The most recent 20 comments posted to Making Light by Steve:

And when was the last time you saw religion in a science fiction movie? Not New Age feelgood use-the-force-Luke, but an honest-to-goodness priest who carries around a Bible with a well-worn leather binding. (Alas, edited and redacted heavily in an unfortunate incident on shipboard.)

That was actually one of the few things I didn't like about the series -- Book seemed to have been written by a bunch of screenwriters with vaguely positive feelings about religion but no sense of how an actual preacher man might talk.

Which is probably the case, but they didn't have to write it like that. And so Book became kindasorta the Mysterious Robert Fulghum of the Spaceways.

I wonder where the birdies is?

The birds is on the wing!
But that's absurd --
I thought the wing was on the bird?

Who wrote that little verse? And is there a proper winter version to go along with Pound's "Winter is icumen in"?

If I remember correctly, the Rolling Stone article was in the wake of a series of churchburnings committed by one of the guys in Burzum.

I suspect some ideas just demand to be thought of - when I was a kid I came up with the old "fake an alien invasion to unite humanity" plot, and as far as I can remember, I thought it up all by myself.

Does it actually predate Sturgeon's "Unite and Conquer"?

Here's one for the Everquest sweatshop fans: Julian Dibbell's "Play Money"

It seems like you could split [11:24 AM n comments] into [11:24 AM] [n comments], with the timestamp linked as it is now and comments linked to an anchor like http://nielsenhayden.com/makinglight/archives/004561.html#comments.

* poke *

* prod *

Yeah, seems to be working. W00t.

The discussion has moved on a bit (I'm very dubious about using Bayesian spam tools in weblog comments, but some of these suggestions are really good), but I can report that my concern up the page about the ease of moving a Movable Type installatio from Berkeley DB to MySQL were, as far as I can tell, completely misplaced. Good news for those of you considering it.

Shelley, I'm curious as to how Spammer X got around time limits. I understand if you don't want to trumpet the technique to the world, but would you be willing to email me?

To the gentleman who thought this might be a crapflooders attack, not it wasn't. This attack was much more sophisticated than the rather primitive script kiddies one shown in Slashdot. The mt-blacklist code should stop this one, though it may not be able to throttle the requests fast enough to not impact on the CPU, temporarily.

That was me, Shelley -- a friend reported that a tool called "MTFlood" or "FloodMT", I forget which, was used to target his Typepad blog last night. It doesn't appear to be precisely the same tool as in that Slashdot post; there is, of all things, a SourceForge project for it. If this wasn't the same group of people that hit the Nielsen Haydens (and actually it seems to be an entirely different group of people than the ones who went after Pandagon), it's a rather unpleasant coincidence.

I was looking at fooljay's MT-blacklist code, and it seems like something that could be adapted to include throttling capability fairly simply; the problem is that MT-blacklist overrides the base comment functions, so you'd either need to patch MT-blacklist directly or choose between the plugins.

And Shelley's right that the real solution isn't going to arrive until MT3, although Sam Ruby's solution seems like a good one.

You saw this MT Berkely DB-to-MySQL script, though, right? I cannot vouch for its frightening scratchitude or lack thereof. (I expect the biggest problem would be preserving post IDs, but if busting all your permalinks or writing a PHP/mod_rewrite workaround is acceptable, it doesn't look too bad.)

This latest attack seems to be a wave of crapflooders using a tool called "FloodMT". I didn't realize that this particular practice had migrated off of Slashdot. Their CVS page on Sourceforge seems to be down, or I'd take a look at it and see how it works, but Erik's diagnosis is right. A lot of techniques that would be dandy against comment spammers, who have the defined goal of increasing their PageRanks, are going to be useless against these sorts of attacks, which are just vandalism.

I strongly suspect that the next version of Movable Type will include options to enforce logons or some sort of Bayesian filtering. Possibly both.

It's reasonably hard to fake an IP address at the network level, but it's generally easy to trick a web server. This is good in some contexts and bad in others.

James, could you elaborate on the cipher? Or would that violate some stupid law?

Xopher, I have no idea about the particular thing James is talking about, but I would guess that he's thinking of some method (every nth letter? All the population data about the countries in Asia?) of turning the information in an almanac into something approximating a one-time pad. If given an almanac and told I had to use it to encode a message, that's what I would do. (Although if that's it, the almanac-ness is only useful in that there's a lot of data in the book.)

Comment statistics for Steve on the Making Light blog

Total: 45 comments. View all these comments on a single page.