Health and fiscal well-being: You Fail It!

So I am fat. Not fat like most people are fat, but uniquely fat, in that my arms, legs, chest, back, thighs, buttocks, neck, and face don't show it, but my belly is massive and spherical. I weigh 180 lbs, where my high-school slightly paunchy weight was 160-165, and my gaunt vegetarian weight was 145.

So what we're trying to do about Problem #1 is to join a gym, and go. I've done the first part pretty well. It's just going that's hard. I target going 3 times a week for 30 minutes each. When I go, I just hop on the cross-country skiing machine and tell it to "fat burn" – this keeps my heart rate at around 122 bpm, and cranks the resistance up or down to hold that same heart rate. It's not really particularly brutal or anything, and when I'm done the machine says I've used around 350 calories.

All in all, easy enough, except I don't go. Here are the excuses that I can remember that I've used:

  • Website is down, I can't tell if gym is closed or not.
  • I'm sick
  • Bead emergency, have to fix something on ebay software.

I have already missed my first scheduled "go" this week – yesterday I used the first excuse up there. I have to do a make-up today, then my regular goes on Wed and Fri – or else I'm going to try another tactic.

Since I can't seem to make it to the gym three times for half an hour each, maybe I can make it twice at 45 minutes? And if even that doesn't work, I can try one mammoth "go" at 1-1/2 hour. According to my research, the first is better than the second, and second better than the third, but it also says that you need to do at least 700 calories of work for it to have any effect. And that's an old-person target, I'm not yet that ancient. So I should be doing 1000 or so calories, at minimum.

Regardless of any numeric hand-waving, my weight has remained constant during my 2 months of gym membership – so this week is the final chance to stick with a normal schedule before I have to switch over to one of the crappier ones I have there.

IPhone further thoughts

In re: it's closed – yes, but, in at least one sense it's actually infinitely open, and more open than any phone before it.

It has a fully, 100% desktop-compatible, web browser – Safari.

This means it _doesn't_matter_ that you can't run MS Office on it – you should be able to run Google Docs just fine. And who cares if you can't run your little Atom API blog posting software on it – you can just log right into Blogger. But what if I want some kind of interactivey kinda application? XmlHttpRequest, baby! That’s “Ajax” to you less-webdev-oriented people.

This is all presuming that Cingular doesn’t neuter it by forcing everything through some aggressive kind of aching proxy, which most carriers do to save bandwidth. If they don’t this device could _really_ be revolutionary. You can develop a site for the always-connected Desktop, and have it work nearly 100% with the iPhone! How cool would that be?

Edit – considering neutered web-browsing experiences – my shitty Blackberry browser truncated the post when I went into Blogger to move it from Draft to Post. See? I want an iPhone.

iPhone

The UI looks Great. I’m worried about fingerprinting up the phone, but we’ll have to see.

The one thing that I hate is that it’s a Closed System. You can’t go and download the Dev Kit and start writing software for it. This is likely to appease the carriers, but it’s very limiting. Yuck.

It’s way too damned expensive. My Treo cost around that much when I bought it, and it did a hell of a lot more. Of course, this is an OS X system (allegedly).

How the hell are they going to get it to run OS X? It’s bloated and huge on superpowerful modern hardware – what the hell is going to happen in this anemic phone world? They must be chopping OS X up into little tiny pieces to jam it into this phone. I bet they use a different kernel! And I wonder what CPU it’ll use – probably ARM, since everyone uses that.

Multi-year exclusive to Cingular sounds terrible. Terrible. I know why they chose GSM (quad-band GSM to be specific), that’s so they can sell the same handset to Europe and elsewhere. And I guess you might be able to buy unlocked handsets straight from Apple, but yeesh. Ugly. And will there be a CDMA version, ever? Who knows? That’s two more carriers you can’t use (Sprint and Verizon)…

The reason the little typing-on-glass thing actually seems to work is because there is some predictive text stuff in there – so if you happen to jam two ‘keys’, it can guess which one you probably meant. It may end up being right more often than not. That’s going to be another thing that we’ll have to try out to believe. Can’t wait till they show up in an Apple Store!

But if it’s sturdy enough (lots of glass there, dunno about that…) and flexible enough and can do what I need it to do (maybe not everything, but at least just what I need…) then I can see myself getting it. But I could see that a lot easier if it were cheaper. Bastards.

I wonder if the development model is actually Widgets? It looks a lot like it. Then your development doesn’t matter whether it’s an ARM or PowerPC or what?

Apple supports iphone? No, it has to be the carrier? I don’t know where Bryan gets this from, but he insists that the support will be done by Apple, not Cingular. That’s insane, if you ask me. If it’s true. I think he’s mistaken. I couldn’t find it in the Engadget article. If that were the case, Apple could just be their own MVNO and leave it at that.

As more details emerge, I shall ponder and write about them if I think they’re interesting.

More On Identity

Well, I was very excited to see that some people have created some pretty reasonable protocols to define what your ‘identity’ is in this whacky, Web 2.0 world we live in. Unfortunately, they botched. The protocols they define are based upon identifying yourself with a URL – giving the protocols near-complete decentralization. Yay! Except people aren’t URL’s. The closest thing they are is email addresses. Boo! Furthermore, the protocol adds lots of complexity in terms of what information you share or don’t share, etc. Signing up for an identity being completely separated from using your (completely separate) identity somewhere else. And the most damning thing, is that sites that use openid still retain their old username/password boxes from before. Yuck. Why wouldn’t they migrate everyone over? Because it can’t be done. Ugh.

So I was thinking about a radically simpler solution.

Here’s what I came up with:

#1) Guy gets to website he’s never been to before. He’s never used our system before either. He wants to do something that would require some kind of ‘identify yourself!’ thing. Maybe posting to a blog, maybe editing a Wiki article.
#2) The login thingee says ’email:’ and our guy puts in his email and clicks a button or something.
#3) The system emails him a big long ugly URL. Or maybe a short-and-sweet case-sensitive one. He clicks it.
#4) New window pops up saying, “OK, your info thingee has been validated or whatever. You may close this window”.
#5) He is done. He may even stay validated for another 30 minutes (hour? 2 hour?) or so so he can repeat this several times. On several different sites.

Let’s see what happens if he does go to another site –
#1) Guy now goes to somewhere else. He tries to do something else which requires identification.
#2) Login thingee says ’email’ which he puts in – or his browser auto-fills.
#3) A window pops up saying, “OK, you’ve already been authenticated as bobo@agladsfhlkyewiutykxjcnkjwheriwuehf.fromple, click here to use that identity on this site”
#4) User clicks. Is done.

Now if our user finds that this type of thing is happening to him all the time, he may get encouraged to ‘register’ so he can just has to put in a password to be identified. This encouragement might happen around step #3 above, once the dude has used this system a few times. There, instead of the email going out, a login screen would show up. He could log in, and be so identified for so long.

There! How’s that? Simple enough for ya!? OK, that’s how it acts, here’s how it should work.

When the user clicks the Login button it gets posted to my server. If his email address has never been seen before, it just sends him an email. Maybe after asking him questions like name or something. Maybe you can choose to make a password there too. When the user clicks on the URL he was emailed, he’s proven ownership of the email address, and a cookie is set on his machine, pointing to my domain. Probably set with a time limit or something. The page somehow gets magically redirected to where he was going.

The second time this happens the system has seen your email address before – it should consider asking you, “Hey, this keeps happening to you, do you want to set a password and use that instead?” If you’ve set a password, then you get a password prompt instead. Success implies cookie and redirection to wherever you were going.

Subsequent authentication attempts will still post to my site, but then your cookie will be detected, and you’ll just get a “OK, you want to auth to this site?” thing.

At some point something complicated will have to happen to inform the original site that you are, indeed, who you say you are. Ah! When you get redirected back, the original site gets URL parameters appended saying – here’s the dude, here’s a crypto hashey thing. Ah! You specify a ‘nonce’ thingee in your form which posts to me, upon return I hash the nonce, the date/time, your site URL, and your mother’s maiden name together into a big ugly base-64 thing which you are obligated to decipher. Hell, with the date/time, you can skip the noncery I think. Oh, no, you need it so people can’t just hash up gibberish and have you believe it.

You want the system to be super-duper simple, but not start forking over the dude’s identity willy-nilly.

So – I guess when you’re signing up, you can put in things like Full Name, city, etc – and maybe set certain things as private or public…?

Anyways, this version has these advantages –

#1) No differentiation is made between a ‘consumer’ and a ‘server’ – any site which uses this auth method can implicitly sign people on.

#2) People are E-Mail addresses.

#3) Minimal to nearly no commitment required on the user’s part – you don’t have to make much of an account, or anything.

#4) Easy(ish) to implement.

With the obvious disadvantage –

#1) No longer decentralized. But we’re not talking about lots of data here, it would be possible to scale a centralized identity service up.

#2) Phishing attacks – no more or less so than openid, but you still could find yourself a victim of a phishing attack with this system.

Edit – I found the idea for this stupid thing so simple and compelling that I just built it. It’s still in the conceptual/prototype stages right now, and I wouldn’t use it to secure anything I really deeply cared about just yet, but it’s there so you can look at it. It’s very early yet. Just look and think and stuff, don’t whine yet:

Desk.nu – Your new…desk…to be…uh…working on. Or something.

Google Everything

So, Google has pretty much done all the stuff I intended to do, oh so many years ago, with their very good and very clever web apps like Gmail, Google Calendar, Reader, Google Home Page, Docs & Spreadsheets, etc. So I’ve decided to wade in and start using all the great little applications – well, not little, big. A few slight snags – first, for Gmail to be useful, I’ve had to forward other mail accounts to it. Second, I had to change my name. My old Gmail name was something I thought was really cool when I was like 14 and into BBS’ing. However, I’m 900 years old now, and I have professional needs and stuff, so I had to come out with a slightly more regular-human-sounding name. Okay, easy enough, done. Now alllllll this crazy Google shit I’ve accumulated over the years I have to try and move over. Not so easy. Browser Sync? Easy, delete the service and re-add it. Email? Forward my old gmail to my new one. Docs? I guess I can share out all my docs to my new self (done), and this Blog here…well…I guess, I can invite my new self to collaborate with my old self…weird, because my old self is going to remain a weird vestigial account forever in the future, I guess…until Google lets ownership of things migrate back and forth. Some services of Google’s I don’t even mess with, but I’ve used at some point, so I don’t have here. But I don’t think that matters.

So, problem number one. My browser just hung while I was typing this. My opinions about browsers are well known, and I’m on a Mac, which can be less nice than using a Windows box when it comes to AJAX-heavy Javascript-ey stuff. So I had to actually type the first paragraph again while looking at the frozen screen in my other browser. This is why I always have 15 browsers available in my Applications.

Next – as much as I like to keep thinking of myself as ‘ahead of my time’, I’m not. Quite frankly, I never imagined that the Web, and regular-issue Web browsers, would ever be able to do the stuff we can do in a Browser today using Javascript and the DOM and such. I mean, don’t get me started on the fact that Javascript is an interesting language that’s just miserable to program in because the environment it lives in is so awful, or the DOM as being the worst API to do anything anywhere, but the end result is still insanely powerful.

But, now I got it all here, and I have to say, I’m a liiiiittle bit disappointed. Not very, but a little. Gmail isn’t as fast as I had wanted. It’s still fast – and really comparable with Mail.app, which is my favorite mail program up until now. We’ll have to see how it goes.

And I made my own custom Google homepage. That’s really, really, really great. I have a little box for my mail, my calendar, my RSS feeds…it’s pretty cool. I tried to do this with my Apportal software (one of the many failed or semi-failed attempts at making the NetServOS software back in the day), and it didn’t quite make it, but Google has completely nailed this one. Very impressive, guys. I’m even considering making a little doodad for it.

The only thing that bugs me – only slightly, but it does bug me – is that you only get what you’re given. What you get is what Google gives you. And that’s nice, Thank you Google, for giving us stuff, but I don’t think I can imagine a world where all software comes from one single great benevolent software entity. Even Google. Or Microsoft. Or MicroGoogleOracleIBM. Eventually, someone’s going to want something that doesn’t exist.

Proof: Let us posit that Google has made all applications that you could ever want, which all work in whatever fashion you desire. Ok, fine. So I want an application that lists applications that I want, but don’t exist yet. Ah ha! Wait, I guess that means Google might give me a nice Google-branded empty window which says, “Here are all applications you want that don’t exist!”…crap. Forget that proof.

Okay, just take my word for it. Nobody can make everything you want. So what’s going to be the solution for that? I think lots of that is tied in with Identity – and there are some stupid people working on it (Microsoft, Liberty Alliance), and some less stupid people working on it – http://www.openid.net – for example. But they insist on representing a user’s “identity” as a URL. Clever, but people tend to identify themselves more with email addresses, I would’ve gone with that instead. Though I guess “mailto:brady@sldkjskldjflskjglkjelkjsldkjflskdjflsdkfjsldkfjalkjdfalskdjgalskdldk.schlorm” is a valid URL. Who knows.

And after that, of course, we then come to interoperability. If the only thing that ties you together throughout all these applications is your identity – well, that’s kinda weak. Not terribly so – if you think about how you use your applications in your day-to-day life, you probably don’t chain them together that much (unless you use Unix, but that’s a perverse case). The big one is your Mail application and the rest of your OS in order to open documents on it. Or your web browser and documents or files you’ve downloaded from that. If you’re on a Mac, your Mail client and your Calendar work well together – but they cheat, I don’t think they’re using any protocol or anything to talk to each other. Or if you use something to transfer files to Important Places (FTP, SFTP), it might be nice to open the files after you get them. But I don’t think this is as important as I thought it was. I’m not sure, we’ll have to see how much my Google usage intersects with my Regular Computer Usage, and see. For the first time in literally years, I’m running with Mail.app shutdown, and it’s not bothering me in the slightest, so I think we may be off to a good start.

I will most definitely keep reporting in.

Call of Duty 3 for Wii

Caveat: I’m a weenie, and am playing on Hard. So it’s slower going for me than many.

Graphics: Pretty. For standard def, it looks pretty darn good! I’m glad to see the Wii can actually put out some decent images. You can barebly tell the difference between the prerendered stuff and the in-game stuff. No real jaggies that stick out. Nothing ‘pops’ out of the screen at all as strange. Textures are nice. Terrain looks good and isn’t too rectilinear.

Controls: Interesting – I normally never use ‘lean’ for example, but here, I might. Not super precise, but interesting. The little melee fight you have to do with the gun stock is pretty cool. Kinda immersive, and tiring – but not bad.

Gameplay: This is, alas, where I feel the game falls down. It’s a standard scripted roller-coaster ride through WWII. Little golden waypoint stars on your compass to tell you where to go. Little ‘trigger’ points which set the Krauts after you, or set off scripted events on the board. Maybe it’s me being a whiner, but I kinda feel like – haven’t we done this before? A lot? Repeatedly? Is this all there is? After the 4th or so time of having an explosion go off and one of my teammates pick me up, I start to tire of the scripting. After one of the assualts on a heavily fortified German position, I start to wonder – I keep killing them, and they keep coming back? What is it specifically that I have to do in order to advance? Go to my little gold star point? Does it matter if I kill the Nazis? Should I just go to where I’m told?

As in “Red Steel” there’s no health meter, just don’t get all shot up all at once and you don’t die. This solves the “Attrition Death” problem I blogged about before. But it feels wimpy. I dunno.

AI: Annoying. Teammates get into the line of fire, die, and then you lose due to friendly fire. And your teammates don’t help you when you actually need it. They may occasionally cap a bad guy. But that’s less often.

Conclusion: – A Console that allows for innovation does not necessarily cause innovation. It’s nice to see the games can be immersive, and the control scheme and sound effects and graphics feel pretty immersive – it’s just immersing me into a Disney ride where I have to shoot some baddies for the ride to move to the next thing. Feh. I’ll beat the game, mind you, as I always do, and I will enjoy it, and I am enjoying it now, but let’s see this for what it is – a decent game, not a great game, or even a good game.

wii review

So Beckley asked me if I actually liked the Wii or not – and though I think the issue has been covered a little, I thought I might mention my feelings about the issue.

It rocks.

It’s a nice little box – very attractive – it loads quickly, launches games quickly, and the controllers are very innovative and fun. My wife and I tired our shoulders out playing Wii Sports (tennis), and enjoyed a few holes of golf as well (I made par!). Zelda is a great game – not so controller-oriented, but very fun, and when it does use the controller, it’s pretty cool. For instance – shooting with projectile weapons is controlled with the pointer. Attacks are done by shaking the controller. But most of all, it’s a standard Zelda game with puzzles and stuff. Pretty cool.

The graphics aren’t spectacular, but if you don’t have an HD TV, I don’t think it’s that big of a deal. if you do, well, I dunno. The XBox360 has nice HD graphics, and so does the PS3. But they’re pricey.

Nintendo’s whole deal is that it’s all about the gameplay. At this point, I agree.

Edit: It also has this virtual console thing that lets you play a whole bunch of ‘classic’ nintendo (and other) games. It can do N-64 games (Mario 64 for example), so I’m waiting for Goldeneye to become available (I hope it will, it’s a classic).

Red Steel (Wii)

So I waited in line at Toys R Us, and was right behind the cut-off to get a Wii. So the next day I went to the Nintendo Store and waited in line for about an hour and a half – only to find out my good friend Mike was able to snag me one – because he got in line with his wife Beth, and so he got me a system. Whew!

The game I personally was most excited about was Red Steel. And it seems to really have gotten savaged in reviews. Quite frankly, it’s not that bad. It’s a fun, average shooter, with some interesting little bits built in around the controller. Reloading is a shake of the nunchuk to the left, and you can toss grenades by holding the down button and either rolling them (nunchuk up motion) or tossing them (nunchuk down motion). The little swordfights can be pretty fun, too – block by shaking the nunchuk left or right, dodge by holding a button and moving the joystick, some special moves you learn along the way. As you make your way through the game, you learn cool little features about how the gunplay works with a ‘focus’ system, and there’s probably more stuff like that – I’m maybe a half to 3/4 of the way through.

The controls aren’t perfect, but I think I like them better than the standard dual-analog-stick controls. You wave the Wii remote around on the screen to point at stuff. You can aim by holding the A button and sliding the remote forward and back to zoom in and out. The left thumbstick on the nunchuk strafes left and right and walks forward and backwards. The only thing I feel could be better is the rotate left and rotate right controls – you do it by moving the remote left and right till the aim-point is off screen. Then the screen rotates until you move the remote back to point on screen. It’s not terrible – it’s just too Boolean for my tastes. I would think you would want something where if you get near the edge it rotates a little, and if you go way past the edge it rotates a lot.

So you can do some pretty decent pinpoint shooting with this setup, if all the baddies are on the same screen. If they aren’t, you may scroll past them, or if you’re in the middle of a hairy firefight, you might have a little trouble. Other than the single-speed of rotation issue, the other slight nuisance is that when you are watching a cutscene or waiting for a load, so you put down the Wii remote, and then the screen starts scrolling around randomly and you don’t know which way you’re facing. Bothersome. But avoidable, if you just make sure to rest your hand with the pointer pointing on the screen. Unless the beam from the remote hits the coffee table or your beer or something. Then the pointer goes weird.

So, graphics? Eh. Nothing to write home about. Not so attrocious as to be really unpleasant, but not working up the best of the system. The menuing system is really really stupid – requiring you to drag, with the pointer, items onto boxes. What a silly waste. The story – is okay. You’re some dude who’s dating some Japanese chick and she gets kidnapped and you go run around and shoot people and sword them. No giant twists or turns come up in the story, but it’s fine.

But all in all, I don’t think the reviews I’ve read are fair. Perhaps everyone built it up in their heads as much as I did, and were let down. I was, but I can read between the differences of what I had hoped for, and what’s actually there to say it’s not a bad game.

“Considered Harmful”, Spam, and SPF

So lately we’re getting tons of spam. Any sense of the word ‘we’ you can come up with, we are getting it. The stuff that seems to keep making it through everything tends to be image spam (can’t do bayesian stuff to it, no text) for stock scams (no need to put a URL in the content of the email, which we would catch and block).

So at first I was considering running OCR on all email that came in and had images on it – but that’s really scary. It would mean having the computer figure out that there’s text in every image and scanning it out and then running SpamAssassin or whatever on that image. There seems to be one plugin for this and it seems crappy – it has to filter your image through an image converter, then into an ocr package, then the text that comes out gets checked against a static list. Lame. I would prefer the text be fed into SpamAssassin or something, so we get a little more flexibility out of the setup. But even then – you just start making swirlyer text, more obfuscated, and your OCR plug-in won’t be able to read it.

But I decided to look into some other options – and one I decided to implement is called SPF. Sender Policy Framework, it’s been extended by Microsoft into some sender-ID proposal. You check DNS to see if someone who’s sending you mail is listed in a TXT record to be ‘authorized’ to send mail for that domain. If they aren’t, you can bounce it.

Now, ultimately, the spam problem is a legal problem, that is impossible to enforce because of all the forging that goes on. Pump-and-dump stock schemes are an FTC issue, for example. But we can’t tell who’s spamming us because they’re sending through zombie networks with forged ‘from’ addresses. If we knew who they were, we could refer the FTC to them, and they could attack them from that direction. SPF _may_ end up helping with that kind of thing. Maybe.

But today I had to wade through a ton of articles begging me not to implement SPF because of the horror and tragedy that would ensue. Oh no! But, as before, “X Considered Harmful” is just another way to cause a knee-jerk reaction. If some domain out there in the world chooses to publish SPF records for their domain, and you choose to obey those SPF records, it’s not a big deal. If you don’t like SPF records, don’t publish any, or publish a “+all” record if you want to be a dick about it. Why go on a tirade? If some guy publishes a record and fucks up his email, isn’t that his problem, not yours?

Now, that being said, there are problems with this SPF thing, among which are handling for forwarders. But the bulk of the technical disagreements here don’t seem valid. In the modern era, there are no open relays anymore. If you relay mail, you relay it for someone. Whoever ‘someone’ is, if they want, they can publish an SPF record that says so. If you’re trying to do some tricky thing with moving around and sending mail from dynamic addresses, you’re likely getting marked as spam anyway because of your address dynamicness.

But forwarders seems to be a legit problem. Domain A sends mail to Domain B. foo@b.com forwards to bar@c.com. So now we have the mail server at b.com sending mail from somebody at a.com to c.com. Wait, that’s not a problem, is it? No, it is – imagine c.com checks the SPF record – mail is coming from Domain A, so it will be checking A’s SPF record. A’s SPF record says that A will only send mail from A’s server. So that’s the infamous Forward problem. Eh, not good. But still, it’s A’s problem, not my problem (being Mr. C). Shit. Basically, the actions of the recipient on server B will affect whether or not his email will forward properly. He goes into his account settings, says ‘forward to server C’, and mysteriously finds that some messages (from servers other than A, who don’t use SPF) get through, whereas others (from servers like A, who _do_ use SPF with some kind of restrictive setting), will get mysteriously bounced or marked as spam. Well…I dunno. The user at C who changed his forward on server B is going to find his mail kinda does get delivered, kinda doesn’t. Depends on who it comes from. And that’s because I (owner of server C) turned on SPF checks. It is only in the case of a ‘forward’, and it can be fixed by mangling the envelope sender so it appears to be from the B server’s domain…but…ugh. In any case, it’s a setting on A’s server that seems to cause the problem. If the user on C isn’t getting mail from A that’s going through his forward at B, well, don’t do the forward, or use a new-style forwarder thingee.

Shit, maybe I do have to do some kind of OCR thing after all. Ugh. I hate this crap. And after I _manually_ went and applied patches onto qmail. I need a new mailserver, too.

Mac OS X Server

I am a huge fan of the Mac. I have been using them since the Mac Plus running – oh, I dunno, it was before system 6 and MultiFinder and all that. I’ve dabbled in PC’s, and am pretty good with them, but I love Macs. And I like Unix machines a lot too. I learned Linux In the days before the kernel was 1.0 – it was in the 0.9’s or something, I don’t remember. I ran Slackware in those days. Ah, the good ole days.

So I try to consider myself platform-agnostic. I can tell you now some things I really like about Windows boxes. Among which was the generally snappiness of them. I was running a Win2k box for a while (to help force me to test one of our application’s bugginess and behavior under the Dreaded Internet Explorer). It made me really envious. And, so long as I didn’t mess around with it too much, it performed well – especially so for a box with such low specs (as it was, I think I blogged about it before).

As such, it pains me terribly to say I fucking despise Mac OS X Server. I’m sorry, but Apple has completely blown it with this product. I don’t doubt that they are fine if you just do file and print, but this isn’t a Windows server, it’s a Mac server – it’s got Unix stuff in it – why can’t I make it do a whole bunch of things? And the answer is, because it is shit.

The number of individual problems I’ve had on OS X Server is too numerous to count. The stupid management applications crashing on me, or their effects not ‘kicking in’, or the fact that you can’t migrate NetInfo accounts to LDAP accounts, any number of things. The GUI ends up being obtuse and incomprehensible, and the command line is even more painful than that. I’ve always theorized that when you try and put a nice shiny GUI on top of an ugly (but efficient, and flexible) command line, the end result is always a terrible mishmash. I was hoping to be proved wrong with OS X server. And I have not been. The file system is shit. The Mail server is garbage. The web server – oh! the web server! – I have never seen Apache be so terribly crippled. I had to crawl around in config files and XML files for hours to repair our server, once. Awful. And we’ve taken explicit, careful pains to never mess with the command line or any binaries or anything – after all, it’s an OS X server, and we’re trying to do things the OS X way. What a disappointment.

Today, for example, I’m trying to set up a co-workers account so he can do SSH authentication to the server to run some simple SSH commands (having to do with Subversion, a version control system I’d like to switch us over to from CVS). I go into the management app, I go to my coworkers account, I see he has no ‘home’ set. That’s fine, he is not an SSH man, himself. So I try and set him one. Crash. I try and read mine so I can compare. Crash. I try and look at it again, it’s not one box for ‘what is your home’ it’s three boxes, and I can’t figure out what is what. And I’m not stupid. And any time I try and do anything to it, crash. What a fucking mess.

Now, don’t think this means I have any like for Windows servers. Because they’re just as bad – though possibly a bit less so, since they don’t have to do the “Shiny GUI to shitty command line translation” that OS X has to. To enable RIP routing on a FreeBSD box? (Mind you, I don’t know FreeBSD that well). set it to ‘yes’ in the conf file, and then launch it. Boom. New routes in routing table. Try to enable RIP on Win2k3 server? You have to enable routing and remote access (Telephony! What the fuck!), then add RIP for an interface, then all kinds of stuff – then all my route metrics are all freaky and inexplicably huge, until I find out that Windows is randomly mangling my route metrics based on interface speed (NB – win2k did not do that). What kind of lame-ass bullshit IS this? IIS also enjoys baffling and frustrating me and anyone else who is cursed with it.

Unix boxes, however, are mean. They just aren’t nice or friendly at all. Totally unapproachable. Compare an airplane cockpit with the driver’s seat in a car. The car you might be able to work out yourself, by playing with it. The airplane, you will not. There are 50,000 gajillion little controls for things. The car emphasizes just a few, and will let you get around. So the end result is it takes FOREVER to figure out what you’re doing on a Unix box, until you start getting the Zen of how it works and what its design are. You can do a hell of a lot on a Windows server or a Mac server without knowing what the hell you’re doing. And that has its advantages. And its disadvantages, when you mess with something you don’t understand and unleash unholy hell upon yourself. And Unix boxes will not only let you shoot yourself in the foot, they will load the gun and point it right at your foot, and take the safety off, and not say a word about it. Like I said, mean.

I do know this – any time I get to spec out or make any new server or computer for anyone that I have control over, it won’t be a Windows or Mac server. Maybe if it was something for simple file-and-print, and some email, I might. But not for anything nontrivial.

I should mention – it could be an issue with my own personal comfort level with these machines. I mean, I know Unix boxen pretty well, maybe not as well as I know the Windows and Mac boxen. But every time someone needs to refer to someone who knows more about these things, they always get referred to me. So it’s sad, but maybe I *do* know as much about these things as I do about the other. Because I assume there’s some bias in my knowledge here. But the scary thing is, there might not be.