Tech

Tech-focused ramblings. Computers, blogs, and whatever else fits.

What about [some other blogging tool]?

by

After reading my rant about comment spammers, Joel asked me if I’d thought about switching over to another weblogging system. Here’s a (somewhat expanded) copy of what I sent back.

I’ve enjoyed reading your site (and its comments) ever since TypePad… and I bring this up as an honest suggestion. Why not try out WordPress? It’s simple and while it’s not immune to comment spam there are a wealth of plug-ins and options that filter or destroy them quite nicely.

Switching systems is definitely one of the things on the “possible solutions” list (WordPress and ExpressionEngine being the two top contenders). One of the things that’s been keeping me from exploring that is a distinct lack of redirect-fu when it comes to making sure I don’t break my old permalinks. I’ve received one offer of possible assistance with that, though, so it may be less of a hassle than it’s looked in the past. In the best of all possible worlds I’d be able to keep my current permalink scheme, but I’m not sure if that’s possible with the other systems, so if I have to, I’d settle for working redirects.

Part of what keeps me on Movable Type, though, is simple customer loyalty and experience. I’ve been on MT/TypePad for years now, and it’s what I’m most familiar with. Plus, they’ve been very good to me — they even just refunded me the $120 I’d accidentally paid for a year of TypePad that I wouldn’t be using, purely out of the goodness of their heart (I didn’t even ask — they saw my post grumbling about my own absentmindedness and made the offer).

I’m also unsure about how much moving to a PHP-based system (as both WP and EE are) would impact my server. MT’s Perl codebase has high overhead when it’s working on something, but then very low overhead when it’s simply serving static pages. Thanks to that, until the spam attacks started getting this bad, it played very nicely on my system. Since PHP has to process every page as it goes out, that’s more overall processing, and the question becomes whether PHP is resource-friendly enough on my box to be worth the switch. I’d used MT’s new PHP integration to dynamically generate pages for a while (before I decided that I wanted to integrate plugins that didn’t play nicely with the PHP code), and there was a noticeable lag when first requesting a page. More info on this aspect from any current WP or EE users (or even developers) would certainly be appreciated.

No matter what, though, I’m not going to be up and disappearing. I’m frustrated and annoyed by the whole situation (though not as much as I was yesterday), sure…but I’m not that easy to shut up, either. ;)

Oh, one other thing: if I do move to another system, I want to be able to use tags instead of categories. I know that there’s a plugin for this for Expression Engine (John‘s using it), and it appears that there is a hack for WordPress also (though that’s from a few months ago). Something else for me to investigate while I’m deciding which direction to head.

Update: I’ve had one vote against going to a dynamic system such as WP or EE. Phil (who I host) has both a WP and an MT weblog set up on my server. To compare the two, click these links and compare how long they take to load: MT (serving static pages) and WP (serving dynamic pages). It’s a noticeable difference, the MT site pops right up, while you can watch the WP site build the page. Off of that example, at least, I’m thinking sticking with MT and static pages is a good idea.

Update: Whee — I’m still getting comments, they’re just “old-school” e-mail comments. :) This is good. Both indieb0i and Ryan (and Gregor) have let me know about the Staticize plugin for WordPress, which “is a highly advanced caching engine that dynamically and automatically caches pages on your site that need to be cached, when they need to be cached.” Essentially, only the parts of the page that really need to be dynamically generated are, and the rest of the page is static (at least, that’s how I’m reading it). Nice, and puts WP back in the possibilities list. Thanks!

The Al-Can Highway is no more!

by

At least, according to Google’s nifty new Google Maps page, that’s the story.

No Alcan on Google

Realistically, I’m quite sure that this is simply because Google Maps doesn’t have the Canadian highway system in their database at the moment. Hopefully that’s only a temporary thing, as that is a search that returns good results in both Mapquest and Yahoo! Maps.

Still, it amused me.

Aside from that and the fact that Google Maps doesn’t work in Safari yet (they do say that they’re working on it), I’ve got to say that I’m very impressed. The maps are prettier than the other systems output, you can drag maps around within the interface (I followed the Glenn Highway out of Anchorage all the way out past Palmer just by dragging along), and from what Joel says, they’re more detailed in some respects than the other systems.

Worth playing with.

The Spammers Have Won (for now)

by

Until I have time to get in and do some rather major work on my webserver, I’m afraid that comments and TrackBacks are turned off. I really don’t like doing this — I like the interaction aspect, both getting into discussions and just knowing that people stop by here from time to time — but the attacks on the server have been too severe and too regular, and I’m tired of battling them.

I’m pretty sure that there have been three major things causing my problems.

  1. My server is just too old and slow to handle the attacks.

    Rather than paying for hosting space somewhere, I run my own webserver out of my apartment. This has quite a few advantages, in that I don’t have to worry about how much disk space I use, there are no bandwidth caps, and it’s allowed me to host websites for friends and family on the same server. However, the downside is that the server itself isn’t terribly powerful by today’s standards — only a single-processor 350Mhz G3.

    Now, really, that’s not that bad of a machine, and for general purposes — that is, serving static pages, which is what I started with years ago — it works wonderfully well. However, when I’m in the midst of getting hit by a spam attack, it just can’t handle the load, and it slows to the point of a virtual crawl. It’s never actually gone down — right now it’s showing a reported uptime of 197 days, 17 hours, and one minute — but there’s so much for it to process that it might as well go down.

    The issue is that comment attacks these days take the form of an automated script, or ‘bot’, that repeatedly and rapidly submits comments to the comment script on a weblog, sometimes hundreds of submissions per minute. While I have anti-spam measures such as MT-Blacklist installed, they still need to look at each submitted comment in order to determine whether it’s spam (and reject it), an actual user-submitted comment (and accept it), or something indeterminate (at which point it’s put into a moderation queue for me to look at).

    When I’m getting flooded with hundreds of comment submissions at a time, though, my server just can’t process the information fast enough to be able to respond, and my server essentially stops responding until it can work its way through everything.

  2. Renaming the comment script is pointless.

    One of the accepted methods of combatting the spam attacks is to rename the script that MT uses to accept and process comments, on the theory that the ‘bots’ that the spammers use then won’t be able to submit anything. This used to work, but now it’s painfully obvious that the spammers have upgraded their bots to parse through the HTML code of a page to find the name of the comment script. At this point, I can rename my comment script, and the attacks start again within a minute or two after I rebuild my site. So much for that idea.

  3. I made a mistake a while back that’s now biting me in the ass.

    The last time I set up my server, I made what in retrospect was obviously a mistake, though I didn’t think about it at the time. Each of the three primary accounts on my server — me, my dad, and Kirsten — use the same MySQL database for their MT data. Because of this, whenever a comment spam attack starts, it doesn’t matter which domain they’re aiming at — as the bot generally attacks by submitting a few comments to one entry ID number, then increments that by one and sends a few more comments, as it steps through entry IDs on the database it will end up hitting entries on every weblog in the database. A single comment attack on any single domain on my box can affect all three domains.

    Okay, yes, in retrospect, that was fairly amazingly dumb on my part. Of course, six months ago the comment spam attacks weren’t anywhere near the level that they are today, so it’s taken a while for this mistake to start showing the consequences. Things like this, however, are a big reason why I only provide hosting services for a few select friends and family, and I make sure they know that there may be occasional issues: as a sysadmin, I’m essentially learning as I go, which isn’t always the safest or most effective way to go about it. Kind of the webmaster’s version of driving by braille.

What I need to do now, then, is break everything down and start over. Luckily, I shouldn’t have to do a full nuke and pave on my server — just the MT systems. I need to do a complete export of all entries and comments for each weblog on the system, nuke the MySQL database that MT is using, then create three separate databases, reinstall MT, and re-import the weblogs. Not a fun process, but I think I should be able to do it fairly transparently, without losing all the various design tweaks and customizations we’ve made to the weblogs. It may result in anywhere from a few hours to a few days of downtime for the sites I host, but I’ll do my best to keep that to a minimum once I start.

Once I’ve done that, I’ll experiment with turning comments back on. I’m not entirely sure how that will go, as the spammers will still be able to attack, but at least at that point they’ll be limited to attacking one domain at a time instead of attacking one and getting two more in the process. This may or may not be enough to keep comments open…we’ll find out when I get to that point.

This has been a rough couple of days, and yesterday I skirted dangerously close to just pulling the plug on my server entirely. I started hosting my own websites back in 1995 because it was fun to do, and the project has grown over the years, always because I enjoyed it, and it’s fun to find all these neat new things that can be done. Installing MovableType, opening up comments to the world, hosting sites for Kirsten, Phil, and my dad — I love the fact that I can do this.

But these spam attacks have been taking all the fun out of it. Each time I see the server get hit and stop responding it gets more and more frustrating. Yesterday I was ready to just completely throw in the towel — at one point, even checking to see if it would be possible to import all my old entries into my LiveJournal account (it isn’t). Thankfully, after a couple hours of Prairie and Phil putting up with my whining and tossing ideas at me over IM, I just figured that even though I don’t like to do it, at this point simply turning off comments until I have a chance to rebuild the database and the MT installation was the best way to go.

So that’s where things stand at the moment. Feedback is still a good thing, so feel free to drop an e-mail my way if there’s something you’d like to toss my direction. Until I get the chance to spend a few hours/days doing maintenance on the box, though, this is how things stand.

iTunesSweet Home Chicago” by Blues Brothers, The from the album Blues Brothers, The (1980, 7:51).

Network Outage

by

One of the reasons I like Speakeasy — my ‘net connection just went down (and is still down as I type this, so nobody’s going to see this post until the issue is fixed). I called Speakeasy’s tech support, and got this automated message:

Thanks for calling Speakeasy. Some of our broadband customers in the greater Seattle area are currently reporting a network outage due to a vendor failure. We hope to have this resolved within 30 minutes.

(pause)

(big sigh)

If we’re lucky.

I can respect honesty like that.

Things seem to be up now, though (at least, DNS services are back, so websites are accessible again, though iChat can’t connect to the AIM network), so it was only about a ten minute outage. All in all, just a minor annoyance. These things happen.

iTunesBongo Tune” by Quarter from the album Essential Chillout (2000, 5:52).

Comments/TrackBack down until further notice

by

Dammit.

Comments and TrackBack pings are currently disabled at the server level back online for all sites I host (www.michaelhanscom.com, www.hanscomfamily.com, www.geekmuffin.com*). As I’ve done this at the server level, this is not reflected in the sites themselves: they all still look like they accept comments, but they won’t work.

I hope to be able to get them turned back on soon.

This may or may not be realistic. Much as I’d hate to have to turn them off permanently, unless I can find an effective block against the attacks that continue to cripple my server, it’s starting to look like a definite possibility.

This sucks.

Update: Okay, it’s all back up and running. One new software tweak, and another rename to the scripts.

I think I need to figure out a shell script that will rename the comment and trackback scripts, update the mt.cfg file with the new info, and then rebuild the sites on a weekly basis. Which wouldn’t be fun, but I really am running out of ideas short of entirely disabling comments and trackbacks or moving to another weblogging system, neither of which are very high on my list of things to do.

* Actually, www.geekmuffin.com will be ‘broken’ until a full rebuild is done. Unfortunately, as I don’t have rebuild rights for Kirsten’s site, she’ll need to do that on her own when she gets a moment. :)

iTunesBreathe” by Depeche Mode from the album Exciter (2001, 5:17).

No more combined feeds

by

While I’d been considering this for a little while, Dave’s ‘Information Aversion’ post prompted me to un-splice my Flickr photos from my RSS feeds. Having done that, I’ve updated my feeds page to list my current available syndication feeds, all broken out to allow readers to subscribe to as much or as little of my drivel as they please.

I now offer six different syndication feeds. The first three are various ways of getting actual weblog posts:

  • Excerpts Only: The lightest feed available, this will only deliver a short excerpt for each post. You’ll have to decide if you want to click through to my page to read the full post or not.

  • Full Posts: This is the default RSS feed for this site. The full front-page text of each post (extended entries are not included).

  • Full Posts with comments: This is the most information-rich feed. The full front-page text of each post is included (extended entries are not included), along with any comments made to that post. Entries will update in your RSS reader as new comments are added, until the post scrolls off the front page of my site.

The second three contain various extra information: comments to current active conversations on the weblog, interesting links I run across, and my photography.

All feeds are run through the Feedburner service in order to assure maximum compatibility and usability. Each feed will automatically optimize itself according to which aggregator requests it, and if anyone actually clicks on any of the feeds in a browser, rather than getting a page full of gobbledygook, they’ll get a nicely formatted page explaining what they’re seeing and providing them with a full complement of buttons to assist in subscribing them to whichever news aggregator they favor (try it out, it’s rather nifty — unless you use Safari, where this doesn’t seem to work…bummer).

(If you already subscribe to my del.icio.us or Flickr feeds directly through the respective services, there’s no real need to switch to using the Feedburner feed link — you’ll get the same information either way. Of course, if you do use the Feedburner feed link for those feeds, I’ll get more accurate statistics as to how many people are reading which RSS feeds, which makes me happy. Whatever works for you, though.)

iTunesLunatics Have Taken Over the Asylum, The” by Collide from the album Vortex (2004, 5:34).

I hate it when I’m stupid

by

A few months back, after having been a happy user of Six Apart‘s TypePad service for about a year and a half, I decided that I wanted to go back to having the finer level of control and options that Movable Type would offer, and moved my weblog back onto my own server. I made sure to make the move a couple months before my TypePad subscription ended, so that I would have time to move all my files over and off of their servers before I got locked out of my account.

Today I got a comment notification from my TypePad site. This was a bit surprising, as my account should have died in December. When I bounced over to the TypePad site, though, I was able to log in without a problem. Starting to wonder if I’d been stupid, I checked the Account status page.

Oh, dammit.

Sure enough, I’d made sure to save my credit card information and turn on auto-renewal at some point, and TypePad had very obligingly signed me up for another year of service in December. Me being my usual brilliant self with finances had never noticed this (in itself actually not a bad thing, though — I’m still far below where I’d like to be, but if I can take a $120 hit to my bank account without it causing major issues, things are definitely improving). I checked the TypePad FAQ, and sure enough, no refunds if you’ve paid in advance. Ah, well, that was what I expected anyway.

So now I’ve got a TypePad account that I’m not using that’s all paid up and useable until next December. What in the world do I do with that? I’ve discovered over time that I don’t do well trying to keep up with posting on multiple weblogs, so starting a second weblog just doesn’t seem like a realistic option. I don’t want to move back to TypePad — not only would that be a fairly major pain, but I don’t want to lose some of the extras I have with Movable Type that TypePad doesn’t offer. I use [Flickr][5] for my photos now, so a photoblog isn’t really necessary.

[5]: http://www.flickr.com/photos/djwudi/ Flickr: Photos from djwudi”

Prairie suggested I try selling it on Ebay, but there’s hassles with that. While I could probably delete most of my personal information, the URL for the site is djwudi.typepad.com, and I don’t want to hand the ‘djwudi’ name off to someone else — until I actually started using my full name regularly, ‘djwudi’ was my normal online ID, and I still use it in [quite a few places][7].

[7]: http://www.google.com/search?q=djwudi&ie=UTF-8&oe=UTF-8 Google for ‘djwudi'”

I guess I’ll just keep it around in case something really strikes my fancy and seems like a realistic project. No point in canceling it, as long as it’s paid up through the year, at least.

Happy Birthday Macintosh!

by

I’m a bit late to the party on this one, unfortunately, but the Macintosh turned 21 years old today.

Even better, there’s one heck of a birthday present to the Mac community out on the ‘net now: the long-lost video of the original introduction of the Mac by Steve Jobs.

21 years ago today, on January 24th 1984, Apple introduced the Macintosh. And we’ve seen that 1984 wasn’t like 1984.

What we’ve never seen indeed, was the big day itself. Lots of historic stuff has been preserved – images, texts, even sounds, and the saga has been told on and on. However only very few people have actually seen how Steve Jobs pulls the first Mac out of this bag, how the Mac introduces itself to the public, Steves biggest grin ever, and how he is obviously overwhelmed by this moment in the Cupertino Flint Center.

Fear not, faithful Mac believers. We have found it. We have found what seems to be the only copy of a public TV broadcast on that very day. It was recorded and preserved by Scott Knaster, the “legendary Mac hacker”, as Amazon puts it. Scott kept the tape (a NTSC Betamax III longplay) for 21 years since he keeps everything. Andy Hertzfeld saw it when he wrote the story ‘The Times They Are A-Changin’‘ on folklore.org. From there we followed the hints, and that’s how we found it.

We worked with Scott to convert it from NTSC to PAL, we’ve polished it, cleaned it, huged it and digitzed it. Here it is. It goes back to the people who’ve made the Macintosh, and to the world. The complete material of about 2 hours is returned to Scott, Andy and the folklore.org people, and this weblog will report the story of the “missing 1984 video” in detail. We’ll release other clips in the coming days, so bookmark and check back.

But now, Ladies and Gentlemen: please welcome – the 1984 Macintosh introduction video. A travel back in time…

(via MeFi)

iTunesGimme Shelter” by Sisters of Mercy, The from the album Some Girls Wander By Mistake (1983, 5:58).

Stop!

by

The Windows Error Message Generator allowed me to recreate (to the best of my ability) the single funniest and most exasperating error messages I’ve ever seen on a Windows machine. I don’t remember what I was doing, but I ran across this dialog box while on one of the Windows boxes at my old job at Kinko’s in Anchorage:

Stop

Not only did it give no indication of just what had gone wrong, but it told you to stop whatever it was you were doing without providing a ‘Cancel’ button. Just ‘Stop’ — ‘Okay’. A definite funny-because-it’s-stupid moment.

(via Boing Boing)

iTunesI Love You…I’ll Kill You” by Enigma from the album Cross of Changes, The (1993, 8:50).

Death of a Spammer, in a Place Called Hope

by

THIS STORY IS FICTION

Death of a Spammer, in a Place Called Hope

By Todd F. Bryant
Staff Writer

HOPE, CA — In this dusty Mojave town, pop. 5000, which averages roughly one murder per decade, Sheriff James Wilcox recently encountered the first serious crime he was unable to solve in his 25-year law enforcement career.

“Incidents like this don’t happen here,” said the 50-year-old Wilcox, who has one deputy, his daughter, and operates out of a converted construction trailer with a single makeshift cell, which is rarely occupied. “We’re not exactly Crime City, U.S.A.”

The crime was murder. The victim was a local resident, a white male, 42, shot six times in the chest and arms. The time was roughly 4 p.m. The location was the post office. There were no witnesses. The Hope post office is staffed only 4 hours a day, but the lobby doors are unlocked around the clock so that residents can access their post-office boxes. The victim, Keith James Lawrence, unmarried, was gunned down in the post-office-box area.

“Heidi [his daughter] and I knew this was going to be a tough one,” said Wilcox. “Nobody around to see it. Nobody even heard any shots. Not even a suspicious vehicle seen in the area. Just bad luck for us. It happens.”

It was during the autopsy that things took a turn for the weird. The medical examiner noticed an obstruction lodged deep in the victim’s throat. He reached in and pulled out the objectÐa can of Spam. “I knew then that we had something that was maybe out of our league,” said the examiner, Dr. Anu Ram, a surgeon at Mojave County Hospital. “I mean, we don’t know anything about serial killers here, and I told Jim [Wilcox], ‘This is really scary. It’s probably some guy traveling around killing random people, and this is his signature.'”

It is perhaps only in small rural towns like Hope that a can of Spam and murder wouldn’t immediately conjure up an obvious hypothesis. Wilcox, while not oblivious to the existence of the World Wide Web and email, did not have an Internet connection and hadn’t heard the word “spam” used in the context of junk mail. It was only when Wilcox talked to his daughter on the phone two days after the crime (she had gone out of town for a scheduled visit with her husband’s relatives), that the pieces began to fit together. “I told her the victim had a post-office box there, that it had letters in it, with money in the form of money orders and cash, generally five dollars each, and it appeared he was running some kind of a business selling information for a few bucks a pop. It looked legitimate to me, so I wasn’t focusing on that. And then I told her about the can of Spam.”

“I knew right then, or at least I thought I did, what the motive was,” says Heidi Jensen, 29, who has worked with her father since she was 17. “I said, ‘Daddy, this guy is a spammer.’ And he goes, ‘A what?’ And I’m like, ‘A spammer, he sends out those messages, you know, “make money fast” and “get a new mortgage” and stuff.’ He had no idea what I was talking about. He refused to believe that spam could be a motive for murder. I’m like, ‘Daddy, you’re not on AOL, you don’t understand.'”

But Wilcox was not one to ignore what he calls his daughter’s “intuition.” He acquired an expert in computers–by calling the local computer store, and securing the services of a clerk for $10 an hour–and examined Lawrence’s Dell computer hard drive and dozens of CD-ROMs. “It was true, this guy was a spammer,” said Wilcox, who is now well-versed in Internet lingo. “He had literally millions of e-mail addresses, and lots of bills from different ISPs, and we determined he’d been doing this for about two years. He grossed about $5,000 a year from it.”

At that point, Wilcox called the FBI, who sent an agent to help him scan Lawrence’s email and snail-mail records for any particularly hostile messages. Not surprisingly, they found quite a few. In fact, they found so many that they stopped cataloguing them when they reached 200.

“This case is impossible,” said Wilcox, shaking his head. “I mean, if you add up all the spam recipients who threatened his life directly, that’s probably ten thousand right there, probably more. And really, it’s the ones that don’t make overt threats who are usually the perpetrators in grudge cases like this, because the folks who write the poison-pen letters get it out of their system. So now you’ve got to add all of the other people on those CD-ROMs to the list. There’s roughly 20 or 30 million suspects in this case, all over the world.”

Wilcox tracked down a few more manageable leads. “I thought maybe one of Lawrence’s acquaintances might have killed him, knowing he was a spammer, and made it look like a grudge crime. But, no, that didn’t really pan out. I couldn’t find anything substantial there.”

Both the Mojave Sheriff’s department and the FBI classify the case as open. At this writing, ten weeks after the murder, no suspects have been interviewed.

“Will [the killer] do it again?” Wilcox asks. “I don’t know. But I don’t think he was mad at Stanley Lawrence the person. I think he was mad at spammers. And there are a lot of spammers out there.

“And I’ll tell you this much: I wouldn’t want to be one.”

For more information on just what this is all about, check in with Brian Flemming.

(via John)

iTunesBizarre Love Triangle (Hot Tracks)“ by New Order from the album Hot Tracks 15th Anniversary Collectors Edition (1997, 8:05).