So, I’ve been thinking about the nature of “truth” recently, and that led to me thinking about the scientific method, and how it enables to learn more about what the truth is. And that got me thinking about what science is in a more general sense. This led me to the conclusion that for most people modern science has more in common with religion than the scientific method. Now I’m aware that some would argue the scientific method means that science isn’t a religion, but actually that just makes it a bad religion. Now science as a religion isn’t an original idea, but I’m going to go through my thinking on this anyway.
This past week I was going to write a blog post about my latest fail, and what I learnt from it. But in the mean time something has come up that has annoyed me, so much so that I’ve decided to rant about that instead.
Recently I’ve been thinking about identity and what that actually means, and more importantly what I feel it should mean. Everything that deals with the identity of people appears to default to the assumption that we all have one, single, canonical, identity, that all things we use to identify ourselves should be slaved too. In fiction we know someone is suspicious, a spy, or criminal, when they have multiple passports. In IT we base trust on this who of the identity that issues instructions is linked too. When talking to people online we tell each other not to trust them unless we also know them in the real world, and can be sure that they are that person.
I’m not a religious man, that much should be obvious to those that know me. I also have a tendency to rant against religion, this is not one of those rants. The basic premise I have is that we should fear anyone who is outwardly righteous, at least until we can accurately judge their true ambitions. Particularly those in politics.
So a couple of weeks ago I read this article and wanted to comment on it, but was taken ill preventing me commenting at that time. Since then I have had plenty of time to think, and the subject of that article has been on my mind more than I expected it to be. The post I was going to make at the time was how I felt it was the wrong solution to the problem it purports to solve, but upon reflection I have come to the conclusion that it is worse than that, it is not only the wrong solution, but it is also a demonstration of everything wrong with the IT industry today.
So lets start off by saying I am a white, heterosexual, middle class, male. I have seen lots of comments on the internet about Social Justice Warriors (SJWs for short), and I gather that, based upon what I have seen, I should be worried for my very existence, as these SJWs are apparently out to rid the world of my kind, that is to say white middle class cis gendered (yes I know that "cis gendered" is a label for non trans gendered people, and some see it as an insult, but I am what I am, and I have no better label to use) heterosexual able bodied men. But I have very few examples I can point to of any of these SJWs that really concern me, or indeed that I disagree with in any significant way.
Before we go any further I should probably explain what triggered this particular rant. Recently a person at Google has been sacked for breach of Google's internal policies, a situation that has come to light because the breach was an article they authored about how diversity polices may be harmful, and then circulated within Google, and which promptly leaked. Now I have seen a version of this article, and I shall discuss my thoughts on it later, but what worries me now is the "debate" about the actions taken by Google, and I have already seen some very negative comments. There appear to be two basic sides to this debate, those who say the article was damaging, and wrong, and so Google did the right thing, and those that say Google has damaged itself by shutting down dissenting internal opinions (something the article points out is a risk of Google's current internal culture) and has also trampled this person's free speech rights. My concern is that these are the voices that are going to be screaming about SJWs in the not to distant future. So I thought I'd have a rant about the stupidity of this position from the viewpoint of a SJWs typical "victim".
I knew I relied heavily on the access that I get by carrying around a smart phone, I read my emails, send and receive text messages, look things up on the internet, etc. It is a very useful tool, but I didn't realise how much of an impact it has on my life until it died. So I immediately ordered a replacement, but that took two whole days to arrive. The fix for my old phone was outside my ability level, and I couldn't find anyone who could fix it in a hurry, so I elected to spend two days without it, or any other phone. And it has been two of the least stressful days I have had in a very long time. Disconnected from the world, I didn't need to worry about things I could do nothing about, or keep abreast of the latest goings on on twitter. I almost regret getting a new phone, the old one is off for repair, and will be back in two to four weeks. I can hardly imagine spending that much time without a smartphone. Before the old one broke it was because I thought I would become overly stressed, and fail to cope, but having spent two days with only having the internet when tethered to a desk I can't imagine how relaxed I may get without a smartphone. Maybe in future I shall turn the phone off for periods of time. Maybe too much connectivity is a bad thing?
I have for a long time thought that the IT industry has an issue with how people within it present themselves to the rest of the world. Everyone wants to be an "Engineer", indeed my current job title is "DevOps Engineer" (a title I am not particularly enamoured with, but that is a matter for another time). We all know that Engineers create clever solutions to otherwise very difficult problems. The issue I have with this is that in many other fields where you find Engineers there are rules, and regulations, and bodies that decide who gets to call themselves "Engineer" and what standards those people must meet. In most of these other fields there are highly defined Engineering Standards against which we can measure the ability and performance of these Engineers. In IT this is not enforced, now I have been very lucky to work with some incredibly talented and intelligent individuals, and I do not wish to deride their contributions in anyway, but without the standards to measure ourselves against, using the term "Engineer" just cheapens it. Unfortunately I have no idea what the standards should be in IT, and I have no idea what the underlying problem with the way many working in IT think that I feel is not proper Engineering, after all I am no more an "Engineer" than anyone else in IT using that title, and claiming otherwise would be a lie. And so I have joined BCS in order that maybe I can get more exposure to the rest of IT and perhaps learn more about what the standards I feel are missing should be.
I shall probably write more on this in the future, but for now here's to hoping that membership of a professional body is going to be a positive step towards understanding my industry, and how I can make it better.
Not so long ago I suggested I may change my mail server software. I have recently done so, moving from a highly customised qmail installation to postfix. I have done so for a number of reasons, but that is not to say I dislike qmail.
What did I get out of qmail?
- Easy to configure, all the configuration was done using flat files, named for their purpose, there was no monolithic and confusing config file to search through
- Highly customisable, I had applied many patches, and made alterations to my specific installation that served my needs
- multi process mail system, this one mattered to me, and is why when I switched I switched to postfix, there is no single binary running as root, that does everything, each process runs with the privileges it needs.
So why did I want to change?
Well qmail, and specifically my installation, had become unwieldy to add new functionality to, I wanted to add greylisting, and there were many ways to do this, but they all required adding yet another patch, and out of laziness I had not committed all my changes to any sort of source control. I couldn't stomach manually going through another patch and seeing where it didn't apply cleanly and why, and fix it again. So I had a choice stomach the pain of another round of patching, rebuilding, and testing, and make things worse for myself, set up source control for my qmail set up, or move to something better supported in the community, and with more features.
Postfix suited my needs reasonably well, it is a multi-process mail system, using the idea of least privilege, it has a modular design allowing the addition of extra features much more quickly and easily. It is also better supported, and even has pakages within debian, my operating system of choice. Greylisting was added easily by simply installing another package (postgrey) and altering the config of postfix to use it. By setting up postfix to allow access over ssl on port 465 (as I had previously on qmail) it has also enabled opportunistic encryption for any mail servers sending email to me (something I had considered adding to qmail, but had decided wasn't worth the effort) and I have also been able to easily enable opportunistic encryption for when my server sends email out to other servers that support it.
So do I regret using qmail in the past? Not at all I learnt a great deal from using qmail, and I still prefer it as a basic mail system to postfix, it was just becoming too much hassle to support new features.
What mail server would I advise others to use? For the most part I would suggest google apps or office365 if you want your own domain, or any of a number of other paid for mail hosting solutions, very few poeple have the time and skills and patience to run their own mail server. It started as a learning exercise for me, and I like the control I have over my set up. If someone genuinely wanted to run their own mail server my advise would be to find out what suits their needs best, qmail is great if your needs are simple, and is relatively easy to learn if you have some basic knowledge of how networks and specifically email work, but everyone has different needs, and those needs can change over time, my certainly have.
So, about a year ago I renewed my SSL certificates, and I was using StartSSL as my certificate provider, because they were free, if a little awkward to use. One of the limitations they placed on the free certs is that they could only be valid for a year. At the time I was interested to see what would become of Let's Encrypt as it promised not only free certificates, but a much easier way to get, and manage those certificates. They went live in April this year. I have been considering setting up my cert through Let's Encrypt, and renewing my SSL certificate was the perfect opportunity to do so, however, I have not got myself into a possition to fully automate the renewal of all the places I use my SSL certificate, so while it is still a manual process, and I got the reminder from StartSSL I figured why not give them another go.