Slacy’s Blog

I’ve been curiously watching the developments (or lack thereof) surrounding Adobe and the use of Flash on mobile platforms like the iPhone and Android handsets. Here’s my summarization of the situation as it stands today:

• No browser (mobile or otherwise) has Flash built in.  All browsers require a “plugin” provided by Adobe to play back Flash content.
• Mobile browsers are behind the times when it comes to plugin support, but even though, Adobe isn’t providing mobile phone manufacturers any sort of mobile flash experience. (FlashLight excepted, but this isn’t on major mobile platforms)
• Adobe got the short end of the stick when it comes to Flash.  Their playback platform powers the worlds largest sites (youtube.com) but they don’t see a dime of revenue from it’s popularity, because most users consume flash content but don’t produce it, and flash producers are who Adobe has previously marketed their products to.
• In all likelihood, Adobe wants to be paid for porting Flash to platforms like the iPhone and Android.  I don’t think that either Apple or Google would have any part in paying Adobe for such a “right” to use flash.  As proof of this, I present the YouTube non-flash applications on iPhone and Android, which offer a rich non-flash experience that could easily make it’s way back to the desktop browser.

Assuming that Adobe stands fast, and Flash never becomes an integrated part of the mobile browser platform, and, as the mobile platform base grows, sites that rely on Flash for their user interface will be locking out the mobile browsing platform.  So, these sites will realize that they would reach a larger audience if they offered a non-flash mobile-friendly experience.  Thus, they’ll port their flash user interface to AJAX, which works on both desktop and mobile browsers.   Flash usage will begin to decline.  As Adobe gets more anxious to squeeze the dollars from Flash, then the free mobile-supported alternatives will arise.  Greater use of SVG graphics, more AJAX, and possibly even some open-source flash-like technology that will be free and usable for mobile browser developers.

Did I mention HTML5’s <video> element?

Did I mention ViXimo?  This is just the beginning of mobile-enabled flash alternatives, and proof that the above is coming true already.

I’ve been seeing messages like this one in my Logwatch e-mails for quite some time:

A total of 2 sites probed the server
203.246.75.102

A total of 7 possible successful probes were detected (the following URLs
contain strings that match one or more of a listing of strings that
indicate a possible exploit):

/wiki/index.php/Talk:AVR_GCC//index.php?name=PNphpBB2&file=viewtopic&t=8/viewtopic.php?p=15&sid=be4c914eb746ac7c96beea717fdfc692/&highlight=%27.include($_GET[a]),exit.%27&a=../../../../../../../../../../../../../../../../../../../../../../../../proc/self/environ%00 HTTP Response 200

So I decided to take a brief look at it.  I’m fairly certain that this isn’t an exploit in my MediaWiki install — I think they’re looking for an exploit in a package “PNphpBB2″ which I don’t have.  Anyway, I did some grepping of my logs to find the bad IPs and created a simple conf.d file that contains all the IP addresses that are bad.  The greps that I did look like this:

zgrep “w00tw00t” /var/log/httpd/*.gz | perl -p -e “s/^.*[^0-9]([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)[^0-9].*$/\1/g” | sort | uniq
zgrep “\.\./\.\./\.\./\.\./\.\.” /var/log/httpd/*.gz | perl -p -e “s/^.*[^0-9]([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)[^0-9].*$/\1/g” | sort | uniq
zgrep “PNphpBB2″ *.gz | perl -p -e “s/^.*[^0-9]([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)[^0-9].*$/\1/g” | sort | uniq

And then I put those all in a file under /etc/httpd/conf.d called “global_deny.conf” that looks like this:

<DirectoryMatch .*>
Order Deny,Allow
deny from [...]
deny from [...]
</DirectoryMatch>

With one IP address on each “deny from” line. Hopefully this should shut out a lot of the people that are trying to find exploits on my site. There were 845 unique IP addresses that had hit such URLs.

Does anyone know of an automated solution for doing stuff like this? What I’d like to be able to is to have a regexp of URLs that if you ever hit them, then you automatically end up in a set of denied IP addresses. Maybe it would show a special “you’re an abuser” webpage for the first few hits after that, and then just begin 404ing.

I found that starting emacs (under X11) was quite slow after I changed the default font.  After googling around for a while, I found this great post that says to add:

(modify-frame-parameters nil '((wait-for-wm . nil)))

To your .emacs file. I did it, and it made startup zippy fast. (NB: I added it to my (cond (window-system …)) section.

Although this page says it’s specifically for the Acer Aspire One, it actually applies to most netbooks, since they all use the exact same chipsets.  Some of the wireless & sound stuff might vary per device, but all the other system tweaks are great ideas, and I’m trying them out now on my Lenovo S10.

I had a lot of fun writing the “on this day” post a couple of days ago, so I spent some time collecting the image capture dates of 27,727 images in my collection, and whipped up a very crude PHP script to show the nearest picture to right now that I have in my collection, from years past.  In other words, the same date & time as it is now, but N years ago.

Note that some years with only a few photos might show a pretty bizarre photo, but in general I think the answers are pretty much correct.

Also note that some photos are only available if you’re logged in, so if you see a password box, then you should log in to see the image. (this prevents web crawlers from killing my server)

On This Day In KleinLacy history…

Things that would be fun to add:

- Custom dates (not just “now”)

- On this “week / month / etc.”

- exactly N days ago (i.e. 400 days ago)

So, I finally set up a script to back up my entire computer (365GB of content, as we speak) to my remotely hosted machine.

This gives me an offsite backup of important files that I may have here, in case of disaster.

But, there’s a catch.  First, my uplink speed from home is only 768kbps, good for about 75kBps.  And, I don’t want to use 100% of that, because at that rate, it would still take 59 days to rsync everything.

So, I’ve throttled it back to 50kbps, so that I can still listen to music at work (128kbps or so) and still get reasonable performance from web surfing.  But, at that rate, it’ll take 88 days to sync all the content.   Other than walking the drives over to the colo, is there any better way?

By the way, if you’d like the Python script that initiates the rsync, let me know.  It has a bunch of smarts in it to manage multiple backups from multiple days without duplicating the content, etc.  Its an Python adaptation/rewrite of a script that I’ve been using to back up the same files locally to a big USB enclosure.

I know there’s probably a host of remote backup managers, but I mostly wanted something simple and straightforward.  I looked a bit at rdiff-backup, but that seemed too heavyweight, and when I tried to run it, I got weird errors because the versions of it are different on the local & remote machines, and it made me really nervous that it’s all fucked up.  Rsync + ssh has been around for ages, and will continue to work for ages.

Dear Google Reader Team,

Please let me reply to my friend’s shared items. The button should say “Reply with note” instead of “Share with note” when I’m viewing shared items.

KTHXBAI

With all the talk on the interwebs about netbooks, I had assumed that they had already gone “mainstream”, especially since Amazon is saying that their top sellers are LCD TVs, Netbooks, and the Nintendo Wii.

But, I’ve been using my netbook at our local coffee shop for the last few days, and I’ve found that no one has seen one before, and I’ve had two people spontaneously come up to me and ask me about the machine.  When was the last time you had someone ask you about your computer in a public space?

People are really surprised at the size (about 8″ x 10″), weight (2.2 lbs), battery life (2+ hrs), and price ($350) .  I mention that it’s not the fastest thing, but the general response is: “well, at that price and weight, it’s worth it!” which is exactly how I feel.

To me, this means that netbooks really do have a place in the market, and have a long way to go when it comes to marketing and market penetration.   I think if the marketing engine kicks in on these machines, or if there’s enough word of mouth spreading, that they’ll really begin to take off.

It’s as if people have finally had enough of their 3.2GHz multi-core multi-disk super GPU enabled $3000 machines, and the thought of something small, light, and with a reasonable battery at a reasonable price really strikes true.

Score +1 for common sense!

As I promised, here’s image number 10,000 from my newest camera:

10,000

You’ve probably noticed that it’s been a while since I’ve updated the gallery.  Well, I’ve finally done it, and now I’m done.  1751 photos have been added.  Here’s a tiny sample, and you can click through for more.

Care's Visit

Half Moon Bay

Pumpkin Patch