Bad Challenge Response

Good discussion on linux-elitists bashing broken challenge-response systems (or, to clarify “challenge-response systems, which are by definition broken”). Including an excellent explanation of the problem by Karsten Self.

Incidentally, if you don’t know what the Joe Job is, here’s a good definition.

Background

I’ve decided it’s time to jettison the background image (“wallpaper”) for this weblog. Time to move on to bigger and better things.

I’m actually shopping for new blog software, as I’ve decided I’d rather not be maintaining the software that generates this thing for the rest of my life. And it doesn’t do a very good job at generating good URLs, and the comments feature is broken.

I’ve been experimenting with b2, b2++, WordPress, pyblosxom, and blosxom. So far blosxom seems to be the winner, but I’m open to suggestions. Anyone want to advocate for a particular package? Requirements are free software license (DFSG approved, for example—so no MoveableType) and able to run on a standard GNU/Linux server. I’d also like it to have a good (and sustainable) URL system, permit more than one keyword or topic to be associated with each blog entry, and be an extensible framework where you don’t have to spend a year studying the code before you can write a plug-in.

Back from the Greens

I’m returning from dinner with an old friend at the Greens, a fantastic San Francisco vegetarian restaurant (strangely, they no longer use their old URL, greensrestaurant.com). It’s been years since I’ve seen this friend, and she’s now a medical doctor, and I’m on the verge of being able to call myself a lawyer. Dinner was her treat, with the excuse that she’s actually finished school.

There’s a certain comfortable pleasure in talking about old things that have become fuzzy and no longer painful. Having been out of college now for substantially longer than I actually spent there, the experience has shrunk down to size and now makes sense. Thinking about taking a job that might last many years seems reasonable in a way that it hasn’t before.

This evening—and really to some extent the past several weeks living here in California—have caused me to realize that, whatever this last transitional life phase was, it’s now over. I’m now “here,” and I know what “here” feels like.

The funny thing about life transitions is you often don’t recognize them until they’re over.

Fight the Virus

I’ve been getting hammered with the latest W32/Swen@MM virus like there’s no tomorrow. Usually these things aren’t such a problem for me, but I’ve got nearly 1000 emails in the last day or so, and much of my email checking goes over a 56K connection, and spam filtering only happens once I’ve downloaded the messages. Not to mention that, for whatever reason, SpamAssassin doesn’t recognize the Swen virus emails as spam.

If you’re in the same boat, there’s a good solution. Get mpartinfo2hdr, a tool written just for this purpose. mpartinfo2hdr adds a header line with the md5sum of attachments. Then add the following lines to your ~/.procmailrc:

 :0fw | mpartinfo2hdr.py :0: * X-Msg-Part-Info:.*b09e26c292759d654633d3c8ed00d18d virus 

You’ll need to put the proper path to the mpartinfo2hdr.py script. Of course, this only works if you are a GNU/Linux user, have python, and use procmail to filter your email. Don’t try this at home otherwise.

You’ll also need the python email module (Debian package python2.1-email), if you don’t have that already installed on your system.

It’s a great relief to be able to check email in a reasonable amount of time now, though.

Update: a similar option is to just put the following in .procmailrc:

 :0 B * ^TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA * ^AAAA2AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v * !< 100000 virus 

This will only catch Swen, of course. The advantage of the former method is you can quickly customize it to catch emails with any particular md5sum attachment. The advantage of this method is that you don’t need to invoke a separate script for each email that comes in, something which would certainly have a performance hit on a large server.

Google Calculator

New cool feature: the google calculator. Type all sorts of mathematical expressions in as your google search, and you get the result as your answer! It must all be part of google’s scheme to replace the URL with the google search. Actually, to replace your whole computer with a google search.

Aside from things like simple arithmetic (e.g., (24*7/3)^2 mod 5, you can also ask it things like three cups in tablespoons (and it tells you how many tablespoons!).

I also read somewhere that one of the top searches in google is cnn. That is, many people go to google and search for cnn rather than going to the fairly easy to remember cnn.com. Mozilla Firebird now seems to take you to the “I’m Feeling Lucky” google search result if you just type some random string into the URL bar.

Steve points out that you can also do searches for things such as radius of earth, and get a nice numerical result back from the google calculator.

Bicycle Polo

Last night, I played Bicycle Polo for the first time, out in Golden Gate Park. It’s a pretty funny sport. You have to keep the mallet in your right hand (it also helps to switch your breaks so that you can break with your left hand without toppling over), so you spend a lot of time circling around trying to approach the ball on the proper side. It is possible, but difficult, to reach over with your right hand to the left side of your bike to hit the ball. You also have to come at the ball parallel to the direction of the field, which also causes a lot of circling and recircling.

They’ve got a pretty dedicated group here which seems to play every week. The field was close to the ocean end of the park and it was so foggy that it was difficult to see the other goal much of the time. There is also a nice beer break in the middle of the game, after which the quality of play increased markedly.

Lexis Update

I’ve been working to get the Lexis-Nexis online legal research system to generate valid HTML so the service works with browsers other than Microsoft’s. Back in April, Lexis promised the fix was imminent. About a month ago, I wrote them back explaining that they had fixed it for users who spoofed their browser agent as Netscape, but not Mozilla (or for Netscape users on GNU/Linux). I got no response, so wrote them back yet again more recently.

Finally, they’ve “fixed” it for the Mozilla browser. Here’s the response they gave me:

 Adam 
Thank you for your continued contribution regarding these issues. Rest assured that your feedback is received and considered. Following the August release the Tab issue was corrected for the Mozilla Browser. A user should not have to "spoof" NS to get Mozilla to function properly regarding the tabs. I also checked Opera and the tabs are all working on that browser as well. Both Opera and Mozilla combined comprise less than one half of one half a percent of user access for lexis.com. Linux currently comprises .06% of OS access to lexis.com. While we try to address usability and functional issues that effect our customers, there is an analysis involved regarding cost of fix v. benefit returned. The Linux OS, as well as the Mozilla and Opera browsers, are not included in our testing programs at this time due to their low use. When issues are subsequently discovered we examine them on a case by case basis to determine feasibility and cost of implementation. Thank you again for taking the time to contact us and for using LexisNexis.
Regards,
lexis.com product management

All I was asking for was to have the

and tags in the proper order! How much could that fix cost?

More fundamentally, if these companies adhered (at least generally) to the HTML standard (any version!) then many of these problems would go away. The whole point of standards is to reduce development costs; you shouldn’t need to test your product on one hunderd and one different browsers. If it passes an HTML validator test, then you can call it a day.

This whole episode also hammered in for me yet again the advantages of open source development. If there’s a problem and the developer refuses to fix it, then you can do it yourself. With a proprietary system like Lexis-Nexis, you’re at their mercy, and even a one minute fix won’t make it in if it’s not on their agenda.

The Christian Coalition is Going Downhill

I try to keep myself subscribed to a wide variety of right wing mailing lists to see what they’re all up to (the left wing mailing lists tend to tell me what I already know).

I’m afraid the Christian Coalition is really going downhill. Here’s their latest missive:


Your Everyday Spending Will Substantially Help The Christian Coalition At No Cost To You !!!!

Dear Christian,

We gratefully appreciate your support, and would like to introduce you to a very powerful program, called SharingCertificates. We have partnered with SharingCertificates.com, which allows you to purchase gift certificates to hundreds of stores, theaters, restaurants, hotels and more, that we all shop at everyday.

You simply purchase gift certificates to your favorite stores, like Macy’s, T.J.Maxx, The Gap, Red Lobster, Olive Garden, Marriott Hotels, to name a few. Each gift certificate you purchase will bring a generous donation to the Christian Coalition.

We realize there are many of you who would like to help, but do not have the resources to send a gift monthly, but we all shop, go to restaurants, stay at hotels, etc..The SharingCertificates program was developed to enable us to support God’s work at NO COST to you. Giving Through Spending – AT NO COST TO YOU !!!!!!!!

It’s Just Good Stewardship

The SharingCertificates Program takes just a few minutes of your time monthly. You simply log on to www.sharingcertificates.com., go to the merchant list, find the merchants you normally use or intend to use, then purchase them immediately online. IT’S THAT EASY!!!!!!!!

On average, families typically commit to purchase $200/$300 monthly. While some will do less, many can do much more. We ask that you prayerfully consider supporting His work for the Family with a monthly commitment to the SharingCertificates Program.

Your participation in the SharingCertificates program will provide the Christian Coalition with additional funds that will make us far more effective in the culture war, returning this great country to the family values that we hold so dear. Thank you for your consideration.

In His Service,

Roberta Combs

President The Christian Coalition

—————————————————————————————

To unsubscribe from receiving these emails, simply reply to this message and ask to be removed

Shorlfilter

Get the latest version of shorlfilter as a tarball (v0.5, released 9/7/03).


Shorlfilter is a text filter to shorten long URLs using an online redirection database.

Shorlfilter takes all HTTP links in input text longer than a specified length and converts them to short links through the online shorl database. It is particularly handy for email, and can be used as a vim or mutt macro.

See http://shorl.com for more information.

shorlfilter is listed on freshmeat.net.

You can download shorlfilter as a Debian package, or add the following line to your /etc/apt/sources.list to use apt-get to install shorlfilter:

 deb http://bostoncoop.net/adam/debian unstable main deb-src http://bostoncoop.net/adam/debian unstable main 

You can take a look at shorlfilter, the main script, with nice highlighting, also see the changelog.