Now here’s an interesting idea for a book: Pride and Prejudice and Zombies. The Amazon summary is pretty apt in its description:

Product Description
“Pride and Prejudice and Zombies” features the original text of Jane Austen’s beloved novel with all-new scenes of bone crunching zombie action.

About the Author
JANE AUSTEN is the author of Sense and Sensibility, Persuasion, Mansfield Park, and other masterpieces of English literature. SETH GRAHAME-SMITH is the author of How to Survive a Horror Movie and The Big Book of Porn. He lives in Los Angeles.

How has no one thought of writing this before? (Found via Uncrate.)

Songs I Hate

I usually try to ensure that my posts here have at least some value, but here goes…

I’m pretty easy-going when it comes to music. I’ll be listening to NPR and switch stations when they go to a commercial, and find myself listening to gangster rap. Then they go to a commercial, and I change stations back to NPR and it’s some jazz. Then they do a fundraiser and I’m listening to classic rock.

I can think of only three songs that I absolutely refuse to listen to. I’ll turn the radio off or listen to a commercial before I listen to the song:

  • Redneck Woman. I hate country music, but that’s not why. It’s that her voice is worse than nails on a chalkboard.
  • That “Don’t Stress” McCartney song. I have absolutely no idea why. It is ironic that a song called “Don’t Stress” raises my blood pressure, though.
  • That horrible, horrible song that has the line, “If you like it, then you should have put a ring on it.” I never got much further, despite the ~50 times I’ve bumped heads with it. I have no idea why, but this song makes me downright angry every time I hear it. (I’m well-adjusted and mentally stable. Really!) The music would be appropriate if you had snorted crack and were literally bouncing off the walls.

CSS Fixed

For months there was a really thin, really-light-grey line running down the middle of the page. I was finally able to figure out where it was coming from and get rid of it. (It was a background image, ~1200 pixels wide, with a single grey dot at the right to give the thin line… It was all well and good until I dropped one of the two columns, but I never could trace it down.)

I still consider the main page half-finished; I’d like to get the ‘table of contents’ thing back up and running, as well as make the bottom of the page actually function like I’ve always hoped it would. (Although it’s really not handy to have these things at the very bottom?) And it’s a behind-the-scene thing, but it’s what I do for a living: I want to rework the main page’s code to not rely on memcache. It’s served its role well, but I have 1 MB of RAM (down from 16MB!) devoted to caching about 1KB worth of configuration and cached elements that really don’t need to be forcibly held in RAM anyway. I’m already running APC (which already has a hitrate in the high 90s), so I can just make use of that. (Really, the code for the main page is a set of hacks built upon other hacks, and then I went in and hacked those hacked-hacks to behave differently… For what’s really a simple function, I think it’s time for a rewrite.)

Social Networks

I just logged into Facebook and realized that Facebook is a lot like my work e-mail and Twitter: 95% of the stuff that shows up there is noise that doesn’t concern me at all. Some girl who worked on a group project with me freshman year updated her photo album and then a total stranger that I foolishly accepted as a friend posts some introspective ramblings. And then I turn to Twitter, where very few posts interest me at all. Part of the problem is that I often start following strangers who post something interesting, only to realize that them being interesting was a rare occasion.

I’ve been toying for a while with purging the names I don’t recognize from Facebook and leaving Twitter. But I think, for now, I’ll stick with status quo: checking Facebook once every couple weeks and looking at Twitter every few days.


XKCD is an amazing comic. Sometimes it’s drop-dead hilarious. Sometimes I don’t quite get it. But with frightening accuracy, it’s either an astonishingly accurate picture of me, or it uses a crude-drawn diagram of stick figures to say something I’ve thought for a long time much more eloquently than I could. A recent comic does just that:

I think it’s valuable both on its surface and a bit metaphorically. Encryption’s a pretty neat field, with all sorts of applications. And even more mainstream operating systems like RHEL and CentOS are making it easy to encrypt not only your filesystem, but swap. But I think a lot of people hang their hats on technical solutions, where it’s only half the battle. 4096-bit RSA is no good when your passphrase is “passphrase,” though I have to think that crypto-geeks might know better.

The same is true for home security. I really wish I had the link for the article I read in which some ex-burglars were interviewed. They pointed out that those hollowed-out soup can “safes” are a great idea, except that when you have a can of soup on your dresser, it’s going to get stolen. Those hollowed-out book safes are ingenious, except that savvy burglars just knock over you bookshelf. And that having a safe is really pretty foolish, because they’ll just take the whole thing. Or the story about the people who hid hundreds of dollars of cash inside their DVD player for safekeeping. But the burglars weren’t looking for cash, they were looking for electronics they could pawn, so they stole the DVD player.

And how about SSL? I think there are a sizable number of people who know that the ‘lock icon’ of SSL means that their connection to the webserver is encrypted, and therefore it’s safe to give out their credit card number. But they don’t realize that their encrypted connection is to “https://paypal.com:homepage@scammer.example.com” and that they just gave the badguys their information.

In all our time guarding against the million-dollar supercomputer, we forget to guard against the $5 wrench.


The new Kindle is really, really slick.

I just realized a problem with it, though: I rarely pay for books. If the library doesn’t have it, I turn to half.com. $9.99 for a book might be a great deal compared to $29.99 for the dead-tree version, but it’s a rip-off compared to $0.00 at the local library, or $2.99 on half.com.

That said, the opportunity to subscribe to newspapers and magazines wirelessly is brilliant. I always feltĀ  bad for the ailing newspaper industry. Enough so that I might be willing to pay $10/month to get a copy on a Kindle.

I’m a little confused, though, by their “Get blogs wirelessly delivered to your Kindle for as little as $.99 per month” statement. I thought you were able to browse for free. (Obviously, restricted a bit.)

What interests me is the availablity of computer eBooks. I brought home a 1,200 page MySQL tome. Seems like they have a lot, but not centered on the ones I want to buy. I can take there being more books on MS SQL and Oracle (even if MySQL is probably most populous?), but PL/SQL and SQLite? Isn’t an SQLite book like writing a manual for using the Windows calcluator? And discounting a book to $50 for the Kindle doesn’t make me want to buy it. (Psst: The Pirate Bay has a great selection… I don’t want to resort to that, though.)

All this brings up something I’ve thought for a long time: if you release a book for an e-book platform like the Kindle, and then it’s obsolete (like all the MySQL books about MySQL 4 that don’t get to the major changes in MySQL 5), can you please, please offer a heavily-discounted “update” to people who own the old version?

p0f for spam detection?

I posted a while ago about p0f, a neat tool that looks at packet structure to determine the operating system speaking to you from a given IP. (It seems like the tool hasn’t been updated in a while, which is a shame.)

I’ve been running it for a while, and log p0f strings for all incoming connections to port 25, i.e. every mailserver trying to connect to n1zyy.com or ttwagner.com. You can see it on the 100 blacklisted IPs page here, showing the IP, country, and p0f string for each connection. (I have it configured to not log ‘guesses,’ which explains why some are blank.)

I’ve noticed that the vast majority of entries are coming from “Windows 2000 SP4, XP SP1+” as an operating system. (This is the IP that’s connecting to my mailserver, i.e. the outgoing mailserver’s operating system. This has nothing to do with people using an ordinary mail client on Windows 2000 or Windows XP.) This doesn’t surprise me a lot: most spam is sent from virus-infected desktop computers these days, and people running old versions are much more likely to get infected than someone who keeps up to date with security updates. (I will caution that p0f isn’t 100% accurate, especially as it hasn’t had a definition file released since pre-Vista.) The other aspect of this is that very few professionals would run a mail server on Windows XP, though there could be legacy systems running on Windows 2000. (Although, man, they’re behind the times!) So if we see an incoming connection from this OS string, we have a fairly good idea that it’s either someone’s desktop or a mailserver run by someone who never, ever upgrades anything.

I’ve posted before about how I’ve found that blacklists are usually very good at blocking spam, but they seem to get better hours or days after the spam has been sent, so what I like to look at in evaluating a DNSBL is how it fares for mail as it’s being delivered to me, not how it looks hours later in a test. The most recent connection, for example, is a “Windows 2000 SP4, XP SP1+” machine in China, but it only pops up in one fairly obscure blacklist. It would have gotten through if I relied on DNSBLs. (Well, except that it e-mailed a spam trap and/or used my IP address as a HELO string, so it got auto-banned…)

What I’ve been interested in for a while is in whipping up a Postfix policy plugin that would do scoring based on multiple factors. This would let me ensure that certain patterns would increase a message’s spamminess score, but that certain things couldn’t tip the scale on their own. I never liked the idea of banning foreign countries, even if most spam comes from China. (I suspect something is wrong with that chart, actually…) But for someone who doesn’t interact with anyone from China, it’s more probable that mail from China is spam. So we can score them a little more highly. And based on what I’m seeing in the mail logs, we would have very good results if we did the same for hosts connecting that ran desktop Windows versions.

Of course, I’m not yet ready to pronounce this a bulletproof idea. For one, I haven’t studied how p0f treats connections from legitimate Exchange servers. It doesn’t seem to show connections from Vista properly, for example, so I worry that such a block might inadvertently snare legitimate Windows server OSs. Plus, the only way I’m noticing this right now is by looking at mail that’s already getting caught at spam; mail that gets accepted doesn’t get listed. More directly, “Most spam is sent from Windows XP and Windows 2000” doesn’t necessarily mean, “Only spammers use Windows XP and Windows 2000 on their outgoing mail servers.”


I sometimes wonder how normal people handle the things that come at them.

My mom’s a first grade teacher, and has been using some sort of website to generate those ‘math minute’ worksheets for addition problems. But she’s teaching certain identities, namely +1 and +0, and now wants to introduce the a+b=10. She asked me about this.

“So what you’re saying,” I asked, “is that you’d like me to write a PHP script to generate these?”


I’m not a total bleeding-heart liberal, apparently. The news has been carrying a lot of stories about the push to require that seatbelts be worn, and I can’t help but hope that the bill goes nowhere.

I think it’s foolish and dangerous to not wear a seatbelt. It’s also foolish and dangerous to smoke, to eat too many trans fats, or to carry too much of a balance on your credit cards. I don’t think we need laws legislating that people shouldn’t do these things.

Kids should be required to wear seatbelts, and parents who don’t make them ought to be considered negligent. Kids can’t make an informed decision about whether a piece of cloth around their waist is worth not flying through the windshield. But that’s already the law.

The other 49 states require that seatbelts be worn, which is one of the reasons people are pushing for the law. But why do we want to be like the other states? Most of the other states have sales tax, too. Let’s not use “all the other states are doing it” as a reason to pass laws. Especially not when our motto is “Live Free or Die.” (Even if, “Live Free and Die” might be more fitting to the circumstances.)

Awesome Sites

I just came across FelonSpy.com, which is supposed to show you convicted felons living nearby. It’s a neat site, but I didn’t know that I lived across the street from a rapist, half a mile away from an arsonist, and had two people with gang-related violent crimes living in my neighborhood. Oh, and a 73-year-old man convicted of sodomy living in the river.

I tried it a few more times, sometimes changing the center address slightly, sometimes using the exact same one, and I get a totally different set of results every time. It seems hesitant to put anyone on the street you put it, but lots of neighboring streets; by plugging in an adjacent street and trying several times, I was eventually able to get it to show a violent felon at my house.

It’s slightly amusing when you realize that it’s just generating random data, though I suppose it’s also a good reminder to not trust everything you find on the Internet.