They are:

1. Currently, on the default feed page we all see when we log in, the DHTML has been progressively more auto-updating. There are some good reasons for this, and in general I support it, however, when I’ve got a text input field active the very last thing I want you to do is cause that text field to scroll off the bottom of my browser window, especially in the middle of my typing. Currently, that happens a couple of times a day.
2. Similarly, someone came up with the idea (about which I’m ambivalent, in the truest sense of the word) to slim down the comment entry fields. First, the comment button was removed, forcing us to all shift-return in order to enter line breaks rather than post the comment (which infuriated a lot of people, but that isn’t what I’m going to complain about here). Then the whole area was slimmed down by removing the thumbnail version of our profile picture to the left of the text entry box. So far, not really a problem.But: when I click in one of those boxes, then decide I don’t have a comment and continue scrolling, then find a hyperlink that I would like to click on, here’s what happens:
   1. I click where the hyperlink is;
   2. the focus is removed from the text box where I had placed it previously;
   3. that triggers the DHTML to unmap the thumbnail of my profile photo that it added when I clicked in the text box;
   4. the page is pulled about 5 pixels either up or down to account for the change in size of the iframe containing the text box;
   5. the mouse-down event that I had sent back in step a is finally delivered.

   What’s the problem here? Well, because of step d, my pointer is no longer above the hyperlink I clicked in step a. So the result is that a whole bunch of crap I don’t care about happens, but the one thing my gesture indicated I wanted to do (follow the hyperlink) does not.

Here are my suggested resolutions:

1. FUCKING KNOCK THAT SHIT OFF!

   This isn’t complicated: if a text-entry field is active, which the DHTML can query, hold off on the addition of new events until it isn’t. I know you’re all 23 years old, but think really hard to that CS 101 class you took 6 years ago. Remember semaphores? Fucking USE them.

2. FUCKING KNOCK THAT SHIT OFF!

   This one’s a bit trickier, but how about you don’t bother unmapping the thumbnail just because I clicked out of the text box? Even just clicking in/out/in a text box causes this, which makes the whole layout visually herky-jerky. Just queue those mapped thumbnails for the next time you feed in new events, making the whole page jump around anyway (about which, see item 1), and process them then. You remember “queues” right? That might not have come up until CS 201, but this is a pretty trivial linked-list implementation. Hell, it doesn’t even have to be a queue, it can be a stack: nobody cares what order you process them in.

Yeah, sure, this’ll never happen, because Facebook engineers are of the Linux generation / CADT model (see also, for wise words on the “fixing bugs isn’t fun, let’s rewrite from scratch” attitude employed by these bottom-feeders), but it’s good to want things.

Oracle Registration violates RFC 5321

If you’re involved with OpenOffice.org, this is why I haven’t registered your product, even though I recognize that doing so would benefit you by demonstrating the volume of users. I put up with this horse hockey for registrations for something I actually need, but I don’t need to register an Oracle web account: you need me to. So get this fixed or fuck off.

And, just to be clear, RFC 5321 §2.3.11 clearly states:

The standard mailbox naming convention is defined to be “local-part@domain”; contemporary usage permits a much broader set of applications than simple “user names”. Consequently, and due to a long history of problems when intermediate hosts have attempted to optimize transport by modifying them, the local-part MUST be interpreted and assigned semantics only by the host specified in the domain part of the address.

By “intermediate hosts” we mean you, web form “developers”.

Knock it the fuck off!

Before Storage Lifecycle Policies (SLPs), the only way to automate duplication of backup images in NetBackup was the duplication step of a Vault profile. While that does function, it was only ever clumsy at best. In the old (pre 6.5) NBU environment, there were two logical constructs, controlling the who/what/where/when/how of backup images through their lifetime. These were:

Backup Policy

• who - which clients to back up
• what - which files to back up
• where - storage location for FIRST* copy of the backup
• when - backup start windows but, more importantly here, how long to keep that first image copy
• how - details about client communication/snapshots/so forth

Vault Profile duplication

• who & what - which backup images to work on (including for duplication)
  • limitation: vault must be constrained to only look for backups whose primary copy was written between the last N days ago and M hours ago
• where - storage location for SECOND copy of the backup
• when - how long to keep the duplicated copies

* … unless inline tape copy is in use. But nobody actually uses ITC.

And then Vault also does things like catalog backups and ejecting tapes to go off-site, but it does those things well, so I’m not considering them here.

SLPs are inserted as a configuration tier between the above two tiers, allowing one to specify in a single place how a given set of backup images are treated throughout their entire life time, including all copies of the image, regardless of logical or geographical location. In a post-6.5 world, with SLPs in use, the sections look like this:

Backup Policy

• who - which clients to back up
• what - which files to back up
• where - explicit reference to an SLP
• when - backup start windows only (retention managed by SLP)
• how - details about client communication/snapshots/so forth

Storage Lifecycle Policy

• where - list of all copies that will be created for a given backup image whose policy/schedule targets this SLP
  • permits hierarchical definitions (duplication Y should come from backup image X, duplication Z should come from duped image Y is a common use)
• when - retention period for each hierarchical tier

Vault Profile duplication

• responsible only for catalog backups and tape ejects

So, what SLPs buy us is a single location (or just a couple of locations; most environments end up needing more than two, fewer than five) to manage where all copies of a backup image are kept and how long they’re kept. This fixes two major flaws in the old method:

1. Should business policy change and retention periods change, in the old model, every single backup policy would have to be changed. In the new model, only the SLPs need to be modified.
2. In the old model, if backup images aren’t successfully duplicated before they age out beyond Vault’s look-back window, they will never be duplicated unless the vault profile is modified and a one-off job run, which is precisely the tangle that Guy’s in now. In the new model, the SLP engine will begin attempting to duplicate backup images as soon as the first copy is successfully written and will not give up on a given image unless explicitly told to do so; Vault’s only job is ejecting the tapes that the SLP duplications produce.

So, there you have it. Go forth, shun Vault duplications, and sin no more.

Anyhow, a portion of my response to them, edited only mildly (mostly to fill in a detail here or there that anyone who knows me in person, such as the recipient, already knows; also to make efficient use of HTTP for footnotes, because I don’t strictly hate the format, just its misuse, the deeper humor of which you may appreciate shortly) follows.

At 2011-08-20 14:19 -0700, [REDACTED] wrote:
>    You know, my Email doesn’t do that
>    >
>    >
>    >
>    thing anymore, which is inconvenient, because I do like to respond to Emails in chunks.

OH BOY have you touched a nerve with me there. None of the following is directed at you, so you can skip it entirely, but if you’re curious…

Once upon an apparently more gentle and simple time on the Internet, before, if you can believe this, the hyper-text transfer protocol (HTTP) and, thus, the world-wide web, we all just sent email as plain, goddamn text[1]. In order to reference material that someone else had sent, there was a de-facto standard of progressive indentation with a single character (and, for readability, a space), and a single quote line (often repeated on later quotation for simplicity) so that the conversation read like a mother-fucking conversation, should it be referred to later or any third party brought into the conversation. And the world was Good.

Then, along came the web, graphics, HTML email and, especially, Microsoft Outlook[2]. For reasons I’ll never, ever understand (it was simpler to code it that way? Maybe? But even that doesn’t make sense) the default behavior in Outlook (and, in fairness, Lotus Notes, which is a really great application environment with a really terrible mail reader UI) was to quote the entire previous email thread, including all kinds of crap that was no longer relevant, and put the user’s insertion cursor, upon reply, at the very *top*.

That simple decision had two major, I have to believe, unforseen implications, both of which I find to be undesirable.  You see, people in a hurry just replied where the cursor landed.  While that’s an understandable impulse (and even one that makes sense: quick messages should just be quick messages, skip the editing), there are two significant side effects.

First, in order to review the full conversation in context, the *reader* must scroll all the way to the bottom and then read not precisely upwards but down, then up, then down in spurts which are a stupid waste of time.

Second, *all* of the messaging history is retained, not just the parts that remain relevant to the continuing conversation, which is just a waste of message transfer resources (in the modern day, this is statistically irrelevant as compared with unsolicited commercial email, but the fact that your neighbors throw all of their refuse out the window onto the street is not a justification for you to litter).

Part of the reason that this *really* chaps my hide is that back at my first job out of college, back when I actually thought it was worth my while to swim upstream against the significant torrent and install an operating system other than Windows on the computer I used day-to-day for work on the basis that it’d make me slightly more efficient at my job, I was happily emailing away when my boss’s boss, the CTO, upbraided me (for bonus points, through a co-worker, my peer) for not adhering to the “quote fucking everything” format. His basis for this was that he, an adult male working in the IT industry at least since 1990, had grown used to the ass-backwards way Microsoft thought he should read email, and trying to read my emails (in which I quoted ONLY the relevant portions of emails, in an effort to *save* the reader time) irritated him. There were a lot of reasons I got fired from that job, but that’s definitely one of them. (In the end, my solution was to quote everything attached to the end of my edited-for-reading email, and I never heard anything more about it, but I’m pretty sure he caught my implied bird as flown.)

Now (as in “these days”, not just a convenient linguistic interjection), not only does Outlook work this way: Apple’s Mail.app works this way; Lotus Notes (for the forlorn few who still maintain it) works this way; Yahoo mail works this way; the insanely-popular-in-German-speaking-nations GMX.net works this way; inumerable web-based mail readers work this way; G-fucking-Mail works this way.

I’ve lost this fight, and I know it, but there are certain offenses up with which I will not put.

How is my mail reader different? My mail reader is Mutt. It is entirely text-based, and it runs only in a text-based interface (I believe that there’s a version that runs under Windows in the command terminal, but I wouldn’t know, since I no longer swim against that particular stream, so I just use Outlook for work, although I do use Mutt, through a screen(1)-maintained SSH session, in Terminal.app, on my home computer; you know, rather than using Mail.app). The interface to move through messages is obtuse if you’re used to pointy-clicking everything (although, if you enable keyboard shortcuts, gmail actually uses the same ones that Mutt does), but it’s familiar and efficient to me (you may recall, if you know me, that I generally advise people to keep using whatever computer interface they’re used to using), and you, my reader, don’t have to give a shit about that… because the messages that it produces are FUCKING LEGIBLE. Should I like to read email from an outside mail provider (rather than the mail server I take care of myself), I can do that, because I can use extablished protocols (IMAP and POP) to retrieve those messages and another (SMTP) to send messages back to it.

More relevantly, Mutt quotes the entirety of the message to which I’m responding, noting from whom it’s quoting that message in a single line at the top, indenting the quoted material with “> ” on each line. It puts my editing cursor at the top of that file to add my response… which line begins, “At 20…”. And then I insert my responses, in context, as appropriate, and elide the portions of the message to which I’m responding that are no longer relevant. Except for that one ex-boss, I haven’t had any complaints.

So… if your mail reader is not working for you, perhaps it’s time to consider a change? I’m not suggesting you install Linux on that Windows laptop, not even that you buy a Mac, but you really aren’t locked into what they think is a good idea. Given that they’re giving you the service for free, you probably can’t force them to change back as a customer, but you maybe don’t even have to change email addresses to do it. Just a thought.

[1] We also posted to a shared-resource “news” protocol, called Usenet using the Network News Transfer Protocol (NNTP), using whatever software we chose to use, rather than posting to isolated and radically different web forums and blogs using whatever crackpot webform whoever owns the server where it’s running decided was a good idea. But that’s a whole separate rant.

[2] Actually, not Microsoft, but NeXT, the short-lived computer company Steve Jobs left Apple in a huff to found in the early 1980s, was the first primary offender here, but NeXT users were also Unix people, and they generally eschewed the crappy email format, so MS is really to blame for forcing this crap on the world. Also, NeXT failed, and NeXTStep, the OS they built, became Mac OS X, after Apple bought the scraps, after Steve went back. NeXTMail is, thankfully, totally dead, not that Apple’s Mail.app mail reader is all that great, really. But, again, that’s a separate rant.

Stamps.com's Physical Spam

Okay, let’s see here:

[0] % ls /Volumes/873-SDM-CD001
AUTORUN.INF                   browser_printPackages.exe
STAMPS.ico                    browser_printPackages.opt
browser_getStarted.exe        browser_printStamps.exe
browser_getStarted.opt        browser_printStamps.opt
browser_learnMore.exe         demo.swf
browser_learnMore.opt         setup.exe
browser_printEnvelopes.exe    stamps.exe
browser_printEnvelopes.opt
[0] % diskutil list disk2s0
/dev/disk2
#:                       TYPE NAME                    SIZE       IDENTIFIER
0:        CD_partition_scheme                        *39.0 Mi    disk2
1:       CD_ROM_Mode_2_Form_1 873-SDM-CD001           32.6 Mi    disk2s0

So, stamps.com spent 19 cents to create 1.125 oz of trash, only 0.675 oz (the cardboard) of which is recyclable to get 32.6 MB of data to me… that I can’t use anyway, because it’s Windows-only. Super fail.

Incidentally, measured those weights using my perfectly functional analog kitchen scale, without the need either for digital readout, let alone USB connectivity.

This leads to the question: whence were those credit cards often stolen? Right, from businesses who did store customers’ credit card numbers and did not maintain security sufficiently. So, sure, I’ll totally put all of my credit cards in the same place: that sounds like a great idea!

Incidentally, a component of my job right now is to set up software on top of Splunk to help companies that do store credit cards (and other personal consumer information) demonstrate compliance with the PCI DSS Standard. No part of the current state of affairs makes me happy:

1. The standard is not written very well. There are obvious gaps and, as with SOX and HIPAA before it, expectations made of technology that are simply unrealistic, if not functionally impossible to implement algorithmically. (My favorite easy-to-grasp example of this kind of flawed thinking remains an off-handed item in HIPAA: in theory, you are required to destroy all records of a deceased party exactly two years after their date of death, including all backups of that data. Yes, really.)
2. Comprehension of the standard is worse than SOX and HIPAA, in several ways.
   • It is up to a given business, in cooperation with their auditor, to determine which of their systems fall into the several categories defined in the standard (PCI scope, systems that transfer consumer information and CCNs; cardholder, systems that store not just consumer information but actual CCNs; everything else). The standard presumes that it defines these classes clearly, but it is demonstrably not clear enough, given that ostensibly similar businesses have made different determinations about which systems fall where.
   • Different auditors demand disparate degrees of compliance with the standard and ding businesses for various miniscule details while, apparently (based on a game of telephone, of course: I just know what our customers tell me their auditors are demanding of them) disregarding whole swaths of the other requirements. The first part is theoretically okay (on the principle that a business is moving into compliance, but acknowledges that they aren’t there yet), but the second part is absurd: if the various private auditors are not holding all businesses to the same set of rules, then it’s not a “standard”.
3. Compliance with the standard is awful. (Before you panic, see also point 4.) The software I work with can help businesses comply, but because it is necessary to ensure that log data from all systems within PCI scope go into Splunk, and necessary to understand the inner workings of Splunk fairly well to know whether “no results” for a given dashboard (specific to a PCI DSS Requirement) means “no violations” or “something changed and the data’s not coming in properly”. I’m less than confident that some of the customers I’ve worked with will actually maintain this well, which doesn’t need to be a judgment of those with whom I’ve worked: it’s often just the rate of turnover at the customer.
4. Actual data security is very mixed. Some customers are doing better than the PCI DSS Standard would require them to do (and, in some cases, actually need to compromise their security standards just to make use of the software I set up with them), some are positively atrocious (minor nit: it’s 2010, people; if you’re even still cutting backups to tape, you simply have no excuse for lacking encryption). For obvious reasons, I won’t mention any names here, but if you know me personally and you’re considering giving your credit card to a business for recurring payments on anything (like, say, your phone bill), maybe you should run it past me first.

Well. That one kinda got away from me…

I guess a shared lib was swapped out under them?

I’m in the process (this is the first step) of writing up a white paper on this, so this is very much the DIY version. I make no guarantees: don’t be stupid. Take a catalog backup before you start on any of this, don’t permit any backups to run until you’re sure the system is functional again (bppllist -allpolicies | awk [details elided, as I'm not on an active NBU system at the moment] to note the active policies, then deactivate them all before you start), so forth.

This is tested, through some serious trial and error, in the migration of a 6.0MP7 environment, running on Windows 2003sp2 ia32, to a replacement master server, on Windows 2003sp2 x64, subsequently upgraded to 6.5.6. This is a process, not a magical bullet script that you can go run. Do not even dream of doing this if you don’t understand what all the commands listed here do without my explanation.

I’m also going to go ahead and just post a transcription of my notes, which I do intend to come back and wrap words around later (since I plan to write this up, at least for internal consumption at my employer), but at least this’ll be something if it takes me a while to come back to it.

• dump to files bppllist for all policies, bpstulist for all STUs, nbstl for all SLPs, so forth on the old master before you start; it’ll make rebuilding shorter (and you will need to rebuild; policies go across, but STUs will need to be rebuilt, and if you do the wrong thing at the wrong time, you’ll cause a policy to forget what STU / SLP it used to use)
• fresh 6.0MP7 on new master (nbmaster) and migration media server (nbmedia4)
• add nbmedia4 to old env
• configure DSU
• catalog backup to DSU
• nbemmcmd -deletehost -machinetype media -machinename nbmedia4
• remove nbmedia4 from SERVERs
• shut down svcs on nbmedia4
• add new master and swap in as master in BAR
• regedit to remove old master and replace new master in EMMSERVER
  • HKLM\SOFTWARE\VERITAS\NetBackup\CurrentVersion\Config
• start svcs on nbmedia4
• add nbmedia4 as a media server on nbmaster
• add DSU STU for nbmedia4 on nbmaster referencing same directory
• copy catalog BU file across to nbmaster (either straight from netbackup/db/images/<old master>/<date spec>/… or because you had the common sense to configure the DR tab in the catalog backup policy config)
• run the catalog backup recovery wizard (GUI or bprecover -wizard), referencing that file
• push nbmaster as a server to all media servers and clients through the old master while that’s running
• after catalog restore completes, on each media server:
  • stop svcs (netbackup stop / bpdown -f -v)
  • swap nbmaster in as the master and EMMSERVER (either bp.conf or regedit; remember to double-check vm.conf, regardless of OS, for stray references to the old master)
  • start svcs (netbackup start / bpup -f -v)
• at this point, master will start, but be inconsistent
  • nbemmcmd -listhosts will show all media servers
  • nbemmcmd -getemmserver will only show nbmaster and nbmedia4 as being “in domain”
• preferably, upgrade nbmaster to 6.5.3 or later here (or the second substep in the next step is way more time-intensive/scripted)
• for each media server, running commands on nbmaster:
  • bpmedialist -mlist -l -h <media server>
  • bpmedia -movedb -allvolumes -newserver nbmaster -oldserver <media server>
    • (-allvolumes is a 6.5.x addition; you can just loop around the output from the bpmedialist, and you’ll have to do that to put the media DB entries back on the media server where they came from, but…)
  • nbemmcmd -deletehost -machinetype media -machinename <media server>
  • nbemmcmd -addhost -machinetype media -masterserver nbmaster -netbackupversion 6 [or 6.5, or whatever; untested below 6.0MP5] -operatingsystem <whatever> -machinename <media server>
• at this point, the media servers should be back, but their devices won’t show up and their STUs, while still present, won’t work (and if you start poking at them, you’ll break them entirely)
• redo device config (through the GUI wizard or through tpconfig, whatever grabs ya)
• bpstulist at this point should claim that there are no STUs configured, but the GUI should still show them (because it’s picking them up from the policy config, but it doesn’t know what goes in them)
• for each STU configured on the old master:
  • bpstudel
  • bpstuadd (with the appropriate config)
• go back and loop bpmedia -movedb around your output from bpmedialist to put the various media DB entries back to referencing the media servers that created them, rather than nbmaster
• TEST!!! with new policies
• activate your old polices, strategically testing as you go
• if you run into 23/24/25 errors, then you’ve got your new master in a different DNS zone than your old one, or DNS was broken on some of your old media servers and clients, and you either weren’t noticing or had forgotten /etc/hosts entries you’d made… this is an excellent time to atone for that sin, for which proper use of bpclntcmd -pn is your friend

This update adds several new print product options to iPhoto ’09:

• Hardcover books can now be ordered in a new extra-large (13ʺx10ʺ) size
• Includes three new book themes with travel-oriented designs: Tropical, Asian, Old World
• A variety of new holiday greeting cards themes are now available

The update is recommended for all users of iPhoto ’09.

Really guys? You’re pushing a software update that will store extra binary data (161 MBs!) on my computer for a feature I will personally never use that includes content that you could have delivered by way of HTTP request within the app (especially given that it’s not possible to use those ordering features without an Internet connection to complete the purchase). Are you really sure you want to do that?

Just look:

% ping -c 5 google.com
PING google.com (74.125.67.100): 56 data bytes
64 bytes from 74.125.67.100: icmp_seq=0 ttl=55 time=1218.912 ms
64 bytes from 74.125.67.100: icmp_seq=3 ttl=55 time=731.904 ms
64 bytes from 74.125.67.100: icmp_seq=4 ttl=55 time=968.861 ms

— google.com ping statistics —
5 packets transmitted, 3 packets received, 40% packet loss
round-trip min/avg/max/stddev = 731.904/973.226/1218.912/198.844 ms

(See also.)