RISKS

Open source bounties

Most readers are probably familiar with the fact that companies or organizations sometimes post “bounties” for open source products, or features, that they would like to see developed. Implement the thing to their satisfaction, you get the bounty – and the community gets the code. Sweet. A while back I started gathering references to these things, thinking I’d start a site that listed them, made connections between coders and sponsors, etc.

Protecting the server with mod_evasive

As I hinted in my report several days ago about this server suffering a DOS attack, I’ve taken some measures to prevent a repeat occurrence. One of them was to install the mod_evasive Apache module, which was suggested by a number of people. (There’s also mod_security. It’s way more complex than I need right now, but would be worth looking at for a busier server.) Initially I was skeptical, since mod_evasive doesn’t seem to be a very actively maintained project.

My first DOS

If you tried to reach this blog or anything else on this server this afternoon, you may not have had much luck. A computer in Korea was hammering my server so hard (aka Denial of Service attack) that my hosting provider temporarily disabled Apache so that my instance didn’t bog down the whole VPS. I was busy at work when this happened and am not sure exactly how long it was out, but this was one of the most severe outages I’ve had in the last three and a half years.

Library of 1000 scammy spams

One of my neglected side projects, purportal.com, features a “Scammy spam library” where I share the text of scam emails I’ve been collecting. Today it reached the 1000-specimen milestone, so I wrote a little script to count word frequencies. The raw list reads like some of the less coherent messages itself: account email our please ebay me paypal information bank any address through contact security am money funds us million…

Top 20 MySpace passwords

Bruce Schneier has an enjoyable article up on Wired News that describes what he learned analyzing some password data from a recent MySpace phishing attack. In it, he lists the top 20 most common passwords in his sample of 34,000: password1, abc123, myspace1, password, blink182, qwerty1, fuckyou, 123abc, baseball1, football1, 123456, soccer, monkey1, liverpool1, princess1, jordan23, slipknot1, superman1, iloveyou1 and monkey. Best quote from the article: “I don’t know what the deal is with monkeys.

Uncovering dirt with Google code search

Jason Kottke has a great list of unusual, funny and/or potentially embarrassing things that can be uncovered using the new Google Code search. This reminds me of my old list of technically incriminating Google searches, which has proven to be surprisingly evergreen.

International Freedom From Stupid Software Patents Day

LZW – that is, the formerly patented Lempel-Ziv Welch compression algorithm – is free today. The footnote on the Free Software Foundation’s GIF history page says: The Unisys patent expired on 20 June 2003 in the USA, in Europe it expired on 18 June 2004, in Japan the patent expired on 20 June 2004 and in Canada it expired on 7 July 2004. The U.S. IBM patent expired 11 August 2006, The Software Freedom Law Center says that after 1 October 2006, there will be no significant patent claims interfering with employment of the GIF format.