End the War on Freedom

You may have noticed that this blog has been "down for maintenance" since early yesterday morning. I upgraded to Hub.org's "Premium" service for my VPS (Virtual Private Server). This required moving the MySQL database for this blog from a shared server to a server inside the VPS. I temporarily lost access to the shared server, so had to wait for Marc Fournier to give it back to me. He did, I copied the bits to the local server, and EtWoF is back up. It should be faster now. I've got a bigger percentage of the hardware, a 6 gig, dual processor, 3.4GHz amd64, and sole use of the MySQL server.

For those of you who track such things, I updated my SSL certificate today.

Information for the new certificate:

Serial Number: 04:0a:fd:7e:d8:fa:73
Validity
  Not Before: Dec 14 17:29:35 2009 GMT
  Not After : Jan 27 20:30:35 2011 GMT
Subject: O=billstclair.com, OU=Domain Control Validated, CN=billstclair.com

SHA1 Fingerprint=C0:11:D9:09:15:0C:B4:84:27:DB:01:9C:98:64:33:E0:93:19:28:4A
MD5 Fingerprint=99:69:49:60:92:F5:94:AA:8C:FC:E4:AE:F4:D4:C7:7E

I also added a couple of new donation options at the top of the right-hand column. You can now donate via Pecunix, Gunpal, or Paypal. Please do.

Somebody or somebodies pissed all over the place with comment spam this morning. I deleted 20 or 30 of them earlier and just deleted 50 or more. If this keeps up, I'll have to restrict comments to just registered users. That would be a shame, since most of the comments here are anonymous, and I like to encourage that, but I don't have time for approving or deleting them.

It is possible that in my haste to remove the spam, I deleted a real comment. My apologies if it was yours.

Later...

Anonymous comments now require approval before they appear on the site. If you want your comments to appear right away, register. Otherwise, you may have to wait a little while.

I've been using a shared MySQL server at hub.org, following the directions given there. But I've noticed that it was mighty slow sometimes. So I created my own database server, in my virtual machine. It appears faster to me. Let me know if it's better for you.

I have moved billstclair.com hosting to a virtual server at Hub.Org. I'm happy with it so far. Load times seem a little longer, but I've got a lot more horsepower, and it feels more responsive. Time will tell on reliability. I plan to move Trubanc here, too. If you move your hosting there, please put "billstclair.com" in the referrer field on your application.

A neat thing about Hub.Org is that you can pay them with Pecunix. So I've put up a tip jar near the top of the right-hand column, for collecting hosting gold.

You may have noticed that you couldn't get to this site yesterday. I inadvertently allowed the billstclair.com domain to expire. Fortunately, I caught it before my registrar sold it to a domain parking service. Whew!

Mibbit is a web-based IRC client. Very nicely done AJAX code. Has a wizard to set up an embedded chat or a link to a server and channel that you pick. I added a Mibbit link to the Trubanc home page pointing to the #Trubanc channel on irc.freenode.net. There's an embedded chat below:

I've had a little trouble with the SSL certificate for this site and for some sites for which I do technical maintenance. I wrote up a little about that in Intermediate SSL Certificates. Well, I asked my web hosting provider to install the intermediate certificates for another web site that is also using a GoDaddy certificate. They said that they had done it, but I was still getting warnings in Safari, on both my Mac and my iPhone. So I did some Googling, and found some simple Java code that I could modify, and enable debugging while running, to show the SSL handshake during a connection to a web site.

I have uploaded that code as billstclair.com/blog/images/ssltest.zip. The zip file decompresses into the "ssltest" directory, containing the following files:

You're certainly welcome to look at the Java source, and change it to your liking, but to use the program, you just need to cd to the ssltest directory in your shell, and type the following:

Or change "billstclair.com" to your favorite SSL-enabled web site. It prints quite a bit of stuff, but the most interesting to me were the lines beginning with "chain [", which show the certificate and the intermediate certificates, if any.

I didn't include an ssltest.bat file for Windows, because I have no way to test it, but it should be pretty obvious how to convert the bash script into a Windows batch file.

Enjoy!

At the end of January, I installed an SSL certificate on this web site. I initially got a free certificate from cacert.org. That worked, but I had to tell my browsers to import their root certificate in order to stop security warnings. So I switched to a GoDaddy certificate, thinking that it would work. Same problem. Well, yesterday I installed a GoDaddy certificate at another site, and this time I read GoDaddy's instructions (may require an account). Turns out that they, and many other SSL vendors, don't sign their certificates with their root certificate authority (CA). They use an intermediate certificate, which establishes a chain of trust to the root CA. That intermediate certificate needs to be installed on the web server. Today, I asked the Site5 folks to install that intermediate certificate, and, voila, no more browser complaints. Unfortunately, my iPhone still complains. Guess it's missing the root of the chain, the "Go Daddy Secure Certification Authority", or Apple left out the intermediate certificate part of the validation process. Sigh...

Well, I finally paid the $15 that site5.com charges to install an SSL certificate, so you can now get get encrypted access to this site.

https://billstclair.com/blog/

You will likely get a warning that the Certificate Authority (CA), CAcert.org, is unknown to your browser. That's the drawback of using a free CA. There will likely be an option to add their certificate. Do it if you want to get rid of the warning (and warnings for similar certificates from other web sites).

If you say www.billstclair.com, you'll get a warning, every time you visit here after relaunching your browser, that the domain doesn't match the certificate. So don't do that unless you like the warning.

I decided to add --delete-after to an rsync command last night to keep one of my directories exactly matching the version on my local disk. Problem is, I was doing the rsync from that directory's parent, which had nothing else in it. So rsync started deleting files and directories at the top-level. Fortunately, I had -v in the command, so I saw this, and was able to stop it before everything was gone. Also, fortunately, most of the changes since I switched from my nearlyfreespeech.net hosting were either in the Drupal database, that this blog uses, or in one of two directories on my local disk. And I never shut down the old hosting location. So between those three places, and about an hour of my time, I believe I've restored everything. All the top-level links at billstclair.com work. And this blog. rsync'ed everything back to the backup location afterwards, to make it easier should I do something incredibly stupid like this again. Whew!

I've been very happy with NearlyFreeSpeech.net (NFS). They've been serving billstclair.com for quite a few years now. But my bandwidth has risen to a gigabyte a day, which means a dollar a day for NFS' hosting. That's $30/month. I was clued into a new hosting service by one of the guys on the Linkinus IRC channel (Linkinus is a nice Mac OS X IRC client). I can get more bandwidth for $10/month there than I'm getting for $30/month at NFS. They don't have the free speech philosophy of NFS, and I don't know yet how their reliability and speed will compare, but so far they look faster, and money is tight. I can go back pretty easily, should that become necessary.

Anyway. I hope you enjoy my new home. Same domain, same politics, different web service provider: Site5.com.

Liberty!

I'm spending a lot of my blogging time at my iMac Pr0n Blog these days. Don't know how long it will last, but at least until configuration of my new machine slows down.

Drupal, the blogging engine I use for this site, is very nice, but I must admit that I like the simplicity of BlogMax, which I'm using again at the iMac Pr0n Blog.

fbomb at drupal.org - this blog was showing "You are not authorized..." messages today, on every page. I discovered the cause. I must have twice posted a delete request for a disapproving a spam user, and this had the side-effect of deleting user 0, the anonymous user, from my database. This caused the "not authorized" message and also a duplicate key database error on attempting to log in. ejk posted the fix:

I've installed Drupal's Captcha module (completely automated public Turing test to tell computers and humans apart). This forces you to transcribe some random text, designed to be hard for computer programs to grok, to post an anonymous comment or to register. If you register, you will be able to post comments without the Captcha nonsense.

This should stop automated comment spam. It won't, however, stop rooms full of low-paid workers posting spam. We'll discover soon which is my problem.

I hate Captcha strings, since I often have a hard time decoding them. These don't appear to be too bad. Please let me know how they work for you, either by comments to this post, or via email to bill@billstclair.com (or to billstclair@gmail.com if my web hosting mail forwarder doesn't like your email server).

The captcha module is at http://drupal.org/project/captcha

The spam comments are getting out of hand. My spam filter can't distinguish them from the real comments anymore, so it's marking all comments as spam. I can still distinguish them, though, most of the time, so don't stop commenting just because you don't see your comment until I approve it.

I've closed comments on the Hitler thread. This was beginning to look like "All Hitler, all the time." Not a pleasant prospect from my perspective. So all you Hitler lovers and Hitler lover haters. Chill.

My posting frequency has gone down a bit of late. I've been working late at night on the Puppy Linux 2.0 Alpha. I got my ipw2200 wireless networking interface to work, and found a bug in the code that makes file system changes, initially memory-resident, persistent. Today, I'll be installing Ruby and getting my S3 code to work (it'll probably "just work").

Remember, I've been a computer hacker for a lot longer than I've been a political hack.

I got a lot of bogus registrations today, so I've turned on moderation for new members. You can still join, but your account won't be active until I review it. Very few of my regular readers have chosen to register anyway. There are a few benefits to registering:

• You can post forum entries
• You won't have to type your name and email address to comment
• You can disable some of the side blocks, e.g. the banners

I finished moving my mirror of Paul Thompson's 911 Timeline to S3. billstclair.com/911timeline now redirects to a page documenting the move. All other links to the timeline automatically redirect. Apache's Redirect and RedirectMatch directives at work.

Next step in my S3 Ruby library: streaming upload of files and web URLs and download of files. The current Amazon-provided library requires objects to fit in memory.

I installed and enabled Jeremy Andrews' Drupal Spam Module 2.0, to attempt to get rid of the online poker comment spam that started appearing en masse today. It uses a Baysesian filter, plus some counts to flag spam. t will notify you if your comment is flagged as potential spam. It also sends me email, so I'll unmark anything that is obviously mischaracterized. Hopefully, it will just work (famous last words).