Mike’s blog posts – Mike O'Connor

Are projections of registration growth in generic top-level domains realistic?

Intro

Exactly five years ago today, I published this little rant about the growth rates projected for the new “generic top level domains” that were being introduced by ICANN at the time. You know, domain names that end in things like .run or .lol or .bot (yep, those are all real alternatives to .com or .org if you’d like to strike out into new territory).

I decided to update it with the way things have turned out.

Original post – March 7, 2014

I was reading the Appendices of a recent ICANN report when I came across an interesting assumption built into their analysis. The boffins that did this portion of the study are projecting 22% annual growth in total domains for the next five years.

Here’s the reference that caught my eye:

You can find this on page 150 of the newly-released Whois study — done by the Expert Working Group on gTLD Directory Services. Here’s the link to the study — https://www.icann.org/en/system/files/files/final-report-06jun14-en.pdf

The thing that struck me was that whopping 22% annual growth rate. Partly this is due to some pretty optimistic assumptions about the growth in the number of new gTLDs (I’m willing to bet any money that the beginning of 2015 will not see 200,000 gTLD domains in the root). But leaving that aside, 22% year over year growth isn’t something we’ve seen since pre-bubble glory days.

Here’s a little chart I put together to show you the history. We’re running about 4% growth right now. A long way from 22%. If I were building budgets for ICANN, I’d be seriously researching where these projections are coming from and applying a pretty serious quantity of cold water. Just saying…

UPDATE: March 7, 2018

I decided to update this post given that we’re at the end-point of that projection that caught my eye (start of 2018). Here’s my last version, as of the end of 2017 – the first two chunks are the same, the reddish one is what happened.

I think this falls in the “not even close” zone. New gTLDs never approached 22% a year growth and no new rounds of gTLDs have been added since the first batch of 1000 or so hit. Yep, toward the end, the growth rate was headed for negative territory as lots of the aggressive “first year for free” domain names weren’t renewed. The world needs a zillion new subsequent-round gTLDs exactly… why?

Notes to the nit-pickers:

The assumptions were in a scoping study done by IBM to determine how much a system would cost — so these numbers could have been pretty old, given how long the EWG had been running. I worried at the time that ICANN was using similarly optimistic numbers in their budget projections. Looks like they did, as they’re in retrenchment mode right now.
These numbers do not include ccTLDs (since IBM didn’t)
Verisign was quite far behind in publishing their quarterly statistics reports, so I finished up with RegistrarStats data. No warranty expressed or implied, especially since the site was decommissioned just as that annual growth rate started to approach zero.
Here’s a link to the 2018 version of the file that creates the charts. The payday tab is the first (far left) one — cleverly-named “Sheet 1” — which contains the data, the calculations and the charts. Warnings. The layout is ugly, the documentation is sparse. The “Notes” page has URLs for the data sources although they may not work any more. The rest of the tabs are (some of) the (erratic, sortof-monthly) downloads from RegistrarStats. Click HERE for the file (about 1 mByte).

Etude: November 2017 – Challenge: Two Minute Romantic Comedy Trailer – Hans Zimmer Masterclass

November 2017 – “Romantic Comedy Challenge”

We were provided instructions and a voice track (narration and character-dialog) by an imaginary director who is looking for a score for romcom trailer. The “director” set a one-week deadline! I sweated this one a bit, given that this is also Fall Projects season here at Prairie Haven.

Pretty darn cool challenge. This was by far the most complex mix I’ve done in quite a while, 26 tracks across 13 scenes (in 2 minutes!).

Some fun! Here’s the link to the 2 minute trailer.

Here are the characters:

Arabella is the female lead. Struggling to find her way in a man’s world.
Cartwright is the male lead. Cynical, jaded, tired.

They get their own intertwining themes — Arabella first, then Cartwright

Lucinda and Ramon are a secondary plot element for contrast with the primary characters, and are foils for the primary characters’ emotional unavailability.

They also get their own themes, but a little lighter than the two romantic leads

Maxwell is a poor sap in Accounts Receivable. (he doesn’t get any music at all, poor guy)

Scenes:

First is an office scene, Arabella monologue directed at silent Maxwell.

I’ve provided an office-space soundbed plus printers and keyboards in addition to Arabella’s theme.

Second is Cartwright giving his cynical take on human relationships in a Chicago bar.

Soundbed is a bar — we hear Cartwright’s theme

Third is Ramon and Arabella in a garden – Ramon’s getting suggestive, and Arabella doesn’t get it.

Here the soundbed is a field recording from here at Prairie Haven, we hear Ramon’s theme and listen to it crash as Arabella completely misses his cue.

Fourth is Cartwright’s therapy office – Lucinda’s getting suggestive, and Cartwright doesn’t get it.

Soundbed is an office, plus the ticking of his client-hours ticking clock. Lucida’s theme goes well for a second, but Cartwright really shuts her down.

Fifth is Arabella and Cartwright in his therapy office, a first counseling session.

Same office soundbed with the ticking clock. This time we hear parts from Arabella and Cartwright’s themes alternating as each of them talk.

Sixth is Lucinda and Ramon finding each other and getting each other’s suggestions all too well.

Perhaps that same bar where Cartwright expounded earlier. This time their two themes (and conversation) fit together perfectly.

Seventh is Arabella and Cartwright, continued.

Back in the office — this time both their themes are played together in full.

Installing Flow-Rite battery watering on a Polaris Ranger EV

Definitely a narrow-audience scratchpad post. We love our electric Polaris Ranger EV utility vehicle here at Prairie Haven. But putting water in the batteries is not a lot of fun. Messy, tedious, slow, etc. So today’s project was to put a battery watering system in.

UPDATE: one month later and the results are in

Wow. This is a complete success. We just watered the batteries for the first time and several things stand out. First, the batteries required dramatically less water — only a few ounces on each bank of four batteries. Second, the batteries didn’t require any cleaning because there was no spillage at all — unlike before where the battery tops were always covered with battery acid and needed extensive work before starting to do the watering. Third, as a result the job only took 5 minutes instead of the 3 hours we used to spend. Pry these out of our cold dead hands. Now, back to the original post…

Project start: 3pm

Standing on the driver’s side. There’s the diagram of the finished system (see below), an example of the gizmo that’s going to go into the batteries, the battery compartment and the really-useful ratchet box wrench for loosening the battery hold downs.

Bag of watering gizmos

The kit came disassembled, which I really liked because we only needed to loosen the battery hold downs, not take them off. We could thread the hoses under the hold downs and wires before hooking them to the watering gizmos.

First couple watering gizmos

We picked the easiest ones to learn on (the hardest ones are at the back – you owners already know this). Having the hold downs loose was helpful for wiggling the gizmos in, but the breakthrough came when we started twisting the lockdown handles of the battery caps a bit. The little handles are what really collide with the hold downs, twisting them out of the way made a big difference.

Cutting and installing the tubing was easy — we mostly used the measurements on the diagram, especially the 8-inch lengths. Some of the longer runs (10-14 inches) had to be custom measured because the diagram didn’t match the layout of our batteries. We’d just stick one end of the tube on, hold it close to its destination and then snip it to fit. We wound up with about a foot of tubing left over, but we were prepared to steal some from the water hook-up hoses if we ran short.

It goes a lot faster with two people splitting the tasks

Here’s Marcie dropping gizmos into the batteries. It’s way more than twice as fast when two people can each be concentrating on half the job at hand. Otherwise there’s lots of changing position/tools.

All done: 5pm

This is the way the finished product looked. This is the first side, just to keep things straight. The whole project took a couple hours and we could do it much faster now that we’ve done it once and learned some tricks.

Layout diagram

I know, the copyright notice is pretty intimidating — but hey, this diagram’s on their web site for all to see. Here’s the link to their site:

https://flow-rite.com/sites/all/files/file/pdf-pro-fill/layouts/POLARIS-96V.PDF

The part number for this rig is BG-U96V-1G

You also need the little squeeze-bottle filler that drops into a gallon of distilled water.

Results: The next morning

We watered the batteries (and cleaned them) this morning, remembering to charge the batteries before filling them. What used to be an “all morning project” was a short job that fit in before Marcie headed off for her real all-morning project.

Here’s an action shot — showing off my battery-watering pants. They’re more like a battery-watering apron these days. I think they can now be retired.

We splurged and spent a few minutes cleaning the batteries so they’d look spiffy for this final photo. Compressed air to spray off the debris, liberal dose of battery cleaner, rinsed them off with the hose and another round of compressed air to dry things off.

We were wondering if we’d be able to tell when to quit pumping water and accidentally overfill the batteries. No worries there — the little squeeze bulb just quits, we could both feel the really abrupt transition to “no more room” as we went to full-batteries. Those little floating shut off valves work great.

Today’s watering took about a gallon of water (pretty normal) and 15 minutes (pretty nifty!).

The EV

Here’s a picture of the compleat EV — purple collecting bags, wide/smooth tires and a watering system.

Winter Tips:

I talked to the folks who sold us the kit about what to do in winter. My main concern was that trapped water would freeze and rupture the tubing. They told me that the water finds its way into the batteries as the water level drops enough to open those valves back up. My plan is not to water the batteries in winter, just to play it safe.

Wide tires on a Polaris Ranger EV

We’ve been noticing that the Ranger has been pretty tough on our trails here at Prairie Haven. Our pet theory is that the EV (plug in electric) version of the Ranger is quite a bit heavier than a normal one and that the standard (narrow, aggressive-tread) tires add to the problem.

The Mission: wider tires for the Ranger EV

We’ve just mounted four Carlysle 25x11x12 Multi-Trac (574369) turf tires . These are a little wider than the standard tires and have a much less aggressive tread pattern. Here’s Marcie on her test drive — early returns are positive.

You can see that the footprint is much wider than the standard tires if you click on the picture and look at where the tires are dirty from Marcie’s 200 yard test drive. I think these may be a little over-inflated as well. Taking them down to about 7 psi may improve this even more.

The Tricky Bit: front fitment

The back tires are just mounted on the standard rims. They’re a little too wide for the rims so we added inner tubes (we’d already done that to the stock tires, so those just moved over to the new ones).

The front tires are also mounted on the stock rims, but they need spacers to clear the suspension. You can track down the 2-inch spacers we used by including “WP024” in your search for 2-inch spacers for a Ranger ATV/UTV. Four of them (we only used two) will cost about $100 on Amazon/eBay. Here’s what they look like on our Ranger.

Pro tip – my half-inch-drive sockets were too big to drive the spacer’s lug nuts: The lug nuts that come with the spacer need an 11/16 or 17mm deep socket and they reside at the bottom of deep wells in the spacer (take a look at the first photo — the empty holes are the wells I’m talking about – there are lug nuts at the bottom). 1/2-inch drive sockets are too big/thick to insert into those deep wells. I bought a 3/8th-drive, 11/16ths, deep socket at the hardware store that fit fine. Take the spacer along on the shopping trip — all this will make more sense once the spacer (and the lug nuts that come with it) are in your hands.

Here’s how it looks with the tire mounted…

The key clearance is between the tire and the front suspension. Mounting them without spacers doesn’t quite clear. Here’s a picture showing the clearance now that they’re mounted with the spacer.

And here’s a picture that shows that the wide tires still clear the fender at full lock — by about an inch. Cozy, but not a problem for our laid-back use of the Ranger. I wouldn’t want to race on this rig.

Push custom light guides and knobs from Kontakt to Komplete Kontrol

A scratchpad post to remind myself how to configure a Kontakt instrument so that light guides and knobs will show up correctly in Komplete Kontrol. There’s a video walkthrough at the end of this post.

Here’s a picture of the destination – the light guides appear on the keyboard and Komplete Kontrol knobs are mapped to the patch in two banks.

Light Guides

Use the Factory/Utilities/Set Key Color script to set the key colors. This is saved as part of the instrument, in Kontakt.

Mapping to knobs on Komplete Kontrol

Use “host automation” within Komplete Kontrol to map knobs to controls within the Kontakt patch. These mappings are saved as user presets within Komplete Kontrol not Kontakt.

Use the Factory/Utilities/6 MIDI Controllers script to “make controls visible” if they’re not directly available for host automation. This takes two “save” actions. The script is saved into the Kontakt instrument, the host automation mapping is saved as a user preset within Komplete Kontrol.

Here’s a video walkthrough.

Scratchpad post: clearing up a failed nameserver transfer between Godaddy and Cloudflare

This one’s going to get the least hits ever, I bet.

I transferred the authoritative nameserver of a domain from Godaddy to Cloudflare and things got stuck. The NS propagated pretty well, but it never got picked up by Google or Verisign’s public DNS (check with https://www.whatsmydns.net). Since my ISP uses Google’s 8.8.8.8 server for customer DNS, I couldn’t reach my sites and mail got goofy.

The problem turned out to be outdated DS records that lingered at Godaddy after I tried their DNSSEC product, had all sorts of problems and turned it off. DS records aren’t deleted automatically in that process — they need to be deleted manually on the Domain Details/Settings tab. Who knew? Why should I have to know??

Google (and Cloudflare, the destination authoritative server) saw the outdated DS records and ruled the domain bogus. In the case of Cloudflare, it never completed the setup process (constantly rescanning the nameservers and saying “Pending Nameserver Update”).

Google’s public DNS simply wouldn’t resolve the names and returned SERVFAIL. Here’s an example of the dig command when it was failing (note the period at the end of the command).

dig @8.8.8.8 www.example.com.

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 www.example.com.
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 42587
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.example.com. IN A

Here’s the result of a query to DNSVIS.NET query of the name. It’s pretty incomprehensible but if you get a page that looks like this, you’ve probably got the same problem I had.

This was the page that cracked the case for me:

https://developers.google.com/speed/public-dns/docs/troubleshooting

One last thing. Here’s the page where you can flush the Google DNS cache for a domain.

https://developers.google.com/speed/public-dns/cache

Talk: Restoring a Prairie Haven with renewable power

NEWS

July 1, 2016
For Immediate Release

Wings Over Alma welcomes Mike O’Connor to present:
Restoring a Prairie Haven with Renewable Power

Alma, Wisconsin Wings Over Alma Nature & Art Center is featuring another facet of the O’Connors ‘unfarming’ restoration project in Buffalo County. On Sunday, July 17, 2016 Mike will share how the farm (Prairie Haven) generates more electric power than it consumes.

Mike and Marcie O’Connor are in the process of returning an old dairy farm in Buffalo County back to the savanna and prairie that was there before the land was settled. As part of the “unfarming” restoration project they installed solar panels to meet their energy needs.

Mike’s presentation will describe their solar power system, how it works, why they installed it and preliminary financial results. The O’Connors heat their house and run their Tesla electric car, utility vehicles and smaller tools like chain saws with the solar power they generate. This is bound to be an informative presentation you won’t want to miss. Be sure to bring your questions!!

Wings Over Alma will be hosting the presentation in their new location 110 North Main Street, Alma, WI.

The event begins at 1:00PM on Sunday, July 17th and there is no cost.

Contact:

Leslie Wilkie
leslierobinsonwilkie@gmail.com
651 334-9407

About Wings Over Alma

Wings Over Alma, Inc. is a non-profit community organization seeking to enhance and promote awareness of the Upper Mississippi River environment and raise the level of regional arts and crafts appreciation.

www.WingsOverAlma.org

WiiMote -> OSCulator -> Wekinator -> OSCulator -> Ableton Live

This is a scratchpad post to remind myself how to put together a machine-learning system on a Mac. This won’t work on a PC as some of the software is Mac-only. In this configuration a WiiMote (input device) is connected to Wekinator (real time interactive machine-learning software) through OSCulator (OSC bridging and routing software). Wekinator outputs are mapped to MIDI to drive Ableton Live through another instance of OSCulator.

Here is a block diagram (clicking on it makes it bigger)

Before beginning

Grab a copy of the following .oscd templates to simplify the connection from OSCulator to Wekinator — https://github.com/fiebrink1/wekinator_examples/tree/master/inputs/Wiimote/WiimoteViaOsculator_MacOnly . This example uses the 3-input template.

WiiMote to OSCulator

WiiMote to OSCulator is a built in feature of OSCulator. Open OSCulator with the 3-input template linked above. Open the sliding panel on the right side of the main OSCulator page, turn on the WiiMote, click “Start Pairing”. Here’s the way it looks when it’s working.

OSCulator to Wekinator

This first instance of OSCulator translates the motions of the WiiMote into OSC messages and pushes them to Wekinator on Wekinator’s default UDP port (6448). If you’re using the example .oscd file, this should be working now. I’ve included the mapping if you are building this from an empty OSCulator file.

If you are starting from an empty OSCulator file, here is what the Parameters page looks like in this first instance of OSCulator. If Wekinator is running, locating and selecting these entries should be available through the drop down menus.

Wekinator to OSCulator (this is the second instance of OSCulator)

The default Wekinator output port is 12000. The second instance of OSCulator (instantiated through File/New) is set to listen on port 12000. If Wekinator is running, OSCulator will pick up the Wekinator outputs and they should be displayed in the Messages column of OSCulator.

2nd instance of OSCulator to Ableton Live

OSCulator has been configured to convert the OSC messages from Wekinator to MIDI CC messages in this example. I picked those message numbers because they’re within a range (85-90) that’s generally not used by other devices.

Once OSCulator is producing MIDI, Ableton Live can be trained to apply those MIDI signals in the normal way. Turn on the MIDI Map Mode switch (blue, in the upper right corner, says “MIDI”), click on the control that should receive the MIDI signals and toggle the device on and off in OSCulator. The mappings will appear in the box on the left (under “MIDI Mappings”) as they’re added. I found it useful to turn all the devices off (untick the boxes in the left column) before starting the mapping.

Notes and Tips

I found that controls sometimes wouldn’t work. It turned out that sometimes controls were set to a higher value than the maximum value coming to them from OSCulator. So the control wouldn’t “pick up” the MIDI signal. Setting the unresponsive control (eg. “Warmth”) to zero solves that problem.
Signals coming into Live were quite jittery at first. Cranking up the “Smoothing” settings in the 1st instance of OSCulator fixed that.

Electrical repair of Power Trac PT-1850

A scratchpad post as I diagnose and repair an electrical fault in our Power Trac PT-1850. Pretty sparse right now, just starting.

The Problem:

Reset circuit breaker
Turn ignition on without starting motor — I get the normal beeps, flashing strobe and 12.4 volts on the gauge (normal for a 12 volt battery at rest)
Crank and start the motor
Voltage drops to around 11 volts (indicating to me that something is really pulling hard, maybe a short) and stays there for about 15 to 30 seconds, then the breaker pops and the voltage jumps up to 13.2 (pretty normal alternator-charging voltage, battery seems to be getting charged up).
With the breaker open/popped the strobe stops flashing. But tilt seat, emergency seat switch and draft control are still operational and the tractor made it back to the barn (about a mile).
Use the ignition switch to shut off the engine (which is weird because the breaker is right in front of the ignition switch in the wiring diagram, so why does it still work?)
The ignition switch is dead *after* I shut the engine off — no strobe, no beeps, no voltage on the gauge when I key it on.
Return to number 1 above

My current theory is that I have a short (first project — see if I can figure out which circuit it’s in, and where). One option is to replace the alternator (I have one coming, but at $600 I’d like to avoid opening the box if I can).

Wiring Diagrams

Here’s a PDF I got from Power Trac (which is newer than my machine and doesn’t match up as the next one – figuring out which one is right is another task for today)

1850 Wiring diagram 6-1-20110001

Here’s an older GIF (I need to retrace my steps to figure out where I found this on the ‘net)

MySQL repair or replacement on OSX Server (Yosemite)

Another scratchpad post. This one is a reminder of what I did to repair MySQL on OSX Server after the upgrade from Mavericks to Yosemite kinda broke things.

I was working to solve two problems: intermittent “unable to connect to database” errors on all our WordPress sites, and the dreaded “unable to update PID” errors when starting and stopping MySQL.

I think the “unable to connect” errors are caused by intruders trying to brute-force break the passwords on my (roughly 35) web sites. This problem can possibly be cured just by doing the “tuning” steps at the end of the cookbook.
“Unable to update PID…” type problems are more symptomatic of a broken MySQL implementation and probably require the whole process.

None of these were terrible (a system-restart every few days kept things more or less in check) so I limped along for a while after upgrading from Mavericks to Yosemite, but it finally drove me crazy and I decided to upgrade MySQL and rebuild all the databases.

The cookbook

I tried several approaches and finally landed on one which I can reliably repeat in the future (as long as the good folks at Mac Mini Vault continue to provide their magnificent script).

backup:

I used backups from all sorts of places. I thought I was being a little over the top, but things went wrong and I was really glad to have all these safety nets. Here were the backups I had available:

Time Machine backups of the /usr/local/mysql/ directory
Pre-upgrade copies of the /usr/local/mysql/data/ directory (and their Time Machine backups)
Historical (nightly) MYSQLDUMPs of all the databases (and their Time Machine backups). Use this command to write each database to a text file. I have a script that does all 35 of my databases at once, every night.
```
sudo mysqldump -u root -p[root_password] [database_name] > dumpfilename.sql
```

clear out the previous installation of MySQL:

This was by far the hardest part to get right. MySQL doesn’t have an “uninstall” script and reacts badly when little odds and ends are left over from previous installations. My OSX Server has been running MySQL since OSX Lion and there was a fair amount of cruft left behind that was causing some of the trouble. Here’s my current list of things to move or remove (although not all of them will exist on any given machine):

move the old data directory (/usr/local/mysql/data/) to someplace else (yet another backup)
rename the old base MySQL directory (this is the directory with the version-number that the mysql alias points to – I renamed rather than deleted as a backup)
remove the /usr/local/mysql alias (it’s going to get recreated during the install, pointing at the new/correct base directory)
move MySQL.com out of /Library/StartupItems/
move My* out of /Library/PreferencePanes/
move My* out of your account’s /Library/PreferencePanes/ (I had two mismatched ones of these, one lurking in /Users/admin/Library/PreferencePanes that was really old)
edit /etc/hostconfig and remove the line MYSQLCOM=-YES- (If it’s still there — this was left over from the days when MySQL shipped as part of OSX Server)
remove entries for receipts for mysql in /Library/Receipts/Install-history.plist (I edited the plist with a text editor to do this)
remove receipts for mysql in /private/var/db/receipts/
remove mysql-related scripts from /Librarly/LaunchDaemons/
remove any aliases for mysql.sock from /var/mysql/, /etc/ and /private/var/mysql/ (I’ve had good luck leaving the directories in place and just deleting the aliases – ymmv)
If the Mac Mini Vault (MMV) script has been run before, here are a couple more things:
- remove the MYSQL_PASSWORD item from the desktop
- remove MySQL-install.plist from your /Downloads/ directory

install MySQL using the MMV script:

NOTE: the folks who maintain the script only support it for a clean install of MySQL on a freshly-loaded version of OSX. So this cookbook is OUTSIDE the bounds of what they support — please don’t complain to them if things break. Instead thank them for sharing this script publicly, and consider buying some of their services.

Click HERE to read an introduction to the script on MMV’s site

Click HERE to read the important documentation of the script

Last step: change the MySQL root password:

sudo mysqladmin -u root -p'MMV-generated-password' password 'mypasswd'

MySQL should now be running properly. I restarted the server to make sure MySQL started up on a reboot. I also started and stopped MySQL a few times from the command line to make sure that the “unable to update PID…” problems were solved:

sudo /usr/local/mysql/support-files/mysql.server stop
sudo /usr/local/mysql/support-files/mysql.server start

I do NOT TRUST the MySQL preference-pane that is installed in OSX System Preferences and don’t use it – that may have been another source of dreaded “failure to update PID…” errors. Just sayin’

import the databases:

I chose to rebuild my databases from the nightly dumps. I tried various versions of “moving the data directory back and using the Update command” and had a rough time with all of them. Besides, rebuilding the databases for the first time in many years seemed like a good housekeeping item. I have about 35 databases — it took about an hour. Note: change all the ‘mydb’ ‘myuser’ ‘mypasswd’ to values that match your environment.

Log into mysql as MySQL’s root user:

mysql -u root -p'mypasswd'

Create the databases in mysql using this command:

create database mydb;

Create a user for each database in mysql using this command (btw Sequel Pro 1.0.2 is crashing when it creates a user — a known bug, just do it from the command line). Note: I’m assuming that you’re only using MySQL for WordPress sites like I am, and only need one user per database — this process will get a lot more tedious if you have multiple users per database.

grant all privileges on mydb.* to myuser@localhost identified by 'mypasswd';

Import the text-dump of each database into the newly-created empty one using Sequel Pro — File > Import

tuning:

Two things have really helped with the brute-force attacks. Opening up MySQL a bit and changing a setting in PHP.

To give MySQL a little more oxygen, I followed the guidelines in a sample .cnf file that came with the Mac Mini Vault script. I slightly changed the settings, mostly to make them conform to MySQL standards (I’m not sure whether this matters).

edit /usr/local/mysql/my.cnf and add these lines at the very bottom (these are just a starting point, feel free to fiddle with them a bit):

innodb_buffer_pool_size=2G
skip-name-resolve
max_connect_errors=100000
max_connections=500

edit /private/etc/php.ini and turn off persistent links. Here’s the way my file looks right now:

; Allow or prevent persistent links.  
; http://php.net/mysql.allow-persistent 
mysql.allow_persistent = Off

Image courtesy of Stuart Miles at FreeDigitalPhotos.net

Drone links

This is a scratchpad post for links to Drone articles that have caught my eye

Click here – to get back to the “Aerial Favorites” page on PrairieHaven.com

Why the Drone Revolution Can’t Get off the Ground

Someone Crashed a Drone on The White House Lawn

NYTimes article about the White House drone

Of Guns and Drones

Giving the Drone Industry Leeway to Innovate

Days of Wine and Droning – Gail Collins

Audubon Socieity – How Drones Affect Birds

The Verge – Deadmouse on Drones (Youtube video)

IEEE Spectrum – California’s No-Drone Zone

HackADay – 1 hour home-brew drone build project

Bloomberg – FAA says small drones will provide significant benefits

Politico – President Obama executive order on drone privacy due soon

NYTimes – New to the archeologist’s toolkit, the drone

NYTimes Editorial – Regulating the drone economy

IEEE Spectrum – What Might Happen If an Airliner Hit a Small Drone?

Bloomberg – What the French know about drones that Americans don’t

Life after ICANN

Several of my ICANN pals have asked “how are you doing??” recently and I decided to write a little blog post to make it easier to describe the current sorry state of affairs.

Basically, dropping the ICANN stuff has freed up a lot of time. What follows is a sampling of how I’m filling it.

I’ve been doing a *lot* more music. Just learning how all the new electronic instruments work, and work together, is probably a full-time thing. I’m looking forward to winter when I’ll have a bit more time indoors to get at that. But today it rained and I fooled around with some new software (Komplete Kontrol) that rolled in. This is a completely unedited snapshot of what I was doing — except this is only a couple minutes out of several hours of playing around

www.haven2.com/KompleteKontrolTests1.mp3

The farm is indeed taking up a really large part of my time right now. Spring and fall are busy seasons for me and all my machines (Marcie is busy all the time, that story is over on her blog — PrairieHaven.com). Right now I’m out on the tractor pretty much any chance I can get. The last few days have focused on mowing invasive Aspen trees out of one of the prairies that Marcie has planted. Here’s an action shot taken from my seat on the tractor…

And here’s a picture of the field when I was done later that afternoon — the goal is to mow as little as possible, while still knocking out the little brushy trees. A few years ago i had to mow that whole field, so all the little un-mowed places are definitely a step in the right direction. The last few years of ICANN, there wasn’t enough time to do this right.

I’ve been playing with a new toy — a drone. Here’s a picture of two of them — the big one is the one that takes pictures and video, the little one is the one I’ve been using to teach myself to fly (it’s much better to crash a $40 drone than a $1300 one, although I’ve crashed the big one a bunch of times and it seems to be holding up OK).

And here’s a picture i took from the big drone yesterday, showing the mist moving out of our valley that morning. Marcie has posted a few of the videos on her web site ( http://www.prairiehaven.com/?page_id=24997 )

Then, there’s the continuing battle against frac-sand mining here. All those beautiful bluffs you can see above the mist are the target of the miners — they’d like to peel the tops off of them, extract about 20 meters of sand, and then pile all the stuff back up again (thus completely wrecking the environment around here). I’ve been fighting them since 2010 and we’ve been pretty successful at keeping them out of this area. I’ve been keeping track of a lot of that stuff here on this web site.

FracSandFrisbee.com

There’s been a big change in the makeup of the County Board, mostly due to all the activism that sprouted up around the frac sand issue. One upshot of that is that I’ve just been appointed to a committee that keeps an eye on the land-information system that the County is responsible for (stuff like survey-quality section and quarter-section markers, online property descriptions, deeds, and the like). Just as my interest in ICANN focused on the proper tracking and treatment of domain names, I’m really interested in this land-information stuff. So I still have a hand in the policy-making game.

Another hobby that suffered while I over-committed to ICANN was woodworking. I have a pretty nifty woodworking shop here at the farm and I used to do pretty elaborate projects down there. The last few years of ICANN really chewed into that and I’m looking forward to getting back into it this winter. I went wild about a week ago and started cleaning up the shop and getting things reorganized. Here’s a link to a blog post that describes a typical “big” (all-winter) project. This was a dresser I built for Marcie just before I got caught up in ICANN-madness. You can read the whole blog post (showing some of the intermediate steps) HERE

There’s more, but this is probably enough to give you the picture.

I recently read a quote somewhere that a person should have no more than two hobbies. I’ve got a ways to go to get there, but I think it’s good advice.

Adding SSL to my OSX server

I decided it was time to make a little statement and add “always on” encryption to this completely innocuous site. The online equivalent of moving a lemonade stand inside a bank vault. Now when you read about refurbishing my car, or fixing a seed drill, you’ll be doing it over an encrypted connection.

This is another scratchpad post for folks who run an OXS Server and want to use a multi-domain UC (unified communications) SSL certificate. The rest of you can stop here — this is probably the most boring post of all time.

UPDATE – May 2016 – Cloudflare Origin Cert on an OSX Server:

This section describes using Cloudflare Origin Certificates, the following section is the original post where I was installing a Godaddy cert.

I’ve taken to using Cloudflare for all my sites. If you haven’t come across them, I heartily recommend you take a look — they’re a pretty nifty gang. Somewhere along there they added SSL to all the connections from end-users to their servers but that left the link from Cloudflare to my sites unencrypted.

They now support several ways to secure that connection – most of which are free. Free is good, since commercial certs to cover the 20 or so websites I host start to add up. I decided to try implementing their preferred approach where they issue me an “origin cert” (rather than using a self-signed cert which wouldn’t give end-users as much confidence).

Doing that on OSX Server is dead simple. Here are the steps

Create a new cert-request on OSX Server.

We’ll create one for my buddy Foo (at bar.com).

Which results in a cert request that looks like this

Go to Cloudflare (I’m assuming the site is already established there) and submit the cert request. Note that I’ve elected to submit my own CSR. Cloudflare has a pretty interesting process to do it on their own but I decided I needed to generate the CSR within OSX Server in order to have a socket for the cert when it is issued.

Cloudflare generates the cert and provides it in a variety of formats. I elected PEM format and the certificate appears in the window. I copied/pasted/saved that text into a new text file (demo-cert.pem in this example) and saved it to the desktop of the server.

Back to OSX Server now. The CSR shows up as a pending cert in the Certificates window. Double-clicking it results in this screen. Drag the newly-saved demo-cert.pem file into the Certificate Files box and all is complete.

Create a new SSL web site, use the newly-installed cert, point it at the same directory as the port-80 cleartext site, do a redirect to the port-443 site to complete the job. Don’t forget to tick the “allow overrides using .htaccess files” box in Advanced Settings for the site so’s the permalinks work.

Original post – August 2014 – Godaddy Cert

I’m a happy Godaddy customer, so the examples in this post are Godaddy-oriented. But the theory should apply to any Unified Communications (UC) cert vendor.

Single-domain cert

Here is Godaddy’s list of steps for installing a standard single-domain cert. Click here to view the help page these came from. The process for a multi-domain cert is almost the same, but let’s start with “vanilla.”

To Generate a CSR with Mac OS X 10.7-10.9

On the Mac, launch Server.

Click Certificates on the left.

Click +.

Click Next.

Complete the on-screen fields, and then click Next

Either copy the CSR that displays, or click Save and save the file locally.

After you have successfully requested a certificate, you need to install the certificate files we provide on your server.

To Install an SSL Certificate with Mac OS X 10.9

Download your certificate’s files — you can use the files we offer for Mac OS 10.6 (more info).

On the Mac, launch Server.

Click Certificates on the left.

Double-click the common name of the certificate you requested.

Click and drag the certificate and bundle files into the Certificate Files section.

Click OK.

This installs the certificate on your server. To verify its installation, you should see your certificate’s common name listed in the Settings menu.

Multi-domain Unified Communications (UC) cert

There are two things that are different when using a UC cert.

Change #1) Use one CSR to request the cert

Create one certificate signing request (CSR) in the OSX Server app, no matter how many domains are going to be covered by the UC cert. The CSR is just creating a socket into which the certificate is going to be installed by OSX Server and only one such socket is needed.
All of the domains added through Godaddy’s “manage Subject Alternative Names (SAN)” process will work once the cert is installed.
Take care in choosing the domain name when creating the CSR. This will be the “common name” on the cert and is the only domain name that cannot change later. This is the apex of the hierarchy of the cert and is the only one that will appear if site-visitors view the cert.
The picture below is an example of the Godaddy management interface looking at a (prior version of) the cert that secures this page. That cert appears in OSX Server’s list of Trusted Certificates as “server.cloudmikey.com” — that name came from the CSR I generated in OSX Server.
The alternate domains that will also work with this version of the cert are “cloudmikey.com” and “server.haven2.com” but those names are entered at the Godaddy end, NOT through CSR’s from OSX Server.
To restate — just create one CSR and add the rest of the domains through the cert-vendor’s Subject Alternative Name process. In my case, the domain in the CSR was for “server.cloudmikey.com”

Change #2) Add domains to the cert BEFORE downloading it to OSX Server

Don’t download the cert that’s created from the CSR just yet. It will only have the Common Name and doesn’t yet include the other domains that the cert will cover
In the case of the cert shown above, the SANs “cloudmikey.com” and “server.haven2.com” were added through Godaddy’s cert-management interface before I downloaded/installed the cert.

Follow the vendor-provided download/install steps.

Now that the cert has the proper names added, it installs the same way a single-domain cert does (see above).

To recap Godaddy’s instructions: download the OSX 10.6 version of the files, unzip them, click on the pending cert request in Server, drag the two unzipped files into the CSR when it asks for them, click OK and wait a bit while the cert installs.

Verify that the cert covers the domain-names that are needed

Once the cert has been installed, review (double-click) the cert on OSX Server to make sure that all the needed domains are there. The list of domains is in the middle of the cert, each entry is titled “DNS Name” If they’re all there, jump ahead and start assigning the cert to web pages and services.

If the names listed on the installed cert don’t match what’s needed, add the missing domains before using it

Delete the cert from OSX server (it’s OK, it’ll be downloaded again in a jiffy)
Return to Godaddy and modify the Subject Alternative Names (SANs) to get the domains right
Create a new CSR on OSX Server – again, this is just a socket into which the cert will install.
Download/install/verify the cert

Note: The cert will install correctly as long as the domain in the new CSR matches one of the domains covered by the cert. But it will always be appear under the common name on the cert, which confused me. I surprised myself by installing this cert under a “haven2.com” CSR — it installed just fine, but it’s name changed to “server.cloudmikey.com” on the list of Trusted Certificates in OSX Server. Best to avoid confusion by creating the replacement CSR under the common name.

Once the cert is right, associate the cert with web pages and services.

Web pages and services will operate correctly as long as the domain of the web-page or service matches one of the domains on the cert.
It doesn’t matter that the common name of the cert (server.cloudmikey.com in this case) doesn’t match the domain of the web page (haven2.com).

That concludes my report. This web page is running under a later version of that cert — you can see what it looks like by double-clicking the “lock” in the URL bar of your browser.

Renew the cert

A year has passed and it’s time to renew the cert. Here’s a checklist:

Launch the Server app, open the cert that is coming up for renewal, click the “renew” button, generate a CSR.
Renew the cert at the cert-provider, using the newly-generated CSR (this is a copy/paste operation at Godaddy)
Download the certs from the vendor once you have been validated
Open up the “pending” cert again in the Server app and drag the newly-downloaded cert files from the vendor into the box that’s displayed.
There should now be two certs in the Server app list — the current one and the new one. Update the cert configuration to point at the newly-renewed cert.
Test with the new cert and once all is working and verified, delete the expiring one

More bottom!

Samantha Dickinson Tweeted this photo from the ICANN meeting today and tagged it #VolunteerFatigue. I’m living proof.

Let’s say that each of those 7 working groups needs 4 volunteers — that’s almost 30 people. Just from the ccNSO. Just for upcoming working groups. Never mind the GSNO, ALAC, SSAC and GAC. A rough extrapolation puts the total required at over 100 volunteer community members just to handle the IANA/Accountability/Transition work.

ICANN is dangerously thin at the bottom of the bottom-up process. Are there that many people with the experience/time/expertise/will available? What happens to all the other Working Group work in the meantime?

Difference between a customer and a client

There’s a difference between being a customer and being a client. People on both ends of a relationship always get into trouble when they don’t understand this.

A customer – is always right

A client – expects to hear the truth, especially when it’s unpleasant

This is true in professional relationships. Doctors, lawyers, accountants are expected to provide good advice in their professional relationship — but their customers are always right. Reports should be: on time, of high quality, and delivered at a fair price.

The same goes for religious relationships. When we are in the worship service, we are the clients of the person leading the show. But we customers are right — the coffee should taste good, the roof shouldn’t leak and we have every right to be treated with respect.

In higher education the student customer should get good value for their tuition dollar, grades should arrive on time, campus services should be superb and their teachers should be engaged and respectful. But the student is the client of the teacher when it comes to grades and feedback on their work.

The relationship between the regulated and the regulator is a mix of services (a customer relationship), policy and compliance (which are stakeholder and client relationships).

Be careful when you cross the streams.