Submitted by brad on Mon, 2007-08-06 01:30.
A few weeks ago, my site got hacked. The attacker inserted an iframe pointing to a malware site into most of my html pages. That of course is bad, but the story doesn’t end there. (I should of course have upgraded my OS from the ancient one my hosting company gave years ago, but they don’t really support that, and feel an upgrade consists of rebuilding from scratch.)
I cleaned out the entire site and searched for any remnants of the bad link. Having done this I thought all was well. However, as it turns out while the ideas.4brad.com domain and other domains were clear, the 4brad.com domain, which I don’t use for anything, still had a web server on it, pointing at a different directory far from where I keep my own web sites. (I try to never put my stuff in system directories.)
Unfortunately google, for unknown reasons, looked at 4brad.com, even though there are no links to it anywhere on the web. And found the placeholder page, with hacked link in it. From there it declared the entire site, including ideas.4brad.com, to be a malware site. I think that’s a bug, since there were never any malware links on ideas.4brad.com pages — this is a drupal site, and while the hacker’s script attempts to modify PHP scripts, it did not do so correctly, and just broke them. Running linux, I didn’t see the malware hacks on the other sites where they made the changes, but found them soon enough and removed them for now.
Alas, that means for some time people have been directed away from this blog by google. It shows up in search results, but you can’t actually click on the results, and there are warnings that going to the site may harm your computer (you get these warnings even on non-windows computers, which is reasonable, I guess, if incorrect.) I’ve asked the site stopbadware.org, which Google teams with, to confirm the hacks are gone, and now I have to rush out to rebuild the site from a fresh install. Sigh.
Update: Google reacted to the cleanup of 4brad.com very quickly and no longer lists the domain as unsafe. I did file a review request with stopbadware.org — perhaps they are much faster than they let on.
I’m shopping for hosting. I think I will upgrade to dedicated hosting, even though virtualized hosting has its merits. As I wrote before it would be great if MySQL could be virtualized independently of the OS. The ideal marriage would be a virtualized linux with access to sharable, non-virtualized services like web serving and database. The trick is memory. A typical virtual host will have 16 copies of MySQL and 16 copies of Apache and 16 copies of PHP or similar running on it. Because virtual machines don’t truly understand how much memory they have, or see the paging of the underlying OS, they can’t manage memory as well. But their ability to burst in unused capacity is a big win.
Submitted by brad on Mon, 2007-07-23 17:28.
Well, this site is at a crawl now because the panorama I assembled of San Francisco in 1971 is on the digg.com front page. If you haven’t seen it before it’s on the San Francisco page, the panorama of SF from the top of the Bay Bridge in 1971.
My hosting company, Defender Hosting/PowerVPS, has been kind enough to do a temporary upgrade of my server capacity to their top level, though the site’s response is still poor. This is something that virtual hosting can do that you can’t as easily do with dedicated hosting, though virtual hosting has its own costs, mostly in wasted memory.
I think it would be nice if virtual hosting companies sold this “bump” ability as a feature. When your web site gets a lot of load from a place like digg or slashdot, this could ideally be automatically detected, and more capacity made available, either free for rare use as a bonus, or for a fee. Most site owners would be glad to authorize a bit of extra payment for extra capacity in the event that they’re subject to a big swarm of traffic. (The only risk being that you might pay for capacity when under a DOS or spam attack or when being used by crackers or spammers.)
One place this might happen well is in the Amazon ec2 service, which I have yet to really try out. EC2 offers a cloud of virtual servers on demand. In this case, you would want to have a master controller which tracks load on your server, and fires up another virtual server, and then, once it’s up, starts redirecting traffic to it using DNS or proxy techniques, or both. If a web site is highly based on an SQL server, all the copies would need to use the same SQL server (or perhaps need an interesting replication strategy if not read-only) but making SQL servers scale is a well-attacked problem.
Has anybody done this yet with EC2? If not, I expect somebody will soon. The basic concept is fairly simple, though to do it perfectly you would need to do things like copy logs back after the fact and redirect any pages which want to write data to the local server to a common server if one can. For a site with static pages that don’t change due to user activity, such replication should not present too many problems.
Submitted by brad on Sat, 2007-06-23 11:08.
Whoops, sorry. I was playing around with a shared to-do list manager in drupal, the software that runs this web site, and it seems to have poorly configured security defaults, so the test entries showed up on the home page. I've made them unpublic now.
Submitted by brad on Wed, 2007-04-11 15:26.
I’ve been participating in online discussions about my favourite TV show, Battlestar Galactica, so I have collected a number of my selected postings about the show, along with some new ones, into a sub-blog on this web site.
If you are a fan of the site I invite you to subscribe to my Battlestar Galactica Analysis Blog.
It has its own RSS feed as well. You can also find it in the menu for this site. The show is now on a 9 month break before Season 4, so postings should become scarce after a while, but I still have a number in my queue to add. Theories will range from the well-grounded to the invented, but I hope it will help you enjoy the show.
Submitted by brad on Mon, 2007-03-05 14:49.
From the shameless narcissism department: I was surprised to see myself and the EFF picked by PC World today at #12 on their 50 most important people on the web list. I’m really there as a proxy for the EFF, I suspect, but it’s great to see our work recognized. I’m pleased to say the EFF is going like gangbusters right now with so many cases under our wing, and many thousands of new members in the last year, thanks in part to the AT&T lawsuit and others. Of course every year we must repeat our fundraising efforts all over again — the vast majority of EFF money comes from individual members and donors, not from corporations much at all, and only to a small degree from foundation grants.
It’s also good to see fellow EFF board members Larry Lessig, Brewster Kahle and Dave Farber on the list, along with many other EFF friends and associates, and my Bittorrent compatriot Bram Cohen appears at #3. Of course, this and $4 will get you a cup of coffee.
Submitted by brad on Sat, 2007-02-17 19:28.
I have upgraded the site to the latest Drupal 5.1. For a short time that means some features I coded won't be available until I re-patch, such as my anti-spam comment tool (comments are moderated for now.) If stuff is broken, let me know. (I don't know what happened to the category menus and will try to get them back.) I'll also be adding some new features, such as RSS feeds of comments and nodes and some other things mostly only seen by those who create an account.
I've put in drupal's simple captcha module which does a math problem instead of the old simple question I had. It seems to be generating an sql error, but is otherwise working. I may change it to the simple text question as a default captcha is subject to spammer attack.
Drupal has had a pretty terrible upgrade procedure for some time now, with upgrade consisting of simply replacing the entire file tree, and proctecing your local config. This had no accounting for local changes to code or even installed modules. At least in 5.0 they have moved to putting non-core modules and themes in their own site-only directory. I'm also now installing from CVS which should let me make my changes and import their changes as well.
Submitted by brad on Thu, 2007-01-04 17:13.
Join me next Thursday (one-eleven) at the one-eleven Minna gallery in San Francisco to celebrate EFF’s 16th year. From 7 to 10pm. Suggested donation $20. Stop by if you’re at Macworld.
Details at http://www.eff.org/deeplinks/archives/005055.php
Submitted by brad on Sun, 2006-11-05 23:00.
I'm in Edmonton. Turns out to be the farthest north I've been on land (53 degrees 37 minutes at the peak) after another turn through the Icefields Parkway, surely one of the most scenic drives on the planet. My 4th time along it, though this time it was a whiteout. Speaking tomorrow at the CIPS ICE conference on privacy, nanotechnology and the future at 10:15.
Idea of the day. I joined Fairmont Hotels President's Club while at the Chateau Lake Louise because it gave me free internet. When I got to the Fairmont Jasper Lodge my laptop just worked with no login, and I was really impressed -- I figured they had recorded my MAC address as belonging to a member of their club, and were going to let me use it with no login. Alas, no, the Jasper lodge internet (only in main lobby) was free for all. But wouldn't that be great if all hotels did that? Do any of the paid wireless roaming networks do this? (I guess they might be afraid of MAC cloning.) It would also allow, with a simple interface, a way for devices like Wifi SIP phones to use networks that otherwise require a login.
Of course, as we all know, the more expensive the hotel, the more likely the internet is not only not included, it's way overpriced. At least Fairmont gave one way around this. Of course I gave them a unique E-mail address created just for them, so if they spam me I can quickly disable them. But once again I, like most of us, find myself giving up privacy for a few hotel perks.
Submitted by brad on Thu, 2006-04-13 18:27.
TONIGHT, April 20th, there will be a debate on the issue of per-message charges for E-mail, sparked by the recent debate over Goodmail and AOL.
The debate will feature former EFF Chair Esther Dyson, who has become a surprising supporter of pay-to-send E-mail, and EFF Activist Danny O’Brien, NTK author and coordinator of EFF’s involvement in the efforts against Goodmail. Esther is also publisher of Release 1.0, host of the PC Forum conference and former chair of ICANN.
Alas, I won’t be able to be there, as I am at a conference out of town, but those who followed the debate in my blog may wish to attend.
EFF will be fundraising, suggested donation $20 but donations are not mandatory.
You can get full details at the BayFF page
Submitted by brad on Fri, 2006-03-31 02:25.
Next week (Mon-Tuesday) I will be speaking at David Isenberg’s “Freedom To Connect” conference, on an open net, in Silver Spring, Maryland (Washington DC.)
April 10 I will be at UCSB’s CITS conference (Santa Barbara, obviously) on growing network communities.
The next week April 19-21 sees the annual Asilomar Microcomputer Workshop, always a good time.
See you there.
Submitted by brad on Thu, 2006-02-23 18:37.
Each year since 1992 the EFF has given out the EFF Pioneer Awards to a wide array of online pioneers. Check out the lists on the web site.
We’re seeking new nominees for this year’s awards, to be given at CFP 06. We need them by Feb 28. Check out the web page, and e-mail us the nominee’s name and contact info with a description of their contribution. Organizations and Systems can be nominated, as well as individuals.
Who do you think has helped make the cyberworld what it is? Get them recognized.
Submitted by brad on Sat, 2006-02-18 00:22.
We’ve been working on an inherited house in the Irving Street/23rd avenue neighbourhood of the Outer Sunset of San Francisco. This is one of SF’s “new chinatowns” — the original one on Grant St. long ago given over to the tourists. Irving is where the real asians go to shop and eat. I’ve been impressed at the incredible quality to price ratio of the food here, I think it’s the best locus of value in the city.
As such I have prepared a map of the Irving Street/Sunset Restaurants with some commentary for those visiting the area. I did it as an HTML table to mimic the streets. Of course, this is mostly for readers in the Bay Area. The Sunset is rarely visited by tourists, and has notoriously bad fog in summer, but it has a lot more character than I expected. The street is also full of asian grocery stores and miscellany shops.
It’s also just one block from Golden Gate Park. One can readily gather food on Irving and walk to picnic tables in the park at 25th or 18th.
Submitted by brad on Thu, 2006-02-02 18:31.
While I have been using Google ads on the blog for some time (and they do quite well), they don’t yet do RSS ads outside of a more limited beta program. So I’m trying Yahoo’s ads, also in beta but I’m on the list.
They just went live, and all that’s showing right now is a generic ad, presumably until they spider the site and figure out what ads to run. Ideally it will be ads as relevant as Google Adsense does.
Competition between Google and Yahoo will be good for publishers. Just on basic click-rates, one will tend to do better than the other, presumably. If one is consistently doing not as well, they will lose all the partners, who will flock to the other. The only way to fix that will be to increase the percentage of the money they pay out, until they get to a real efficient market percentage they can’t go above.
Read on for examination of the economics of RSS ads. read more »
Submitted by brad on Mon, 2006-01-09 18:51.
This week I will be doing some demos of Voxable, my system that combines VoIP, presence and all sorts of cool stuff I won’t be writing about in the public blog to create a new user interface for the phone that is both as modern and internet as it can get while also being a reflection of the ancient interface for the phone that was lost.
Anyway, if this space interests you, contact me (firstname.lastname@example.org) to try to attend one of the demos. They will be Wednesday the 11th in Sunnyvale, CA at 1:30 pm and Thursday the 12th in the financial district of San Francisco, 1pm. For the right folks, and for potential investors, demos can be arranged at other times, even remotely. (Though I tend to reserve telecommuting to those I’ve worked with and know have the discipline for it.) This is pre-funding startup mode — which means working or moonlighting for lottery tickets (options) with at most survival salary — until the funding arrives. People I know are Ok with frieNDA, for strangers a two paragraph written NDA will be appreciated. Coders should send me an ASCII resume in advance.
While most of the action in new telephony up to now has been in the “how” and “what” — infrastructure and PSTN replacements, I believe the user experience is where the value will truly lie. And he who owns the user experience will own the user, something a lot of companies are very keen to do in the telecom world. That’s why I’ve invested and coded in this area and why you might be too.
As blog readers will know, I’ve been in the innovation seat before, beginning as the first employee of the first major PC applications software company (VisiCorp), then creating many innovative and award winning programming tools, then founding the world’s first dot-com (ClariNet) and next there will be Voxable.
Submitted by brad on Wed, 2005-11-16 02:16.
At the EFF, we’re announcing today a membership drive around our various efforts for blogger’s
In the EFF blogs in my blogroll, you will have read this year about our legal guide for bloggers, and the various free speech cases we’ve done protecting publishing rights online, anonymity and assuring reporter’s privilege for online journalists.
If you have a blog, we encourage you to promote our campaign and add one of our buttons on your blog. The bloggers who bring in the most members get some goodies, but the real reward is in defending freedom of the modern press. Those bloggers who put up the button can get a membership of their own at a discounted rate too. They can see this page for more details on that.
Submitted by brad on Fri, 2005-10-07 00:25.
I’ve arrived this morning in Melbourne, a very pleasant city in which I haven’t allocated enough time, as per usual. Lots of interesting food, seems very livable with great transit, pleasant spaces and parks and architecture. And also surveillance cameras, everywhere. And warnings about stopping terrorism even though there hasn’t really been much here.
Once again I wish there were simple agencies to rent you all your tourist things so you didn’t have to pack them or worry about them. As I wished for before, there was a Vodaphone store in the airport arrivals lounge that sold me a SIM card for $30, though to get a really good deal you have to buy another $50 (AUS, 37.5 USD) of airtime.
My tour will take me now to Adelaide briefly, then up to Darwin to stay in Kakadu national park, then to Cairns (reef, of course) and finally ending in Sydney on the 17th, including speaking at the AUUG open source and unix conference on the 19th. Should be a great trip, and I’ll try to blog other observations about Australia.
Some immediate ones: Most people have told me they felt australians were great friendly people. My cab driver (black) said he loved Australia except the people were the most unfriendly in the world… Race may have something to do with this, I fear. I’m told my (barely) Canadian accent will sound sexy here.
Submitted by brad on Sun, 2005-09-18 00:01.
In addition to the EFF party, here are some upcoming conferences I will be attending and/or speaking at:
Sunday, a half-day at Accelerating Change 2005, Stanford
Monday, Sept 19th at 10pm, panel on CALEA Wiretap rules for VoIP, at Pulver Voice on the Net conference in Boston at The BCEC (not Hynes as I reported earlier) Convention Center. I’ll be at the conference for most of the week.
Friday Sept 23, I’ll be going with Kathryn for Ray Kurzweil’s talk on his new book, The Singularity Is Near : When Humans Transcend Biology, which Kathryn worked on. The talk is for the Long Now Foundation, at Herbst Theatre in San Francisco. He’s doing many talks on a long book tour.
We’ll be at George Gilder’s Telecosm at Lake Taho on the 26th.
EFF Party, of course, on the 2nd of October
Keynoting the AUUG Linux conference, in Sydney, Australia, on Oct 19th
Back for Foresight Nanotech’s annual conference on the 22nd of October. (I’m on the board) At the San Francisco Airport Marriott.
Submitted by brad on Sat, 2005-09-17 23:03.
Join us for a party.
When: Sunday, October 2nd, 2005 at 5 p.m.
Where: EFF Headquarters in San Francisco, 454 Shotwell Street, 94110
EFF is 15 years old this year, and we are going to
celebrate! We’re having an anniversary bash at our San Francisco
headquarters on Shotwell Street on Sunday, October 2nd, 2005. The party
starts at 5 p.m.
Join us for delicious Mexican food and drinks from Pancho Villa, hear a
special address from our founders, John Perry Barlow and John Gilmore,
taste our special 3D cake, and enjoy both the grooves of Gypsy Jazz from
the Zegnotronic Rocket Society, and the hypnotic beats of DJ Ripley and
Our celebration is free of charge and open to anyone, so bring your
friends and family. We look forward to celebrating with you!
Please let us know you’re coming so we don’t run out of food and
libations! Send an email to rsvp at eff.org, or call 415-436-9333 x129.
EFF’s office is located at 454 Shotwell Street and is BART accessible.
Take BART to 16th and Mission, walk to 19th street and take a left, and
take another left on Shotwell Street, three blocks down. We are located
between 18th and 19th on Shotwell.
Submitted by brad on Thu, 2005-07-14 19:40.
All my sites were off today as I did an emergency switch of servers.
The whole story is amusing, so I’ll tell it. I used to host my web sites with Verio shared hosting, but they were overpriced and did some bad censorship acts, so I was itching to leave. One day my internet connection went out, so I went onto my deck with my laptop to see what free wireless there was in the area. One strong one had an e-mail address as the SSID, though it was WEP-locked. Later, I e-mailed that address with a “hi neighbour” and met the guy around the corner. He had set the SSID that way to get just such a mail as mine. (I have a URL as my SSID now for the same purpose.)
My neighbour, it turned out, knew some people I knew in the biz, and told me about a special club he was in, called “Root Club.” The first rule of Root Club, he joked, was that you do not talk about root club. Now that I’m out, I can tell the story. Root Club was started as a group of sysadmins who shared a powerful colocated web server, and all shared the root password and sysadmin duties. read more »