Saturday, December 15, 2012

Hobbit, or About One Third of the Way There

"For sale: a copy of Titanic. First tape watched once. Second tape never watched."
-- MicroNews ad, circa 1998

If you, like me, have read The Hobbit six or seven times during your childhood, you probably remember being supremely bored with unnecessary details, longing to cut through all the useless crap as fast as possible and see how it all ended.

Well, my fellow Americans - I address you, as the largest and the most merchandisable movie market in the world you are most certainly the primary target for Hobbit, The Movie - your long wait for a better Hobbit has come to an end!

The movie version has a number of improvements on the book.

Less talk, more action

The best feature of the movie is that it cuts down on tedium of the original.

The long and, frankly, unnecessary scene of one-by one introduction of dwarves in the very beginning - cut. After the first couple the rest of the them just roll in - literally - as a group. All nine of the rest - Thorin now comes alone after Gandalf (and most of the dinner).

Many days and many miles of boring trudge to Rivendell? Gone, gone, and gone! And good riddance! In the new version the company races there with orcs and wargs on their heels - much faster and, frankly, more action, with Radagast riding the bunny rabbits against orcs and Gandalf opening a passage in the stone just as everything is about to be lost, and Elvish cavalry riding in to mop orcs up!

Long wonderings inside Misty Mountains - greatly streamlined, and a lot more action added.

In the book the cavalcade of dwarves goes back and forth, and back and forth, through the dark tunnels, with and without the hobbit. And then the hobbit making his separate journey in the dark - again, back and forth, back and forth. While I imagine this was OK for the beginning of the 20th Century, 100 year later the book feels slow and quaint. The movie is faster and more action packed.

In the movie, the dwarves leave Rivendell without Gandalf. They run into the laps of fighting stone giants - which kick each other for good five minutes while the company is trying to hold for dear life to the body of one of them. Eventually, they make it into a cave where everyone goes to sleep. The hobbit wakes up and decides to turn back home. Then, after a conversation with a dwarf, he changes his mind. Then the floor opens and they all drop down and get hauled to the Great Goblin. The fall through the floor is just like in Ice Age - it's great to see Peter Jackson taking advantage of so much artistic progress that film-making had made since the book was written!

The tunnels themselves are gone. When the company escapes from Great Goblin's hall, they run through a large system of wooden scaffoldings propped up in the middle of a huge cavern that seem to take all of the space inside the mountain. The scaffoldings disintegrate as they run through them, orcs fly around, and eventually they slide down to the very bottom of the cavern on a segment of the scaffolding - think Ice Age again.

When the going gets tough, the tough get going

With all the boring parts gone and some serious action added, the movie needed real fighters to make all the action possible. It handled it masterfully by giving the personages a significant overhaul.

In the book, Bilbo was a reluctant hero. He was a hero, yes, but he only performed heroic acts when every other possibility was exhausted.

In the movie, Bilbo is a willing participant. A fighter. A freedom fighter, almost.

He leaves Hobbiton on his own volition, rather than being kicked out by Gandalf. He is the hero of the fight with the trolls - and a fight it is, unlike the book's affair of subterfuge and distraction. He gives a speech worthy of a great leader about his connection with his own home and how he wants to help dwarves find theirs.

Finally, he literally saves Thorin's life in the battle of "Out of the frying pan, into the fire". Yes, in the movie, it's a battle. You wouldn't expect real heroes to just sit in the tree, would you?

I only have to hope that this trend continues and in the end Bilbo will have strangled Smaug with his bare hands.

Just like Bilbo the dwarves have gotten a major face lift. While reading the book I could not help being annoyed how dour the dwarves were. Other than Thorin, Balin, and (maybe) Bombur (through his mass) they did not really have distinct personalities, mostly playing as a crowd. They couldn't fight, they weren't very witty, and they were spending their parts trudging along and muttering under the breath. It always puzzled me how they even expected to fight the dragon in the first place.

Well, not in this movie! From the moment they show up (looking like a motorcycle gang) to the several battle scenes where they make short work of orcs and administer some serious punishment to the trolls, they are fighters. Warriors. While success of the mission may not be 100% assured, there is no doubt that Smaug will have to fight hard to defend the stolen treasure.

New plot!

As I pointed out above, the movie omitted a lot of unnecessary parts of the book. Unfortunately, here the interests of the viewers were in direct contradiction with the interest of the business. The audience of course has benefited from less crap, but the business plan clearly called for three installments.

Having three movies rather than one means four times the revenue, because the interest in the previous one heats up again right before the release of the next installment. The sales of DVDs, action figures, various movie-related novelty items all go up.

(By the way, the idea of writing a book version of Hobbit The Movie is exciting. I am very much looking forward to it!)

The other problem with the book is that it does not flow naturally into the plot of Lord of the Rings. The link to Sauron is very vague, the nature of the Ring unclear, Gandalf has considerably less wizard power, etc. The reader is left with a lot of questions - and you CERTAINLY don't want to have viewers ask questions after they've seen the movie. People come to theaters to have fun, not work through complicated plots!

Furthermore, a lot of important personages from Lord of the Rings are absent from the Hobbit. This means that a great number of people from the original cast - who, I am sure, have become good personal friends to the director during their long work on the epic trilogy - would not be involved in the new project. With the royalty revenues from the trilogy coming down, and the price on real estate in Hollywood going up, this is a bigger problem than you might think.

Well, maybe all this would have been an insurmountable challenge for lesser men, but Peter Jackson is truly a brilliant director, and he has proven beyond any reasonable doubt that he is worth every penny of the millions and millions and millions of dollars that he hill have made from this movie.

He did what lesser men would not have guts to do - he radically modified the plot.

The solution is easy to see if you understand the root cause of all the consistency problems with the book. You see, in the past people wrote prequels BEFORE they wrote the successful work. The Hobbit was actually written PRIOR to The Lord of the Rings trilogy.

There is a lot of problems with this approach - the prequel might place certain limits on what could later be exploited. For instance what if Star Wars III were to be shot before Star Wars IV, and let's say Obi Wan Kenobi would have killed Anakin Skywalker. What then?

But what we know now Tolkien did not know 100 years ago, and that's why we have what we have - two literary works that look like they were written during different time periods and for different purposes.

Luckily, Peter Jackson's masterful work on the new plot for The Hobbit has fixed all these problems in one fell swoop. It extended the plot giving enough footage for three 3-hour long extremely entertaining, action-packed installments. It created roles - and therefore, jobs! - for the actors that would not otherwise be there. And it made the plot consistent with The Lord of the Rings.

Some plot modifications were small, but extremely cute - for instance, Radagast reviving his favorite hedgehog. Or Radagast riding a sled propelled by bunny rabbits pursued by a band of orcs.

Some were more fundamental, but short - Galadriel, Saruman, and Elrond in a council explaining the connection between The Hobbit's Smaug and the rise of Sauron.

Perhaps the biggest addition to the plot was the revival of Azog - which according to Tolkien was killed in Moria by Dain (Thorin's second cousin). In the movie he is back from the dead, and in hot pursuit of Thorin and his company.

In conclusion

If you liked the hand-to-hand combat between Gandalf and Saruman in The Lord of the Rings, you will enjoy every minute of Hobbit The Movie. And... let me know what happens in the next installment, because I don't think I will be going. I've seen enough :-).

Friday, December 14, 2012

Python is the best programming language? Really?

Apparently, it is, according to LinuxJournal readers

Don't misunderstand me, I LOVE Pyton. It is a great scripting language. In fact, if *nix shell programming languages never existed, and Python would be the default - and the ONLY - shell programming language - on ALL OSes, including Windows - the world would have been a greener place.

But best PROGRAMMING language? Really? Above C and all its derivatives?

Friday, November 23, 2012

Migrating from SBS 2003 to Server 2008 and Exchange 2010

Small Business Server 2003 was the best thing that happened to my home computing infrastructure in the past two decades. I installed it immediately after the release, and has enjoyed simple, manageable domain and email solution up until now.

I never upgraded to the newer versions of it though - because one of the most important features for me - the ability to use the server as a gateway - was dropped from subsequent releases (because Server 2008 no longer supported NAT). I liked the programmability of the routing built into Server 2003, and I've built a number of security monitors and integrations with the home security system myself.

Eventually though all good things must come to an end, and so it was the time  to upgrade to newer software. I wanted the programmability of Exchange Web Services that were not available in 2003, newer anti-spam products, and closing of the support window for 2003 software is just around the corner.

I decided to go for plain Jane installation of Server 2008 and Exchange 2010 - one generation behind, yes, but detailed instructions for upgrade from SBS 2003 were available for that software, and also once SBS is out of the picture, migration to the newer versions of separate components is easier.

Clear instructions were quite hard to discover, so I decided to put together this list of pointers for people who would attempt to do it after me.

First, this is THE guide:

It is detailed, ALMOST error-free, and it is awesome in every regard. Big - HUGE - thanks for Glen Demazter for putting it together!

There are a few quirks that need to be pointed out in addition.

First, use Administrator account for installation, not just a user who is a member of Domain Admins group. This is because Administrator has rights to AD schema, which Domain Admins group does not. If you don't, the Step 3 will fail.

Second, domain controller and mail server should both have static IP addresses. In Step 5 (DHCP) allocate at least 16 addresses at the lower end of the space to static IP range, select IPs from that range, and configure them to be static in the network adapters of the respective servers.

Then after Server 2008 was DCPROMO'ed, go to DNS control panel (Admin Tools) and create entries for them in forward and reverse lookup zones of your local domain.

In Step 6, the write-up assumes that you use a router. I don't, I use SBS 2003 as a gateway. So instead of redirecting the ports on the gateway, you would use Administrative Tools -> Routing and Remote Access -> SERVERNAME -> IP Routing -> NAT/Basic Firewall -> double-click on Network Connection (or whatever your public network interface is called) -> Services and Ports.

You will need to redirect ports 25 and 443 at a minimum to your mail server. Most likely you would want to have it double as your web site, so you might as well redirect port 80 as well.

When this is done, you need to go to your EXTERNAL DNS server (typically this would be at your domain's registrar) and make DNS record for the external names - (or and to point to the server.

You COULD create an SRV record, but regular record is fine, too. As it happens, if you already have a wildcard domain entry, it should work as well, as anything going over HTTPS (autodiscover traffic does!) will end up on your server, and that's what you need.

In Step 7, there are two companies that make reasonably priced certificates - GoDaddy ($90 per year) and StartSSL ($60/2 years of Class 2 cert).

I chose StartSSL because their package includes unlimited number of certificate - under their business model they charge you $60 for verifying your personal information (you email them photos of your passport, the driver's license, and phone bill), and then you can issue yourself any number of certificates - wildcard, UCC, whatever you want - against the domains that you own.

Once a certificate is imported, Step 7 misses a very important step - the services need to be transferred to the newly imported certificate from Exchange's self-created cert. This can be done in Exchange Management Console -> Server Configuration -> Select certificate, then click Assign Services To Certificate from the left Action pane.

Once this is done, go to and test your connection. This appears to be Microsoft's web site, but I would nevertheless use a specially created, low-power user account to test this out, and then delete the account.

StartSSL certs, albeit being very cheap, have a quirk which in the end took me a lot of pain to resolve. They allow putting ONLY the domain and its derivatives into the certificate. For instance, you can have,, and all be in one certificate. However - and this is very, VERY annoying - the computers inside the network do not use public computers to connect, they connect by their local name, which is something like MYMAILSERVER.solyanik.local, rather than

Since MYMAILSERVER.solyanik.local cannot be put into startssl cert, the internal outlook clients complain twice on every restart (reconnection to server, really) about server (MYMAILSERVER) having wrong cert (

This is fixable.

To do so, you need to first create an internal authoritative domain for in your DNS server (on your domain controller, Administrative Tools -> DNS -> Forward Lookup Zones -> New Zone -> Primary Zone), and then create entries for autodiscover, www, mail, etc in this zone. Use the local IP addresses for these entries. This will become authoritative for inside of your network (and, obviously, ONLY for your internal network, as this DNS zone would not synchronize upstream).

Then follow the instructions in this KB to fix the internal pointers to the mailserver and the autodiscover:

This makes the certificate warnings from internal Outlook clients disappear.

Step 8 - data migration from older Exchange - does not work as described. You will get an exception error when you try to migrate the mailboxes.

To fix this, on SBS 2003 go to Exchange System Manager -> Administrative Groups -> First Administrative Group -> Servers -> SBS2003SERVERNAME -> First Storage Group -> Mailbox Store (double click) -> Security and grant full access to the machine account of the new Exchange 2010 server (you will need to select the option that includes computer account in the account picker, by default it only includes users and groups and will balk when you ask it to resolve machine account). Machine account has the same name as the computer.

Second, when you migrate the public folders, it won't work either. The fix is described here:

In my case the AD object did not have 443 in it, so the only thing that I needed to do was to remove the SSL requirement as described in the first part of the post above:
1. In the properties of the virtual root Exadmin in IIS, go to the “Directory Security” tab.
2. In the “Secure Communications” section select “Edit”.
3. Make sure to deselect “Require secure channel (SSL)” and “Require 128-bit encryption.”
4. If the “Require 128-bit encryption.” is selected and greyed out, make sure to select “Require secure channel (SSL)” and deselect “Require 128-bit encryption.” then deselect “Require secure channel (SSL)” again.

I do not use either Sharepoint or SBS's user shares at home, so I have not tried instructions in Steps 8 and 10.

I did, however, get Windows Phone 7 to connect to the new instance of Exchange. This was highly non-trivial, and this was what needed to be done.

First, go to and clicking on "import our CA certificate" and install the certificate on the phone.

Second, for Administrator accounts, on domain controller, go to Active Directory Users and Computers -> DOMAINNAME.local -> MyBusiness -> Users -> SBSUsers, and, immediately before connecting the user, open user's properties -> security -> advanced -> click "Include inheritable permissions from this object's parent", then OK out of the dialog.

Now delete the existing account on your phone (yes, this is painful, I know), and re-create it. Your people tiles for Exchange contacts will of course be gone...

At the very end, when the SBS server is demoted and removed from the network, Exchange Management Console will start complaining about not being able to access Active Directory. Close it, remove this file: "c:\users\AppData\Roaming\Microsoft\MMC\Exchange Management Console" and reopen it.

Finally, the send connector that was created as part of Exchange Migration worked erratically for me. Some emails would sit in the queue forever, then get rejected. The exchange queue viewer would show messages sitting in outgoing queue with the error "A matching connector cannot be found to route the external recipient".

To fix this, do the following:

  • Open Exchange Management Console
  • Go to Organization configuration -> Hub Transport -> Send connectors.
  • There will be SBS connector; delete it.
  • Right click -> New Send Connector
  • Name it something (SMTP) and pick Custom (default) for intended use, then Next
  • On the Address space tab, click Add, set address to *, everything else leave as default. Next.
  • On the Network Settings tab, click Use external DNS checkbox.
  • Then click through to the end of the dialog which will create a new Send connector

You are now done. Thank you for using Microsoft software!

Monday, July 30, 2012

Algebra not necessary?

NYT published the opinion today.

TL;DR: Math is hard - let's go shopping!

I wanted to drop the author a piece of email to point out the obvious: today we have technology that is capable of destroying the population many times over. This technology is in the hands of the politicians, who are representatives of the population.

Understanding the impact of this technology requires command of science - both the facts (no, Earth is not 10,000 years old, and no, Jesus is not going to come raining radioactive waste on infidels long before we boil the planet in greenhouse gas emissions) - as well as scientific apparata (what scientific "theory" means, how they are built, what is applicability of it, and how they evolve over time, why the fact that evolution or climate change are "theories" does not mean that one day we won't find that they are incorrect, and the Bible is in fact literally true, etc).

Understanding scientific method require mathematics, and, yes, the very basic of it is algebra.

Then I clicked on his home page.

Wednesday, June 27, 2012

Autopilot is hiring!

My team works on one of the world's biggest software infrastructure projects - we run datacenters that power Bing. We are responsible for the system that automatically provisions hardware, sets up the network, distributes software and data to serving and processing nodes, and monitors servers, applications, and hardware devices.

We are looking for brilliant engineers who are interested in hardware, networking, and distributed systems.

Tuesday, March 6, 2012

The company which makes TSA full-body scanners is called Rapiscan

I am not making this up. Here is the proof:

Wednesday, February 22, 2012

Wednesday, February 1, 2012

Noteworthy: privacy and your favorite online service development team

There is always a conflict between security and agility in development of web services. And the golden mean does not seem to a point of equilibrium, the companies tend to swing all the way one or the other way.

Thursday, January 5, 2012

On June 30 we get to sleep 1 second more...

...and the clock will count to 2012-06-30 23:59:60 to resynchronize the clock to Earth's rotation.



OBSERVATOIRE DE PARIS                                   
61, Av. de l'Observatoire 75014 PARIS (France)
Tel.      : 33 (0) 1 40 51 22 26
FAX       : 33 (0) 1 40 51 22 91
e-mail    :

                                              Paris, 5 January 2012

                                              Bulletin C 43

                                              To authorities responsible 
                                              for the measurement and 
                                              distribution of time

                                   UTC TIME STEP
                            on the 1st of July 2012

 A positive leap second will be introduced at the end of June 2012.
 The sequence of dates of the UTC second markers will be:  
                          2012 June 30,     23h 59m 59s
                          2012 June 30,     23h 59m 60s
                          2012 July  1,      0h  0m  0s
 The difference between UTC and the International Atomic Time TAI is:

  from 2009 January 1, 0h UTC, to 2012 July 1  0h UTC  : UTC-TAI = - 34s
  from 2012 July 1,    0h UTC, until further notice    : UTC-TAI = - 35s 
 Leap seconds can be introduced in UTC at the end of the months of December 
 or June, depending on the evolution of UT1-TAI. Bulletin C is mailed every 
 six months, either to announce a time step in UTC or to confirm that there 
 will be no time step at the next possible date. 

                                              Daniel GAMBIS
                                              Earth Orientation Center of IERS
                                              Observatoire de Paris, France




It pains me to say this, but on this term Google's relevance is higher...