Geekery

Whatever I’m geeking out about at the time.

The Spammers Have Won (for now)

by

Until I have time to get in and do some rather major work on my webserver, I’m afraid that comments and TrackBacks are turned off. I really don’t like doing this — I like the interaction aspect, both getting into discussions and just knowing that people stop by here from time to time — but the attacks on the server have been too severe and too regular, and I’m tired of battling them.

I’m pretty sure that there have been three major things causing my problems.

  1. My server is just too old and slow to handle the attacks.

    Rather than paying for hosting space somewhere, I run my own webserver out of my apartment. This has quite a few advantages, in that I don’t have to worry about how much disk space I use, there are no bandwidth caps, and it’s allowed me to host websites for friends and family on the same server. However, the downside is that the server itself isn’t terribly powerful by today’s standards — only a single-processor 350Mhz G3.

    Now, really, that’s not that bad of a machine, and for general purposes — that is, serving static pages, which is what I started with years ago — it works wonderfully well. However, when I’m in the midst of getting hit by a spam attack, it just can’t handle the load, and it slows to the point of a virtual crawl. It’s never actually gone down — right now it’s showing a reported uptime of 197 days, 17 hours, and one minute — but there’s so much for it to process that it might as well go down.

    The issue is that comment attacks these days take the form of an automated script, or ‘bot’, that repeatedly and rapidly submits comments to the comment script on a weblog, sometimes hundreds of submissions per minute. While I have anti-spam measures such as MT-Blacklist installed, they still need to look at each submitted comment in order to determine whether it’s spam (and reject it), an actual user-submitted comment (and accept it), or something indeterminate (at which point it’s put into a moderation queue for me to look at).

    When I’m getting flooded with hundreds of comment submissions at a time, though, my server just can’t process the information fast enough to be able to respond, and my server essentially stops responding until it can work its way through everything.

  2. Renaming the comment script is pointless.

    One of the accepted methods of combatting the spam attacks is to rename the script that MT uses to accept and process comments, on the theory that the ‘bots’ that the spammers use then won’t be able to submit anything. This used to work, but now it’s painfully obvious that the spammers have upgraded their bots to parse through the HTML code of a page to find the name of the comment script. At this point, I can rename my comment script, and the attacks start again within a minute or two after I rebuild my site. So much for that idea.

  3. I made a mistake a while back that’s now biting me in the ass.

    The last time I set up my server, I made what in retrospect was obviously a mistake, though I didn’t think about it at the time. Each of the three primary accounts on my server — me, my dad, and Kirsten — use the same MySQL database for their MT data. Because of this, whenever a comment spam attack starts, it doesn’t matter which domain they’re aiming at — as the bot generally attacks by submitting a few comments to one entry ID number, then increments that by one and sends a few more comments, as it steps through entry IDs on the database it will end up hitting entries on every weblog in the database. A single comment attack on any single domain on my box can affect all three domains.

    Okay, yes, in retrospect, that was fairly amazingly dumb on my part. Of course, six months ago the comment spam attacks weren’t anywhere near the level that they are today, so it’s taken a while for this mistake to start showing the consequences. Things like this, however, are a big reason why I only provide hosting services for a few select friends and family, and I make sure they know that there may be occasional issues: as a sysadmin, I’m essentially learning as I go, which isn’t always the safest or most effective way to go about it. Kind of the webmaster’s version of driving by braille.

What I need to do now, then, is break everything down and start over. Luckily, I shouldn’t have to do a full nuke and pave on my server — just the MT systems. I need to do a complete export of all entries and comments for each weblog on the system, nuke the MySQL database that MT is using, then create three separate databases, reinstall MT, and re-import the weblogs. Not a fun process, but I think I should be able to do it fairly transparently, without losing all the various design tweaks and customizations we’ve made to the weblogs. It may result in anywhere from a few hours to a few days of downtime for the sites I host, but I’ll do my best to keep that to a minimum once I start.

Once I’ve done that, I’ll experiment with turning comments back on. I’m not entirely sure how that will go, as the spammers will still be able to attack, but at least at that point they’ll be limited to attacking one domain at a time instead of attacking one and getting two more in the process. This may or may not be enough to keep comments open…we’ll find out when I get to that point.

This has been a rough couple of days, and yesterday I skirted dangerously close to just pulling the plug on my server entirely. I started hosting my own websites back in 1995 because it was fun to do, and the project has grown over the years, always because I enjoyed it, and it’s fun to find all these neat new things that can be done. Installing MovableType, opening up comments to the world, hosting sites for Kirsten, Phil, and my dad — I love the fact that I can do this.

But these spam attacks have been taking all the fun out of it. Each time I see the server get hit and stop responding it gets more and more frustrating. Yesterday I was ready to just completely throw in the towel — at one point, even checking to see if it would be possible to import all my old entries into my LiveJournal account (it isn’t). Thankfully, after a couple hours of Prairie and Phil putting up with my whining and tossing ideas at me over IM, I just figured that even though I don’t like to do it, at this point simply turning off comments until I have a chance to rebuild the database and the MT installation was the best way to go.

So that’s where things stand at the moment. Feedback is still a good thing, so feel free to drop an e-mail my way if there’s something you’d like to toss my direction. Until I get the chance to spend a few hours/days doing maintenance on the box, though, this is how things stand.

iTunesSweet Home Chicago” by Blues Brothers, The from the album Blues Brothers, The (1980, 7:51).

Network Outage

by

One of the reasons I like Speakeasy — my ‘net connection just went down (and is still down as I type this, so nobody’s going to see this post until the issue is fixed). I called Speakeasy’s tech support, and got this automated message:

Thanks for calling Speakeasy. Some of our broadband customers in the greater Seattle area are currently reporting a network outage due to a vendor failure. We hope to have this resolved within 30 minutes.

(pause)

(big sigh)

If we’re lucky.

I can respect honesty like that.

Things seem to be up now, though (at least, DNS services are back, so websites are accessible again, though iChat can’t connect to the AIM network), so it was only about a ten minute outage. All in all, just a minor annoyance. These things happen.

iTunesBongo Tune” by Quarter from the album Essential Chillout (2000, 5:52).

Comments/TrackBack down until further notice

by

Dammit.

Comments and TrackBack pings are currently disabled at the server level back online for all sites I host (www.michaelhanscom.com, www.hanscomfamily.com, www.geekmuffin.com*). As I’ve done this at the server level, this is not reflected in the sites themselves: they all still look like they accept comments, but they won’t work.

I hope to be able to get them turned back on soon.

This may or may not be realistic. Much as I’d hate to have to turn them off permanently, unless I can find an effective block against the attacks that continue to cripple my server, it’s starting to look like a definite possibility.

This sucks.

Update: Okay, it’s all back up and running. One new software tweak, and another rename to the scripts.

I think I need to figure out a shell script that will rename the comment and trackback scripts, update the mt.cfg file with the new info, and then rebuild the sites on a weekly basis. Which wouldn’t be fun, but I really am running out of ideas short of entirely disabling comments and trackbacks or moving to another weblogging system, neither of which are very high on my list of things to do.

* Actually, www.geekmuffin.com will be ‘broken’ until a full rebuild is done. Unfortunately, as I don’t have rebuild rights for Kirsten’s site, she’ll need to do that on her own when she gets a moment. :)

iTunesBreathe” by Depeche Mode from the album Exciter (2001, 5:17).

Pigface, Sheep on Drugs, and MY BIRTHDAY

by

This is too damn cool.

The Pigface Free For All Tour is going to be coming through Seattle.

Pigface Free for All tour

Pigface and Sheep on Drugs (and Nocturne, and possibly The Damage Manual and The Countdown) in concert — and they’re performing at the Fenix Underground on Tuesday, May 3rd.

My birthday.

I’m so there.

(many thanks to Syren666 for mentioning this!)

iTunes15 Minutes of Fame” by Sheep on Drugs from the album Sheep on Drugs Greatest Hits (1993, 5:06).

Emerald City ComiCon

by

“I’m not funny — I’m freakishly obsessed!” I burst out laughing when I heard this (thoroughly embarrassing the girl who’d said it, I think), but it seemed as oddly appropriate as it was amusing while I wandered around the Emerald City ComiCon this morning.

Emerald City ComiCon, Seattle, WA

I’d heard about the con just a couple of days ago, and decided to go more or less on a whim this morning when I had nothing else planned for the day. I wasn’t entirely sure what to expect, as I’ve never been a major comic collector, and my only prior experience of any sort with comic conventions was watching Chasing Amy. As it turns out, though, that wasn’t bad mental image to have going in: lots of people wandering around in everything from street clothing to full Stormtrooper regaliaThe inevitable Star Wars costumes, Emerald City ComiCon, Seattle, WA, lots of booths with various merchandise and wares for sale, and lots of authors and artists available to meet.

Since I didn’t have any particular agenda or people I wanted to see — to be honest, I only recognized a select few of the names I saw on the placards on each booth — I just spent a couple hours wandering around the show floor, seeing what there was to see, and doing a lot of peoplewatching.

A few random highlights:

  • Insanely Twisted Rabbits by Michael Gagné, Emerald City ComiCon, Seattle, WAMichael Gagné’s Insanely Twisted Rabbits: Hilarious drawings of rabbits viewed through either a seriously twisted imagination or a lot of illegal pharmaceuticals. Or both. When it comes to rabbits with big, sharp, nasty, pointy teeth, I’m afraid that Monty Python has nothing on these bunnies.

  • Book binding and sculpture by Catalyst Studios, Emerald City ComiCon, Seattle, WACatalyst Studios’ masks and book bindings: Some absolutely incredible work in these. Books that had been re-bound with skulls and faces emerging from their covers (some of which were actual books with new covers, others were blank notebooks suitable for journaling or sketching), masks that strongly reminded me of the ballroom scene in Labyrinth, and lots of smaller sculpture work. Beautiful stuff.

  • While I was wandering around Bumbershoot last year, I ran into a girl who got a good laugh out of my “I’m just here to get laidmessenger bag. She ran into me again today and recognized me, and we ended up chatting for a few minutes. I gave her my e-mail and website address so that she could track down the right page and order a book or shirt for herself. I knew there had to be a few more people out there that thought it was funny!

  • Kilt fans, Emerald City ComiCon, Seattle, WA As I was walking along at one point, I noticed a girl talking with her friends shooting a look in my direction. Suddenly, all three of her friends suddenly swiveled around to look in my direction, and I cracked up. As I figured, they’d noticed and were admiring my Utilikilt. We chatted for a few minutes, then they took a picture of me and I took one of them. So, somewhere out there on some guy’s digital camera is a shot of me from today — if by any random chance he happens to see this, I’d love a copy of the shot!

  • Jhonen Vasquez, Emerald City ComiCon, Seattle, WA From what I could see, the biggest draw to this year’s ComiCon was the chance to get an autograph from Jhonen Vasquez, creator of Johnny the Homicidal Maniac and Invader Zim. I didn’t bother taking the time to stand in line, but I did get to get a quick shot of him between a few fans as he was signing merchandise. Turns out he looked more or less exactly as you’d expect he would from his work — which in an odd way, was a minor bummer. I was kind of hoping he’d be some pudgy, poorly shaven, badly dressed forty-something white guy that looked more like a redneck or a trucker. Just because in my world, that would be really funny.

All in all, not a bad way to spend the morning. As usual, there’s a few more shots from the day in a Flickr photoset.

iTunesEdge of Wisdom, The (2002)” by Beborn Beton from the album Tales From Another World (1993, 4:21).

No more combined feeds

by

While I’d been considering this for a little while, Dave’s ‘Information Aversion’ post prompted me to un-splice my Flickr photos from my RSS feeds. Having done that, I’ve updated my feeds page to list my current available syndication feeds, all broken out to allow readers to subscribe to as much or as little of my drivel as they please.

I now offer six different syndication feeds. The first three are various ways of getting actual weblog posts:

  • Excerpts Only: The lightest feed available, this will only deliver a short excerpt for each post. You’ll have to decide if you want to click through to my page to read the full post or not.

  • Full Posts: This is the default RSS feed for this site. The full front-page text of each post (extended entries are not included).

  • Full Posts with comments: This is the most information-rich feed. The full front-page text of each post is included (extended entries are not included), along with any comments made to that post. Entries will update in your RSS reader as new comments are added, until the post scrolls off the front page of my site.

The second three contain various extra information: comments to current active conversations on the weblog, interesting links I run across, and my photography.

All feeds are run through the Feedburner service in order to assure maximum compatibility and usability. Each feed will automatically optimize itself according to which aggregator requests it, and if anyone actually clicks on any of the feeds in a browser, rather than getting a page full of gobbledygook, they’ll get a nicely formatted page explaining what they’re seeing and providing them with a full complement of buttons to assist in subscribing them to whichever news aggregator they favor (try it out, it’s rather nifty — unless you use Safari, where this doesn’t seem to work…bummer).

(If you already subscribe to my del.icio.us or Flickr feeds directly through the respective services, there’s no real need to switch to using the Feedburner feed link — you’ll get the same information either way. Of course, if you do use the Feedburner feed link for those feeds, I’ll get more accurate statistics as to how many people are reading which RSS feeds, which makes me happy. Whatever works for you, though.)

iTunesLunatics Have Taken Over the Asylum, The” by Collide from the album Vortex (2004, 5:34).

Toy Story 3 having problems

by

It’s nice to wake up on a Monday morning to some good news.

Word broke a while ago that Disney was working on moving ahead with creating a third sequel to the popular Disney/Pixar CGI Toy Story films. However, due to the currently strained relationship between the two companies, Disney would be doing this third film entirely on their own and without Pixar’s involvement, as they hold all the rights to the property under the terms of the current agreement between the two studios.

Few, if any, of the people I know thought this was anything remotely close to a good idea, given Disney’s current inability to produce anything of quality and tendency to pump out cheap direct-to-video sequels to their classic films in lieu of any real creativity. The only animated films that have come out of the Disney empire for the past few years that have really been worth seeing have been the Pixar collaborations, and Disney trying to continue a Pixar success sounded like nothing but trouble.

Apparently, though, my friends and I weren’t the only ones to feel that way, as Disney is having problems finding anyone willing to sign on to the Toy Story 3 project.

No one wants to direct ‘Toy Story 3.’

That’s the word in Hollywood’s animation world, where the third installment of the incredibly successful Pixar series has no director, writer or, possibly, stars.

My sources in the animation biz tell me that Disney, which will make ‘Toy Story 3’ without Pixar, cannot find a director to guide the project.

[…]

Disney has the right to make sequels to all the Pixar movies it distributed, including ‘Toy Story,’ ‘The Incredibles,’ ‘Finding Nemo,’ etc. But there’s a hitch — since Pixar developed all the animation materials to create the movies, it also gets to keep them.

In other words: Disney is now trying to hire another team of animators to recreate Buzz Lightyear, Woody and all the other ‘Toy Story’ characters so that they look the same. It will have to start from scratch to reproduce Pixar’s creative work.

The next step, of course, is to find a writer and director for the project. With Lasseter gone, my source says, “Every single animator of note has turned down the director’s job. They don’t want to cross Pixar. They’ve become the only deal in town.”

Good news, indeed!

(via Luxo)

iTunesHeresy” by Rush from the album Roll the Bones (1991, 5:25).

New camera!

by

The day finally came when I had enough funds available to replace the camera I lost nearly a year ago.

My new toy: a Canon PowerShot A95. I’ve only had it for about a day now — Prairie and I picked it up yesterday — so I’ve still got a lot of leaning to go, but so far, I’m very happy with my new lil’ toy. Small enough to fit in a pocket, so I’ll be able to carry it around with me all the time and have it handy at a moments notice, solidly built, lots of options and buttons to learn, a handy little flip-screen display, and 5 megapixel resolution.

Prairie and me, Seattle, WA

Puke! Puke! Puke!

Plus, this lil’ guy can even take short video clips! This was something I had to play with, so I made a short little one-minute movie taking a look at a silly little M&M dispenser that Prairie got me. iMovie was able to compress it down to about 1.5Mb, so it shouldn’t take too terribly long to download. There’s not much to it — mostly just me being silly — but it was certainly worth a few minutes of playing around.

Hooray for new toys!

Oh, and Rick — you can come pick up your camera now. Many, many thanks for letting me borrow it for nearly a year!

iTunesCentral Reservation (Ibadan Spiritual Life Radio Edit)” by Orton, Beth from the album Plastic Compilation Vol. III (1999, 4:00).

You just can’t sing in the supermarket…

by

A couple of days ago, I got this somewhat cryptic e-mail…

Hello…

Something is happening in the produce section of your local Supermarket this weekend:

Jan 29 – 12:30 pm – Ballard Safeway – 8340 15th Ave NW
Jan 29 – 7 pm – University Safeway – 4732 Brooklyn Ave NE
Jan 30 – 12:30 pm – Capital Hill QFC – 523 Broadway E
Jan 30 – 7 pm – Everett QFC – 2615 Broadway

Still,
-jason webley

So, today Prairie and I wandered our way up to the Capital Hill QFC to see what would happen.

Broadway QFC, Jason Webley Grocery Invasion, Seattle, WAAs 12:30pm rolled around, there were quite a few people wandering around the produce section. Some made a pretense at shopping, some greeted friends, some just stood off to the side, and some continued on with their normal Sunday shopping. Occasionally a QFC employee would wander through to see if anyone needed any help, but we were all quite content to keep puttering around and investigating the fruits and vegetables.

Eventually, in strolled Jason, guitar case in hand, looking much younger now that he’s clean-shaven and still growing his hair out after his last deathday concert. A few nods, hugs, and friendly hellos passed between Jason and some of the gathered friends and fans, and then he joined us in our purported produce procurement. A few minutes later, Jason raised whatever vegetable he was holding up above his head, as if to get a better look at it in the light from the window. The person next to him raised their veggie in the air. Another went up, then another, then another.

One girl who’d been strolling around listening to a portable CD player started humming to herself, then swaying back and forth, and then singing. First softly, then more and more loudly, she sang along to The Clash‘s ‘Lost in the Supermarket‘: “I’m all lost in the supermarket! I can no longer shop happily!”

Broadway QFC, Jason Webley Grocery Invasion, Seattle, WAMoments later, a guy in white shirt, tie, and a tag reading “MANAGER” strolled over to her and tapped her on the shoulder.

“Miss? Miss? Excuse me, miss, but could you take your headphones off, please? Look, I’m very glad you enjoy shopping here, but you just can’t sing in the grocery store. I’m sure everyone else here would much rather shop in peace. You just can’t sing in the supermarket!”

And then he turned to the people standing around, drew a deep breath — and sang out, “You just can’t sing in the supermarket!”

A girl in a white shirt and white kerchief tied over her hair joined in — “Anyone will tell you so!”

Broadway QFC, Jason Webley Grocery Invasion, Seattle, WAJason started playing his guitar. Another guy pulled a clarinet out of his jacket. Three girls nearby joined the song, complete with chorus-line high kicks. Eventually, about half the people that had been hanging around in the produce section were involved in the lineup, waving their hands in the air for the grand finale: “Because if you sing in the supermarket, you will have to go!”

And with the clash of a small pair of hand cymbals, it was over. Jason’s guitar went back in its case, the clarinet disappeared back into the jacket, and, accompanied by much laugher and scattered applause from other shoppers, everyone quickly made their way back outside to the sidewalk.

Jason Webley Grocery Invasion, Seattle, WA“Off to the next one!” Jason cried, and up we all went to the QFC on 15th Avenue.

All told, we hit five grocery stores before Prairie and I had to break off from the group in order to get her back on the road to Ellensburg before it got too late in the day. When we left, the group was heading up to a Trader Joe’s, and we’d heard mention of the QFC at Pike and Broadway — we’re assuming they made it there as we saw them a bit later walking by Dick’s on Broadway as we were heading back from a detour by Twice Sold Tales on our way down the hill to the apartment.

What a blast. This world needs more random silliness in it from time to time, and we had a lot of fun being part of this particular bit of randomness. Much giggling and many smiles from everyone in the group and from whatever customers happened to be around in each store — just the thing for a grey winter day in Seattle.

More pictures of the event are, as usual, in a Flickr photoset.

Update: M. Whybark witnessed Saturday’s revelries.

Update: Accompanying M. Whybark were the not-entirely-mythical Danelope and Jim, who contributes this photo set (which, as he points out, is smaller but more focused than mine — hey, it was my first day with a new camera…[grin]).

Update: Steve Konscek, the “manager” of the troupe (more commonly known as Brandon) has posted his account of the weekend’s fun.

iTunesQuite Contrary” by Webley, Jason from the album Counterpoint (2002, 3:08).

Gallimaufry 6

by

Just a quick run-through tonight — I’ve got dinner and movies waiting for me — I’ll come back and babble more about these later on (maybe). Same deal as always, ten songs at random…

And the bonus track…

iTunesAngels” by Amos, Tori from the album A Tori Amos Collection – Tales of a Librarian (2003, 4:26).