Configuring OpenLDAP, or what the @#$% !!!

OpenLDAP 2.3 (released in 2005) introduced a new way for configuring the slapd daemon. The traditional method was a configuration file (/etc/ldap/slapd.conf on Debian) that could simply be edited with a text editor. The new way follows the Eat your own dog food maxim: The configuration is stored in a set of LDIF files (stored under /etc/ldap/slapd.d in Debian) which cannot be edited directly with a text editor. Instead, all changes must be done via LDAP operations. Funny enough: In order to configure the daemon, the daemon must already be running.

slapd-config, as the new configuration method is called, may be a technically cool feature, but from a casual sysadmin's point of view it is nothing but a major pain in the butt! So you want to quickly change slapd's log level to diagnose some authentication problem? OK, first check the documentation to see where the log level option is located in the configuration schema, and how its attribute is called. Then query the running daemon to look at the current value(s). Then write an .ldif file that contains the change. Then issue a complicated ldapmodify command that requires more cryptic options than tar and cpio combined. Of course the .ldif file contains an error, so diagnose & repeat. After maybe 20 minutes the job is done. Phew, only 20 minutes to change the daemon log level, I am such an LDAP wizard!

Actually when I did this just now it took me more like an hour because I am so not used to the procedure (another explanation might be that I'm just stupid, but hey, I think that's not it). Since I don't want to repeat the experience, I have started to write up some recipes on my wiki. Here's the link in case you are interested.

Damon Lindelof getting close to the brink

A long time ago I decided that I would never ever watch another movie directed by Roland Emmerich. Not every movie on my menu must be super quality, plain good entertainment is usually OK, and sometimes I even enjoy to see trash films. But I always felt insulted by the stuff made by Emmerich because he seems to assume that the viewers of his movies (e.g. me) are dumbasses that are happy to see explosions, and never mind the story. So these days Emmerich movies are a no-go for me.

A few days ago I saw Star Trek Into Darkness. After maybe half the movie had passed, I felt how I got angrier and angrier at all the stupid mistakes in the story, until in the end I had to say: What a dumb movie! Then I happened to see the writing credits, and everything became clear: Damon Lindelof has done it again. As a writer this guy just seems to be abysmal, and now he is getting reeeeally close to the brink of my Emmerich hole...

Resuming apps on login vs. the quarantine flag

This is the workflow Apple envisioned when they introduced the annoying quarantine flag back in the days of Mac OS X 10.4:

  1. User A downloads an archive (.dmg, .tar.gz, etc.) from the Internet. The system applies the quarantine flag to the archive file.
  2. User A extracts an application from the archive and places it into /Applications. The system infects the app bundle passes the quarantine flag on to the app bundle.
  3. User A launches the application. The system warns about the unsafe origin of the app.
  4. User A confirms that the app is safe to use. The system clears the quarantine flag. Problem solved.

Unfortunately, my workflow is slightly different: Click the "Read more" link to see what the problem is.

Git and the Swiss army knife myth

I just came across yet another article that touts Git as "a version control Swiss army knife". The comparison annoys me! I was born and bred in Switzerland, and I know from first-hand experience that a real Swiss army knife is small, handy and has only a few tools. In short, this: A real Swiss army knife

Git, on the other hand, is more like this:

A Swiss army knife abomination.

(I do like Git, but please don't compare it to a Swiss army knife).

A waste of time?

A few minutes ago I stumbled across this page. After a moment of stunned silence (incredulous thought: "can this really be true?") I suffered one of those true laughing fits that leave you weak and helpless :-)

On second thought, I now wonder: What's the point? Why do they do this? Here are my ruminations...

The Power of Google

Today I experienced a powerful demonstration of the influence that Google has over their user's look on the world.