Monthly Archive for November, 2005

Those Lousy Akismet Devs…

Published
by
Chris Meller
on November 25, 2005
in Beta Testing, Follow Up, Incoherent Code and Techno-Babble
. Comments

UPDATE: Oh yeah, I forgot to mention that the $_SERVER['HTTP_COOKIE'] variable is no longer being sent to the Akismet servers with each SPAM-check. It seems Matt is still ignoring the fact that anyone ever complained about this, as there’s no mention anywhere that it’s gone. Very disappointing… Haven’t we learned anything from the Sony rootkit crisis? I guess the answer is obviously ‘no’…

Ok, not really, it’s just inconvenient for me when they release new versions:)

I knew this was coming, and I actually spent several hours on Tuesday at the holy green logo’ed shrine to the coffee bean (read: Starbucks) trying to re-work my code so that it was actually an “Extension” plugin (ie: you have to have the base Akismet plugin installed, then install my version, which seemlessly extends the functionality).

Unfortunately, there’s one problem with this strategy… PHP doesn’t support function overloading. In other words, there’s no way (that I have found, at least, please correct me if I’m wrong) for their plugin to create the function akismet_conf() and then for my plugin (which is loaded afterwards) to create / delete / change it later. Now, this isn’t that big of a deal at first (as I learned), because I can have my plugin remove all the actions the default Akismet plugin created and then re-create the actions using my newly-named functions.

Well that works, until I need to change the way the plugin deletes things. See, Akismet just calls its delete() function, which is referenced in virtually everything else it does. So if I want to change the way things are deleted, I’d have to create my own version of delete(), and then create my own versions of every other function that calls delete() and replace the call with one to my newly created function. So in the end, I’ve only saved 1 function by “extending” Akismet, rather than replacing it.

So it’s back to the drawing board for me. I’ve got to run in to work tomorrow and get a few things ready for next week, but hopefully I’ll be able to get back to work Saturday and Sunday and get a new version of the Enhanced Akismet plugin released.

In the meantime, I’m still looking for feedback on the email notifications that seemed to be troublesome in the last version. Anyone tested this for me?

To Buy or Not To Buy…

Published
by
Chris Meller
on November 23, 2005
in Commentary, Daily Grind and Random
. 17 Comments

I’m currently considering two purchases… (Read: Trying to talk myself out of spending money on two things I really want…)

What’s that you say? You want to know what could possibly be interesting enough to draw the attention of such an uber cool guy like Chris? Ohh, well, then by all means, read on loyal minion…

Mac Mini
I want a 17″ PowerBook more than anything right now, but I figure this would be a good first step to take, right? It would replace my aging iBook (600mhz) as the only Mac in the house and look oh-so-wonderful sitting next to my iPod, right?

I’ve already saved a shopping cart over at Apple’s store containing my baby, with the following specs:

  • Mac Mini 1.42 GHz
  • 512MB RAM
  • 80GB Hard Drive
  • Wireless (Airport Express + Bluetooth)
  • Keyboard & Mighty Mouse Set (wired version)

Now I just have to convince myself to spend the $650, rather than saving it like I keep telling myself I should. Any Mac addicts out there want to help me make my decision? :)

Das Keyboard
Our DBA at work was working from home one day a week or so ago, and called in to ask me to go install VNC on his desktop (he’d recently gotten a new one). I toddle over to do so, and realize that I love his keyboard. It’s really a pretty cheap model, but the keys are so easy to hit (ie: less force required) that it made typing a joy.

Since finding a really good (and comfortable) keyboard is quite difficult these days, I figured it’d be a good idea to go with something that’s gotten good reviews and has some brand recognition behind it. The Das Keyboard was clearly the only choice…

The only problem there is… What if I get addicted to this thing at work and have to buy one for each computer here at home? There’s no way I could afford that!

So those are my wants for the time being. I think I’ve managed to convince myself that I can wait until after Thanksgiving to decide on anything, so who knows… Maybe I’ll get wrapped up in an after-Thanksgiving sale and spend enough to convince me I don’t need either.

Leeroy Jenkins!

Published
by
Chris Meller
on November 22, 2005
in Commentary, Links and Random
. Comments

Our DBA at work mentioned this to a couple of us the other day at random, and I finally had to go out and find it… I was pissing myself laughing through the whole thing:

Check out Leeroy Jenkins!

At first they’re talking about how they’re going to approach the next room with it’s horrible evil monster-hatching eggs… It’s really amazing (and funny) how serious some people can get about games (yeah yeah yeah, spoof this)… They’re only going in there to get a special object for none other than Leeroy Jenkins. At the very end of their pre-mission brief, Leeroy comes back from being AFK and charges into the room with a battle cry of “LLLLLLLLLeeeeeeeerrrrrrrroooooooooyyyyyyyyy JJJJJJJJJeeeenkins!”

It takes the rest of the group almost 10 seconds to realize “Hey, he just ran in there… holy shit, we’ve got to save him!”, at which point they all follow him in and are promptly slaughtered by the eggs Leeroy disturbed.

Cue the cursing and profanity over Teamspeak…

There’s also the Jeopardy question featuring WoW and Leeroy, and by the time we get to the spoof of Lroy Jinkins, it’s just getting friggin ridiculous…

Enhanced Akismet Plugin - Version 1.06b5

Published
by
Chris Meller
on November 20, 2005
in Follow Up, Incoherent Code and Techno-Babble
. Comments

After my last post about all the crap data the Akismet plugin phones home with when it’s checking for comment spam, I did a quick Technorati search for Akismet plugin, and found someone else who had the exact same thoughts about it, apparently after reading a wordpress.org post that voices the same concerns.

So, with so much hub-ub going on about it, I’m pleased to release the latest version of my enhanced Akismet plugin, which includes a “Neuter Akismet” option. Just tick the check box on the Akismet Configuration panel and your security concerns are gone.

Note that, while this hasn’t caused any problems for me, your mileage may vary. If you find out that something is horribly and utterly broken, please turn off the option and let me know what happened. There’s really no reason at all this stuff should need to be sent, but that’s not to say they realize that…

Complete Changes List

Whitelist / Blacklist
There are now fields for “Whitelist” and “Blacklist” options on the Akismet Configuration panel. Just pop an author, email address, or IP address into its respective field, and watch those comments show up in the Akismet SPAM.

This blacklisting functionality differs from the built-in Wordpress blacklisting in that it checks the specific attribute you set it for (ie: if you set an email address to be blacklisted, the comment is only spam’ed if that email address is found in the email field, whereas Wordpress would check for it in any of the fields - author, email, ip, etc.).

This section is heavily under testing. If you use it, please let me know how it works out. In the few controlled tests I’ve done on both my test blog and this live blog, it’s worked, but that’s by no means a complete test regime. Feedback is heavily encouraged!

Email Notification
I was able to modify the stock Wordpress comment notification script to suit our needs. You’ll now recieve emails whenever something is classified as SPAM (assuming you’ve turned on this option in the Akismet Configuration panel).

Please note that I had some odd results with this in one test… While I did receive the email, it listed post information that was in no way seemingly related to the post my comment was actually blocked on… I’ll continue to test, but in the mean-time, this should at least let you know something’s going on, which is better than before, right? :)

Neuter Akismet
As noted above, the primary reason I wanted to rush this version out is the growing concern over data Akismet is unnecessarily sending back to their server when every comment is checked. For more details, please read my last post, as well as the series of posts linked earlier.

Good luck, and please let me know how this version is working out for you!

Exactly What Data Are You Sending to Akismet?

Published
by
Chris Meller
on November 20, 2005
in Commentary, Follow Up, Incoherent Code and Techno-Babble
. Comments

Put on your tin-foil hats fella’s…

In my on-going development of the Akismet plugin, I needed to figure out exactly what data one of their functions was receiving (so I knew what pieces I needed to steal to check for whitelist / blacklist).

The easiest way to do this was to simply spit out the data right before it’s sent to the Akismet server to be processed there. I load up my test blog, put in a cheeky comment, hit the big red button, then wait for snoopy goodness to get dumped to my newly created logging table in the WP database.

The results? Way more than I expected…


Array
(
[comment_post_ID] => 7
[comment_author] => MellerTime
[comment_author_email] => chris@doesnthaveone.com
[comment_author_url] => http://incoherentbabble.com
[comment_content] => more commenty goodness!!!
[comment_type] =>
[user_ID] => 2
[user_ip] => 127.0.0.1
[user_agent] => Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
[referrer] => http://localhost/noteblog/?p=7
[blog] => http://localhost/noteblog
[HTTP_HOST] => localhost
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5
[HTTP_ACCEPT] => text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
[HTTP_ACCEPT_LANGUAGE] => en-us,en;q=0.5
[HTTP_ACCEPT_ENCODING] => gzip,deflate
[HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.7
[HTTP_KEEP_ALIVE] => 300
[HTTP_CONNECTION] => keep-alive
[HTTP_REFERER] => http://localhost/noteblog/?p=7
[HTTP_COOKIE] => [snipped for brevity]
[CONTENT_TYPE] => application/x-www-form-urlencoded
[CONTENT_LENGTH] => 79
[PATH] => C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Adobe\AGL;C:\php;;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\MySQL\MySQL Server 4.1\bin;C:\Program Files\Bitvise Tunnelier
[SystemRoot] => C:\WINDOWS
[COMSPEC] => C:\WINDOWS\system32\cmd.exe
[PATHEXT] => .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
[WINDIR] => C:\WINDOWS
[SERVER_SIGNATURE] =>

Apache/2.0.54 (Win32) PHP/5.0.5 Server at localhost Port 80

[SERVER_SOFTWARE] => Apache/2.0.54 (Win32) PHP/5.0.5
[SERVER_NAME] => localhost
[SERVER_ADDR] => 127.0.0.1
[SERVER_PORT] => 80
[REMOTE_ADDR] => 127.0.0.1
[DOCUMENT_ROOT] => C:/htdocs
[SERVER_ADMIN] => chris@doesnthaveone.com
[SCRIPT_FILENAME] => C:/htdocs/noteblog/wp-comments-post.php
[REMOTE_PORT] => 4751
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.1
[REQUEST_METHOD] => POST
[QUERY_STRING] =>
[REQUEST_URI] => /noteblog/wp-comments-post.php
[SCRIPT_NAME] => /noteblog/wp-comments-post.php
[PHP_SELF] => /noteblog/wp-comments-post.php
)

Needless to say, I was a bit surprised… Why exactly is every $_SERVER[] variable needed to process my blog’s spam? You just manually grabbed the necessary values (as I see them) a few lines previously:


$comment['user_ip'] = $_SERVER['REMOTE_ADDR'];
$comment['user_agent'] = $_SERVER['HTTP_USER_AGENT'];
$comment['referrer'] = $_SERVER['HTTP_REFERER'];
$comment['blog'] = get_option(’home’);

So why do you need to know the rest? Even if we ignore any possible privacy concerns here, if nothing else, looks to me like we’re wasting a LOT of bandwidth… Let’s do some quick math, shall we?

All that crap, when saved to a text file, totals 2,639 bytes (2.57 kb). If we cut out the relevent stuff at the beginning (everything after “blog” is removed), we’re down to 437 bytes.

After checking the Akismet Homepage, we see from their Zeitgeist that they’ve caught a total of 302,974 SPAMs, which represents 82% of all comments. If I try and remember some of my high school Algebra classes, that means:


302974 = .82(x)
x = 369480.4878

We’ll use 369,480 for simplicity. Time for a little more math:


369480 x 2639 = 975,057,720

You checking me as we go along? Good… So that’s 975 million bytes of data, give or take some gzip compression here and there, some header information, and a few random character sets.


975057720 / 1024 = 952204.8046875 (kbytes)
952204.8046875 / 1024 = 929.8875 (mbytes)

So that’s 929.8875 megabytes of data hitting their servers. In the grand scheme of things, that’s not much, but let’s look at what it would have been with our smaller set of data:


369480 x 437 = 161,462,760

So now we’ve got 161 million bytes


161462760 / 1024 = 157678.4765625 (kbytes)
157678.4765625 / 1024 = 153.983 (mbytes)

So we've gone from almost a gig of data, down to 150mb… Seems pretty damn sizeable to me, how about you?

Hmm, maybe I should offer a neutered Akismet plugin option?