Blogging is futile

Fedora Legacy useless?

abe+blog@deuxchevaux.org (Axel Beckert) — Mon, 09 Oct 2006 15:16:51 +0200

For a (much too long) time, we ran our three AMD 64 bit virus scanners and spam filter boxes with Fedora Core 4. Since the the official support ended a few months ago when Fedora Core 6 Test 2 came out, so we decided to switch them over to support through the Fedora Legacy Project.

For testing purposes we first switched over one of the three boxes. But the test failed: Although the changes (as documented on the Fedora Legacy home page) seemed to work fine, not a single update came until the end of last week, even though there were partially remotely exploitable security issues in OpenSSL, OpenSSH, gzip, etc. during that time. There were also no announcements on the list since FC4 switched over to the Fedora Legacy Project, not for FC4 nor for any other distribution maintained by the Fedora Legacy Project.

So what the heck does the Fedora Legacy Project if not security updates?

I would be very happy if I could switch over those boxes to Debian or even Ubuntu, but there’s no BiArch support (running 32 bit applications on 64 bit operating systems transparently) in Debian (and therefore neither in Ubuntu) yet without a lot of manual fiddling and chroots, so we can’t run our 32 bit virus scanners on those 64 bit boxes with a debianesk operating system yet.

Today we’ve upgraded the last of those three boxes to Fedora Core 5.

Can the spam problem be solved?

abe+blog@deuxchevaux.org (Axel Beckert) — Thu, 02 Mar 2006 02:23:21 +0100

Many have tried to solve spam problem, even Micrsoft (with a quite strange solution ;-), but except personal solutions like well working and well-kept spam filters, no well-working general technical solution has been found yet.

Although I really would like to see a technical solution and often think about this problem, I currently believe that this primarily is a social problem which cannot be solved solely with technic. UserFriendly’s Erwin seems to see it the same way and proposed today a quite drastical solution.

There are good ideas out there (e.g. SPF, RBL, Greylisting and Teergrubing), but all seem to have their problems, too. Especially RBL often have administrative problems, i.e. if an entry is justified or not. Greylisting simply can be bypassed by being SMTP conform and trying again, so it’s usefulness will decrease permanently. And against Lutz Donnerhacke’s teergrubing, spammers seem to have found workarounds quite quickly. Haven’t heard much about it in the last years. (I just can’t remember what the drawback of SPF was.)

For myself I’ve solved the spam problem with a learning SpamAssassin and sorting mail by spam-level into several mailboxes. The higher the spam-level of such an inbox, the more seldom I look into it. Works fine. For me. No general solution though, since the SpamAssassin needs to be fed with fresh spam regularly.

Cheap blue pills

abe+blog@deuxchevaux.org (Axel Beckert) — Thu, 02 Mar 2006 02:22:44 +0100

I just got an obvious spam e-mail with subject “cheap blue pills” and it took me quite a moment to realise that they don’t want me to buy pills which let me keep everyone I love and everything that I have built my life upon. What a pity. But why don’t they sell also red pills? ;-)

Image based captchas are evil

abe+blog@deuxchevaux.org (Axel Beckert) — Thu, 02 Mar 2006 02:20:35 +0100

I always found Captchas annoying. But since I also had or have problems with guestbook or comment spamming, I understood that people and especially companies saw no other choice against comment or wiki spamming, mass account grabbing, etc. But since most captcha are based on the fact that people can still read deformed or garbled texts in images while machines can’t or at least only with a big effort, there is one big drawback with them: They are even more an insuperable obstacle for blinds or visually handicapped people than for machines.

The blind computer science student Sebastian Andres showed at Berlinux how blinds navigate and use the web and where they (must) stop. So because of GMail uses visual captchas as a defense against mass account grabbing, he couldn’t get such a “free” e-mail account. (And yes there exist non-visual captchas. But they’re seldom used.) Thanks Sebastian for this insight.

Implemented a blacklist for blog comment spam

abe+blog@deuxchevaux.org (Axel Beckert) — Thu, 02 Mar 2006 02:12:43 +0100

Just killed all the remaining comment spams (I hope) and implemented a simple regexp based blacklist which should get most medicaments, potence pills, casinos, lotteries and other frequently posted junk. I hope, it does not hit too many valid posts. If you have problems posting comments, feel free to contact me by e-mail or on IRC.

In other news, I installed the blosxom plugin comments_recent and adapted the mail feature of writeback notify to my (in the meanwhile heavily modified) instance of the comments plugin v0.6. I also made it symlink-safe for use with multcat.

Blacklisting comment spam in blosxom

abe+blog@deuxchevaux.org (Axel Beckert) — Thu, 02 Mar 2006 02:12:28 +0100

Since the demand for blosxom anti-comment-spam solutions respective appropriate blosxom plugins seems to be really high, I’ve decided to polish up my apparently quite well working although still in beta state being anti-spam enhanced version of the comments plugin (ZIP) by putting the blacklist outside in an external file and writing some (still short) docs.

I use it since 11th of January this year and got only two spam comments and many more normal comments since then, so it should work. Although: I also got a question if my trackback doesn’t work. Hmmm. So no warranties, just an offer for help fighting against comment spam. ;-)

Another feature which is basically ported from the writeback notify plugin is notification of the blog owner about new comments by mail. Since on the server on which my blog runs the used Perl module Mail::Sendmail was not available, I used Mail::Send instead for my version.

For installation you first need to download the ZIP file of the original comments plugin, install it’s templates and then install my anti-spam enhanced version of the plugin itself.

Now playing: Rockapella — Come on Eileen

Some new plugins, XFN, Technorati and yigg.de

abe+blog@deuxchevaux.org (Axel Beckert) — Thu, 02 Mar 2006 02:09:28 +0100

After blathijs and I today talked a little bit about blosxom plugins on the #blosxom IRC channel, I installed the listplugins plugin. Since I’m a perfectionist in some things, I had to configure it to link every plugin I use to it’s web page or source.

While going through my plugin list, I noticed that there were three additional plugins I wrote myself and of which I thought I should share:

acronyms works similar to and is losely based on Fletcher Penney’s autolinks but instead of setting links it marks configurable keywords as abbreviation or acronym and show their expansion when hovering over the keyword (all using standard XHTML).
xml_ping_generic is based on xml_ping_weblogs and can ping an arbitrary number of URLs to be pinged with the weblog.com’s XML RPC ping API. By default it pings weblogs.com and technorati.com.
date_rfc822 is nothing else than the 822-date command (which returns a date in RFC 822 conform format and is written in Perl, too) wrapped into a blosxom plugin. Work similar to date_fullname. I use it for including <pubDate> tags in the RDF.

All plugins are published under the same open source license, they initially came with.

In other news…

I started using XFN, the XHTML Friends Network, at least the blogroll, and created accounts at Technorati and at yigg.de, a German Digg.com clone formerly respective yet still known as digg.de

Now playing: Battle Without Honor or Humanity — Hotei Tomayasu (from the Kill Bill Soundtrack)