Posted on
by

Now this is cool: Image Comics will be releasing a graphic novel anthology with stories based on Tori Amos songs next summer! And Colleen Doran is illustrating one of the stories! (Her blog is where I heard about it.)

We went to Tori’s concert on Saturday at the Grove of Anaheim. The standing-room show was good, though there were some snafus getting to it, made worse by the fact that they opened the doors about 45 minutes late. So late, in fact, that they gave up on security checks and just started letting people in. By the time it started moving, the line snaked all the way along the side of the theater and down at least one side of the (rather spacious) parking lot.

Her current album, American Doll Posse, is based around a fictional quintet of singer/songwriters, each based on a different facet of her personality, and she performed as three different personas: Pip, Santa (no relation), and Tori. Which should have been more fun, but there was just a bit too much self-parody in the performance.

She brought a band again, which I think helps keep her from the slow-everything-down tendency she showed on the Originial Sinsuality tour (Katie calls it “elf disease,” after the way the elves of Lothlorien speak in the Lord of the Rings movies). Except for an endless vamp at the end of “Waitress,” this concert moved much more than the last two we’d seen.

It was good to hear stuff from Choirgirl Hotel again. It’s been notably missing from the last few concerts we’ve been to. And there was a surprising amount of stuff from her first two albums as well. (Full set list at Undented.)

I’ve seen Tori in concert 6 times: Once in 1999 at Irvine Meadows, when she toured on a double bill with Alanis Morissette, twice on the Scarlet’s Walk tour from 2002-2003 (Universal Amphitheater & the Pond), twice on the Original Sinsuality tour in 2005 (Royce Hall & the Greek), and this show at the Grove. My favorite was the Scarlet’s Walk tour. I reviewed the Universal show during the first few months of this blog, though I don’t seem to have written anything about the one at the Pond.

Update: The Beat has more on the comic project, including a title, Comic Book Tattoo and additional contributors.

Posted on
by

Saw The Golden Compass. Enjoyed it a lot, though it felt very rushed, and I think it would have benefitted from having the actual ending instead of cutting it off early. Here’s hoping they do well enough in the long run to greenlight the next film. Now I can re-read the books.

Also watched Tin Man. 5 stars for concept, but only 2 for execution. The Wizard of Oz meets The Dark Crystal by way of 1930s scifi was fascinating as a concept, but they managed to make it dull and tedious. The only reason I watched through to the end was it was Friday night, and I was tired enough that knew I wasn’t going to be doing anything useful with the time anyway, and I knew I could sleep in the next morning.

Speaking of Tin Man, just out of curiosity: how does one manage to have a solar eclipse during a full moon, anyway?

Posted on
by

Organization for Transformative Works – dedicated to protecting the expression of fan fiction, fan art, etc. (via Naomi Novik)

Open Standards, One Web, and Opera – Just why are standards important, anyway? (via Opera Watch)

Speaking of Opera, their EU antitrust complaint against Microsoft has been making waves. Responses at CSS3.info, Web Standards Project, Slashdot (edit: more Slashdot), Asa Dotzler, Opera Watch, plus a Q&A w/ Haarvard. My take: Good luck on unbundling, but if they can force Microsoft to catch up with the rest of the market in terms of standards support, I’m all for it.

Nissan vs. Nissan. On my way to work I saw a bumper sticker on an XTerra that said “In support of our freedom, it’s my last Nissan.” Huh? There was clearly a web address below it, but it was too small to read at that distance. So I looked up the phrase, and apparently there’s been a long-running dispute over the domain name nissan.com, between a small computer business named after its founder, Uzi Nissan, and the Nissan car company. The dispute was eventually resolved (correctly, IMO, since he has a legit reason to use the name) in favor of the little guy. On the other hand, I don’t see why the site makes such a big deal about Nissan’s “French Connection” to Renault.

Posted on
by

I recently noticed that the mail server was experiencing 4 times the typical number of SMTP connections. It didn’t seem to be under any stress, though, not as far as server load went. So I watched the log file trail, and saw a bunch of messages coming in to nonexistent users with the pattern, FirstnameLastname@alternativebrowseralliance.com.

My first thought was that someone was running a dictionary attack against the domain, trying many different addresses to see which might be valid. Then I noticed that they seemed to be coming from <> — in other words, they were bounce notices.

Great. A Joe Job.

I enabled a catch-all temporarily. That did cause the server to slow down, as it was now actually processing the quadruple load instead of kicking back 3/4 of it with a “User unknown” error. (I hadn’t thought to disable spam scanning on the domain first.) In the 30 seconds before I turned it off again, it picked up 25 non-delivery notices. And those are just the ones that got past the spam filter.

As it turned out, they were just random junk. Some spammer had picked the domain and was using it to forge random From: addresses, and we were getting the bounces. In the old days they made up the whole address, but it’s easy to check whether a domain exists. So now they pick some real domain and make up a fake address. That’s harder to detect unless the domain in question uses some sort of verification system like SPF or DKIM.

So it wasn’t a Joe Job: no one was trying to besmirch the site’s reputation. It still meant extra traffic to the mail server, though.

This problem is called backscatter, and it exists for two reasons:

  1. The sender address on an email message is easy to forge, like writing a fake address on an envelope.
  2. Many mail systems will accept a message first, then process it. If it then decides to reject it, it can’t respond to the actual sender, only to the one listed in the message—and in the case of spam, it’s usually forged (see #1).

I don’t send any mail using the domain. The only reason it even has mail pointed anywhere is so that I can receive mail sent to the webmaster for the Alternative Browser Alliance. I suppose I could set up a -all (no servers are authorized) SPF record, and hope some recipients decide not to send bounces. But I’m not sure how much it would actually accomplish.

Anyway, the two lessons to take away from this are:

  • Reject messages to bad recipients in the initial SMTP transaction. It’ll protect your server from backscatter (and dictionary attacks), because you won’t have to queue and process all the extra junk.
  • Don’t generate bounce messages after the fact based on something as easily forged as the supposed sender. Otherwise, you’ll be contributing to backscatter.

Posted on
by

There was a little snow on Mt. Saddleback on Sunday, but not much worth mentioning. Sometime early Tuesday morning, though, a freak storm seems to have hit the mountain… and only the mountain. We certainly didn’t get any rain down here in the flatlands.

At 8:20, the mountains were still shrouded in clouds:

Mt. Saddleback and hills shrouded in cloud.

By 9:00, the clouds were starting to burn off, leaving behind a coat of snow, not just on Santiago and Modjeska peaks (still behind clouds), but on the lower peaks to the northwest.

Mt. Saddleback topped with cloud, the peaks next to it covered in snow.

By noon, most of the snow had melted. There’s still some in the shadowed crevices.

Mt. Saddleback with just a little snow remaining.

UPDATE DECEMBER 19, 2008: This post is getting a lot of traffic today, but it’s from last winter. If you want to see photos from this week’s snow, check out my Snowline photoset on Flickr