This afternoon I upgraded the servers that run the Drudge Retort and SportsFilter to Apache 2.2.10, a minor upgrade released on Oct. 15 that fixes a cross-site scripting (XSS) vulnerability in FTP URLs discovered by Marc Bevand of the network security company Rapid 7. The rest of the changes in the new version look like minor bug fixes. I compile the Apache web server from source code on both servers, a process that was difficult the first time around but has been easy since then. After I download a new version, I ... read more

I connect to my high-speed DSL Internet service using a Westell WireSpeed modem that's hooked up to a Linksys WRT54G router. Last week a power outage hosed the settings on the modem and router, which knocked me offline until I figured out the proper configuration. I was so desperate at one point that I called my ISP's outsourced tech support, speaking for 15 minutes to a pleasant wage slave in Bangalore or another distant port o' call center who could not have been less helpful. For the help of others in my ... read more

I switched to Atom 1.0 on Workbench two months ago, a move that hasn't been as smooth as I'd like because of one popular aggregator that doesn't support the format. This site is created using Wordzilla, a LAMP-based weblog publishing tool that I've developed over the last year. Writing code to generate Atom feeds in PHP was extremely simple, since most of the code used to generate RSS feeds could be applied to the task. Atom uses a different format for date-time values than RSS, so I had to write new date-handling ... read more

Craig Jensen's long-running BookNotes weblog has fallen on hard times since the move from Weblogs.Com to Buzzword.Com in 2004. His site lost its Google pagerank and he's had trouble rebuilding his audience. As the first step in retiring free Manila hosting on Buzzword.Com, I'm helping him transfer the weblog to Movable Type, because I have a five-user commercial license that's going to waste on Workbench and I'd like to encourage a fellow liberal and bibliophile to keep blogging. Jason Levine's Frontier script ... read more

I received an ominous e-mail from my server host Thursday: The DNS service(s) on your server are currently open to recursive queries from the world, leaving them vulnerable to DNS cache poisoning attacks and allowing them to be used to attack other sites. Your server was reported participating in an outbound DDoS attack through means of this vulnerability by an attacker. Please ensure that recursive lookups are DISABLED in yournameserver's configuration to prevent future abuse. If you need any assistance with this ... read more

UserLand Software is discontinuing free Manila hosting, as I discovered last week when one of their users sought refuge on Buzzword.Com. Edit This Page shut free service on Dec. 1 and ManilaSites will do the same Dec. 31. I can offer free hosting on Buzzword, but webloggers who are committed to publishing with Manila should be advised that I'm migrating the server to new software by May 1, 2006. A better long-term option for those folks is to subscribe to Weblogger.Com or UserLand. (As an aside, if you're a fan of ... read more

I started the day with a dead name server that knocked more than 100 sites offline, including Workbench, the Drudge Retort and all of the Buzzword.Com bloggers. I've been using BIND for years and thought I had run out of interesting new ways to break it. Overnight, most name requests failed and my server log filled up with errors like this: lame server resolving 'www.cadenhead.org' (in 'cadenhead.org'?): 67.19.3.218#53 A lame server is one that's not responding to a name request it is expected to handle. Requests ... read more