fwaggle.org

Oops! With all the commotion going on with the holidays, I completely neglected to update both my WordPress sites. Thankfully no one decided to teach me a lesson, as I’m sure about 5-6 years ago my lack of humility would have led plenty of people to try. Suffice to say I was a bit too big for my breeches a couple years back and I probably deserved to get knocked down a peg or two.

I’m not entirely sure whether I was exploitable or not, the details were pretty vague – all I knew is there was an update and I didn’t do it.

We’re slowly but surely moving towards transferring all of our “Sabrienix Mumble” branding over to our “MumbleDog” branding – not bad considering we’re coming up on having had the domain a year, I think.

We don’t want to lose our semi-pole position in the search result pages, so I haven’t just hard-cut everything over yet. We’re still trying to amass more targeted back-links, so I’ve been going through and searching for blog posts about Mumble and trying to respond to people’s queries and complaints as best I can, with the hope they’ll appreciate my comment as not being spam and leave the back-link in place.

We’ve done a few directory submissions, but I’ve honestly never really found directories to be all that useful. It seems like the ones with pagerank all wind up charging, you have virtually no chance of being included in their free programmes anymore.

DMOZ are awful at that… I’ve not heard of anyone in years getting their site included in ages.

I’ve still got quite an amount of work left to do on the actual site though too – I think I’ve settled on a design I like (no small feat), but there’s a ton of missing/not working pages, and the design itself still needs a little more polishing.

Maybe in year #2 we’ll actually make it the main site for Mumble hosting.

Today after lunch I came upstairs to check IRC and see if anything interesting was happening, and I noticed I was disconnected. I went downstairs to reboot the DSL modem, figuring it was acting up, and the DSL light was blinking red. So I grabbed our fax machine (the only phone-capable device I have laying around) and there was no dial tone – outside to crack open the demarc and there’s no dial tone out there either.

Turns out at least one of our neighbors’ phone is out too. The phone I could care less about, but not having the DSL really puts a hurting on us. I called up AT&T and filed a trouble ticket, as did the neighbor, and they said they’d be out Tuesday. I wasn’t exactly expecting emergency assistance, but Tuesday’s friggin’ ridiculous. Lucky our neighbor saved us the trouble and yelled at some poor customer service rep until they agreed to send someone out tomorrow – hopefully it gets fixed fast, because meatspace is terribly boring when it’s all you have.

We decided to spend some time outside hacking out some of the shrubbery that makes our place look like a jungle. I put the kids to work helping me out, and we got a pretty sizable pile out on the street which I’m sure the city workers will be thrilled to see (considering they probably have one of the most cushy jobs in the entire county, they sure bitch a lot). We’ve still got a ton more as well, but I’m figuring on doing more tomorrow.

Maybe I’ll post some pics of the pile.

It’s been a really rough weekend (well, starting Thursday) for MumbleDog and Sabrienix. We’ve been toiling away at fixing all the bugs in our Murmur services, and there’s finally a light at the end of the tunnel.

The problems started about a week or so ago when a nasty UTF8 exploit was released that let people crash the Murmur process – because we use real virtual hosting instead of that godawful TCAdmin script that was floating around, the unfortunate side effect would mean that if one Murmur blew up, they all would in the same location. Needless to say, we hop on security issues ASAP to make sure that doesn’t happen.

We got that fix all built out, tested it, and then placed the updated binary in place of the old one so if someone did blow up our Murmurs, they’d restart impervious to the attack. We figured that’d be better than just restarting at an arbitrary time and pissing someone off (because there’s never a good time to restart a bunch of voice servers), and it’d give us time to look at the second exploit.

The second one’s particularly nasty. It looks like it’s a bug in QT’s QSslSocket, and indeed that’s what most everyone’s billing it as – however it also looks like the bug is either fixed or mitigated by updating OpenSSL. I’m personally not clever enough to figure out where the bug is or how it’s fixed, all I know is that OpenSSL upgrades stopped the exploit that was in the wild from working (which anyone can download and point at any of the public servers and make them eat shit, so that’s not fun) so that was good enough for now until more information comes around.

After a lot of messing around with QT’s weirdness with regards SSL, we finally got it working so we restarted the servers with updated versions ready. The reason we restarted on purpose after this update is the second exploit doesn’t crash the server, it makes them go into an infinite loop, so they just sit there. Our monitoring systems would go crazy, but they wouldn’t actually restart the process because it’d still be running.

The downside to this was that the same upgraded OpenSSL that broke the exploit also broke public server registration. So our current servers that are up and running right now, none of them can be listed in the public server list. After a lot of messing around and hacking, we think we’ve gotten a completely bug free Murmur, but I’m running on very little sleep so we’re going to do a little more testing before we restart the servers again.

For what it’s worth, prior to these nasty bugs rearing their ugly heads, our servers have been up constantly for basically the entire year. We had a few spats of network issues here and there, but our datacenter staff have been taking the best vitamins and on strict health regimens to make sure they’re swift to react to them.

I might wait until monday or so, just to get past the “premium” gaming time, before we restart the servers. I mean yeah, it is summer, but those of us who work don’t particularly want to be in the middle of a raid or something and have our server reboot.

I’ve been getting a ton of almost-on-topic spam comments lately. I say almost because most of them aren’t quite completely on-topic, but they’re doing a pretty great job of it.

Say you write about getting shar pei dogs, there will be a post almost on topic and a link to say “wrinkle cream reviews” in the name/url section. Okay, maybe they’re not that badly off-topic, some of the comments and article subjects I’ve noted:

• VOIP Telephony links on posts about Mumble.
• iPhone on posts about Windows Mobile smartphones.

I’m sure there’s a few others but I don’t feel like going through the spam buckets on my other WordPress sites. The funny thing is they all manage to sneak past Akismet (probably because they’re all uniquely written), but they do all end in three random punctuation marks, like this:

Hi I liek ur phones I hope to one day own 1′-,

It’ll be interesting, given the wealth of keywords in this post, what they decide to try and link it to now.

One of the great things people love about our Hungry Hacker website is the lack of obtrusive web advertising… the site is something like 7 years old now on it’s current domain, and it’s had exactly one banner ad on it, and that was only on one article page and was just to see how it performed. We’ve never had pop-ups, pop-unders or anything on it.

For the longest time we did quite well with eBay’s affiliate marketing network via Commission Junction (it’s now called the eBay Partner Network and run in-house at eBay) – we realized we were never going to get rich but we made a few bucks a month we could spend on new projects here and there.

Then a while back, they switched from paying us on a per-action basis (so if someone bought a PS3 from one of our links we’d make a few bucks), to paying per-click on a quality basis. Most of the people who read our site are looking for the cheap way to do something, so very few of them actually bust out the ol’ Paypal account on eBay. In fact so few of them do, our quality of clicks has been stuck at zero for months, which is terrible because I know we’ve sent at least some quality traffic their way but we’re still stuck at zero.

So I’ve been thinking about adSense, because apparently it’s pretty fire-and-forget, assuming you don’t get the boot for fraud clicks. The only things holding me back is that I won’t have fine-grained control over what the links are, where they go, or how relevant they are (as I do with eBay) and it’d kind of be breaking our site’s creedo of not having “super-liminal” advertising.

So combine that moral dilemma with the fact I might either a) make no real money on it or b) get booted for click-fraud like so many other legitimate advertisers seem to be doing, and it’s pretty easy to see why I’m dragging my feet.

Can anyone forecast approximately what the income would be? We’re down to about 2k visitors and 3k page views per month right now, and we’re not tracking ebay click-through rates at the moment, but in the past it’s been between 1 and 5%. I’m assuming that as fancy as Google’s system is, it’s not as good at picking out relevant stuff as a real author doing so, but still.

I was involved in a discussion about OSes today and the subject of Gentoo came up – it’s funny how Gentoo always manages to attract flak from just about anyone who isn’t a Gentoo user. I’m thinking maybe that watching all that shit scroll by while they install something makes people think they know more than what they really do, so they start making outlandish claims and wind up looking stupid.

Personally, I’m still not a huge fan of Open Source OSes for the desktop. Like I said earlier today, security notwithstanding most every other criticism of Windows just plain isn’t true any more… I haven’t had to do the daily-reboot thing with any NT-based OS starting from NT4.

For server OSes, FreeBSD’s my thing… a Daemon’s always going to be cooler than a tuxedo penguin, but really it’s all about the hier(7). For that reason, I really can’t conceive of why something like debian/kfreebsd exists – if anything I’d prefer the wide swath of hardware support covered by a nice clean BSD userland, not the other way around.

I seriously cringe every time someone goes “oh, you like FreeBSD? You should try Gentoo – it’s a lot like BSD”. Seriously, no… stop saying this.

…but I’m on an optimization kick and can’t stop talking about it. Hungry Hacker just gobbled down another fistful of slimming pills now in the form of a removed jQuery library from Arthemia. Well that’s not strictly accurate, because Arthemia doesn’t included jQuery by default – the bottom right portion of the footer contains a box that lists the “most popular articles”, which is powered by the WP-PageViews plugin which… you guessed it, uses jQuery.

To me it’s almost a case of “everything looks like a nail” with respect to jQuery – it’s one hell of a fat (cool, but fat) library for just ensuring a script is called without cache control. The same thing could be fixed with a transparent image, or a lightweight home-brew AJAX call-home without the entirety of the library included for every page view.

Disabling this plugin lopped off 25% of the average page’s uncompressed total file size – to be fair, with gzip compression on it was probably closer to about 5KB actually saved (though I have no idea how much jQuery weighs gzipped) but the fact is we saved another HTTP request, and a script request in the <head> of the page no less.

Median page-load times according to the PageSpeed plugin for Firebug look to be between 600ms and 1 second – I think that’s good enough, actually. I just need to think of something to put in the unoccupied territory of every page now, and then I should probably get back to work putting up content.

As I wrote about earlier, I spent the better part of the last couple of days trying out various tricks to soup-up WordPress websites. One of the things I managed to do was re-imagine the thumbnailer common to a good portion of those “premium themes”, to allow it to serve mostly-static content instead of relying on PHP all the time.

The results are pretty freakin’ awesome – based on some rough benchmarks I’m expecting somewhere between ten to fifty times as much users during load when it’s teamed up with nginx.

Of course it has some serious caveats, not entirely unlike the side effects of diet pills (pooing out fatty jelly isn’t entirely out of the question) and it’s rather annoying to have to edit your theme every time you want to change your look… but I think the results are worth it.

I’ve released the instructions for Super-caching TimThumb on Hungry Hacker, it’d be awesome if it were somehow rolled into the main script.