Nov 26
Sometime in the past couple of weeks one of our sites got linked to in a rather bad manner. The site was pretty pathetic actually. It was just a bunch of literally anonymous people (nearly no one was identified by email address or URL) bitching about all kinds of stuff. I almost feel bad for [...] [...more]
Posted: under Internet, Software, Technology.
Sometime in the past couple of weeks one of our sites got linked to in a rather bad manner. The site was pretty pathetic actually. It was just a bunch of literally anonymous people (nearly no one was identified by email address or URL) bitching about all kinds of stuff. I almost feel bad for them if that’s what they spend their time doing. At any rate, my first thought was that there was no reason to let these jerks link to us, so I used apache’s wonderful mod_rewrite to block all traffic from that site.
As I was perusing the docs for mod_rewrite I noticed that it now supports cookies and I had a great idea about no only blocking/redirecting traffic from an offending site, but setting a cookie to stop them from coming back by just typing in the URL as well. It was a really good idea. Until it didn’t work. Our version of Apache is too old and our mod_rewrite doesn’t support cookies. So I decided I’d just do it with PHP instead.
The PHP script is really simple. It just checks the referer (the technical term….it’s referrer in english of course 
) and if it’s from the banned site it sets a cookie and then redirects the user to someplace else. You can send them to some other website, back to the referring site, or just to a different page on your own site (like a 404 error page for example). Afterwards, even if they type in your URL by hand (so there’s no referer), the script sees their cookie and just redirects them again. You can set how long you want them to be banned for as well.
It probably would have been only slightly simpler to use mod_rewrite instead of PHP. I just generally like the idea of being able to do things to a visitor before they even load a page.
So, if you want to stop stupid people from showing up at your site (or even a specific page) because another stupid person posted a link somewhere, this script’s for you. Of course it won’t stop anyone smart enough to realize what’s going on and just turn off cookies, but it will stop the other 99.8% of people out there.
Instructions are included in the file.
bad_url_block.php
(right click and “save as” and remove the .txt)
Jan 07
I think this article is getting around various places….I just saw it hit slashdot late last night, though I pulled it out of EFFector myself…
Data Mining 101: Finding Subversives with Amazon Wishlists is an interesting article on pulling information out of Amazon wishlists. Basically, the author downloaded the first page of 260,000 wishlists and then [...] [...more]
Posted: under Internet, Privacy, Software, Technology.
I think this article is getting around various places….I just saw it hit slashdot late last night, though I pulled it out of EFFector myself…
Data Mining 101: Finding Subversives with Amazon Wishlists is an interesting article on pulling information out of Amazon wishlists. Basically, the author downloaded the first page of 260,000 wishlists and then searched through the data to find “dangerous” (That is, if you were a paranoid government.) books and keywords. Included are books like On Liberty, Fahrenheit 451, and 1984. Some of the keywords were Michael Moore, Rush Limgaugh, and Koran. You get the idea. He comes up with a list of what books people seem to be interested in and goes on to demonstrate how he can easily find where many of these people live and even generate a map showing everyone.
And in case you were wondering, it was all fairly simple. It didn’t require any special resources of any kind. Anyone who knows how to program could do the same.
This is all pretty straightforward though. And although it is disturbing as a concept, there are two reasons why it’s even more disturbing as a reality.
First of all, the author links what he’s doing to the whole Patriot Act wiretap thing. This is where the government spies on it’s own citizens even in order to get those terrorists. Bush had said that while there were wiretaps, they were only being used on international calls amongst people who were known to have ties to terrorists. What he didn’t mention was that apparently, data mining such as this was used to determine who should get those wiretaps. So in a way, everyone was being spied on anyways.
Secondly, the Patriot Act can make the whole thing transparent to everyone and the FBI seems to be considering some data mining of their own. From the article:
This is what’s possible with publicly available information, but imagine if one had access to Amazon’s entire database – which still contains every sale dating back to 1999 by the way. Under Section 251 of the Patriot Act, the FBI can require Amazon to turn over its records, without probable cause, for an “authorized investigation . . . to protect against international terrorism or clandestine intelligence activities.” Amazon is forbidden to disclose that they have turned over any records, so that you would never know that the government is keeping records of your book purchases. And obviously it is quite simple to crossreference this info with data available in other databases.
On a final note, the FBI is now hiring computer scientists to implement a project that sounds very similar to what I just did:
“Currently, the FBI is strengthening systems engineering in order to tie new systems together architecturally and ensure that standards for custom and packaged applications are enforced, and it needs engineers to accomplish this goal, the agency said.
“The FBI is also focusing on data warehousing as well as federated search technology, which allows a single search query to be deployed across a number of databases, regardless of whether those databases belong to the same protocol or platform.
“‘Warehousing has been very successful, yet enterprise extraction, translation and loading processes must be fine-tuned,†the FBI said. “Data engineers are needed to model legacy databases for federated search and participate in legacy transition planning.’”(Computerworld)
Jan 06
Microsoft decided to release their update the fix the WMF Exploit early. They’d originally planned on releasing it next Tuesday with their regular monthly updates, but I guess they’d thought better of waiting…
The problem itself is somewhat old news at this point. If you haven’t heard about it, it’s basically a bug in windows that [...] [...more]
Posted: under Internet, Software, Technology.
Microsoft decided to release their update the fix the WMF Exploit early. They’d originally planned on releasing it next Tuesday with their regular monthly updates, but I guess they’d thought better of waiting…
The problem itself is somewhat old news at this point. If you haven’t heard about it, it’s basically a bug in windows that will allow code to be excuted when you do something as simple as viewing an image. So doing things like visiting websites that have those pretty pictures on them….yeah, bad idea. You can get a virus or have everything deleted or whatever someone would like.
Anyways, the point here being, go to windows update and install the patch like, now. If you don’t, you’re pretty much a sitting duck. It’s not terribly dangerous yet, but as time goes on there will be more and more things out there that take advantage of the bug..
The good news is that if you’re running an old version of windows it doesn’t effect you. If you’re running windows 386 or 2.0, you should be fine. I think. I haven’t really heard one way or another. I’m pretty sure I never will. On the other hand, if you’re running 3.0 or newer (3.0 came out in 1990, mind you), then you’re vulnerable. Technically, 3.x users can rejoice since, from what I’ve heard, although they have the bug, it needs to be exploited in a different way than it does for other versions. Those few still running 98 or ME (there can’t be anyone still using 95…) are the ones who are really out of luck though. MS no longer supports those versions, so there is no patch. No one really feels any sympathy for these people though. When you think about what the 98 in windows 98 means, and you release that it’s 2006, it seems really, really old. That would be like using 3.x right up until 2001….yeah, right. Anyways, there can’t be a whole lot of sympathy out there for anyone running a nearly 8 year old OS. If you just can’t stomach 2000 or xp, there’s always linux..(or Plan 9… 
)
Dec 09
I installed Firefox 1.5 the other day and, rather than doing it as an upgrade, as I’ve done since .6 or so, I decided to start anew. I wanted to do it because the browser had developed a nasty habit of crashing now and then, and I had really wanted to avoid that.
I started [...] [...more]
Posted: under Internet, Software, Technology.
I installed Firefox 1.5 the other day and, rather than doing it as an upgrade, as I’ve done since .6 or so, I decided to start anew. I wanted to do it because the browser had developed a nasty habit of crashing now and then, and I had really wanted to avoid that.
I started off by backing up the profile directories. On XP, these are in documents and settings\username\application data\mozilla\firefox\…. All bookmarks, cookies, extensions, history, passwords, etc are kept in there. I didn’t really want to lose any of that stuff. As it turns out (which was really no surprise), the uninstaller doesn’t actually do away with the profile directories anyways though. This is good because you don’t lose any of your data, however it is bad because you keep all of the old configuration stuff, and if any of it is corrupt or somehow conflicting, you keep all your problems as well. I also took screenshots (my lazier method of writing them down) of my installed extensions so that it would be easy to reinstall them.
I uninstalled my existing version of fx (1.0.7) and then installed 1.5. I had initially realized that the profile directories were kept around, so when I started up 1.5, all hell broke lose. I hadn’t originally intended to actually leave them in place, as I was trying to avoid crashes and such, but I’m not sure how I could have done so even if I’d wanted to. Many of my extensions were disabled, even though, as I would later find out, updated versions were available that worked with 1.5. The bottom sixth of the window was occupied by a gray bar. It was located below the statusbar even, and nothing I did would get rid of it. It also liked to crash and just behave strangely. In short, it was pretty much unusable.
I then did the sensible thing and removed the profile directories so that it would start with a new profile. Only it wouldn’t. With the profile directories gone, it simply came up with a dialog saying something like something was wrong and that firefox was already running and I should close it or restart the computer. Only, firefox wasn’t running so there was nothing to close and restarting the computer did nothing. I had to manually create profiles using the profile manager (go to run and put in firefox –profilemanager). While this was easy enough, I had to wonder why it didn’t just either do it on it’s own or start up with the profile manager. I have to imagine that had I not started it the first time with profile in place it would have created new ones, but I don’t know. Talk about user-unfriendly.
Once I had fresh profiles, everything was back to normal. I copied over bookmarks and passwords and such, installed themes and extensions, and everything is back to the way it was before. After a few days I can also say that it hasn’t crashed, so I have to assume that it’s better now.
As for the new version….it isn’t terribly exciting. They’ve rearranged the options menu and I think it looks better now. I also like that they’ve added a “clear private data” option so that anyone who’s concerned about their privacy can clear everything with one click instead of manually deleting several different things and not necessarily being sure if you got it all. It’s not a concern at home, but it’s always bugged me that it isn’t easier to do on most browsers when I’ve used public computers.
I’d love to see an easier way to export bookmarks, passwords, etc though. Basically, you can just copy the entire profile directory, and that kind of work, but really it’s certain file in it that you’re looking for. At any rate, I shouldn’t have to go and play with copying directories at all. Firefox should have some sort of an export option that crams everything into one compressed file that can then be imported later. That would make upgrading and, more importantly, copying everything to a different computer, much easier.
Also, the memory leak is still present. I was opening articles from news feeds earlier and I was up to 23 tabs when I was done. This is a bit crazy, or course, but it’s still a good test. I checked and Firefox was using 174 megs of memory for all of this. Obviously this is really, really excessive. As a test, I tried something similar using Opera 8.something, and it used only 100 megs.
At any rate, excessive is bad, but who really has 23 tabs open all the time anyways? Here’s the problem. I’m down to two open tabs right now, and I’m using 204 megs of memory….Huh? It should have released at least some of that memory back to the system.
Dec 03
We’ve had a cable connection for somewhere’s around 3 years now…. I don’t remember quite exactly. At the time, dial up was slow, but tolerable to some extent. When we started out, we had the slowest cable connection available at the time: 256Kb. This is roughly 4 times faster than a 56k modem, and as [...] [...more]
Posted: under Internet, Technology.
We’ve had a cable connection for somewhere’s around 3 years now…. I don’t remember quite exactly. At the time, dial up was slow, but tolerable to some extent. When we started out, we had the slowest cable connection available at the time: 256Kb. This is roughly 4 times faster than a 56k modem, and as I recall at the time, it was rather adequate for general web browsing. Most pages loaded pretty quickly and the only thing extra bandwidth was much good for was downloading files, as far as I was concerned.
I think we only actually ran at 256Kb for maybe a month. Then suddenly, I noticed files downloading really quickly. We had been bumped up to 2Mb, their top speed at the time. Our bill still said 256Kb and that’s what we paid for, but we remained at the higher speed. I figured it was either a glitch on their end or perhaps just that there was so little traffic on the loop that they weren’t bothering with the lower caps. At any rate, I wasn’t saying anything. They had several tiers of bandwidth, and the difference between the lowest and the highest was something stupid like $30 a month. They retained this model for quite some time, to the best of my knowledge. I assumed they were still working on this old system, even though some places have 15Mb connections available.
At some point I got a call and was informed that they had upgraded their lowest tier from 256Kb to 384Kb and their prices were the same. I said something like “wow, that’s great” as I thought to myself that these people are just clueless.
We stayed at around 2Mb until a few weeks ago. Suddenly the bastards had the nerve to caps us at 384kb! This means instead of being able to transfer 200-250KB/sec we were down to more like 40-45… It was thoroughly nasty. Actually waiting for images to load is rather painful. I quickly found out that the web in general had moved on from the days of dial-up. There are a lot of sites that are image-intensive and those done in flash tend to be rather large as well. 384k was no longer quick, but instead more on the slow side. (Part of this could be relativity of course…..56k -> 256k seems like a big step up, while 2000k -> 384k seems like a big step down)
I finally got around to calling to get some more bandwidth yesterday. I figured I could pay $10 a month more and get 768k or maybe even 1Mb. The woman on the phone informed me that they only had two speeds now…..384 and 3Mb. Great, I thought. I figured I’d probably end up shelling out the dough for the faster connection regardless, but I needed to know how much I’d be set back. She told me it was $7 more per month….I thought to myself Why would anyone not pay the $7?
I tested it out last night and I had a sustained download rate of 350KB a second…..nice. It’s just too bad there’s so much latency in establishing connections and such.
