test

The Baby 1.0 project launched early— and caught me without the Baby Blog project started. I quickly pushed out a MT4 powered baby blog within a day or so of McLean’s arrival— but it hasn’t been fully tested and is still very much a project under development… As far as I can tell from the Activity log, Happy and Maura have had some trouble leaving comments. Anyone else having trouble? Can you send me a mail or leave me a comment below on what the problem or error was that you received? McLean and I thank you for your help.

I need to convert a MovableType site I built in 2006 to MT4. The site is a complicated web-application built with MT that relies heavily on Kevin Shay’s RightFields. RightFields has not been updated to MT4, so I’m moving the RightFields functionality to the new “Professional Pack” version of CustomFields.

Before it was snatched up by SixApart, CustomFields 2.1b4 from Movalog had KeyValue support… I can’t seem to find any info if this functionality is still in the new “Professional Pack” version of CustomFields for MT4.1b2. No one at SixApart seems to know. Crazy that they would buy and restrict CustomFields to commercial users (which I am)— despite having it voted one of the most valuable MT plugins.

Does anyone know if Brad Choate’s Key Values plugin required— or is there a similar Extended Entry value parsing built directly into CustomFields? I’ve been trying to use the following syntax in the Extended Entry to test a CustomField with external clients (Ecto and MarsEdit)

EntryDataTest=Foo

I’ve also tried:

EntryDataTest ==
Foo
== EntryDataTest

I just don’t seem to be able to update or set the CustomFields for an entry with key values. Any tips or insight would be greatly appreicated.

My first iPhone post. It appears that this site has some serious stylesheet problems on the iPhone version of safari. Not sure when I’ll have time to fix that.

Amazing. It's still going strong. At 2am last night Murph identified that I had hosed my comment templates. Troubleshooting the problem this morning I disabled the CCode plugin that I've been running for over a year. That opened the spam flood gates. Between 6am and 9:30am I received 80 spam comments. The first spam on this blog for ages.

I've got to find the time to fix these templates... Or better yet, after 3 years of saying I'm going to redesign, maybe I should finally find the time to rebuild this tattered and aging old site.

After paying with Run-O-Meter to track my Nike+ stats, I stumbled up on Ernest Oporto’s conversion of Mark Ricket’s Nike+ wordpress plugin. It’s excellent code that makes daily api calls to the Nike+ site and caches the data locally. Much easier to parse, design and reformat when the data is stored locally. There’s another script, which I haven’t explored yet… but this one is quite simple and well thought out.

I’m still playing with it, but you can see my first attempt at formatting the results of the nikeplus.php script on the first page of this blog. Click the telemetry tab in the upper right corner. As you may notice, I’m not doing so well on one of my goals this month. Again… it’s a work in progress. Also shown is Duncan’s excellent weather perl that cron runs every 15 minutes.

Excuses on why Adobe dropped the ball— from a Photoshop developer. Read the comments. The full Final Cut Studio and Aperture will be Universal within the next 5 days. Blaming Xcode for not being able to handle “big applications” is a crock. Adobe had the heads up to make the switch to Xcode 5 years ago. They choose to keep charging for full updates to new versions without putting the resources into either maintaining an up to date codebase or beginning the port to Xcode.

Even worse— InDesign was developed from scratch in the last 5 years. What it’s excuse?

This is Quark/Indesign all over again. Quark screwed around with half baked upgrades for years without bug fixes. Adobe crushed them with InDesign. Someone needs to show up to the party with a Universal Photoshop killer and market the hell out of it the full year before CS3 ships.

An aside— much like their botched releases…and botched branding attempt, Six months later and Quark has re-re-branded with a new less “controversial” logo. Designed inhouse.

The new Form Assembly is chocked full of Web 2.0 goodness (AJAX form building, pie charts, form response rss feeds, csv output and more). A lot of cool tricks I didn't have the time to develop on my own. I was building a quick and dirty RSVP page for the opening party of a new NYC restaurant. I wanted to play with all the new features, but I needed to manage the data locally as well. I figured it shouldn't be too hard to POST the form data locally, capture the variables to make lists, generate multiple emails, work the data locally and finally use PHP to resubmit the form to Form Assembly.

This total hack of poorly written PHP serves absolutely no purpose-- but there might be someone somewhere wanting to capture form data before submission, process it locally and resubmit for processing-- or even someone wanting to submit a single html form to multiple processors. One form getting simultaneously posted to cgi scripts on three different servers? No problem.

More ...

Neil’s css footer (that I threw my $0.02 into) is now live on the bottom of Gothamist. Nice work.

I’ve been tagging del.icio.us and Flickr for ages. Now I’d like to start tagging my blog entries to Technorati.

A few plugins (1, 2, 3) have rolled out to utilize your MT keywords as tags. The problem that none of them seem to address is that meta keywords are comma delimited. Tags are space delimited. I’ve got 3 years of posts that have commas in the MT Keywords field. I don’t want to loose my properly formatted meta keywords in my html… but I want to embrace tagging.

I need a tagging plugin that strips the commas from the end of each keyword, and adds a + between two word keywords to assemble a two word tag. Should be easy, right?

Update: ask and ye shall receive.

Adding mod_security to the stock Apache on MacOS 10.4 (Tiger) was a breeze. Here's the simple install instructions for anyone that's interested. You'll need (of course) to be running the built-in Apache on your Mac. I don't have the 10.4 Tiger Server but I assume everything is in the same place as the client.

Disclaimer: add this module to your Apache at your own risk. Backup your httpd.conf (located in /etc/httpd/httpd.conf) before you begin. As always, you shouldn't be adding modules to a live or production server. If you're a Mac user and you don't know what http.conf is then you probably shouldn't be messing with the command line and Apache.

More ...

I’ve just done a clean install and upgraded this server to 10.4. It took a lot of CPANing to get it up to speed. I think I have most of the kinks worked out… but if something is screwy, let me know. I can’t judge if Apache is faster until Spotlight is done indexing the server’s RAID… which it tells me will take 12 hours. Until the indexing is done things may be a tad slow.

With my limited Mod_Security experience I’m psyched. Most mornings I wake up and check both the MT Blacklist and SpamLookup’s logs. The 24 hours between checks, the plugins have blocked well over 500 ping or comment spam attempts. Not today. Not a single spam has made it through Mod Security since its install.

With the two spam plugins working so well, why is ModSecurity important? Every comment or trackback spam attempt spawns Perl processes on the server. When this little box gets attacked with 60 spam hits a minute- everything slows down. ModSecurity effectively stops the spam attempt before the Movable Type spam filters need to fire up a Perl process.

Another observation that will help those of you on shared hosting accounts without access to Mod_Security: As far as I can tell 99% of all blog spam attacks are coming from an IP spoofer called the pinappleproxy (more info). Adding the following Mod Rewrite rule to your .htaccess or httpd.conf should effectively stop this uber-spammer and reduce your spam load in a very noticeable way:

RewriteEngine on
RewriteCond %{HTTP:VIA} ^.+pinappleproxy
RewriteRule .* - [L,F]

And that’s not all Bob! With every Mod_Security install you also get: an end to referrer spam and ShortStat stats spam!

With prompting from Dunc, I’ve just added Mod_Security to this server. Installation was essentially plug-n-play on OS X (10.3). Aside from it’s general protection from malicious server activity, I’ve also tied my MT-Blacklist into it to defend against spam attacks. I’m going to test it out to see how well it runs (so far it’s knocking out just about all spam attempts). When I upgrade the server to Tiger, I’ll post the instructions on how to install the dynamic apache module on the Mac. It’s chicken baby easy™.

My copy of MacOS 10.4 will be here Friday ($35 off at Amazon). Neil has been running it for a while and got me excited about it last night. I’ve been so busy I haven’t had time to prepare. I think I’ll just do a clean install to one of my machines as a proving ground.

It’s going to be a long time until I upgrade this server. With the new GCC 4.0 compiler and all the backend changes in 10.4, I can only imagine it’s going to be a nightmare rebuilding all the perl mods and their dependancies. I’ll wait until the server users blaze the trail. Thanks to Neil I think I’ve fixed the Atom problem with links in my templates that were returning an error with the new Safari RSS.

I’m looking forward to managing my workflow with Automator. Spotlight (modeled after the BeOS filesystem database) and Dashboard are interesting. I’m a little disappointed and surprised that most of the OS isn’t 64bit, and that they would release Mac Mini— knowing Tiger was coming— and they wouldn’t support Core Image on it. If they knew the required specs wouldn’t be met, surely they should have made the Mini video cards upgradable.

I can’t seem to find any info on Darwin’s open source components. Is it running Apache2? Samba3? PHP5? Where are those tech specs listed?

Not Tufte, but slick as hell: Craigslist’s real estate listings parsed with the Google API and reformatted as Google Maps. This is why public APIs rock. So hard— and AJAX provides the coolest user interfaces…

For some odd reason this site has a high PageRank. I don’t know why. My high PageRank attracts spammers trying to increase their search engine ranks. To combat this problem a consortium of search engines have begun the rel=“nofollow” initiative. It’s a code change (on the user’s site) that stops search engine spiders from following comment links that are inflating the PageRanks of linked-to sites. It’s a change that website owners make to their code to help search engines provide more relevant results. I’ve implemented the change here on studio2f. However, there’s something that just rubs me the wrong way about the whole concept.

The explosion of blogs, comments and trackbacks have directly affected the PageRank algorithms the search engines use to rank sites. Is that the blogsphere’s problem or a sign that the original PageRank implementation was not developed with the ability to evolve as the internet landscape transforms? Every time a new challenge arises to PR will the search engines push for the users to alter their sites and code to prop up PageRank? Today the problem is bloggers and their comments— tomorrow it’s some sort of interactive-multimedia space car we’re all driving. Who knows. Uses for the internet continue to expand.

Most of us favor the results and PR from Google over Yahoo- or gasp! Carnegie Mellon’s Lycos… because their results suck. In a couple of years we’ll adore a new search engine with a new means of calculating PR that generates better results than Google. That’s evolution- and it happens on the corporation’s side not the end users.

I aggressively defend my entries from spammers with Jay Allen’s outstanding MT-Blacklist and Brad Choate’s MT-DSBL. I know that every link in my comments is a legitimate link supporting the user’s comment. It’s a constant war… with regular spam attacks daily, I don’t believe rel=“nofollow” is going to stop them. As the spammer’s PRs start to decline they’ll adapt. They always do. They’re like cockroaches.

They’ll still score the top search engine result positions— while cleaning up the search engines will happen at the expense of the little sites (not the big ones like boinboing). Small legitimate (not spam) blogs will drop off the radar as their PRs disappear.

This probably won’t be a popular statement: but the idea that “thinking about PageRank” is evil, and instead you should be creating great content to build yourself into a boingboing is a hollow argument. There’s room for both. Boingboing became what it is today partly because a zillion people linked to it.

I believe this solution is a band-aid to the problem that the search engines have: they need to generate legitimate results. rel=“nofollow” is not the cure— the problem will continue. PR will still be exploited and results will still be tainted. The search engines have to figure out how to filter the crap internally.

Regardless— I’ve implemented rel=“nofollow” here.

Disappointing: Tiger’s 64bit goodness isn’t going to be all that 64bit.

I upgraded MT this morning. So far so good. The upgrade took less than a minute, and should solve server load problems when spam-comment attacks happen. Surprisingly, this blog gets very few spam attacks, but the more obscure Nuptial-Log gets hammered all day long.

MT-Blacklist does a great job of stopping the spam. The worst offender is Texas Holdem dot com (et al.). I’ve been able to halt all 10,000 variations of their spam URL with the blacklist regex: (texas[\w-_.])?hold\Wem

Another way to skin the cat is Mod_security. This might be interesting solution to play with.

I’m all about the comments today.

The Tweezer’s Edge comment template hack was a great find… and it’s just lead me to solving another problem I’ve been having. On entry templates, Movable Type’s TypeKey registration calls a javascript from a Perl script. Since I’m not running a persistent Perl like mod_perl, this was a major performance hit. Every-time a blog entry page was loaded, Perl had to be started to serve up that single javascript. That was bad decision on Six Apart’s part if you ask me. My entry pages would load fast, but would always pause for a few seconds before rendering the comment form fields as Perl started up to bust out that script.

Ta-da. Via the Tweezer’s Edge, I’ve stumbled upon Hirotaka Ogaw’s solution that simply replaces the cgi call with the actual javascript. Duh. No need to start Perl. No pauses while loading pages. So simple. I hope this helps someone else.

So many projects, so many sites… this site ends up being the neglected red-headed stepchild. Unable to sleep through the din of fans and dehumidifiers last night, I figured I’d do something productive and finally got around to doing all the templates on this site that have been missing. Last night I setup templates for:

• comment pending
• comment preview
• comment error
• search results

They’re rough— but they’re in a state (a state of existing) that they’ll be easy to work on. When I started at 1am, I was shocked to discover you couldn’t alter the form fields in Movable Type 3.0 comment templates. What the heck? How the hell do you design around that? Some late night googling lead me to The Tweezers Edge’s Replacement for <MTCommentFields>. Now we’re on the way to happy comment fieldsets.

UPDATE 10/03/04

These problems have been solved by ARD2

Apple Remote Desktop 2.0 has been getting tons of positive press all over the web. Indeed it’s the slickest VNC you’ll find, with complete OSX control over remote machines and VNC control over PCs. However it’s one buggy heap of code. Aside from ridiculous limitations (such as only being able to a Linux or Winows VNC server set to Display 0), it’s got one killer bug that almost renders it useless on Powerbooks.

I’m surprised such a huge bug made it out of Apple testing. Here’s how to get ARD 2.0 to run on a Powerbook.

More ...

FireFox is a much more powerful and expandable browser than Safari . It’s a no brainer to make the swap from Safari or Internet Explorer. Abandoning Safari for FireFox left me missing only one thing- iSync. A big of googling lead me to a solution that allowed me to continue to sync my bookmarks across multiple machines (pc and macs) using .Mac’s WebDAV. Here’s how to set your Firefox to sync bookmarks through .Mac …

More ...

You may recall Kerry’s cheese steak faux pas. Bush visited Philadelphia and used it as a vehicle to poke fun at Kerry. The truth: “The commander-in-chief fooled thousands Tuesday to believe he eats like the epicureans here.” (President Bush Nailed by Cheese Cops). Time for some Cheese Steak Eaters for Truth spots.

I'm doing some work on the studio2f server... don't be surprised if you experience some sporadic service outages today.

What's great about this gag- is that the original direct linker doesn't know the image is beening swapped-- the correct image is in their cache from their first visit to this site. The mod-rewrite swapped image is only going to show up if they reload their caches-- anyone else (that hasn't been to this site) will see the replacement. Studio2f images posted into conservative forums and blogs? Hi-jinx ensues.

One of the best examples of this is UPS. The terribly designed Worldship software, with it's god-awful GUI, only runs on Windows. However the wonderfully designed UPS.com shipping section runs on anything that has a browser. Why tie yourself to specific platforms when you can be free of system restraints? Updating one web application beats applying updates to software installed on hundreds of desktops-- and everyone is always using the same version. With CSS your application is available to you in any form and on any device you choose. Web based applications empower your users to use the tool that they're most comfortable with-- and that's good design.

About time! My own site is always the redheaded stepchild when it comes to attention. Finally this page is XHTML valid. Most of the portfolio pages are as well. I have some bugs to work out on old HTML based portfolio pieces and poorly formatted movable type pages from the past. On my path to XHTML compliance I've made some minor refinements to this site. The old look is here. The new one is simpler. I'm sure there's going to be some hickups. As I work the final bugs out and tweak the typography, these pages will fall in and out of compliance. Let me know if anything is horribly wrong. I've test on all the major browsers and my bug list is shrinking.

More ...

Froogle has come out of beta and Google is featuring it on their homepage. Now that it's open to the public- we're getting swamped with Froogle orders. Thanks to Dunc's Froogle feed builder- that has been running and populating froogle with our products for months.

Mail is running again. On Friday my provider outsourced EVERYTHING to India. Sunday the locals messed something up and not until this morning did my provider get their U.S. based servers running again.

I've begun the time consuming task of upgrading Studio2f to OSX 10.3. I'm working on a staging server with a mirrored copy of the live server. There's a lot of libraries and scripts that need to be recompiled. A billion Perl Modules that need installation. There just isn't enough time to get it all done... and the puny 500mhz G4 in the server doesn't help with speedy compiling. When the upgrade is done, I'll start the even more time consuming phase 2- upgrading studio2f.com to be 100% clean XHTML. Finally separating content and structure.

This post on Slashdot got us thinking of bigger uses for CVS. We're now talking about daily automated commits of the JHA office's CAD files. The CAD operators will be getting a redundant backup method, and version control- without any changes to the way they work. CRON would add new AutoCAD files to the repository and commit changes multiple times a day. We'll be able to track changes (what user changed the file, and when), and will be able to roll back to any version in seconds (we made a mistake, and need to go back to the design from 4 days ago).

Panther has replaced Sendmail with Postfix. If you did the 10.3 "upgrade" instead of the "archive and install" or "clean install" then your Postfix won't work. The upgrade option didn't run the CreateSystemUsers script that adds the Postfix user to NetInfo. Here's how to setup Postfix, and here's how to run the CreateSystemUsers script if you upgraded.

I hosed up my GPG keychain so badly today that I needed to expire the old key and generate a new one. For those who need it- the new public key is up on the keyservers. It’s also in this post below. Poking around on the server I see that I have keys without expiry dates going back to 1995. Without the original private keys, I have no idea how to get the old ones out of the key servers.

Slashdot today has an article on 7 spam filters reviewed. I use SpamAssassin, and rarely have a spam make it into my inbox. In the last few weeks I've seen a couple slip through- and I finally took a look at them to see what's going on.

More ...

The honeypot I set up (catch #1, #2) has caught a "Nigerian" type spam. They harvested the email address off this site today at 9:03am, and by 9:31am they decided to give me $18,000,000.00! The fastest money I've ever made!

More ...

New spam catch... Same IPs captured... Same times... Same talk21.com contact info. I'm going to track this guy down.

More ...

On 6/19 I setup a honeypot based on Kung Fu Grippe's idea. Today I caught my first spammer- and the most telling part, it claims I opt'ed into their mailing. The To: addresses in red were generated by my honeypot. They show IP (66.135.32.74) harvested the bogus email on 7/18/02 at 7:20 and 7:21.

More ...

Christopher Holland of Exordium has written up mod_gzip install instructions for OSX. I've been trying to figure this out for sometime. I hope to get this up in running in the next day or so for some experimentation. With all the images I host (4 gigs worth here), speeding things up and saving some bandwidth would be great. It will be interesting to see in my testing how feasible it will be to compress images that are already compressed.

It's been occurring to me that MovableType is slowing down. The problem is that it's getting slower and slower with every post, since every archive page needs to be rebuilt with the dynamic left items (recent posts, category post #, etc). The more posts, the more pages to rebuild. Over and over. Here's what I'm thinking of doing to speed everything up, and never rebuild archives again.

More ...

This Times article is posted in blogs all over the place. The problem with textamerica is that I've already GOT a blog. I don't need another. What I've been looking for is something like audioblog but for cameraphone users. I want to post mobile phone images in realtime to my personal MovableType blog.

I'd call this the Mo-Fo (mobile-foto) system. Here's how I see it working: you signup and get a Mo-Fo email address. You configure your blog to have a Mo-Fo user that can post. Then you send your camera phone photos to your Mo-Fo account and voila! They're posted.

More ...

Kung fu grippe has an ingenious way to identify the naughty bots so you can ban them from your domains forever. I'm going to set this up in the next day or so and see what I can catch. I fear the crafty spammers will catch on to this and identify email addresses with IPs in them. I think the way to go would be to write the IP, user agent info (for easy .htaccess banning later), and time stamp to MySQL, and then generate the mailto: with a unique ID that corresponds to that DB entry. The best idea would be to have Perl picking up the mail from the junk domain, parse it for unique IDs that match up with the MySQL entries... then you'd be able to graph the frequency of the bastards, and if you're ambitious enough, rewrite your .htaccess in realtime for up to the minute spider squashing.

via boingboing

The Let's Make a Deal Paradox

Aside from my new hardware based safety nets, I now have cron backing my MySQL databases up to another location. Dunc-IT's MySQL backup is an awesome little script- cron it to either save your backup to another volume or email the backups out to you. Dunc has been having some system problems as well...

Duncan has updated the Froogle Perl scripts and developed a new Yahoo! Products script for the Joanne Hudson Basics store. The scripts can be completely automated to run with cron, will parse your product database and FTP the file up to the google or yahoo feed server. They're both GPL'd. As Recomedo says, Froogle is a must.

My zoph photo server has over 4000 images in it. Inevitably, at some point, someone likes a photo enough to post one in a forum somewhere or use a thumbnail as their avatar. These people never ask to use the photo- and never download it and put it on their site. They just link to the image directly on my server. In a busy forum thread my server is getting swamped for requests for a "borrowed" image. Here's how I'm now stopping them.

More ...

Froogle looks like it's going to rock when it's finally ready for primetime. We've developed a Perl script that will generates a Froogle feed from a phpshop database. Help yourself!