Minecraft Beta 1.3

Well, there’s now some REALLY cool lighting in Minecraft, which does just look absolutely AWESOME!

It’s also possible for me to completely skip the nighttime horror now – I can sleep with beds! Oh, and redstone repeaters are new too :)

Minatures in photography

Video

Just seen this on a friend’s blog – it looks amazing!

The Sandpit from Human Music & Sound Design on Vimeo.

I’ve seen this sort of thing before as still images, something called tilt-shift or something. I dunno, but if anyone knows how to do it easily, preferably if it’s possible with a 5 megapixel phone camera, or editing with something like The GIMP, I’d love to know how.

I don’t consider myself an arty person, and I don’t really know any of the arty lingo, I just know that this looks cool! :D

Oh, and did I mention – the music in that video is really cool too! :D

So, I’m building a contribs tool….

So, I’ve decided to build a contributions tool in a similar style to the popular Huggle anti-vandalism tool.

Initially, I was asked to review the contribs of a specific user who was considering running for adminship. So, my lazy brain decided that I couldn’t be bothered reviewing contrib after contrib using tab after tab, so instead I wrote an app to load contribs, and load a diff for me.

I’ve still not started reviewing the contribs, but it’s pretty cool for an hour or two’s worth of coding and tapping the MediaWiki API
Screenshot of Chronological Contributions Walker

This is just an example setup going through some of Dusti’s contribs, randomly clicking skip and flag until I got a good screenshot, but I’m planning on adding an open in browser option, and an export flagged option too.

Eventually it’ll probably find it’s way into a subversion repo on this server somewhere (kinda surprised it hasn’t already actually), and I’ll probably release it for general use sooner or later. It’s pretty cool though for not much time developing it :)

Exim, IPv6, and lots of email errors

Since I eventually moved the email server (exim) over to the server blastoise, it’s been giving me grief. Something along the lines of rejecting emails because it wasn’t allowed to relay mail through itself, even though I’d actually told that it was allowed to:

hostlist   relay_from_hosts = <; localhost ; 178.79.130.8

However, blastoise is IPv6 capable, and prefers that over IPv4, and because all the settings point to "mail.helpmebot.org.uk" which points to both 178.79.130.8 and 2001:470:1f09:1213::2, it was skipping "localhost", and preferring IPv6, which wasn't listed, hence the nice error log was filling up with messages like this:

220 helpmebot.org.uk ESMTP Exim 4.71 Sat, 19 Feb 2011 17:50:24 +0000
EHLO blastoise.helpmebot.org.uk
250-helpmebot.org.uk Hello blastoise.helpmebot.org.uk [2001:470:1f09:1213::2]
MAIL FROM:
250 OK
RCPT TO:
550 relay not permitted

Hopefully the problem is fixed now, with the correct configuration (adding the brand new metapod's IPv4 and IPv6 addresses):

hostlist   relay_from_hosts = <; localhost ; 178.79.130.8 ; 178.79.155.110 ; 2001:470:1f09:1213::2 ; 2001:470:1f09:1581::2

In case you were wondering, the default separator for lists in Exim's config file is :, which causes "issues" with IPv6 addresses. A quick google told me to prepend <; to the beginning of the list, which changes the separator from : to ;, which doesn't cause a problem with IPv6 addresses. :)

Sometimes I really don't like it when that sort of thing happens... configuration stuck in a dark dusty corner somewhere breaks because something random changes like adding an IP to the system.

Account security and all that jazz

So, a couple of weeks ago we came across a new user, who seemed to be acting newish, but after a couple of days seemed to be acting much more like an experienced editor, albeit slightly IMHO childish. I first became suspicious when he requested rollback, and claimed to have had rollback before on a different account, to which he lost the password to, and had forgotten the username, and also lost access to his email account.

As “sockpuppetry” (using multiple accounts) isn’t allowed on Wikipedia except in a very select set of circumstances, suspicions quickly arose as to who this person could be. It wasn’t until another editor questioned who it might be and made a suggestion did I start properly looking into it.

Helpmebot’s IRC logs showed that he’d joined IRC a few times without getting a hostname/IP-hiding cloak, so I had a hostname, resolved it to an IP address, and performed a geolocate: Liverpool. The suggested user I happen to know from previous experience is in Arizona.

Eventually, he manages to “remember” the account, a previous antivandalism account with rollback unused for just over a year. Already being suspicious, I jump to the conclusion that he’s claiming an old account to gather trust.

Password resets seem to fail on that account, because it’s going to an email account that appeared to have been compromised, even the security questions had been changed. Sending password-type information such as this to a compromised email account by definition compromises the enwiki account too – something another admin appeared to have a hard time understanding.

Anyway, it turns out he was typing the wrong email address in, and the security questions belonged to a different account. Regaining access to the email account, he regained access to his old account, and we moved stuff over to his new account, which he’s now using.

Frape: short for facebook rape. this is where someone changes someone elses status without them knowing.
urbandictionary.com

On another security note, it appears one of my uni friends isn’t the best at this whole security thing either – he left his laptop unlocked next to me for a while, after logging out of facebook etc (so I couldn’t frape him). He didn’t lock his entire laptop as a secondary precautionary measure, as I was “unable” to get into his account to frape him.

When he came back and deleted the frape I managed to slip in, he spent 5-10 minutes trying to figure out how I did it. When he eventually found that a version of firefox was saving his password, he thought he’d solved it – until I kindly let him know that I didn’t actually find that hole, and that there was another one sat around.

Because he deleted the frape, he also deleted crucial evidence that would have helped him to close the hole a lot quicker – I’d fraped him from TweetDeck, and the deleted frape showed that – but he didn’t realise because he’d deleted the frape before looking at where it came from.

Lesson: don’t delete evidence quickly cos you never know how useful it might be in closing a security hole. Another lesson: don’t assume a system is secure. Logging out of everything you can think of is one thing, but you’ll probably forget something. Maybe another lesson? A second layer of security probably doesn’t hurt.

Andy’s blog

Aside

Just a quick message to gently spam about Andy’s new blog – a friend of mine and he’s only just starting this whole blogging thing… so please be gentle and encouraging!

Best wishes, and welcome to the blogosphere, Andy! :D

IPv6

So, as you may or may not be aware, the entire address space of IP (version 4) addresses has now been allocated. This means it is likely a matter of months before the first ISPs around the world start running out of IP addresses to allocate to customers.

The solution to this is IPv6 (the sixth version of IP), which introduces a whole new address space which is much larger (340,282,366,920,938,463,463,374,607,431,768,211,456 (2^128) addresses) than the address space that IPv4 had (4,294,967,296 (2^32) addresses). However, although IPv6 is over 12 years old now, uptake has been very slow.

I’ve been rolling out IPv6 over this server for the past couple of hours, and after a few initial hiccups, I’m pleased to say it’s all working fine on IPv6, with 2 notable exceptions:

  1. MediaWiki doesn’t like IPv6 at the moment
  2. studentotakusociety.dyndns.org can’t be upgraded to IPv6 due to the nature of the domain name

Both of these are fixable in some way, the first is waiting on an upstream fix ( https://bugzilla.wikimedia.org/show_bug.cgi?id=27353 ), the second is waiting on the admins of that site actually buying a domain name like they’ve been promising.

This means that every site EXCEPT helpmebot.org.uk has bee updated to IPv6 without a problem – the irony is that helpmebot.org.uk was the one I wanted to do first, and had the most expectation to actually work.

The server itself is using a Hurricane Electric IPv6 tunnel, I’m using a gogo6 tunnel at home. It’s nice to be able to browse to places like http://www.v6.facebook.com/, in the knowledge that not many people either know about it, or would be able to get to that site without IPv6.

UPDATE:
The bug with MediaWiki was caused by a regression, and has now been fixed. That’s only one site left to switch to IPv6 now :)

National Organization for Marriage and some hotlinking

This is just something someone posted in an online chat an hour or two ago, thought I’d write something up about it.

I’ll start off with a bit of background about a couple of things first:

From Wikipedia (link):

The National Organization for Marriage (NOM) is a non-profit organization that seeks to prevent the legal recognition and acceptance of marriage and civil unions for same-sex couples. NOM’s stated mission is “to protect marriage and the faith communities that sustain it.”

So, basically, they’re a homophobic group against gay marriage.

The slightly more techy thing is hotlinking – basically it’s including someone else’s image in your own webpage without taking a copy of it first – basically displaying the image of someone else’s server. This is bad for the server the image is stored on, because it’s using bandwidth that’s not helping the server in any way (ie: the site hosted on that server doesn’t get any traffic for the bandwidth because it’s only showing the image for someone else’s site).

Hotlinking is pretty dangerous, as the owner of the site you’re hotlinking from has complete control over the image, so frequently if hotlinking is detected they’ll move the image or something like that so the image isn’t a valid link any more. However, the owner could even replace the image entirely with something completely different.

In this case, the N.O.M. (http://nomblog.com/ – appears down for maintenance at the moment. Coincidence? I think not :D ) hotlinked an image from http://www.smbc-comics.com/ , and unfortunately for them, the owner of the site was a pro-gay anti-hotlinking kinda guy.

http://twitpic.com/3w7b1j/full

I just had to laugh. :D