say goodbye, cavemen

photo of a mooninite by flickr user medildo, used under an ex-boyfriend license

So, Boston’s gone crazy because Outsiders harnessed the fire from the sky to make graven images. Here’s the part that really gets me:

The first device was found under Interstate 93, and the state police bomb squad was called and detonated the package in Sullivan Square just before 10 a.m. Officials said it contained an electronic circuit board with some components that were “consistent with an improvised explosive device,” but they said it had no explosives.

Consistent with an IED. Right. So, assuming that these Cartoon Network signs weren’t any more complex than they had to be, what components made them IED-equivalents?

  • power source (battery)
  • light source (LEDs)
  • wires
  • timer/controller (cheap IC or microcontroller)
  • maybe a light sensor (photodiode or photoresistor)
  • not explosives

I have two qualifying devices on my person right now. Drop the photodiode requirement and I’ve got another three in my backpack. I count twelve in my line of sight.

photo of a painting of the Aqua Teen Hunger Force by Flickr user medildoI get that it’s sort of fun to follow federal protocols and act all serious. But c’mon — the number of mysterious electronic devices that come into our day to day lives is not going to suddenly begin declining. These signs were in several other towns for weeks without the cops freaking out and shutting down the city. Bostonians are just going to need to learn to deal with this kind of stuff. And I really don’t like that CNN has inexplicably dragged my beloved MAKE Magazine into this mess.

I don’t mean to voice support for the ad campaign, of course, despite my affection for Aqua Teen Hunger Force. Guerilla marketers like Interference Inc. (who appear to be behind this scheme) are scumbags and thieves, helping themselves to our public spaces and ripping off other people’s art. But I’m even less fond of the humorless morons who shut down Boston and seem likely to drag Williams Street into court.

Other than that, the whole thing’s pretty funny. And I’m looking forward to hearing more about this from two outlets in particular: Bruce Schneier, and Adult Swim’s black & white bumps.

UPDATE: It’s worse than I thought! From CNN:

“It had a very sinister appearance,” Coakley told reporters. “It had a battery behind it, and wires.”

Holy shit! I think I’ve got some sort of chronometric doomsday device looming over me right now!

UPDATE 2: Check out alpha-geek Bunnie Huang’s response to the incident.

UPDATE 3: MAKE has close-up shots of one of the signs. There’s a few AA batteries, a voltage regulator, a small microcontroller, an inductor, what I think is an LED driver, a photoresistor, and a bunch of diodes, capacitors, resistors and LEDs. You could comfortably hold all of these components in your cupped palm. None of them costs much more than a dollar, and most are only a few cents. And, based on my admittedly amateur knowledge of electronics, none could destroy a major American city.

UPDATE 4: Justin sent along this analysis of the campaign from a marketing perspective. The bizsolutions blogger thinks that making the campaign higher profile (by involving alternative media, among other things), these problems could have been avoided. I agree that putting a phone number on the signs for law enforcement (not the public) to call could have saved everyone a lot of trouble, but otherwise I disagree with this analysis. The whole point of the campaign is to evoke the subversive work of people like Shepard Fairey and Graffiti Research Labs. Thinking of this as just another illuminated billboard totally misunderstands the Adult Swim brand and how it has been presented up to this point. AS viewers like the idea that they’re in on a secret. The ideal outcome for this campaign was to get people talking and a bunch of threads started on message boards. Issuing directions, treating the campaign like a scavenger hunt and interviewing sign-finders on the HOT! 99.n Morning Show runs completely contrary to that idea. Cartoon Network’s huge success is in part due to a huge amount of respect for its audience. It doesn’t strike me as the sort of relationship that’s compatible with traditional marketing techniques.

The photos of Williams Street belong to Catherine, who I assume won’t sue me for using them. They’re of the tour of Adult Swim HQ that we were lucky enough to be given back in July.

the latest advance from Hell Labs

a toy representing the Simpsons Halloween Special scene in which Homer is forced to eat countless donuts in Hell Labs' Ironic Punishment Division

We get some really excellent toys in the office. It’s almost entirely Nicco’s fault (although I’ve been lobbying to get one of these ever since April told me they can be run from Linux).

This one’s probably my favorite so far. Unfortunately the cranking mechanism isn’t timed quite right, and the donuts usually end up sliding off Homer’s mouth instead of down his gullet and into the collection tray. It’s still pretty great, though.

fighting movable type comment spam – part 4

Okay. Last one, I promise. Now that you’ve gone through all of these steps, here are the things that you probably should have tried before listening to me:

  • Ben‘s querystring-based twist on JS obfuscation has apparently been highly successful. It’s simple and clever — give it a try. It also makes me realize that my rotating-mt-comments solution could’ve been implemented with .htaccess files, eliminating the need for FTP nonsense and allowing us to avoid making changes to mt-config.cgi. That’d be a better way to do it, but the benefits aren’t enough to make me rewrite the script. Plus, not everyone has mod_rewrite enabled, so the original solution will work on slightly more systems.
  • MT-Akismet is a Movable Type plugin that brings the power of WordPress‘s Akismet spam-blocking system to MT. I installed it a few weeks ago and it seems to have helped, although in my case it didn’t completely eliminate the flow of spam. Considering that I don’t get all that much comment spam at this domain, that makes me disinclined to pimp MT-Akismet as a magic bullet. But it seems to do something, and does so without needing supervision. Also, lots of people swear by it. You might as well give it a try.
  • Captchas are probably the most foolproof method of stopping spam. But users don’t like them, and in my experience they’re a pain in the ass to install. Still, if you want to stymie the spammers, this is probably the best way to do it.
  • There’s always TypeKey, MT’s unified login solution. In my experience, it’s terrible. Admittedly, the situation at DCist was worse than normal because Gothamist’s server architecture meant that comments had to be submitted across a few different domain names, which made TypeKey’s cookies go crazy. But overall, I came away deeply unimpressed.
  • Finally, there are a couple of plugins that will close comments on older entries. There are downsides — people wandering in from Google won’t be able to leave their thoughts on your old entries — but if you don’t mind them, it should help.

fighting movable type comment spam – part 3

We’ve made some good progress. In part one I talked about how comment spammers operate and some theoretical ways to stop them. In part two I offered a little more practical advice, providing a walkthrough on how to convert an MT site from static HTML pages to PHP and offering more specific instructions on how to hide where your comment script lives. I know that at least one person has seen a reduction in comment spam as a result, which makes me pretty pleased.

Sadly, what we’ve covered so far isn’t enough. Spammers will find your renamed mt-comments.cgi no matter how much Javascript you bury it under. If users can use the form, so can spammers. They’ll find the new location of mt-comments.cgi sooner or later, and then we’ll be back at square one.

But what if mt-comments kept changing its location? We can write a script that renames the file every time it runs, then set it to run at a regular interval. That way even when a spammer manages to find it they’ll only be able to send spam until the next time the script runs. It’ll be great! There are a couple of problems with this approach, though:


fighting movable type comment spam – part 2

Kyle and Jeff rightly pointed out that yesterday’s bout of MT-theorizing (aka part 1) — however marginally interesting it might have been — wasn’t all that helpful. They’re right. I didn’t write it in a practically-minded sort of way. So here’s a shot at explaining how you’d use the stuff I discussed. And, happily enough, some of these steps are necessary for you to use the upcoming method that I alluded to at the end of the last post — so I would’ve had to write a large part of this anyway.


fighting movable type comment spam – part 1

There’s recently been a lot of discussion on the Gothamist tech list about fighting comment spam, and it’s prompted me to revisit and further develop some thoughts I had about the problem. Since I regularly get approached by friends who are hoping to eliminate their comment spam woes, I thought I’d write up my thoughts.

I should be clear, though, that the methods I’ll be outlining aren’t endorsed or in use by the folks at Gothamist. They’ve got their own tech staff who are working on the problem. And because of the -ist sites’ high profiles, high traffic and multi-server architecture, some of what I’ll be discussing wouldn’t really be relevant or appropriate for them anyway. But if you’ve got your own installation of Movable Type running on a webhost where you can run PHP (most can), read on…


new tools for internet gossips

I’ve begun screwing around with my attempt at a larger-buffer Hype Machine player, and became aware of HTTP dereferers in the process. Want to provide a link to a site, but not have the site’s owner track it back to you? Then use one of these things.

Here’s an example. First, the normal link, which will go to a page showing your HTTP referer information on the third line from the top:

and now the same link, passed through a dereferer:


Of course, it’s no help on my particular project — what I was actually looking for was a proxy that will spoof my HTTP referer string on the fly. Unfortunately, referer spoofing seems to be constrained to the realm of the browser plugin (it’s commonly used to get free porn from protected sites), and even the excellent Squid Proxy doesn’t seem to have this functionality (or at least it’s not written up in an easy-to-find manner). But I think I can get by without this workaround.