After the third train derailment at Amsterdam Central Station in two months, I was forced, yet again, to consider alternative ways of getting to Amsterdam. Today, I thought it would be fun to take the ferry from IJmuiden. All was smooth in the morning. The nice girl behind the counter even saved me 3 euros by reminding me that my Student’s Public Transport card (OV-Studentenkaart) was valid there, too.

Some funny things happened on the way back, though. First, I ran in to this:

This is a promotional thing from NS, to be used during SAIL ‘05. I knew it existed, though I hadn’t seen it up close before.

After getting on the boat (took some time, because there were too many people so I had to wait for the next one) we went on our way. About five minutes later, the captain asked all the people in the front part of the boat (12, including me) if we could please move to the back of the thing because it couldn’t get the nose upwards (it was one of those flying boats, for lack of knowing the real name). It made some speed, got the nose up and we could all move back. People applauded.

Some ten to fifteen minutes later, we cross a submarine. Didn’t see that coming (snigger). Complete with 30-or-so marines waving at us.

And about that waving– what is it with boats and people on them? Damn near every boat we crossed or passed got waved at by the people with me. And it’s not just that those people were imbiciles, the people on the other boats all returned the favour. I just found that really odd.

I’ve been thinking lately about how my mail server should send me notifications of new mail, instead of having my client check every X minutes. I don’t think it can be done with IMAP (and I’m positive it can’t be done with POP) but after some tinkering I found a way: AppleScript.

Back in the days of Classic MacOS, Apple was nice enough to introduce Remote Applescripting. This meant that you could execute an applescript on machine A, and it would do stuff with machine B. The problem was that this only worked with AppleTalk, so not over the internet. Then came MacOS 9, which added support for remote apple-events over TCP/IP. This allowed people to do their applescripting not only with machines on the local network, but also with machines half the world away. Great, I can use that. MacOS X added another nicety to it: it supported all this not only over IPv4, but also with the next generation of the Internet Protocol, IPv6. I happen to be IPv6-enabled, so that was of great use to me.

So what did I set up? Well. My mail server is in Amsterdam, and it runs Communigate on Linux. That means no direct applescripting because, well, it’s just not available for anything other than OSX. Luckily, about 40cm higher up in the cabinet, there’s an Xserve. The Xserve, of course, runs OSX. But not the mail server. But that’s ok, because the Xserve is still a UNIX box so I can easily get to that from the Linux box. So on the XServe, I created an applescript application that does this:

tell application "Mail" of machine
               "eppc://marco:password@despina.v6.cyberhq.nl/"
        check for new mail
end tell

It’s simple, and it works. I’d use the keychain to store the password, except that doesn’t work if you aren’t logged in graphically. (Apple: fix that!). I saved this as a runnable application.

Then on the linux box, an equally simple shell script connects to the xserve and runs the applescript:

#!/bin/bash

ssh marco@xserve.mediamatic.nl 'sudo open /Users/marco/CheckMail.app'

You want to use RSA/DSA keys so it doesn’t ask for a password to get in. You also want to add yourself to /etc/sudoers to avoid that password-prompt too. All that’s left now is to instruct the mail server to execute that shell script whenever mail arrives. I did that by setting up a rule that matches anything except a certain mailing list.

Yes, ssh also works fine over IPv6 and I could have set the shell script to ssh to my machine and locally run the applescript. I didn’t because the xserve is more available (pretty much always) and I don’t want the mail server to get stuck up on a shell script waiting to time out.

Dire Straits - Money For Nothing

Not that ‘I want my MTV’ stuff at the beginning, skip to where the drums kick in.

I’ve just had, for the first time ever, a computer call me and tell me that I’ve won a free caribbean cruise. While I was watching an episode of Coupling. How rude. Usually I at least get a person talking to me. Anyway, the message went something like this:

Congratulations! You’ve won a free caribbean cruise. To reclaim your prize, press 9. That’s the nine-key on your telephone.

In English, yes. Note that I live in the Netherlands. I wonder if they were calling from the US. If so, I suppose I should have just let the thing talk while I continued watching television. Unfortunately I only thought of that after hanging up immediately.

Sony busts out version 2.0 of PSP firmware + new ceramic white PSP:

I want one. This is so much cooler than the (already infinitely cool) black one. Shame they aren’t officially available in europe yet, at least as far as I know. Sony needs to get with the program and release these things at the same time, or nearly so, worldwide.

(Via Engadget.)

… if I took the cookie dough out of the Ben & Jerry’s ‘Chocolate Chip Cookie Dough’ icecream and baked it.

Would the cookies be any good?

We all know the trouble: today’s stupid ISPs will only give you one IP-address so to connect more than one computer, we need to use RFC 1918 IP-addresses, also known as private IP-addresses. This is all nice and dandy when all you’re doing is accessing servers on the internet from behind your router, which will inevitably use Network Address Translation (NAT) to allow you to do so. It’s an incredible headache if you want to go the other way around: set up a service on one of your machines that people on the internet will be able to access.

Luckily, we can forward ports. You can only forward a single port once though, so take into consideration what machine you’re forwarding to. You can’t have two forwards for port 25, for instance, unless they are on different IP addresses. (On a side note, if you’re forwarding webservers, use apache’s reverse proxy feature for that to allow multiple servers based on the URL).

In Linux, I would use iptables for this. Unfortunately the machine I want to forward a port on doesn’t run linux. It runs Mac OS X server. Given my knowledge of how this is done with the same tool as setting up a firewall in linux, I set out to do the same on osx and found that ipfw (the tool that manipulates firewall rules in BSDs and OSX) knows an action called ‘forward’. Hold it, that’s not it. That does forward, like it says. But it doesn’t do NAT. Which we want, because otherwise.. Well it just won’t work properly.

Connection sharing in BSD is handled using a userland process called ‘natd’. Incidentally, natd is also capable of properly forwarding ports to other machines. Great. Now let’s find out how. There isn’t much documentation on this, but I did figure it out eventually. This is OSX-specific, I must add.

Apple stores the configuration for natd in /etc/nat/natd.conf.apple. Don’t change that though, it’s generated every time natd starts. The basis for the generated file is in /etc/natd/natd.plist. Open that up. It’s a fairly standard XML file with some settings in it. Add the following to the end of it, just before the two last closing tags:

        <key>redirect_port</key>
        <array>
                <dict>
                        <key>aliasIP</key>
                        <string>INCOMING IP</string>
                        <key>aliasPortRange</key>
                        <string>INCOMING PORT</string>
                        <key>proto</key>
                        <string>tcp</string>
                        <key>targetIP</key>
                        <string>OUTGOING IP</string>
                        <key>targetPortRange</key>
                        <string>OUTGOING PORT</string>
                </dict>
        </array>

Replace the incoming and outgoing ips and ports with whatever your network requires. Incoming is the ip address on your server, target is the ip address of the machine you’re forwarding to.

You can now restart natd, for example by stopping and starting internet sharing. If all went well, your machine now forwards the port(s) you listed. Don’t forget to allow it in your firewall!

As a last note: this was tested and verified to work on MacOS X Server 10.3. It should also work on MacOS X Server 10.4. However, the configuration files do not seem to exist on the non-server version.

It apparently threw a tantrum over how hot it got in my room and refused to work. After a while of trying to get my dear data off it (after installing osx on a firewire disk and booting that, of course), the mini wouldn’t even recognise it anymore. I then decided to let the entire thing cool off for half an hour. This made it work again to at least the point where I could make a disk image of it. I didn’t trust it anymore though, so I opted to just go out and get a new drive. So now my Mac mini is fitted with a Western Digital Scorpio 80G drive instead of the usual Toshiba 80G. It’s a little faster, too.

If you’ve ever used public transport in Amsterdam, you’ll know that the drivers have a somewhat different attitude compared to PT in other cities. I was confronted with that again, this morning.

Getting to work for me involves getting on a bus, then switching to a train, and lastly I get on a tram. The bus isn’t from Amsterdam. That makes it easy: you wait for it to appear and get on. If you’re still approaching the bus stop when that bus is appearing, you run at it and it’ll stay there so you can still get on. The trains go at regular intervals (or are delayed, but never too early) so you shouldn’t have any trouble making it there in time.

Now the public transport in Amsterdam. They will not wait. At all. Not even a single second. Just this morning, I was approaching the tram. I was literally less than 50cm away from the door when it closed and the tram rode away.

Well, at least I had some time to get something to drink.

I’d say it was pretty cool. Not entirely true to the book (as usual). For instance there are a few annoying love-scene moments (as usual) that need to go (as usual). But apart from that, I enjoyed the hitchhiker’s guide movie quite a bit. Special crowd, too. One dude had part of an orange juicer strapped to his head (explained in the movie), and another raised his towel everytime it was mentioned.