Month: October 2002

Categories
Connecting Weblogging

Can anybody hear me?

Recovered from the Wayback Machine.

Anil Dash wrote about the battles he’s had with depression and encouraged other webloggers to discuss their own battles. Pretty gutsy thing to do, and smart — making good and healthy use of the increased exposure he received after his recent difficulties with the Little Green Football cartel.

Dorothea responded about her own fights with depression — not necessarily an easy topic to write about and the effort deserves quiet and thoughtful respect. And today Jeneane pointed to Anil’s suggestion, agreeing with his assessment that blogging can be good therapy.

I agree that weblogging can be cathartic, can connect us with others, and can open previously closed doors, internally and externally. However, weblogging as therapy isn’t for everyone.

The cathartic experience of writing our fears and troubles to a weblog can be accompanied by an increased vulnerability as we feel the pressure of such public exposure. And the experience of sharing our thoughts can be offset by the sadness one experiences when one reads about others’ happiness, family gatherings, companionship. Especially in the upcoming holiday season.

Ultimately, there’s the existential question that can take a weblogger down, and I’m not talking about web pages:

If I write a weblog and no one reads it, do I exist?

If this invokes laughter, it’s hollow laughter indeed.

Categories
Technology Weblogging

Comment spam quick fix

Recovered from the Wayback Machine.

Both Sam Ruby and Phil Ringnalda had good advice — don’t spend a lot of time on developing a solution to fixing the comment spam problem. Whatever I can do within the form, it’s a relatively simple matter for a spammer to read any form value and duplicate it in his spam blast.

I appreciate both their help in gently pointing out that I was spinning my wheels (but I have to get practice for ice driving).

So, here’s a quick fix — it will keep out the lightweights at least. It’s a start as other efforts are underway.

This approach will require you modifying the following MT templates:

Individual data entry
Comment Listing Template
Comment Preview Template
Comment Error Page

You’ll be adding the following field, on the line before the </form> tag:

 

<input type=”hidden” name=”snoop” value=”goaway” />

 

You can change both the name and the value field, as long as you’re consistent with the name throughout the templates and the code.

Next, open your mt-comments.cgi (or mt-comments.pl) file and add the following code just after the “use strict;” line:

 

use CGI qw(:standard);

if ($ENV{‘REQUEST_METHOD’} eq “POST”) {

my $data = param(‘snoop’);

die unless ($data);
}

 

Most everyone should have the CGI.pm perl module installed. Make sure to change ‘snoop’ to whatever your little secret field is (let’s all use different fields, make the spammer’s job a little tiny bit harder.

That’s it.

What happens is that when you post a comment, the code checks for a form field of “snoop”. If it doesn’t find it, it dies. Nothing fancy at all. This will show in your error log or web log file as a premature end to the script. It doesn’t prevent others from using the application, and doesn’t crash anything.

Again, this isn’t fancy, but it’s a start. Holler if you have questions. If you’re uncomfortable modifying mt-comments, let me know and I’ll help you. If you have a better solution, or see problems with mine, please let me know.

Again — thanks to Phil and Sam for advice, help, suggestions.

Update:

Mark has put together a nice re-cap on the whole comment spamming thing. What I just created is a ‘club’. I’m going in for an interview tomorrow and when they ask me what was the last application I worked on, I’ll answer “A club”. .

Categories
Technology Weblogging

Comment spam problem continued

Recovered from the Wayback Machine.

In regards to the comment spam problem mentioned earlier, one idea kicked around was checking the http_referer to make sure that the comment post came from the same server as the form.

We talked about the possibility of empty http_referers — not all browsers send a referrer and proxy servers can strip out the referrer. The solution would be to allow empty referrers in addition to referrers from the server. Unfortunately, though, allowing for empty http_referers will also allow in the comment spammer.

The reason why allowing empty referers opens the door to the spammer is the comment spamming code would invoke my comment code directly, not through a link from an HTML page. In this case http_referer would be empty.

I could become more restrictive, remove the permission for empty referrer, but if I do, I won’t be letting some of you through (as you’ve been kind enough to let me know via email tonight).

Sam Ruby had some good ideas such as putting hidden form fields into the comment forms and testing for these and this will be a next step. This means adding form fields to all templates related to comments, and then adding code to mt-comments.cgi. Doable, and many appreciations to Mr. Ruby for excellent ideas. (If you don’t know Sam, he works on some weird sounding things such as “Comanche” and “SOUP” — stuff like that).

A really nifty and difficult to crack approach (IMO) would be to take the person’s login name and the comment id for each comment and use these to create an encrypted value. Stuff this into an HTML form field. When the form is processed, test to see if the encrypted value checks out. If the person’s login name isn’t exposed, which is should NEVER be, it becomes a ‘key’ for the encryption, easily accessible to the MT program and the MT user, NOT to the spammer. And the different comment identifiers would make sure that the encrypted values changed with each comment.

Only problem with this solution is it would require cracking into the MT internal code.

Question: what do you think of this as a solution, and is it worth the time to do it?

(However, by now, Phil or someone else of like cailber will have found and coded a solution and have it half way distributed throughout the world. I should just leave these little challenges to others — what do I know?)

Categories
Political

Vote as if your life is dependent on it

In some ways, I don’t think there’s ever been a US election in this country that has more far reaching implications than the one next week.

If the Republicans gain control of the Senate next week, and maintain control of the House, they’ll have full control of the Senate, the House, and the Executive Branch of government. More importantly, if the Democrats lose control of the Senate, the Executive Branch will most likely read a message into the results: The American people support the bombing of Iraq, even if it means doing so unilaterally.

We’re in a recession, the unemployment numbers are high, and there are record numbers of people without adequate health insurance. This is in addition to depleted pension funds, fears for economic security, and a growing distrust of corporations. All of these are factors that favor a Democratic election. If the Democrats lose control of the Senate in spite of this, an interpretation can very easily be made that the issue of security is more important than issues of economics and social services.

In the last several months, our security and the invasion of Iraq have become quite heavily bound together. By voting security, or by saying to the President, “You have our full support, here’s a Senate and a House that will back you”, I’m fairly sure that there can be no chance of stopping an invasion of Iraq, even if the US can’t get support from allies and the attack becomes a unilateral invasion. I don’t want to say that President Bush is obsessed with invading Iraq, but I could comfortably say that this item is most likely the top of his agenda.

I am unhappy with the Democrats now. I am especially unhappy with the Democrats who voted to give President Bush what are essentially war powers in regards to Iraq. Among these are Jean Carnahan who is, in many ways, more semantically aligned with the Republicans than the Democrats. However, if she doesn’t win the election, Jim Talent will win and that’s one more nail in the coffin of Democratic control of the Senate.

Now is not the time to send messages to the Democratic Party that we’re unhappy with them by voting Green Party, or another party, or not voting at all. Regardless of whatever your views are in regards to so many differing issues, it’s vital now that we work to send one message, and one message only with this election: We the American people do not support an invasion of Iraq.

If nothing else, we need to send a message that we must be given time to understand the consequences of this action, and the alternatives.

Last week we watched Chechen rebels take over a theater in Russia. The end result is over 150 people dead. This in spite of Russian soldiers controlling Chechnya. Again and again we see that military action on the part of a government does not control or stop terrorism — terrorism transcends borders. If anything, military action encourages terrorism because it demonstrates to the non-extremists, those who are borderline, those who want peace but despair of ever getting it, that the only actions open to them is terrorism.

I wrote the following to Daniel Romano from the Green Party today:

Control of the Senate is up for grabs, and the race between Carnahan and Talent is incredibly close. Votes for the Green Party are pulled, as you know, from voters who would normally vote Democratic. And in a close race, this could be enough to give the election to Talent.

I know you have stated that you feel there is no difference between the two candidates, and I don’t like Carnahan either. I am extremely unhappy at her and other Democrats giving Bush what amounts to war powers. But the Democrats losing the Senate now would send a signal to the White House and Congress that issues of economics (normally the province of Dems) were not the key elements of the vote this year — that people are voting security. And this could, and in fact I believe it will, encourage our unilateral invasion of Iraq. This invasion would be disastrous, not only for the Iraqi people, but for ourselves, as well.

I know you know you don’t have a chance to win, but that you’re hoping to get enough of the vote to continue the Green Party on ballots. And normally if the threat of an invasion of Iraq wasn’t hanging over all our heads I would help — and send that clear message to the Democratic party. But now is not the time to focus on these issues. We have to do everything we can to send a message to Congress that we do not want this ‘war’.

Regardless of your political beliefs, whether you’re Republican or Democrat, Green Party, Libertarian or Independent, if you believe that a unilateral invasion of Iraq would be a mistake, and that we need to take time to think this issue through, then consider your vote next week. If you live in an area that has a hotly contested election, especially for the Senate (such as in Missouri), think about what your vote can do and say before you cast it. Then vote and send a message to the parties in your area why you voted as you did.

Vote as if your life is dependent on it, because it may very well be.

Categories
Technology Weblogging

Comment spammers redux

Recovered from the Wayback Machine.

Seems to be a technology day today.

Phil caught a comment spammer who was trying to dump spam comments in all of his posts. This process would work within any weblog that sequentially numbers weblog posts (ie Movable Type).

I’m going to try and tweak my mt-comments.cgi to stop POSTs from pages outside of my root URL. This is my way of warning you all that the comments, web pages, weblog may be a tad more behaviorally challenged than normal.

Update: I added checks on referers and this will prevent posts from locations other than my own weblog server. Unfortunately, as Phil pointed out, http referers are fairly easy to fake. I also wrote a test script that did so, and my checks failed to catch a ‘fake’ referer.

Still, it’s a start…

If you attempt to post a comment and fail, please send me an email and I’ll check to see what the problem is. Unless, of course, you’re the spammer. In which case: Eat dirt and die scuzzbucket!

Ahem. Thank you.