Categories
Technology Weblogging

Unscheduled downtime

Recovered from the Wayback Machine.

The server hosting my domains has been under attack from the spammers, and ended up going down yesterday afternoon and today. Downtime wasn’t long – long enough to eliminate the problem; but I’m concerned this is the start of a persistent problem when I heard what caused the shutdowns: yesterday’s attack was a Movable Type comment spammer attack, and today’s problem was a copy of mt-blacklist that spiraled out of control.

Hosting Matters, my hosting company, was on the problem immediately, and solved it quickly – but there is only so much they can do. The problem is installations of Movable Type that are wide open, or only partially protected. And it seems like part of the problem could be inproper installations of mt-blacklist.

Those of you with Movable Type are going to have to put whatever measures you can into place, not only to protext yourself, but also to protect others on your servers. I imagine that if enough hosts run into this problem with Movable Type, they may restrict its use.

No, let’s be a bit stronger with this statement: they will start to restrict its use.

If you’re running Movable Type, you really need to upgrade to whatever installation is the most secure, and you’re going to have to install mt-blacklist for that installation. At this time, this is the only known comment spam application that seems to help with the problems. I believe that the most recent release of Movable Type is 3.0, a developer’s release; Jay Allen has put out an emergency release for this version.

However, I can’t recommend that people go to a developer’s release unless they’re comfortable working with a version of the software that is intended primarily for developers. Not unless Six Apart comes out with some form of official recommendation that Movable Type users go this route. I’ve sent an email to the folks there, telling them that I’m getting emails from folks asking help, and what course they should follow. When I hear back, I’ll post an update.

If the official word is to go to 3.0 and the emergency release of mt-blacklist, and you’re having problems with the upgrade or installation, I’ll volunteer to help those who need help, either with upgrading to 3.0, installing mt-blacklist, or both. I’ll also help Movable Type users to close down older comments – older comments are the ones being attacked–using direct SQL statements, as long as they’re willing to give me temporary database access. Knowing webloggers, I’m sure that others with experience with Movable Type will also offer their help.

In addition, those with the 2.6x installations that have followed these comment spam protection steps that I outlined long ago have said that they haven’t had comment spam problems since. I don’t know for sure if this is still true or not. If true, and you don’t want to go to 3.x, you might want to consider checking out these steps. Again, holler if you need help.

You might be thinking of jumping to WordPress right now just to escape the comment problem. I can understand your wanting to do this–the comment spam problem is out of control. However, if you’re happy with the tool and Six Apart and the only reason you would do this is comment moderation, you might want to hold on making a switch until you see what the 3.1 release has; then if you decide you want to make a move to WordPress, or Textpattern, or any other tools, and need help, holler.

Regardless, you can’t leave your Movable Type installations unprotected, with open comments. You’re going to get yourself kicked off your server.

As a note unrelated to Movable Type, email spammers have been running ‘dictionary listing’ spam attacks against my domain and others. What this means is that the spammers randomly generate names, attach these to domain addresses and send them out. If a name doesn’t bounce back from the email server as not belonging to a person, the spammers then know that they’ve most likely found a valid email address.

Hosting Matters is going through some extraordinary efforts to try and stop these attacks, and there is a chance that emails to me have been bounced, or will be bounced. If so, send me an email to my gmail account, listed in the sidebar, and I’ll see about getting you back in.

Update

Since Hosting Matters isn’t comfortable specifically saying that MT was the problem this week (because there were the spambots, too), and since the folks that asked for help haven’t said anything online, I do come across as alarmist.

Perhaps I am. I’ve been told that MT 3.1 should be out by month end of so. Since there is little outward indication of problems with MT other than this post, I withdraw my statements in this post.

Best of luck to the Movable Type users moving forward.

Categories
Diversity XHTML/HTML

The women of XML

Dare Obasanjo wrote a terrific post in response to my noticing that the Applied XML Conference had no women speakers. He listed out several women in the XML world who would be great speakers, several of whom I was familiar and agree with him, 100%.

In particular, I would be intrigued by a presentation by Lanqing Dai, who is now working with WinFS, but used to work with the XmlDocument class. The subject of WinFS came up in conversation in a thread associated with a post I wrote over at Practical RDF, and I’ve been wanting to learn more about it.

(Yes, time to drop some of my bias about Longhorn and take a closer look at the technologies.)

Another person to add to this list of exceptional XML leaders and practioners would be Dorothea Salo, who recently gave a tutorial on XML classification systems at Extreme Markup, and who was also one of my tech editors for the Practical RDF book.

Categories
Diversity Technology

Differences of humor

Recovered from the Wayback Machine.

Sam Ruby has posted a note about the upcoming Applied XML Conference put on by Chris Sells.

When I looked at the agenda and realized that the conference managed to put together two days worth of presentations without one woman speaker, I was moved to note in comments at Sam’s:

For entertainment, is the conference going to bring in strippers and see if they validate?

Personally, I thought it was funny. Sam didn’t and pulled the comment. Isn’t this environment a tough one when it comes to figuring out what each sex considers objectionable?

update

Sam left a comment saying he didn’t delete my comment. My mistake, Sam, sorry for saying you did.

So does this mean you think this comment is funny after all?

Categories
Technology

New tech toys

I love technology that not only is free, it can satisfy even the most dedicated tweaker. I just upgraded to the recent release of Firefox, and have been exploring all the many extensions to the browser, including the rather amazing Web Developers toolbar.

At one point, I had so many toolbars open that the browser space was limited to a thin strip at the bottom. Thinking that this might defeat the original purpose of the tool – it being a browser – I turned off the visibility to all but the Navigation Toolbar, and that nifty web development toolbar.

I’ve also been creating search engine plugins for Firefox, including one for my own weblog. Heck, I just know that readers will want to know what I’ve said on any particular topic, so feel I am providing a real service with this addition. (Other WordPress sites can do this easily, by copying my plugin and replacing the relevant information).

Since not everyone will consider me the definitive expert on all subjects – and why is that? – I’ve also created a TechnoratiBloglines, and a Nationmaster search engine plugins. I’ve sent all three of these into the Search Engine site (though I imagine other versions have been created and sent it and just haven’t been posted yet).

That Nationmaster search engine is for a site I stumbled across that aggregates information and statistics about all the nations–providing comparison data, as well as an encyclopedia. Fascinating and useful resource. For instance, check out this comparison of the most militaristic nations.

Categories
Programming Languages

Survival Guide to LAMP: Prepare for prepare

Since PHP 5.0 released a day or so ago, I’ve been seeing how various applications I work with do in the new environment. Porting straight to PHP 5.0 seems to work just fine for the applications tested, including my weblogging tool, WordPress.

Ah, but there’s more to upgrades than just a simple turning off of one PHP version and turning on another. PHP 5.0 includes– in addition to the full support for object implementation and improved XML manipulation–some very slick database toys.

Though PHP is used with MySQL for the most part, look for more work with SQLite, as it’s now bundled with PHP. This lightweight little C-based database engine is ready to go as soon as you need it; for quick database development, it’s hard to resist its simplicity.

However, my heart still belongs to MySQL, and with the new version of MySQL and the new improved MySQL interface extension in PHP 5.0, the love affair continues to grow.

MySQL 4.1 is currently a beta release and should only be downloaded by developers. I found it installed easily and works nicely with existing applications; this includes the existing MySQL interface used by most weblogging tools, such as WordPress, Movable Type, and so on.

However, MySQL 4.1 has one particular new goodie that’s going to make a world of difference in performance with existing applications and that’s support for prepared statements.

Now, Oracle has had this functionality since before PHP was born, but Oracle started out as the 300 pound baby, who has since been finding ways to keep all of its great functionality while trimming down both size and cost. MySQL on the other hand, started out as a cute 6 pounder who couldn’t do much, but is learning quickly.

Prepared statements are a very simple but powerful technology. What happens is you create a statement as a template, with placeholders for values that will change each time the statement is run. You can then run the statement as many times as you want, changing the parameters as needed. We webloggers with our natural born ease around and comfort with templates should find prepared statements to be both friendly and familiar. I just know that this particular technology is what’s going to finally bring those hesitant about working with databases over to the wild data side.

Following is a very quick example of using the prepare statement functionality, tested on one of the WordPress tables ported to the new environment. This code ran successfully using the newly released PHP 5.0, the latest release of MySQL 4.1, in a Windows 2000 environment, under Apache 1.3x.

<?php
$link = mysqli_connect(“localhost”, “user”, “userpass”, “wordpress”);

/* check connection */
if (mysqli_connect_errno()) {
printf(“Connect failed: %sn”, mysqli_connect_error());
exit();
}

// create a prepared statement
if ($stmt = mysqli_prepare($link, “SELECT option_name FROM wp_options WHERE option_id=?”)) {

// bind incoming parameter
mysqli_stmt_bind_param($stmt, “i”, $id);

// bind result variables
mysqli_stmt_bind_result($stmt, $name);

// set input param, execute query and fetch and print value
$id = 77;

mysqli_stmt_execute($stmt);
mysqli_stmt_fetch($stmt);
printf(“option for id %s is %sn”, $id, $name);

// repeat with new input param
$id = 93;

mysqli_stmt_execute($stmt);
mysqli_stmt_fetch($stmt);
printf(“option for id %s is %sn”, $id, $name);

// close statement
mysqli_stmt_close($stmt);
}
else
printf(“prep failed: %sn”, mysqli_error());

// close connection
mysqli_close($link);
?>

This code demonstrates the procedural use of the new mysqli PHP interface, since this will probably be more familiar. I’ll demonstrate the use of objects the next time I try out a little of the new PHP 5.0 code.

In the example, a connection to the database is made, using the function mysqli_connect. Once the link is established and we know no error has occurred, the next thing that happens in the code is creating the prepared statement.

Notice the use of the question mark in the statement? This question mark serves as a placeholder for the input parameters that will be bound to the statement later in the code. It’s not different than the use of templates within your weblogging tool – each of them is replaced by ‘real data’ when the page is accessed or generated.

The function mysql_prepare takes the SQL passed to it, parses it, compiles it and then stores in in the database in a binary format that makes passing the data back and forth between the database and the application more efficient – a bonus for this type of statement.

Next in the code, it’s a matter of binding input and output parameters. For this example, there’s one of each. The input parameter is an integer so in the mysqli_stmt_bind_param function call, a value of ‘i’ is passed as the second parameter to define the data type of “integer”. The first parameter is the prepared statement, and the third is the actual variable that will be bound to the input parameter.

(By ‘binding’ what I mean is that changes to the variable are reflected in placeholder position in the prepared statement, each time it is executed.)

Next, the output parameter is defined, using the function mysqli_stmt_bind_result.

To test the statement, I assigned a value of 77 to the input parameter, executed the statement using mysqli_stmt_execute, fetched the result with mysql_stmt_fetch, and printed both values out. The result is:

option for id 77 is weblogs_xml_url

To demonstrate the reusability of the prepared statement, I assigned a new value to $id, this time a value of 93. Again, the statement is executed, and the resulting value fetched and printed out along with the input parameter. The resulting line from this second run of the prepared statement is:

option for id 93 is blog_charset

The prepared statement will continue to reside at the database until the application goes out of scope (beyond the current operating environment), or until the statement is closed, whichever comes first.

How can something like prepared statements help out in a weblogging environment? For the weblogging application I use, it’s not unusual for us to have to access the posts or comments table more than once in order to process new comments or display or edit posts. In particular, because of my custom spam protection and moderation, I access both tables at least twice when a new comment is posted; with something like the prepared statement, I could improve the program readability, as well as efficiency. I may not get hundreds of comments a day, but as I said in the past – I’m a coding miser. The less work the application does, the happier I am. I and everyone who shares my machine.

However, before we all run out an upgrade to PHP 5.0 and MySQL 4.1, note that I could not complete the migration of WordPress to this new environment because one MySQLi function, mysqli_fetch_object, caused Apache 1.3x to throw a memory exception. That’s ’semi-crash’ for those of you who haven’t seen programs step all over each other’s toes in memory.

This is beta, new, in development code. Just the start of new things. But such great things. And I haven’t even covered all the new goodies coming out in MySQL 5.0.