Category: Technology

Blacklists are evil

Post author By Shelley Powers
Post date August 22, 2004

I have said it before and will say it again – blacklists are evil.

In an effort to reduce the serious spammer problems we’ve been having (specifically my domain and some others are being targetted), Hosting Matters is now blocking SMTP access based on IP addresses from some kind of ‘list’. Well, Charter cable is on that list, which means I can’t send email. HM put back the block of IP addresses I was in when I couldn’t send before–but my cable company just now changed my IP address, and I am, again, blocked from responding to an email.

(Update: and HM is again whitelisting the block holding my IP address – Annette and the gang respond faster than any other ISP I’ve ever had.)

I wish people would remember that the bad guys can route around blocks and blacklists faster than the rest of us can.

In the meantime, please direct all email to me – and I mean all – to my gmail account (in the sidebar). I’m a bit worried about the reliability of gmail, too, but at least I can respond back in this system.

I think Hosting Matters is the best ISP there is, and appreciate their interest in keeping us up and running, and bug and collapse free (they’re obsessed with this–I like this in an ISP).

But blacklists are evil.

Technology Weblogging

Unscheduled downtime

Post author By Shelley Powers
Post date August 19, 2004

Recovered from the Wayback Machine.

The server hosting my domains has been under attack from the spammers, and ended up going down yesterday afternoon and today. Downtime wasn’t long – long enough to eliminate the problem; but I’m concerned this is the start of a persistent problem when I heard what caused the shutdowns: yesterday’s attack was a Movable Type comment spammer attack, and today’s problem was a copy of mt-blacklist that spiraled out of control.

Hosting Matters, my hosting company, was on the problem immediately, and solved it quickly – but there is only so much they can do. The problem is installations of Movable Type that are wide open, or only partially protected. And it seems like part of the problem could be inproper installations of mt-blacklist.

Those of you with Movable Type are going to have to put whatever measures you can into place, not only to protext yourself, but also to protect others on your servers. I imagine that if enough hosts run into this problem with Movable Type, they may restrict its use.

No, let’s be a bit stronger with this statement: they will start to restrict its use.

If you’re running Movable Type, you really need to upgrade to whatever installation is the most secure, and you’re going to have to install mt-blacklist for that installation. At this time, this is the only known comment spam application that seems to help with the problems. I believe that the most recent release of Movable Type is 3.0, a developer’s release; Jay Allen has put out an emergency release for this version.

However, I can’t recommend that people go to a developer’s release unless they’re comfortable working with a version of the software that is intended primarily for developers. Not unless Six Apart comes out with some form of official recommendation that Movable Type users go this route. I’ve sent an email to the folks there, telling them that I’m getting emails from folks asking help, and what course they should follow. When I hear back, I’ll post an update.

If the official word is to go to 3.0 and the emergency release of mt-blacklist, and you’re having problems with the upgrade or installation, I’ll volunteer to help those who need help, either with upgrading to 3.0, installing mt-blacklist, or both. I’ll also help Movable Type users to close down older comments – older comments are the ones being attacked–using direct SQL statements, as long as they’re willing to give me temporary database access. Knowing webloggers, I’m sure that others with experience with Movable Type will also offer their help.

In addition, those with the 2.6x installations that have followed these comment spam protection steps that I outlined long ago have said that they haven’t had comment spam problems since. I don’t know for sure if this is still true or not. If true, and you don’t want to go to 3.x, you might want to consider checking out these steps. Again, holler if you need help.

You might be thinking of jumping to WordPress right now just to escape the comment problem. I can understand your wanting to do this–the comment spam problem is out of control. However, if you’re happy with the tool and Six Apart and the only reason you would do this is comment moderation, you might want to hold on making a switch until you see what the 3.1 release has; then if you decide you want to make a move to WordPress, or Textpattern, or any other tools, and need help, holler.

Regardless, you can’t leave your Movable Type installations unprotected, with open comments. You’re going to get yourself kicked off your server.

As a note unrelated to Movable Type, email spammers have been running ‘dictionary listing’ spam attacks against my domain and others. What this means is that the spammers randomly generate names, attach these to domain addresses and send them out. If a name doesn’t bounce back from the email server as not belonging to a person, the spammers then know that they’ve most likely found a valid email address.

Hosting Matters is going through some extraordinary efforts to try and stop these attacks, and there is a chance that emails to me have been bounced, or will be bounced. If so, send me an email to my gmail account, listed in the sidebar, and I’ll see about getting you back in.

Update

Since Hosting Matters isn’t comfortable specifically saying that MT was the problem this week (because there were the spambots, too), and since the folks that asked for help haven’t said anything online, I do come across as alarmist.

Perhaps I am. I’ve been told that MT 3.1 should be out by month end of so. Since there is little outward indication of problems with MT other than this post, I withdraw my statements in this post.

Best of luck to the Movable Type users moving forward.

Diversity XHTML/HTML

The women of XML

Post author By Shelley Powers
Post date August 18, 2004

Dare Obasanjo wrote a terrific post in response to my noticing that the Applied XML Conference had no women speakers. He listed out several women in the XML world who would be great speakers, several of whom I was familiar and agree with him, 100%.

In particular, I would be intrigued by a presentation by Lanqing Dai, who is now working with WinFS, but used to work with the XmlDocument class. The subject of WinFS came up in conversation in a thread associated with a post I wrote over at Practical RDF, and I’ve been wanting to learn more about it.

(Yes, time to drop some of my bias about Longhorn and take a closer look at the technologies.)

Another person to add to this list of exceptional XML leaders and practioners would be Dorothea Salo, who recently gave a tutorial on XML classification systems at Extreme Markup, and who was also one of my tech editors for the Practical RDF book.

Diversity Technology

Differences of humor

Post author By Shelley Powers
Post date August 16, 2004

Recovered from the Wayback Machine.

Sam Ruby has posted a note about the upcoming Applied XML Conference put on by Chris Sells.

When I looked at the agenda and realized that the conference managed to put together two days worth of presentations without one woman speaker, I was moved to note in comments at Sam’s:

For entertainment, is the conference going to bring in strippers and see if they validate?

Personally, I thought it was funny. Sam didn’t and pulled the comment. Isn’t this environment a tough one when it comes to figuring out what each sex considers objectionable?

update

Sam left a comment saying he didn’t delete my comment. My mistake, Sam, sorry for saying you did.

So does this mean you think this comment is funny after all?

Technology

New tech toys

Post author By Shelley Powers
Post date August 12, 2004

I love technology that not only is free, it can satisfy even the most dedicated tweaker. I just upgraded to the recent release of Firefox, and have been exploring all the many extensions to the browser, including the rather amazing Web Developers toolbar.

At one point, I had so many toolbars open that the browser space was limited to a thin strip at the bottom. Thinking that this might defeat the original purpose of the tool – it being a browser – I turned off the visibility to all but the Navigation Toolbar, and that nifty web development toolbar.

I’ve also been creating search engine plugins for Firefox, including one for my own weblog. Heck, I just know that readers will want to know what I’ve said on any particular topic, so feel I am providing a real service with this addition. (Other WordPress sites can do this easily, by copying my plugin and replacing the relevant information).

Since not everyone will consider me the definitive expert on all subjects – and why is that? – I’ve also created a Technorati, Bloglines, and a Nationmaster search engine plugins. I’ve sent all three of these into the Search Engine site (though I imagine other versions have been created and sent it and just haven’t been posted yet).

That Nationmaster search engine is for a site I stumbled across that aggregates information and statistics about all the nations–providing comparison data, as well as an encyclopedia. Fascinating and useful resource. For instance, check out this comparison of the most militaristic nations.