to visit. I'm not sure how he's going to take the monitors, but he was overjoyed to get all these working computers. I was happy to finally be rid of them.

Of course, I've still got the IIci and the LC II. I haven't gotten any more emails and have deleted the ad for now. I have a feeling these two computers are going to end up at the recycler.