wiredfool

Archive for September, 2001

Back to the garden

It’s an embarassment of riches. Half of the tomatoes in my garden are split and fall from the vine. They are attacked by slugs. But I still harvest grocery bags of tomatoes at a time.

I know that fuzzy bear caterpillars are supposed to be predictors of winter, but I haven’t seen any of them around. What I have been seeing is 6 legged spiders. 3 in the last 2 days.

Yes, I know, 6 legs == insect, 8 legs == arachnoid.

But these spiders had 4 legs on one side and 2 on the other.
Perhaps it’s a sign of the spiders’ encounter with a cat.

No comments

NIMDA fallout

From my ISP:

The affects of this worm are detrimental to all and we’d like to give each
member a chance to secure their machines. However, after 9/23/01,
Speakeasy’s Abuse Team will be freezing the DSL circuit hooked to any
machine infected with the worm. We apologize for the inconvenience of
this, but it is imperative that we ensure our network is not assisting in
the propogation of this, or any, worm. All of us are part of a larger
community, and it really isn’t cool to infect your neighbors.

Whoo-hoo! Someone nearer to the core who is doing something about this. My only suggestion is that future worms only have a 1 day window, or less. Given the analysis that asserts that a warhol worm is possible (infecting all vunerable hosts in 15 minutes), perhaps these connections should be shut down on detection.

No comments

YES! YES! YES!

Thank you, Eric, for your astonishingly reasoned plea.

Why does so much of the world hate the United States? Perhaps that issue should be resolved before blowing more human beings into shrapnel.

There is hideous inequality in the world today, and the Western world consumes colossal resources in a completely unsustainable way, at the expense of everyone else. For what? The “right” to drive a massive gas-guzzling SUV? The “right” to drink Coca-Cola and eat a hamburger?

Eric, you fabulous wired fool, I love your idea of guerilla compassion. I will take that idea virus and spread it as far as I can. Brilliant!

No comments

Frontier vs. the latest IIS Virus

There’s a new IIS virus making the rounds that’s hammering my frontier servers with close to one request per second. This is bordering on a denial of service attack.

I’ve hacked up a responder from the hello world example that just delays, increments a counter, and returns an error. It does not log, it does not go through mainresponder. It matches any request to the “www” host, which appears to be what the worm is targeting. (so this worm is http 1.1 compliant, where the previous code red was http 1.0) I’m calling this code red 4, since it appears to have the same spreading pattern.

Update: Apparently the virus is called nimda. more

Download from:

http://updates.wiredfool.com/responders.codeRed4.fttb
or (backup)
http://www.soroos.net/responders.codeRed4.fttb

Installation:

This is a fttb file, otherwise known as a fat page. If it appears in your browser window, save the source to your hard drive, then open it in Frontier. Frontier will ask you where you want to install the file, the default is fine. Once it’s loaded, it will be inserted in the responder queue, where it will handle the virus requests.

1 comment

Frontier and Apache, 1 Public Port

One of the lingering issues with serving using Frontier on OSX is integration with static content. I have a legacy site that is static html pages (served by webstar) administered by a set of fcgis (currently run by appleevents from WebStar) that I want to migrate to OSX. The appleevent interface appears to be gone from OSX, and I have apache instead of WebStar. But since Frontier has the CGI responder allowing it to respond to fcgi requests through its own webserver, the transition is surprisingly easy.

The basic idea is that I am going to use Apache to proxy requests to Frontier, running on the same machine but a different port number. The example I’m presenting here is for fcgi extensions, but by tweaking the expressions, it should be possible to forward any combination of requests to Frontier, while serving the rest from Apache.

For this example, I have Frontier listening to port 8000. The cgi responder should be enabled, and you should be able to access your fcgi script directly at http://yourmachine.com:8000/script.fcgi.

Apple helpfully ships Apache with the proper modules installed (mod_rewrite, mod_proxy), but you will need to enable mod_proxy. Mod_rewrite is already enabled in the default configuration.

Edit the file /etc/httpd/httpd.conf, (as root). Yon need to uncomment the following lines:

#LoadModule proxy_module       libexec/httpd/libproxy.so
...
#AddModule mod_proxy.c

so that they look like this

LoadModule proxy_module       libexec/httpd/libproxy.so
...
AddModule mod_proxy.c

For each site you wish to proxy, you will need to add a configuration file (as root) in the /etc/httpd/users directory (e.g. fcgi.conf) with the following contents:


    DocumentRoot /Volumes/Frontier/websites/staticSite
    ServerName virtual.example.com
    RewriteEngine on
    RewriteRule ^/(.*)\.fcgi(.*)$  http://127.0.0.1:8000/$1.fcgi$2 [P]

This is a standard VirtualHost directive the partial equivalent of config.mainresponder.domains, making the contents only apply to the host named virtual.example.com. ( where *.example.com points to the same ip address. (similar to how editthispage.com works)). The document root should be set to the #folder in the #ftpSite table. If you want to do this for all of the sites and pages served by apache, you can omit all but the rewrite lines.

The RewriteEngine line turns on mod rewrite so that it intreprets the next line.

The RewriteRule line means: match anything that starts with a slash (^/), contains “.fcgi” and might have something after it ((.*)$)., rewrite the url so that it points to our local port 8000, including all the stuff before and after the .fcgi, and proxy the request ([P]).

Any time you change an Apache config file, you will need to stop and restart web sharing in the System Preferences -> sharing control panel. (or sudo /usr/sbin/apachectl graceful)

When presented with the request, Apache will make a request to Frontier, which will serve the content to Apache, which will then return it to the client. Ths client will never see Frontier’s url.

The beauty of this approach is that any url that you can characterize bu a regular expression can be forwarded to Frontier for its response. For further information, see the Apache Manual for mod_rewrite or the Rewriting Guide. This should work for running Frontier behind Apache on any platform (OSX, Unix, Windows).

No comments

Wage Peace

I want peace, and I don’t want to drag the world to war to get it.
I want freedom, and I don’t want to give mine up to protect it.
And I want peace and freedom for everyone.

If we go to war, we will fight an enemy who wants to die. A small decentralized enemy who believes their divine purpose is to take as many of us with them as possible. An enemy who will not abide by rules of war. An enemy who wants to polarize the world into an Islam vs. West world war. An enemy with probable access to biological and nuclear weapons and agents in western countries. When we kill civilians, it will be justification for more attacks. If we starve a country, it will be further justfication for suicide bombers. For every one we kill we will make 5 more.

And what if you track down these men and kill them? What if you murdered all of us? From every corner of your Republic, thousands would rise to take our places. Even Nazis can’t kill that fast. from Casablanca, 1942

Since the attack, America has been thoroughly predictable. Incredible heroism, volunteerism and courage. A feeling of unity. Scattered abuse of Arab-Americans. The desire for revenge. Congress meets, supports the president, and suspends civil liberties. The President attempts to reassure the nation and makes war noises. Most of us are expecting the US to bomb some third world country farther into the stone age. I’m sure the people in the candidate countries expect it too.

Lets stop the predictability now. What we need is not (at best) a protracted land war in Afganistan, nor do we need to cause collateral damage to force the Taliban from power, nor do we want to get into an atomic shooting war on our own soil.

We need to attack with intelligence, courage, and compassion. And we have to do it ourselves. We’ve spent too long manipulating others to our ends, arming dictators and insurgents then dropping them when we get bored.

We need to excercise fanatical fundamental compassion. We need nonviolent noncompliant action in those countries where our leaders want to drop bombs. If the people need medicine, we should send doctors. If the people need food, we should smuggle it in. We should bring the internet to every village. We should stand up for the oppressed. We must to respect the people’s customs, while resisting their leadership’s oppression. We must fight terror with compassion.

We have surplus grain, lets use it. We have technology, let’s use it. We pay farmers to leave their land fallow, let’s pay them for using it.

Let our actions speak against the terrorists words and deeds. Let our actions choke off the flow of volunteers for suicide missions.

No comments

Manila Feature Requests

Many of these items I’ve implemented in manila, but are difficult use except on custom modified sites. It would be nice to get them into the standard distribution stream. permalink

  1. Make gems work out of the box on mac servers, using frontier as the server for gems. (i.e. fix the type/creator/mimetype/filename issues.) Have/allow sitename.com/gems point to the gems folder. (Supposedly fixed now)
  2. Allow arbitrary values in the xml site structure for categories, and have them interpreted as #directives when traversing. Require them to be strings and not evaluated, or safe script them. Make sure they survive a round trip through radio. Give plugins and possibly a specific macro access to it.
  3. Custom 404 pages. see http://www.wiredfool.com/notFound. If the page doesn’t exist, and 404 does in the site structure, redirect there, and record the error. (404s now are returned, I guess it’s a start)
  4. Traverse site logs and email text versions to the admin daily. (errors, hits, referrers, useragent). This could be a plugin.
  5. Multi level navbars. Check the Photo Album navbar link above. On the back end, I’ve done it by done by nesting items in the xml. Either implementation of the feature or some way to override the existing navbar renderer so that I don’t have to render the manila one, throw it away, and render mine.
  6. Synergy between navigation and the site structure. Especially with the multi level bits, it would be nice to be able to automatically add site structure directories to the navigation.
  7. A callback that has access to pre and post changes versions of anything in the dg that changes, along with a description of the change.
  8. Robots.txt pref. Allow all, disallow all, allow google only, and custom options.
  9. If you change the name of a picture through Discuss ->edit, update the shortcut to reflect the new name.

Added 1/29/2002 —
{includeMessage(890, false,false,false)}

1 comment

Chichen Itza

A small plane crashed in the Yucatan wednesday. This was the flight that I was on on 8/19 (3 weeks ago) when I visited the Mayan Ruins, and may have been the same pilot and plane.

http://espn.go.com/ncf/news/2001/0912/1250991.html
http://news.excite.com/news/ap/010912/23/news-mexico-plane-crash

I shot this picture on the approach to the airport in Chichen Itza.
Chichen Itza - From the airplane

I have never been just small steps away from so much death and destruction. One family member was supposed to get on a train from Boston to NY Tuesday afternoon. A cousin in the financial district, but not the WTC, and is safe. Family around DC was one major traffic jam away from harm.

We live our lives with the implicit assumption that the future will look something like the past. Things don’t just blow up and dissappear without a trace.

At least that used to be the case…

No comments

Something Bright

img border=’2′>
An offering of something bright on a day of darkness.

No comments

Sunday in Cozumel

A set of pictures where your interpid narrator takes a jungle tour from a Californian, hangs out on a beach, and goes to the local sunday night fiesta.

No comments

Next Page »