Blog - 4

Last weekend I went for Serendipity software version 2. This caused lot of downtime as the upgrade didn't go smoothly. I also made the entire server almost choke to a crash as my .htaccess / mod_rewrite -trickery caused looping. My Apache tried to loop itself into an exhaustion.

After I got everything back into shape, I got new toys. Especially the back office -side is vastly improved. On the public-side it seems pretty much the same.

While working on the blog I chose to go HTTPS. That seems to be the industry trend, see HTTPS as a ranking signal. While at it I verified my SHA-256 -signed certificate with Qualsys SSL Labs analysis tool. A certificate signed with less bits is considered as "insecure" nowadays as Google Chrome chooses to dislike your SHA-1 or MD5 -signed certs.

Not much has happened here on the blog as I have been busy doing some training and planning abroad.

As the saying goes, "pics or it didn't happen!". Here are the pics:

My hotel is in Nob Hill, but for work I go to SoMa. I didn't have a chance to go to Alcatraz, as the queue is something in the region of 3 months, but I managed to take a nice picture of it from Russian Hill. I don't have the classic Golden Gate picture yet, as it would require renting a car. On the other hand, the Bay Bridge is easily visible throughout the city, including Washington Street where I took the picture of Cable Car Museum. The Also, we had a nice evening get-together and went to see Giants vs. Reds baseball game at AT&T Park. Giants lost 1-3.

Once I get back to home, I'll continue hacking the B593. 

Update 2nd July:
I got back home and here are some more pics:

There are the classic Golden Gate pics you'd expect from anybody who visited San Francisco.

During the last day I had time to do a little pilgrimage:

University of California, Berkeley is the place where BSD Unix was initially written from AT&T's Unix. Nowadays that code runs among other OS X and iOS and most TCP/IP implementations, like the one in your Windows. So, it is a mighty important place. Second pic is a composite from Apple HQ's Apple Store. Every programmer will get the "infinite loop" joke. Since Infinite Loop is a looping street, you can actually take as many loops you want (until security throws you out). Third one is a composite from Google's HQ. There are number of Google bikes for employees to use (not that there wasn't security present when I drove one, typically there are). The last one is from YouTube HQ. It was surprising that it still has an own place and is not embedded into Google Campus.

Btw. In general the pics are of somewhat poor quality. I took them with my iPhone 4S. I didn't want to take my DSLR to a business trip.

Ok. The thing with trackbacks is, that they're used only for spam! Hate it.

Seven years ago it was said that 53% of all pings is spam. Today I'd say 100% of all pings is spam or sping. There is no point in allowing pings or trackbacks.

My blog software is Serendipity. It has following instructions for removing trackback links. Unfortunately the platform is well known and simply removing the links from HTML doesn't do the trick. The "official" word from Serendipity authors is to start using a plugin for managing spam trackbacks. Ok, since all of it is spam why bother!

This is what I put into my .htaccess:

# Deny trackbacks
RewriteCond %{REQUEST_METHOD} =POST
RewriteCond %{REQUEST_URI} =/comment.php
RewriteCond %{QUERY_STRING} type=trackback
RewriteRule .* - [F,L]

It has three rules in it to deny a POST request into comment.php having parameters type=trackback. A trackback will look like this on my Apache log:

POST /comment.php?type=trackback&entry_id=83 HTTP/1.0

Now the spammers should be gone and stay gone!

It seems that out-of-the-box Serendipity does not support X-Forwarded-For -header. It means that any proxy in between loses original client information.

Here is my suggested patch to fix the issue:

--- serendipity/include/functions_comments.inc.php.orig 2013-01-25 14:10:03.058973150 +0200
+++ serendipity/include/functions_comments.inc.php      2013-05-14 11:34:35.302389894 +0300
@@ -782,7 +782,13 @@

     $title         = serendipity_db_escape_string(isset($commentInfo['title']) ? $commentInfo['title'] : '');
     $comments      = $commentInfo['comment'];
-    $ip            = serendipity_db_escape_string(isset($commentInfo['ip']) ? $commentInfo['ip'] : $_SERVER['REMOTE_ADDR']);
+    $ip            = serendipity_db_escape_string(isset($commentInfo['ip']) ?
+                        $commentInfo['ip'] :
+                        (
+                            isset($_SERVER['HTTP_X_FORWARDED_FOR']) ?
+                            $_SERVER['HTTP_X_FORWARDED_FOR'] :
+                            $_SERVER['REMOTE_ADDR']
+                        ));
     $commentsFixed = serendipity_db_escape_string($commentInfo['comment']);
     $name          = serendipity_db_escape_string($commentInfo['name']);
     $url           = serendipity_db_escape_string($commentInfo['url']);

This works on 1.6.2 and 1.7.0.

Looks like running a blog has surpassed e-mail as the means of conveying spam. I wrote earlier about lot of automated comments, but the freemason idiots seemed to stop as they realized that their valuable information is not getting posted.

It does not mean, that I was left alone. Couple of other idiots started the same thing and I had to do something to stop their stupidity. So, I created a personal account at Akismet, there are plenty of information about them and most of the comments are about how using their service stops the spam flood completely. Luckily Serendipity supports Akismet's service out-of-the box and the setup was very simple.

Looks like, they're doing the same thing for blogs as SpamCop is doing for e-mail. And that is, essentially grinding spamming to halt. SpamCop have proven their value, it remains to be seen how effective Akismet actually is.

I got bunch of automated comments to this blog. The comments were very generic about "how great this blog is" and "how fast the site loads", blah. blah. I typically check the moderation box for my blog entries, so they were just hoping to get automated publicity. In my case I just deleted the crap.

The idea of this spam-campaign was to distribute links to freemasonrysecrets.com

WTF?! Who cares about that?

The out-of-the-box experience was ok, but I wanted this blog not to look like just out-of-the box.

There are plenty of nice looking ready-made templates for Serendipity at http://serendipity-templates.org/. I just picked up one that will "catch the eye". I'm expecting comments like "whoa! what's that brown thing". Definitely not eye candy, but not too ugly.