BBC News has a front page story about a petition to the government to phase out the use of IE6. Historically, ceasing to use IE has always been a good idea in my book, and IE6 is now very outdated (it’ll be nine years old in August). What caught my eye, however, was the following line in the article, removed from later editions:

“The petition, set up by Dan Frydman of web firm Inigo, currently has just 44 signatures.”

Since when is a petition with 44 signatures worthy of front page BBC News? Does someone in their web team have an undisclosed anti-IE6 agenda, or has the Beeb started doing marketing work on the side?

Since the BBC story was posted, the petition has gained approximately 1300 signatures.

Update: 11 hours later and the petition has 4400 signatures.

Wow, my iPad article from 5 years back is having a bit of a friendship day, and as a result the server is having its busiest day ever.

top - 12:40:22 up 134 days,  2:52,  1 user,  load average: 10.24, 6.99, 5.46
Tasks:  90 total,  15 running,  75 sleeping,   0 stopped,   0 zombie
Cpu(s): 94.7%us,  4.0%sy,  0.0%ni,  0.0%id,  0.0%wa,  0.7%hi,  0.7%si,  0.0%st

Everything’s locked down using WP Super Cache and as a result the server seems to be coping, though its CPU use is way up.

Note: if you’re going to reference the article please just link to it, and don’t hotlink the image. Depending on how much residual traffic the current hotlinking generates I may have to deny access to the image and redirect to a picture of a kitten, or something.

A simple hint for email administrators everywhere. If you have a large number of users with unique sequential ID numbers, it may be tempting to use that ID as a primary email address, or an alias, but don’t do it. It’s an open invitation to spammers to target your users with the minimum of effort. Once they know one number in the sequence they can quickly find two more addresses by adding or subtracting from the first. Before long, with kinderarden maths they’ve guessed every email address and can proceed to spam them all. Today, I was automatically registered for one of Portsmouth Uni’s Google Apps accounts. It comes complete with an email address that is sequentially numbered. As a consequence, having never sent a mail with the account, and having never logged in until today, I found in my inbox, five, beautiful blinking pieces of spam. Years ago when we were setting up the email addresses for vodafone.net, the powers that be in Vodafone were really keen to have your-phone-number@vodafone.net as the email address format. We advised against it, strongly. We did sharp intakes of breath. We did furrowed brows. We did reverse psychology. Everything. The light was seen, and sanity and happiness was maintained, at least for a few months, then they did it anyway. I wonder how those vodafone.net accounts are doing now.

Not stepping on the lines in the infant playground. Girls drawing hopscotch numbers on the paving stones and singing “who stole my watch and chain”. Wondering why the girls never wanted to play war. Lining up when the whistle went before classes. The day The Whistle was replaced by The Bell. Learning the golden rule: DONT PLAY ON THE RAMP. The concrete steps being installed between the middle and the top yard. The view.

The cloak room, bursting with colour from everybody’s personalised gym bag, and darkened by damp snorkel jackets. Discovering that by the time we’d got to J4, the infants toilets were really titchy and then reminiscing about how little we were when we were young.

Friday morning TV in the hall, with the fold out sun-shield. Queueing at the dinner hatch. The light streaming in and catching dust particles in assembly. The kid who always added an extra “of kings” at the end of “sing hosanna”. When we first learned we had to do a class play for the whole school and really bricking it. Billy Beacon (which scared the smaller kids).

Friday lunchtime, when Mr. Pascoe would retrieve all our balls that we’d kicked onto the roof throughout the week. Rugby on the top field in the winter, frozen to the core and smothered in linament. Mrs. Davies spraying her perfume around the room because the boys smelled so bad when we came back into class. Winning the Div-4 West football league. The Summer Fete. The bloke that mowed the grassy slopes with a flymo on a rope. Walking home down the lane towards Wimmerfield with an ice-cream from Brian, who stopped outside most summer afternoons.

Small glass bottles of milk with blue straws. School Sports day. School attendance being so low that the green team was dissolved. School trips to St. Helens swimming baths; Brynmill Park; Fairwood Lake. The Alton Towers Trip. The Christmas Carol Service in St. Hilarys. Watching a film at the end of term, in the hall, on a reel to reel projector. Helpers. Mr. Smith’s delicate use of “Six of one, half a dozen of the other.” when investigating the cause of a disagreement between 8 year olds. The awful, terrible, fashion mistakes of the early 80’s. The “art” areas. SMP. The installation of the water fountains.

School letters, hand written, and copied on the purple photostat machine. Sitting all day in the quiet room to watch the first shuttle launch.

The school getting it’s first ever computer, which we were allowed to use in breaktime, on a strict rota, with the older kids having priority time. Learning to type CH."" and dutifully responding to the "PRESS PLAY ON TAPE" message.

Most of all, when the sun was shining, it was a good day for a fire drill. We’d evacuate the building quickly and clamly. Then as a reward for our swift and safe exit someone would be sent into the hall for the brown plastic box on wheels that contained the hoops and bats and balls that meant a game of crazy cricket was upon us. I still remember the sound that thing made as it was wheeled out over the paving and tarmac; that’s that sound of summer.

I just watched a nice presentation by Yahoo evangelist Christian Heilmann who opened the show at FF09 yesterday. Whilst there’s a lot of good ideas throughout regarding the maintainability of JavaScript code, one nugget stood out about code tutorials. Christian Suggests a four pronged presentation strategy when writing tutorials for designers – it is equally valid when presenting concepts to fresh geeks:

1. Say what it does.
2. Show a working example.
3. Include the full code of the example.
4. Explain the example using code chunks interspersed with descriptive paragraphs.

A simple & sensible blueprint!

“A conference on ECMA-262” doesn’t sound particularly exciting, so I can understand the organisers of Full Frontal 2009 wanting to pick a name that was perhaps more attention grabbing. I’m heading along there tomorrow, and depending on the format (& facilities at my disposal) I’ll hopefully be able to blog and tweet throughout.

I wondered how hard it would be to get this site fully compliant with the as-yet unpublished HTML5 spec. Please excuse the dust. Most things are in and working. Still to tweak are nested comments and a few CSS niceties.

The idea of twitoaster is that it allows twitter users to reply to posts using tweets, so the discussion can live in many places. Nice. Fellow twitter users, I’d be most grateful if you could try this out to let me see if does what it says on the tin. Tweet comments are moderated, so they won’t appear immediately, but they should appear once I’ve seen them.

Right now, there’s limited information on reputable news sites regarding the earthquake/tsunami that occurred south of Samoa yesterday. To find more, I turned to Twitter (and its open source equivalent identi.ca). Disseminating live news from witnesses, moments after a major event, is the most compelling feature of such services, but both failed me. Not in the fail whale sense. Both sites were technically operating at 100% normal status. It was the content.

For example: using search.twitter.com I get the folowing results for samoa

1. Hypeflash: Alao Siva-American samoa flag day 2008 http://tinyurl.com/[REMOVED]
2. Hypeflash: Bizarre Foods SAMOA 4 – http://tinyurl.com/[REMOVED]
3. lisa1248: Get free medicines and sample for free http://bit.ly/[REMOVED] #everlastingsong Goodnight Google Wave #HealPhilippines Kraft Life Motto Samoa
4. dixiefs51: after Manila, Typhoon Ketsana ( ondoy) has killed people in Vietnam then a tsunami hit Samoa.
5. jessecardol3e: American Samoa | got a cam? wanna go one on one? http://wowurl.com/[REMOVED]

Only one of the most recent five tweets is of any relevance, and even that is just passing on the story, not adding any detail. The rest all link off to sites selling medicines or other vices. I’ve got to look harder to find more information, but wading through an 80:20 spam ratio is not convenient. When looking for timely information, this kind of noise can only lead to the source being dropped from the search.

Live news from witnesses, moments after a major event, is Twitter’s most compelling virtue. The problem is, ne’er-do-wells looking to make a quick buck are now all over it like a bad rash.

Now, it might be possible to utilise an n-degrees of separation model for searches. I might do a search for samoa, and restrict results to those written by people withing 4 degrees of separation from me: however, such a system is almost certain to be useless, because there’s no guaranteeing that my expended network is affected by and recording the event.

A more fine grained model of trust might be a solution here. I don’t necessarily know everyone I follow on twitter, but I do know who my friends are and who I trust. If there was a way to put a figure on that trust then rather than the binary degrees-of-separation model, a probabilistic model could be used where I ask for search results within a trust threshold.

Whilst idly watching my syslog recently (as one does), I noticed with some discomfort, that outbound connections were being made from my server, to sites of questionable repute. Something that might indicate that the machine had in some way been compromised. The logs show messages such as:

Aug 20 14:40:20 hostname apache2: Successfully fetched 'http://litjnz.cn/': GET response code 200
Aug 20 14:52:35 hostname apache2: Successfully fetched 'http://tqeetazx.cn/': GET response code 200
Aug 20 15:00:26 hostname apache2: Successfully fetched 'http://cnduiz.cn/': GET response code 200

Aug 20 12:13:54 hostname apache2: CURL error (6): Couldn't resolve host 'byuxlcifxlso.com'
Aug 20 17:24:43 hostname apache2: CURL error (7): couldn't connect to host
Aug 20 17:24:58 hostname apache2: CURL error (28): connect() timed out!
Aug 20 17:25:07 hostname apache2: CURL error (28): Connection time-out

After a little investigation, checking various access logs and processes, and comparing several different logs at once for serendipitous links*, I spotted, with some relief, that my server hadn’t been compromised after all. It was, in fact, the OpenID service that I run from my server, that allows others to login to this site without registering here.

So, any OpenID server can be forced to make a connection to a third party server, and make a page request. This means that (for example) rather than requiring 1000 distributed bots in order to generate network traffic to a server from 1000 locations, all that is required is one bot and a list of 1000 OpenID servers. Such a tactic is useful for black-hat SEO companies, for example, who want to appear to prove that whatever secret magic tactics they’re using to increase traffic are working.

Whilst this form of traffic generation is cute, there is perhaps a more interesting angle. With thousands of OpenID services around already, and hundreds, if not thousands more being added every day, OpenID might become the platform of choice for proxying and amplifying a DDOS attack.

OpenID server software needs to be able to detect and prevent this kind of attack, or the server on which it’s installed is likely to become very unpopular, very quickly.