Microsoft: Error in Buffer-Overflow Protection is Not a Vulnerability - sure. Bill Gates wants to make the net more secure. So a bug is simply not declared as a security vulnerability. Never mind that you can catch a Trojan or virus on Windows faster than you can say boo - and that this one can use exactly this hole to knock down the whole nice security system. What nonsense again...
Archive 27.1.2005 - 2.2.2005
Just a Test for Quotation Marks
Quotation marks – and other special characters – are important … said Gerrit.
If it really comes to pass that Scharping runs as BDR president I can only quote the red rascals: folks, try to vote for goat
fast small web servers
lighttpd is a small, fast web server with a quite impressive feature set and the clear goal of being faster and more resource-efficient than Apache. CGI, FastCGI, and PHP (via FastCGI) are also supported, making it suitable for dynamic pages as well. Maybe I should take a closer look at it.
leahhttpd is another small web server with a focus on low resource usage and high performance. Here too, there's quite an impressive feature spectrum.
boa is the grandfather of web servers with a performance and resource focus. However, it only offers CGI as an option for dynamic content. So it's better suited for serving purely static content.
Of all three, lighttpd looks the most interesting, among other things because of its good support for interfaces for dynamic content. Especially since the server already has a built-in FastCGI load balancer, making it designed for larger loads right out of the box. And the focus on FastCGI instead of built-in modules offers additional possibilities for security - the FastCGI process can run under a different (restricted) user.
Strange Business Ideas at Providers
As much as I like Hetzner as a provider, sometimes they come up with weird ideas. Now you can also get additional IPs for your entry server (their starter package). However, these cost a monthly fee per IP - which is actually pretty strange, since IP addresses aren't supposed to be sold according to RIPE - but okay, whatever. I'd be willing to pay a moderate amount for an additional IP.
But the idea that my 250 GB free volume only applies to the main IP and every started GB on the additional IPs has to be paid for, even if there's still plenty of free volume on the main IP - sorry, but that's just plain stupid. That way you end up paying double and triple for the additional IPs. No way. A second IP address for test installations or an isolated chroot jail with isolated software setup isn't that important to me.
In fairness, it should be mentioned that the next larger root server solution from Hetzner does have IPs as needed without a monthly fee. But how the free volume is distributed there, I don't know - it's not clear from their websites anyway.
Well, up until now Hetzner has always surprised me by eventually just dropping strange and absurd ideas and replacing them with sensible solutions (like the long overdue emergency boot system that's now available, or the option for hardware upgrades on the entry server). I'm not giving up hope on the additional IPs either.
Auch Affen zahlen für schöne Frauen - and next the spammers will send their spam to the zoos
The Almighty Fantasies of Interior Ministers
junge welt from 01.02.2005 - The data collectors flip out - yeah, great idea. According to Beckstein, Schünemann and Schily, administrative offenses and anti-nuclear demonstrations should lead to genetic profiling. And onwards into the police state, so that we can nicely keep deviant opinions and the lumpenproletariat under control. Because then we'd all be so terribly safe.
Who actually protects us effectively from crazy politicians?
eAccelerator is another PHP accelerator. It is based on the Turck mmCache source, but is actively being developed.
Esser wants to squeeze 200,000 euros from NRW - Ripping off millions by selling your employees and then suing for damages. Poor, misunderstood manager
Gizmodo : Epson HX-20 Portable Computer - a really nice device. I treated myself to one a while back - as a complement to my two PX-8 computers. Really cute what was in use back then. And playing around with it is simply fun.
Heise.de down due to DDOS
Der Schockwellenreiter has the press release from Heise about it. Something like that is really awful and I'm keeping my fingers crossed for the Heise technicians that they get it under control as soon as possible. As a sysadmin, you always suffer along with something like this.
Huh? Media numbers in January ...
Actually, I don't usually mention these things, since they're kind of trivial. But I was a bit surprised today:
8210 visitors 15413 visits 73858 page views 1.96 GB traffic
That's significantly more than I usually get. Strange. And that's not even including the first week of the month, when the whole thing was still running on PyDS. By the way, I'm also getting more comments than usual. Strange. I'm not writing any better than I normally do...
IBM drags Intel into SCO case
GROKLAW has reported that IBM is pulling Intel into the proceedings against SCO with a subpoena and wants to force them to testify. Interesting - because as far as I know, Intel hasn't been part of the discussion so far as to whether they could have anything to do with it. The fact that IBM is bringing them in by means of a subpoena certainly suggests that IBM believes Intel knows something that Intel is unwilling to disclose voluntarily.
Kanther faces penalties - as much as I would welcome it, I won't believe it until the verdict is on the table. And the next courts have ruled. Because somehow the rip-off artists always manage to wriggle out of it anyway ...
The Free Legal Advice for Open-Source Developers is certainly probably only really useful for US American developers - but perhaps something comparable will come to Europe as well.
Microsoft and Macrovision want to close the "analog gap" - great. Just great. Eventually you'll be able to throw the whole garbage out the window because you can't use anything properly anymore without constant regulation. Lots of great ideas for copy protection that are all rubbish anyway and actually don't prevent anything - except completely legal use on some old device or a new one where some garbage collides with other garbage. What a mess.
Nuclear Elephant: DSPAM
Nuclear Elephant: DSPAM is a Bayesian spam filter. However, it's one that doesn't just run for a single user, but typically for an entire group of users. I have it running on simon.bofh.ms to scan all the mailboxes there - it integrates well and has a whole range of interesting features. On one hand, there's the web interface for managing the spam filter, and on the other hand, there's the quite pragmatic method for reporting false detections to the filter. Also nice is the quite broad support for databases (MySQL, PostgreSQL, SQLite, and several db* types). Overall, it makes a really well-rounded impression - the only downside is the lack of translation for the interface.
Whether it actually filters well, I of course can't say yet due to lack of volume - the emails first need to accumulate and be trained. User reports are, however - typical for Bayesian spam filters - quite positive.
Found at Schneier on Security: the weakest link. So much for the topic of security.
Solaris 10 is now available for free download - even though I certainly won't be using it in production, it would definitely be worth taking a look at.
Away with Trackback
Isotopp is pondering trackback spam on the occasion of spam day and presents several approaches. One of them uses a counter-check of the trackback URL against the IP of the submitting computer - if the computer has a different IP than the server advertised in the trackback, it would probably be spam. I've written down my own comments on this - and explained why I'd rather be rid of trackback today than tomorrow. Completely. And yes, that's a complete 180-degree turn on my part regarding trackback.
The IP test approach once again comes from the perspective of pure server-based blogs. But there's unfortunately a large heap of trackback-capable software installations that don't need to run (and often don't run) on the server where the blog pages are located - all tools that produce static output, for example. Large installations are Radio Userland blogs. Smaller PyDS blogs. Or also Blosxom variants in offline mode (provided there are now trackback-capable versions - but since they're typical hacker tools, they definitely exist).
Then there are the various tools that aren't trackback-capable, where users then use an external trackback agent to submit trackbacks.
And last but not least, there are also the various Blogger/MetaWeblogAPI clients that submit the trackback themselves because, for example, only MoveableType in the MetaWeblogAPI allows triggering trackbacks, but other APIs don't.
Because of this, the IP approach is either only to be seen as a filter that lets through some of the trackbacks, or it's a prevention of trackbacks from the users mentioned above. And the latter would be extremely unpleasant.
Actually, the problem is quite simple: Trackback is a sick protocol that was stitched together with a hot needle, without the developer giving even a moment's thought to the whole thing. And therefore belongs, in my opinion, on the garbage heap of API history. The fact that I support it here is simply because WordPress implemented it by default. Once the manual moderation effort becomes too high, trackback will be completely removed here.
Sorry, but on the trackback point the MoveableType makers really showed a closeness to Microsoft behavior: pushed through a completely inadequate pseudo-standard via market dominance - without giving even a thought to the security implications. Why do you think RFCs always have a corresponding section on security problems as mandatory? Unfortunately, all the blog developers faithfully followed along (yes, me too - at Python Desktop Server) and now we're stuck with this silly protocol. And its - completely predictable - problems.
Better to develop and push a better alternative now - for example PingBack. With PingBack, it's defined that the page that wants to execute a PingBack to another page must really contain this link there exactly as it is - in the API, two URLs are always transmitted, its own and the foreign URL. The own URL must point to the foreign URL in the source, only then will the foreign server accept the PingBack.
For spammers this is pretty absurd to handle - they would have to rebuild the page before every spam or ensure through appropriate server mechanisms that the spammed weblogs then present a page during testing that contains this link. Of course that's quite doable - but the effort is significantly higher and due to the necessary server technology, this is no longer feasible with foreign open proxies and/or dial-up access.
Because of this, the right approach would simply be to switch the link protocol. Away with Trackback. You can't plug the trackback hole. PS: anyone who looks at my trackback in Isotopp's post will immediately see the second problem with trackback: apart from the huge security problem, the character set support of trackbacks is simply a complete disaster. The original author of the pseudo-standard didn't think for a minute about possible problems here either. And then some people still wonder why TypeKey from the MoveableType people isn't so well accepted - sorry, but people who make such lousy standards won't be getting my login management either ...
Interview with a link spammer | The Register - of course this could be fake, but the guys from The Register claim they conducted an interview here with a blog spammer.
IT Manager's Journal | Bitter struggle to control SCO Group parent company - cool, the SCO management is tearing itself apart in court proceedings
law blog » MONEY BACK FROM JAMBA & CO. - interesting reference and interesting discussion on the question of whether parents have to get money back from Jamba if they demand it - and their children who are not fully legally competent have taken out a subscription with Jamba.
Orange Data Mining
Another link for the number crunchers: Orange is a data mining library with Python integration and—at least judging by the screenshots—an interesting GUI.
How do you stand it?
Phil Ringnalda recounts his dream about the history of RSS, in which he finds himself in a conversation with early RSS developers discussing the technical choices and philosophical debates that shaped the format.
In the dream, Phil is asked by one of the developers: "How do you stand it?" — referring to the frustrations and complexities that came with RSS adoption and the various competing standards that emerged.
The post reflects on the tensions between simplicity and functionality, and how different visions for what RSS should be led to fragmentation in the ecosystem. Phil uses the dream narrative to explore the human and technical dimensions of this important web technology.
Note: The original source link appears to be from Phil Ringnalda's blog from 2005, discussing RSS history through a dream sequence narrative.
A series of small nice freeware tools for OS X. I particularly like the WordServices and the CalcService (a simple formula evaluator as a service).
SSH on Mobile
MidpSSH | SSH and Telnet client for MIDP / J2ME devices was recommended to me in the comments on an older post. I installed it on my phone and have to say, I'm impressed. Regardless of how silly the idea is to operate an SSH shell via a phone, it works. And with the macros, it could even be useful for some special cases.
Ok, it doesn't make a lot of sense for our server fleet - most of our servers aren't directly accessible from outside. And switching to the next server is quite annoying with mobile text input. But usually I only need access to the front servers to trigger actions from there - and where these are still missing, you could certainly set up scripts on the front servers.
US court: Guantanamo tribunals are unlawful | tagesschau.de - interesting. But whether that will impress Bush much?
WordPress Related Entries plugin
わさび » Archives » WordPress Related Entries plugin - a very nice little plugin that searches for related articles using MySQL's full-text index. Of course, this is only a fairly simple algorithm and the quality of results is nowhere near Google's level, but I installed it anyway. When you go to the detail page of a post (e.g., by clicking on the title), a list of up to 5 matching other articles is displayed.
I also expect this to give somewhat better positioning for various older posts - without having to remember to manually set a link to them every time (hey, most of the time I've forgotten about them myself!). And maybe it will also help people who come via search engines to find what they're looking for.
Besides, it's cool, and cool is good
Bill Gates will das Internet sicherer machen - will he discontinue the entire Windows operating system line and eliminate Internet Explorer?
Camera Bellows and Hoods - Bellows manufacturer that produces replacement bellows. Possibly a solution for my Fujica problem.
Camera Bellows Restoration Trick - Tips on the repair and sealing of camera bellows.
darcs - Distributed Versioning
darcs is one of many version control systems vying to succeed CVS. Specifically, darcs belongs to the class of distributed version control systems and is thus naturally superior to Subversion with its centralist approach (at least if you want to manage a distributed project and can't just get by with the central repository). Normally I wouldn't say much about something like this — after all, there are currently more version control projects than there were editors in the 80s. But seriously now: who can ignore a version control system that is written in a functional programming language with lazy evaluation (yes, exactly, this thing is in Haskell — so much for the claim that Haskell is unsuitable for practical projects) and describes itself as being based on a "theory of patches" with roots in quantum mechanics? And the programmers even use literate programming — yes, that somewhat forgotten method by Knuth of combining documentation and code in a single source file and developing a program from a documentation-centric perspective. Simply cool.
Reprinted Repair Manuals - all kinds of service manuals for all kinds of camera types.
Student must go to prison for one and a half years because of computer worm - but when will the company whose vulnerable garbage software enables these attacks finally be brought to court? They sit there and rake in billions - without being held liable for their product defects. Any automobile manufacturer whose products had such massive security flaws would have been sued into the ground long ago.
8 Pieces Winter
8 Pieces Winter - 1
This afternoon I had the opportunity to take the little digital camera for a walk. By the way, you can use "View Image" on the larger image to display the image in its original size - with newer images, these are then available in 800x600.
8 Pieces Winter - 2
"Bild" violates human dignity
BILDblog » "Bild" violates human dignity - and even gets this legally confirmed. Unfortunately just one of many cases. And I don't believe this will put an end to the smut journalism in Bild - they get stopped far too rarely for that.
fjf's (Cocoa) AbiWord for Mac (MacOSX) - funny, I don't seem to have linked to this yet. AbiWord is really a nice word processor. Certainly a worthwhile alternative to larger packages for occasional writers.
Music industry warns heise online over report on copying software
Music industry warns heise online over copying software report - I hope Heise's lawyers have a lot of fun when they (hopefully!) tear apart the music industry in court. I definitely trust Heise's lawyers much more than Waldorf and Stettler ...
I appreciate your message, but I notice you've provided a link and a brief description in German rather than a blog post body in Markdown format.
The description translates to: "Notify visitors about comment moderation in WordPress."
However, I'm designed to translate blog post bodies in Markdown format. To help you, please provide:
- The actual Markdown content of the blog post body that needs translation from German to English
- Not just the title and URL
Once you share the full blog post body, I'll translate it while preserving all Markdown formatting, code blocks, and links as instructed.
Stupid Spambot at Work
Right now a pretty stupidly constructed spambot is hammering away at my comment function and clogging up my moderation queue - nothing gets through from it because it's so stupid that it posts everything in plain text, loads of links and typical spam words. So it gets caught by the most basic filters. Nonetheless, something like this can of course have fallout - namely comments from others that end up in moderation (e.g. because the number of links is too high) could be overlooked by me in the mess of hundreds of spam comments and accidentally deleted along with it. If that happens, it's not personal. I just don't feel like scrutinizing carefully when dealing with several hundred spam comments to make sure I'm really only deleting spam...
Update: After taking a closer look at it, I've put it in /dev/null for now - the moderation queue is no longer burdened by it and legitimate moderated comments won't accidentally get deleted. What struck me during the closer examination: a large number of very widely scattered IP addresses are being used. Sounds very much like a botnet, especially since the IP addresses, based on spot checks, appear to all be dynamic dialup addresses. So our friends with remotely controlled Windows machines are once again the horse that spam rides on here. Great. Thanks, Microsoft...
DNA Analysis in the Bundestag
DNA Analysis in the Bundestag [raben.horst] - and so we continue building the police state. Never mind that the Constitutional Court restricted the use of DNA samples to particularly serious crimes. Never mind that genetic fingerprinting - and still compulsory - offers far more possibilities than conventional fingerprints. As long as the hardliners get their surveillance and control obsession confirmed.