NDER the quiet exterior of schestowitz.com, which continues to serve pages reasonably fast, there are actually many problems. For the past two weeks, zombie attacks have been launched against the site. As more Windows machines get infected around the world, the number of attacks surges, approaching tens of thousands per day at the moment. This is much beyond the scale that I am used to or can afford. This gives us yet another reason to hate that unsecure, ‘hijackable’ O/S that is permitted to attack reliable and resilient Linux servers.

I have tried a variety of method to combat the scary scale of these attacks, which get worse by the hour. If anybody knows some good solutions, please send me your advice as soon as possible, before the server collapses. Here are a few valid tools apart from the ad-hoc methods I have been using thus far:

• Bad Behaviour
• SpamValve

The only glaring issue with the above are that they require ownership or power over the Web server. I have contacted my hosts last night as we might have to collaborate on this. It is not only my sites that get penalised, but also other eCommerce sites that depend on QoS for their income.

UPDATE (5:30AM): Can Apache be configured to block requests based on referring URL (with regex)? I could exclude .to fairly cleanly. Please reply by E-mail if you can assist.

UPDATE (10:50AM): I have been told about modsecurity.org, but I still need root access to my host’s machines.

UPDATE (11:30AM): I have also been told about Patch-o-Matic netfilter/iptables.

UPDATE (11:40AM): The following Apache rule might work, but it is yet untested:

RewriteEngine On
RewriteCond %{HTTP_REFERER} .to/
RewriteRule .* - [F]

More details in a separate post to be published shortly.

T this moment I am delivering a series of 4 one-to-one demos to prospective Ph.D. students. This occupies my morning and afternoon and I must admit that I quite enjoy it. I still remember the day when it was me whose ‘role’ was a student awaiting interviews and seeing some astounding demos. Once you grow to fit the very same shoes that you admired, it all seems somewhat worthless nonetheless. That, I suppose, is simply the way of life as the nature of progression. Below is a presentation that I primarily use to reflect on work that I do at present. I re-use this internal talk from earlier this year:

Early 2005 Presentation – Ph.D. Students Talks

• HTML without videos
• HTML with videos

Presentation from April this year
UCL, London

OR the sake of some short comical relief, use this neat on-line tool to generate cyborg-like images from your first name.

Shown below is the image that got bound to “Roy”.

Other fun tools worth mentioning:

• Polaroid Images
• Name Popularity

The least hideous photo snatched by my sister
(against my will, I am urged to point out)

INCE I rarely post items about my personal life, I decided to make an exception today. On my very recent vacation, I taught myself a valuable lesson in bowling — a lesson that cost me an entire game that was filled with gutter balls and oddities. It was a game of exploration and experimentation.

I decided that I wanted to master ball curling, thus hitting the pins much like the pros while spinning the ball elegantly. This ended up far more successfully than I had imagined and I would like to share tips based on my amateur experience.

• Firstly, I count my steps (approximately 4) as I walk backwards to identify a good starting position, ensuring that I throw as my left foot stomps forward
• I approach the track by treading across the left side rather close to the gutter. This turns out to be helpful as I am right-handed, hence I must spin to the left
• Bending of the wrist gives the ball its spin. The grip with the ball is rather steady when the wrist is perpendicular with respect to the forearm. I was once told that by a childhood friend who played in the leagues.
• The ball must be thrown in a sharp angle so that it nearly collapses onto the right gutter. Otherwise, it may spin to the left too early.
• To give the ball little time to travel before it changes direction, the throw must be fast. The speed also gives extra power, which is crucial.

My main problems were often too much of a spin or reluctance to let the ball approach the gutters. It is simply adverse to instincts. Ultimately, I managed to consistently hit the pins at almost 30 degrees (towards the end of the track) and I had almost no gutter balls. As bowling is very repetitive, I need more experience. Nonetheless, I hit a few admirable strikes and spares that day, all of which involved a sharp spin and very powerful impact.

Up until a week ago I hit the pins by chucking the ball straight down the middle. At the age of 16 or thereabouts I hit 140+ at my best. Without hitting the pins diagonally it is rather hard to achieve high scores. I look at my transition to the spin as a form of long-term ‘investment’. I also find it much more rewarding to practice and for others to observe.

EVIATING from the a development branch, thus staying away from the regular updates cycle, is a step which is bound to have its problems, e.g. security and missed out extensions. I am fully aware of these issues and I made mistakes in the past nonetheless, particularly with Web applications. I am rather confident and comfortable with my choices to extend applications, but one must remember the pitfalls, as well as the very few advantages.

Rather than simply downloading pre-installed and/or pre-configured packages like Gallery, WordPress, a VPN client or PHP-Nuke, one can add a wee bit of ‘individuality’ to them. For example, with actual words and vocabularies that do not suit your way of speaking, you can instill some personality within the software — a beauty to be found most commonly in Open Source software. It gives a feeling of ownership, a sense of personal contribution.

Linux users are often inclined to hack software and customise it, maybe because they can. With some Linux distributions like Gentoo, people struggle to compile individual components and some have the odd habit of re-compiling the Linux kernel. Again, it gives an utterly unnecessary sense of achievement. That free platform, however, unlike other platforms, can be claimed to be one where very little intervention should be involved. With 5-CD installations, for instance, all the necessary software is in place, is well-integrated and simply works without any apparent conflicts. Somebody else took care of all the nasty installations and then burned some ISO to be distributed and put as-is on other people’s computers. So, we perceive a situation where there is a great deal of freedom, but at the same time that freedom is unneeded or even discouraged.

Change to existing packages is risky. It can bring an application to a fragile state. Attempts to exploit vulnerable (usually non-existent if the owner is fortunate) components are being re-directed to an unpleasant page at server level on this domain. I hope these can successfully deter a determined hacker. The only ones to come across such a page would be those attempting to sabotage (hence the rel="nofollow" in the link above).

When forking and choosing to no longer follow a development cycle, there is always some possibility of ‘flushing’ self-made components and starting fresh with similar, even identical data and an application belonging to the current generation, hence incorporating state-of-the-art technologies. Upgrades usually mean some loss of personal changes which are better off never lost. This may lead to feelings of regret due to waste. It also means hours of conversions, not to mention the laborious process that is involved in updates and getting accustomed to new interfaces. As it stands, I continue to fork, but do so cautiously.

HAT we truly need is not SpamAssassin , but a SpammerAssassin [sic]. We have seen controversial cases where spammers got killed, but taking the law into one’s hand is a desperate and poor solution. However, what else can be done when the law in itself is futile and inherently lacking?

Something evil like comment spam gets blocked in the best of circumstances while nothing is done to penalise or catch the spammers themselves. How long must it take before globalised networks begin to hunt down the spammers, backed by excruciating laws to assist the enforcers? Surely not enough is done. In internationalised networks like the Internet, it is sufficient to have few countries (see spam maps) that are apathetic to spam and make havens for illicit traffic to be dispatched.

I recently joined an initiative to combat and ideally eradicate comment spam altogether. With a few tweaks I also found that SpamAssassin filters out my E-mail spam admirably well, separating ham and spam by putting them in separate boxes. Not all is lost as progress is still being made. Unfortunately, spammers get more ‘crafty’, usually keeping abreast of mail prevention methods. It is a never-ending race.

ROWING criticism becomes apparent as personal information on the Internet breaks new boundaries. This recently had CNET ignored by Google. CNET correspondent bluntly disclosed too much information about the personal life of Google CEO, Eric Schmidt. From that damaging article, which among another things, penerated a life of an individual:

“Your search history shows your associations, beliefs, perhaps your medical problems. The things you Google for define you,” Bankston (staff attorney at the Electronic Frontier Foundation) said.

The only way to avoid nasty information from ever being dispersed across the Internet is for everyone to recognise the danger of mentioning names. However, it is possibly too late already — too late to revert things, that is. The Web Archive, as controversial as it may seem, takes snapshots of the Internet periodically and makes these snapshots publicly available. Anything that was ever public remains public, perhaps under a few extra layers. Google cache introduces similar issues.

Recruitment agents or bosses can find out a lot about an individual nowadays. As a personalised instance, a search for my name (in Google) brings up approximately 70,000 results. Adding an extra term to query, ‘roy schestowitz microsoft’, for example, will draw a vivid picture of my mental views on the company. There are nearly 1,000 results for such a Web search.

Privacy is in jeopardy and is bound to be completely compromised as time carries on. Names do not have to be ‘contributed’ by will. Rather often these days, somebody else might mention one’s name, which will later be harvested and made available to anyone who ‘googles’ the name and binds it to some context. It was not too hard to discover a fair deal about families of famous IT founders. There needn’t be the will to disclose that information either. Sooner or later it will ‘leak’ and be made easily available due to. Search on the Web, as well as blogging, are a mixture that leads to dissemination and duplication. Take the embarrassing photo of Bill Gatesas a practical example.

On a different yet related topic, search engines slowly embrace spying, whether intentionally so or not, whether it is ethical or not. It is perhaps due to pressure from investors, who urge to do all that is necessary for increased profit. An IPO is never too helpful in that sense. There is a great deal of fuss revolving around the notorious Google cookie. Microsoft have been labelled “guilty” as well for MSN targetted advertising which involves spying, as well cross-site cookies exchange. Technologies advance and allow better monitoring than ever before, which is factor that raises even more concerns.

Has your privacy been broken apart? If not, it is probably just a matter of time.