May 31, 2004

Modern Stonehenge

APOD: 2004 May 28 - A Manhattan Sunset :

[On May 28], if it is clear, Manhattan will flood dramatically with sunlight just as the Sun sets precisely on the centerline of every street. Usually, the tall buildings that line the gridded streets of New York City's tallest borough will hide the setting Sun. This effect makes Manhattan a type of modern Stonehenge, although only aligned to about 30 degrees east of north.

I'll have to plan a trip next year.

Via Q Daily News

Posted by wasylik at 10:28 PM | Comments (0) | TrackBack

May 30, 2004

Gushers Of Filth

I get email notifications whenever someone leaves a comment on any blog I operate. Two days ago I got hit by hundreds of spam comment promoting some of the filthiest garbage on the net. I deleted them all.

A couple of features to this particular form of attack: twenty or so comments from the same IP address would get posted to a particular archive entry; then a new IP address would hit a new entry, and so on, for hundreds of posts.

Several hours later, I got hit again. After some investigation I determined a couple of things. First, the volume and timing of the posts made it clear this was an automated attack. Somehow the attacker had gotten a hold of my custom-named comment script and was submitting POST requests using that name. Total submissions: over 1,400.

That led to yesterday's notice. Any attempt to access the old comment script was redirected to a notice page, and a helpful php script emailed the offender's IP address to me.

A few hours ago I checked my mail and had almost a thousand notices that the spammer had hit the script. OK, so clearly the attacker isn't checking the results of his postings.

Then I checked my logs. The attacker was flooding me even as I was trying to stop him! I checked the attacker's current IP address, edited my .htaccess file, and banned it. Then I checked my logs again. The IP had changed in seconds! I banned the new IP. Same result.

I got pissed. I edited the .htaccess file to "deny from all." This shut down all web access to the domain. Then I checked my access and error logs again. An interesting pattern emerged. Each time the attacker got a "Forbidden" notice, the IP changed.

I amended my .htaccess file to deny access only to the comment script, and restored access to the site. Sure enough, the IP addresses kept changing. After a few minutes of "Forbidden" errors, the attacks stopped altogether. I'm sure they'll be back.

I deduce a couple of things from my observations:

  1. The speed of the attack - a post per second, on average - seems to indicate an automated attack.
  2. The attack bot adapts very quickly to IP banning and throttling.
  3. The attack bot uses hundreds, even thousands, of open proxies to work its black magic.
  4. After a few minutes of complete stonewalling, the bot apparently gives up.

I can think of two things that would help stop this type of attack. First, open web proxies either need to shut down or closely monitor themselves for abusive users. Second, blogs with automated comment forms may need to implement throttling without regard to IP address. I hate to turn comments off completely or switch to a registration system, but that might be necessary if this keeps happening.

UPDATE: Two of the websites advertised appear to be hosted by an American company, Atrivo.

This will be useful for law enforcement purposes.

Note to self: Consider additional measures.

Posted by wasylik at 11:35 PM | Comments (0) | TrackBack

May 29, 2004

Temporary Remedy

Comments are temporarily disabled server-wide due to criminal instrusions. They'll be back when I feel like it.

In the meantime you can submit your thoughts via the Contact link.

Posted by wasylik at 10:07 PM | Comments (0) | TrackBack

Wired Reports the Perpetual Beta Trend

Wired reports on the Perpetual Beta trend:

Many observers think not and suggest that a reliance on a perpetual beta period does users and developers alike a disservice.
Companies may also keep their products in beta indefinitely because during that period, they are likely soliciting invaluable usability input from users -- something they may no longer be able to do once they tell the world they have finished a product.

Perpetual Beta, doing a disservice to web users since 1999.

Posted by wasylik at 10:58 AM | Comments (0) | TrackBack

Buffalo Spammer Sent to the Slammer

Buffalo Spammer Gets Nine Years In the Slammer:

Carmack was accused of sending 825 million unsolicited e-mails through EarthLink accounts established with stolen identities. EarthLink won a $16.4 million judgment against Carmack last May and helped New York attorney general Eliot Spitzer investigate the criminal case.
Spitzer's office won a conviction of Carmack on 14 counts of fraud in April in the first case filed in New York under the state's 16-month-old identity-theft law.

This should send shock waves throughout the spam community, since virtually all spam now relies on fraudulent sender information to defeat spam filters.

According to MSNBC, Carmack was convicted of the crimes last March.

Posted by wasylik at 12:32 AM | Comments (0) | TrackBack

May 27, 2004

Kid Power

Now that Alex is walking, it seems he has far more energy than either of his parents. Maybe if we could figure out a way to utilize this idea we could harness that energy and save a little on the electric bill.

Link via Matt

Posted by wasylik at 03:33 PM | Comments (0) | TrackBack

Faux Geek

Tom outs a poser geek:

He mentioned LDAP. "Ah. What kind of LDAP stuff are you working on?" I asked.
"Oh, just some queries on an X400 server. Simple Stuff"
Why yes. Except it's X.500. And Queries aren't any good unless you're putting them to work WITH something. It's a Library Database, you have to be looking FOR something with a specific need, not just paging through the card catalog at random.

Looks like someone got mounted.

Posted by wasylik at 01:04 PM | Comments (0) | TrackBack

May 26, 2004

A Very Special Chain Letter

The lovely Mrs. W. received in today's mail a chain letter that may be the oddest thing I've ever seen. No word yet if she'll pass it on.

The names have been omitted to protect the freaky.

It's a Panty Exchange

Dear _________

Yup, that's right. This is a panty exchange. A what, you say? How does it work, you ask? Send one pair of NEW underwear (with tags still attached) to the person listed below as #1. Then send a copy of this letter to six of your MOST FUN FRIENDS. Move my name to the #1 slot and put your name as #2 on your letters.

This isn't a chain letter, it's just for fun!!! If you can't do this in one week, please let me know because it's not fair to the people who have participated and are waiting for their special undies to arrive.

A manilla envelope will mail the new panties nicely and you will receive 36 pairs of new underwear. It's fun to see the variety you will get. Be sure to include your size (don't be shy) and include any special kind of undies you prefer next to your name and address.

Now don't anyone drop out because face it, we could all use some fun, and the panties won't hurt either. Remember, 36 pairs for the price of 1!!! You should receive your new panties in about two weeks. That is, if you get your letters out right away!

Please don't spoil the fun by dropping out and stopping the flow of the pretty panties. Just join in and if you don't want to participate, please let me know as soon as possible.

Thanks and enjoy your fun new panties!!!

Size:
Special Panty Request:

Be sure to send a copy of the blank letter to each of your friends so they don't have to retype this letter.

HAVE FUN AND ENJOY!

What I want to know is... do I get to make the special request?

Posted by wasylik at 10:50 PM | Comments (0) | TrackBack

May 23, 2004

GMail TOS bans Checking Your Email

Matthew Thomas has discovered a fatal flaw in GMail's TOS:

From the Intellectual Property Rights section (emphasis added):
  • Accordingly, you agree that you will not copy, reproduce, alter, modify, or create derivative works from the Service. You also agree that you will not use any robot, spider, other automated device, or manual process to monitor or copy any content from the Service.
For me, being able to check my e-mail is a pretty important part of having an e-mail account. Oh well.

Ha. Matthew is right - the way this provision is worded, checking one's email, whether manually or via automated process, probably does violate the letter of the TOS. However, almost anyone interpreting this contract would consture that phrase within the cotext of the intent of the entire agreemenr - that is, to provide email services. So even a clever lawyer would probably fail to persuade a court that a user checking his email had violated the TOS.

Via NSLog

UPDATE: Not only is it bad legalese, but it's invalid HTML.

Posted by wasylik at 02:21 PM | Comments (0) | TrackBack

Washington's Other W Twins

Washington's Other W Twins:

This is what happens when Wonkette buys Washingtonienne "a" drink at 6PM: We didn't get home until 1AM. The evening began at the Four Seasons and ended in a suburban Virginia farmhouse. We did not, in the end, have to buy any of our own drinks. Pictures were taken. A cell phone was lost. This morning, Mr. Wonkette made us scrambled eggs.

Ah, but was there any a.... well, nevermind.

Also, the long-awaited Washington Post article is out, complete with glamour shot.

After weighing all the evidence, I have to say Ana Marie is far prettier, and obviously a lot smarter, than her partner in crime.

Posted by wasylik at 02:14 PM | Comments (0) | TrackBack

May 22, 2004

WordPress 1.2 Released

All you MT license protestors take note: WordPress 1.2 is out.

My favorites in the feature list:

  • Sub-categories: Categories can be arranged hierarchically and infinitely deep. Multiple categories combined with sub-categories gives WordPress the most comprehensive taxonomy system of any blogging software available.
  • RSS and LiveJournal Importers: The new RSS import script is the closest thing to an universal importer. It allows you to import entries from Radio weblogs even other blogging tools that we may not support specifically. The LiveJournal importer finally lets you have a full blooded self-hosted weblog without losing all your old LiveJournal posts.

You may have your own faves.

I'm not switching to WordPress yet - I'm playing with a copy but don't really grok it yet - but I can see a near future where I might make the switch.

Posted by wasylik at 08:42 AM | Comments (0) | TrackBack

Value Billing

the [non]billable hour
points to a white paper on "value billing" by professionals. In other words, instead of billing by the hour (or tenth of an hour) the professional charges a fee based on the value of the benefit provided to the client.

This trend is starting to take on momentum in the legal world and elsewhere. Professionals and their clients would do well to keep on eye on it. Plaintiffs' attorneys will note that contingency fees are the ultimate in "value billing" - you win or you go broke.

Posted by wasylik at 12:13 AM | Comments (0) | TrackBack

May 21, 2004

Wonkette Interviews Washingtonienne

It's the secret that everyone knew this week: the real identity of Washingtonienne, the sexually hyperactive weblogger and Senate staffer.

So if the name "Jessica Cutler" rings a bell - or even if not - head on over to read the exclusive, no-holds-barred, exclamation-pointerriffic interview: The Washingtonienne Interview!!

Rated R for adult language and sexuality.

Also, Jeremy Wahlman names names, while Ricky Vandal posts pictures, and might be making a sticky mess on his keyboard.

Posted by wasylik at 10:53 PM | Comments (0) | TrackBack

May 20, 2004

The Utility of Freedom

Of all the folks who have written about the new licenses that come with Movable Type's 3.0 release, perhaps none captures the essence as well as Mark Pilgrim: Freedom 0 [dive into mark]

What impresses me the most: putting one's money where one's mouth is.

Iíve taken the $535 that Movable Type would have cost me, and Iíve donated it to the WordPress developers.
Itís not about money; itís about freedom.

Mark realizes that freedom isn't free.

Posted by wasylik at 10:52 AM | Comments (0) | TrackBack