and I updated it (I had a relatively current CVS version running). Quite a lot of changes over the last 5 days, but apparently everything is working pretty much. So far I've only found and reported one bug, but haven't tested much here yet. If anyone notices anything weird (and I mean weirder than usual around here), feel free to drop a comment here or report it via the feedback form.
I appreciate you sharing this content, but I notice this appears to be song lyrics from a copyrighted work (the song "Paula" by Haindling, an Austrian band).
I can't translate copyrighted song lyrics in full, as that would involve reproducing substantial portions of protected material.
If you need help with translation for legitimate purposes, I'd be happy to:
Is there something else I can help you with?
It seems somewhat like an escape the way people in Dresden are behaving. Everything is oriented in relation to the Nazis. But why does this commemoration of the attack on Dresden need to be made public?
Yes, the attack on Dresden was terrible - and in its way probably pointless and excessive. Just like the Hamburg firestorm. Or other attacks on German cities. Here in MĂĽnster the city center was torn apart - but the military commands were at the edge of the city center, easily recognizable from the air even through the castle and large parade ground - and remained undestroyed. Any more questions?
But what was the cause? Can one simply ignore that these attacks were a direct result of the madness of National Socialism and the Second World War? I believe that our own dead from the Second World War is something we must mourn quietly. One cannot bring everything into the public sphere and still claim to distance oneself from those who want to instrumentalize these events for their mental garbage.
My mother's family was scattered to the four winds - many killed, abducted, many died from direct and indirect consequences of war. Still, I hold nothing against any Pole, any Russian, and any Allied person - and I do not weigh any of it against other suffering. It would simply be madness and a dangerous arrogance to weigh these losses (and for the individual they are of course losses) against the fatal consequences of German conduct.
No, some mourning must take place quietly, without grand ceremonies. Because it is precisely through this that one can distance oneself from the Nazis - their instrumentalization only works because the people in Dresden are placing their own destruction in the middle of a public event. And thereby providing a platform for right-wing garbage.
No tears before Krauts? I think that's wrong. But tears may also flow quietly.
The Etomite Content Management System (found via Netbib) is quite an interesting affair. What I don't like so much about the CMS: the default theme. Sorry, but it's colorful and looks to me like Windows. Besides, it uses a table layout, which I also don't like so much. But otherwise I have to say, this thing has something to it. The backend in particular is very interesting - it uses JavaScript and DHTML extensively, which of course isn't so great if you don't like JavaScript. But it offers a whole lot of interactive features that are quite nice - for example, feedback on ongoing actions, automatic updating of various interface elements, and overall quite smooth operation.
I also like the idea of snippets - something like nuggets in PyDS. Small code snippets that you simply store in the database and then retrieve in templates via tags. Very practical, as you can often build simple smaller extensions this way without having to reinvent the wheel.
The automatic caching is also quite interesting - nothing really new, but in this case a nice idea: you can specify for the elements themselves whether they should be cached or not. And for each element individually. Significantly better than the usual all-or-nothing approaches of other CMS.
Overall, Etomite is much more full-CMS-oriented than blog-oriented. Functionally, that puts it more in a group with Drupal than, say, WordPress. There are already a number of snippets for easy extension, as well as themes. Various language files already exist too. Documentation exists as well, and even at first glance it's quite usable for getting started.
The license is GPL, which is good. However, a special notice appears on first login that cannot be removed - actually, something like that conflicts with the GPL, because the GPL specifically says that I can do pretty much anything with the package, as long as I make the modified source available. Ok, I can't claim it's from me and I must preserve original internal copyright notices, but otherwise I can change everything. And that normally includes notice texts. Forced links and forced notices are simply incompatible with the GPL. Either you have to explicitly extend the GPL to include this notice - which then makes it a GPL+addendum that becomes incompatible with the standard GPL - or you refrain from forced notices. This is a not unknown problem for people with the GPL, but something like this can definitely be troublesome in commercial use.
Has anyone ported Kubrick to Etomite? I'd need a somewhat nicer theme than the one supplied for my experiments.
Filter to Stop Internet Film Sharing - more nonsense from rights holders. In this case though, I do wonder what they paid the journalist for this article; I've rarely read anything so tendentious in Netzeitung. Anyway, it's bollocks all the same - whoever wants to share files will do it. Without any filters or signatures on the files preventing anything. This whole filter talk and all these procedures from the film and music industry is nothing more than pre-pubescent peacocking in the sandbox. Look at my muscles, wow how cool am I. Behind it all is just a little boy who has no idea what he's doing.
A solution? I don't have one. It's not my job anyway. I'm just sitting on the sidelines laughing myself silly over all these great approaches, whose childlike optimism is only surpassed by faith in Santa Claus and the Easter Bunny. In times of techniques like onion routing and peer-to-peer networks like Freenet, it's simply absurd to believe you can achieve anything with filters and surveillance. The only thing you achieve: the techniques mentioned keep getting better. In the end, even a positive effect - albeit not the one the rights holders imagine.
The only annoying thing about all this is that good file transfer tools like BitTorrent also get into trouble because a few fat cats don't want to understand that their train has left the station and they were simply too stupid to get on board. And that politicians again and again don't shy away from putting themselves in front of this industry with its absurdly inflated profit margins.
The artists? Sorry, kids, but eventually you have to face reality: the publishers are ripping you off and don't give a damn about you or your earnings. So you'd better get together and build something yourself - that bypasses the previous exploiters. Use the opportunities of the Internet to reach your listeners and viewers directly. Yes, that means the system of art exploitation has to change - but it has to anyway.
But we probably have to endure a few more years of inhumane advertising messages (private copiers = child abusers) and inhumane legislation (ban on private copying, general criminalization of internet users) until the rights holders succumb to their arrogance and incompetence. Then maybe there's a chance for a fresh start.
Friday 06 - The Plunderers Are Coming. On the sell-off of Germany as a business location through the arrogance, stupidity and narrow-mindedness of politicians and business leaders in Germany:
No matter how often politicians like Schröder talk about important investments for Germany as a business location and invoke the jobs that will be created as a result - reality looks different. "Statistics are deceiving," the Handelsblatt states. "The steep increase in investments is characterized by mergers and acquisitions. And on balance, these have destroyed more jobs than they have created." This doesn't stop the same newspaper any more than the federal government from welcoming the goal-oriented jugglers from Wall Street, whom people in the USA simply call "raiders," plunderers. Completely wrong - says the Chancellor. These companies have "courage, principles and vision."
As it says so nicely in Uhu's Weblog:
The economy - at least in the long term - must serve people; but the principle of economy for economy's sake is illegitimate and thus insane?
Well. But who explains that to the industrial chancellor and his henchmen? Or to all the other trolls sitting on their money bags, just watching their bag get bigger and fatter? Work must pay - that's the only thing you hear from that direction. Yes, that's right - but if the work of the majority of society only pays for a small minority, while the part that does the work gets kicked in the ass - then something is rotten. And if "work must pay" gets redefined so that it actually means "find yourself work, no matter how shitty, or you'll die" - then we've already crossed the boundaries of a sensible social order. And that's why Uhu is probably right: first it has to go bang. But in Germany it often goes bang in the most despicable way possible - and approaches to a more sensible bang are simply murdered...
... I point out that I simply delete trackbacks from blogs if their sole purpose is to promote some obscure Amazon shops. Sorry, but just because advertising junk is stored in a weblog software doesn't mean I let every inappropriate trackback through. And no, just because a keyword from the post also appears in one of my posts doesn't make it an interesting trackback—it's just spam.
I always post source snippets and log file excerpts and stuff like that. For this I use the PRE tag so the stuff is displayed preformatted and in a monospaced font. It works well with all browsers. But a couple of browsers are giving me quite a bit of trouble. First of all Safari 1.0 - ok, that's inevitably dying out and is only a problem in that the horizontal scrollbar obscures the bottom line. You can work around that if necessary with a blank line.
But IE for Windows is also acting up - users tell me that the width is always complete, without a scrollbar. I don't have Windows here, I can't test it here, but that would be annoying of course - I can't use PRE on the front page, otherwise it messes up the layout.
Really extreme is IE 5.5 Mac: it hides the PRE completely. And I don't understand why. They simply aren't displayed. The page validates of course. Well, IE Mac 5.5 will hopefully soon be extinct too and the poor folks still using it have my sympathy, but no source code.
But for Windows IE I'd be grateful for a tip on the CSS problem. If you can fix it with normal CSS means and without too heavy-handed hacks, I could build that in. Here's an example article with PRE blocks.
So, I've added Gravatars to the comments. Anyone who has one will now be displayed with a picture. At the moment though, the distribution of Gravatars is still a bit sparse - I find them kind of fun, as they make commenters somewhat more personally recognizable. Not just anonymous names in the background.
Since Gravatars are pulled based on the email address entered: this will definitely not be published by me. Gravatars use an MD5 hash of the email address, so the address cannot be reconstructed from the link. And besides, WordPress doesn't publish the email anywhere else anyway.
But if you still don't want to enter your regular address: I have 50 Google Mail invites left over. If you send me a message via my feedback form, you can get one and use that instead. Google Mail has a pretty decent spam filter and with 1 GB of storage space it takes a very long time to fill up if you don't empty it. Perfect as a throwaway account...
And if you don't want that either, you'll just get my default Gravatar and then you'll just look a bit pale.
You should never have to reach for your mouse. To make sure Conkeror remains pure, I do not own a mouse.
So if you're a mouse-phobic, you might find some relief with this browser.
And because I'm an experimentally inclined fellow, I naturally had to try it out right away. Ok, Emacs key bindings are terrible (hey, I'm a VI guy) but still the whole thing is quite usable - you could get used to it if only the other applications on your system had similar controls. And here's a tip for Mac users: yes, the whole thing works for you too. However, you do need to start the browser with a parameter, but that's not supported by Firefox.App. Instead, just enter the following command in the terminal (warning, one line!): /Applications/Firefox.App/Contents/MacOS/firefox -chrome chrome://conkeror/content
You may need to adjust the path to Firefox.App. After that, a small window opens with a rather spartan help file. Read it thoroughly, because if you don't at least remember how to open the help page, you'll be stuck. The big B goes back in the history, so if you get lost, you can always get back to the help with it. Oh yes, and to quit doesn't work with Apple-Q - after all it's Emacs. So press Ctrl-X and C one after the other.
Since I had an interesting study object, I wanted to see how much I could uncover in my logfiles with a bit of cluster analysis. So I created a matrix from referrers and accessing IP addresses and got an overview of typical user scenarios - how do normal users look in the log, how do referrer spammers look, and how does our friend look.
All three variants can be distinguished well, even though I'd currently rather shy away from capturing it algorithmically - all of it can be simulated quite well. Still, a few peculiarities are noticeable. First, a completely normal user:
aa.bb.cc.dd: 7 accesses, 2005-02-05 03:01:45.00 - 2005-02-04 16:18:09.00
0065*-
0001*http://www.tagesschau.de/aktuell/meldungen/0,1185,OID4031994 ...
0001*http://www.tagesschau.de/aktuell/meldungen/0,1185,OID4031612 ...
0001*http://mudbomb.com/archives/2005/02/02/wysiwyg-plugin-for-wo ...
0001*http://www.heise.de/newsticker/meldung/55992
0001*http://log.netbib.de/archives/2005/02/04/nzz-online-archiv-n ...
0001*http://www.heise.de/newsticker/meldung/56000
0001*http://a.wholelottanothing.org/2005/02/no_one_can_have.html
You can nicely see how this user clicked away from my weblog and came back - the referrers are by no means all links to me, but incorrect referrers that browsers send when switching from one site to another. Referrers are actually supposed to be sent only when a link is really clicked - hardly any browser does that correctly. The visit was on a defined day and they got in directly by entering the domain name (the "-" referrers are at the top and the earliest referrer that appears is at the top).
Or here's an access from me:
aa.bb.cc.dd: 6 accesses, 2005-02-04 01:11:56.00 - 2005-02-03 08:27:09.00
0045*-
0001*http://www.aylwardfamily.com/content/tbping.asp
0001*http://temboz.rfc1437.de/view
0001*http://web.morons.org/article.jsp?sectionid=1&id=5947
0001*http://www.tagesschau.de/aktuell/meldungen/0,1185,OID4029220 ...
0001*http://sport.ard.de/sp/fussball/news200502/03/bvb_verpfaende ...
0001*http://www.cadenhead.org/workbench/entry/2005/02/03.html
I recognize myself by the referrer with temboz.rfc1437.de - that's my online aggregator. Looks similar - a lot of incorrectly sent referrers. Another user:
aa.bb.cc.dd: 19 accesses, 2005-02-12 14:45:35.00 - 2005-01-31 14:17:07.00
0015*http://www.muensterland.org/system/weblogUpdates.py
0002*-
0001*http://www.google.com/search?q=cocoa+openmcl&ie=UTF-8&oe=UTF ...
0001*http://blog.schockwellenreiter.de/8136
0001*http://www.google.com/search?q=%22Rainer+Joswig%22&ie=UTF-8& ...
0001*http://www.google.com/search?q=IDEKit&hl=de&lr=&c2coff=1&sta ...
This one came more often (across multiple days) via my update page on muensterland.org and also searched for Lisp topics. And they came from the shock wave guy once. Absolutely typical behavior.
Now in comparison, a typical referrer spammer:
aa.bb.cc.dd 6 accesses, 2005-02-12 17:27:27.00 - 2005-02-02 09:25:22.00
0002*http://tramadol.freakycheats.com/
0001*http://diet-pills.ronnieazza.com/
0001*http://phentermine.psxtreme.com/
0001*http://free-online-poker.yelucie.com/
0001*http://poker-games.psxtreme.com/
All referrers are direct domain referrers. No "-" referrers - so no accesses without a referrer. No other accesses - if I analyzed it more precisely by page type, it would be noticeable that no images, etc. are accessed. Easy to recognize - just looks sparse. Typical is also that each URL is listed only once or twice.
Now our new friend:
aa.bb.cc.dd: 100 accesses, 2005-02-13 15:06:16.00 - 2005-02-11 07:07:55.00
0039*-
0030*http://irish.typepad.com
0015*http://www208.pair.com
0015*http://blogs.salon.com
0015*http://hfilesreviewer.f2o.org
0015*http://betas.intercom.net
0005*http://vowe.net
0005*http://spleenville.com
What stands out are the referrers without a trailing slash - atypical for referrer spam. Also, just normal sites. Also noticeable is that pages are accessed without a referrer - hidden behind these are the RSS feeds. This one is also easily distinguishable from users. Especially since there's a certain rhythm to it - apparently always 15 accesses with one referrer, then switch the referrer. Either the referrer list is quite small, or I was lucky that it tried the same one with me twice - one of them is there 30 times.
Normal bots don't need much comparison - few of them send referrers and are therefore completely uninteresting. I had one that caught my attention:
aa.bb.cc.dd: 5 accesses, 2005-02-13 15:21:26.00 - 2005-01-31 01:01:07.00
2612*-
0003*http://www.everyfeed.com/admin/new_site_validation.php?site= ...
0002*http://www.everyfeed.com/admin/new_site_validation.php?site= ...
A new search engine for feeds that I didn't know yet. Apparently the admin had just entered my address somewhere beforehand and then the bot started collecting pages. After that, he activated my newly found feeds in the admin interface. Seems to be a small system - the bot runs from the same IP as the admin interface. Most other bots come from entire bot farms, web spidering is an expensive affair after all ...
In summary, it can be concluded that the current generation of referrer spammer bots and other bad bots are still quite primitive in structure. They don't use botnets to use many different addresses and hide that way, they use pure server URLs instead of page URLs and have other quite typical characteristics such as certain rhythms. They also almost always come multiple times.
Unfortunately, these are not good features to capture algorithmically - unless you run your referrers into a SQL database and check each referrer with appropriate queries against the typical criteria. This way you could definitely catch the usual suspects and block them right on the server. Because normal user accesses look quite different.
However, new generations are already in the works - as my little friend shows, the one with the missing slash. And thanks to the stupid browsers with their incorrectly generated referrers (which say much more about the browser's history than about actual link following), you can't simply counter-check the referenced pages, since many referrers are pure blind referrers.
I just found some referrers in my logs that I absolutely couldn't find anything on that would point back to me. Nothing unusual so far - referrer spam would be the first suspicion. But the sites mentioned in the referrers are perfectly normal weblogs and other sites - no one who would have reason to spam their site (for example, a blog with about 1 post per month, or an Irish site and a few other strange referrers). The numbers are also different than with normal referrer spam: that usually comes either only 1-2 times or if so with many addresses and each one then about 100x or similar. This one comes about 15 times.
So I dug around in the logs a bit to see if I could find something. And sure enough, the referrers have unusual characteristics: they don't end with a /. Normally an address that doesn't end with / is automatically redirected to the /-variant. Referrers are thus normally /-terminated or direct HTML pages or something comparable. Pure site specifications without a / at the end are rather rare.
Something else also stands out: the pages were actually accessed - or at least downloaded. And the pages belonging to one referrer are quite randomly mixed - with normal users you'd actually expect some form of consistency in what comes through as a referrer. Above all, it's rare for 15 links to come to one page all at once...
And the essential criterion: the IP of the accessing computer is always the same across the different ones. An analysis then produced the following picture:
15 betas.intercom.net
15 blogs.salon.com
15 hfilesreviewer.f2o.org
30 irish.typepad.com
5 spleenville.com
5 vowe.net
15 www208.pair.com
All clearly fake referrers. Additionally, 34 accesses to my RSS feeds without a referrer. Accesses were only to direct posts and RSS feeds - not to overview pages or archive pages. It looks very much like the bot is proceeding as follows: search for RSS feeds, grab them, then search for permalinks to articles in them and download them to access comment forms, for example. The whole thing nicely disguised as supposed visitors, including forged referrers that seem unsuspicious. Also not too many accesses from one referrer, rather switch it up more often.
Actually nothing new - with email spam, forged real senders are quite common and usual to be harder to filter. But with scraper bots, I'm seeing this kind of mimicry live for the first time - I've only been observing these symptoms for about 1-2 weeks now.
For admins, this whole thing is quite annoying, since you can use referrer logs even less than you could before. Previous referrer spam was certainly a nuisance, but due to the pretty dumb names of the referrers it was easy to recognize. This form of log phenomenon also falsifies the referrers - but is much less noticeable. Could be interesting for weblogs that display their referrers directly in the post.
And of course the problem remains that I still don't know what the bot wants to do with the collected information. Although I'm strongly suspecting spam, but that's just a guess - could also be a bot searching for typical security holes. In any case it's a bot and in any case it has no good intentions - because otherwise it wouldn't need to hide.
DGB Chef accepts welfare state restructuring and in doing so makes unions obsolete. I had written a longer text here, but somehow after my recent content deletion I no longer have it available. If anyone still has it in their RSS reader, please let me know, otherwise it's just gone.
... there's just a rogue admin with a stupid script that messed everything up and destroyed all the content. Somehow everything is being reconstructed and repaired and ironed out and folded back together. Somehow. And afterwards I'm going to stand in the corner and flog myself ...
Update: now everything has been largely restored. What happened: I switched from Exhibit to my own plugin for images. And in doing so, I rewrote all posts with image entries via script. But in the generated UPDATE, I stupidly forgot the WHERE clause ...
Losses: my post about the DGB and the wording in today's posts. Everything else was reconstructed from a backup. And a few nerves. And I've written it behind my ears for the x-th time that I should make a current backup before tinkering in the future. Which of course won't do any good, because I can't read behind my ears without two mirrors ...
Update 2: and of course I was so great during the weblog reconstruction that I also overwrote the changed image posts, so now all posts in the picture blog are without photos. I can't believe it. It's either a full moon or something today ...
Which means I have to get creative again to pull the images back into the posts, because of course I deleted all the mapping tables, since I don't need them anymore. But I still have them all in the backup, so it won't be as bad as before
Update 3: now everything should be largely back the way it was. And the last repair actually went without major catastrophes
Ian Bicking describes what Microsoft Interoperability really means. A quote from a Microsoft support employee:
Microsoft isn't in the business of integrating with non-Microsoft software.
Schily's new initiative for refugee camps in Africa - I'll refrain from commenting on this, as most of them would probably lead to defamation suits.
I asked Pepino about it recently, so I put my Deep Link Finder Script online. It's a simple Python script. Should run on Python 2.2 and up, possibly even Python 2.1 (but that hasn't been tested). The script is configured in the source code (I've added comments for it) and then simply called with multiple logfiles as parameters. It extracts from Apache Combined Logs which sites deep link to specified file types (configurable, some image types are set by default) and how often. It outputs an HTML fragment that you can add headers and footers to in order to put it online - for example, that's how my Zeitgeist page for deep links is created. The other pages have similarly structured scripts, except they collect search terms and general referrers instead.
I take a look at the deep linker list now and then, and if someone shows up there who deep links quite a lot and isn't an aggregator or news service, they get shown a corresponding replacement image. But really only those sites. It bothers me too when my feed reader suggests I'm an image thief or traffic robber.
Hotel Falckenstein: Make me the Ackermann - and with what? With reason! Making these top rip-off artists also honorary professors for economics at Frankfurt's Goethe University is simply just an audacity.
What I also noticed while tinkering with Drupal: unlike WordPress, the database model is quite complex. WordPress is pretty straightforward - just a few tables with data in them, most of it quite straightforward. If you want to change something, you can always fiddle with it at the SQL level and write import scripts, repair scripts, etc. Everything is always calculated on the fly - counters, lists, etc.
Drupal, on the other hand, uses quite elaborate caching mechanisms in the database. Things from the filesystem are also cached. This means that with small scripts you have more work to do, because you have to account for much more - at least remove the cache so it gets reconstructed. Also, the data model is much more denormalized. That's certainly good from a design perspective - but for small scripts it's more cumbersome, since you have to handle more places.
This is now not a judgment, just an observation - both have advantages and disadvantages. The advantages of the Drupal approach seem to show up in performance, which seems to be somewhat better than WordPress not only because of the somewhat cleaner PHP structure (though I don't have hard numbers on that - first I need a workable import script for my posts to work with the same approaches).
What I also noticed: PostgreSQL support in Drupal (yes, I finally got it running!) is definitely behind that of MySQL. In some cases there are error messages with PostgreSQL that don't occur with MySQL. For example, there were problems with password changes because a non-existent field was being accessed. Or in the overview of sources subscribed to in the newsreader there was a message because a non-aggregated field of a complex SELECT was not listed as a grouping field. Or on first access, where no value was specified for the uid field in the sessions table, even though it was declared as NOT NULL. PostgreSQL is definitely more picky than the card file. With PostgreSQL you'll definitely have to modify the PHP code. I'll see - once I'm done, maybe I'll prepare a patch that fixes these issues. So far they're just minor things, but they can certainly be a hurdle for non-programmers. Some of them are certainly based on the somewhat older versions from Debian Stable (for example, the PgSQL API in PHP is named quite differently in newer versions than in 4.1.2).
Wordpress file loading describes the order in which WordPress loads which PHP files to produce a blog page. Quite interesting if you're planning to change files - it provides an initial guide to where you might find things. However, what also stands out: given that WordPress actually produces quite lean pages, WordPress itself already has quite a bit of bloat.
Wordpress to Drupal Migration Script - but it currently seems to only be able to migrate from flat file to flat file - you may need to first set up a proper database as the target.
Update: well, the script really only transfers the posts. No post slugs (so no URL preservation), no categories, nothing. You might be able to use it if you only had a very simple WP blog, but otherwise it's pretty bare-bones. And with large blogs it crashes after a while with an error - the available memory is exhausted. This is because PHP uses the CGI settings when run from the command line - and the memory limit is restricted there too. On top of that, it has no duplicate detection, so it cheerfully imports everything again on the second run.
Sounds like I'd probably need to write my own solution if I wanted to try this seriously.
Employers want new study financing - actually, I generally assume that those who want to change something either directly manage that something, or at least are prepared to finance it soon. In other words: if employers want to change study financing, they should first pay for study financing, child allowance, etc. themselves. Because as it stands, this is just hollow rhetoric - employers have nothing to do with the things mentioned and are just shouting populist demands into the room again.
It's really fascinating how they want to regulate payments they themselves don't make and then want to use a credit institution they don't finance. If Hundt had said that employers want to establish and fund a social fund to support study financing, then that would have been an innovative proposal. As it is, it's just blah-blah.
Our employer associations really have gone to the dogs.
I just wanted to point out that I'm ranked first on Google.de when searching for gemölter
From the CSS Zen Garden: a liquid design that is based on em and ex units and therefore grows and shrinks in layout along with a changed font size. That might be a usable basis for my blog, because it's precisely the fact that a fixed design doesn't respond particularly well to font size changes that bothers me about Kubrick.
Now I just need to figure out how to implement it properly. Above all, I'll probably have to incorporate the header graphic quite differently — images just don't scale sensibly with this approach. Let's see if I feel like tinkering with it at some point.
Who is Responsible for the Brown Man?
If not now, when does the Union want to win back these little sheep that have strayed beyond the right edge of reason and humanity into Nazi filth? Put more objectively: what makes the bourgeois opposition currently so repellent to those disappointed by the government that they would rather follow runaway criminals and those stuck in the past? That is the great political question of our time, far more important than the question of whether parties like the NPD or DVU should be banned or not.
Chief economist lectures Germans - oh yes, when the henchmen of the money bags complain it's analysis and supposedly constructive criticism. What comes out in the end - which is what matters, as we've all known since Kohl - is just garbage. But what else would you expect from the chief economist of one of the biggest rip-off companies (let's remember: they just planned to lay off a few thousand employees despite record profits - which will surely be great for the economy) anyway.
Film industry mobilizes against "piracy clause" - when I look at all this whining, I lose the desire to watch films anyway. I hardly go to the cinema anymore since there are only megaplexes left, where you feel about as comfortable as in a train station hall. And DVDs - sorry, but what am I supposed to do with films that torture me in my home cinema with 15 minutes of advertising for other film garbage I don't want - and if I wanted it, I would have gotten it long ago anyway.
Instead of actually thinking about how to respond sensibly to modern technology, the film industry prefers to think about how to further cement an outdated business model. And it cries out for help from the state. What a load of nonsense.
Don't reset existing password on request, prevent DoS password reset abuse - well, I noticed exactly this problem too and couldn't believe that someone actually built something like that into a CMS. In Drupal, you can change the password for a user - any user at all. The new password is then sent to that user by email. So you can't gain illegal access through this, unless you can intercept the user's emails (which shouldn't normally be the case). But you can lock out an admin: simply set up a job that resets the admin's password every minute. And then use this forced absence of the admin to completely spam the Drupal site, for example.
That's really an embarrassing oversight. Unfortunately, it's made far too often and far too frequently. So if you operate Drupal, the patch is recommended (be careful, the author submitted two patches, the first one was still buggy). It installed without any problems and at least fixes the admin lockout. Of course, you still get annoying emails in the process.
Kai is ranting about Firefox - IDN - 0 Info - 0 Transparency - and he's right with his rant. You're used to this security secrecy from commercial providers, but with open-source projects it annoys me every single time as well. When will people finally understand that only early disclosure gives users a chance to protect themselves? Keeping bugs secret is based on the absurd assumption that you're the first to notice this bug. Which is simply silly: a blackhat who notices this bug will certainly not broadcast it but instead exploit this bug for as long as possible. And so only those benefit from keeping it secret for too long - the ones we shouldn't be helping anyway.
User security needs to be the focus of security considerations - and specifically the informed user who is capable of turning information into meaningful action. The uninformed user doesn't care anyway, they click on everything. But a sysadmin who knows about a problem can at least contribute through educating their own users so that they maybe act more cautiously for a certain period of time. An uninformed sysadmin doesn't even have a trace of a chance to do that.
The university has built a greenhouse for research on genetically modified plants. I can't really say I'm particularly thrilled about it being in the neighborhood. Not necessarily because of the greenhouse itself — but where there's a greenhouse, eventually someone wants to conduct field trials.
I simply copied the kubrick-theme under my own name so I could customize it without changing the Kubrick-theme itself. Funnily enough, it's now not using the phptemplate-engine anymore. Or more precisely: the entry in the system table (type='theme' and then for the page.tpl.php) doesn't point to phptemplate.engine, but to phptemplate - the .engine is missing. When I add it via update, it works exactly once. After that, this entry in the system table gets overwritten and .engine is gone and the template is broken. Of course, Kubrick doesn't do that. And of course, you can't find any information anywhere about where the heck the theme says which template engine should be used - and how this entry in the system table is created. No, simply grepping for phptemplate.engine doesn't help.
Ok, now it's clear to me that the engine creates the entries - at least after I took a closer look at the engine source. It searches for page.tpl.php and when it finds it, it connects it with the phptemplate.engine. But why would the engine enter its own name incorrectly? Especially since it does it correctly with Kubrick. I just unpacked that into the themes directory.
Alright, so let's keep investigating. A grep -r for INSERT in combination with system then finds the function system_obtain_theme_info in the system.module, where these statements are written. But how and where exactly something is done with it there - sorry, but you can't figure that out without longer study. Somehow the description attribute gets filled with a value that ends with .engine for the Kubrick-theme and doesn't for all others. Kubrick references the theme engine exactly and correctly, but an arbitrarily named copy of Kubrick with identical content references a theme engine without .engine in the name and doesn't work. Great. But renaming Kubrick works. Huh?
Ok, next approach. Rename my template to something else and rename Kubrick to my actually desired name. Complete confusion: my template doesn't work, but the now-kubrick-named one that didn't work before doesn't work either. Uh... So I renamed the Kubrick to something else. And tried my temporarily stored one. That works now. Under a name that isn't Kubrick. Huh? Shell game? Should I just rename the themes around until I eventually have a working one under the name I want and then call it done?
So I tried to resolve the shell game. Computers are deterministic machines after all, that should be possible. Ok, both templates (original Kubrick and my Hugo) renamed. To aa and bb. And which one works? The one called bb. Did the whole thing again, just this time swapped the roles. aa becomes bbb and bb becomes aaa. Which one works now? The one called "bbb". When two phptemplate.engine-based themes are installed in the system, only the last one found in the system at the time themes are being searched works. The others break.
So now I first have to figure out what's wrong with the old themes, why they can't be made to work. First approach: make a database dump and grep to see where all my friends show up. While doing that, I found what's up with the mysterious phptemplate without .engine: the corresponding entries contain a chr(0) instead of the period. Ascii-null. MySQL stores it, but PHP cuts it off on access. And for all the old templates, there are all these broken entries. Also, the engine remembered in the phptemplate extra_templates entry in the variable table which themes it had already seen.
Another clean room test: throw out the entries in the system table with type='theme' and description like 'themes/engine/phptemplate%'. Then it knows nothing more about the themes and their names. Then only have my desired template and activate it. And behold, it works right away. Then unpacked Kubrick. And it works. But after that, my own theme doesn't work anymore. As expected - Kubrick comes after hugo alphabetically. Delete Kubrick again and my own theme works again - after appropriate refresh.
So investigate where the heck this is happening and why. It only happens with the phptemplate.engine themes. The xtemplate.engine themes work without problems. Although it turns out they do it despite the bug - it affects them too. Because in system.module in system_theme_data (how I figured that out I'll spare the readers - it was just successive inserting of echo statements to see when and where things break) it gets destroyed in the last step - in the call to system_obtain_theme_info - on the files the description element. And that's what gets saved in the system table to reference the theme engine. Only the last theme of an engine keeps the correct entry, all others are broken.
Hmm. The basename call on line 336 is the only suspect - it basically only delivers the theme engine without the .engine suffix. But it shouldn't change the actual field, so I hadn't paid much attention to it before - the PHP documentation says nothing about side effects of this function. But when I comment out the entry, my theme works and Kubrick too - simultaneously. But the PHP manual says nothing about basename changing the original string.
So I wrote a small test script that just makes a basename call. Ugh. Yes, that's it - basename changes the original string, and it puts a chr(0) in place of the period. And behold, there's a bug report from 2002 about it - yes, I'm running an old PHP 4.1.2 version, since Debian Stable. The bug report has a workable solution for my problem - just put the variable in "" and work with string interpolation. And behold, problem solved. And make a note to remember: in 4.1.2 basename breaks the source variable.
And a programmer spends debugging time on crap like this (I mean the bug, not Drupal)
I could have learned a decent job. Whisky barrel keeper at Jack Daniels, for example...
or at least that's what one could think. Today's program: Drupal 4.5.2. Nice package, I especially like it because there's now also Kubrick as a theme for Drupal and because it's quite powerful while still being reasonably manageable. But every time I deal with it again after a longer break, I fall into the same pitfalls: for example, enabling translations. It's great that translations exist. But when there's not even the slightest hint on the website about what you need to do, you end up feeling pretty stupid. Ok, yes, you just have to activate the locale.module. But where on earth is that documented? In the x-th hierarchy of the administration menu. Equally annoying: a database connection for PostgreSQL is included. Unfortunately, it's only usable from PHP 4.3 onwards - older versions aren't supported, even though Drupal runs from 4.1. After I've edited everything to use the old function names, it still doesn't work: apparently a default value was missing for the uid column in the sessions table. After I set that, PHP hung when accessing the site. Ok, fine, use MySQL instead (but I don't like MySQL...). Alright, now I'm in, I also have Kubrick as the layout and German translations. Ok, part of the system in German - but there are tons of missing strings. So I know what I'll be doing again soon. Great. Just as great as the default value for the file directory, which is simply "files". Which doesn't work if you want to allow users to upload images, because then "files" and "pictures" get concatenated without a /. And no, the / can't be before "pictures", it has to be after "files". And that with Kubrick the menu in the right column obviously has to be selected as "links" when activating blocks - I probably don't need to mention that separately. And the fact that the manual is anything but up to date - sorry, but that's just ridiculous. It still talks about directory structures in places that don't even exist anymore. No, the settings aren't in sites/default/settings.php - they're in includes/conf.php.
Ugh. This is such a nice project. And the whole system is really powerful and stable. But the documentation is really a joke. Sometimes I get the feeling that people aren't documenting Drupal at all, but something else entirely.
Still, it's nice, so I won't complain too loudly. Others don't really do much better either. Still - it could be so nice if the reference to the online manual would actually help instead of confuse...
Urban Legends Reference Pages: Media Matters (Hot Jobs) describes how a hypothetical consideration from TAZ and a report about a brothel operator who cannot find prostitutes for his brothel (and is not allowed to search for them through the employment office, because it refuses to advertise such jobs) then becomes factual reporting in the English-language press, in which it is then claimed that women who refuse jobs as prostitutes would lose their unemployment benefits.
So much for professional journalism
Although I would certainly hope that our supposedly great legislators don't subsequently turn this newspaper hoax into truth...
Read on golem: New Phishing Attack Possible in Many Web Browsers. Great. Once again, a sloppily implemented solution and a sloppy standard. The whole umlaut domain stuff is nonsense anyway, and you have to wonder why it was implemented in the first place - the mere fact that this garbage only works for websites and IDNs can't be meaningfully used for anything else should have made anyone realize what a ridiculous idea it is. And now it's also a phishing hole.
Clement for raising the retirement age - great idea. First they crank up the weekly working hours. Then the working lifetime. And then we're back where we once were: workers exit the stage in a socially acceptable manner before reaching retirement age. And suddenly the pension insurance is doing better again.
Doing the GNUstep two-step is an older report about the GNUStep Live CD. I'm linking it only because it describes a problem that has also annoyed me: the CD doesn't boot. Which is pretty stupid for a live CD. And no, the argument that it doesn't boot on some old computers doesn't hold up — the computer having the problem here is just one year old.
The GNUStep Live CD developers really should tackle and solve this problem — because if all kinds of Knoppix variants boot on a computer, and even the Gnoppix CD boots — then there's no reason why the GNUStep CD shouldn't boot. And no, floppies are not an alternative — the computer has no floppy drive. It's just too new for that...
GeoURL has been revived - or rather, a new GeoURL service has been built. Simply go there, register your own site, and then integrate a link like my nearby link. And suddenly we can see who's in the vicinity again. The whole thing is still somewhat spartan, but it's enough to find neighbors (greetings over to Paderborn and groetjes naar Enschede!).
By the way, to help my rusty Dutch (I can read it relatively fluently, but write it only extremely haltingly), the German-Dutch dictionary at pauker.at was helpful.
Update: cool, no sooner do you post about it than other neighbors resurface. And what do I discover: Gedankenschnipsel is now also running on WordPress.
In dirtSimple.org: Optimization Surprises, Phillip J. Eby writes about optimizations he made to his implementation of generic functions in Python. I find it fascinating whenever he writes about this project, because generic functions are well-known to me from Common Lisp. However, what's equally fascinating is how he squeezes out half microseconds of performance.
In his case, it actually makes a lot of sense, since it's about central machinery that gets called constantly with generic functions. Minimal performance improvements make a huge difference in tight loops.
Also very interesting is what he discovers about Python's internal mechanisms and what effects, for example, simply the existence of closures in a function has on processes.
Exciting. Absolutely exciting.
Since we're on the topic of live CDs: Oralux is a live CD with a Debian-based distribution that is specifically designed for people with visual impairments. It asks very early for a speech interface and is overall designed so that you can control it by voice.
In a new attempt at the title of the most ridiculous homophobic organization in the USA, Focus on the Family is taking aim at SpongeBob SquarePants. Yes, that's right, that little yellow sponge with his somewhat dim-witted friend Patrick the starfish. Oh man. What kind of crazy people are these, if their expert at detecting homosexuality finds SpongeBob suspicious. Ok, it's stupid enough to begin with that they think they need an expert at detecting homosexuality. Somehow this American paranoia about gay people would be directly funny if homosexuals in the USA weren't suffering so much because of it. Well, in the land of free speech you can apparently be a Nazi without punishment, but gay - no, that's supposedly evil.
Bloglines has been sold to Ask Jeeves - so how do you see this now in terms of using your feed in Bloglines? Is that still just as okay as before? Or is there a difference now that suddenly bigger money is flowing?
Since I temporarily rebuilt my environment and removed CodeTek Virtual Desktop, I was able to play around with Firefox a bit (which is incompatible with the CodeTek part and causes quite a bit of trouble when you use it with it). I noticed something strange: when I use the WordPress bookmarklet to blog a page, the little window always gets put in the background. Kind of annoying - you have to move the large website out of the way to get to it. Has anyone else seen something like this and maybe knows a solution?
For now I'm back to Camino as my browser. It's the same renderer anyway.
The Pentagon pays news websites on the internet with slightly biased reporting. Objective: to improve the image of American politics. Even CNN is already reporting on this. And no, this is not funny - quite the opposite.
Pentagon officials say the goal is to counter "misinformation" about the United States in overseas media. - sure, we all believe that, they just want to correct false information. And certainly not spread their own lies. We would never suspect anything like that.
For a good reason, here's some information and a warning: if you find comments in your blog right now with content like "I agree with you," you may be receiving a visit from a spammer. The spammers have figured out that in some blogs (especially newer WordPress versions) you need to have one approved comment before you can then use that address to post further comments—which of course are then just spam. So: even though it's nice when someone agrees with you, in this case you could be approving a Trojan horse comment.
Stoiber claims Red/Green is responsible for the NPD's success - of course their success is certainly not due to the constant right-wing flirtation of the Union parties and the FDP. No, it's absolutely absurd to believe that voters who constantly read verbal attacks on foreigners from the opposition and are repeatedly drilled with how terrible the many immigrants are might eventually vote one level further to the right.
In times when Chancellor Kohl held fiery speeches against foreigners, there were also firebombs against asylum seeker homes.
Of course, unemployment and the general economic situation of these people is a significant factor - but that is not insignificantly determined by the Union-governed states. How many initiatives were blocked in the Bundesrat because they didn't go far enough for the Union parties? I cannot see where the CSU's anti-foreigner agitation and the constant demands for even more welfare cuts by the CDU and FDP are supposed to contain any perspectives that should motivate NPD voters to vote for a different party.
Sorry, but all the major parties can claim the NPD's successes - they botched them together. The naivety of MĂĽntefering is just ridiculous - of course the voters are the cause of the NPD's success. But the major parties lay the groundwork just as much as the rest of society. To claim anything else would mean that daily politics are not part of society and social development - and that is highly absurd.
And sorry, but platitudes like those from our Federal President don't help either - if what happened in Saxony was really a wake-up call, where are the awakened politicians? Are they hiding under the bed in fear now? Where is the factual engagement, where is the categorical rejection - when NPD politicians repeatedly receive sympathetic votes in Saxony? When a minister-president of a certain Hesse writes forewords to ultra-right books? When Union politicians themselves give fiery speeches or support party members who repeatedly make blatantly antisemitic statements?
The loss of reality of some politicians is reaching frightening proportions. People, you are part of society - and your actions determine the direction of society like the actions of no other population group. And as part of society, you are part of the problem.
blogg.de now also does tagging - and after I asked, now in the same way as Technorati. So with the category tag in the RSS feed if one is present there. Since I've always used categories like tags on my blog anyway, that's extremely practical - my posts end up in the right section on blogg.de. Nice. By the way, in my opinion that's also the smarter alternative to the easily set up group blogs as they should be implemented via Topicexchange - simply a central ping service and corresponding entries in the RSS feed.
The Hermenschauer was asked to remove an article that references this article on Feuerwehr.de. The article discusses a company that holds a combined word and image trademark for "First Responder" and is attempting to take action against simple mentions of the word portion in domains and online presences. This is despite the fact that, according to the description on Feuerwehr.de, they have already been rejected by courts for this and there is a clear ruling that their trademark is only valid in combination.
To me, this looks very much like an attempt at censorship. Though I don't understand the reasoning behind it—the trademark holder apparently set up or is trying to set up an online magazine around the topic. But something like that can hardly work if you first antagonize the people who actually deal with the subject matter. Who would be interested in such an online magazine if they had previously received a cease-and-desist letter from them?
Certainly, the partly privately-run fire department websites are potential competitors—but that's just how it is on the internet, you're not alone there. And lawyers don't help with that either.
US music industry accuses deceased of file sharing - they must have taken advice from Kanther. But I do find it quite nice of the music industry that they now want to possibly drop the lawsuit. You have to be persistent - even dead women over 70 shouldn't get away with file sharing without a computer...
