Dijon is, of course, famous above all for its mustard and I couldn't resist buying a couple of different flavours to cook with when I get back home.
Thursday, August 30, 2007
Sunday, August 19, 2007
Dijon Palais des Ducs
Dijon proved to be a very pleasant city to visit - in fact the highlight of our trip so far. In contrast to Beaune (which we visited later in the day) which has become highly commercialised and almost entirely ruined with retails chains allowed to replace the fine old shop-fronts with the aluminium and glass affairs they prefer to show off their wares, Dijon has become a far more pleasant place than I remember from my last visit (about 18 years ago!) with pedestrianised streets, a healthy food market in Les Halles, excellent shopping and a good range of restaurants.
Relaxed
Pasteur - in Arbois
A statue in Arbois celebrates Louis Pasteur. Best known for his work with micro-organisms and the pasteurisation process that bears his name, Pasteur also discovered the secret of producing consistently good wine. Before his research, batches of wine would almost randomly turn out sour (ggod enough for vinegar, at best). He discovered that good wine relies on use of the proper yeast during fermentation - and then, heat treatment (the pasteurisation process again) to kill off that yeast to prevent the wine from souring in the bottle.
You could argue that he lay the foundation for the prosperity of every wine maker since. And, as a town reliant on the wine industry for its very obvious prosperity, who better for the good burgers of Arbois to celebrat in their town square?
You could argue that he lay the foundation for the prosperity of every wine maker since. And, as a town reliant on the wine industry for its very obvious prosperity, who better for the good burgers of Arbois to celebrat in their town square?
Arbois
Leaving Strasbourg, we headed down the autoroute toward Mulhouse then to Besancon where we turned off the motorway onto cross-country N-roads. Besancon looked very interesting as we passed through (sadly having no time to stop) with a fort on the edge of the escarpment above the town and pleasant gardens and roads in the town itself.
The road south from Besancon - the RN73 - proved to be a great driving road with a succession of fast swoops and sweeping bends accompanied by truly stunning scenery - definitely a road to bank for a future car rally - just watch out for "les flics" if you decide to drive it at any speed!
The road heads over the western edge of the Jura mountains and through the Jura wine region. By chance (it was lunch time) we stopped in the town of Arbois which proved to be very pretty. We spent so much time walking around that we missed lunch completely and had to resort to buying bread and pastries from one of the boulangeries - not a bad turn of events as it happens as they were delicious.
The road south from Besancon - the RN73 - proved to be a great driving road with a succession of fast swoops and sweeping bends accompanied by truly stunning scenery - definitely a road to bank for a future car rally - just watch out for "les flics" if you decide to drive it at any speed!
The road heads over the western edge of the Jura mountains and through the Jura wine region. By chance (it was lunch time) we stopped in the town of Arbois which proved to be very pretty. We spent so much time walking around that we missed lunch completely and had to resort to buying bread and pastries from one of the boulangeries - not a bad turn of events as it happens as they were delicious.
Thursday, August 09, 2007
Strasbourg - la Petite France
August 3rd, 2007: Our ultimate destination for the first week of this trip is Burgundy - about 450 miles from Amsterdam. Deciding to drive through Germany (and a fine decision it was too - the opportunity to show a pair of Porsches a clean pair of heels during one 160MPH blast along an unrestricted autobahn providing all the justification I need) we turned off the autobahn at Koblenz to drive down the Rhine Gorge.
Short on time (thanks DFDS again) we had no time to stop at any of the castles or even any of the towns proper but it proved an enjoyable enough break from the pell-mell pace of the motorways.
Arriving in Strasbourg, finding our hotel - in the Petite France old part of town - proved too difficult for us, our GPS and even the locals we asked, all of whom expressed their dismay and told us what we had already discovered - the pedestrianisation of the area has blocked all the roads you would normally choose to take to get to the hotel which we could clearly see.
Eventually, I gave up and walked through the streets to the hotel and asked the bell-hop. The answer it seems is that everybody's GPS maps are wrong - you don't ask for the hotel's published address, you ask for a square somewhere else in town then ignored the warning signs and drive down a canal embankment - et voila!
How very Gallic that it's not the hotel's directions to guests that is wrong but everyone else's GPS maps!
Ho hum ... Strasbourg itself is a delight - and la Petite France in particular. We enjoyed a romantic stroll along l'Ill (that's an L, an apostrophe, an I and two more Ls) and ate in a pretty restaurant on its banks overlooking the light show played out on the old buildings.
Short on time (thanks DFDS again) we had no time to stop at any of the castles or even any of the towns proper but it proved an enjoyable enough break from the pell-mell pace of the motorways.
Arriving in Strasbourg, finding our hotel - in the Petite France old part of town - proved too difficult for us, our GPS and even the locals we asked, all of whom expressed their dismay and told us what we had already discovered - the pedestrianisation of the area has blocked all the roads you would normally choose to take to get to the hotel which we could clearly see.
Eventually, I gave up and walked through the streets to the hotel and asked the bell-hop. The answer it seems is that everybody's GPS maps are wrong - you don't ask for the hotel's published address, you ask for a square somewhere else in town then ignored the warning signs and drive down a canal embankment - et voila!
How very Gallic that it's not the hotel's directions to guests that is wrong but everyone else's GPS maps!
Ho hum ... Strasbourg itself is a delight - and la Petite France in particular. We enjoyed a romantic stroll along l'Ill (that's an L, an apostrophe, an I and two more Ls) and ate in a pretty restaurant on its banks overlooking the light show played out on the old buildings.
Leaving the Tyne
August 2nd, 2007 - the first time I've sailed out of the Tyne. On our way to France for our summer holidays, we decided to take the Newcastle to Amsterdam crossing instead of my more usual Hull-Rotterdam. It was certainly convenient driving just a few miles to Newcastle to get on board - and, let's face it, start the holiday.
On board, the staff were friendly and efficient but, though DFDS had obviously spent money tarting her up, the old ship showed her age by being so noisy (in fact, our cabin vibrated with noise) that sleep proved difficult thereby negating the whole point of taking an overnight ferry service. Arrival in Amsterdam was met by very slow unloading and border controls - added to the later than normal arrival (9:30am) this meant we weren't on the road until 10:30 - losing over two hours against a Rotterdam arrival.
I'm looking forward to sailing back into the Tyne when we return - but not the boat. Future crossings will surely be courtesy of P&O from Hull.
On board, the staff were friendly and efficient but, though DFDS had obviously spent money tarting her up, the old ship showed her age by being so noisy (in fact, our cabin vibrated with noise) that sleep proved difficult thereby negating the whole point of taking an overnight ferry service. Arrival in Amsterdam was met by very slow unloading and border controls - added to the later than normal arrival (9:30am) this meant we weren't on the road until 10:30 - losing over two hours against a Rotterdam arrival.
I'm looking forward to sailing back into the Tyne when we return - but not the boat. Future crossings will surely be courtesy of P&O from Hull.
Sunday, July 22, 2007
Fame at last
One of my photos of the White House taken last summer has been chosen by Schmap to illustrate its on-line guide to Washington DC. Schmap looks like an interesting publishing exercise - an admittedly quick look suggests that most if not all of its material is user contributed or taken from "free" sources on the 'net - eg; maps from yahoo, pictures from Flickr (though the authors do take the time to ask permission from photographers who usually deny commercial use fo their photos - like me).
Schmap is an interesting example of a 'mash-up' - a web site created by combining feeds (ie, bits of) taken from other web sites and resources in the hope of making something greater than the sum of its parts.
I only get a few seconds of fame so wait for my name and piccie to appear in the Schmap widget here or look at the photo they used on Flickr here.
Schmap is an interesting example of a 'mash-up' - a web site created by combining feeds (ie, bits of) taken from other web sites and resources in the hope of making something greater than the sum of its parts.
I only get a few seconds of fame so wait for my name and piccie to appear in the Schmap widget here or look at the photo they used on Flickr here.
Saturday, June 30, 2007
5-4-3-2-1
To Beaulieu for the UK Maserati Club "Spring Event" - now named after the sadly missed former club president, Cameron Millar.
One intriguing part of the weekend was the appearance of examples of all five types of Quattroporte, including the ultra-rare Series II with the V6 and Citroen hydraulics that was painstakingly tracked down and is now lovingly owned by Edwin Faulkner.
Yes, that's me next to the blue QPIV
One intriguing part of the weekend was the appearance of examples of all five types of Quattroporte, including the ultra-rare Series II with the V6 and Citroen hydraulics that was painstakingly tracked down and is now lovingly owned by Edwin Faulkner.
Yes, that's me next to the blue QPIV
Sir Stirling Moss
Got the opportunity at GPLive to interview Sir Stirling Moss on his experiences in various Maseratis over the years - synopsis: he loved the 250F, hated the 450S (in all forms) and greatly enjoyed driving alongside Fangio.
Full interview will appear on the MRC site in due course
Full interview will appear on the MRC site in due course
Saturday, May 12, 2007
Fresh fish
In most of Europe and the U.S. when we say "fresh" we mean food that was caught/picked/plucked some weeks ago and then preserved by freezing or removing all the fluids for transport to our far away homes.
Even though I've seen it many times before, it still comes as a surprise to see what the Chinese shopper defines as fresh food.
In this fishing village on Lantau island, the morning's catch is sorted into plastic bowls and kept alive by pumping air through the water (you can see the plastic pipes feeding the air in the photo but not the electric pump and attached car battery under the trolley).
To the locals, "fresh" means still alive when bought.
Even though I've seen it many times before, it still comes as a surprise to see what the Chinese shopper defines as fresh food.
In this fishing village on Lantau island, the morning's catch is sorted into plastic bowls and kept alive by pumping air through the water (you can see the plastic pipes feeding the air in the photo but not the electric pump and attached car battery under the trolley).
To the locals, "fresh" means still alive when bought.
Fresh meat anyone?
In more recent visits to Hong Kong (it was a regular stop-over for me during the 1980s) I've struggled to find any of the old flavour of the place. Wander through the glitzy shopping malls on the island or Kowloon and you could be in almost any developed city on the planet, surrounded as you are by shop after shop selling over-priced designer goods in an effort to pay the naturally exorbitantly high rent.
Heck, even Mong Kok - once home to professionals (photographers who came for the specialist camera shops and hookers who worked the brothels that lined the narrow streets) is now the location for 5-star hotels, computer supermarkets and Starbucks.
So a trip into the New Territories was taken. It's years since I was last in this hinterland of Hong Kong's administrative region and, to be honest, had never really understood why the British Government had felt so compelled to hand the whole of Hong Kong back when the lease on part of the territory ran out. Until I saw what had become of the area I remembered as sleepy villages and gentle farm land.
The whole area is a sea of high-rise apartment blocks with fast train access into Kowloon. All became clear - the "independent" territory that would have remained would have consisted of millions of people with nowhere to work and no way to feed themselves.
Anyway - tucked away in one of the newly developed streets was this "traditional" street market. Traditional, not in the sense of having been there since the Tang dynasty (the street itself looked no more than 30-40 years old) but in the sense that traditional Chinese shopping values remained intact.
Fresh food was piled on stalls all along the street for passers-by to pick up and examine (see the lady in the photo who I watched pick over an entire tray of pork chops until she found one she liked) and the sale of hopelessly useless (as well, it's fair to say, unrealistically cheap) goods.
Needing fresh AA batteries for my camera I bought a dozen Chinese zinc-carbon examples (the best available) from a stall for a few HK$ (around US 5c each) discovering over the next couple of hours that each and every one of them was completely devoid of electricity.
Some things never change. Hong Kong enterprise - gotta love it!
Heck, even Mong Kok - once home to professionals (photographers who came for the specialist camera shops and hookers who worked the brothels that lined the narrow streets) is now the location for 5-star hotels, computer supermarkets and Starbucks.
So a trip into the New Territories was taken. It's years since I was last in this hinterland of Hong Kong's administrative region and, to be honest, had never really understood why the British Government had felt so compelled to hand the whole of Hong Kong back when the lease on part of the territory ran out. Until I saw what had become of the area I remembered as sleepy villages and gentle farm land.
The whole area is a sea of high-rise apartment blocks with fast train access into Kowloon. All became clear - the "independent" territory that would have remained would have consisted of millions of people with nowhere to work and no way to feed themselves.
Anyway - tucked away in one of the newly developed streets was this "traditional" street market. Traditional, not in the sense of having been there since the Tang dynasty (the street itself looked no more than 30-40 years old) but in the sense that traditional Chinese shopping values remained intact.
Fresh food was piled on stalls all along the street for passers-by to pick up and examine (see the lady in the photo who I watched pick over an entire tray of pork chops until she found one she liked) and the sale of hopelessly useless (as well, it's fair to say, unrealistically cheap) goods.
Needing fresh AA batteries for my camera I bought a dozen Chinese zinc-carbon examples (the best available) from a stall for a few HK$ (around US 5c each) discovering over the next couple of hours that each and every one of them was completely devoid of electricity.
Some things never change. Hong Kong enterprise - gotta love it!
Thursday, March 22, 2007
XP Media Center
Let’s cut to the chase – Windows Media Center (at least in XP guise – I haven’t tried Vista) is, if not quite a disaster, a long way from being capable of acting as a reliable living room device. Even ignoring the product’s shortcomings (restrictions on the number of tuners it supports; poor support for digital terrestrial television in UK/Europe among them) the darned thing crashes far too often.
Being (humbly) pretty good at setting up my PCs and strict at avoiding the installation of software that causes so many reliability issues, it’s been a long time since I’ve had to give a “three-fingered salute (aka Ctrl-Alt-Del) to my PC and the dreaded blue screen of death (BSOD) is almost never seen in these parts. Media Center (sic) reset all these expectations by frequently requiring the use of Task Manager to shut it down when it froze and far too frequent reboots of the entire machine.
That’s not to mention Microsoft’s habit of releasing “security updates” to the operating system itself that cause the PC to reboot all by itself – a more than annoying activity when it interrupts a film or sports program you were recording overnight.
Problems with Media Center include:
- The program is so tied to Microsoft via its Internet connection that almost any disruption to the network connection causes a crash.
- Miscellaneous and meaningless errors: eg, the program frequently refuses to record a program showing in the guide, claiming that “the guide does not contain information on this program” – even when it patently does – stopping and restarting the Media Center shell allows the recording.
- Microsoft doesn’t think people outside Seattle watch TV. Specifically, the program’s ability to tune in digital broadcasts in UK regions is at best patchy. Reading independent web sites reveals similar problems in many regions along with the registry hacks(!) necessary to allow or force the tuning software to work with local broadcasts.
- It supports at most two tuners – unless you’re prepared to hack the registry (and do so every time it downloads an update). In this multi-channel age, it’s far from uncommon to find several appealing programs broadcast across different channels in the same peak viewing slot and with DVB-T tuners available for a few measly pounds/dollars it’s hardly unreasonable to expect support for four or five.
- Playback of a recorded DVB-T program within which signal quality fell causing dropouts causes a crash necessitating a complete reboot of the machine.
I could go on (and on, and on …) but suffice to say that I have given up with Microsoft’s Media Center and replaced it with something rather better.
Tuesday, March 20, 2007
PVR to Media Centre
While music and photos were being streamed wirelessly to the bedroom, the good old VHS video recorder had been replaced with a hard-disk based PVR (Personal Video Recorder) – at first a Humax device that also incorporated a DVD player then a Digifusion unit.
The impact of these devices on TV watching habits can’t be overstated. The ability to “point-and-shoot” (where have we heard that phrase before? ;) ) at a program and have it reliably recorded is addictive – in fact, it’s far too easy to quickly build up a library of hundreds of hours of recorded TV that you will never have time to watch! More usefully, a 14 day program guide meant that I could easily and reliably ensure that I need rarely miss a Grand Prix just because I was away on my frequent travels.
All good and great but …. how do you get the recordings out of the box? Ok, you can buy PVR units that have a built-in DVD recorder (so sons that forgot to record the Grand Prix for themselves might be sent a copy) but any thought of watching recorded programs in another room rely on old-fashioned video distribution and those infra red remote extender gizmos. Hardly “bleeding edge” and not at all in keeping with the thinking round here.
So, just over a year ago a moment of weakness in PC World made me the new owner of a Sony VAIO XL100 Media Center PC – a reasonably smart (silver and black, almost hifi-looking) unit that runs Windows XP Media Center edition.
Media Centres
To a software/networks/gadget geek with a deep interest in music and film, the lure of having access to my music, videos, photos and a choice of independent radio anywhere in the house is just too much to resist. My CD collection has slowly been migrating to one of the servers in the garage for a couple of years now (I have a lot of CDs!) and my photography and occasional forays into video went digital years ago but finding ways to distribute these files around the house has occupied many an hour.
A couple of years ago, I bought first a Linksys WMA11B network media player (NMP) and installed its companion software on one of the PCs to act as the stream server. That never worked too well – the low (802.11b WiFi) network bandwidth restricted it to music playback only; photos took an age to appear and it had no support for video at all. Worst of all, its proprietary server software consumed far too much CPU overhead and was incompatible with other devices.
The Linksys was replaced fairly quickly with a D-Link DSM320 NMP that supports 802.11g (54Mbps) WiFi and works using open standards (UPNP) to replay music, videos, photos and streamed Internet radio stations. It also has a captive 100Mbps Ethernet connection. That worked well connected to a PC running the separate Windows Media Connector freebie (now incorporated into Windows Media Player 11). Music (including CD quality WAVs) played back fine over the WiFi connection and it was even possible to watch MPEG and DivX encoded movies – as long as you ignored the lack of lip-sync!
The Outlook is circular
Remember the start of this epic voyage of email and PIM updating started with a desire to move away from Outlook. Where has it ended up? Back with Outlook, that’s where.
A few reasons:
- Try as I might, it’s hard to escape Microsoft’s marketing muscle – in this case translated into compatibility with the portable devices I use (IPAQ and Nokia phone/PIM) and others that I might consider using in future. The sheer market weight of Outlook means that manufacturers are compelled to provide at least some level of data interchange with Outlook and, while I did discover products and add-ons to programs such as Thunderbird that aim to do the same thing, they are all affected by the problems that surround Open Source “products” (which I will get round to discussing some time soon, I promise).
- Office 2007 appeared and is a substantial step forward for Outlook. While still some way from my ideal (that I can’t find elsewhere in any case) it is better at organising tasks and calendar and, even in beta form, proved more reliable than the alternatives (Thunderbird, The Bat, Eudora, Pocomail) that I tried – several of which lost data (or would have, had I not been strict about keeping backups.
Thursday, February 15, 2007
So … which Linux distro got the job?
Well, it took a while but I finally have a mail/groupware server alternative to Exchange Server in the shape of Kerio MailServer6. But what to run it on?
If you’ve been following this saga, you’ll know that the initial brief I set of replacing Exchange Server expanded into a need to replace the underlying Windows server operating system as well with one of the many Linux variants out there. But which?
Fedora Core 6 is the answer – at least for me. Being based on Red Hat it had the blend of server functions and management tools I was looking for as well as access to the latest stable versions of Samba.
In praise of Kerio
To refresh my knowledge of Kerio MailServer I downloaded a copy of the latest version 6 from the company’s web site and loaded it up on a test server. All the things I remember liking about the product are still there and it has improved and solidified in several key areas. The product can run on either a Windows or Linux platform.
The first thing to like is the clean and simple management interface. For anyone used to Microsoft’s muddle of tools spread across different management consoles, Kerio’s approach will come like a bolt out of the blue. A single console window provides access to all functions of the server from configuration, choice of protocols, user management through to logs on its behaviour. Setup is a breeze – complete a few forms to set up the domains and users you want to give access to (with convenient import functions for large setups) and you’re up and running. Safely! Which brings me to the second thing to like …
Antivirus is built in to the mailserver itself. You can either use the supplied McAfee with its automatically updated database or one of several alternatives from the likes of Sophos, Grisoft etc that you supply separately. You can even use several AV engines in tandem if you want. Spam is equally well covered with a comprehensive arsenal of filters, blocklists, repellents, caller-ID lookups, SPF checks and SpamAssassin bult in. Less than 2% of spam gets through even the lightweight configuration I have implemented with very few false-positives.
The server’s database can be automatically backed up and archived without user intervention. It can retrieve email from other servers or external accounts (such as Yahoo or Hotmail) and drop the messages into recipient mailboxes directly. It can handle multiple identities and email addresses, aliases at individual or group level. And it has good status and logging functions that keep this administrator well informed of what is going on.
The latest version even has ActiveSync functionality built in so sync’ing a Windows based PDA or mobile phone over a Bluetooth or wireless connection is automatic and seamless. Wonderful!
But the very best thing to like about Kerio MailServer 6 is that it just works. It sits there and does its job of delivering, sorting and sifting emails, storing calendar, tasks and notes while demanding zero attention from me.
And that makes it worth every penny of the price I paid for the licence to use it.
Choosing a Linux distro (part 2)
By now I’d done my fair share of reading up on the current state of Linux and how to get it to work as a server back-end for a Windows desktop environment. I was pretty confident that a recent Linux build with recent Samba version would handle the domain control (network authorisation) and file sharing tasks. So my mind turned back to the choice of software to replace Exchange Server as my email and PIM back-end.
There are a number of Linux based email server products that claim at least some level of Exchange compatibility:
- Open Exchange (http://www.open-xchange.com/EN/developer/)
- Scalix (http://www.scalix.com/)
- Kerio Mail Server (http://www.kerio.com)
For links and reviews of most of the competitors try the ServerWatch web site at http://www.serverwatch.com/stypes/index.php/TWFpbA==
I had just tried Scalix with the Xandros Server product that I had been forced to send back. Exchange “compatibility” can mean many things it seems. To Scalix it seems to mean that they might provide (I never found it) an Outlook plugin that makes their back-end server look like Exchange. Of the promised migration tools there was no sight. I was not alone among the user forums in experiencing a distinct level of underwhelment with Scalix!
Open Exchange looks like a possible contender. It’s available in commercial and free variants with an Outlook plugin (the “Oxtender”) that – again – promises to make the back-end look like Exchange to Outlook. I haven’t tried it.
The reason is that I – somewhat belatedly – remembered that I have previously used Kerio MailServer as a (then) cheaper replacement for Exchange Server in several client installations - and all had worked very well. Again the product relies on an Outlook plugin (this time called the “Kerio Outlook Connector”) to connect the Outlook desktop client to the back-end server.
Why all these connectors? Well, Microsoft being Microsoft, OE not only use proprietary protocols to communicate with each other, MS keeps the details of the protocols close to its corporate chest. In the Open Source arena there is a surprising and woeful lack of standards for groupware message exchange. This is a subject I may come back to in a later post as – to this grey-bearded old software designer – it encapsulates a lot of the problems that beset the Open Source community and prevent wider up-take of the technology and product offerings.
So – anyone who wants to provide a back-end email/groupware server and wants any kind of market share needs to address Outlook (I haven’t looked up the figures lately but it is surely the dominant email client in the corporate world) – and that means at the very least writing a connector to bridge the gap.
Why is Exchange so important?
Why, you may ask, is Exchange compatibility so important to me? At heart, it’s because I travel. And when I travel, I don’t always want to carry a laptop with me or be reliant on Internet cafes to catch up with email and my diary. For several years, I have carried an IPAQ combined PDA/cellphone that runs Windows PocketPC operating system – this wonderful device has GSM (mobile phone) Bluetooth and 802.11b WiFi access built in and does a pretty good job of providing me with telephony (expensive cellphone and cheap VOIP), email, contacts database, diary/calendar, todo reminders and all my notes on which I rely so much. It synchronises with Outlook and my desktop file system as soon as I get it in reach of my desk.
For the past year, I have also carried a Nokia N70 mobile phone. This has most of the functionality of the IPAQ (lacking the WiFi connectivity and decent screen size) including all the essentials of email/calendar/notes. Again, it synchronises automatically and seamlessly (via Bluetooth) whenever it’s near my desk. The advantage of the Nokia over the IPAQ is its size and its 3G plus quad-band cellular access.
2007 is looking likely to be the year when these two devices get replaced by a single device like the soon to be released Nokia N95 that (if its screen is as good as claimed) should offer everything the combined IPAQ/N70 provides in a smaller (read “more pocketable”) package and with better integration of the cellular and VOIP telephony for good measure.
This mobile access to all my important data at all times has been a personal holy grail for over 25 years. And my quarter-century-old prediction that we would all, one day, be wirelessly interconnected with access to data held privately back at home or publicly has become a reality.
In fact, there’s quite a choice of devices that you can carry round with you to gain remote access to data and people using email, web, file transfer, speech and video calling. And they use a fair variety of platforms and technologies to achieve these goals. But regardless of platform, technology, vendor or format, the one common denominator among them almost all of them is that when it comes to synchronising data changed while you are on the move with the master copy back at the ranch or getting updates of data added or changed on the servers, they will all work with Outlook/Exchange.
Moan as we may about monopolies, the fact is that the makers of these devices (sensibly) follow the market … and the market is led by Microsoft – so strongly in fact that even devices that don’t use Windows based operating software (such as the Nokia, Symbian based phones, Blackberries, Palm Treo etc.) all sync up with Outlook/Exchange.
And very, very few offer any kind of alternative – and none will sync with (say) Thunderbird or other non-MS email/PIM clients.
My researches did reveal a few projects and even a couple of working programs that replace the ailing ActiveSync technology that MS foists on mobile users with a more flexible and open alternative. But – here’s the rub – with mobile device technology moving at a pace that sees new devices released daily with an expected life cycle of maybe a year or two at best, the alternatives are never going to keep up. What works today will almost certainly not work tomorrow. Or, an update to the phone/PDA firmware will suddenly break that all important connection with home.
Like it or not, Outlook/Exchange – for me at least – is a must-have. Or at least compatibility with OE …
Choosing a Linux distro
These days, there is a truly bewildering choice of Linux distros out there. From the “roll your own” versions out on the bleeding edge of the development curve through commercially supported offerings such as Red Hat right up to (by my standards for this project) mega-expensive products from the traditional enterprise-class vendors such as HP, Oracle, Novell etc.
A word about money
Before looking at what I chose and why, it’s worth looking at the budget I had for this project. In moving away from Windows I was writing off a sizeable (for an individual) chunk of change invested in the server operating systems and software. My goal was to replace software that was proving far too costly – in management time and poor reliability – with functional alternatives that would be easier to manage and less costly to run – in both time and pounds sterling!
My Microsoft server environment harks back to my time as owner of an international software development company. In company terms, a few thousand pounds spent on something as essential as email and company-wide network access controls is small change. At garage level, those costs are witheringly unaffordable. To be fair to Microsoft, If I were starting from scratch and buying an MS server environment, their Small Business Server (SBS) product provides most of what I need. For $600 per copy I’d get the base OS, Exchange Server and a primitive firewall. This would buy me 5 user licences which barely covers my needs and once you exceed this figure, costs start to escalate enormously – especially as I’d be buying licences twice over (once for each server) or have to forego the backup and security of the two-server approach I was used to.
I set a purely arbitrary budget figure of $500 for my Linux replacements – as much to see what could be achieved for this small sum as to keep expenditure in scale with income. Xandros Server fit this budget pretty well (for a single server licence with Scalix email thrown in) and would have only exceeded it slightly once a second OS licence had been purchased. But, Xandros didn’t work.
Time to rethink the way to spend the budget.
My kingdom for a reliable server OS
After wasting what became a fortnight with Xandros Server I took the sensible decision to throw the thing back at the company and demand a refund. I eventually got most of my money back though for some reason they thought they were entitled to keep the shipping charge they made – even though its product doesn’t work! Bad product = Bad company.
Ditching Xandros left me back at square one – servers still running Win2k3 and no Exchange replacement.
My intention in using Xandros had been simple enough – replace the email server OS and application with a non-MS alternative – while retaining Exchange compatibility so that all my PIM data cold be held centrally – and in a way that allowed synchronisation with my PDA and phone.
Behind that simple requirement, of course, lies a morass of complexity. For a commercial grade network, the most important task performed by a Windows server is domain control – the central management and control of access to all network resources. Only after this basic requirement is met can you go on to provide network file shares, web and email services etc. In the Windows networking scheme, one (and only one) server acts as the Primary Domain Controller (PDC) holding the master copy of all login IDs and security authorities. One or more other servers can act as backup controllers (BDC) answering login and access requests by automatically synchronising their copy of the security database with the PDC. Since Windows Server 2000, this basic mechanism with its poor mix of MS proprietary (eg; WINS) and open services (eg; DNS) has been supplanted by Active Directory (AD) – still MS proprietary but easier to manage and automatically updating DNS etc. My Win2k3 domain was AD based.
In part, Xandros failure to live up to its promises is down to the fact that it uses the well-known and well-established Samba software to provide Windows-style domain services. None of which is a criticism of Samba, which is one of the best established, most reliable and useful Open Source projects around, backed up by people who really know their stuff and are very happy to support their “product”.
Simply put, Samba does not (at the time of this writing) support or understand Windows Active Directory – it only supports the older PDC/BDC mechanisms. More than this, interoperability between Samba domain controller services and their Windows equivalents is severely limited – you can’t, for example, have a Samba PDC with Windows based BDC – or vice-versa. For my simple needs, these restrictions would not be a problem – but they do mean that planning the migration from Windows to Linux server technology required a little thought. And again, for my relatively simple needs (and, I suspect, the needs of most small to medium sized businesses) the lack of AD support would not be an issue, especially as it’s not that hard to have a Linux DHCP service update a DNS domain automatically so that XP (and soon-to-be) Vista based PCs wouldn’t have to bother with the creaky old MS WINS directory service to find each other.
Xandros Server
I’ll cut this short. Xandros was a disaster. For the full background story, see this thread in the Xandros forums. The product offers much – tying a collection of Open Source projects and packages together under a proprietary umbrella of management tools that promises Windows like integration and full interoperability with Windows network environments. The documentation provided is among the best I’ve seen in the Open Source community.
The problem is a simple one – it doesn’t work. At least the early release version I tried doesn’t and the problems I encountered with the product tell me that a LOT of work (possibly even a fundamental rethink of how they’re trying to achieve their objectives) is called for. I went so far as to say that they should not be taking money for this product right now.
Wednesday, February 14, 2007
Time to dust off those UNIX skills …
You may recall that in the time BTM (Before The Move) I had started looking and planning to replace Exchange Server/Outlook as my principal email programs. Work on this was underway (though temporarily stalled) when the Trojan struck.
Quick recap: The garage houses four servers;
- two were running Windows 2003: the PDC for the domain (login services and central storage for the PCs round the house) and the mail server
- one was running Linux (Centos) as the host for the Asterisk PBX (VOIP phone system)
- the fourth is an old tower PC now crammed with large hard drives and running a stripped down Linux providing a backup store for the rest of the network of machines via NAS
The Trojan attack – and especially the cost to me in time and effort – was the nail in the coffin for Windows 2003. Though both machines were up to date with patches and protected by several layers of protection they still got hit and the fact is that Microsoft’s operating systems (especially the server versions) are too attractive to “the bad guys”.
Though it’s been a few years since I last used Linux in any serious way, I had been reading that the various new versions and distros had come a very long way in terms of usability and (relevant here) ease of management. So, after doing a lot of reading and research on the web I took the plunge and bought a copy of Xandros Server – a commercial Linux variant that includes a small-business copy of the Scalix email server that claims to offer full Exchange compatibility.
The servers are dead – long live the servers!
The reason things went quiet here between late October and December are easy to understand: TWO house moves (my own mega-move that formally finished on 11th November but dragged on till past Christmas) and Adam’s move to his new bachelor-pad in London. Throw in the completion of my first issue as editor of iL TRIDENTE magazine and the general mayhem that preparation for Christmas always involves in this household and there you go ... time gone!
The plan was to get Christmas out of the way then get back to writing and being generally productive in a form that didn’t involve trips to IKEA and hours assembling office furniture.
It wasn’t to be.
In mid-December both the Win2k3 servers were hit by a zero-day Trojan. This was despite protection that included a hardware firewall and live-updated anti-virus and anti-spyware software on both servers, plus similar protection down to packet level within the mail server software. The first sign I had that anything was wrong was slow Internet connections. When I checked, the activity indicators on the router and modem were solidly lit – not the normal case round here. Just as I was pondering the cause an email arrived from my ISP advising me that my network had been reported as a source of spam … Aaaaarrrrrggghhhhh!!!!
Sure enough, both servers had been compromised and were spraying out junk mail at a rate of several hundred messages per minute. In the few gaps this left in my outbound bandwidth, they were also sending out port-probes methodically working their way through several IP sub-nets at the command of their new masters looking for other systems that the Trojan could compromise.
Now, despite all the protection in place here (protection I’d still say is among the best available) a successful attack like this is a risk run by anyone with a computer connected to the ‘net. Especially servers as they generally sit on fast pipes connected directly into the ‘net so can do the most work for the crooks behind the Trojan. My own servers sit on a domestic ADSL line with upstream bandwidth of only around 500-800kbps (my main web servers are hosted elsewhere) so they lucked out with me but even so, they managed to get several tens of thousands of spam messages out before I discovered and could solve the problem.
And the cost …!!
Like many people these days, I rely on email – as do the family and friends who also have email addresses here. So just “pulling the plug” was not an option unless I had a way of getting at least the email server back on line without too much delay.
More importantly, the other server also provided a raft of network services to all the other machines so taking it down causes everything else to collapse with, if delayed, still inevitable certainty. Not good. Having identified the nature of the beast, my first approach to fixing the problem was to download the removal tools and patches from the AV vendors and MS. So … both machines taken off the network (internal and external) removal software run – check OK – then patches installed.
Reconnect to Internet and ….
… BOOM! The blasted Trojan was back again!
Several hours later and it was obvious that the Trojan removal software had not done its work. Despite its efforts and mine (painstakingly trawling through system files all over a large server is NOT fun) it had managed to conceal some part of its payload somewhere that would take more time than I had or wanted to spend playing detective to find.
At this point, I want to restate that tired old advice to everyone who has or uses a computer anywhere for any purpose. Back it up. In fact, do more than that. Back it up in a way that allows you to go back and restore it to any point in time. If you’re sensible, you’ll back up the backup too.
Thankfully, that’s pretty much what happens here. I’ve used Acronis to back up both servers and PCs to a large NAS server at least nightly with other specialised software archiving the email repository and other fast-updating files in almost real time.
Plan B swung into effect. Machines taken off the Internet and restored to the point a few hours before the Trojan struck. Next the patches were installed to prevent the crooks getting back in the hot seat. Finally, the email and other databases were rolled forward to their last current position and, with a deep intake of breath, the servers were put back on-line …
Plan B worked. The servers stayed clean – though monitoring the firewall saw several thousand attempts by other distributed servers to talk to the now exterminated Trojans.
Catchup
Hmmm … three months since I last posted here … where were we? Ah yes – the new network at the house. And the search for replacements for Outlook/Exchange Server.
Lots to catch up on so I’ll break it down into several posts. Network first …
The network is running splendidly. All the machines that have wired connections (that’s all the servers in the garage and my office and recording PCs) have gigabit connections to each other and file transfers now take place at speeds limited by disk transfer rates rather than network bandwidth. The wireless segment runs flawlessly too. The Linksys WRT54GS (with replacement firmware – something I’d definitely recommend) is sitting inside the loft at the top of the house providing a strong, 54Mbps link to each of the laptops and a solid 11Mbps to my IPAQ handheld. As for range, it’s great for what I want.
I have SJphone (http://www.sjlabs.com/sjp.html) installed on the IPAQ so that when I’m away from home I can still receive and make calls using the Asterisk VOIP exchange in the garage at free/cheap network rates rather than the ludicrous rates charged by mobile (cell) phone companies, especially for international calls. This works extremely well – when away from home I just login to a WiFi access point and make calls while checking email and browsing the web. When at home, the IPAQ naturally connects up to the wireless network in the house so, if I wanted to, I can make and receive calls using it. Usually I don’t as I have a better phone on my desk (an Aastra 480i) but – here’s the good bit about the new network – the wireless extends to the garage and to the bottom of the garden. Which means that I don’t have to remember to carry one of the house mobile phones round with me – I just carry the IPAQ as normal – it already handles both cellular and VOIP calls.
Subscribe to:
Posts (Atom)