Mac@Work : The Ultimate Business Machine

The
Ultimate
Business Machine

Technology, business
and innovation.

And, not least, about
the Mac.

Weblog • Archive • Cutedge

by: Bernard Teo

Sat 03 Jan 2004

Postfix Enabler 1.0.7 with PAM (to be released)

Category : Technology/PFE107.txt

Thanks to Andy Black, we've got a Postfix Enabler with SMTP-AUTH done through PAM, thus saving the user from having to maintain yet another password database. This is really doing it the Mac Way. I've been hoping to do this for the longest time. I would never have figured it out without Andy's help.

I'll need to test our new version some more before releasing it as 1.0.7. I can do without the excitement of needing to find a bug fix for a product that's been out.

And, we've got a Postfix Enabler 1.0.6 that has been localised for Traditional Chinese, thanks to Kuo Yuan-Fen.

We'll see all these on the Postfix Enabler page, soon.

Posted at 5:35PM UTC | permalink

Fri 02 Jan 2004

Talked Too Soon

Category : Commentary/talkedtoosoon.txt

I found a bug that prevented SMTP-AUTH from working properly on the server. It took all of four hours to trace it to an extra character in a config file. How did it get there? Fortunately, I had a working installation I could compare against, after I've exhausted all the tests by logic. It was so hard to find. (But it's now fixed in Postfix Enabler 1.0.6.)

Reminds me of the place in "Zen and the Art of Motorcycle Maintenance" where Robert Pirsig wrote :

"The real purpose of scientific method is to make sure Nature hasn't misled you into thinking you know something you don't actually know. There's not a mechanic or scientist or technician alive who hasn't suffered from that one so much that he's not instinctively on guard. That's the main reason why so much scientific and mechanical information sounds so dull and so cautious. If you get careless or go romanticizing scientific information, giving it a flourish here and there, Nature will soon make a complete fool out of you. It does it often enough anyway even when you don't give it opportunities. One must be extremely careful and rigidly logical when dealing with Nature: one logical slip and an entire scientific edifice comes tumbling down. One false deduction about the machine and you can get hung up indefinitely."

(I found a link where you can read most of the book on-line. I love this book. I think I've had at least two of them that I've given away for others to read. I'll have to buy another because I think I'll want to read it again.)

So, it's New Year's day and I'm fixing a stupid bug. My wife thinks it's not worth it. I felt sorry for the kid, who was waiting to go to the park. Fortunately I had enough daylight left to make good on the promise.

Posted at 5:34AM UTC | permalink

Wed 31 Dec 2003

Being Buzzword-Compliant

Category : Technology/buzzwordcompliant.txt

Postfix Enabler 1.0.5 is out. Since last evening actually. I thought that was absolutely the silliest thing to do, if I want to enjoy the New Year holidays, in case there are some silly bugs, but the masochist in me won out. But, so far, it's been OK.

The new feature is, of course, the ability to turn on SMTP-AUTH for both the client and server portions of Postfix. Plus a couple of added conveniences, like the abilty to create SSL test certs with just one click.

Maybe, a couple more things to add, like the abilty to do the SASL authentication via PAM rather than SASLDB. (If anyone knows how to do this, I'd be happy to include it in an update). But I've now got the buzzword-compliant mail server that I've always wanted to have. Name it and it's got it - SMTP-AUTH, Cram-MD5 shared secrets, POP, IMAP, SMTP, all over SSL, TLS, client-side SMTP authetication, etc. But, it's really all due to the guys at Apple who gave us this nice Postfix binary.

This Steve Jobs-led Apple is, in some important ways, very different from the old Apple. It's quite like the old Microsoft, in its commitment to continuous incremental improvement (even while it makes quite dazzling breakthroughs on other fronts, like we always expect Apple to do). I think the best if yet to come.

Postfix Enabler is past the 500 downloads mark (for this version) at VersionTracker. It's funny how VersionTracker picked up this update. I studiously avoided it, preferring to announce it at MacUpdate and also at MacSharewareNet. But I've noticed, since the last update, that VersionTracker has a way of picking up these updates, even without being told, within a matter of minutes. That's what being competitive means.

Posted at 8:09AM UTC | permalink

Fri 26 Dec 2003

Xcode, Java, and AppleScript Studio Talk

Category : Commentary/XCodeTalkPics.txt

Leon at Apple has put up some pictures he took of the talk I did with Muthu Nedumaran on OS X Java, Xcode and AppleScript Studio Development.

It's here.

Posted at 7:32AM UTC | permalink

Tue 16 Dec 2003

Blogs Clogging Google? Does this have to be bad?

Category : Technology/waishi.jp.txt

After solving the Postfix SMTP-AUTH problem, I looked through some of the URLs I had collected - these were links to pages that had mentioned Postfix Enabler. There's one - waishi.jp/~yosimoto - a "Postfix for Mac OS X Users" page in Japanese. If I could read Japanese, I would have saved myself a lot of trouble, because I saw some of the things I had done reflected on the page. The thing is, it's easier to recognise them among the Japanese words, only after I've done much the same thing. What's more, I realised the existence of /usr/lib/sasl2/disabled. That's where Apple stuck the two files I thought were missing from Panther.

Now, I'm also reading a book, "Worldy Goods: A New History of the Renaissance" by Lisa Jardine. Among the things it covered was the idea that much of the explosion of interest in books during the Renaissance - fuelled by the invention of printing - was because people warmed to the idea of immediacy in the information they were getting. Whereas before, books were manually transcribed and lovingly illustrated and therefore took a long time to produce, in the Renaissance the pace of production quickened by several orders of magnitude. People were getting used to seeing commentaries and annotations appear in quick succession. It's the commentaries and the addition of new knowledge that made people keen on buying new books, which of course made books even cheaper. So, that's a nice virtuous cycle.

Now, as I was researching the web for a solution to the problem I was solving over the weekend, it was the mailing lists, discussion groups and weblogs that I was keeping a look out for. Since Panther was out only a month or two ago, the solution I hoped to find has got to be in a newly created page. I don't care if it is in somebody's blog or not, so long as even a "I've done it on Panther" would have been enough to keep me going.

So I was wondering about a complaint I read a few months ago about how Google is being clogged up by people's blogs. As if only publications like Time or Fortune are worthy of being indexed. In the Enlightenment, scientists like Newton kept up with the findings of other researchers via their letters. In our age, the blog will do. I'm quite sure they would have kept blogs, if they lived in our age, and wished for them to be indexed.

Posted at 7:02AM UTC | permalink

SMTP-AUTH on Panther's Postfix

Category : Technology/panthersmtp-auth.txt

I hadn't realised that Panther's built-in Postfix binaries support SMTP-AUTH out-of-the-box, until I got a message from Jeff Bishop about doing an -

otool - L `which Postfix`

which results in -

/usr/sbin/postfix: /System/Library/Frameworks/DirectoryService.framework/ Versions/A/DirectoryService (compatibility version 1.0.0, current version 1.0.0) /usr/lib/libssl.0.9.7.dylib (compatibility version 0.9.7, current version 0.9.7) /usr/lib/libsasl2.2.0.1.dylib (compatibility version 3.0.0, current version 1.0.0) /System/Library/Frameworks/Kerberos.framework/ Versions/A/Kerberos (compatibility version 5.0.0, current version 5.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 71.0.0)

which clearly shows Postfix linked against libsasl2, which is SASL's "glue" layer. I know that Panther's Postfix works with SSL, so this looked encouraging, by association.

So I looked through an old Jaguar installation that had Postfix's SMTP-AUTH mode enabled and copied over things that I needed, like saslpasswd2, sasldblistusers2 and also the old sasldb2.db file. (I couldn't build anything from the Cyrus SASL download on Panther - I keep getting compile errors that I don't think I'll ever know how to solve - will have to wait for these to be fixed.) Fortunately, the stuff from Jaguar looked like they continued to work in Panther.

At first I couldn't get it to work - puzzling over a system.log entry that says that the system can't find the sasldb plugin - until I realised that two files, libsasldb.2.so and libsasldb.la, were missing in Panther's /usr/lib/sasl2. So I copied them over from Jaguar, restarted Postfix ... and ... everything works!

Actually it was a lot more work than that. I must have tried a million combinations over the weekend when I wasn't feeling sick with flu. (I'm a Chinese of Fujian descent; so it must be the same strain that's coursing thru the Western half of the world right now; just kidding; it's a sick joke.)

Anyway, it's a nice discovery. Will this make it to Postfix Enabler? Implementing SMTP-AUTH via sasldb means having to maintain a separate password database, plus all the extra code needed to handle the user-interface. Instead, I'm trying to see if we can make SMTP authenticate against PAM, and thereby use the built-in OS X users and group password system. That'll be neater. SMTP works over SSL (TLS). So it'll probably be OK to use plain text passwords. Anyway, it's good that at least one way works. I would never have been able to do this with sendmail. Thanks to whoever at Apple was responsible for the decision to go with Postfix.

Posted at 6:10AM UTC | permalink

Sat 13 Dec 2003

Panther and PDF

Category : Commentary/leonardrosenthol.txt

I'm making a note of something I found in MacSurfer - something I'm sure I'll find useful in the future - "Rosenthol rebuts Panther PDF jab".

Rosenthol's conclusion - "In conclusion, let me again state quite clearly that Mac OS X can produce "press-worthy" PDFs FROM ANY APPLICATION with almost the exact same features as those found in Adobe's own authoring applications." In the article, he explains why and how.

Now, Leonard Rosenthol. Thst's a name associated with Aladdin and Stuffit when Stuffit was still a great product.

Posted at 5:54AM UTC | permalink

Wed 10 Dec 2003

Megnut

Category : Commentary/megnut.txt

I've got a lot of hits coming in to both the Postfix and Sendmail Enabler pages because they were mentioned in megnut.com. Turns out that megnut is Meg Hourihan, who co-founded Pyra and Blogger. Judging from the hits I'm getting, megnut is read a lot.

Typical of the way the 'Net works is this page from Consolation Champs. This guy discovered Postfix Enabler from reading "Meg's blog" and he's "a big hero in the office now!". Yeh! (Maybe I should start compiling all these "testimonials". There have been quite a few.)

Posted at 5:33AM UTC | permalink

Oracle

Category : Technology/oracle.txt

We've got Oracle 9 running on Panther on a Titanium. It's a milestone of sorts. I can't stop looking at it, doing simple things like "desc act_accounts" or "select * from act_accounts where acctcode = 'so-and-so';". It sounds inane but you've got to appreciate how far we've come since we've got OS X.

I remember about five years ago when Apple moved from OS 8 to 9 and Oracle moved from Oracle 7 to 8. Everything to do with Oracle on the Mac stopped working. I remember pleading with friends at Oracle Singapore for drivers that will work, but they've already lost interest in the Mac. If not for the Internet, and someone on the other side of the world who discovered one particular combination that worked, we would have had to give up working on the Mac.

Even that would have been lost, had our customer moved on to Oracle 9. But, fortunately, these were people who had no interest in giving any cent more to Oracle than they need.

Until today, I've actually kept one PowerBook 3400, running OS 9, just to be able to do Oracle-related work. Now, this can be retired. (Our kid's going to have his own PowerBook, just like Daddy and Mommy.)

There's an advantage to running Oracle on a Unix server. You can simply ssh to it and do database administration. On Windows, we had to install those fat SQLNet drivers on every client machine. You can't just drag and drop the drivers and associated programs like SQLPlus. It's a non-trivial installation, so you'll be able to justify the IT headcount. On the Mac now, we just ssh to the server and "borrow" the SQLPLus running on it. Client applications access the server via a very "thin" JDBC driver. We don't need to mess up all our other Macs with SQLNet stuff.

Oracle's still got the edge in terms of the "expressiveness" of their SQL dialect. But, if we want to keep our code portable, we'll have the restrict ourselves to the 80% of the SQL expressions that will work across all the other platforms we want to run on. From this point of view, MySQL has almost caught up with Oracle. If I were Oracle, I would be seriously worried. It's hard to compete with "free".

So, now, I can show Java on OS X accessing Oracle on OS X in the forthcoming Xcode seminar. Of course, you still have all the other permutations, including Java and Oracle on PCs and Unix and Linux. Haven't you heard? Customers want choice. And it's choice they will get.

Posted at 5:28AM UTC | permalink

Sun 07 Dec 2003

Just One More Thing

Category : Technology/jobsblog.txt

This is the guy who set up the Steve Job's Blog site. It's April the First in December. Great Job.

Posted at 4:21AM UTC | permalink

Fri 05 Dec 2003

Apple Xcode Seminar

Category : Technology/xcodeseminar.txt

I'll be speaking at Apple Singapore's "Development with Mac OS X" Seminar on 19th December (at the Revenue House, from 1.00 to 5.00 pm).

I'm doing two sessions - "Building Reusable Cocoa and Web Applications using Java on OS X" and "Development with AppleScript Studio".

I'm going to be showing stuff we've been building over the last year and a half. These are things we could never have done, back in the days of OS 9. I would like to show just why we're energised by the possibilities and I hope people will enjoy the talk. But the key is in the demos. No one does demos better than Steve Jobs. That's got to be the yardstick, a big one though it is. Maybe I should content myself with finishing the talk without being an embarrassment. No, we've got to strive for greater things. Right? Let's see where this takes us.

Posted at 12:12PM UTC | permalink

Thu 04 Dec 2003

If you have eyes, you will see

Category : Commentary/eyes.txt

Rev. Dr. Corey Bantik writes, "I'm a regular reader of your UBM blog ... The pictures of the Final Cut Pro course that are up on your site bothered me - the guy's eyes are closed in two of them. Since I have nothing better to do right now, I did a little editing in Photoshop. Hope you don't mind."

Thanks, Corey. Ian's a sight better to look at, now.

Posted at 5:30AM UTC | permalink