For the last few years I've run the USC waterski team. This year I've finally acknowledged that I'm way too busy to do a good job at that and have passed it off to someone else. I still have a good number of connections to the team, though, one of which is the fact that the mailing list still runs off my email server.

That just sort of dawned on me tonight when the new president sent out an email to the list that had 4mb of attachments. Or rather I should say he's still sending it, since qmail-qread shows it about 50/50 between done and not done for the list's 350 or so members.

Each time something like this happens I have to refigure out how to set up traffic shaping. Today the answer was to rate limit traffic destined for port 25 (SMTP) to 300kbit. :

sudo /sbin/tc class add dev eth0 parent 1:1 \
classid 1:12 htb rate 200kbit ceil 300kbit prio 0;
sudo /sbin/tc qdisc add dev eth0 parent 1:12 \
handle 12: sfq perturb 1; 
sudo /sbin/tc filter add dev eth0 protocol ip \
parent 1:0 pref 2 u32 match ip dport 25 0xfffe \
flowid 1:12

I have no clue if that's the proper way to do it, but it's working. My pings have gone from 1200ms back down to a more fun 80 - 100ms.

I took a fun little 17.5 mile ride tonight. I initially thought I was heading to Griffith Park, but then plans changed and I decided to do a loop up through Silver Lake. I had to make some funny turns to avoid Sunset Junction, but all in all I was happy with how it worked out.

Actually I think there's a little mistake in that map... I'm pretty sure I went past Hoover on Santa Monica, took the right on Manzanita, took a left on Del Mar, and then a right on Hyperion. That took me back down to Hoover.

Like I said, I really didn't have a plan for this one...

A couple weeks ago I went to get a California driver's license and was told I had an outstanding ticket in Pennsylvania. That was news to me, and to PA. Turns out it really wasn't even true. I finally got around to calling CA's Problem Driver Pointer System office and a nice lady there reran the query. To paraphrase, "I looked at it, and that's not you." So now my license will be printed within 24 hours and I'll get it whenever the mail chooses to deliver it.

I wrote recently about my first and second steps in fighting comment spam. In the two weeks since I put those measures into place I've blocked 3400 requests to this blog and 4755 requests to blogdowntown.

I also put in a third level of blocking sometime between then and now, adding a RewriteMap that lists specific problem IP addresses. That's great if the spammers are reusing proxies, and if nothing else it just makes me feel like I'm doing something. That list is now up to 62 IP addresses.

And now today I've added a second DNS check, this time to query opm.blitzed.org/. This list is designed to target open proxies. It's not perfect -- it only lists 17 out of the 62 IPs on my deny list -- but it has better coverage than list.dsbl.org. And defense in depth is never a bad thing.

So basically I have no problem with referrer spam these days, but comment spam still trickles in.

It just dawned on me that Larry Flynt is about to speak to my class and I'm wearing a Liberty University baseball hat. I would say that was poor planning on my part, but I didn't know he was going to be here.

I just found out that we now have power outlets in the seats of the Annenberg Auditorium. That's amazing. I should stop writing now and watch the movie, though... We're watching a truncated People vs. Larry Flynt and then he's the speaker for this first class.

Considering the way USC likes to overcharge for everything, I was kind of surprised just now to realize that the vending machine I just went to only charges $1.25 for a 20oz Coke. Then, to make matters even better, my bottle cap says I win a free 1 liter. Double score!

Turns out yesterday's slipping seat post was the result of a seat binder clamp that just wasn't tightening up enough to put good pressure to keep the post in place. I had the original binder clamp as well, so for now I've just put that on. It's not quick-release, so I'm not particularly worried about it getting stolen between now and when I can take it into the shop tomorrow. I'm sure there are bike thieves that carry 4mm hex wrenches with them, but it looks a little more suspicious to start pulling out tools just to steal a seat.

Classes start today for my last semester at USC. I'm excited at the prospect of being done, but I can't say I have any desire to go back today. The object of most of my worry is Latin, which I'm supposed to know by now (seeing as I'm going into Latin 3), but really don't. It's going to be a long next few weeks as I really push to catch back up with where I should be. I'm just hoping today doesn't have any real content to it (no first day should) so that I can put off that first moment of being called on and not knowing the answer until Wednesday.

In a feat of good planning, though, I don't have any pre-noon classes. My schedule, in fact, looks like I'm cheating the system and taking maybe 8 units, when I've actually got 18 in there.

35 miles riding this afternoon/evening. I'm exhausted. I started from my apartment, headed up past Echo Park to Sunset, and then took Sunset over to the Hollywood split and Hollywood to Hollywood Pro Bicycles over by Las Palmas. My carbon seat post won't stay put, but Chris wasn't in so I didn't get to do much about it. And so, yes, I rode 35 miles with a slipping seat post.

Continue Reading...

For instance, bikemetro tells me that from Runyon Canyon Park to Bel Air Pres there's an elevation change of 89 feet. That sounds nice, until you look at the elevation graph above (note that's just from the top at Runyon... not from Hollywood or Downtown). Yeah, sure, the end (~1300ft) is 89 feet above the beginning (~1200ft), but in between there are drops to about 1000ft and a bunch of 100 - 200ft climbs. I'd love to see the site just add up all the climbs and descents and give you those numbers, along with the overall change.

bikemetro has had some serious downtime issues lately, and I don't really know what their ongoing funding situation is, so it would be great to see someone put together a companion/alternative site. I could even do without any bike specific features in a pinch -- just give me the ability to exclude highways and route based on elevation change (factor flat in against short).

I bought my new bike today. All summer I've been sort of building toward it, and I've been telling everyone that what I wanted for my birthday was a little money toward its purchase. Well, I don't quite have all the money together yet, but this was the time to buy and I went for it. End of summer just happens to be when the model year transition occurs, so all the 2005 bikes are on sale to make room for the new ones that'll be arriving soon.

Hollywood Pro Bicycles had several different bikes in my size, so today I went test riding. I put a good little workout onto each bike on the streets behind the shop, particularly up and down Las Palmas between Hollywood and Franklin. In the end there was really no contest; for me the best bike was going to be the Devinci Podium.

Continue Reading...

I was on the bus yesterday and noticed that Bryman College now offers as one of its programs 'Homeland Security Specialist'. I'm pretty sure that says something important and scary about this country.

Would you like to aid in the protection of our country? Due to recent terrorist events, there is an increased demand for trained safety and security employees throughout the nation. The Homeland Security Specialist program will provide you with a solid foundation in planning, implementing, and managing security operations for an organization.

Yikes.

I took a bike ride today, and I think I about died at five or six different points. Every once in a while it's good to take a ride that absolutely just knocks you down a peg, just to keep an honest opinion of your riding abilities. This ride was one of those for me.

Basically Kathy's back in Michigan until the 26th. Normally I ride to church with her, but this week I was on my own to figure out how to get myself there. The problem: I go to Bel Air Presbyterian, which just happens to be on the entire other side of town, and on top of a mountain. It's not too far away, though, so I figured I could probably make it on the bike.

Continue Reading...

I realized today that one week before classes start back at USC, it might be good to check in on my schedule and make sure no classes I'm signed up in have been cancelled or otherwise changed to make them not fit my schedule. It doesn't seem that's the case for any of them, but it looks like my one Monday/Wednesday/Friday class (Latin III) is now a Monday/Wednesday. If that truely is the case that's perfect, since it was my only thing on Fridays. Still no professor listed for that one, though.

I realized today that I have no clue what my PIN number is to get into the USC apps for seeing balance due, registered classes, etc. For four years it was my birthdate (the default, which they gave you an option to change and I never did), then one day it popped up a "you have to change this now" box, and I changed it. I don't think I've used it since. The way they give to get it reset is via faxing a request to the Registration office. I guess I'll do that tomorrow.

So the spam killer hit a little snag today when the comment spammers started making the request for the blog post and the comment come from different IP addresses, and the initial request not come with a referer. So I'm still blocking lots of referer spam, which is nice, but some comment spam came back.

Then I realized that all of the IPs I was seeing were actually open proxies. So I started looking them up on DSBL, and they were there.

Normally I'm all for anonymous proxies, but in this case I hate comment spam more than I care about people having to hide from the government to browse this blog, So I added a DSBL IP check to my blocking mechanism. I have it in the same PerlPostReadRequestHandler still, but you could block based on IP even earlier, so I might break it out and do it there. Now I just need to start grabbing the DSBL zone to secondary so that I can have a local lookup.

I just realized that in my Apache upgrades the other day I broke mod_php4. It took me this long to notice because I only use php on the frontpage of ericrichardson.com. And, well, I never see that page. I should read my website more often.

In order to get mod_rewrite to do proxying, I had to grab the apache source package and compile mod_proxy into the binary. I guess that broke something the stock php4 module depends on, 'cause it segfaults on me now. I guess I need to build that from the source package now too. Ugh.

The August Midnight Ridazz was tonight. The theme was Tron, which I was pretty excited about. Not excited enough to actually figure out any sort of costume, but excited none-the-less. I had patched my front tire earlier today, so I was all set to ride.

Turns out the ride, or at least the part I was on, went through Downtown. I wrote about that over on blogdowntown. We went down Hill Street, then took a pass through Central City East, and finally circled the Caltrans building a few times. Then it was back through the 2nd St. tunnel to Echo Park, which we circled before just hanging out for a bit.

I show 14.93 miles from leaving my apartment to my return. Average speed shows up at 9.3mph, but I can't say if that's accurate; I did a lot of speeding to the front and then stopping to either take pictures or occassionally to stop traffic while the ride went through.

After letting it run overnight, I can say that the new referer spam killer is working like a charm. I've posted the code if you're interested in seeing the details. All I know is I love seeing entries like this in my log file:

200.181.52.174 - - [12/Aug/2005:12:15:34 -0700] "GET /blog/1549 HTTP/1.1" 403 9 "http://casino-games.casino-light.com/" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.1)"

I have the code registered as the PerlPostReadRequestHandler for blogdowntown and blog.ericrichardson.com. That means it gets called before we've wasted much time processing the connection.

I also wrote a little log cleaner script to use SpamKiller::Handler and clean referer spam infested log files. This is helpful for old hits; new ones are 403 and don't get counted as referrals (at least in awstats).

If your problem is just comment spam that's coming in without the referers, the same technique could be used to just scan posted comments and reverse lookup the urls.

Today I launched my first salvo in the war against comment and referer spam. The situation had gotten ridiculous, especially over on blogdowntown, where I had seen 850 or so comment spams in about a week. Looking at stats had become similarly useless, since the visit numbers had ballooned 150% with the traffic. The attacks all come from different IP addresses, but today I realized that the websites they point to have to actually be hosted somewhere -- and it's a lot harder to find a hosting IP than it is to hijack some European desktop to do your spamming.

And so just now I'm putting in place a mod_perl handler that sits as early in the connection process as possible and singles out offending IP addresses based on their referers. It then blocks both the IP and the referer, and returns a 403 Forbidden error.

The beauty is that while I'm only actually filtering referer spam, I'm knocking out the bots that were doing the comment spam at the same time, since the bot is double-dipping. The IP continues to be blocked, even when it no longer has the referer.

Early testing has worked well. I don't think site responsiveness should be noticably effected. We'll see if that holds true.

Today's plans to get to Chicago via train went off perfectly. Kathy and I boarded the 10:30 South Shore train in Michigan City and were in Chicago at noon. We wandered around pretty much every block on the loop, ate a great dinner, picked my bags up from the lockers at Union Station, and I took her back to the station. She intended to catch the 7:18 train, but the 6pm had been delayed and she caught that out at 6:45pm instead. I walked back to the Blue Line and rode out to O'Hare.

I wasn't checking any bags, so check-in took a literal thirty seconds. The security line was non-existant; I was worried I wouldn't have my metal objects out of my pockets and into my bag before I got to the front. All told, I was at the gate ten minutes after entering the airport.

Then they cancelled my flight.

Continue Reading...

Tomorrow evening I fly back to LA. The plan is for Kathy and I to head into Chicago (she's here in MI for a few more weeks), hang out for the day doing whatever, and then I'll take the Blue Line to the airport in the evening and she'll head back home.

This gives me another chance to figure out one of those trips I like so much. What's the best way to get from Muskegon, MI, to Chicago, IL, spend the day, and have one person make it back in the evening while the other heads on to O'Hare?

Continue Reading...

I went to the DMV today to get a California driver's license. I've been out here for four years now, but being a student you don't have to necessarily change your license/insurance/etc, so it's been one of those things I've put off. Now, though, since I don't have a car to worry about I figured I might as well go ahead and make the switch.

I made an appointment at the Lincoln Park branch, and that all worked out just fine. Of course I forgot to bring cash and had to take a 45 minute stroll to find an ATM, but that's my fault, not theirs. The written test was easy enough, and I sort of skipped the vision part (which I think might mean I get a corrective lenses restriction, but that's really not something I care about).

Here's where things get weird, though... They can't issue the actual license until I take care of something that showed up in the computer as a ticket in the state of Pennsylvania.

To my knowledge I have never had a ticket in PA, nor have I been pulled over there. In fact I just called PennDOT, and they don't have me in their computers.

Continue Reading...

Just to keep you up to date, here are some more bits of Singularist coverage... After the Chicagoist interview went up there were posts from Seattlest, SFist, and today DCist. A few days ago Ross Mayfield mentioned Singularist on his blog. LAVoice also had a post, and somehow I found my way into the comments on this blogging.la post about Joseph Mailander and Kevin Roderick (the singularist mention is down toward the end). Also last week were posts on losanjealous and blogebrity.

It's entirely ironic that I've had stuff on the web for like six or seven years now and a parody site I do gets more traffic than any of the more serious stuff. That's the nature of the web.

I got an IM today from someone at Chicagoist wanting to do a little interview about Singularist. I didn't realize that the whole IM conversation was going to be heading online -- be careful what you say online. Anyway, the interview is here on the Chicagoist site.

It seems like it would be appropriate to link to the interview on Singularist, but in meta-posts like this that'll do some funky things. And HTML::TreeBuilder barfs on the u-umlaut. I hate libs with broken unicode support...

Of course their link to the Chicago version of Singularist is broken -- I use just city name, not the site name with -ist -- but I added a line to strip the ist and make that work. The things I do for these people.