Category: Technology

Categories
Just Shelley Technology Weblogging

Goodbye Trackback

A long time ago I started work on a concept called threadneedle, a way to track threads of communication through weblogging. However, when Movable Type introduced the concept of Trackback, I dropped work on Threadneedle because Trackback provided much of the functionality I was hoping for from the original concept.

I loved Trackback. Now when you go to a site, not only can you read comments associated with a writing, you can see who linked to the writing from their own efforts. A little bit of extra functionality and you could follow a ladder of links, hopping from node to node following the conversation through many, many generations. Trackback was my friend.

Trackback is now my enemy.

I received several hundred pings with one of my posts today, courtesy of our favorite crapflooder. The link he used as the source weblog for the entry was from a weblogger who had managed to close this person down at his server. The person was pissed. However, the weblogger who had pissed off our crapflooder had protections in place to stop our friend from slamming him, so he went elsewhere.

Here.

Since the crapflooder, who goes by Dv, couldn’t punish the other weblogger, Geoffrey, he punished me instead.

(You can see a conversation between these two in my comments, starting here. Should delete them, I suppose. It’s become kind of a fascinating study though.)

(Before you even think about putting anything in my comments about IP address, be aware that we’ve gone beyond one static IP a long time ago. No, this person used a proxy to get IP addresses, and the pings originated from many different addresses. )

There are some people who have been working this problem. I’ll link one that I know has Trackback filtering, Jacques Distler (I’m not sure if the other people have Trackback throttling yet so I won’t link them for that reason, not to exclude them). There are no easy solutions to this problem, except for having to break into the Movable Type perl modules in order to add or alter code.

Well, I am comfortable with Perl. However, I am hesitant to make the number of changes to the number of modules and templates in order to get this working. More importantly, though, is that this solution puts the non-techs at a real disadvantage. If they copy modules right and left, one from mt-blacklist here, another for trackback throttling there, when MT 3.0 comes out, they are basically going to have one miserable time upgrading. It is becoming a mess.

Now, I can still make changes and tell the non-techs to ‘wing it’ for now.

“This here is where we separate the Men from the Boys, pardner.”

*ptoi*

“Yessiree Bob. Now we gonna know who got Code, and who don’t. And everyman for hisself.”

*ptoi*

“And, hee, hee, hee, hee, if you little ladies ask real nice, why, I might come over and give you a hand. Hee, hee, hee. If you know what I mean.”

*ptoi*

Well, of course that’s not how it is, other than I’ve been dying to write a scene like that for just forever. No, the technical folks around here are more than willing to share code, and provide help – but they can only do so much. They can’t help every non-tech weblogger who is using Trackback. Not and have any kind of a life.

We need one set of code, one set of fixes, packaged so that all the non-techs have to do is copy the files into their folders.

Of course, while waiting for this event, I am a target and it makes sense for me to make the change regardless of other folks. The problem though is our friend, Dv. You see, the weblogger who’s tangled with Dv told me that if he can’t go for you, he’ll go for someone else connected to you. How does someone connect to you? Well, through Trackback, of course.

So I make a change to throttle the Trackback, and you innocently enough Trackback to one of my posts; you’ve just put yourself right into that big red bullseye.

Of course, Dv probably will get tired eventually and move on, but I’m not going to take that chance. The only alternative I have is to turn Trackbacks off for all my posts. Until there’s a formal fix packaged for distribution that can be applied by techs and non-techs alike, to all intents and purposes, Trackback is broke.

But then, all it’s doing is following the path set by it’s cousin. I’ve been out and about this week, and let’s face it – comments are a mess. I’ve seen sites that use a visual indicator you have to type in exactly or the post won’t go through. This stops the auto-spamming. Unfortunately, it also stops people with visual impairment.

Others are using mt-blacklist, or some version of 2.661, but now these are becoming hacked together, and the code is beginning to resemble what’s left of two cars driven into each other at very fast speeds. But at least it’s easy to tell if you’re running 2.661 – you get this redirect page when you click on the URL. That’s so the comment spammers don’t get Google juice.

But that was yesterday’s problem. What new problem do you have for me today?

I think we’re all getting tired. I was tired earlier this week, but I felt like I’d let people down not keeping up the good fight. But now, I think I have a lot of company. I’m sorry, but there’s no graceful and politically correct way to say this: This is fucking ridiculous.

When I was 19, I roomed with another woman in an apartment in Kirkland, Washington. I ended up going out with one of the guys next door who had just broken up with his girlfriend.

One day, a group of us, a small group, were sitting around drinking beers and making plans for a boat race the following weekend. There was a knock at the door, and when we opened it, two cops entered the apartment. They’d had a call that a wild party was going on in the apartment, and we were all using dope.

Of course, the cops could see that no wild party was going on, and there was no evidence of drug use. In fact, one even said that they wondered if they had the right apartment because it was so quiet when they came to the door. They did a quick look around, apologized, and left.

Years later, I found out that the cops had been called by my boyfriend’s ex-girlfriend, anonymously. I found out because she’d bragged to one of her friends about it.

What does this have to do with the problem? Not a damn thing, other than when Dv hit today for some reason I was reminded of my boyfriend’s ex and the call to the cops.

Categories
Technology Weblogging

Listening to the customers

Recovered from the Wayback Machine.

Six Apart has released MT 2.66 specifically because of comment spam.

One change is throttle control, which means if you get hit from the same IP address with several comments in a row, MT will shut down the IP. This wouldn’t have helped with the recent comment blitz because that person used a proxy to vary the IP address with each comment. But it should help with the script kiddies.

The second change is one I, point blank, do not like. What happens is that a redirect is built into the management of comment author’s URL, so you get this silly little redirect page between clicking on the URL and getting to the URL. This supposedly is to stop the redirected URL from getting Google Buzz. However, people who have implemented this have said it doesn’t work. Not to mention that my good commenters no longer get Google goodness.

(And it does nothing about the spam comments that embed 100 different URLs into the comment body. )

I tried this at a site that’s upgraded – it busts the back button. There’s this ugly little redirect page. It’s awful.

Google is self-healing. Comment spam and Google is between the spammers and Google. I don’t care. I just don’t want to have to hand delete 500 comments, have to manually use SQL to do this, or use a blacklist that won’t scale.

I appreciate Six Apart trying, and I like the throttling, but all I want is good comment management. It’s not sexy tech, but it’s what we need. I’ll wait for 3.0 with the promised comment management. I also hope that we have the option to NOT use the redirect functionality. I don’t want to have to hack this out of the code.

Categories
Burningbird Technology Weblogging

MT Comment Help

Recovered from the Wayback Machine.

I’m not starting up Burningbird but a lot of good people were hit badly by a very sophisticated comment spam attack, including the Wayward webloggers who I’m responsible to.

The attackers this time only posted three comments to each post, each with different names, and different URLs. They either used spoofing or they’ve harnessed open computers to submit the comments – I think they’ve used traditional DDoS attacks this time, so be careful using IP banning, you could be banning innocent people.

Did mt-blacklist work? No. As I’ve said before, spammers have better habits then so-called legitimate developers, because they listen to their ‘customers’ and adapt accordingly.

In the meantime, clean up:

The only easy way to clean up is directly in MySQL. Even *mt-blacklist will require that you hunt down each individual URL and delete it – time consuming. If you don’t know how to access MySQL then ask for help in comments, send me an email, or ask help from your friends online.

In MySQL directly, or through PHPAdmin, to remove the comments, use the following:

delete from mt_comment where comment_created_on > ‘2004-01-12 15:40:08′;

Change the date to fit your needs, the format is yyyy-mm-dd hh:mm:ss. This will delete all comments after the timestamp. Be careful or you’ll lose comments you want to keep. In fact, always make a backup before you start global deletions. You can use mysqldump to back up your entire database at any time (check MySQL site for how to use mysqldump). Or you can use MT’s backup.

Once deleted, rebuild your site to clear the comments from your pages.

If you want, you can turn off comments on all entries older than 30 days using the following SQL:

update mt_entry set entry_allow_comments = 2 where
TO_DAYS(NOW()) – TO_DAYS(entry_created_on) >= 30;

This closes comments on all entries 30 days old or older. Most comment spams are on older content, which are also less likely to have legitimate comments so this isn’t a bad option. You can run this yourself manually every week or so, or you can add it as a cron job. If you’re unfamiliar with cron, holler.

The spammers have gotten smarter. Eventually if you restrict their access enough, you’ll shut down comments to everyone. The only true solution to this problem is better comment management in MT. However, if you feel as clever as the spammers, perhaps you need to attend a smart people conference, come up with nifty, neato, just gee wiz smart solutions (put into the public domain of course, with the cutest little cc brand.)

This is a short-term post, with comments allowed for now. However, with the keywords in the post, it’s now a target for comment spammers, so I’ll be closing comments in a couple of days, and then put the post into draft mode – the individual page will still exist, but it will disappear from comment posting as well as this front page.

Note that the more metablogging talk you do in your weblog, the more you use the words ‘comment’ and ’spam’ or ’spammer’, the more you make yourself a victim. That’s how they’re finding your posts. I imagine that they had a bit of a chuckle when they made this run.

*Update

For all the mt-blacklist users, if you’re using global lists and not checking that legitimate URLs have been inserted, then chances are you’re opening your system up for a poison pill attack – causing your system to filter common, legitimate URLs, and hence making the mt-blacklist less reliable. The technique is common in email spam, as outlined by Ken Coar. Something to think of next time you import several hundred entries, depending on technology when the spammers depend on their brains.

However, makes no nevermind to me what you do. I’m just passing through.

Second update

There is an MT plug-in that allows you to turn off comments on older postings. I haven’t tried it, but others have and it seems to be working. It’s at http://www.rayners.org/2003/12/27/closing_comments_on_old_entries.php.

Previous writings on comment spam:

You’ve been comment spammed, your life as you now know it is over

Making a Deliberate Choice

Comment Spam? Or DOS

Spammers : getting to know you

Passive Resistence

DDT for Comments

Using Google Against Us

Comment and Trackback spamming

Comment Spam QuickFix

Comment Spammers Redux

Variations on a Nasty Theme

Categories
RDF Technology Weblogging

RSS Stuff

Recovered from the Wayback Machine.

Time to take a break from photos and philosophy, and feed the machine.

I have a file that maintains a list of 404 accesses, and the URL where the missing resource access originated. The file most accessed is the old Alter Ego weblog’s rss.xml feed. Since I closed the weblog over a year ago, not quite sure where these requests are originating, so I re-created the file with one entry that reads:

Title: This Weblog is dead, dead, dead

Description: This weblog, Burningbird’s Alter Ego, has been dead for over a year. Why are you still accessing this feed? If you can’t even tell which weblogs are active or not from the feed, perhaps you’re subscribed to too many sources. Try reading a few from time to time.

The point I think is good – some people proudly point to the multi-thousand aggregatiojn subscription count they maintain and my only response to that is, please remove me from your list.

Another old syndication feed chestnut is making its rounds again recently. Seems Joi Ito is providing a CSS stylesheet with his RSS feed. Deja vu all over again. I agree with several others who have pinged Joi in that it makes little sense to supply a stylesheet with a syndication feed. Not only does this override a person’s aggregator settings, it also makes the feed processing more complicated. Plus, I don’t see the point. The purpose of syndication is to provide a recent list of updates, with enough information so that if a person is interested, they’ll click through and read the rest of the writing at your web site.

Sigh. Over and over and over again.

However, there was an interesting point made on this by Liz that made me want to comment, again, on this concept. She wrote:

My gut response to this is discomfort with the idea of trying to use CSS with syndicated content-that it seems somehow contrary to the entire idea of syndicating simple content. But I know from long experience not to trust that kind of initial negativity too much, since it’s often connected with changes that turn out to be quite positive.

Curious – I wonder if Liz also questions her initial positive reactions to new technology with the same hesitancy that she applies to negation reactions? If not, is this because negative or should I say, critical writing is somehow valued less than positive writing?

I know that Joi Ito maintains a very positive outlook when it comes to geekery and tech, but then as a tech VC he has to: people don’t invest based on pessimism, or even realism. (Not to say that Joi wouldn’t be positive anyway – I really do think he loves this stuff.)

My job the last few years before the Great Bust was as a consultant finding the problems with existing or proposed architectures and software designs and decisions before the company spent millions of dollars on, frankly, overoptimistic but doomed technical innovations. In some cases I would then work with the folks to architect new solutions (or in case of a couple of contracting companies, find new companies). It was a job I was very good at, and I know that I saved one past customer several million dollars, and also helped a couple of others create systems that were simpler and much easier to scale. Seems to me the ‘criticism’ in these cases is a positive thing.

(Betcha you didn’t know that, did you? Betcha you just thought I was a negative person, didntcha? Yah sure, back in the good old days I used to charge a buncha money to do what you all get for free.)

Anyway, though I may eventually get around to an Atom feed, when I have the spare cycles, and I have a hidden comments feed (which you can find if you’re determined), I’m not going to fool around with stylesheets for my feeds.

Besides, I like Bloglines. I like the way the system looks, and I like the clean, easy to read aggregated excerpts. But I always click through when my small, select group of subscribed feeds update.

(Except if you provide full content and don’t take comments and host on Blogspot, like Halley).

Categories
Technology

FileZilla Gotcha

Enough with the BS, let’s talk something useful.

I found this last week that Filezilla 2.2.1b (and earlier versions) will truncate files when uploading several directories at a time. I discovered this first when I found the Trackback.pm file was truncated. Then when I was trying to port the old entries into the Semantic Web for Poets, after a great deal of research and effort, I found that the several of the HTTP perl modules were also truncated.

Checking around at a couple of the other Wayward Webloggers I found some others, including some graphics that were truncated.

I was using the Windows version, on W2K, uploading to Red Hat Linux.

If you’re using Filezilla to upload a lot of directories and you’re using the Windows version, just be aware of this as a problem. Bugs have been filed on this at the Filezilla site.