Work keeps progressing on re-creating the webserver. Last night’s project was setting it up as a working mailserver using sendmail and IMAP. Much progress was made, and I’m just facing one last issue that I can’t resolve, and if there’s anyone out there who might understand a bit more of this end of things than I do, assistance would be greatly appreciated.

I have sendmail and IMAP working for the most part — I can send mail from the server from the command line using the mail command, the server is receiving e-mail, and I can log into the server via IMAP using from my G5 to check my e-mail in the account that I set up. However, I’m having no luck in sending e-mail ~~through the IMAP connection~~ from my G5. Every configuration setting I’ve tried just results in an error of one sort or another (either the server refusing connections or (null) errors after sitting and waiting for a while). At this point, I’m more or less stumped.

The steps I went through last night to get the mail side of things set up (so far) are detailed on my rebuilding post. If anyone could give me some pointers, I’d greatly appreciate it!

Update: With a little more work and some pointers from Phil, I got it. Rock on. Progress!

This is truly a masterful piece of writing — from an article in the Philadelphia Inquirer:

Concerned about the appearance of disarray and feuding within his administration as well as growing resistance to his policies in Iraq, President Bush – living up to his recent declaration that he is in charge – told his top officials to “stop the leaks” to the media, or else.

News of Bush’s order leaked almost immediately.

Bush told his senior aides Tuesday that he “didn’t want to see any stories” quoting unnamed administration officials in the media anymore, and that if he did, there would be consequences, said a senior administration official who asked that his name not be used.

Worthy of The Onion, only from a real newspaper. I love it.

(via Mathew Gross)

Well, the rumors were true — and then some! Here’s some quick highlights of today’s Apple Event:

Hell Froze Over

  • The iPod is the number one .mp3 player on the market, with a 31% market share.
  • Two new accessories (for 3rd generation iPods with the Dock Connector) have been introduced:
    • The Belkin iPod Voice Recorder, which allows you to record voice memos on-the-go and then sync them to your Mac or PC when you’re back home.
    • The Belkin Media Reader, which allows you to move photos off of a camera storage card (Compact Flash, [Type 1 and 2], Smart Media, Secure Digital [SD], Memory Stick, or Multi Media Card [MMC]) and onto the iPod for later import into iPhoto. Never have to worry about running out of space on your camera again!
  • The iTunes Music Store has been upgraded:
    • There will be over 400,000 tracks available by the end of the month.
    • Over 200 independent labels have joined with the iTMS for distribution.
    • Integration with Audible now allows for to be purchased directly through the iTMS interface.
    • Gift Certificates can now be purchased for family or friends through the iTMS. Choose how much you want to give, send it off, and the recipient gets an e-mail. One click, and they’re in the iTMS with credit in their account.
    • Parents can now set up Allowances for children — \$10 (or whatever amount is chosen) per month in downloads charged to the parent’s credit card. Essentially an automatically-renewing gift certificate.
    • Celebrity Playlists — recommendations of songs from popular artists.
  • iTunes for Windows is now available.
    • Runs on Windows 2000 and Windows XP.
    • Complete feature parity with iTunes for the Mac.
    • Rendevouz music sharing over local area networks works between Macs and PCs.
    • iTMS access is built in to iTunes for Windows, just as it is on iTunes for the Mac.
    • Each track purchased from the iTMS is authorized for play on up to three computers — this can be a mix-and-match of Windows PCs and Macs.
  • Two big promotional partnerships were announced:
    • America Online: AOL’s music store now integrates directly with iTunes.
    • Pepsi: 100 million songs will be given away through redemption codes under the cap of select Pepsi, Diet Pepsi, or Sierra Mist bottles. 300 million bottles will be printed, with a one in three chance of winning a free download.

    : “Apple – iTunes – Audiobooks”
    And those are all the key points. Pretty damn impressive! I’ll be playing with iTunes on Windows as soon as I get to work today…

(Much thanks to MacRumors live coverage of the event!)

I’m not a big baseball fan — heck, I’m not a big sports fan — so I haven’t been paying much attention to the baseball games. I’d seen people mention the Cubs here and there, knew that there were big games coming up, but it just wasn’t a big thing for me.

Then the news broke about That Guy in Chicago reaching for the foul ball. So far, I’ve been absolutely disgusted at what has been done to this poor guy — practically within minutes of the event, his name, workplace, and even address had been published across the ‘net, with thousands of angry Cubs fans blaming him for the Cubs loss. Bad enough that the guy might have to wonder whether the ball would have been caught if he hadn’t reached for it — but now he has to worry about his privacy and, quite possibly, personal safety. The handling of the event by the media and various websites has been absolutely horrible.

At least there seem to be as many people also disgusted by this and concerned for the guy as there are people upset with him. Wil Wheaton has a wonderfully written (and funny) open letter to That Guy:

I used to be on this big cult TV show that had lots of very passionate fans. Many of those fans absolutely (and irrationally) hated the character I played on that show. Most of them wrote me nasty letters and heckled me whenever I’d show up at one of their events, they never called my house, or tried to hurt me, but I can sort of imagine what you’re going through. That thing that makes a sports fan wear only paint and a diaper to a ball game when it’s 15 degrees outside? It’s the same thing that makes a Star Trek fan wear the same unwashed uniform for 5 days in a row at a big ass con.


I’ve read that just about every Cubs fan in the world is giving you hell for going after that foul ball. Well, That Guy, last time I checked, baseball fans like to catch foul balls. It’s something we do, like paying too much for terrible beer and screaming at a player for not picking up that slider that we’re so certain we’d be able to hit if they’d just put our fat asses in the game. Hell, I’ve been going to 20 or 30 games a season at Dodger Stadium for almost 30 years, and I try to catch a foul ball every single time I’m there. I’ve even had my hot wife flirt with the teenage bat boy in a pathetic effort to score one. To date, I am still empty-handed. But that bat boy, Jesse, is convinced that my wife’s going to leave me just as soon as he gets out of high school.

Rock on, Wil. And good luck and best wishes to That Guy.

Triggered by a recent tech gathering that has caused a little bit of ruckus due to it’s perceived “invitation only” nature, Danny O’Brien ended up touching on a subject that I found fascinating: the difference between our “real world” conversations and the conversations we have through our websites, and some of the key differences between them.

In the real world, we have conversations in public, in private, and in secret. All three are quite separate. The public is what we say to a crowd; the private is what we chatter amongst ourselves, when free from the demands of the crowd; and the secret is what we keep from everyone but our confidant. Secrecy implies intrigue, implies you have something to hide. Being private doesn’t. You can have a private gathering, but it isn’t necessarily a secret. All these conversations have different implications, different tones.


On the net, you have public, or you have secrets. The private intermediate sphere, with its careful buffering. is shattered. E-mails are forwarded verbatim. IRC transcripts, with throwaway comments, are preserved forever. You talk to your friends online, you talk to the world.

This is why, incidentally, why people hate blogs so much. My God, people say, how can Livejournallers be so self-obsessed? Oh, Christ, is Xeni talking about LA art again? Why won’t they all shut up?

The answer why they won’t shut up is – they’re not talking to you. They’re talking in the private register of blogs, that confidential style between secret-and-public. And you found them via Google. They’re having a bad day. They’re writing for friends who are interested in their hobbies and their life. Meanwhile, you’re standing fifty yards away with a sneer, a telephoto lens and a directional microphone. Who’s obsessed now?

The first part of the article is about the tech conference, so you’ll need to scroll down about halfway to get to what I found to be the interesting section of the article.

While I hadn’t analyzed it at all, I think on some level I’ve always approached this weblog knowing that it resides in that hazy area between public and private. While it’s certainly public by virtue of being available on the ‘net for anyone who stops by or finds their way here through Google, it’s also in many ways private — it’s primarily about me, my life, and what I’m going through or thinking about in the world around me, and as such, of interest primarily only to friends or people who know me.

But because of the online mix of public and private, I’ve generally tried to find a comfortable middle ground in what I post and what subject matter I choose. While the tone of what I write here is generally of the “private”, conversational tone, there are certainly conversations I’ve had in the real world that I would be hesitant to post here — not because they’re “secret”, but because put in a “public” forum and taken out of context, they can be seen in a far different light than they’re intended. As an example, describing a friend as “the only person I know who’s so flexible he can put his foot in his mouth with his head up his ass” might be (and was) amusing to my group of friends and even to the person in question, but were that posted here, out of context and on its own, the intended humor might not be seen.

I think I’m rambling a bit now — it may be a bit soon after waking up to really dive into this. Still, Danny’s post fascinated me, and it’s worth turning over in your head for a bit.

The brand new “Big Mac” supercomputer at Virginia Tech could be the second most powerful supercomputer on the planet, according to preliminary numbers.

Early benchmarks of Virginia Tech’s brand new supercomputer — which is strung together from 1,100 dual-processor Power Mac G5s — may vault the machine into second place in the rankings of the worlds’ fastest supercomputers, second only to Japan’s monstrously big and expensive Earth Simulator.

I just thought that that was really cool.

This is going to be my repository for keeping track of what I do to install and configure the server. As such, it’s likely to be filled with all sorts of geeky bits of no interest to anyone except me. Feel free to ignore it. :)

20031015 2315: Install OS X 10.2

The first bit is fairly obvious.

Installation options: all localization options, extra applications, etc. are off. I’m installing merely the core OS and the BSD subsystem. As this is now going to be a dedicated server, rather than a combination server and workstation, I don’t need the extra goodies such as iTunes, iPhoto, yadda yadda yadda.

20031015 2352: Reconfigure home network

Apartment Network

Something’s going goofy here. The G5 sees the ‘net fine, the G3 suddenly isn’t. Odd — it did last night after a fresh system install with the same settings. Going to have to track that down soon — hopefully it’ll cure itself after a reboot, as I’ve got some more installations to go. In the meantime, my current network setup is shown in the graphic.


Figured out the ‘goofyness’. When entering the DNS servers, make sure you get all the numbers entered correctly. It helps.

20031016 0019: Install developer tools

All options (including the BSD SDK, which is off by default) are on.

20031016 0054: Install all necessary software updates from Apple

Installing: IE 5.2.2 Security Update, Mac OS X Update Combined 10.2.8, QuickTime 6.3, Safari 1.0, StuffIt Expander Security Update 7.0, and Java 1.4.1.

Not installing: iMovie 3.0.3, iPhoto 2.0, iPod Software 1.3, iPod Software 2.0.1, iTunes 4.0.1, or iCal 1.5.1.

20031016 0202: Fine-tune initial setup

Adjust all system prefs to taste (Energy Saver needs to be set to never go to sleep), enable file sharing, web sharing (Apache), SSH access, and FTP access, verify that the webserver is responding (it is, though nothing’s there yet), nod in satisfaction, yawn, and go to bed.

20031016 2319: Set up and configure sendmail

Most if not all of the following commands need to be executed as root. All usernames, domain names, and variables listed below as are I set them for my server. If anyone else is going through this page as a reference, your variables will need to be adjusted for your system.

  1. Start sendmail automatically at system boot^1^.
    • Edit /etc/hostconfig: change MAILSERVER=-NO- to MAILSERVER=-YES- and set HOSTNAME=-AUTOMATIC- to
  2. Make sendmail play nice with Mac OS X’s permissions^2^.
    • cp /usr/share/sendmail/conf/cf/ /etc/mail/

    • Create the following script, save as /etc/mail/update, and make it executable (chmod g+x /etc/mail/update or chmod 654 /etc/mail/update):

      #! /bin/sh
      if [ /etc/mail/ -nt /etc/mail/ ]
          echo Regenerating
          m4 /usr/share/sendmail/conf/m4/cf.m4 /etc/mail/ > /tmp/
          mv /etc/mail/ /etc/mail/
          mv /tmp/ /etc/mail/
          /System/Library/StartupItems/Sendmail/Sendmail restart
    • Edit /etc/mail/ and add the following line just after define(PROCMAIL</code>&hellip;: <ul> <li><code>define(confDONT_BLAME_SENDMAIL’, `GroupWritableDirPathSafe’)

    <!-- -->

  3. Run the update script:
    • ./update
  4. Tweak netinfo per Apple’s suggestions^2^.

    • niutil -create . /locations/sendmail
    • niutil -createprop . /locations/sendmail /etc/mail/
  5. Define hostnames to accept incoming e-mail for^1^:

  6. Edit /etc/mail/local-host-names and add:

      <li>Restart sendmail:
          <li><code>ps -ax | grep sendmail</code></li>
          <li><code>kill -HUP xxx</code> (where <em>xxx</em> is the process ID of whichever sendmail process ends with <code>-q1h</code>)</li>
  7. Set e-mail aliases^1^.

  8. Start NetInfo Manager.

  9. Unlock it.

  10. Click on / > Aliases.

  11. Create a new folder (leftmost button or, in the menus, Directory > New Subdirectory).

  12. Rename the new directory webmaster.

  13. Insert a new property (in the menus, Directory > New Property).

  14. Download and build the IMAP server^1^.

    • curl > imap.tar.Z
    • uncompress imap.tar.Z
    • tar xf imap.tar
    • cd imap-2002e/
    • make osx SSLTYPE=nopwd SSLDIR=/usr SSLCERTS=/etc/sslcerts
    • mkdir -p /usr/local/bin
    • cp imapd/imapd /usr/local/bin/imapd
  15. Configure the IMAP server^1^.
    • Set up the security certificate:
      • mkdir -p /etc/sslcerts
      • openssl req -new -x509 -nodes -out /etc/sslcerts/imapd.pem -keyout /etc/sslcerts/imapd.pem -days 3650
      • Follow the prompts and insert the correct information when required.
    • Set OS X to answer to IMAP requests over SSL port 993.
      • Edit the /etc/inetd.conf file and add the following line at the end of the file:
      • imaps stream tcp nowait root /usr/libexec/tcpd /usr/local/bin/imapd
      • Restart the inetd daemon:
        • ps -ax | grep inetd
        • kill -HUP xxx (where xxx is the process id of inetd)

At this point, sendmail works for sending messages from the server, and I can log into the IMAP server and check my messages using on my G5. Unfortunately, I can’t figure out how to send mail from a machine other than the server — any settings I use result in errors of one sort or another. For now, I’m going to stick with what I have, and come back to tackling IMAP at another day.

20031017 1039: Continue to configure mail services

  1. Allow to catch mis-addressed email^2^.
    • Edit /etc/mail/ and add the following line just after where we added ‘DONT_BLAME_SENDMAIL’ earlier:
    • define(LUSER_RELAY',local:djwudi’)
    • Rebuild and restart using the update script (./update)
  2. Allow relaying from trusted hosts^2^.
    • Edit /etc/mail/access to include my G5 by adding the following lines:
      • RELAY
      • RELAY
    • Compile for use with sendmail:
      • makemap hash /etc/mail/access < /etc/mail/access

And that solved my problem from last night where I couldn’t send mail from my G5. Rock on — I’m learning things bit by bit. Fun!

20031017 2137: Finalize tweaking sendmail (for the moment)

  1. Tweak the sendmail update script to ease work down the road^2^.

  2. Add the following two ‘if/fi’ commands to the script shown above (20031016 2319 item 2). Running the final script will then check to see if the, aliases, or access files have been updated since it was last run, and if they have, it will rebuild and restart sendmail.

    if [ /etc/mail/aliases -nt /etc/mail/aliases.db ]
        echo Updating aliases
    if [ /etc/mail/access -nt /etc/mail/access.db ]
        echo Updating access
        makemap hash /etc/mail/access < /etc/mail/access

20031017 2206: Set up user accounts.

If you don’t know how to do that without bulleted and numbered steps, you probably shouldn’t be reading the rest of this webpage. ;) In any case, there are now user accounts for myself, dad, and Kirsten on the server.

20031017 2235: Start tweaking the webserver.

  1. Enable SSI^3^.
    • Remove the # characters (uncomment) the following two lines in the /etc/httpd/httpd.conf file:
      • # AddType text/html .shtml
      • # AddHandler server-parshed .shtml
    • Find the Directory directive for /Library/Webserver/Documents and add Includes to the end of the Options line.
    • Save httpd.conf and restart Apache.
  2. Enable PHP^4^.
    • Edit the /etc/httpd/httpd.conf file and uncomment the LoadModule and AddModule lines that handle PHP.
    • Add the following two lines (I added them just underneath where we uncommented the SSI AddType lines):
      • AddType application/x-httpd-php .php
      • AddType application/x-httpd-php-source .phps
    • Save httpd.conf and restart Apache.
  3. Allow serving SSI and PHP files by default along with HTML^5^.
    • Edit /etc/httpd/httpd.conf, find the DirectoryIndex line, and add index.php and index.shtml to the end of the line. Now, when no filename is specified, Apache will default to each choice in order — first looking for index.html, then index.php, then index.shtml.
  4. Things that I’m not going to play with yet, but will come in handy later: Custom Error Pages, .htaccess information, and password protecting directories are all covered in the document referenced at footnote 5.

20031018 0013: Back up a bit and go for better upgrades!

Well, here’s a nice find. I was poking around for other good Mac OS X apache/perl/php/sql etc. resources on the ‘net, and happened across Server Logistics, who offer pre-compiled OS X .pkg installers for Apache 2 (rather than 1.3.27), PHP4 with more added extentions, Perl 5.8.0 (rather than 5.6.0), [mod_perl 1.99_07], MySQL 4.0.15, and a few other packages that I probably don’t have a need for.

So, it looks like my next step is upgrading all of those packages. At least I discovered this while I was still fairly early on in the installation and configuration process!


Okay — all of the above listed software packages have been installed on the server.

20031018 0211: Install MovableType

  1. Download MovableType^6^.
  2. Install MovableType following the provided instructions^7^.

20031018 1432: Whoops

Well, during the MovableType install process, I realized that I needed the DBD::mysql perl module installed to allow MovableType to talk to the MySQL database. A few hours of playing then convinced me that the one downside to the Server Logistics MySQL package was that it used non-standard installation locations, which caused issues with getting DBD::mysql installed. I fought with it for a while, until I got to the point where it was easier to just give up.

My next approach was to remove the Server Logistics MySQL package, and replace it with another one that I’ve used in the past^8^. However, that installation apparently didn’t like some of what was left over after removing the prior installation, and it told me to kiss off. Not in so many words, of course, but that was the result.

So, just to be on the safe side, I’m starting over. OS X is re-installing (again) now, and I’ll go through everything I’ve detailed above (again). At least this time it’ll be easier, as I won’t have to muddle my way through figuring it all out again. I’ll set everything up the same way I had been, only using the MySQL package I’m more familiar with instead of the new one that caused me issues.

Ah, the joys of geekdom…

20031019 1258: Starting over again

So, I started over. Yesterday got OS X installed and updated. Today so far, I’ve installed the OS X developer tools, and set up and configured both sendmail and imapd. This all goes much faster since I thought to write it all down the first time!

Now I’m at the point where, the first time through, I started tweaking the webserver setup, only to get distracted partway through by finding the Server Logistics packages. This time, I’m going to start by installing their packages (except for the MySQL package), then install MySQL from the package I’m more familiar with, then continue on and see where things go from there.

20031019 1451: Last few installs before MovableType (I hope)

  1. Install lynx^9^.
    • The downloadable installer puts lynx in /usr/local/bin/ rather than /usr/bin/, and isn’t seen by the default shell after an installation. I solved this by creating a symbolic link to lynx (ln -s /usr/local/bin/lynx /usr/bin/lynx).
  2. Install wget^11^.
    • Same caveats as with lynx.
  3. Install ncftpget^12^.
  4. Update CPAN^10^.
    • perl -MCPAN -e shell
    • Follow the questions at the prompts. All defaults should be acceptable.
    • Once setup is done, at the CPAN prompt, type install Bundle::CPAN
    • After CPAN updates, type reload cpan
    • (Optional: at the CPAN prompt, type r to get a list of installed modules that have been updated. For any modules that you want to update, just type install [module name] to update them to the most recent versions.)
    • At the CPAN prompt, type install Bundle::DBI
    • At the CPAN prompt, type install Bundle::DBD::mysql
  5. Install Image::Magick^13^.
    • Well, that doesn’t seem to work (at least according to mt-check.cgi). Moving on…
  6. Install Fink^15^.
  7. Install NetPBM^14^.
    • Well, this is nice. The OS X binary package for Fink now comes with a GUI application for managing Fink packages called ‘Fink Commander’. Using that, installing NetPBM was a single-click operation, and I’m now installing the Fink package for Image::Magick also, to see if that works any better than my first attempt did. One way or another, I’ll have image manipulation available for MovableType!
    • Image::Magick threw a fit because I don’t have an X11 window manager installed. No biggie, I’ll just go with NetPBM.

20031019 1636: Install MovableType

  1. Download MovableType^6^.
  2. Install MovableType following the provided instructions^7^.


  1. O’Reilly Network: Setting up a Site Server with Jaguar
  2. O’Reilly Network: Configuring sendmail on Jaguar
  3. O’Reilly Network: Apache Web Serving with Jaguar, Part 2
  4. O’Reilly Network: Apache Web Serving with Jaguar, Part 3
  5. O’Reilly Network: Apache Web Serving with Jaguar, Part 4
  6. Download
  7. mtinstall – Installing MovableType
  8. Marc Liyanage – Software – Mac OS X Packages – MySQL
  9. Lynx text based web browser
  10. Installing Perl 5.8 on Jaguar (scroll down to ‘Testing Your Installation with CPAN’)
  11. Apple – Downloads – Unix & Open Source – wget 1.8.1
  12. NcFTP Software: Download
  13. Marc Liyanage – Software – Mac OS X Packages
  14. Fink – Package Database – Package netpbm
  15. Fink – User’s Guide – Install

Back in August I described my experience level as “somewhere between ‘power user’ and ‘geek’ — in other words, I know enough to be dangerous, but not enough to get paid for it.” While it was said somewhat tongue-in-cheek, it’s come through with a vengeance this week — especially the dangerous part.

What started as simply trying to install a MovableType plugin has, thanks to my own bumbling incompetence, rapidly devolved to the point where I may not be able to resurrect my server to its prior state without starting completely over from scratch. While I haven’t lost any information from any of the three sites I hosted (the sole consoling factor to any of this), I have managed to utterly and completely destroy all the various little connecting pieces of software that tied it all together.

Something in the old httpd.conf file (the configuration settings file for the Apache webserver) was causing issues after the system reinstall, to the point where CGI executables weren’t running, and Apache itself was sometimes refusing to start up. I’ve just reverted to the default httpd.conf file, and I’m going to need to go through the old and new files line-by-line, enabling features one by one, until I find whatever setting(s) is (are) causing the problems.

MySQL needs to be reinstalled. Once it’s reinstalled, I need to see if I can find the old MySQL database that MT was using, and then see if I can get the new MySQL installation to access it. If I can’t, then MT won’t be able to access any of the old posts, and we’ll have to start over from scratch there.

Perl is missing various libraries that MovableType uses. Off the top of my head, the Perl -> MySQL bridge that allowed MT to read the MySQL database that stored all the weblog entries for six (?) weblogs strewn across the three sites; and the image processing libraries that allowed MT and the Gallery photo album software on the site to automatically generate thumbnails for uploaded images. There are probably more missing too that I just haven’t run across yet.

In other words, to borrow an old military acronym, everything is currently FUBAR.

What I really want to do right now is call in “sick” to work so I can dedicate the day to working on the system. Unfortunately, neither my bank account nor my slightly overdeveloped sense of responsibility to my job will let me do that, so things are just going to have to stay the way they are for the moment.

The worst thing about all this is that it’s not just my own site. If it were only my own personal playground, than while it would certainly be frustrating and aggravating, at least that way I would only be causing issues for me. However, since I have been hosting the sites for both my family and a friend, I’ve now managed to knock them offline too. Bleah. Not a good situation.

Anyway. Whining about it here isn’t really going to do much other than let me vent my frustration for a bit. Work beckons, and then this evening, I’ll be diving back into everything to see what else I can break.

Well, I managed to break my server. Attempting to log in to MovableType results in long strings of errors — apparently perl is completely hosed. Time to re-install Jaguar and hope that I don’t manage to nuke the websites that are on there.

This has not been my best couple of nights.

Update: OS reinstall is done, and all three websites are visible again. MT functionality hasn’t been restored yet, though — that’s my project for tomorrow night. Right now, it’s bedtime.