3MF

The plight of a Movable Type plugin

Nothing is ever as easy as you would hope it to be.

So i've been messing around with my comment spam stopping idea. When searching for sample code on the web, i kept coming across samples that use the MT::Plugin class which is new to MT 3.0+. I'm still running 2.661 after the problems i had last time i tried to update my blog. Now that i have a local installation on my Mac to play with, i thought i would take another shot at an upgrade. I downloaded the latest version, copied the new files to my local server, and tried to login. Unfortunately, i was welcomed by a the same "invalid login" error that i met the first time i tried this process.

I had to retrace my steps to see where i might have gone wrong. The upgrade version has a bunch of upgrade cgi scripts in it to change your existing data into the new format. Since i was running 2.6, i thought i should run the "upgrade26.cgi" file. I think this was my first mistake. It turns out i should have run the "30" and "31" versions. I wish they would have put a readme file in the download itself to explain this more carefully. Nevertheless, after running these, i still could not log in. My next step we to head back to the MT support forums to see if there were any more suggestions on what to do next. This time around i found a link to a helper cgi file called MT-Medic. It offers a way to reset your Moveable Type author account password, among other things. Thinking one of the upgrades may have rehashed my password, i figured it was worth a shot. That did the trick and i finally had the newest version of MT on my machine and i could get back to coding my plugin.

I thought i would use MTBlacklist as a good example of how to write a plug in so i tried installing it on my web server. As soon as i did entries poured into my error log telling me i was missing a required perl module, "Storable.pm." A google searched confirmed this to be a common problem. Prior version of MTBlacklist could use this module to store data or the could use an alternate module, YAML. The newest version does not have this flexibility. It looks like it actually effects any items that use the new MT::Plugin class because this module is referenced in the MT::PluginData class which i believe is used to persist plugin configuration data.

Apparently Storable.pm is not included in the standard installation of perl. I connected to cpan to download and install this module. However i kept getting errors that prevented the module from installing. It just would not work on my copy of OS 10.2.6 (yes, i know i should upgrade but its so close to Tiger so why not just wait it out). This meant i would be unable to use the MT::Plugin class which was why i had started this whole upgrade process in the beginning. Given this news, I decided there was no point to upgrade to 3.1 on my live site.

Back to square one, i started a new web search to find more samples. I stumbled across an enhancement that created image captchas in the MT comments form. This was closest to what i wanted and ultimately worked by hacking the standard Comments.pm file in the lib/MT/app/ folder. It's not every elegant but at least it seems to work.

Rather than using an image technique as most of these systems do, i went with simple math problem that the user must answer by choosing one of four potential responses. I figured it would be easier for legitimate posters to get past than retyping some silly distorted characters, and, at least for now, it's just as secure. I doubt anyone will spend the time coding a script to scrape and solve my math problems any time soon. Plus it's still accessible to all of my visually impaired comment posters (yes, all zero of them).

OK, i've ranted enough for now. If you run into any problems, drop me an e-mail: me {-at-} matthewflickinger {.dot.} com. Let's see if it works.

Full Spam Ahead

I've learned that my understanding of how comment spam works is flawed. I had assumed that most spammers were just posting to the mt-comments.cgi file directly and bypassing the input form altogether. If that were the case, adding a hidden field that's not part of the standard MT comment form and requiring that field have a particular value would prevent most automated attacks. However that seems to have had no effect.

I decided to take a look at the logs to see what might be going on. It looks as though "they" are actually going directly to one of my individual archive pages before they submit the form. I have to imagine that they are scraping the form before reposting. Sometimes it even looks as though it's hitting the comment preview page. Two days ago the referrer for the first request of each spamming session came from "12.163.72.13." Today they seem to be coming from spam-y URLs themselves (perhaps trying to skew referrer logs as well?). The only other thing they have in common is the lack of a session cookie which all other valid records have.

I still can't image it would actually be a person stopping by the site and entering in bogus comment and contact information. It must be some sort of script. I just need a new trick to slow it down. Some bloggers have suggested using a captcha which would require the user to type in a word in an image that has been distorted in such as way as to make it unreadable to computers. I'm currently playing with the idea of adding an easy multiple choice question to my comment form which a person should be able to easily answer but a script should choke on. I've installed MovableType on my Mac to see if i can get a plugin working that would help me out.

The Bonzi Buddy prank

One of our network support guys here at work botched up his own computer and had to reformat today. When he left for lunch, he happened to leave his computer unlocked as Windows Update did its thing. I couldn't resist the temptation to have a little fun at his expense. You get such a good, clean feeling when you use a freshly formatted computer. What a shame it would be if the first time you went to use it you discovered it already had spyware installed on it. Hehehe.

OK, i'm not cruel enough to actually install spyware but i wanted him to think it had gotten on there. I went back to my desk and whipped together a windows form in VB.NET to mimic an installation screen. This is the result:

Ah yes, Bonzi Buddy. I'm not even sure if that guy is around anymore but it was one of the first obnoxious spyware apps that came to mind. My form was really crude and didn't do a whole lot. Of course clicking the "cancel" button would only make the progress bar move toward completion and when it gets to 100%, a pop-box opens and said "Installation complete!" I put a link to this app in his start up menu and waited for him to return from lunch and to restart his machine.

He totally bought it. His next download was Spybot. After his scan turned up nothing, we broke the news to him. I'm happy how the prank turned out given what little time i had to pull it off.

Update: Here's the source code written in VB.NET for version 1.1 of the .NET framework and the compiled executable.

Slowing comment spam

Comment spam is an inevitable annoyance when running a blog that welcomes reader feedback. The MT Blacklist plugin has been doing a pretty good job of helping me fend off unwanted advertisements for prescription drugs; that is until recently. These past few days i've been swarmed with links to thousands of on-line gambling sites. As a quick fix i followed this advice to reduce comment spam. By adding a unique, required hidden form field, it makes it harder for spammers to hit up every blog with the same code.

It's by no means a perfect solution but it's at least an added deterrent. The biggest weakness is that this method uses the same field name and value for all comments. I had been playing around with the idea of making a more secure method by using some sort of salted hash that factors in the both the IP address of the client and the article id if the post they are responding to. You could use these values to create unique form field names and values that can be verified on the server. Maybe i can play with some code this weekend.

UPDATE: This didn't work at all. Read the continuing saga.

P but Q

One of the benefits you get from taking a class is the new perspective it gives you on things that otherwise may overlook. For example, in my "Communicating in Mathematics" class we have spent a lot of time translating English sentences into mathematical symbols. For example, we have basic logical operators for "not", "and", "if", and "or." Every now and then we encounter a new operator and have to determine how to map it to one (or more) of our simple operators. The one that i've been most fascinated with is "but." Before this class, if you were to ask me to define "but," i probably would have quickly said it's like the opposite of "and" or that it means that something didn't happen. However, upon investigation i found out it's not the negative word i thought it was. In fact, it logically means the exact same thing as "and" only it adds touch of surprise to the conjunction. Now every time i use the word, i think to myself "and wow!" "P but Q" is the same thing as "P and Q." Same goes for "P although Q," "P even though Q," and "P however Q."

Yes, this is just one of the many thoughts successfully distracting me from studying for tomorrow's midterm.

Browsing with Netscape UNKNOWN

There's been more web standards buzz about the recent redesign of ABC News (with the help of Mike Davidson) and the new Yahoo look. I tried to use the new "my yahoo" pages at home and was greeted with the following screen:

It's hard to read but this is what it says: "You are currently using Netscape UNKNOWN . For the best experience using Yahoo!, we recommend that you upgrade to the latest version of Netscape." Then they offer a link to download Netscape 7.2. It's bad enough to use browser sniffing, but browser sniffing that doesn't recognize Safari is just ridiculous. The whole point if embracing web standards is so that you wouldn't have to do silly stuff like this.

Update 10/19/2004: The error message is gone now and the page doesn't seem to render any differently. I suppose they simply improved their sniffing.

Sold Out

Last night's performance went off with out a hitch. We sold every ticket and them some, squeezing nearly sixty people into that little room. I'm told we're sold out for the rest of the run as well which is always a nice way to go out. A fellow cast member had a dozen or so people in the crowd and they weren't holding their laughter back at all. It was probably the most responsive audience we've had. Although at times I, as an actor, get a bit worried when everyone laughs at a line that isn't even remotely amusing; it's as though they decided they were going to laugh at the end of the line before the thing had been said. It can be hard to maintain pace under such circumstances.

Keith, a member of the HTG board, came to talk to us before the show to make sure there weren't any hard feelings about the extension nonsense. Apparently the board was under the impression that we, the cast, wanted to extend the show. As i recall from last week, we were asked "if they did extend the show, do we have any schedule conflicts" which is a very different statement in my mind. At no point did we ever want to do more shows. It looks as though most of the confusion came from poor wording, but now every thing is all worked out. In fact, Heritage was kind enough to offer to cater our cast party after our last show on Saturday, perhaps as a way to make up for the last of an opening night reception.

Nothing more

Last week we had agreed not to have a brush-up rehearsal today, but for some reason we got a call yesterday telling us it was back on. I was a bit annoyed because i had planed to finish my big homework assignment tonight and a rehearsal, even a speed though, still takes up a good chunk of my time.

Nevertheless we got through the show in just under an hour. Then an announcement was made. We were told the HTG board had decided to extend the show. This decision didn't immediately sit well with the cast. We had been warned last week that it might happen, but no one was all that thrilled about it and we thought it would never happen. Dave was the first to speak up saying "no." Thus the mutiny began. He made the valid claim that the board was very unsupportive of us during the rehearsal process but now that we are making them money, they want more from us.

The fact is because we had so many hurdles in our way, including securing a performance space, finding somewhere to rehearse, and being given a tiny budget, we made this show all about us. We are doing this to have fun, and if audiences are enjoying it, that is a side effect and not the goal. There's not a whole lot of glory in being a local actor. We don't get paid and it won't make you famous. All we can really ask from the theatre company is to be treated with respect. I was first insulted when we had to put avery labels on our show posters to cover up the incorrect location printed on them. That was a bit embarrassing. Then, they didn't even provide an opening night reception for us. That's just not cool.

I think the rest of the cast would agree that we've given enough. We are not interested in extending the show. The final three performances are this weekend. Those that get tickets will be treated to a wonderful show.

More heavy reading

Despite the fact i've not completely made it through my last stack of books, i've recently found myself acquiring a bunch of new ones. From the bottom up, the first book is The LaTeX Companion. I wanted to make sure my papers i'm turning in for my math class looked as good as possible. Next i have Design Patterns Explained, another good overview of sound computer programming design principles. Third up is Learning Cocoa With Objective-C to get me started on programming for the Mac. VB.NET Business Objects is next up the stack. I hope that book will help to make our ASP.NET applications more successful as well. Moving on you will see volumes 1 and 2 of Sitepoint's PHP Anthology. The free sample chapters looked promising so i thought i'd given them a try. I can't leave out my math textbook which i'm constantly referring to for help with my homework. The penultimate book is Eats, Shoots and Leaves which is supposed to be an entertaining and informative guide to the world of punctuation. The last one is the only non reference book of the bunch. The Restaurant at the End of the Universe is the second book in the Hitchhiker's Trilogy which i would someday like to finish.

Luckily for me, i feel a bit under the weather today so i have nothing better to do but lie around and read.

The review

Looks as though Sue liked the show. It's not that often that Heritage brings in many more than fifty people to any show but at least the black-box space makes it feel like more. Still, i can only hope her critique that "the only problem with this show will be getting tickets" holds true. They don't post pictures on mlive so i'm not sure if they put one in or not. I'll have to track down a paper this weekend.

Five more to go

We made it through our opening night performance without a hitch. It was a far better show than yesterday's and probably the best it has ever been. A few lines weren't word perfect but that was the worst of it. We had plenty of fun back stage as well. Each night we have a "guest actor" who is responsible for putting out these placards with the name of the setting on them, just like the girls who carry around the "round one" signs at a boxing match. This evening it was Kim Mercatante. That lady is hilarious on and off stage.

The small spaced was filled with fifty six audience members leaving only one or two seats empty. The body heat from the spectators made the room much warmer tonight. They were generous with their laughter which was very welcomed.

A gentleman approached me after the show to offer a compliment. He said that he appreciated that i played my character a bit more "straight" in a show that was otherwise a bit over the top. I could take this as i just wasn't as funny as everyone else, but i think he has a point. We did add a lot of shtick into the show to make it entertaining even if you can't understand the language. He thanked me for letting some of the Shakespeare shine through.

Despite the lack of a formal reception, some of the Heritage board members did bring in champagne and chocolate chips cookies. Rather than going out to The Cottage afterward, i've come straight home because i'm starting to feel a bit under the weather. My throat feels a bit sore and i'm producing more snot than usual. I hope that a good night's rest will help me feel better tomorrow.

Line counter

I had been feeling bad that i was having such a hard time memorizing my lines for the show. I was curious if my burden was truly larger than my fellow cast mates. I resorted to line counting.

When i first started acting, i judged the importance of my part by the number of lines i had. For my first few parts, i could count the number on my hands. It's a very petty thing to do and i'm ashamed to admit it. Nevertheless i was interested in finding out if i had the most lines in this show. Rather than getting out a paper and pen, i sought a more technical solution. Turns out you can get all of Shakespeare's plays in an XML format. I wrote an XSL to count the lines for me and posted the results in my lab.

The results are as follows: I do, in fact, have the most lines at 269, followed by Adriana ringing in at 264, and Dromio of Ephesus shows with 246. (These are lines as in the ten lines that may make up a speech one character gives.) So there!

They didn't pay full price anyway

Tonight's final dress was a bit rough. For me problems started in my first scene. A fellow actor neglected to bring out a prop. Normally, forgetting a prop results in a minor inconvenience, but this particular prop is responsible for driving about 70% of the plot in act one. I had to change my lines in order accommodate this new twist and improvising in Shakespearean dialog isn't that easy to do. I tried to return as quickly as possible to the actual lines but once i jumped the track all heck broke loose. My head remained spinning through my next two scenes and i have no idea what i might have actually said out there. Act two regained momentum and the small crowd quietly enjoyed themselves.

The most disappointing part of the evening occurred during notes after the show. We were told that we're not having a post-opening-night-show reception because there was no where to hold it. The free food after our first performance in front of a real audience is the reason i volunteer for this stuff in the first place. It's all down hill after opening night. I guess the cast will be going to The Cottage afterwards but that's just not the same. They also told us that we will not be able to perform a scene from our show at the Grand Awards as we had planed. They really know how to lay it on us.

Costume firsts

This production of Comedy of Errors has a few costume firsts for me. It's the first time i'll be wearing a wig on stage and the first time i've worn a break-away costume.

First i'll talk about the more interesting: break-away clothes. Both the shirt and pants have been designed to be easily pulled off in one quick motion. The shirt has one velcro seems running down the back along my spine. It you grab the front collar and pull it straight out, it comes right off. The pants have had both outer seems replaced with velcro while the inner one remains intact. Thus if you put a thumb in a belt loop and give a good tug, they come popping off. I wish i had a few of my own break-away outfits so i could come home after these late rehearsals and go right to bed.

Now on to the wig. My "identical twin" has long hair, so rather than giving him a trim to make us look a bit more similar, i get to put on a hair piece. To get the length needed i thought i might be wearing some sort of female wig but actually the label referred to it as a "Beethoven" wig. What horrible, scratchy, squeezy, itchy thing is a wig. The bobby pins holding it to my head are the most painful part. They are there to keep the hair out of my face but so far they have been unsuccessful. It's weird having long hair; i now see why girls are constantly flipping their locks behind their ears. You'd think i be happy to get it off at the end of the show, but then it leaves my head all feeling weird. Wig hair is not very flattering.

Opening night is Thursday. Wish us luck!

Do no harm

We're finally working on a project at work that's just for us. We don't have to worry about satisfying someone else or conforming to their deadlines. This gives us a bit more time to play around. With our extra time, i thought this would be a good project to do everything in .NET. We've been messing around with it for quite a while now and this gives a good opportunity to learn how to take advantage of all that ASP.NET has to offer.

It was fun designing classes, implementing interfaces, declaring data types, and all that. The most annoying thing so far is Visual Studio 2003. Like most web publishing software, it gives you an option of putting your page together visually or just programming the raw HTML. The problem is that one trip to design view reformats your HTML code. It get mangled by random tag capitalization, inconsistent indentation, and dropping closing tags (oh, my poor dl list!) resulting in code that won't validate and looks embarrassing.

This is nothing new to Microsoft HTML editors. Frontpage was awful but back then we didn't care as much. We've been using Visual InterDev 6.0 for a while and i just got accustomed to never using design mode. I can do the same for VS2003 but i was hoping i wouldn't have to. Design mode makes quick work of doing the linking from the aspx page to its codebehind and setting up datasets and whatnot; but i guess i'll have to do that by hand. It's frustrating that Microsoft programmers have acknowledged the problem but it's still around. Apparently the next version (VS2005) will fix that, but i'm programming now. You would think IDE's would, above all else, pledge to do no harm to code.