Alan's Ramblings

Having recently being on the receiving end of a particularly nasty piece of unprovoked and downright abusive flaming on the #perl IRC channel, I decided another spoof book cover would be cathartic, so here it is.

Before I get even more flames directed at me, let me quite clearly state that I have nothing against Linux, it is very good at what it does, and is all the more remarkable for being developed by a large cooperative group of altruistic people.

However what I can't abide are the clueless individuals who seem to have adopted Linux as some sort of surrogate religion. It seems to me that the most vocal of these misguided bigots have often never contributed anything to any open-source project. They are quite happy to take advantage of the work contributed by others without giving back anything to the community - but then again, most of them probably don't even have the ability to contribute in a constructive way anyway.

I've observed that these people generally seem to have a common set of dogmas:

• Nothing existed before Linux.
• Everything of any importance was invented by Linux.
• Everything that is not Linux is Evil.
• There is a global conspiracy which is striving to destroy Linux.
• Anyone who actually earns their living writing software is a pawn of an Evil Empire.
• World domination and the destruction of the Evil Empires is the destiny of Linux.

In the real world these people would be prime candidates for psychiatric treatment, but in the alternate reality that these people exist in, this behavior is considered to be "normal".

As I said, I have no gripe about "Linux the OS", just "Linux the religion".

There, that's my little rant over - I feel much better :-)

Posted by alan at 10:52 PM | Permalink

As I mentioned in one of my earlier entries, much of Bleaklow was devastated by a huge fire over Easter. Thankfully signs of life are beginning to return, with the first signs being the regrowth of Crowberry and Cotton Grass, along with tiny Heather shoots. The picture above was taken last Saturday on Harrup Moss, one of the most badly devastated areas. As you can see, it is far from recovered, but it certainly looks better than the scorched desert that was left after the fire.

Posted by alan at 10:10 PM | Permalink

The Bleaklow plateau has a history of sightings of strange lights and even UFOs - however, this isn't one :-) I for one think overactive imaginations are far more likely to be the cause than little green men.

I stumbled across this last week, and it is is in fact a weather station belonging to the University of Manchester. The data it collects is being used to monitor the effects of the weather on peat erosion, according to the information board on the side. It looked quite unearthly appearing through the mist - now autumn is here Bleaklow is reverting to its more normal climate of mist and rain.

I'm not saying exactly where it is because it was damaged at the last location it was in, hopefully that won't happen here (wherever that is ! ;-)

Posted by alan at 09:55 PM | Permalink | Comments (1)

At last! Perl 5.8.1 has finally been released. Unfortunately when Jarkko sent the announcement to perl5-porters, he omitted to mention that he has released a new book at the same time ;-)

Many thanks to Jarkko for the immense amount of effort he has put in to get 5.8.1 out, I'm sure all the other people on p5p are aware of just what a difficult job it has been.

Click on the thumbnail for a larger version.

Posted by alan at 03:59 PM | Permalink | Comments (1)

Anyone who subscribes to the perl5-porters mailing list knows just how difficult it is proving to be to get perl 5.8.1 finished and shipped, and how incredibly patient our long-suffering Pumpking Jarkko Hietaniemi is being. I often marvel at his seemingly superhuman endurance, and it occurred to me that he might well have supernatural assistance...

Click on the thumbnail for a larger version.

Posted by alan at 10:02 PM | Permalink

Gary pointed me to this spoof Unix manpage, I even found it quite funny once he explained to me what Zeitgeist was ;-)

The God as a computer programmer Q&A is quite amusing too.

Posted by alan at 01:01 PM | Permalink

At dusk we took the kids out for a short walk up Shire Hill near the house to watch the bats. We have been seeing them nearly every evening over the last few weeks from the kitchen window as they hunt for insects across the garden, but standing under the trees on the edge of Shire Hill as it went dark, watching them chase insects was quite something. The kids were captivated - it's the first time I've seen them stand stock still and silent (!) for more than a couple of minutes at a stretch.

I'm fairly sure the ones we saw are the most common of UK bats, Pipistrelles. I can think of about four places within 1km of home where you can more-or-less guarantee you will see them, so they do seem to be more common than usual around here. I guess the low-input farming typical of the area with the consequential abundance of insects means that this is a particularly good area for them. If the number of midge bites we all received is an indicator, there is certainly a good supply of food for them!

Until I'd actually seen them in the wild I'd always thought as bats as second-rate flyers, a poor imitation of birds. However, watching their incredibly fast, silent flight with frequent lightning changes in direction completely changed my misconceptions. Seemingly they can eat up to 3000 insects per night, and may live for up to 16 years. Not bad going for something the same weight as a 2p coin!

Yay for the mammals!

Posted by alan at 11:01 PM | Permalink

Private Eye has a regular series of cartoons entitled "Scenes You Seldom See". Bearing in mind my recent experiences with spam, I thought this was rather amusing :-)

Posted by alan at 03:04 PM | Permalink

There are lots of photos of views of the Dark Peak available on the web, but it occured to me that there wasn't much that gave you a feel for what the ground under your feet actually looked like. I've attempted to giva a feel for some of the landscape features and plants in the pictures that follow.

Click on the thumbnails for a larger image. This will work best if you have JavaScript enabled in your browser.

The Dark Peak area is underlain by Millstone Grit, a coarse quartz-rich sandstone that was laid down in a huge river delta. The softer layers within the gristone often weather out in this distinctive way.	The entire Dark Peak is criss-crossed by drystone walls made of the local gritstone. The walls have no mortar, but are stay upright by virtue of the 'batter' of the walls - thicker at the base and thinner at the top, and the 'throughs' - large stones that tie together both faces of the wall, as well as the capstones at the top.	The gritstone is quartz-rich, and when it has been in contact with the extremely acidic peat for a long period, it becomes bleached, etched and eroded, contrasting sharply with the peat - as shown by this small stone.
The Dark Peak has extensive areas of raised blanket bog - the flat plateaus at the top of many of the hills have a thick cover of peat, which is punctuated with occasional small pools such as this.	The predominant vegitation over much of the area is heather which is actively managed as a food source for the grouse, which in turn are hunted. During the summer the hills are cloaked with the bright purple blooms of the heather.	Another important plant that grows in the Dark Peak is cottongrass, so called because the seed heads resemble tiny tufts of cotton wool. Towards autumn the stems often turn this brilliant red colour at the base.
In some places the surface of the peat is bare, and it often dries out into these polygonal cracks, which remain even when it becomes waterlogged again. Step on one of these and you may go in up to your knee!	The gritstone rocks are home to many species of slow-growing lichen - this 6cm diameter example may have taken over a hundred years to reach this size.	The startling orange colouration in this stream is not some sort of noxious industrial pollution, it is caused by a bloom af algae. I suspect the colour is mainly derived from the iron-rich water that is present in the stream.

Posted by alan at 10:11 PM | Permalink

I've been so busy over the last few months that I haven't managed to get out walking anything like as often as I would like. However over the last two weeks I have managed to get out on a couple of family walks, and a Ranger patrol as well. The weather has been glorious on both weekends, so I've managed to grab a few photos.

Click on the thumbnails for a larger image. This will work best if you have JavaScript enabled in your browser.

View from the top of Didsbury Intake, looking east down the Longdendale valley over Torside reservoir.	View from the top of Didsbury Intake, looking west down the Londgendale valley over (left to right) Rhodeswood, Valehouse and Bottoms reservoirs.	View from the southern edge of Mount Skip, looking towards Tintwistle Knarr
View over Crowden from Oaken Clough (by Laddow Rocks). In the background is the Bleaklow plateau, the two prominent gullies dissecting the edge of the plateau are Shining Clough to the left and Wildboar Clough to the right.	View of Laddow Rocks from the top of Oaken Clough. The rocks are over 200 ft high - note the two tiny figures on the top, who are on the Pennine way.	View up Crowden Great Brook from Black Tor. The nearest rocks are Rakes Rocks, and in the background are Laddow Rocks.
View from Lad's Leap over Torside Reservoir, with Torside Clough behind. The Pennine Way climbs up along Torside Clough onto the Bleaklow plateau in the background.	View of Didsbury Intake from the south side of Valehouse reservoir. The first two photos in this entry were taken from above the rocks you can see in the centre of the skyline.	View eastwards along Valehouse reservoir, from the dam wall. On the left is Tintwistle Knarr and Robinson's Moss.
View eastwards along Rhodeswood reservoir (the next one upstream in the chain from Valehouse). The skyline to left of centre is Highstones Rocks, below which lies a small Roman fort.	One of the residents of Deepclough, on the south side of Valehouse reservoir.

Posted by alan at 04:52 PM | Permalink

Flushed with success after my recent Paint Shop Pro exploits, (here and here), I decided that in the interests of avoiding RSI I needed something better than a mouse to draw with, so I bought a cheap (~ £60.00) A4 tablet, a Trust 1200. This makes drawing much easier, after the initial clumsiness caused by switching from a relative-position mouse to an absolute-position pen. I've also explored some of the more arcane features of PSP - the 'paint with a texture' feature is a complete waste of time, but being able to control line thickness , colour intensity or a host of other features by varying the amount of pressure on the pen is a real boon. I've also noticed that heavy use of the warp brush makes PSP unstable, and it crashed a couple of times and didn't get better until I rebooted - Doncha just love Windoze. Anyway, I was fiddling around to see how I could enhance the following not very inspiring photo:

And kinda got carried away and ended up with this:

However, compared to some of the digital art (created from scratch) that I have seen on the web, my effort looks a bit second rate. Never mind, it kept me amused for a while :-)

Posted by alan at 12:20 AM | Permalink | Comments (1)

Despite my best efforts I have still failed to find a website for the "Moors for the future" project, however I have found a couple of interesting links on the English Nature website:

Ring-fencing Bleaklow's 'desert'
This explains the rationale behind the "Great Fence of Bleaklow" and some of the steps being taken by the MFTF project to repair the centuries of damage suffered by Bleaklow.

No moor fires
This was published just after the Easter fires, and describes the damage to the 744 hectares of affected moorland (actually 743.6 hectares, mapped out by your truly), and the steps that have been taken to help extinguish any future fires. You can find a map of the area affected by the fire here.

I also found this link, which is the original press release for the project, and is the source of some of the other (limited) reports on what is work is being done.

I've also drawn up a sketch map of the area affected by the fire which you can find here.

I've updated my Bleaklow page with this information and some other bits and pieces - any additions, suggestions or comments are welcome!

Posted by alan at 12:23 AM | Permalink | Comments (3)

I've been fiddling with the stylesheet for this blog, and one of the annoying things is that CSS doesn't seem to have any mechanism for defining macros, for example I may want to use the same colour in several different CSS rules, and rather than having to specify it explicitly each time I'd like to define it once and then use the symbolic name. This would make it much easier to make global changes to stylesheets, e.g. changing the background colour of all elements. I have no idea why this wasn't in the CSS spec - it seems like such an obvious requirement.

Anyway, I noticed that MovableType has a mechanism for defining and using variables in its templates, like this:

<MTSetVar name="background" value="#404040">
...
.someclass {
        ... 
        background:        <MTGetVar name="background">;
        ...
}

Which seems like just the job, so I've changed my stylesheet template to use that as a way of specifying and using various global values.

However, it doesn't seem to be possible to get MoveableType to just expand the stylesheet template, and regenerating the whole site just to try out a stylesheet change very quickly gets to be a pain. I've therefore hacked up this little script to expand the MTSetVar and MTGetVar tags so you can do this:

$ expand_ss templates/stylesheet.tmpl > stylesheet.css

Update: I've found a MovableType extension script that will allow you to rebuild bits of your MT blog from the command-line here, which seems like a much better solution, as it will expand all and any MT tags.

Posted by alan at 11:24 PM | Permalink | Comments (1)

Every year the 12th August marks the beginning of the shooting season, which runs through to 10th December, and the landowners who own much of the moors in the Dark Peak area of the Peak District National Park close the moors on selected days for grouse shooting. So that nobody gets shot by accident, the Ranger Service put up signs and patrol the moors to tell the members of the public what is happening, which was what I was doing today.

My job was to patrol the area between Snake Summit and Mill Hill, and while I was at Mill Hill I took the opportunity to take a photo of the Liberator wreck close by (SK 05850 90647):

This crashed on October 11th 1944 whilst on a ferry trip - luckily both people on board got away with only injuries. Like many of the Dark peak wrecks there isn't that much left any more, much of it having being carried off by souvenir hunters over the years, although the ground is still littered with blobs of burned aluminium.

Many of the more badly eroded parts of the Pennine Way have been paved over the years, using slabs of recycled stone from old mills. Most of the stone came from this area in the first place, so it seems fitting that it should come back. When the stone is laid, the original top side is put downwards, giving a rough textured path rather than a conventional pavement, as you can see on this section of the Pennine Way between Mill Hill and Moss Castle:

Whilst mooching around between Mill Hill and the Liberator wreck, I found this excellent example of a Tree Fern fossil (Calamites sp.) in one of the paving slabs. These are related to the modern horsehair ferns, and this specmen would have been alive during the Carboniferous period, approximately 320 million years ago.

Another good place to find these is on the Pennine Way as it goes over Laddow, although there are none quite as large and fine as this example. There are also some pretty good ones in in Shittern/Small Clough, but they are quite hard to find.

As well as pretending to be a geologist for the day, I also got to watch the progress of the shoot. It was interesting to watch the behaviour of the grouse - normally when they are disturbed they fly up quite high and make a hell of a racket, but their behaviour today was completely different - they tended to stay put, and when they did take wing they were completely silent and kept very low. I suppose centuries of being shot at has given them a genetic tendency to behave differently when faced with long lines of people marching across the moors waving flags ;-)

Posted by alan at 12:32 AM | Permalink

I have a copy of Paint Shop Pro 7 that I used to create the now-infamous spoof Perl 6 book cover, and I noticed that version 8 has come out, so I phoned up and ordered the upgrade for £50.00. Version 8 has loads of whizzy new tools for fiddling around with photos, and it is a fraction of the price of the more well-known Adobe Photoshop (£84.95 vs £585.99 for the full versions). PSP does more than everything I need, and for the life of me I can't see how Photoshop can justify being nearly seven times more expensive. I've only just started playing with the new version, but already I've knocked up this image of my friend Elaine, the CPAN administrator, I hope she will be suitably offended :-)

Anyway, Paint Shop Pro 8, highly recommended.

Update I found some reports of people having problems with PSP 8 locking up and being slow, but I notice that there is a patch to bring PSP up to version 8.01 available here. The release notes mention "crash" "lock up" and "performance" lots of times, so installing the patch seems like a good move.

Posted by alan at 08:42 PM | Permalink | Comments (1)

As a result of the torrent of spam I've been receiving from the Sobig.F virus, my tolerance for spam is at an all-time low. Like most people I get my share of 'medical' spam, offering products to increase, decrease or otherwise modify various parts of my anatomy. In the past most of these have gone to an email address I have kept for web use and were therefore easy to catch, but I'm now starting to get them on my primary email address as well. I therefore decided to whip up a procmail recipe to deal with them, using a list of keywords and procmail scoring. However, as I soon learned, the spammers have tried to prevent you doing this by obfusticating the contents of the spam. They do this by sending out HTML-format emails, and obfusticating the HTML so that a simple keyword match won't work. However, with a small perl script and a little bit of procmail magic, this was easily circumvented. I've written this up because I think it show some useful and underused features of both perl and procmail. If you are interested, read on.

My first attempt was to scan the potential spams for a list of common keywords, and if 10 or more matches were found, classify it as spam. To do this I used procmail scoring (see the procmailsc(5) manpage for details of exactly how this works). Procmail counts a rule as matched if the total score is >= 0. The procmail rule below initialises the score to -10, and increments it by 1 each time a keyword in the MEDICAL list matches.

# Detect 'medical' spam.
MEDICAL="doctor|physician|prescri(be|ption)|physical exam(ination)?"
MEDICAL="${MEDICAL}|FDA approved|health|relief"
MEDICAL="${MEDICAL}|viagra|diazepam|valium|xanax|xenical|ambien|zyban"
MEDICAL="${MEDICAL}|pain|penis|erection|impotence|allergy|migrane"
MEDICAL="(${MEDICAL})"

# Need 10 or more keyword matches to qualify as spam.
:0 HB :.Spam.lock
* -10^0
* $ 1^1 ${MEDICAL}
Spam

However, that didn't work very well, and I quickly discovered it was due to the obfustication thechniques that were being used by the spammers. Let's look at an example of how they do this:

<table width=3D100% bgcolor=3Dblack cellpadding=3D3><tr><td colspan=3D3 bg=
color=3Daqua align=3Dcenter><font face=3DVerdana size=3D4><b>Onlin<!-- =
huxley -->e Ph<!-- coronado -->armacy<br><font color=3Dred>No Pr=
<!-- toxin -->ior Prescr<!-- extremal -->iption Nee<!-- =
usurer -->ded!<br><font color=3Ddeeppink>No Ph<!-- monotreme -->y=
sical Ex<!-- substantiate -->am Need<!-- steak -->ed!</td></tr>
<tr><td width=3D100% bgcolor=3Dblueviolet colspan=3D3><p align=3Dcenter><f=
ont face=3DVerdana color=3Dwhite><big><big><b><marquee border=3D1 scrollam=
ount=3D5 scrolldelay=3D1>Va<!-- trash -->lium ... Xa<!-- =
ambush -->nax ... Diazepa<!-- interject -->m ... Amb<!-- =
extraneous -->ien ... Xeni<!-- hera -->cal ... Via<!-- =
bigelow -->gra ... And Many Mo<!-- destruct -->re</marquee></td><=
/tr>

Yuck. There are a few tricks that they are using here:

• Embedding HTML comments (<!-- ... -->) inside words.
• Using = to escape newlines.
• Using =3D instead of just a plain =.

They could also have used HTML character encodings, e.g. using = instead of just a plain =. Obviously we need some way of undoing this before procmail runs our spam detection rules on the message. This is actually quite simple to do. First we need a small perl script to deobfusticate the email:

#!/bin/perl -w
#
# Author: Alan Burlison, 02/09/2003
# This script undoes some of the obfustication used by spammers to try to
# hide the real content of their mails from mail filters.
#
use strict;
#
# Get the next line, ignoring any '='-escaped newlines.
#
sub nextline
{
        my $line = <>;
        while (defined($line) && $line =~ s/=[\n\r]+$//) {
                last unless (defined($_ = <>));
                $line .= $_;
        }
        return ($line);
}
#
# Main.
#
while (defined(my $line = nextline())) {
        # Decode encoded characters.
        $line =~ s/&#(\d+);/pack('C', $1)/eg;
        $line =~ s/&#x([\da-f]+);/pack('C', hex($1))/egi;
        $line =~ s/=3d/=/gi;
        # Remove HTML comments, even if split across lines.
        $line =~ s/<!--.*?-->//g;
        while ($line =~ /<!--.*(?!-->)/) {
                last unless (defined($_ = nextline()));
                $line .= $_;
                $line =~ s/<!--.*?-->//gs;
        }
        print($line);
}
exit(0);

The first point of interest here is the first two lines of the "Decode encoded characters" block. This uses the e regexp modifier to execute the replacement part of the substitution, rather than just using it as the replacement text. For each HTML encoded character perl calls the necessary block of code to return the corresponding character value, which is then used to replace the matched text.

The second point of interest is the use of the non-greedy quantifier and the negative-lookahead assertion in the "Remove HTML comments" block. If I had just used s/<!--.*-->//g to remove comments from a line it would not have worked correctly on lines that contained two comments - the .* would have matched as much as possible before matching the trailing -->, i.e. given an iput line of

Buy <!-- foo --> Viagra <!-- foo -->here!

the resulting line after substitution would be

Buy here!

and not

Buy Viagra here!

Some of the comments are split over multiple lines so we need to keep reading in lines until we see the closing --> of a comment block. Because HTML comments can't be nested, we can deal with this by first removing any whole comments, and then whilst the line contains a comment open with no corresponding close, we keep appending lines and removing whole comments. We check for an unclosed comment by matching the line against the comment open (<!--), followed by the minimum number of characters (.*?) that are not followed by a comment close ((?!-->). The (?! ... ) constrict is a perl negative lookahead assertion - see the perlre(1) manpage for details. If we pass the block of obfusticated HTML shown above through the script, we get the following (line breaks added for clarity):

<table width=100% bgcolor=black cellpadding=3>
<tr><td colspan=3 bgcolor=aqua align=center>
<font face=Verdana size=4>
<b>Online Pharmacy<br>
<font color=red>No Prior Prescription Needed!<br>
<font color=deeppink>No Physical Exam Needed!</td>
</tr><tr>
<td width=100% bgcolor=blueviolet colspan=3>
<p align=center>
<font face=Verdana color=white>
<big><big><b>
<marquee border=1 scrollamount=5 scrolldelay=1>
Valium ... Xanax ... Diazepam ... Ambien ... Xenical ... Viagra ... And Many More
</marquee>
</td></tr>

The last part of the jigsaw is to plug this into procmail, so that the mail is deobfusticated before applying the keyword counting rule. Procmail has a neat filter feature that allows you to specify rules that take the mail being processed and pass it through an external filter before processing it further. The final procmail magic required is:

# Detect 'medical' spam.
MEDICAL="doctor|physician|prescri(be|ption)|physical exam(ination)?"
MEDICAL="${MEDICAL}|FDA approved|health|relief"
MEDICAL="${MEDICAL}|viagra|diazepam|valium|xanax|xenical|ambien|zyban"
MEDICAL="${MEDICAL}|pain|penis|erection|impotence|allergy|migrane"
MEDICAL="(${MEDICAL})"

# Deobfusticate HTML emails.
:0 fBbw
* (<!--|-->|&#x?[0-9a-f]+;|(=$))
| deobfusticate

# Need 10 or more keyword matches to qualify as spam.
:0 HB :.Spam.lock
* -10^0
* $ 1^1 ${MEDICAL}
Spam

The fBbw flags to procmail tell it the rule is a filter (f), to match against the body of the mail (B), to pass the body of the mail to the filter (b), and to wait until the filter has finished before processing any of the rules that follow (w). The rule matches against a subset of the obfustication tricks used by the spammers, to cut down on uneccesary executions of the deobfusticate script. Running the script unnecessarily won't do any harm, but it is obviously more efficient to only deobfusticate if really necessary.

One caveat: the filter rule modifies the body of the mail, so any rules that follow will see the modified version, and the modified mail will eventually be stored somewhere, so this rule should go somewhere near the end of your procmail rc file. However, the modifications performed by the deobfusticate script will be benign, unless the mail pulls tricks like hiding JavaScript inside comments (and JavaScript inside a mail is a bad idea anyway - right? ;-)

Posted by alan at 05:14 PM | Permalink | Comments (3)

I've been away on holiday for the last two weeks, and when I got back on Saturday I tried to access my email at work - big, big mistake. I have some procmail filters that catch most of my spam and put them in a seperate folder. This filled up with 2Gb (!) of spam - mostly Sobig.F, then procmail wrote another 2.5Gb of spam into some other files for good measure (filling up the filesystem containing my home directory) and then started to dump everything in my inbox - which also filled up to 2Gb. When I tried to open my inbox, the IMAP server blew a fuse and started dropping 2Gb copies of my inbox on the mailserver, which also filled up - then nobody in my office could use email either. Fortunately it was the weekend, so with the help of a friendly IT support person I managed to unclog my home directory and inbox, leaving me with the mind-numbing task of wading through the 35,000 messages that had ended in my inbox.

After the immediate panic was over I started monitoring the incoming stream of spam. Nearly all of it is Sobig.F or the consequential email bounces caused by it - I'm getting about 1/2Gb of spam (about 6000 messages) a day, which is absolutely ridiculous. Nicholas Clark, a friend of mine, has received over 100,000 copies of Sobig.F since the outbreak started, yet we are told the outbreak is not all that bad!

The direct spams are bad enough, but the bounced emails are the last straw. One of the nasty traits of Sobig.F is that it forges the 'From:' line in the virus-laden emails it spews out. Why do all the people who set up email filtering insist on sending back bounce messages, when 99% of the time the 'From:' address is incorrect? This widespread practice is pointless and only increases the amount of crap clogging up everyone's bandwidth and mailboxes.

Anyway, if anyone else out there in spamland uses procmail, the following recipe will catch Sobig.F:

:0 HB
* ^X-Mailer: Microsoft Outlook Express 6.00.2600.0000
* ^X-MailScanner: Found to be clean
* ^TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
* ^AAAA4AAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v
Spam

Posted by alan at 10:03 PM | Permalink