Recent blog entries for skx



11 Jan 2005 (updated 11 Jan 2005 at 21:16 UTC) »
Guestbook Spam

It seems like spam is everywhere.

First it was email spam, then it was blog comment spam. After that came trackback-spam.

Now we have guestbook spam.

This (obsolete) guestbook was setup a couple of years ago when I hosted a project at SourceForge.

It's been filled with spam since then, random links and adverts, presumably via some kind of automated bot.

I've seen a lot of spam solutions for blogs, wordpress, movable type, etc. But nothing anti-spammy for guestbooks or random online scripts.

It seems a generic solution would be ideal, much better than my hacking on a guestbook script, then a voting script, then a form-mail script.

Something like CGI::AntiSpam which would examine all the submitted fields and apply a test maybe?

For the moment I'm just gonna hack all guestbooks I control to require that data be approved, otherwise it's hidden... A perfect thing to do on a busy working day ;)


Seems to be suffering again, the recentlog has been blank for most of the day.

I've lost my main account, and I'd greatly appreciate being certified if you've known me or used anything I've written.

Whilst my previous rating of Master was probably inflated it'd be nice to be able to post comments to articles ..

In the dim and distant past I even posted articles myself! I've been working on optimizing code via selecting GCC compilation options via Genetic algorithms, which I'm tempted to write about. (Hardly original, but interesting regardless).


Given Advogato's problems seems like a perfect time for somebody to setup an alternate site - there's updated code from R. Steven Rainwater .... Just a thought.

To make this latter point more interesting - I had to recreate my account today. Two disappearing accounts???

all my certification has been wiped - this google cache shows my old certs.



There's a fresh release of GNUMP3d my MP3 streaming application pending release.

The only thing holding me back is a broken upload to, hopefully I'll resolve this shortly.

A new Debian package is sitting in the incoming queue ready to be released.


Not too much happening, I checked over a couple of security issues - which turned out to not affect Debian - and then wrote a few new articles.

Apache Bandwidth Limitting

A random (??) rash of queries about my Apache bandwidth limiting module, mod_curb , this week.

Three people talked out of nowhere about issues building it on FreeBSD, which I find pretty random.

I'm still plagued with malaise when it comes to updating this module for virtual hosts, and Apache 2.

I guess I just need motivating.

I think ultimately it's because I still know few people using Apache2 in production, and I've not made the move myself.

The other issue is that my current code is clean, simple, and works nicely. The new version (half complete) mandates the use of a MySQL database - which I think might be a bit much in terms of requirements..

LiveJournal Hacking

To see how easy it was to modify I installed the LiveJournal codebase upon a Debian Woody machine last night, this all went fairly well once I patched the database scripts up to work properly.

It's a lot of work installing it, although the steps themselves are pretty straightforward. I'd be almost tempted to write it up, but the target audience is probably minimal and there are an awful lot of different choices users might wish to make wrt installation - MySQl vs Postgres, etc..

for those of you familiar with LiveJournal there were two things I wished to change:

  • Remove the emotional connotations of the word "friend", by replacing it with "trusted readers", and "interesting users".
  • Update the LiveJournal calandars so that users can only see a count of entries they are allowed to read.

The latter was what I achieved last night, with only a short amount of hacking.

For those of you that don't know LiveJournal every user has a calendar, such as this one.

The calendar shows the number of posts made on each given day.

However when you post to livejournal you can make your entries private, or restricted to only a small group of people - this is not reflected in the calendar.

If I make one public post today, and one that only I can see when you view my calendar you see "2 posts" were made, despite the fact that you cannot see the second entry.

My patch fixes this.

(There's a similar issue with the public nature of calendars vs. private/secure entries which occurs with users "memories" - anonymous users can enumerate the names + number of each memorable entry, even if the entry itself is private.)

(Another interesting privacy issue is the availability of "icons"..)

Security Updates for Stable

A long time ago I put together some software which would send you an email if your Debain Stable machine had a pending Debian security alert waiting to be installed.

It seems like there are a million and one variations on this scheme, but nothing good in the archive right now.

Today I received a patch to make it work with unstable which was .. suprising.

I don't think that I could really recommend anybody running unstable, I guess it's just a sign of our "lateness".

I wonder if there's an online multiplayer game idea in the making there ..?

Gang together in groups and try to release. Working virtually .. fighting the evil cabals ..

Only half joking


Today I achived Sainthood.

That probably says more about my reading, voting, and posting skillz than about my perl competance, but I'm happy regardless.

Debian ~ Zeroconf

After my previous errors with libhowl0 I managed to get something working.

Hacking x11vnc to announce itself whenever it starts (with a nasty fork()/exec() combo).

Now when I launch xvncviewer I am presented with a list of hosts upon the LAN which have active VNC servers running.

Nifty :)


So today I saw mention of ZeroConf with libhowl by Marco d'Itri.

Seemed like a nice idea and today is a slow day, so I installed it.

There's a server which is in charge of handling the services which are published and a couple of tools for publishing services and querying them.

All seemed good:


apt-get install libhowl0 howl-utils mdnsresponder

The service gets started and we can publish something:

skx@undecided:~$ mDNSPublish  gnump3d _http._tcp 8888

From the same machine we can then query:

skx@undecided:~$ mDNSResolve gnump3d http
resolve reply: 0x2 gnump3d http local. 8888

Looks good, I've "published" the existance of a service called GNUMP3d which is running on port 8888 and then queried it.

Lets try the same thing from another machine. Oh dear it all breaks.

When running the query on another machine I first see a "connection refused" message, so I realise that I have to start a deamon on that machine too.

Hmmm that seems weird I thought all the machines found out from the central server? OK install the mdnsresponder too, try again?

Nope. Since there is nothing registered on the local mdnsresponder no results come back.

I can't help hoping I've missed something obvious, because if so I could add zeroconf support to Jabber, but it looks like nothign is working across machines

3 Jan 2005 (updated 3 Jan 2005 at 14:22 UTC) »
Gaim GUI

A long time ago I wrote a simple plugin for the gaim instant messenger client, which would rework the GUI to my liking.

Rather than displaying contacts in a group of trees it would display them in a list control, with user editable fields.

I used to set mine to have three columns:

| Login  | Name | Location | Notes |

This made it much simpler to keep track of lots of people in different places.

Today whilst clearing up my home area I found the code, which was for gaim .7, and tried to build it against gaim 1.1. No joy.

Sadly most of the things that I learnt about gaim and gtk are both long since forgotten.

Still it was a fun discovery - just one of the things you stumble across when cleaning out ~/Programs I guess!

I still don't understand why so many IM clients group contacts in tree structures - to me it seems much more logical to have fields in a list control. I guess I"m alone.

Update - found the mention in my old diary. Code dates from September 2003.


A work-in-progress: Inside the Debian Security Team.

Copyright Infringement

Yesterday I recieved a "cease and desist" notice from O'Reilly. My first one ever.

It appears that somebody had submitted an article to my site which was a copy of an O'Reilly owned article.


Still they were understanding, and once I'd removed the offending article (replacing it with an explaination of why it had been pulled) they were satisfied.

I guess this means that I'm going to have to vet submissions a lot more thoroughly - probably not a big deal since I don't get many :(


I think that now my diary has ten entries (once this one is posted) that my RSS feed will work.

I've spent a while reading through the code trying to trace this down - just put it down to another Advogato weakness.

Bitter much? Me? ;)


Seems like the security upload I made the other day was incorrect, it should have gone to another queue.

Here's the dupload settings I've got now, which appear to work:

$cfg{'security'} = {
        fqdn          => "",
        incoming      => "pub/SecurityUploadQueue",
        dinstall_runs => 1,

I shall add this to my documentation. (I'm trying to document how things work in the background as I come across interesting things. Nothing finished yet though).

Assuming this upload was correct then I can start making others.

If this entry does indeed trip the magic which allows my rss feed to work I'll add myself back to Planet Debian.

10 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!