Posts with this logo use 
Agent of change
January 30, 2004
What Will They Think of Next?
I have no idea what the crapflooders are up to these days. They’ve gone on to greener pastures, or easier victims, or maybe Mommy finally discovered what they were doing during those long hours in front of the 'puter. I don’t know and I really don’t care.
But the MovableType Search facility is a processor-hog. It would be trivial to write a “searchflooding” script which would deluge your blog with search requests. To keep this from DoS’ing your server, it seems best to impose a throttle of 5 simultaneous searches at any one time. Here’s a patch to do that. If running patch is too difficult, here’s a drop-in replacement for lib/MT/App/Search.pm .
Share and enjoy.
Not in Kansas
There’s a lively discussion over at the String Coffee Table of a recent paper by Thomas Thiemann on a new, LQG-inspired quantization of the Nambu-Goto string. The paper is either incredibly clever, or incredibly naïve.
January 29, 2004
Hold Onto Your Wallet
It’s amazing that it’s taken this long. Gangs of criminals are stealing ATM card numbers and PIN number right from your Bank’s ATM machine. With a card skimmer installed over the card slot and a hidden camera in a stack of brochures, they just wait in a nearby parked car to capture your data over wireless.
January 25, 2004
Sick and Twisted
I had lunch yesterday with Matt Mullenweg. We talked about my recent run-in with the crapflooders, the state of XHTML, and the wonderful work he and his collaborators are doing with WordPress. It’s still a young product, and missing many of the features I’d need, so I’m not about to switch anytime soon. But weeks like this past one make one appreciate the merits of working with Open Source software. So I’ll be keeping an eye on their project. And if anyone wants to help them out, bringing some of the cutting-edge features found here on Musings to WordPress, you’ll earn a special place in my heart.
In honour of the crapflooders, I took S. to the Alamo Drafthouse to see the latest Spike and Mike Sick and Twisted Festival of Animation (yeah, I know, I’m a real romantic, ain’t I?)
January 22, 2004
Functions Online
A new resource from Wolfram Research: functions.wolfram.com is sort of an online Abromowitz and Stegun. Very handy, when you’re in a WiFi-enabled café, and you just need to recall some hypergeometric function identity.
Never a Dull Moment
I came back from a really interesting talk on the future of neutrino-mixing experiments (yes, they actually hope to measure CP-violation in the neutrino sector in the next generation of experiments!), only to find that all hell had broken loose in the MovableType world.
Our friend has returned with a new, “improved” program which floods the trackback system, prompting panicked email messages to and fro.
I guess it’s time to release my patch to enable Trackback throttling in MovableType.
Our l33t h@ckr probably slaved away all night on that program. And it took all of 20 seconds to delete the 43 trackbacks he managed to post to my blog.
Sad, isn’t it?
Update: I am still waiting with bated breath for “Dv” to post his latest creation on http://terrato.org/ . He, apparently, doesn’t want me linking to his site, so you, dear reader, will have to cut and paste that URL in your browser. Can you do it? I knew you could.
I should also point out (even our Crapflooders are capable of figuring this one out), Trackback flooding is totally cross-platform. If your blogging software supports Trackbacks, and your vendor has not put some kind of throttling in place, you are vulnerable.
Update (1/23/2004): I should have stated the obvious: as with the comment throttling code, this patch is incompatible with the current version (1.6.2) of Jay Allen’s MT-Blacklist. You’ll need to add the throttling code to his MTBlPing.pm file instead.
Update (1/27/2004): Terrato.org has lost its DNS listing, so if you want to see what the “pathetic lamers” (a term they, apparently, prefer to “script kiddies”) are up to, you’ll have to go to http://193.77.153.149/ . Version 1.2 of their comment-flooding script is a particular hoot to read. Enjoy…