Crouching tiger, coding monkey

So amid the news coming of Macworld the new version of Office for the Mac was finally shipped by Microsoft. A few days ago a big box filled with all our upgrade versions was delivered to our CIO who, without me needing to ask for it, threw one to me the second I walked into his office.
Now my relationship with Office for the Mac is long and already detailed but I was very much looking forward to the upgrade for three reasons.

1. Entourage 2004 just never worked for me. I couldn’t schedule meetings correctly, it would barf all over itself all the time, the whole thing was a complete disaster. Even if it wouldn’t be feature complete when compared against Outlook I had nowhere to go but up.
2. Word 2004 had some screwy tool bars that for whatever reason just bugged me.
3. It was slow because of the Rosetta translation for the Intel chips.

I am very happy to report that all three of my main complaints have been addressed in this version. Entourage now does work for me, just like it used to for everyone else here in the office. The ability to schedule alone is worth the price of admission especially since Apple decided to let the meeting entry UI of the Leopard iCal marinate in a bowl of liquid mouse clicking stupid before they shipped it.

I know other folks in-house haven’t seen huge speed gains but given my nearly daily usage of Word on massive documents I can definitely tell a difference. The crazy Word toolbars are gone but I suspect that those got swept away in the more modern, and dare I say shiny look, that the entire Office suite got. And that’s really the punch line of the whole upgrade. Yes it is now Intel native, yes it is better looking, but that’s about it for compelling new features. I realize that there are only so many things you can do an office productivity suite at this point but I would have figured that in four years we would have had more than a whole bunch of new layout templates that no one uses anyhow.

Oh, and Entourage still uses the DAV interface to communicate with Exchange. Four years they’ve had to port over the communications code from Outlook. I’ve got the feeling that is a political problem though since all the MacBU people I’ve ever met are more than bright enough to handle that task.

One last thing, for you Mac Surround SCM users out there, the rather controversial move to ditch VBA in favor of AppleScript has yielded dividends. Jeff has written a couple AppleScripts that bring Word document differencing to Surround SCM.

Think of it as our little gift to you, even if the gift is one of those “Man that would really useful for me and if it happens to help out the rest of the world then that would be okey dokey too” types.

So yesterday I got to have surgery to have my nose put back in the right place after my adventure playing soccer.

Anesthesia, drugs, my doctor, being able to get it done before the stupid thing starting healing and thus avoiding having to re-break it, all Very Good Things. Having the doctor tell you that the break was worse than expected since it was moved both over and in, notsomuch.

Here’s a picture of being normal:

And here’s a picture of smiling:

Smiling for whatever reason moves the face into a position where the nose actually hurts. I’ll have to wear the splint for a couple of weeks and it will be more time after that before I’m allowed to do anything vaguely athletic. On the plus side they say that pink is the new black so my splint is at the cutting edge of trendy.

In unrelated news, if you’d like to a picture of me before my nose breaky breaky craziness I’ve been interviewed in the February 2008 print issue of Dr. Dobb’s.

Now back to my regularly scheduled painkillers.

So for the faithful readers of this blog it has been a slow week with no real updates. It hasn’t been because there wasn’t anything going on, quite the contrary in fact. Let’s start at the beginning.

My wife is currently 32 weeks pregnant with our second kid. Our first kid is about three and a half years old and has a bedroom on the second story of our house. The bedroom location is important because on Monday night, after having tucked said kid into bed, my wife decided to fall down the stairs. Well, truthfully, it was less a decision and more a stroke of truly bad luck. I even got to see the whole thing happen from the comfort of my couch.

Not Good Times.

By the time I made it over to her, in sprinter speed that I didn’t know I had, she was already hurting pretty bad. Maternal instincts had kicked in and instead of falling forward she leaned backwards thus saving the new baby from any harm. The side effect was that her right leg got pinned behind her as she fell. My thought at the time:

“There is no way she didn’t just tear all the ligaments in her knee and ankle.”

I’ve seen some pretty gruesome falls in my day but that one takes the cake. So after a quick calm down, followed by her starting to go into shock, I woke up the kid, carried the wife to the car, and drove to the urgent care down the street. It turns out that she didn’t break any bones (amazingly) and it doesn’t appear that there is any actual ligament tears. Sure, there are some world-class strains and sprains but all things be equal it really couldn’t have turned out better. The only downside is that she can only walk with an aircast and even then only very slowly. Oh, and the fact that she is pregnant and can’t take drugs stronger than regular Tylenol.

Ok, so the second downside is a HUGE one.

So if that alone was all that happened this week things would be ok. But, as you’ve guessed already, of course that wasn’t it. The second shoe to drop happened just this evening during the first half of my indoor soccer game. I jumped up to head the ball clear from in front of our goal. It turns out that a player on the other team had the same idea although I got in the air first. Thus we met when I was coming down and they were coming up.

They brought the top of their head to the party. I brought my nose.

Not Good Times.

So after a blinding shot of pain I found myself on the ground. Now, I’ve been hit in the nose plenty of times and usually you don’t know whether to laugh or cry. The pain was subsiding pretty quickly when I raised my hand to my face and promptly started to bleed. A lot. A whole lot. By the time I made it to the bathroom there was a blood trail of where I walked. After I had a handful of towels to try to stop making a giant mess everywhere I looked in the mirror.

Uh-oh.

That friends and neighbors is a nose that is not in the same place of where I last left it. The bright side was I knew the hours of the urgent care where I had just taken my wife so I gathered my stuff, grabbed some more towels, and drove over. Much to my surprise the same doctor that saw my wife was working tonight so he gave me a funny look when I walked in holding my nose with blood all over my arms.

Doctor: “You look familiar, have I treated you before?”

Me: “Not exactly, you treated my wife who fell down the stairs two days ago. This hasn’t been our week.”

Doctor: “No kidding.”

After an examination and a bunch of x-rays the medical community confirmed what I knew in the soccer bathroom. That nose is broken.

To add insult to injury (Ha! Get it?) this urgent care had neither the drugs nor the tools necessary to realign the old sniffer. That means I get to play the “Make an appointment with an ENT tomorrow” to get this honker fixed.

After I left the urgent care I then got to go home and break it to the broken wife that I too had been broke up. And gone to the same urgent care. And saw the same doctor. (Although when I explained how she was doing he was pleased with her progress. I suppose that saves a co-pay by not having her come in for a follow-up.)

So my advice to you my dear readers would be to stay as far as humanly possible away from me. I’m not joking. So far my dark aura has limited itself to knees, ankles, and noses all of which are not mission critical parts. With my luck though the aura is just warming up so for your own safety I suggest just staying out of my way. But if you don’t, or if you’re a risk taker, or you have a death wise, I happen to know a great urgent care facility.

So I was cleaning out my OmniFocus today and I stumbled across this:

I had added that back when I upgraded to Leopard and turned on Active Directory authentication to be the default for my user. Now there is only one problem, my next action isn’t true anymore. In fact, I’ve disabled it completely.

Let’s start at the beginning. Three large jungle cats earlier (Tiger, Panther, Jaguar) Apple added the ability to integrate Mac OS X with Active Directory. To say that their track record has been spotty is a bit of an exercise in understatement.

Get it? Leopard? Spotty? I’m sorry, I really am.

The integration really revolves around the Kerberos authentication mechanism which to the security conscious is really the cat’s meow.

Ha! Cat’s meow. No, I’m sorry. I promise this time.

To explain all this I’ll try to sum up how Kerberos works as quickly as I can here. If you start feeling your eyeballs glaze over or a little bit of drool forming at the side of your mouth the punchline is Kerberos works because little gnomes in your computer work out deals with three headed dogs that allow everything to function properly. That being said here’s the explanation.

Start eye glazing drool inducing skippable section

A long time ago in a galaxy far far away a bunch of smart people decided that sending around usernames and passwords in cleartext on a network was a Bad Idea. Thus loads of schemes and plans and secret handshakes and backroom deals were invented to keep said Bad Idea from happening. One of those schemes worked liked this.

1. A user would enter in their username and password which through the magic of a one-way function turns into the user’s secret key. Nowadays you don’t even need a username and password, things like fingerprints or smartcards or staring funny at a retinal scanner will do. (You’ve got to remember all this stuff was invented back in the 80’s when life was simpler.)

2. The user’s computer would then send a plain text message to the main authentication server saying who it was and that it wanted a bologna sandwich or something.

3. The main authentication server happens to also have a copy of the user’s secret key so it creates a brand new session encryption key, encrypts it with the secret key and sends it back to the client.

4. The client then tries to decrypt the message to get the new session key using his copy of the secret key. If it decrypts successfully everyone yells Mazal Tov and the client stomps on a glass. Actually, that happens if someone has a Jewish wedding. If the decryption succeeds the computer just kind of sits there. If the decryption fails then the username and password must be wrong because the local secret key doesn’t work.

5. A bunch of other stuff happens when the user then requests a network service that doesn’t really apply to the story so we’ll skip it here.

6. A cool sounding name was needed for the protocol so they named it Kerberos, after the three headed hound from hell. Nice.

End eye glazing drool inducing skippable section

Now Apple has written the software for Mac OS X to act as the Kerberos client while Microsoft has written the software (Active Directory) to act as the Kerberos server. In Tiger I had configured everything to work together with one small exception, I still had the main login screen use local authentication. If I wanted to get authenticated to the Active Directory I had to open up Terminal and run the kinit command. Life was good.

Once I had upgraded to Leopard I figured it was time to join the 1980’s, err, 21st century and configure Kerberos to work with the main login screen. I did a couple clicks here, changed the permissions on a directory there and poof, there I was, trading tickets with the best of them.

That was until I took the computer home.

Once I got there and turned on the Airport, since I use the faster Ethernet at work, one of Kerberos’ heads went and ate its own tail. (This was definitely Not Good since the hellhound has a snake for a tail.) Instead of noticing that it wasn’t on the work network anymore it decided to sit and wait until the Active Directory it couldn’t find would answer its pleas for self identification. Or it would wait until a network timeout occured, whichever came first. Then, to make matters worse, once I got back to work it decided to flip the sullen, sulky bit so that if I tried to start the computer with the Airport left on from being at home it would slow everything down until it dropped the network completely. I was reduced to opening Stickies every time I worked at home with a note on the desktop that said, “Turn off the Airport you idiot” so that I wouldn’t have to double boot the next morning.

After doing this for a month I finally gave up and turned off AD integration completely. Now life is back to normal and local authentication works without a problem.

The moral of the story, I should have know that using a protocol named after a three headed dog with an OS named after a cat was a stupid idea.