Blackout

I finally realized that the only phone I have which works without being plugged into the wall was the modem in my laptop. The only access number I had was to Lancaster, PA, which Michelle used while on press for some job or another. So I’m sitting on the floor, plugged into a landline, paying long-distance to Pennsylvania, listening to mind-numbing, repetitive news radio coverage about darkness.

After making sure Lila and Michelle were ok, unplugging most everything and turning off the circuit breakers, I spent a few hours helping neighbors get to their apartments. Our building has 18 floors, the stairwells are ventilated with electric fans at the top of the shafts. I went up and down several dozen times, making sure the doors were open, lighting candles, helping people see their keys in the dark and sweating excessively. Our building has emergency lighting, but it’s evacuation lighting and ran out of power after an hour or two.

I really haven’t been able to enjoy the spectacle of this whole thing, partly because I don’t know how long it will last. Also, I can’t get “Let’s Roll” out of my head. This feels like some kind of test, measuring how we’d (I’d) react when something bad happened. So far, so good. I was going to go to the hospital to see if they needed volunteers, but everything is so calm the firemen across the street are hanging out on the sidewalk talking to people.

I tried taking a few photos which I’ll post when the power’s back.

The heat wasn’t that bad today. Highs were in the low 90s, but humidity was low and there was a nice breeze. The news is largely incompetent.

I made some notes earlier:

8:15pm There are some lights visible in Brooklyn, the big Chase tower (I think that’s what it is) is lit up, as is the building in front of it. Beth Israel Hospital and the NY Eye and Ear Infirmary are both lit by emergency generators. For some reason, Beth Israel’s sign is lit up. I wouldn’t consider that emergency-related.

There’s still light in the sky, but it. is. dark.

Tons of people still on the sidewalks.

Our water pressure has dropped to pretty much nothing, faucets are dry and the toilets don’t flush anymore. I’m really unhappy about this. We have lots of bottled water, but no water is going to be hard with Lila.

9:40pm Fireworks over Chinatown. Sidewalks still crowded.

10:04pm Someone, probably on IndyMedia or Democratic Underground, will accuse Bush of orchestrating the blackout as an excuse for why Iraq is such a mess.

Someone, probably a very right conservative, will blame Canada.

At some point in the past hour, one of the buildings in Brooklyn went dark.

I’d really like to see an area come back online, to see if it trickles on like in the movies or just blinks on all at once. But I’m getting really tired, despite the second wind finagling an internet connection gave me.

Eating with kids in New York City:
A dining guide for parents and their junior gourmets.

A small snippet of JavaScript can be included inline following an HTML form to set focus on a specific form field. This has never worked right in Safari.

Initially I assumed I must have done something wrong, but after a lot of testing, I’m convinced this is a bug in Safari/WebCore/JavaScriptCore.

I put up a set of tests to demonstrate the problem: Safari Inline Script Bug.

The referer spam page I posted on August 9th was the first time I’d worked with this site’s template in a very long time. It might be the last time too. These pages were originally built with DreamWeaver, which I no longer use. Resulting from that, the code is a disaster. Sure it works and mostly validates, but maintenance is difficult and the whole thing is lacking in technical elegance. For the time being, I will probably be posting new pages in a stripped down basic semantic structure.

I posted my referer-spam solution for dealing with hits from porn sites. In the past 6 days my server has rejected over 13,000 requests.

It’s only a matter of time before TrackBack gets exploited too, that’s going to be ugly…

The last 24 hours have seen a massive onslaught of referer porn spam. Unlike last time, the current attack’s IP addresses are all coming from all over the world (yes, it’s still coming…). Either someone is spoofing IPs, some spyware-worm installed in Windows MSIE (all hits are identifying as flavors of Windows IE) or this is among the first exploits of the newest Microsoft security hole. I’m betting on distributed spyware.

Most of the IP addresses are from outside the US, so legal action or billing for exploited bandwidth aren’t really a practical options (as if I have the time). A few even came out of Saudi Arabia, where someone could probably get into a great deal of serious trouble/bodily harm for aiding the spread pornography, however unwittingly.

At first I tried doing what I did before, and went so far as to add an IP blacklist of spamming IPs to my referer log scripts. That worked for about 15 minutes, then different machines started hitting the server. This was also when I became convinced that this was a distributed spamstorm, and most likely individual computers were being exploited without their users’ knowledge. There was only a small set of URLS which were being repeated, so I switched to banning requests based on the contents of the referer string.

The banned sites were added to my root .htaccess like this:

RewriteCond %{HTTP_REFERER} ^http://www\.porn-site-hostname1.*$ [OR]<br />
RewriteCond %{HTTP_REFERER} ^http://www\.porn-site-hostname2.*$ [OR]<br />
RewriteCond %{HTTP_REFERER} ^http://www\.porn-site-hostname3.*$<br />
RewriteRule ^.* - [F,L]

I’m not posting the actual names because I don’t want to get banned in schools, but several of the sites use the word ‘mature’ in the URL. If anyone is having a similar problem, send me a note and I’ll email you my actual htaccess lines.

Anyway, I came up with a slightly goofy warning page for the slim possibility that an actual people was at their computer when this was happening. Here’s the warning page a person would see if their referer was in spoofed from the spam set. That created a nasty loop which was bogging the server. I switched to forbidding (403) access instead.

Dealing with this crap makes me feel dirty.

Update August 6: I found the source of the spam, and it’s not a distributed attack, not in the usual sense anyway. I’m looking into various ‘black-hat’ exploits to stop this, I’ll post details and results when I figure something out.

Over the past few days several friends have mentioned their shock and outrage over what one called ‘the stupidest thing he’d ever heard of,’ regarding DARPA’s now cancelled FutureMAP (Futures Markets Applied to Predictions).

After wading through endless big-media ‘me-too’ stories, there are a few points about the concept of ‘Idea Futures’ which are worth considering. Idea Futures Theory is not new and apparently has a surprising record of accuracy. Considering that connecting disparate intelligence data is still a problem at the Pentagon, it should be a good thing that they’re looking towards unconventional data models.

“Senator Byron Dorgan, Democrat of North Dakota, asked what would happen if another country set up a betting parlor where people wagered on the assassination of an American political figure. I am sure he is right that there would be public outrage. But let’s turn the question around: If such a market were put in place, should the Secret Service monitor it? If there were an assassination attempt, should the authorities look for suspicious prior trading activity? And the most important question of all: If the market indicated that the probability of an assassination attempt had gone up, should the target take extra care? If you were a potential target, wouldn’t you want the best possible forecasts of possible attempts on your life? I would.”

Hal R. Varian writing for the International Herald Tribune/New York Times, Aug 1, 2003: Pentagon’s futures-market idea deserved a better response

“Economists believe financial markets do a pretty good job of aggregating information in part because they offer strong incentives to those who make good predictions.”

Hal R. Varian reprinted from the New York Times, May 7, 2003: A Market Approach to Politics

“This is just an alternative institution that tries to aggregate intelligence information… It’s a research project and it might not work, but there is a lot of history and data showing how effective markets are at predicting events.”

Ronald Baily quoting Idea Markets creator Robin Hanson in Reason, July 30, 2003:
Betting On Terror
Why futures markets in terror and assassinations are a good idea

“In declaring that anyone may make their voice heard in intelligence analysis if they are willing to put their money where their mouth is, Poindexter and the Pentagon would have gambled that their futures market will attract enough great minds thinking alike that patterns will emerge that are recognizable even at a view from the top.”

Greg Linsday writing for Black Table, July 30, 2003: That Whole Pentagon Futures Thing Ain’t Such A Bad Idea

“Our policy-makers and media rely too much on the “expert” advice of a self-interested insider’s club of pundits and big-shot academics. These pundits are rewarded too much for telling good stories, and for supporting each other, rather than for being “right”. Instead, let us create betting markets on most controversial questions, and treat the current market odds as our best expert consensus”

Robin Hanson, creator of Idea Futures and Prediction Markets

What’s most unfortunate about this program ending is that it closes the door on the potential for thousands of arm-chair policy analysts to contribute to national and world security. While this would be the market where one most wants to be proven wrong, those who do accurately predict negative events should have their predictions taken more seriously. To posit this proposal as the AP reported ‘allowed traders to profit by correctly predicting assassinations and terrorist strikes’, just completely misses the point and reflects sloppy or non-existant research. This could have helped guide more conventional intelligence towards unexpected or underestimated targets while self-managing an enormous amount of data.

Several of the above articles mentioned TradeSports.com (site is currently flooded), which introduced the idea of Poindexter’s resignation the day before it was announced.

TradeSports is also pointing towards no WMD in Iraq by September, Howard Dean overtaking John Kerry for the Democratic nomination and Bush decisively winning about 40-42 states in 2004. I guess we’ll see.