log checking

edge traffic at the gateway
dirty excuse for an angel
printer password won't reset
don't let this desperate moonlight leave me

One user enters, one user leaves

subinacl, a wonderbox of command-line ACL power, is part of the Windows Resource Kit.

Here's syntax to transfer one user's access pattern onto another user.

subinacl /subdirectories \\server\departments\accounts\* /replace=ark=gru

This goes through all of the folders in accounts, and replaces ark's SID with gru's SID.
gru now has all the same folder permissions that ark had.

Note: According to the help file (subinacl /help /replace) :

SubInAcl version 5.2.3790.1180

/REPLACE
--------

/replace=DomainName\OldAccount=DomainName\New_Account

replace all ACEs (Audit and Permissions) in the object
Ex: /replace=DOM_MARKETING\ChairMan=NEWDOM\NewChairMan will replace
all ACEs containing DOM_MARKETING\ChairMan with NewChairMan SID
retrieves from NEWDOM domain
Warning: if DomainName\New_Account has already an ACE, ACE replacement is
skipped

Because /replace is supposed to _replace_ ark's SID with gru's, one would expect to find no more references to ark via the Sharing and Security GUI for a folder.
However, in my system, I found that gru now had an entry alongside every one of the ark's entries.

it's definitely not true

but it is something i had to find out today.

du –sh /it_support

drive the settings

Anonymous, come on down.
We Welcome Your Comments.

Our Drones

We have a special room for them ...

Ah! J'understand!

Two cartoons :-

This explains debugging code which has been written with anti-debugging techniques:

http://hackerschool.org/DefconCTF/17/B300.html


This explains how to find a keygen (written in bizarre franglais)

http://pagesperso-orange.fr/l0uk0um/site/dora/fichiers/tutorial.html

Creating mixed-mode Exchange/IMAP users

We have a few managers here whose mail needs are a little complicated. They're available to the whole company via Outlook and Exchange for meeting scheduling, but they prefer to use Thunderbirdand IMAP for managing their mail.

(Of course, one can connect to Exchange via IMAP, but we haven't implemented this, purely for reasons of time resources. Back in the day, we started out with courier IMAP, and brought in Exchange a lot later. Smoothly migrating people to the Exchange server would require a lot of individual support hours, and given that the system is fine at the moment, the bang/buck ratio doesn't pan out.)

Here's how to set up a mixed-mode IMAP/Exchange mail user from complete scratch:

1. Mail Transport Agent - on your external IMAP mail server, create an IMAP box for john.doe@myorg.com
   
2. Mail Transport Agent - create an alias for the user, something like jdo -> john.doe@myorg.com
3. Exchange Server - in the EMC, create a new Mailbox under \Recipient Configuration\Mailbox for John Doe. This creates an AD object for John Doe, with Exchange Mailbox properties.
4. Still on Exchange, right-click \Recipient Configuration\Mail Contact, and choose "New Mail Contact", and radio on "New Contact".
5. Choose the correct Organisational Unit (if you forget this step, don't worry - you can move the Mail User in ADUC later).
6. In the "First Name" field, use the IMAP alias (in this example, "jdo").
7. In the "External e-mail address" field, use the IMAP alias email address (in this example, jdo@myorg.com).
8. Finish creating the contact.

Now we have two separate elements - the Mailbox associated with AD user John Doe, and the Mail Contact jdo.
The existence of the mailbox will allow the user to manage scheduling with Outlook, and to view Public Folders.
However the email must be redirected to the IMAP account. Here's how:

1. Using the EMC, \Recipient Configuration\Mailbox, open the properties sheet of the Mailbox.
2. Choose the Mail Flow Settings tab, and open the Properties of Delivery Options.
3. Tick the box "Forward To ...", then click on "Browse".
4. Tip! Sort by "Recipient Type" to see the Mail Contacts, and choose your newly-created contact from there.
5. Choose Ok, then Ok again to leave the Properties sheet.

Now you have a user who can be scheduled via Outlook, but who can use their preferred IMAP client to manage their email.

Administering someone else's Out Of Office reply

Finally, I have the answer to something that's bugged me for a very long time - how to adjust a user's Exchange-based out of office reply.

Normally, the only way to do this is to log in as the user either to their Outlook, or to OWA, then adjust their OOF settings via Tools, Out of Office Assistant. Since this requires that you know the user's password, it is not always a convenient method.

I thought that there might be some way to change things via the server, perhaps via PFDAVAdmin. None that I could find, sadly, existed.

So here's a kludge that gets you the result you want:

1. In ESM, use the Manage Full Permissions option on the user's Mailbox to give yourself full permissions on the user's account.
2. On your Windows machine, go to Control Panel, Mail, Profiles.
3. Add the user's name - when you fill in the New Account form, leave the password section blank and click Next. Because you have full permissions, you don't need a password.
4. Radio on "Ask for Profile"
   
5. Open Outlook, and choose the user's profile.
6. Fill out their OOF.
7. Quit Outlook, remove their profile from the Mail Control Panel applet.
8. On the server, remove your full permissions from their account.

A kludge because it's too easy to forget the very final step, leaving a security hole.

But it works!

Exchange 2007 Public Folder reporting

Probably the best free tool to report and manage on your Public Folder hierarchy is PFDAVAdmin, available from Microsoft. I've mentioned it before.

There are two main commercial tools available that can help - Ark's Admin Report Kit for Exchange Server, and Priasoft's Public Folder Analyzer. A fairly comprehensive list of Exchange Permissions Management tools can also be found on Slipstick.

Ok, down to the real-world scenario. At the moment, I'm creating a new user, and need to give them the same permissions on the Public Folders as a current employee. I can accomplish this in a variety of ways:

1. Use the context menu, Folder Permissions to view an individual folder's permissions, and to add a user.
2. Use the context menu on the containing folder to add a user, then use context-menu, Propagate Folder ACEs to push the same permissions down to the subfolders, for that user.
3. Use powershell for a single folder:
   Add-PublicFolderClientPermission -Identity "\Marketing\West Coast" -AccessRights PublishingEditor -User Kim
4. Use one of the included E2K7 powershell scripts under C:\Program Files\Microsoft\Exchange\Scripts to recursively apply permissions:
   AddUsersToPFRecursive.ps1 -TopPublicFolder "\Sales" -User "David" -Permission Reviewer
   

Which is fine if you know which folders to touch.
But what if you've come to an organisation with an extensive preexisting Public Folder hierarchy, and missed out on the chance to mind-meld with the previous sysadmin who built it from the ground up?

Obviously you'll need a report. We have a small Public Folder scenario, with 4500+ folders which contain more than 600,000 mail items. Using

Get-PublicFolderStatistics | ft FolderPath,*ItemCount,total*

returns the size of each and every public folder. (You can pipe it out with export-csv and chuck it in Excel.)

To find out which permissions a user has on a particular folder, use:

Get-PublicFolderClientPermission -Identity "\yourfoldernamehere" -User yourusernamehere

Awesome, that's almost what we need!

To get the same info recursively over the whole Public folder tree:

Get-PublicFolder "\" -recurse | Get-PublicFolderClientPermission -user yourusernamehere export-csv

Very useful!

Finding aliases on Exchange 2007

Problem: You have an alias address, and you need to find out to which Exchange 2007 mailbox this is mapped.

Solutions: Use the following powershell command to list all mailbox names and aliases:

get-mailbox | select name, alias | format-table name, alias

(which is OK if you have a small number of users, but not so useful for large orgs). You can also use the Find option whilst looking at the Recipient Configuration tree in the Exchange Management console.

Heike tells a story

One of Heike's sisters lives in a remote area in southern Spain. They recently got a modem connection to their house. Heike was Skyping with her nephew, and typed, "I have to go now, time to walk the dog and meet people for dinner." The nephew replied, "Where will you go for your walk?" "In Görlitzer park," replied Heike, "... why don't you come with me?" Nephew (10 y.o.) said "I will! I will come with you on google earth!"

So sweet!

Integer Overflow Week, or When Things Get Bigger Than The Biggest Things

* Tuesday - riding to work, when suddenly some boofy german bloke in a big navy blue BMW slows down next to me. He's wound down the passenger side window and is shouting at me across the body of his tiny, weaselly-looking mate - "Hey You went through the red light! Red lights are for bicyclists, too, you know! Do you think you are special?"
OK, whatever, if I went through a red light at an intersection where there were no cars except for me and this guy, that's my business, right?. But I got /angry/. Really really angry. BMW roared off up the street, obviously proud to have done his civic duty. But I know the streets here, and I know that the light he was heading for is very slow. So I caught up with him there, and slammed the closed window with the flat of my hand. "Fuck you!", I yelled, and (the only german swearphrase I know coz it is written on the wall in the stairwell of my friend's house) "Fich dich, Opfer!". The lights changed to green, I got off my bike and strolled nonchalantly across the road to work, whilst BMW had to drive off, because of all the other cars waiting behind him at the lights.

* Tuesday, Part Two. I'm enjoying an afternoon coffee in the breakroom with Tobias from work. He's the 28-y.o., Go-playing, maths-PhD fella with the shiny head. He explains about a great bug that he's working on - there's a biggest integer down there in the engine of the software, and you're not supposed to get a value that's higher than it. But he found a situation where input from a MIDI keyboard wraps the value, and returns exactly the right value to give exactly the right behaviour - playing a note. We chuckled over this accidentality, and went back to work.

* Wednesday. I'm reading the latest xkcd cartoon - poor Mr. xkcd is trying to get to sleep, and is counting sheep. He counts and counts, when suddenly the number of the sheep goes into negative values. Integer overflow. http://www.xkcd.com/571/. Fitted nicely, coz I had terrible insomnia meself the night before. Might explain why I got so pissed at Mr. BMW.

* Wednesday, Part Two. Boss at work is working like a fiend - for him, that's typing up a storm, not talking to /anyone/, going into the machine room a lot, four or five terminal windows open at the same time on his monitors. At about four in the afternoon, he turns to me and explains that the job-tracker database needed to be upgraded live. He shows me some log files to do with the search component. "Search array out of range. Search daemon stopping." Apparently the new version fixes this, but it's completely undocumented. Well, the search engine is working now, but it was having a kind of integer overflow.

* Thursday. Riding home, going down a one-way street. Full of potholes, had to weave around a bit to avoid being chucked of the bike. It's a slow road anyway, running alongside a hotel with lots of waiting cabs, and tour buses. Suddenly massive horn-beeping from behind me. Without thinking, I yell, "Fuck /OFF/!". I've just about had it with these impatient, self-righteous cars. Surprise surprise (not) a big silvery BMW roars past me ... straight into the loving arms of another slow set of lights. Ha ha ha. Revenge is mine. I pull up next to Wanker Number Two and shout into the driver window - "What the fuck is the big hurry?" Mr. Big Arab yells back at me, "Fuck me?! Fuck you! I fuxk the Americans! I fuck the Israelis! I fuck your mother! I fuck the South Africans! I fuck the Brits!" Quite a large part of my brain is thinking, "How interesting. He's trying to figure out what kind of English-speaker I am." By now, the lights have changed, and we're both going round the corner together during this tirade. I yell back, "You must have a huge cock, then!" He and his mates all shout with laughter, and he roars off down the street.

* Friday. Today. I declare integer overflow week to be officially Over.

Dance Dance revolution

I went with StefanB and Amo adn StefanF and Anja last night to see a dress rehearsal of some dance thing. An older guy, thin with Levis and old brown men's shoes, and a pale blue electric detuned guitar. He sang softly into the mike - " When I came into the kitchen, you were crying / but it was only thaaaaat / you had been chopping onions ".
The dancer guy ran around, pointing this way and that. Jumped on a table and danced there too, until the front leg fell off. The audience said "eek!". It was a very lighthearted performance.
One great bit was social - I was in the foyer drinking my Club Mate coz I was a bit tired and wanted to be a bit more awake, then there was Saskia's friend Tania Rünow! Helloo Helloo and she gave me a big smile and hug like she was really pleased to see me. Nice change tell ya what. We chatted for a while, I think her good-looking maybe-dyke pals were a bit miffed, they wandered off to chat elsewhere.
Tania was the one who hosted me and Saskia, Richard and Robert and also a whole bunch of her other friends for New Year's Eve. Here in Tchermany when it's New Year Eve you say to everyone you meet on that day " Guten Rutsch!" which means "good slide" as in "have a good slide into the New Year". As all good aussies will do, me and Rich and Saskia who is now half-aussie pretty much ended up talking in Tania's kitchen, which like most apartments here is furnished with things from the street or the second-hand shop. Not a built-in cupboard in sight. Two of the chairs are from an aeroplane or a cinema I couldn't tell which. Rich was sitting on them and then suddenly they fell forward and he was under the table! We looked on in shock, and then I shouted "Guten Rutsch!" and we all screamed with laughter. Tops night!

Blokes on a roof

About four weeks ago, it had been pretty cold, with snow and everything. I was walking home, and heard a loud "clomp!" "crash!" sound. Over on the other side of the road, some people were looking out of their third floor window at the ground. There were some big bits of masonry lying there - I looked up, and could see that part of the architrave of the roof had fallen down.
By the time I'd gotten up to the apartment, the fire department had already arrived, and were carefully bashing away at the crumbling section, getting big chunks of plaster and concrete off the overhang.


Figure 1: Man on a mechanical stick

That was exciting - lots of people stopped in the street to watch the fun. The next step was to erect a scaffolding (Gerustbau) so workers could get up there to repair things. Scaffolders here are a tough bunch - and have romantic company names like Anarchie Gerustbau with a red and black anarchy symbol as the logo. The guys looking after our opposite neighbour didn't have a cool name, but the workers were straight out of a 13th century Frisian viking look-book. Note the awesome natural red-haired enormous handlebar moustache with beads. What you can't see is his down-to-the-middle-of-the-back thick plait of red-orange hair. Yes those are great big metal earrings, too. Hands like trucks, as my mate Cathy would say:

Figure 2: Leather trousers and plaited beards

The scaffolding was erected in about five hours. Time elapsed from initial avalanche: 29 hours. Things went quiet then for a long time. Some weeks passed, and it began to look like there was going to be no change for months. It's not unusual for houses here to have scaffolding for months or even years with nothing changing. Strange, since you have to pay monthly rental fees to both the scaffold company and the city, and they're not insignificant. Sometimes the scaffold is covered with thick plastic gauze which degrades over time, blowing in the wind like sails, giving the buildings the appearance of rotten, abandoned pirate ships which have come to rest between their land-locked cousins. Today, finally, some workmen came to work on the roof and architrave, hauling up sheets of tin and buckets of concrete and plaster to repair the leaks. Obviously, water had been working its way into architrave and mouldings, melting and re-freezing during winter, causing it to break apart. The workmen are a tough bunch, too, just walking about up on the roofline without a safety harness.

Figure 3: Bang bang tap tap.

Zotter

Not much of a post today, other than to recommend to you all any chocolate made by Zotter. It tastes of chocolate, not of sugar. Now that the big heat wave is over in Oz, I can send some to you.

Dreams - last night, I dreamt MMcK carried me to a pub on his shoulders. He was a huge man, and he had a tattoo on his right shoulder that he did not have before. JP said goodbye to us as we prepared to go, she was silently and good-naturedly laughing at MMcK's preparation. Little Scout ran around telling us things. We went over hill and dale, and came to the sprawling pub. I went to go and order Bundy and Cokes for us both (ugh?!), because MMcK was too large to fit through the door. Like a giant. At the bar, the barkeepers were women wearing a variation of neo-retro-seventies-countrygirl - that means, big straw hats, lace over the decolletage, and puffy sleeves but uncovered arms and disco skirts knee length. In sheer silks and modern rayons. After talking to an older retired business man in a gray woolen coat, I left to take the drinks to MMcK, but I had not enough hands, and had to put the chicory and cos lettuce in the pocket of my coat.

I think the narrative was breaking down at that stage.

Exim III

The solution to the problem with multiple recipients in an Exim filter, when you want delivery to go ahead to all but one, and you want the special one to go to different special place .... You have to wrangle the routers. Routers will let you pick out a mail for a particular recipient and do something special with just that particular delivery. I guess this is because routers come late in the delivery chain.

I thought that was cool, and told boss about it. But ... no point me going ahead and implementing one of these little gems, because apparently we're moving to PostFix Some Time Real Soon.

Note to Self: prepare all the the exim filters for PostFix ahead of time, so that boss is impressed.

E2K7SP1 MapiExceptionNotAuthorized

One of my users is replying to a message sent to a public folder that's hosted on Exchange 2007 SP1.
He's getting the following type of non-delivereable message:

Fehler bei der Zustellung der Nachricht an folgende Empfänger oder Verteilerlisten:

Jobs
Problem mit dem Postfach des Empfängers. Microsoft Exchange versucht nicht, diese Nachricht erneut für Sie zuzustellen. Versuchen Sie, diese Nachricht erneut zu senden, oder wenden Sie sich mit dem folgenden Diagnosetext an Ihren Systemadministrator.

------------------
Mit Microsoft Exchange Server 2007 gesendet


Diagnoseinformationen für Administratoren:

Generierender Server: x.y.z.com

jobs@z.com
#550 5.2.0 STOREDRV.Deliver: The Microsoft Exchange Information Store service reported an error. The following information should help identify the cause of this error: "MapiExceptionNotAuthorized:16.18969:DA0B0000, 17.27161:0000000062020000000000001F00000000000000, 255.23226:00000000, 255.27962:7A000000, 255.27962:0A000000
-------------------

(I coloured it blue because it's Microsoft)

Here's what it means:
MapiExceptionNotAuthorized means that Mapi does not allow the action to be taken, due to the action not being authorized. Usually this is because the Anonymous user doesn't have the ability/rights to write messages to the Public Folder.
However, in this case, this isn't true - people are succesfully sending in CVs everyday, and those messages are turning up in the Public Folder. So Anonymous does have rights to create items in that folder.

There are three ways to investigate and control permissions on a Public Folder in E2K7 -

1. using Powershell
2. you can use Msoft's free and excellent tool, PFDAVAdmin, with simple, workable GUI
3. you can do it all via Outlook if you have owner permission on the folder in the first place

Here's the p.shell you'll need:

To view permission on the PF, use the Get-PublicFolderClientPermission cmdlet.
For instance,
Get-PublicFolderClientPermission "\Jobs\03_Wrangling\28_PythonWrangler" -User Anonymous | format-list

To give Anonymous the ability to create items, use the Add-PublicFolderClientPermission cmdlet.
For instance,
Add-PublicFolderClientPermission "\Jobs\03_Wrangling\28_PythonWrangler" -AccessRights CreateItems -User Anonymous

This will also allow Anonymous to read items, something you don't want, in which case:
Remove-PublicFolderClientPermission "\Jobs\03_Wrangling\28_PythonWrangler"-AccessRights ReadItems -User Anonymous

PFDAVAdmin: - connect to your Public folder store, rightclick on the Folder, choose "Folder Permissions" and check what Anonymous can do. Correct it if needed, then click the handy Commit Changes button. I like this tool as much as I liked that small fluffy wriggly puppy that bounced up to me on Saturday and gave my knee a great big friendly lick.

Outlook: rightclick the folder, choose Properties, then the Permissions tab.

For more information on rights, please see: http://technet.microsoft.com/en-us/library/bb310789.aspx

Note! Applying all of the above did not solve the issue for my user. However, removing him entirely from the list of allowed users on the mail-enabled folder, then adding him again with Publishing Editor permission .. that did fix it.

paint

Paint rocks.

I didn't paint anything for a while, however yesterday I was listening to some music, and it made me think of drawing circles. So I drew a picture that had nothing to do with circles with the oil pastels that R gave me from my birthday.

Yeah, that was OK, but some of them are nice and soft and blend in, but others are really hard, more like a crayon. Then it was time to get on with it, so I hauled out all the painting gear -

• the two old teatowels that I've always had for cleaning brushes from when I was in Sydney,
• the oil paint tubes
• the miniature palette knives i cut out of an old VideoEzy card
• brushes
• linseed oil and clear oil paint/thinner
• a couple of the painting surfaces that I'd gessoed up about a year ago, made of a cut-up Mac G5 packaging box
• newspaper to cover the table
• my turps jar for cleaning brushes mid-work
• the brush cleaning soaps
• a thin stick

Funny isn't it how there's as much cleaning-up stuff as there is painting stuff? Maybe more cleaning-up stuff. I didn't have any special thing for mixing up the paint, that's all right, I usually mix it straight on the canvas anyway and have a big blob of white paint on the side for extra. Nonetheless I wanted a paint-mixing-thing so I covered another big bit of thick cardboard with a strong clear plastic bag that I had lying around (knew it would come in handy, always good to hang on to a good plastic bag) by taping it securely round the back. Then I stuck the white oil paint on there.

Trouble with that white oil paint is that it's cheap stuff that I got for a coupla bucks from a Newtown 2-dollar shop, so whilst the quality of colour is good, it is extremely sticky and thick. Think Colgate stripe toothpaste, instead of what you really want which is more like good-old fashioned Nivea hand cream, the one that comes in the flat blue tin.

So I stuck the toothpaste on the plastic bag surface and mixed it up with some of that clear oil paint stuff, it's made by Bob Ross brand, I got some of his Linseed oil as well, but that's thick like honey therefore too viscous to use as an extender. I used to always use the paint brush to mix the paint with the extender, but I rekkined that's too harsh on the precious brushes (they cost a lot!) so I use my VideoEzy card tool instead.

Got is all mixed up which was nice, then to painting. I'd seen some TOPS persian calligraphy-graffiti that my mate Stefanie form work put me onto, fuck it's good, like a storm of letteroids billowing across a satisfying big canvas. But I also wanted to do it all in blue. Ages ago, I made a shiny small blue painting that Ben really liked, which had this technique where I made repeating brush movements, just in all in plain prussian blue.
So I put down some stripes of different blues, with a coupla white ones in between, then slobbered on some of that extended white, and got into it with the phat brush. Up down up down up down lalalala. Orrite not bad now what.
Got a much thinner brush, and did the same thing all over again, top to bottom, right to left, but had rotated the canvas 90°. So you could see the phat strokes then the thinner ones.
Finally, I used stick to scratch updownupdown all over it again, again after a 90° turn. Ossome! Coz the paint is mushed around this way, you get gradations of colour but at the same time it's all repeating. Here it is:


Very pleased with myself, I did a yellow and orange one too. You don't get to see a pic of that coz all my shots came out blurry.

Then there was all this lovely bluewhite and orangewhite stuff left on my paint-board, so I did a third painting, that's got dots on it. Here's a handful of shots:



The one above is a close up of the bottom edge. I have no idea where it came from, but I rekkin it looks like a city or forest way off on the horizon.

On the right, you can see the whole thing. Sorry about the terrible lighting for the shot, but you can see the circles floating around there, up in the sky.

Which was how this was all supposed to start anyway.

Zen

On the weekend, my friend C's girlfriend, D, got beaten up by her ex-boyfriend. Previously, this fellow had had coffee with D., then ridden off on his bike directly in front of a truck. Another time, he had drinks with her and friends during winter, then left all his ID in the pub, and ran out shouting that he was going to throw himself in the Spree. They searched for hours for him. Unfortunately, in neither case, was he successful in his death-threat. Now she has a restraining order against him. I don't really care about him, I just want her to be safe.

On the weekend, I had dinner with R and T at the Golden Hen. We had a good bottle of red wine, one of those ones where you realise all of a sudden that you are talking a lot, about very interesting things, and it is easy, and somewhat dreamlike. Those bottles are rare.

Oh, gray sky, break apart, show thundertops and slanting blue.

nameless places

I remember asking John Mackin once, what would he like me to get him from London? He replied, A book from an occult bookshop which is on a street which appears on no map. It is near the British Museum.
I went to London, and asked my father. Ah!, he said. I know where that is.

When I was much younger, my father drove me along a street of nameless Georgian terraces, and said, Look at that house. If you ever need an address for a house which does not exist, that is the house you should choose. Even though you can see a house, there is no house there. It was removed so that a train line could be built for the expanding London rail network.

I looked at the house, with front door, windows, roof and front garden.

Accordingly, I have a memory of an address but no memory of the address.

R and T are off to Glasgow today to play for those crazy Glaswegians. R is gonna do a surround sound set. I listened to it last night - mono, then stereo, then four channels of sound! Wow! It made me giggle heaps, as the sound changed in my ears. Those lucky Glaswegians - they are in for a real treat.

It's gone cold again, 7°.

The magpies seem to have taken charge of their nest now.

A navy blue hour

S. asked me to write about spring.

From the windows which look onto the back yard, one can see a very tall poplar tree. It's obviously grown like bingo for the last ten or fifteen years, and now that the crown has overtopped the roofline, the branches thicken and diversify at the top. A pair of european magpies (corvidae pica, or Elster) have a nest that they refurbish each year. Because we are very close to the park-which-used-to-be-a-railway-terminus, there is also a very large murder of crows around these here parts.
The last few mornings, it has been an intra-species drama. The magpies are attempting to rebuild the nest, and some of the crows, in a most desultory fashion, have been attempting to take it over. This means that a crow waits until one magpie has flown off to get a stick, and then goes and sits in the nest with its own stick, picking at the structure. Stick magpie returns, and with its partner they threaten the crow by flying up at it and crying out. The crow remains standing on the nest, or hops to one side a bit.
After a while, about ten minutes, all parties are tired. They sit within a metre of each other, making no sound, and then eventually the crow flies away.

When I unlocked my bike in the backyard this morning, I stood and looked up at the tree. From the ground, the nest is invisible. I breathed in deeply through my nose, and could smell a scent. Whilst the change is invisible, the vines, trees and bushes have begun to exude delicate aromas, and via this cool damp air my heart was refreshed.

My friend Stefanie loves the colour blue, and as we leave work we remark to each other upon the delicate annd immense indigo of the evening sky. It is a sky both radiant and absorbing.

This evening, watching the Spree from Schillingbrücke, I saw a whirlpool form in the water.

it happened

I saw my company's domain name many times today whilst hand pruning some long, long lists. Mixed in there was also the domain name internode.net, a domain name that got eyeballed probably hundreds of thousands of times when I worked there.

Some little thing in my brain changed, I felt it. The current domain became as familiar as internode. It looks different now. Hard to explain.

The Provocative Clue

Today I read "Puzzling Problems in Computer Engineering", published in the February 2009 issue of Computer, the magazine of the IEEE.

Anyway, made me think ... when I was an assistant teacher in Philosophy at Adelaide University, I liked to employ a method which I called "The Provocative Clue". It was based on the Socratic principle that
* there's nothing new under the sun, or
* if I can think of it, so can you

I used this mainly because it's a technique that if employed correctly, really can set off a chain of associations and new pathways in someone's thinking. Usually, it means giving only the very barest minimum of information, in a scenario where the outcome is not crucial, for a situation that has not previously been questioned or rationalised. For instance, which is more morally reprehensible - killing one chicken for dinner, or genetically altering the chicken genome to produce unnaturally large, meaty chicken legs?

In order to answer that question, I would encourage my students to think about who is making the statement, how are they making the statement, and why are they making the statement. This gives a good map of the issue, of course with big gaps.

So, as the teacher, the idea is to show students how to go further with what they have. That's the process of analytical thinking - you can analogise it to a toolbox- If I have a hammer, some nails, planks of wood, a tree, but no saw, how can I build a good treehouse? It's also the basis of lateral thinking as well. I often think that the only difference between lateral and analytical thinking is that lateral thinking uses framing concepts or elements which are not habitually, or customarily, related to the problem at hand.

Back to the provocative clue. Once students are thinking in terms of who, how and why, and have laid out their thinking in this regard, then you have to present the clue. The clue is going to be different for every individual and for every group. It's easy to give lots of physical analogies for the clue - a rope dangling just outside reach where you have to jump to get it, a signpost pointing into the fog, a barely audible tinkling sound which seems to come from that little park over there, a perfume that drifts in the air after a lovely person has a passed you in the street ...
All refer to the horizon of perception, and in cognitive terms, I think this cashes out as a sensation whose range of possible interpretations is maximised, whilst still restricting itself to particular moment or thought.

The best kinds of provocative clues are the ones where both the students and the teacher become intrigued and discover something new. That's dialogue, that's the real deal, that's when it transforms out of a pedagogical relationship into one of equality.

exim II

I guess I should explain that I'm writing these posts so that I can remember better what I'm doing. It's easy to feel stupid at work - my colleague is really gun, and often I don't want to ask him about some detail that he's told me before.

Jaye once told me that she needs to hear something 3 times before she really knows it, and the same is true for me. Colleague is a tell-once kinda fellow, not because he's mean, just that he's really busy with stuff most of the time.

The second thing that I want to work out with exim is how to stick in a filter that catches mails with multiple recipients, and alters one of the recipients.

Usually, if a mail comes in that matches one of the recipients, it will deliver according to your specification. That's cool. But say you have an email with mulitple recipients, one of which is a role-based email address, the others of which are particular people. Well, if the filter instructs to deliver seen alternative_role_based_address@domain.com, then the mail only goes there, and the personal addressees don't get the mail at all.

If you use deliver unseen alternative_role_based_address@domain.com, all the personal addressees will get the mail, but you'll get one email to role_based_address@, and a copy to alternative_role_based_address@.

Given that exim bases itself on delivery routing of /mails/, rather than delivery routing to /recipients/, this makes sense.

I hope to work out the solution soon.

exim I

exim is the mail filter at work. I had a good time this evening trying to get the system_filter to work properly for the customer care guys.

Question that's not fully answered in the documentation:
Is there a difference between $sender_address and $header_sender ?

I think there is, because the filter (using $sender_address) hasn't been catching the emails, which have a different Sender: and From: value. I#ve changed the test line to check for $header_sender - won't make any difference if it's wrong, because the mails haven't been going to right place at the moment anyway.

The documentation on exim's string expansion doesn't go into any detail about which $header_n strings are legal, and which ones aren't. My guess is that legal values are taken from some RFC, but it's not for sure.

Oh yeah, and unlike our shorewall, it doesn't look like there's a way to get exim to check the system_filter file for syntax errors. That's because the file is continually live, so watch out - if you mistype something, mail will stop being delivered. So the only way to see if there /is/ a problem is to tail -f exim_main.log; sudden silence means your system_filter is broken.

not enough sleep

Couldn't get to sleep, thinking about the servers that needed rebooting. So I got up at 02h30 and rebooted one of the fellas. Or is that bastard. Today or tonight there's more - an exchange roll-up that fixes all the problems with the other roll-ups. I'm going in late, coz I'll be there late. I'll take my Go stones in, to play go with our resident Doctor Topologist.

Yesterday, had breakfast with T. Talked about The Infinite Jest, Jorge Luis Borges, Klaus Theweleit, Hannah Arendt. What a well-read couple we are. Remarked upon about Operation Paperclip, MK-Ultra, crypto-fascist occultism, shape-sifting reptilian overlords. Who writes those pages? What do they want from us? Took a cigarette break. Touched upon personal mythologies, creating music or painting or photography. Discussed "No Country for Old Men" (Coen Brothers, 2008), "Man on Wire" (Doco abut Phillipe Petit, 2008), "A Scene at the Sea" (Takeshi Kitano, 1991). Paid, took another cigarette break.

Had dinner with R. Salad and tortellini like delicious little ears. Watched a couple of episodes of "Ashes to Ashes" (BBC, 2008) - the look-back to the sexist atmosphere of the 80s still makes me cringe.

Vocab of day: geiselhaft = taking hostage, die Geisel = the hostage

Rain came in the night and melted the snow, so it'll be slogging it through slush to bike to work today. Let's do it.