January 30, 2004
What Will They Think of Next?
I have no idea what the crapflooders are up to these days. They’ve gone on to greener pastures, or easier victims, or maybe Mommy finally discovered what they were doing during those long hours in front of the 'puter. I don’t know and I really don’t care.
But the MovableType Search facility is a processor-hog. It would be trivial to write a “searchflooding” script which would deluge your blog with search requests. To keep this from DoS’ing your server, it seems best to impose a throttle of 5 simultaneous searches at any one time. Here’s a patch to do that. If running patch
is too difficult, here’s a drop-in replacement for lib/MT/App/Search.pm
.
Share and enjoy.
Not in Kansas
There’s a lively discussion over at the String Coffee Table of a recent paper by Thomas Thiemann on a new, LQG-inspired quantization of the Nambu-Goto string. The paper is either incredibly clever, or incredibly naïve.
January 29, 2004
Hold Onto Your Wallet
It’s amazing that it’s taken this long. Gangs of criminals are stealing ATM card numbers and PIN number right from your Bank’s ATM machine. With a card skimmer installed over the card slot and a hidden camera in a stack of brochures, they just wait in a nearby parked car to capture your data over wireless.
January 25, 2004
Sick and Twisted
I had lunch yesterday with Matt Mullenweg. We talked about my recent run-in with the crapflooders, the state of XHTML, and the wonderful work he and his collaborators are doing with WordPress. It’s still a young product, and missing many of the features I’d need, so I’m not about to switch anytime soon. But weeks like this past one make one appreciate the merits of working with Open Source software. So I’ll be keeping an eye on their project. And if anyone wants to help them out, bringing some of the cutting-edge features found here on Musings to WordPress, you’ll earn a special place in my heart.
In honour of the crapflooders, I took S. to the Alamo Drafthouse to see the latest Spike and Mike Sick and Twisted Festival of Animation (yeah, I know, I’m a real romantic, ain’t I?)
January 22, 2004
Functions Online
A new resource from Wolfram Research: functions.wolfram.com is sort of an online Abromowitz and Stegun. Very handy, when you’re in a WiFi-enabled café, and you just need to recall some hypergeometric function identity.
Never a Dull Moment
I came back from a really interesting talk on the future of neutrino-mixing experiments (yes, they actually hope to measure CP-violation in the neutrino sector in the next generation of experiments!), only to find that all hell had broken loose in the MovableType world.
Our friend has returned with a new, “improved” program which floods the trackback system, prompting panicked email messages to and fro.
I guess it’s time to release my patch to enable Trackback throttling in MovableType.
Our l33t h@ckr probably slaved away all night on that program. And it took all of 20 seconds to delete the 43 trackbacks he managed to post to my blog.
Sad, isn’t it?
Update: I am still waiting with bated breath for “Dv” to post his latest creation on http://terrato.org/
. He, apparently, doesn’t want me linking to his site, so you, dear reader, will have to cut and paste that URL in your browser. Can you do it? I knew you could.
I should also point out (even our Crapflooders are capable of figuring this one out), Trackback flooding is totally cross-platform. If your blogging software supports Trackbacks, and your vendor has not put some kind of throttling in place, you are vulnerable.
Update (1/23/2004): I should have stated the obvious: as with the comment throttling code, this patch is incompatible with the current version (1.6.2) of Jay Allen’s MT-Blacklist. You’ll need to add the throttling code to his MTBlPing.pm
file instead.
Update (1/27/2004): Terrato.org has lost its DNS listing, so if you want to see what the “pathetic lamers” (a term they, apparently, prefer to “script kiddies”) are up to, you’ll have to go to http://193.77.153.149/
. Version 1.2 of their comment-flooding script is a particular hoot to read. Enjoy…
January 21, 2004
One Down
So I finally did get visited by one of the Crapflooders. Phil was visited by the same fellow earlier in the evening and I guess that, by the time he got to me, he was all tuckered-out. The attack on my blog was as brief (10 minutes) as it was ineffective.
I did, however, amass some most excellent forensics on our friend. I’ll let y’all know what comes of the matter.
New Fractional Branes
Very interesting paper today by Ashok, Dell’Aquila and Diaconescu. They construct a new class of boundary states (D-branes) on Landau-Ginzburg Orbifolds. Previous constructions clearly missed a large class of D-branes. In particular, there was no candidate for (what, at large radius corresponds to) the D0-brane on the Quintic. This led to a certain amount of speculation by Douglas and collaborators on the “fate” of the D0-brane.
Among the new class of boundary states found by these folks, is one that they say corresponds to the D0-brane.
I’m afraid I can’t say much about the technical details yet. Maybe in a few day, when I’ve gotten further into it.
January 18, 2004
Comment Throttle
So it turns out that the latest fad among the script kiddies is crap-flooding MovableType blogs with thousands of randomly-generated comments. Lamentable as it may be, I cannot afford to have this machine brought to its knees because some pimply-faced 15 year-old is bummed that Saturday Night Live is in reruns this week.
Hence some new policies:
- No more than 1 comment from any given IP address every 20 seconds.
- 8 comments from the same IP address in less than 200 seconds will get you banned.
- No more than 20 comments, in total, per hour.
- No more than 100 comments, in total, per day.
I hope this does not seriously inconvenience any of you, but that’s life on the Internet…
For what it’s worth, here’s my patch for lib/MT/App/Comments.pm
.
Thanks to Phil for some pointers, and to Shelley and Sam for illuminating discussions.
Update (1/21/2004): Just in case anyone’s confused, the comment-throttling code in MT 2.66* and my modifications above are incompatible with the current version (1.6.2) of Jay Allen’s MT-Blacklist. Jay’s plugin usurps the post
method of lib/MT/App/Comments.pm
, so none of this throttling code gets used. Either wait for a new version of Jay’s plugin, or add the throttling code (both Ben’s and mine) to MTBlPost.pm
.
January 16, 2004
itex2MML Plugin Update
I’ve updated my itex2MML plugin to version 0.7. This fixes a bug where some people were getting an error of the form
open2: fork failed: Resource temporarily unavailable at [path_to_MovableType]/plugins/itex2MML.pl line nn
on rebuilding an entry which uses MathML.
The itex2MML
executable is unchanged from the January 1 version.
January 14, 2004
Campaign Link
I was a little aghast when I saw the latest entry in my Technorati Cosmos sidebar. Bush2004 doesn’t sound like the sort of blog which would link to me (despite the President’s reputed avocation for particle physics).
On closer inspection, it proves to be something of a hoot. To which I say,
January 10, 2004
MT Courseware
Liz Lane Lawley has a decided to adapt MovableType for use as CourseWare. Here’s an example of one of her courses.
Since BlackBoard, UT’s Courseware de jure1, sucks in general and doesn’t support MathML in particular, her ideas look pretty attractive. I’m gonna look into this for my next course website.
Still need to work out an authentication scheme, though …
January 9, 2004
Blogspam Update
It’s about time to follow up on my previous articles on Comment Spam. No real surprises, but spambots have gotten better at what they do.
January 8, 2004
Axiom of Choice
To choose one sock from each of infinitely many pairs of socks requires the Axiom of Choice, but for shoes the Axiom is not needed.
— Bertrand Russell
Antonio Luis’s latest post points to Eric Schechter’s absolutely wonderful Axiom of Choice Homepage. The latter discusses the AC, and a whole range of related topics.
Here, for instance, is his discussion of the Banach-Tarski Paradox:
Banach and Tarski used the Axiom of Choice to prove that it is possible to take the 3-dimensional closed unit ball, and partition it into finitely many pieces, and move those pieces in rigid motions (i.e., rotations and translations, with pieces permitted to move through one another) and reassemble them to form two copies of .
At first glance, the Banach-Tarski Decomposition seems to contradict some of our intuition about physics – e.g., the Law of Conservation of Mass, from classical Newtonian physics. Consequently, the Decomposition is often called the Banach-Tarski Paradox. But actually, it only yields a complication, not a contradiction. If we assume a uniform density, only a set with a defined volume can have a defined mass. The notion of “volume” can be defined for many subsets of , and beginners might expect the notion to apply to all subsets of , but it does not. More precisely, Lebesgue measure is defined on some subsets of , but it cannot be extended to all subsets of in a fashion that preserves two of its most important properties: the measure of the union of two disjoint sets is the sum of their measures, and measure is unchanged under translation and rotation. Thus, the Banach-Tarski Paradox does not violate the Law of Conservation of Mass; it merely tells us that the notion of “volume” is more complicated than we might have expected.
By the way, the sets in the Banach-Tarski Decomposition cannot be described explicitly; we are merely able to prove their existence, like that of a choice function. One or more of the sets in the decomposition must be Lebesgue unmeasurable; thus a corollary of the Banach-Tarski Theorem is the fact that there exist sets that are not Lebesgue measurable. The existence of unmeasurable sets has a much shorter and easier proof, which can be found in every introductory textbook on measure theory. That proof also uses the Axiom of Choice, but doesn’t mention the Banach-Tarski Decomposition.
Great stuff!
January 4, 2004
:hover
Craft
The brilliant Peter Nederlof has found a JScript hack to enable CSS :hover
behaviour on arbitrary elements in IE/Win.
Since I’m generally in favour of crufty hacks for crufty browsers, I’ve implemented his solution here at Musings. It took a bit of rejiggering of my CSS code to avoid the use of child selectors (>
), which IE still does not understand. With a bit of IE DOM manipulation,
window.onload = function(){ if (navigator.appName == "Microsoft Internet Explorer") { document.body.style.behavior = 'url(\"/csshover.htc\")'; } };
I can even do it with a CSS stylesheet that still validates.
In plain English, that means that my sidebar now works in IE/Win, and the user-experience now more closely approximates that of a Standards-Compliant browser. Let me know if you find any problems. I don’t promise to fix them, but you never know …
[ Tip 'o the hat to Anne van Kesteren.]
January 1, 2004
itex2MML Plugin Update
A minor update to the itex2MML executable, used in my plugin. I added a few more MathML entities.
- \dagger
- †
- \ddagger
- ‡
- \cap (=\intersection)
- ∩
- \bigcap (=\Intersection)
- ⋂
Thanks to Urs Schrieber and Antonio Luis Martínez Rico.
(Antonio Luis had a few more changes, but I think he was either working from an old version of the executable, or trying to work around some bugs in Mozilla that I’m not seeing here. I hope he’ll correct me if I missed something.)
New Years Menu
- Prosciutto di Parma
- Queso Manchego
- Olives: garlic-stuffed and Aragonian
- Spanakopita
- Salad of spinach, gala apples and Shropshire Blue
- Foie gras
- Crab cakes
- Salmon in puff pastry with basil pesto
- Belgian chocolates
- Champagne Veuve Clicquot
Happy 2004!