I picked up the Storm because I wanted a nice big screen and I've never been a fan of the tiny physical keyboards and trackballs on the other Blackberry models; the Storm seemed like it would be the easiest conversion from the stylus-based operation of the Palm. The device seemed pretty cool from testing a co-worker's newly arrived one. So I plunked down the money and ordered one...

For those not familiar with security terminology, this article states that websites which allow uploading of Flash files are vulnerable to a security hole that lets bad guys run code that has all the security accesses of the webserver combined with those of the unsuspecting person who runs that file.

For instance, an attacker could send a specially coded Flash attachment to their victim in a gmail message. When the victim loads the attachment, it gets to do anything the gmail server could do with the victim's account; reset the password, delete messages, send messages (spam!), etc.

The scariest part is that there's not really a fix without significantly changing the way Flash works behind the scenes. In the meantime, you should avoid flash that isn't directly provided by the website you're going to. For instance, the Flash slideshow on the WOU homepage is OK because we wrote it, but if you go to somebody's personal website like "http://www.wou.edu/~joeblow" then you should be careful unless you personally know that Joe Blow isn't the kind of person to play nasty tricks.

Actually that's not really the best example, because even if Joe Blow has one of these malicious Flash files on his webspace on our server, it wouldn't profit him much because there's nothing much our webserver can do other than show you web pages. The WOUPortal and the Sun Java Email system are on separate servers, so they wouldn't be vulnerable to Joe Blow's attack. Of course, Joe Blow could send you a Flash attachment in an email, and if you open it in the Java email system, it could do nasty things to your email account.

This security hole isn't easy to exploit, but it is theoretically possible. I recommend limiting the Flash files you run on the Web; there are browser extensions to help you do that. If you use Firefox, an extension called NoScript can block Flash files (and malicious javascript code as well) on all sites except those you designate as safe. If you use Internet Explorer, you can install Toggle Flash, a toolbar button that lets you turn Flash off and on whenever you want. Instructions for both are available in (ironically enough) a flash video on the page I linked at the top of this entry. Don't worry; Foreground Security is a reputable company, so the video is safe to watch.

Anyway, time to start getting more active again.

I've made a change to wou_util.wou_ldap.vnum_to_uid, specifically to the way it deals with V-numbers that are attached to multiple user accounts. Before, if you passed a usertype as the optional second parameter, and it couldn't find a uid matching that type, it would still return a uid if it found one of another type that had the given V-number.

As of today, passing the second parameter will make the function behave more strictly; if a user account of the given type cannot be found, the function will return zero even if there is a user account or another type that has the given V-number.

In other words, passing a usertype to vnum_to_uid() means you want a matching uid only if it also matches the given usertype.

If you only pass a single parameter, the function will behave exactly as before; if multiple accounts are found, it will return the last one found. This is usually the most recently created account, but don't rely on that always being true.

Oh, and one other note: there is a new usertype, "Alumnus". All LDAP accounts of people who have graduated from WOU have this type. It is possible for someone to have both Student and Alumnus, for example if they graduated and then returned for a Masters program.

Luckily, only a couple of servers had actual hardware damage, and those didn't have anything critical on them. Several more servers shut down ungracefully or started behaving erratically. Luckily our two biggest servers, cougar and sundown, never actually crashed, but since our main network infrastructure server did, nobody could get to cougar or sundown.

Since I live so close to campus, I got called in, but it was Paul Lambert and Dave Diemer who did most of the heavy lifting. Once the major problems were cleared away, then I could do my thing. Dave was still working on three servers until the next morning, and I was up until really late babysitting the webserver, which seemed to go catatonic every few minutes for no apparent reason. We'll still be cleaning this up for a while.

The new keyboard is much, much better than the old one. The keys are offset like a standard keyboard, and the punctuation keys are in their normal places rather than shoehorned into odd corners or converted into function-key combinations. My typing speed is way up, even though the keys are slightly narrower. Here are pictures of the old and new keyboards together that someone posted to a forum; the topic includes instructions on how to get and install the keyboard.

I've also been delving more into Linux. Like I said a few posts ago, it's a lot easier than it was in the past -- however, all the geeky stuff is still there under the hood, ready to be poked and prodded and reconfigured. More on that later.

Oh, and I got VirtualBox installed without any of the finagling Michael had to do on his mini; Ubuntu 9.04 seems to have almost all the prerequisites installed already. Now I just need to figure out how to get a legal Windows CD and a drive that connects via USB-- Dell makes good machines, but even they couldn't squeeze a CD drive into this tiny box. It would have filled half the insides, even without the bigger power supply they'd have to put in.

Did I mention this thing doesn't even have a hard drive? Well, technically it does; it's just a solid-state one, like a USB stick. That means the machine doesn't have to burn a lot of power spinning a stack of metal platters, which in turn means I get over four hours of battery life even with the dinky little four-cell 32WH battery Dell put into the machine. It also means there's no need for a built-in fan, though I'm a little worried about the machine overheating and killing my battery (you do not want to get Lithium-ion batteries hot; leaving one in a car on a summer day can permanently destroy most of its capacity. For more on this see Battery University.) Ive taken to popping out the battery and running on AC only when I have a plug available; probably a bit paranoid, but I like this thing and you won't be able to get batteries for it forever.

I sprung for the extra-big 16GB drive, which may sound small compared to normal drives, isn't even a quarter full even with a full operating system, Open office, and a metric boatload of other programs. Put that in your cache and smoke it, Windows. If I ever start running out of space, there's an SD card slot for more space, plus I can always use some of the metric boatload of USB sticks I've accumulated over the years.

And I guess I'm old, because I remember when it was totally awesome that you could get a hard drive with 20 whole megabytes on it! Like, you could never fill that up for years, man! It was the size of a brick, and weighed about the same as one too. Now a thousand times that much fits on a couple of chips, and seems like not very much room. The eighties were a long time ago, and we live in the future now.

I did find out about another deal, though; they were selling 2GB memory modules for thirty bucks. Oddly enough, had I ordered my mini originally with 2GB, it would have added $50 to the price, so I grabbed the chance. I want to run Windows XP in a virtual machine on the thing, and that takes a fair chunk of RAM.

Wait, you may say, aren't you running Windows already? Nope, though you can get the Dell Minis with Windows, it's more expensive that way. To get the best price you need to get them with Ubuntu Linux. In case you're not really up on the computer world, Linux is a free operating system (well, technically a group of free operating systems) very similar to Unix, which has been around since the 1970s and is still used on a lot of servers, including many here at WOU.

Linux has been around since the 1990s, but until fairly recently, you had to be a serious computer geek to get much use out of it. The Ubuntu project is one of several efforts to change that, and it's been very successful, combining the many open-source programs and systems to build a variant of Linux that's probably the easiest ever for non-geeks to get into.

It's so easy that when I decided I didn't like the somewhat idiot-proofed version of Ubuntu that came with my Mini, I was able to completely wipe and reinstall it with version 9.04, the latest and greatest, in just a couple of hours. I'm liking 9.04 (AKA "Jaunty Jackalope" in Ubuntu's naming scheme) a lot better than the version I started with, and I only had to fix one little problem for it to work perfectly on my Mini. There are a bunch of very useful instructions available at ubuntumini.com so I didn't have to spend hours hunting around for obscure snippets of information as I did when I tried installing other versions of Linux on other machines in the past.

Anyway, back to work. After a slow few months, I'm starting to feel like I'm getting some programming mojo back, and that feels pretty good. Hopefully things keep looking up, because I'm behind on some stuff that really needs to be finished soon.

Just for being part of WOU, you get a 7% discount at any time, though to take advantage of it you'll need to create a dell login and give them your V-number to prove you're really associated with WOU. They also have $50-off deals that come and go on various systems from week to week; if you don't see the deal on the model you want, wait a few days and look again, and repeat until you do see it. Make sure you're logged in with your dell account, or it might not show you the deals!

You can find their netbooks on this page. I got the Mini-9, and I'm happy with it except for the narrow keyboard which has several keys in odd places. The brand-new Mini-10v is almost the same price, but with a slightly wider screen and a more normal keyboard.

I'll probably be posting more about this thing as the days go by.

Right now the main ones are updating the user account deletion system, automating the resetting of guest user accounts, and setting up a system for automatic creation and changing of email aliases. All very exciting stuff, I know. I'll take a minute so you can stop jumping up and down and get back in your chair.

Seriously, though, even though these kind of things are dull as dishwater to talk about, they are important. Updating the user account deletion process will let us clean out thousands of unused accounts from our servers, and free up a lot of space. This means we can go longer before having to buy more disk space, and it means a time savings for those of us in UCS who administer these accounts; several processes go way too slow because of the sheer number of accounts. Every minute we don't spend waiting on pages to load is a minute we can spend solving problems for you. The guest account reset and email alias update automation will save significant time for some of us, who can then get on with other projects.

So, even though projects like this aren't sexy and cool, they are important. Saving time and money is always a good thing. but even more so right now.

To save this extra step, I've developed a system that can look at a CRN entered in Moodle, and go to Banner and get the roster of students registered in that course, then create an enrollment record for them in that Moodle course. This was a little hairy to figure out because the Moodle database doesn't just say "this student is enrolled in this course"; there's an abstraction layer I don't fully understand, but I did figure out how to use it to enroll a student.

I'm just waiting for the CRNs to be entered into Moodle, and then I can run the script. I'll set ut up to run every morning for the first few weeks of the term, to catch late adds. I don't yet have a good way to unenroll a student from a course, so the professors are going to have to handle drops on their own.

The ultimate goal is to automatically create a Moodle course component for every course listed in Banner for a given term, but that's still a ways off. I'll need to dissect the process by which Moodle course shells are created, and find a way to do that via a script.

The next major project is to clean up our user database before we move to the new LDAP, email and calendar servers sometime in the next few months. We have several thousand accounts ont he system for students who did not graduate but have not registered for any classes for two years; over the long term, we're going to delete accounts when they reach that point, but the first time we do it, we'll be getting rid of about five years' worth at once.

This will mean cleaning out a lot of disk space, too, at least hopefully. Students already lose access to their files after they leave or graduate, but a lot of that stuff is still on the system. Graduates will still keep their email addresses, as long as they log in every couple years or so, but they won't have an on-campus network login, or any file storage.

I feel like we've been running around putting out fires for so long, it'll be really nice to actually make some progress on something like this.

Oh, and I'm on Facebook now if anybody's into that. Just look for me by name; there are more Swartzendrubers than you might expect, but only one Ron who is listed as Western Oregon staff.

Other than that, the main thing I'm working on now is a way to automatically create everybody a Moodle account, so we can link Moodle to the WOUPortal. In case you aren't familiar with Moodle, it's our main tool for online classes, or for adding online content to normal classes. Some of our online class stuff is still on the old WebCT server, but most of it has been moved to Moodle. To check out Moodle, go to http://online.wou.edu.

The next project is to automatically enroll students in the Moodle courses as soon as they register for the class in Wolf Web. I've figured out the basics of how to do this, but the tricky part will be to detect when people drop courses, and un-enroll them in Moodle.

Luckily, I have a semi-automated procedure to create new blogs, so if anybody is offended that their empty, unused blog was wiped without their permission, I can recreate it in under a minute. Well, OK, luck has nothing to do with the fact that this procedure exists. It's there because I created it. All these after-midnight workdays have to count for something, you know. (No I'm not whining... late nights mean I get to come in late in the afternoon. Yes, my schedule is weird. Yes, my boss is very generous and forgiving. And yes, it's late at night and I may later regret being so glib.)

Anyway, progress on the specific problems:

• The permissions issue was actually caused by a misconfiguration on the old server that gave it too many rights. The new one is set up correctly (and much more securely) but this means that some old blogs that were set up under the old, too-loose security rules won't work now that things are the way they were supposed to be all along. (No, I will not explain exactly what was wrong and how it's right now, sorry. We can't give out detailed security info.) Anyway, I still need to go in and fix some of the blogs, but the major ones have already been taken care of.
• The style problems happen because the upgrade didn't change the templates on the existing blogs. The company says "User data is sacred and we never change it", which is really just a nice way to spin "We couldn't possibly upgrade the actual contents of your blogs without messing them up really bad." Luckily, I found a way to upgrade the templates on an existing blog; it's been successfully tested on two blogs, and now I need to apply this fix to everybody's blog, except those which were so highly customized that the owner doesn't want their templates converted to the generic MT4 versions. Those people probably aren't going to be applying the canned styles anyway, so this problem won't affect them.
• The random logouts were caused by a subtle error in the code I added to the blog server to make it compatible with the WOUportal single sign-on system. I just found that and fixed it... or at least, it seems to be fixed, because I'm not getting logged out anymore. And, oh yeah, logging into the WOUportal automatically logs you into blog admin, too.
• Then there's the blog stats widget thing. I have no clue here, sorry. Of course, that widget didn't even exist on the old server, so I don't consider it a gigantic tragic loss.

Anyway, back to work....

• People with blogs outside their public_html folder may encounter permission errors when rebuilding (eh, they call it "publishing" now) their blog
• If you apply a style to your blog, it will completely mess things up and your blog will look like the computer puked. (That's the technical term, anyway)
• You get randomly logged out when administering your blog
• the blog stats widget doesn't show anything

I have yet to figure out why this is. I can fix the permission errors when they are reported to me, at least. And newly created blogs won't have any problem with styles. I just wish we didn't have 42 million blogs on our system (well, OK, I exaggerate. It;s really a bit over 13,000, of which fewer than 500 have even one entry.)

FeH. OK, I need to get back to working on this thing instead of complaining about it.