Lackhead.org » Computer-schmuter

Confluence, mod_proxy, and SSL (oh my!)

lackhead — Sun, 11 Oct 2009 03:47:24 +0000

Whew! I spent a looooong time today futzing around trying to get Confluence to work with SSL and mod_proxy, and after hours combing the Internet for hope, I did stumble upon a few blog comments here and there, which stitched together provided me with the pretty simple solution I was looking for. Granted, I’m pretty new to both Confluence and Tomcat, so perhaps that hindered me. But I also couldn’t find anything succinct out there that talked about my situation, hence, this posting.

Here’s my situation- I have an Apache server that hosts a number of virtual hosts, including SSL and non-SSL sites. I had recently purchased Confluence to provide wiki services for me, my son, and perhaps a few others. I wanted to tuck Confluence behind Apache, and read up on Confluence’s web site about how to use mod_proxy to get Apache to front-end Confluence. This turned out to be very simple, and in a matter of minutes I had Confluence up and running. For those of you who might be interested in doing this, here is a brief overview of the process:

Add a virtual host to apache, either named or by IP, with the following configuration:

    # This is just passing a proxy to a localhost server
    ProxyRequests Off
    ProxyPreserveHost On

    
         Order deny,allow
         Allow from all
    

    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/

    
        Order allow,deny
        Allow from all

Configure Confluence to only listen on to localhost, which is as easy as adding a line to the Connector stanza in the server.xml file that reads address="127.0.0.1".

Really, that’s it. This way, Tomcat is not listening on any port that the outside world can see, which means only a service running on that box (apache) can talk to it.

This was all fine and dandy, but I really wanted to get this working over HTTPS so that I could rest a bit easier knowing that my information would be traversing the wild and dangerous Internet encrypted (authentication-related information and everything else). So, the rough idea was that my browser would open up an SSL connection with apache over port 443, and it would proxy to Tomcat via localhost, the later of which didn’t need to be encrypted because it was confined to my box and wouldn’t come in contact with the Internet.

Reading up on this turned up a dearth of good information. Or, at least a nice general summary of what to do. Here’s what I wound up doing:

Change your Apache virtual host to use SSL. For me, that meant carving out another virtual network interface on my box and assigning it its own IP address. Once that’s done, you can add Listen directives to get apache to listen on the particular IP:port you are looking for:

Listen xxx.xxx.xxx.xxx:443

Once that’s done, you can add the SSL directives to your VirtualHost. This is what my configuration wound up looking like (I removed superfluous entries like logging, etc.):

 
    ServerAdmin 
    ServerName            

    # SSL Setup
    SSLEngine On
    # Allow out medium or high key lengths
    SSLCipherSuite HIGH:MEDIUM
    # Here I am allowing SSLv3 and TLSv1, I am NOT allowing the old SSLv2.
    SSLProtocol all -SSLv2
    # Server Certificate:
    SSLCertificateFile /path/to/public_cert.pem
    # Server Private Key:
    SSLCertificateKeyFile /path/to/private_key.pem
    # Server Certificate Chain:
    SSLCertificateChainFile /path/to/ca_cert.pem
    # Certificate Authority (CA):
    SSLCACertificateFile /path/to/ca_cert.pem

    # This is just passing a proxy to a localhost server
    ProxyRequests Off
    ProxyPreserveHost On

    
         Order deny,allow
         Allow from all
    

    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/

    
        Order allow,deny
        Allow from all

This really isn’t any big change from before, just SSL-izing it as you would any host.

Now, I also had to make a change to the server.xml that added more options to the Connector stanza. This is what that whole stanza wound up looking like:
```
       
```
The important line is the one with the proxy information. This tells Tomcat to believe that all incoming requests into your server on port 443, even though hopping through the proxy changes that information.

Given what I traipsed up on the Internet, I had various pieces of this and spent a lot of time trying to figure out what was going on when I would hit the URL, it would connect with the server, but nothing would ever come back. Not really rocket science, but without all the pieces it just wasn’t working. Now it is.

-c

Cisco VPN on MacOSX: Error 51: Unable to communicate with the VPN subsystem

lackhead — Mon, 28 Sep 2009 21:20:23 +0000

This is more of a note for myself, and for the net as the error that I keep running into is not documented all that well online. Well, at least, when I search for Error 51: Unable to communicate with the VPN subsystem most of the links that I come across say just restart the VPN subsystem and life returns. This does not fix the problem I get with this error, which comes usually after a OS update.

The fix for me is to completely uninstall the Cisco VPN application, which is actually a command-line activity. All you have to do is run /usr/local/bin/vpn_uninstall as root (sudo). This does the full uninstall, and then you can re-install the application and life should return. If you just update the software in place, the error does not go away.

So there, at least I know I can find out what to do next time I have to jump through this hoop.

-c

Hotmail must die, take #2

lackhead — Wed, 24 Jun 2009 08:01:26 +0000

Hey blogosphere-

Just a quick update to an old article on Why Hotmail Must Die- today our mail servers at work got hit with the lovely Hammer ‘o Hotmail and all email from our domain to any Microsoft email server (hotmail.com, msn.com, MS Live, etc) is now being rejected. Not that it is exactly the same as the predicament I found myself in last year, but similar enough that I decided to play around and implement DKIM at home to see if that made any difference in deliverability from my domain to Hotmail. All testing was done with SPF records in place, FYI. Here are the results:

No DKIM, no rewriting of headers
Result: email sent from my domain to hotmail.com addresses would just disappear…or if you were lucky would wind up in the Junk folder.
DKIM, no rewriting of headers
Result: email sent from my domain to hotmail.com addresses would just disappear…or if you were lucky would wind up in the Junk folder.
DKIM/No DKIM, but postfix configured to nuke any User-Agent: header and to set the X-Mailer: header to read Microsoft Office Outlook 11

Result: email sent from my domain to hotmail.com addresses would arrive just fine.

So, what’s the conclusion my fine friends? Well, industry-standard anti-spam measures like SPF or DKIM seem to have no affect on mail delivery to hotmail.com address. However, telling Microsoft that I’m using their product seems to do the trick. Is there any doubt left that Microsoft’s main business model is bullying?

Somehow, I don’t think this is going to do the trick at work, but hey, it is at least worth a shot. If anything interesting pops up I’ll let y’all know.

-c

My God….it…is…ALIVE!!!!!

lackhead — Sun, 18 Jan 2009 03:14:24 +0000

Wow. Today I put a CD-Rom in my linux box, fired up QEMU running a Windows VM, within that fired up the VMWare Infrastructure Client to connect to a VM farm, started up a virtual machine and connect its virtual CD-Rom back through the VM connection, through QEMU, to my local disk, and using that, installed Ubuntu. Surprisingly enough, it went pretty quickly and easily, despite my initial incredulity that it would work at all.

-c

Once more unto the breach, dear friends

lackhead — Tue, 04 Nov 2008 16:23:00 +0000

Once more unto the breach, dear friends, once more,
Or close the wall up with our English dead!
In peace there’s nothing so becomes a man
As modest stillness and humility;
But when the blast of war blows in our ears,
Then imitate the action of the tiger:
Stiffen the sinews, summon up the blood.
…show us here
The mettle of your pasture; let us swear
That you are worth your breeding; which I doubt not.

– Shakespeare, from Henry V

Well, Mr. Obama, you have my vote. Use it well. May you ride this groundswell and help tip our country, poised so precariously, towards a better future.

-c

ps- I had an interesting moment this morning while voting. When I was done I asked to speak to the head electiony-dude at my voting place so that I could complain about the Deibold machines being used (yay for Utah). As soon as I started speaking he rolled his eyes and said, “You and me both, my friend.” We had a short, but heartwarming conversation about our fears, not of a computerized election, but of a poorly and secretly computerized election. Please, dear readers, remind me to get involved in local elections, not for running for office, but running elections. This good man I met this morning could use some help in doing the right thing.

Hotmail must die

lackhead — Thu, 17 Apr 2008 01:20:58 +0000

Hello blogosphere!

Today’s adventures in How-The-World-Sucks is brought to you by Microsoft, the evil-doers of the computer world. The latest example of how corporate greed is destroying America came across my plate after a few friends, who use Hotmail for their email provider, mentioned that they were not receiving email from me. Given that this was multiple people, I figured that there might be something wrong with my email setup. I just so happen to have a Hotmail account (that I never use) and I used that for my testing. Once I started poking around, here’s the evidence that I gathered:

Email sent from my personal domain would not be delivered to hotmail.com email addresses. However, I could reply to email messages that originated from hotmail.com, just not send new email to Hotmail.
Email sent from my work (a domain I help administer) to hotmail.com email addresses would go through, but it would take upwards of 3 hours for email to come through, and they would appear in my Junk folder, marked as spam.
Email sent from my Gmail account would go through immediately.
Email sent from several domains run by friends of mine would either never get delivered, or would take ages and ages and then finally appear in my Junk folder.

Weird. According to my mail server logs, and those at work, the email messages destined for hotmail.com addresses were delivered to Hotmail’s servers without any errors, and according to the SMTP protocol Hotmail is then required to either deliver the email, or bounce it back (neither was happening). Now, in today’s spam-filled world this is not always the case, so I was going to give Hotmail the benefit of the doubt for now, and try to figure out what was going wrong. I started poking around on the net, and found zillions of references to people that were having awful problems with mail delivery to Hotmail. Some mentioned issues with Microsoft’s implementation of SPF SPF, so I removed my entries from DNS, with no change in functionality (yes, I waited for DNS caching to time out). Some mentioned spam filtering issues on Hotmail’s end, the only solution to which seems to be paying a 3rd-party corporation $1400 and up, per year, to be whitelisted by Hotmail. Uh, no thanks.

Then, I stumbled across a grammatically awkward but information-rich post by an administrator who ran into similar problems. His post made me try a few things:

I sent email from work to my hotmail.com address using Outlook and it went through immediately.
I then configured Thunderbird, my email reading program, to set the User-Agent header to read “Microsoft Office Outlook 11″, and sent email from work to my Hotmail account, and this went through immediately. However, email sent from home with this trick did not work- email would still not be delivered.
I then configured Postfix, which I use as my email server, to remove any User-Agent header, as well as inserting X-Mailer: Microsoft Office Outlook 11 as a header (which is what Outlook does). This seemed to be the magic fix, as email sent from my personal domain would now go through immediately.

Wow. In my professional opinion, this clearly says that Microsoft is going way out of its way to make people using open source software suffer when dealing with people that use Hotmail. Just another way in which Microsoft is trying to eliminate competition for its market, not by innovating and producing good products, but by using their market share to fight dirty. Who suffers from this? We do. The people out there on the streets. Corporate greed at its finest.

The net result? Well, I strongly encourage everybody out there that has a Hotmail account to immediately switch to another provider. Gmail and FastMail, among others, would be good choices. In the meantime, I will keep my domain configured to fool Hotmail into thinking I’m a nice little Microsoft drone, using its crappy products, so that I can send email to my friends. That is, until they all switch to a better email provider.

-c

ps- For those of you out there using Postfix, here are the lines I added to my header_checks file to remove the User-Agent header and add in the Outlook header:

/^User-Agent:/ IGNORE
/^To:.*hotmail.com/ PREPEND X-Mailer: Microsoft Office Outlook 11

Outgoing traffic with IP aliasing

lackhead — Sat, 02 Feb 2008 22:59:42 +0000

I recently ran into an issue that, while it had a simple solution, stumped me for a while. I don’t know if said stumpitude came from my waning mental faculties or what. In any case, it took me longer than expected to track down the answer, and since there weren’t too many pages that I found out on the net that addressed this, I thought I’d at least get this down somewhere.

The issue came up on my main application server, which runs my web server, email server, and is a DNS master for one of my domains. I recently set up a virtual web server under apache, and since it was doing SSL I needed it to run using its own IP address so that I could use an IP-address based virtual server configuration. Since the machine is running Ubuntu 7.04 (a Debian variant), the ethernet interfaces are set up in /etc/network/interfaces. Here is what that file looked like before adding the alias:

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
auto eth0
iface eth0 inet static
address 10.0.0.25
netmask 255.255.255.0
network 10.0.0.0
broadcast 10.0.0.255
gateway 10.0.0.1

Easy enough to add an alias; I just copied/pasted in another stanza, identical to the eth0 stanza only with the alias set up so that it was set up as eth0:0:



# The secondary network interface

auto eth0:0

iface eth0:0 inet static

        address 10.0.0.50

        netmask 255.255.255.0

        network 10.0.0.0

        broadcast 10.0.0.255

        gateway 10.0.0.1

A quick ifup eth0:0 and now I was up and running with my one ethernet interface answering to two IP addresses, one which was my original/main IP addr (10.0.0.25) and a new one that I could use for my new virtual web server (10.0.0.50).

But I ran into a snag- I found out later that my DNS updates were no longer being pushed out to my secondary servers. Why? Well, being a good administrator I set up bind on my secondary DNS servers to only accept zone updates from the master server, via a stanza like this in named.conf:



// be secondary for lackhead.org

zone “foobar.com” in  {

       type slave;

       notify no;

       file “db.foobar.com”;

       masters { 10.0.0.25; };

};

Looking at the named logs, I saw that the zone updates being pushed out by my master name server were coming from 10.0.0.50, the new IP alias I had just set up. In face, looking at the box, I saw that all outgoing traffic that originated from my server box was coming from this new IP alias I had set up, instead of what I thought of as the primary interface, eth0.

After a bit of digging, I found my error. If you notice up above when I created eth0:0 in the /etc/network/interfaces file, I just copied/pasted the stanza, and then just updated the IP address, and changed the interface name from eth0 to eth0:0. One effect of this was that the IP alias also had a line that specified the gateway. The result of this was that when Ubuntu was bringing up the interfaces, it essentially did a ip route add default gw …. command, which meant that a default route was added to the routing table for each interface. This is what my routing table looked like:



(508) root@myhost:/var/log:# netstat -nr

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

10.0.0.0        0.0.0.0         255.255.255.0   U         0 0          0 eth0

0.0.0.0         10.0.0.1     0.0.0.0         UG        0 0          0 eth0

0.0.0.0         10.0.0.1     0.0.0.0         UG        0 0          0 eth0

(509) root@myhost:/var/log:#

Note the duplicate entry for 0.0.0.0. This, I think, is where I got confused and/or misled, because netstat doesn’t seem to report sub interfaces, so while I say that I had two default routes, they both pointed to eth0, not eth0:0, and so in my mind I read this as all traffic should be going out eth0. Honestly, I consider this a bug, and perhaps I’ll submit one to Ubuntu for it.

In any case, I did eventually figure out what was going on, and removed the gateway line from the eth0:0 stanza, did a quick ifdown eth0:0 ; ifup eth0:0 and viola, not only did the duplicate entry in the routing table not show up, but I got the behavior I had expected; all outgoing traffic from my box now originated from eth0, but any traffic coming into the IP address bound to eth0:0 was responded to out of eth0:0.

Yay! Lesson to be learned- be wary of perils of cut and paste.

-c

Worse is better

lackhead — Sat, 30 Jun 2007 00:25:41 +0000

I was recently sent a reference to an essay, written in 1991 by Richard P. Gabriel about the development of the Common Lisp standard. The article is called Lisp: Good News, Bad News, and How to Win Big, and while it is interesting in its own right (to those of us interested in the Lisp and Scheme programming languages), what truly stands out about this article is the section called “Worse Is Better”. Although he is talking about Lisp versus C, etc, what he touches upon I believe pervades all of academia, especially engineering. Engineering, and those with engineering brains, suffer from this dichotomy because they live in a world that splits the difference between theory and implementation. These two paradigms have similar goals but wind up working in opposition more often than not. Why? Well, that is the mystery that is probed in this article.

I have to say that this is something I have known for a long time, I just never articulated it as well as it is here. And while I do understand why worse is better, and why UNIX and C are viruses, I still remain a steadfast MIT guy, I suppose. The real rub, I think, is that the MIT approach leads to a slightly different end/perspective as Gabriel gives here. Mainly, the difference is that the negatives of the MIT approach (long development time, complexity of design/implementation, etc) are all mitigated if you have high standards for your designers and engineers of the project, which is why people at MIT are drawn to it! It is easy to be idealistic if you can produce like all get out. But then you run into conflict when you break out of Cambridge and start swimming in waters beyond the Charles; the real world is not made up of people that can hang at MIT, and hence, the real world is governed more by the worse-is-better approach. So, your idealism hits a rock wall of reality, and if it survives, it hardens and becomes more important to you than before, which is a road leading to isolation, bitterness about the world, and being labeled an iconoclast (or likely, other, more profane terms).

So how do you deal with this? Do you let your idealism whiter a bit? How do you loosen your grasp without losing it altogether? How do you stay sharp if you become less demanding, not only on the world around you but on yourself? This has plagued me these last few years, especially at work, and I don’t have a good answer yet. I think the trick, if there is one, is kinda like riding a mountain bike down a very loose and rocky trail (something I’ve been doing a lot lately, so its been on my mind). The trick there is to not over-grip or use the brakes all that much, let the bike just kinda run under you through all the choss, keeping your body floating above it all, ready at any moment to correct things if they start to get too out of hand. In other words, relax, let things ride on their own and don’t get caught up in the mess, but stay vigilant. Don’t worry so much about the specific path you’re taking, but that you’re getting to where you want to go.

God, I could go off on another useless ramble about yoga too….is it the sign of the declining mind that whatever you happen to experience in life all seem to click together in some deep meaning? Or is it just an over-developed sense of metaphor? Perhaps it means that I’m as crazy as I’ve always been.

Hmmmm, I am now caught up in a good deal of reflection, and who knows, maybe an old fart like me can grow a little.

Now, on to it.

-c

Lisp’s Apparent Failures

Too many teardrops for one heart to be crying.
Too many teardrops for one heart to carry on.
You’re way on top now, since you left me,
Always laughing, way down at me.

— ? & The Mysterians

This happy story, though, has a sad interlude, an interlude that might be attributed to the failure of artificial intelligence (AI) to soar, but which probably has some other grains of truth that we must heed. The key problem with Lisp today stems from the tension between two opposing software philosophies. The two philosophies are called The Right Thing and Worse is Better.

The Rise of Worse is Better

I and just about every designer of Common Lisp and the Common Lisp Object Standard (CLOS) has had extreme exposure to the MIT/Stanford style of design. The essence of this style can be captured by the phrase the right thing. To such a designer it is important to get all of the following characteristics right:

Simplicity

the design must be simple, both in implementation and interface. It is more important for the interface to be simple than the implementation.

Correctness

the design must be correct in all observable aspects. Incorrectness is simply not allowed.

Consistency

the design must not be inconsistent. A design is allowed to be slightly less simple and less complete to avoid inconsistency. Consistency is as important as correctness.

Completeness

the design must cover as many important situations as is practical. All reasonably expected cases must be covered. Simplicity is not allowed to overly reduce completeness.

I believe most people would agree that these are good characteristics. I will call the use of this philosophy of design the MIT approach Common Lisp (with CLOS) and Scheme represent the MIT approach to design and implementation.

The worse-is-better philosophy is only slightly different:

Simplicity

the design must be simple, both in implementation and interface. It is more important for the implementation to be simple than the interface. Simplicity is the most important consideration in a design.

Correctness

the design must be correct in all observable aspects. It is slightly better to be simple than correct.

Consistency

the design must not be overly inconsistent. Consistency can be sacrificed for simplicity in some cases, but it is better to drop those parts of the design that deal with less common circumstances than to introduce either implementational complexity or inconsistency.

Completeness

the design must cover as many important situations as is practical. All reasonably expected cases should be covered. Completeness can be sacrificed in favor of any other quality. In fact, completeness must sacrificed whenever implementation simplicity is jeopardized. Consistency can be sacrificed to achieve completeness if simplicity is retained; especially worthless is consistency of interface.

Early Unix and C are examples of the use of this school of design, and I will call the use of this design strategy the New Jersey approach I have intentionally caricatured the worse-is-better philosophy to convince you that it is obviously a bad philosophy and that the New Jersey approach is a bad approach.

However, I believe that worse-is-better, even in its strawman form, has better survival characteristics than the-right-thing, and that the New Jersey approach when used for software is a better approach than the MIT approach.

Let me start out by retelling a story that shows that the MIT/New-Jersey distinction is valid and that proponents of each philosophy actually believe their philosophy is better.

Two famous people, one from MIT and another from Berkeley (but working on Unix) once met to discuss operating system issues. The person from MIT was knowledgeable about ITS (the MIT AI Lab operating system) and had been reading the Unix sources. He was interested in how Unix solved the PC loser-ing problem. The PC loser-ing problem occurs when a user program invokes a system routine to perform a lengthy operation that might have significant state, such as IO buffers. If an interrupt occurs during the operation, the state of the user program must be saved. Because the invocation of the system routine is usually a single instruction, the PC of the user program does not adequately capture the state of the process. The system routine must either back out or press forward. The right thing is to back out and restore the user program PC to the instruction that invoked the system routine so that resumption of the user program after the interrupt, for example, re-enters the system routine. It is called PC loser-ing because the PC is being coerced into loser mode, where loser is the affectionate name for user at MIT.

The MIT guy did not see any code that handled this case and asked the New Jersey guy how the problem was handled. The New Jersey guy said that the Unix folks were aware of the problem, but the solution was for the system routine to always finish, but sometimes an error code would be returned that signaled that the system routine had failed to complete its action. A correct user program, then, had to check the error code to determine whether to simply try the system routine again. The MIT guy did not like this solution because it was not the right thing.

The New Jersey guy said that the Unix solution was right because the design philosophy of Unix was simplicity and that the right thing was too complex. Besides, programmers could easily insert this extra test and loop. The MIT guy pointed out that the implementation was simple but the interface to the functionality was complex. The New Jersey guy said that the right tradeoff has been selected in Unix — namely, implementation simplicity was more important than interface simplicity.

The MIT guy then muttered that sometimes it takes a tough man to make a tender chicken, but the New Jersey guy didn’t understand (I’m not sure I do either).

Now I want to argue that worse-is-better is better. C is a programming language designed for writing Unix, and it was designed using the New Jersey approach. C is therefore a language for which it is easy to write a decent compiler, and it requires the programmer to write text that is easy for the compiler to interpret. Some have called C a fancy assembly language. Both early Unix and C compilers had simple structures, are easy to port, require few machine resources to run, and provide about 50%-80% of what you want from an operating system and programming language.

Half the computers that exist at any point are worse than median (smaller or slower). Unix and C work fine on them. The worse-is-better philosophy means that implementation simplicity has highest priority, which means Unix and C are easy to port on such machines. Therefore, one expects that if the 50% functionality Unix and C support is satisfactory, they will start to appear everywhere. And they have, haven’t they?

Unix and C are the ultimate computer viruses.

A further benefit of the worse-is-better philosophy is that the programmer is conditioned to sacrifice some safety, convenience, and hassle to get good performance and modest resource use. Programs written using the New Jersey approach will work well both in small machines and large ones, and the code will be portable because it is written on top of a virus.

It is important to remember that the initial virus has to be basically good. If so, the viral spread is assured as long as it is portable. Once the virus has spread, there will be pressure to improve it, possibly by increasing its functionality closer to 90%, but users have already been conditioned to accept worse than the right thing. Therefore, the worse-is-better software first will gain acceptance, second will condition its users to expect less, and third will be improved to a point that is almost the right thing. In concrete terms, even though Lisp compilers in 1987 were about as good as C compilers, there are many more compiler experts who want to make C compilers better than want to make Lisp compilers better.

The good news is that in 1995 we will have a good operating system and programming language; the bad news is that they will be Unix and C++.

There is a final benefit to worse-is-better. Because a New Jersey language and system are not really powerful enough to build complex monolithic software, large systems must be designed to reuse components. Therefore, a tradition of integration springs up.

How does the right thing stack up? There are two basic scenarios: the big complex system scenario and the diamond-like jewel scenario.

The big complex system scenario goes like this:

First, the right thing needs to be designed. Then its implementation needs to be designed. Finally it is implemented. Because it is the right thing, it has nearly 100% of desired functionality, and implementation simplicity was never a concern so it takes a long time to implement. It is large and complex. It requires complex tools to use properly. The last 20% takes 80% of the effort, and so the right thing takes a long time to get out, and it only runs satisfactorily on the most sophisticated hardware.

The diamond-like jewel scenario goes like this:

The right thing takes forever to design, but it is quite small at every point along the way. To implement it to run fast is either impossible or beyond the capabilities of most implementors.

The two scenarios correspond to Common Lisp and Scheme.

The first scenario is also the scenario for classic artificial intelligence software.

The right thing is frequently a monolithic piece of software, but for no reason other than that the right thing is often designed monolithically. That is, this characteristic is a happenstance.

The lesson to be learned from this is that it is often undesirable to go for the right thing first. It is better to get half of the right thing available so that it spreads like a virus. Once people are hooked on it, take the time to improve it to 90% of the right thing.

A wrong lesson is to take the parable literally and to conclude that C is the right vehicle for AI software. The 50% solution has to be basically right, and in this case it isn’t.

But, one can conclude only that the Lisp community needs to seriously rethink its position on Lisp design.

Old climbing, self massage and number representation pages back online

lackhead — Wed, 23 May 2007 20:23:35 +0000

Hello there crimestoppers!

Chad here. Just wanted to let everybody know that I’ve copied over some of my old web pages to my new site so that these bad boys are back online. I use the climbing pages myself, as these are fantastic articles that are always good for a re-acquaintance. And the numbers page I still get email about, even though I wrote them some 947 years ago when I was teaching at Computer Science Department at Indiana University. Anyway, here they are in all their glory. Enjoy!

Jamming: the inside scoop on hands to fingers jamming from Steph Davis.
Self Massage: a routine for self-massage of the forearms, that helps prevent tendonitis and other over-use injuries
Number Representations: a tutorial I wrote on working with numbers in other bases, i.e. binary, hexadecimal, etc.

-c

Create your own South Park character

lackhead — Wed, 16 May 2007 22:55:00 +0000

This is the South Park character that I just created using South Park Studio, and online flash tool that, well, allows you to create your own South Park dudes. I call him “Monsieur Malheureaux” and he’s hiding out in Osama Bin-Laden’s cave. Kids love him!

I came across this via a movie on YouTube that used this to create a neat spoof of the venerable Mac vs. PC ads (the “where’st he beef?” of today’s generation, I guess). Check it out for yourself:

-c