 Anthony Holmes | Anthony Holmes 25 August 2008 10:59:35 AMDown the years I've had people complain to me that the use of the F9 key in Notes is non-standard and that the F5 key should be used. I'll be honest and admit that there have been times when I've pressed F5 in Notes to refresh a view and had my screen locked. Over the weekend I was editing an Excel spreadsheet and for some reason I don't quite understand, it was no longer automatically updating some formulas and charts. It took me a minute or two to remember that the key for Refreshing a document in Excel... is F9. Just like Notes. The story of Function Keys in Windows is a long and anarchic one. But using F9 for refresh is the most common approach for everything except browsers and file managers. The use of F5 seems to be a more recent accident. The Wikipedia article on Function Keys describes how the use of Function Keys has been very variable. The only (near) 'universal' Function Key assignment is F1 for Help. This was established by IBM back in 1987 with the IBM Common User Access guidelines. These guidelines established many other aspects of our current computing environment, such as the fact that the File menu always comes first. But the guidelines didn't define a Refresh key. F9 is used to refresh things in the following places: - MS: Outlook (since 2003): to check for new mail
- MS Word: to refresh Tables of Contents, Indexes and Fields
- MS Excel: to refresh and (re)calculate all the worksheets in a workbook
- Lotus Notes: to refresh views
- Internet Explorer: not used
- Windows Explorer: not used
F5 is used to: - Outlook 2000 and 2002 (but not newer): to check for new mail
- MS Word: Find and Replace
- MS Excel: Go To
- Lotus Notes: to lock the screen
- Web Browsers: to refresh the page
- Windows Explorer: to refresh file lists
It seems clear that browsers/file managers are the odd ones out, but people expect F5 to be refresh because browsers are where you need to do it most often. It would be interesting to know how this happened. Did one of the original browsers use F5, so MS felt bound to copy it when they first produced IE? Or was the user interface person simply off sick the day the choice got made? Ray Ozzie anecdote Ray Ozzie was the key original architect for Lotus Notes, and would certainly have been around when the original decision was made to use F9 for refreshes in Notes. Nowadays he's the Chief Software Architect at Microsoft, the company that is probably largely responsible for both the first (F9) and the second standard (F5). But his mind is not focussed on the minutiae of consistent user interface, because in this article he proposed an entirely different use for the F5 key: "Take PowerPoint, for example," he [Ray Ozzie] tells a gaggle of analysts crowding around him at a Microsoft cocktail party in July. "Wouldn't it be great if you could hit F5 when you finished preparing a presentation and have your PC automatically upload the file to a Web address?" (PS: I got my spreadsheet to start automatically calculating without F9 by going to Tools; Options... Calculation, "Automatic".) (PPS: I'm using an Excel spreadsheet rather than a Symphony Spreadsheet because I'm using an excellent spreadsheet I obtained for managing diabetes that is extremely focussed on graphs that combine many different graphing features and that need to be positioned down to the pixel. Neither Symphony nor Open Office currently properly present all the graphs at this stage even though all the calculations work just fine. No doubt it will display better after another release or two of Symphony or Open Office.)  A Little Pied Cormorant that I photographed at Docklands yesterday. Unusually, for water birds, Cormorants' feathers aren't waterproof, so they spend a lot of time drying themselves out The fact that it leads to such a lot of standng around and drying seems silly until you realise it makes it easier for them to dive. Anthony Holmes 18 August 2008 10:24:19 AMMy home test Domino server has been running on Domino 8.5 Beta 1 for a week or so now, and I thought it might be a good idea to look at how it was tracking. So I opened up my Domino Domain Monitoring database. And I was a little surprised at how many problems it was reporting on my little server. One of my clients gave a wry comment about DDM soon after it was released. They ran it, and saw a lot of warnings. "It's just like IBM and Stats & Events. The number of things to look at is too overwhelming." When I saw that I had 73 warnings, it was easy to agree. This server has a single (real) mail user and acts as a web server for a few hundred viewers. It's running just fine: how on earth can there be 73 problems? The question is: are those 73 reports just noise, or are they things that I really ought to be fixing? I've just spent an hour looking at the reports, and the answer is, there are quite a few things that I ought to be fixing. Here are some of the things I found: - Ages ago I set up Message Tracking. At some stage a Design upgrade had disable the reports. DDM gave me simple instructions to fix this, and a link to the design of the agent to let me do it. Neat.
- Server.Load has a Domino Directory called namagent.nsf.It had too many unique field names. A database property needed to be set to fix this. Hmm. This is a design issue dating back to the change between Domino 4.6 and 5. I'm not sure why I'm seeing it now, but at least I've fixed it. Noise. I guess.
- An error in the log of my blog related to keywords. Hmm. This seems to be a real issue. The Keywords view is failing. Possibly it is trying to look up a form that doesn't exist. I'd better try to see why this isn't working.
- The only server crash I've had in 18 months was due to an index error. There are a couple of databases reporting more benign view and FT index errors. Maybe it's time to free up some disk space and do a defrag. Maybe I need to do some database maintenance. There seems to be a bit of a low lying problem here that I defnitely wouldn't have noticed without DDM. This is important.
Why am I telling you all this? My reason for blogging this is not to keep you all up to date with the minutia of how badly I've configured my Domino server. (It's not that bad, honest!) My reason was to share my conclusions: - Yes, DDM presents a long list of potential issues. Fortunately, I won't have to work through all 73 of them. Sometimes fixing one issue will take a couple of things off the list.
- On the whole, every item listed is something that deserves attention. These are real server problems, application problems, or they are issues with the potential to cause problems in the future.
- Sometimes the offered solutions are a joy to implement: DDM tells you what to fix and gives you a direct link. Often it's less helpful. But I can't really expect DDM to tell my why the log for my blog has a broken view lookup. That's either a design issue or a problem with my implementation. Sadly I'm going to have to nut that one out for myself.
- Am I going to clear the list entirely? I confess, it seems intimidating. Perhaps I should set myself the goal of dealing with a few of them each day until I've got them all sorted. I'm down to 53 already.
After all, it's my profession to advise on Domino administration. A barber can justify having badly cut hair because they can't cut their own hair. But a cobbler can't justify having bad shoes. If their own shoes are worn and broken, how much care are they taking fixing their customers' shoes?  A busy bee that, err, would never neglect to look at DDM. Photographed by me in the Alexandra Gardens, Melbourne, in January 2007. Anthony Holmes 14 August 2008 11:38:23 PMFrom time to time my customers tell me they want to know how many messages their users are sending. Domino statistics can tell you this if you know what you are looking for. Usually it turns out that your infrastructure is processing an impressively large number of emails. Of course, a better way to get information about your email workload is to use Message Tracking: but I'm assuming you haven't got Message Tracking enabled. So these statistics are what you use when your CIO asks how many messages you process and you need to give a quick answer. If you issue the command Show Stat Mail you get something like 146 different mail statistics. This overwhelming number is typical of Domino Statistics: complete overkill and rather confusing. Three of them are relevant:
Mail.Delivered
Mail.Transferred Mail.TotalRouted Imagine that a user sends a single mail message to four people: with two recipeints on their home server and two on another server. Domino routes it like this:  | How the Statistics work | Server One | Server Two | | Mail.Delivered | 2 (delivery to the two recipients with mail files on Server One) | 2 (delivery to the two recipients with mail files on Server Two) | | Mail.Transferred | 1 (a single message was dispatched on this server) | 0 (no message was dispatched from this server) | | Mail.TotalRouted | 4 (the message dispatched on this server is to be delivered to four people) | 2 (a message arrived on this server that was addressed and delivered to two people) | If you gathered stats from Server One and Server Two, you'd overestimate the number of deliveries if you used Mail.TotalRouted: (4+2=6) because some messages are double counted. Instead, Mail.Delivered probably gives you the total you want (2+2=4)
Groups and other Domains (including the Internet) If Domino knows about a group, then the statistics reflect the number of people in the group. If the group is in another domain then it is treated as one message for the Mail.Transferred and Mail.TotalRouted statistics. As far as your infrastructure is concerned, that's probably ok, because you'll only have processed a single message. If your servers are sending directly to the other Domain (or to the internet, without going through a gateway) then you won't get a count for these messages in your Mail.Delivered figures (because they haven't been Delivered on any of your servers. If your servers send to a Domino gateway server, you will count those messages (both inwards and outwards) with the Mail.TotalRouted statistic on the gateway.
Statistic Start Time These statistics are the totals since the server was last started. So be sure to divide the statistic by the number of days/hours/minutes since the server was restarted to get the number of messages per day/hour/minute.
In Summary To a reasonably accurate total for the number of messages being sent per hour in your environment, calculate as follows: (Server One Mail.Delivered/number of hours server has been running + Server Two Mail.Delivered/number of hours server has been running + etc...) PLUS (SMTP Gateway Server Mail.TotalRouted/number of hours server has been running). Anthony Holmes 13 August 2008 10:32:41 AMDomino 8.5 has reached a milestone: the installation size has crossed a new threshold. As a follow up to my last posting, I was running a couple of Domino 8.5 installations from different sources (USB1, USB2, Local Disk) to see how the time to install varied. Between each install, I uninstalled Domino, wich is when I found that a complete installation of Domino with every feature (including rarely used ones like Billing) leaves you with a footprint that exceeds 1 Gigabyte:  1,002.00 MB. (I just love the fact that it is one thousand and two Megabytes: it tipped the scales by a tiny margin.) The first time I installed Domino sorry, Lotus Notes Server 3.0, it was 13 Megabytes in size. So it has now (almost) grown to be a hundred times larger. Has it got a hundred times better? Let me think of some of the stuff we've acquired down the years (in no particular order): - Servers routinely scale to support around 5,000 users, compared to about 30 with Notes 3
- Transaction Logging giving data integrity
- Incremental Backup capability
- Policies
- Calendaring & Scheduling
- SMTP
- MIME Support
- HTTP
- POP3/IMAP
- LDAP
- Directory Assistance
- SNMP
- Lotusscript
- Java
- Administration Process, (including the dozens of things that it makes simple, like user moves)
- Clustering
- Network Port compression
- Attachment Compression
- Design Note Compression.. etc.
- Execution Control Lists
- iNotes interface
- DB2 integration option
- Domino Off Line Services
- Domino Domain Monitoring
- Activity Trends
- X.509 support
- Certificate Authority
- Password Resets
- Password Quality Management
- Roaming
- Stronger Encryption algorithms
- Mail Archiving
- Folders
OK, I'll stop there. I've convinced myself that I could pretty easily come up with a list of a hundred new and important features that didn't exist in Notes 3. Whilst the product's Developers may no longer program as leanly as they did in the early 1990s, they've also added more features than we would have imagined. Are there any important features that I've missed? Anthony Holmes 11 August 2008 11:25:48 AMAt midnight on Sunday I decided to upgrade my Domino server to 8.5, and I made the mistake of running the install code off a USB key. I was surprised at what happened next. Instead of the upgrade being completed in 20-30 minutes, the installation crawled along slowly. 9 hours later it had only reached 70% completion. Since the business day was starting, I decided not to wait another four hours for it to finish. I cancelled the installation and did what I should have done initially: copied the install code onto a local drive. I then re-ran it from the local drive. Less than 30 minutes later my server was up and running again. So why is it 26 (!!) times faster to install Domino from a local drive rather than a USB key? I'm not sure, but here are some hints: - I run my Domino server on an old laptop. Its USB port is only USB 1, so it isn't especially fast
- My USB key was a fairly well performing Sandisk Ultra II Plus USB (a neat and fairly speedy device), so it probably wasn't to blame
- There's a technote with advice for installing Notes on a Stick (Nomad Notes) that warns that installation can be very slow with some USB devices
My conclusion is that a combination of my USB 1 interface and something about the way that Notes and Domino install themselves via InstallShield leads to slow performance. If I had plugged by fast USB device into a USB 2 plug, performance might have been faster than the glacial speed I found. But I suspect that it's always going to be worth taking a minute to copy the installation code to a hard drive rather than running it off USB.  A young magpie lark (I think) that I photographed in Birrarung Marr, an inner urban park in Melbourne. Anthony Holmes 7 August 2008 03:57:59 PMI've been struggling a to use non-commericial anti-spam techniques to eliminate spam. Today I think I've nailed it. I've got a Domain Name that I've been using for many years. I run a Domino server which acts as an SMTP server. I applied the recommendations given by Chris Linfoot to lock down a Domino server against spam. I'm indebted to his guidelines: without them I doubt I would ever have made as much headway. However: I applied all his recommendations and although I stopped a large percentage of spam messages (maybe 90%?) there were still a huge bunch getting through. These were messages coming from hosts that hadn't been blacklisted by sbl-xbl.spamhaus.org yet. They didn't match other criteria for being blocked either. Over a hundred spam messages a day were getting through, which overwhelmed the legitimate mail. Initially, I set up a rule in my mail file to 'not accept' messages with obvious spam content. I figured nobody is ever going to send me a legitimate message with the phrase "replica watches". But as spam continued to arrive, my list of bad content grew. And grew. And grew. There was no way I was going to catch every variation. I was feeling depressed. This was the moment when I did something I ought to have done sooner: thought more methodically about what was common about the messages getting through the net. If I had properly considered Chris Linfoot's recommendations, I may have come up with this sooner, but there is a lot of information to digest. For years I've given out specialised email addresses to particular companies. Things like: - apple@domainname.com
- belkin@domainname.com
- corel@domainname.com
- etc.
There are probably more than a hundred of these variations that I've used over the years. Only three of these addresses have ever fallen into the hands of spammers: one used by SearchDomino and one used by a Bicycle advocacy groups. And my 'generic' address, the one that most of my friends use. Let's call that one me@domainname.com Practically every spam message that got through was addressed to me@domainname.com. But I couldn't block that address because lots of my friends use it, and I didn't want to tell them to change the address. That would have been a concession of defeat. I've now created a honey pot. All properly addressed mail (apple@domainname.com, belkin@domainname.com, etc.) is matched in the mail directory and goes straight to my mail file. Anything addressed to me@domainname.com is directed (through a person document) to a mail file called Junk. The Junk mail file will receive as many as 49 spam messages for every single legitimate message from a friend. On the Junk mail file, I have a mail rule. Any mail that it receives that has a friend's name in the Sender field is automatically sent to my legitimate mail file. Now my proper mail file only gets legitimate mail. From time to time I will have to check the contents of the Junk mail file just to make sure that no friend that I've forgotten about has sent me a message that hasn't been forwarded to my proper mail file. If any of my specialised addresses (apple@domainname.com) ever ends up in the hands of spammers, I'll be able to direct those messages to Junk and filter them in the same way. And the exciting thing is: It all seems to be working! I can start using my personal email again.  Fireworks over the Eureka Tower, Melbourne. New Year's Eve 2007/8. Anthony Holmes 28 July 2008 10:09:25 AMHere is some information about the Lotus Collaboration and Portal Technical University being held in Sydney from 16th to 19th September 2008. The web site here is the place to go for official information about this event (watch out for updates that will be arriving soon).  I'm going to give you a bit of background information about what we're aiming to provide. This event isn't exactly the same as Fusion used to be: there are differences. But in many ways we hope it offers more than Fusion used to provide. In recent years, we've provided Lotusphere Comes To You events. The advantage of these events is that they toured many Australian and New Zealand cities. But they are much shorter than Fusion used to be. More recently, IBM started running Websphere Technical Conferences. The strongest feedback we got from these is that people loved the hands on labs. So we're picking up on that feedback and running with it. Now: to be honest, it's ten times harder for each of our presenters to put together a lab compared to putting together a set of slides. But for every topic where it makes sense for you to actually work with the software, that's exactly what you'll be doing at the LCPTU. We think that will be where you get much of the value from this event. If you are interested in obtaining certification, there will be an opportunity to sit Certification tests during the conference for no extra cost. LCPTU is a perhaps a less slick name than "Fusion", but we wanted to clearly describe what we are doing:
Lotus: it's about Lotus Products.
Collaboration: that includes all the traditional Lotus products like Notes, Domino, Sametime etc..
Portal: because Portal is a Lotus product aimed at helping end users, so we've got streams covering both Portal Infrastructure and Portal Development.
Technical: this is a technical event: for people who are working with the products.
University: we're working to teach you at this event. (And we hope that you'll be learning.) If you are interested in attending, please note that there's an early bird registration discount for those who enrol before 2nd August 2008, and quote promotion code EBOLCPTU at time of enrolment. Business Partners will also get a discounted rate when you Register. Please be sure to include your Partner Number on the registration. An enrolment form and a list of sessions is contained in this brochure: LCPTU 16-19SEP08 Enrolment brochure.pdf Anthony Holmes 16 July 2008 10:01:20 PMView Larger Map View Larger Map Anthony Holmes 16 July 2008 08:48:57 PMView Larger Map I've got a new measure for how long it takes to upgrade Domino. One of my customers was upgrading one of their servers this afternoon. They gave me a call just as I was leaving to walk down to their office for a regular afternoon visit that I make. They mentioned that they were just starting to upgrade the server. By the time I arrived, the upgrade was finished and the server was up and running. So now I've got a new measure for how long it takes to upgrade a Domino Server:
It takes about five blocks. Which I reckon is pretty neat.
**Update** In the short time since I posted this blog entry, it has received a lot of hits. I feel a touch guilty that such a flippant entry is attracting so much attention. My postings usually contain more hard information than this one. However, the example I give is important. Does your CIO know how easy it is to upgrade Domino? Do they realise that in the world of Exchange the concerns are overwhelmingly about the cost and complexity of Exchange upgrades? See here. If your CIO don't realise this: should they? After all, the cost of ownership is a 'bread and butter', 'live or die' issue for CIOs. They deserve to know when they're running a good system with a low TCO. Anthony Holmes 11 July 2008 12:46:30 AMHere's a (fairly) quick description as to why software that adds corporate disclaimers will break email encryption and electronic signatures using Public/Private key standards like X.509. I'm talking about the software used in many organisations that adds a standard corporate disclaimer at a gateway when the emails are being sent to the internet. (And when I speak of electronic signatures I'm not talking about signatures that show your phone number and corporate logo. I'm talking about electronic signatures that prove that you were the person who sent this message and that nobody has tampered with the message.) Imagine the structure of an email: | Header information used in any SMTP Message (SendTo, Subject, SMTPOriginator and Routing fields, etc) | Multi-Part S/MIME Message
The body of the text is here.
Any attachments are also contained here.
If you've encrypted the message, this will be a box of encrypted information, entirely unreadable unless you have the Private Key to read this document. You created this encrypted version by using the Public key of the Recipient which you've got in your possession.
(One of the 'parts' might be a plain text version of the body of the email in case the recipient is unable to read MIME formatted messages on their email system. But it will still be encrypted if you encrypted this email.) | | At the end there's the electronic signature. If any single byte of information within the Multi-Part SMIME Message is changed, then the signature is invalidated. | It's conceptually impossible for anybody except the original sender (who also possesses the Recipient's Public Key) to legitimately create or change the Multi-part SMIME Message component. Any attempt to do so without the Sender's Private Key and the Recipient's public key will: a) break the electronic signature, and b) mean that it is no longer properly encrypted. Any attempt to "staple" a disclaimer onto the end of the message after the sender has pressed "Send" is an attempt to tamper with the message. That's exactly what the electronic signature is guarding against. (The Header information isn't encrypted, so the Subject or the SendTo fields etc. could be changed without breaking the encryption. Some of these fields can also be changed without breaking the signature, but this doesn't help you because they won't display a disclaimer. I guess there's a chance that you could squeeze the disclaimer into the Subject line after the email has been sent: that's not a pretty approach, but it might work.) If you really want to have a corporate disclaimer and also allow encrypted/electronically signed emails, the best bet would probably be to tap into Notes' standard (non-electronic) Signature functionality to add the disclaimer before the message is sent, so the sender will sign and encrypt the message which already has the corporate disclaimer in it. You set up users with a (non-electronic) Signature that has the disclaimer, and then find a way to prevent them from changing/removing the disclaimer (possibly by making changes to the mail file design). Another alternative would be to use a tool like PGP Zip to create an attachment that is encrypted, and simply email that. The third approach would be to delay the point at which the email is encrypted, so that it isn't the client who does this, but it happens at the Gateway instead. There's at least one commercial product that does this. |
|