I’ve finally got the iChat por­tion of my Mac Mini Server up and run­ning. It turned out that some fairly impor­tant parts of the process were poorly doc­u­mented (or not at all), so I decided to write down the process in the hope that some­one set­ting it up in the future will have bet­ter luck with their search results than I did.

Ini­tial DNS Setup

The very first thing I did, before I even took the Mac Mini out of the box, was get its domain name set up. I’m on a cable modem, which means that all of my com­put­ers have local IPs (192.168.x.x) and share the same exter­nal IP address, which is sub­ject to change at any time. That’s obvi­ously a prob­lem for any kind of server, but for­tu­nately it was solved long ago by dynamic DNS ser­vices. These work by giv­ing you a sub­do­main such as orangeroad.ddnsservice.org, which resolves to your cur­rent IP, and auto­mat­i­cally updat­ing the DNS record when­ever your IP changes. I signed up for an account with FreeDNS, which is sup­ported by my router’s firmware, so it will auto­mat­i­cally keep my sub­do­main on their ser­vice updated.

Next I logged into the admin­is­tra­tive inter­face for the orange-road.com domain, which has been hosted for many years by the excel­lent Mac-centric host­ing ser­vice MacHigh­way. I then cre­ated a CNAME record point­ing frontier.orange-road.com to the fully qual­i­fied domain name from Free DNS. There were some other DNS changes needed later, but to avoid con­fu­sion I’ll cover them later, where they fit into the process.

Finally, when I started up Fron­tier for the first time I told it that its name was frontier.orange-road.com. The actual server has no knowl­edge of the Free DNS FQDN. I assigned it a sta­tic IP address in my local sub­net, and then logged into the router to for­ward all the ports I’d need (there were quite a few) to that sta­tic local IP. With all this done, an out­side request for frontier.orange-road.com will (so long as it’s for one of the for­warded ports) end up at the Mac Mini Server.

Get­ting a Signed SSL Certificate

When I set the server’s name, it auto­mat­i­cally cre­ated a self-signed SSL cer­tifi­cate. In order to avoid poten­tial prob­lems from poorly designed soft­ware putting up scary warn­ings or pos­si­bly refus­ing con­nec­tions via XMPP, I wanted to get this signed by a cer­ti­fi­ca­tion author­ity. A few days before I’d read an arti­cle which men­tioned StartSSL, which issues free certificates.

On the server side, the soft­ware makes it very easy to export a spe­cial file called a Cer­tifi­cate Sign­ing Request, and then import the signed cer­tifi­cate once it’s received from the CA. The process of actu­ally get­ting cer­tifi­cate signed proved tricky, but thanks to StartSSL’s very help­ful Eddy Nigg I was even­tu­ally able to man­age it. The trick is that when you first go to their web site it seems like you’re request­ing a signed cer­tifi­cate, but what you’re really doing is cre­at­ing an entirely new cer­tifi­cate which iden­ti­fies you for log­ging in to their sys­tem. Once that’s done, it’s sim­ple to paste the con­tents of the CSR file exported by the Server app into a form and then down­load the signed cer­tifi­cate. The trick is to know ahead of time that it’s a two-stage process.

Set­ting up SRV Records

At this point my iChat ser­vice was up and run­ning and I could use the XMPP address khagler@frontier.orange-road.com. How­ever, I wanted to make it just khagler@orange-road.com, so that my IM address would be the same as the email address that I’ve had since 1996. To do this, I needed to cre­ate DNS SRV records to send XMPP traf­fic for orange-road.com along to frontier.orange-road.com (the actual orange-road.com machine is a web server in Col­orado which would just ignore XMPP traffic).

The sys­tem my host­ing provider uses to admin­is­ter the orange-road.com domain, cPanel, doesn’t have a way to cre­ate SRV records so I wasn’t able to do this all myself as I did with the CNAME record ear­lier. I new that MacHigh­way wouldn’t be able to offer any sup­port for this, so I care­fully checked and re-checked and then sub­mit­ted a sup­port request ask­ing them to man­u­ally enter the fol­low­ing lines into the record for the orange-road.com domain:

_xmpp-client._tcp.orange-road.com 14400 IN SRV	0 1 5222 frontier.orange-road.com
_xmpp-server._tcp.orange-road.com 14400 IN SRV	0 1 5269 frontier.orange-road.com

Once I got a reply from MacHigh­way sup­port that the change had been made, I checked with dig and con­firmed that every­thing was work­ing per­fectly on the DNS side. Note that if I had used the Free DNS FQDN it would have worked, but that would also have made it impos­si­ble for me to move to another dynamic DNS ser­vice should the need arise with­out bug­ging some­one at MacHigh­way to make another man­ual change for me.

Fix­ing the Server’s Iden­tity Crisis

At this point I dis­cov­ered that as far as the iChat ser­vice was con­cerned it was still frontier.orange-road.com, and it was cer­tainly not going to allow users of orange-road.com to con­nect! I needed to change the name that just the iChat ser­vice had for itself, with­out affect­ing any­thing else on the server, and this turned out to be the biggest headache of the whole process, mostly due to the gen­eral lack of doc­u­men­ta­tion. After a great deal of search­ing and a few red her­rings, I finally came up with the answer: sudo serveradmin settings jabber:hostsCommaDelimitedString = "orange-road.com" (the iChat ser­vice is actu­ally a vari­a­tion of jabbered2).

Chat Room DNS Setup

The last thing I needed to do was cre­ate a DNS record for the multi-user chat part of the iChat ser­vice. This has its own sub­do­main, “rooms.” fol­lowed by what­ever the host name is–in this case, rooms.orange-road.com. To get it work­ing, I cre­ated another CNAME record which pointed to that Free DNS FQDN. That com­pleted the setup, and if I ever need to change dynamic DNS ser­vices, or if I get a sta­tic IP at home, I can make all the nec­es­sary changes with­out have to involve any­one else.

The three patents Microsoft is ham­mer­ing the Nook with—and why they may be invalid.

Microsoft’s com­plaint against Barnes & Noble’s Android-based Nook devices has been nar­rowed down to just three patents, with the US Inter­na­tional Trade Com­mis­sion hav­ing to decide whether Nook devices infringe on sev­eral patented meth­ods of inter­act­ing with and down­load­ing elec­tronic doc­u­ments. Barnes & Noble is also ask­ing the ITC to declare the patents invalid because they cover obvi­ous and triv­ial functionality.

Microsoft’s ITC com­plaint, which was filed in March 2011 and tar­gets Fox­conn and Inven­tec in addi­tion to Barnes & Noble, cited five patents. One 1994 patent related to “new vari­eties of child win­dow con­trols [that] are pro­vided as sys­tem resources that appli­ca­tion pro­grams may exploit,” and a 1997 patent related to how browsers load and dis­play con­tent in portable com­put­ers with lim­ited dis­play areas have since been dropped from the case.

[Ars Tech­nica]

Here’s the sen­tence in the arti­cle that explains what this is really all about: “The rul­ing will be an impor­tant one in Microsoft’s quest to extract money from every Android hard­ware ven­dor.” In other words, hav­ing dis­mally flopped in their every attempt to develop a mobile device, Microsoft has given up on com­pe­ti­tion and turned to extort­ing money from com­pa­nies that actu­ally can develop use­ful devices.

Ear­lier this week I added this Mac Mini Server, which I named Fron­tier, to my home net­work. It’s a bit strange after so many years of work­ing with Macs, and help­ing to admin­is­ter Win­dows and Linux servers, but this is actu­ally my first Mac server!

I got it pri­mar­ily as a file server for scanned pho­tos, but I’ve also enabled the iChat Server, which is Apple’s front end for the pop­u­lar XMPP server jab­berd. The idea is that once I’ve got some DNS stuff straight­ened out I’ll finally have the same address for instant mes­sages that I do for email.

The Akismet plu­gin, which I use to block com­ment spam here, has a dis­play of how much com­ment spam I’ve received. The amount has been going up ever since I turned com­ment­ing back on, with the total spam for Jan­u­ary being 2,279. That’s more than twice the amount of email spam I received in the same period, despite have had the same email address (widely dis­trib­uted across mul­ti­ple web­sites) for six­teen years. I don’t really see why peo­ple would bother gen­er­at­ing so much com­ment spam–I can’t even remem­ber the last time I saw a spam com­ment get through to somebody’s weblog.

A while back I had to turn off com­ment­ing on my weblog after the anti-spam plu­gin I had been using stopped work­ing with newer Word­Press ver­sions. About a month ago I started using the Akismet plu­gin, which made it pos­si­ble to turn com­ment­ing back on. One of the fea­tures of Akismet is a dis­play of total spam and total real com­ments over time, and accord­ing to that dis­play for the month of July (the first full month that I used it) my weblog received 489 spam com­ments and two real comments.

Man­ag­ing Mac OS X Lion’s appli­ca­tion resume fea­ture. [Mac­FixIt]

This arti­cle has some very use­ful infor­ma­tion on how to con­trol Lion’s resume fea­ture, includ­ing how to dis­able it on a per-application basis and how to cre­ate a spe­cific unchang­ing resume state.

The Evil Empire has done every­thing it can to shut down dona­tions to Wik­iLeaks, and it’s been pretty suc­cess­ful. I decided to try mak­ing a dona­tion of $100 using one of the alter­na­tive meth­ods avail­able: Bit­coin. This was a multi-step process. First, I had to trans­fer money from my check­ing account to Dwolla, which took four days. From there, I trans­ferred the money to Mt. Gox, which took another day. Once it was there I pur­chased $100 worth of bit­coins, which was about 7.14 at the time. Finally, I sent those bit­coins to the dona­tion address for Wik­iLeaks. The last two steps took just a few min­utes, most of which was spent deal­ing with the Mt. Gox interface.

Over­all, this was rather incon­ve­nient due to the has­sle involved in actu­ally get­ting the bit­coins. I expect this will only get worse in the future, as Bit­coin is some­thing of a com­peti­tor for Dwolla. Pay­pal has a long-standing pol­icy of cut­ting off busi­nesses which are in any way involved with alter­na­tive cur­ren­cies (steal­ing their bal­ances in the process)–we saw that with e-gold well before they were attacked by the Evil Empire. I wouldn’t be at all sur­prised if Dwolla either adopted an anti­com­pet­i­tive pol­icy them­selves, or else were ordered to by Gestapo agents.

The good news that once I actu­ally got my hands (fig­u­ra­tively) on the bit­coins, it was triv­ial to bypass the block­ade on WikiLeaks.

If you get writer’s block, just let the cat walk across the key­board, and debug the result.

Learn­ing Perl

While try­ing to get my cable modem speed upgraded, the cable com­pany sales­man tried to pitch me their home phone ser­vice for $30/month. When I pointed out that I’m cur­rently pay­ing $5/month for Skype, he said that their home phone ser­vice wasn’t VoIP, so it would work when the Inter­net con­nec­tion was out. In other words, I should pay six times as much for their ser­vice because the other ser­vice they’re already pro­vid­ing is so unre­li­able. I guess cable ser­vice sales­man is one job that requires a good sense of humor.

Skype fires sev­eral man­agers after Microsoft deal clears. Although Microsoft has made Skype a sep­a­rate divi­sion within its orga­ni­za­tion and has promised con­tin­ued sup­port for its exist­ing struc­ture, the cuts are unlikely to assuage fears that Microsoft may reshape Skype in a way that hurts non-Windows plat­forms or Skype itself. [Elec­tro­n­ista]

They cer­tainly aren’t assuag­ing my fears any. I jet­ti­soned my over­priced PSTN ser­vice in favor of Skype six years ago and have gen­er­ally been happy with it, but even before the Microsoft pur­chase their sup­port for OS X was indif­fer­ent and for iOS down­right bad. I wouldn’t be ter­ri­bly sur­prised to see Skype become Windows-only in the future. Not only that, Microsoft has a his­tory of buy­ing per­fectly good prod­ucts and wreck­ing them.