BigNoseBird.Com- home Small Logo
The 508 compliant guide to 
       Big Nose Bird
Return to the Newsletters Page
+----------------------------------------------------------------------+
|              *** THE BIGNOSEBIRD.COM NEWSLETTER ***                  |
|        Placed at your virtual door in beautiful plain text           |
|         Be sure to stop by http://bignosebird.com/ today!            |
|      Everything You Need to Create and Maintain Great Websites       |
+----------------------------------------------------------------------+
|  January 25, 2000                                          Issue #7  |
+----------------------------------------------------------------------+

                             GREETINGS!

Here is the seventh issue of the BigNoseBird.Com low volume newsletter.
Our thanks for allowing us to add just one more deperately needed 
item to your inbox. Now filling over 8,000 inboxes!

                 **----------------------------**
                            Y2K STUFF

Well, Y2K turned out to be much ado about nothing. The media of course
tried to turn Y2K remediation into some sort of exercise in money waste.
This reminds me of when I was a kid and the government made everyone
get Swine Flu Shots. When there was no flu epidemic, they were screaming
about how big a waste of money it was. Duh, maybe prevention worked????
I guess ratings never get a boost from good news.

The funniest thing I heard has to do with the trial lawyers. First they
scare all the board of directors into getting the Y2K fixes going by
telling them they would be sued for negligence. Now they are trying to
organize suits against them for having squandered shareholder money on Y2K 
remediation!

It ain't over yet. I wasn't really concerned about the world ending at
the stroke of midnight. I am more concerned about data degradation. This
is a bit more serious because little bugs can nibble at your data, and 
by the time you realize you have a problem, recovery can be very difficult.
Another couple of weeks should tell.

                 **----------------------------**
                        NEW SURVEY SCRIPT

After hearing your requests for new features for the survey script, I 
am pleased to announce that BNBSURVEY 3.0 is now available for your 
downloading pleasure. Some of the features include:

   * Runs on Windows as well as Unix/Linux servers.
   * Improved security.
   * Voting frequency managed with cookies.
   * Optional E-mail/Comments collection.
   * Merge results into a web page using SSI.
   * Attractive and easy to modify output.
   * Very easy to configure.
   * Improved output log for easy import to database/spreadsheets.

You can pick up your copy of BNBSURVEY 3.0 today at our usual reasonable
price of $FREE! Visit http://bignosebird.com/carchive/survey.shtml


                 **----------------------------**
               SCRIPT SECURITY ADVISORY (bnbbook.cgi)

From the "What will they think of next" department.... I noticed that on
MSIE 5.0 that the guest book would lock up about two-thirds the way down.
Worked fine on Netscape.... Hmmmm... Then I realized that somebody had
placed a 500K line of "hacker.com" in their message! Sort of chokes MSIE,
and nasty in general. The new version of the script has been posted.

If you want to patch your existing copy, simply do the following:

  1.) Find the part of the code that starts with:

         sub decode_vars

  2.) You will find two lines that look like this:

            #strip comments to prevent server side include calls
            $content =~ s/<!--(.|\n)*-->//g;

  3.) Either just under, or between the two lines, stick the following
      code snippet:
 
        if (length($content) > 4000) {
           $content=substr($content,1,4000);
        }

  4.) If 4000 characters is too long or too short- you can tailor it to your
      needs by changing the number. If a message is over 4000 characters, 
      only the first 4000 find their way into the book. 

Never a dull moment....

Speaking of dull moments... During one such moment, I noticed yet another
guest book hijacking. You know, when somebody gets some sort of redirect
into the page and your readers find themselves at a porn site. So I found
yet another word to add to my "dirty words" list. Then my two Informix 
hackers at the office, Steve and Jay, decided to see what trouble they 
could cause. Let's see, EMBED, BACKGROUND in a TABLE tag to bring in an 
image from off-site, and more.

I decided to completely disable HTML tagging on the BNBBOOK at the BNB
site. The main reason is that we get a lot of visitors from the various
K-12 (school kids) domains.


                 **----------------------------**
                             EVOLUTION

Over time I have been watching may of your sites grow in size, as well 
as popularity. I have been getting notes complaining about response
from their virtually hosted sites. Here's the deal. A hosting company
assumes that most of the sites they carry are either very young and
not yet "found", or virtual billboards- also called vanity sites. The
resources of each server is then balanced to handle the anticipated
load of the total number of sites hosted on each box.

If one or more sites on a server grow in popularity, then it can very
quickly drag the server down, especially if dynamic content is being
provided via CGI and SSI (or ASP in the IIS world). There are different
ways a host can deal with this. One is to ask the site that is causing
the problems to leave, or to throttle it. Throttling involves looking
at the amount of CPU time a site is using, and if a site reaches a
preset threshold, the server can be configured to not run any more
scripts, etc. for that site.

Okay, it sounds kind of sucky, but hosting is like life insurance-
they sell it to you with the hope you never need it. ;-) Look at it
this way. You built a site and they came. This is a measure of your
success. You do have options available to you, but they are more
expensive than $25 a month. Think of it as being in the food biz 
and you can't handle the crowds from a hotdog stand. If you really
had unlimited resources at your hosting company, why isn't Yahoo
hosting their site there???

The first option is high-end virtual hosting from a company that can
truly handle your needs. The second option is a dedicated server.
This can be expensive, but if anyone is going to drag the server 
down- it will be you! The third option is to go with what BNB has:
colocated servers. The main difference between dedicated and 
colocated is who owns and is responsible for maintaining the server.
When you are colocated, you are also your own sysadmin, unless
you pay the ISP to manage things for you.

If you want to get your feet a little wet, get a cheap PC, a couple
of network cards, a hub, and a copy of Linux (I used Redhat). For
under $600 you can play unix guru and have a development box that
will scream. I am working on some tutorials on just that subject!

No matter which way you go, expect to pay a lot more than you are
paying now. Actually you do have another option- go public. ;-) I
will have more on this subject in the next newsletter.


                 **----------------------------**
                           FROM THE BBS

I do hop in and read postings at the BNB BBS to see what sort of problems
people are having. ( http://bignosebird.com/bbs.shtml )

As usual, file permissions seem to be the biggest problem. The file
permission settings for all files are in with the script's README file.
The second biggest problem has to do with file paths. 

To fix a cgi exploit (security bug) in BNBFORM, I no longer allow leading
/ (slash) characters in the file names (autorespond, etc). If you place
these files in the same directory as the script, the problem should be
gone. Make certain that you cannot use your browser to access the files.
Try it. If your server is configured properly, you should get a 403
FORBIDDEN error! This is not a problem for the autorespond file, but
you would not want somebody grabbing your log files!

Another problem I see has to do with people wanting to block networks
from posting to their scripts due to abuse. What you can do is this:

Someplace near the top of the script, but after the #!/usr/bin/perl
line, you can add a line such as:

      if ($ENV{'REMOTE_ADDR'}=~/192.192.192./){exit;}

Just substitute the offending numbers. This will block an entire
subnet. Typically, abusers use dial-up networking and get a different
IP address each time. You might have to add more than one such line
in the event the abuser's ISP has more than one subnet that they 
might be assigned to. Another thing you can do is write to their
ISP and file an abuse complaint.  To find a domain from an IP address
using Windows, go into DOS and issue the command:

      ping -a 192.192.192.192  

You have to give the full address. The -a option will resolve the
name for you. If you have NT or Unix, just do an:

      nslookup 192.192.192.192

The full IP number along with the date and time allows the ISP to
match up the information against their user login records. Don't 
expect an e-mail back from them telling you that they flogged the
user.

                 **----------------------------**
                           COOL THINGS

When one faces a life threatening illness, he looks at his life to see
what has been left undone. For me, it was having a good understanding
about setting up a DNS server. I registered a domain name with NSI,
then registered two DNS hosts under that domain. I proceeded to set
up "named", moved a couple of vanity domains over to the new DNS, 
and guess what? Nothing happened! I had my friend John Ferrari at
www.vastnet.net (my ISP) log in. It took him about 30 seconds to find
my schoolboy errors and get me on the path to rightousness. Okay, so
now I have one less thing to accomplish.

I normally do not do plugs for my advertisers, but but one of our
new advertisers, www.visibone.com deserves one. The site has some
excellent free tools for working with color, as well as palettes
and swatches. They also have a nice poster (I got one for free) that
has all the "safe" colors on it. It looks great, and makes color
selection a snap. It even brightened up my basement! For $15 (USD), 
you cannot go wrong on this one.

                             AND.....

On the not so cool side of things, I have come to the conclusion that
DSL where I live is vaporware. I have only had my order in since 
August! Thankfully the cable modem has been reliable.  What it boils
down to is that the local telco would rather be in the long distance
biz than being in the telco biz. Expect to see more of this as every
company in the world starts doing everything every other company does.

I refer to this as the "Wonder Economy". I just look at it and wonder
when it will get unhinged. It's sort of like Wile E. Coyote meets the
busy signal! Anybody that thinks the business cycle has been cancelled
probably also thought that World War I was the war to end all wars.

There is something unsettling about living in a service economy where
the service is getting worse...

                 **----------------------------**
                         SHAMELESS BEGGING

Okay, no pride here! If you see someplace that you feel that 
BigNoseBird.Com should be listed, you have my permission to 
handle the submission. BNB's popularity is due almost completely
to word of mouth recommendations, and any assistance you could
provide if you feel BNB worthy would be greatly appreciated.

<A HREF="http://bignosebird.com">Bignosebird.com: The 100% Free
Webmaster's Resource Site!</A>


                 **----------------------------**
                          REALLYBIG NETWORK

Looking for cool stuff and information for your sites? The 
REALLYBIG network consists of:

    http://reallybig.com/               Over 3000 Web Master Resources
    http://dynamicdrive.com/            JavaScript & DHTML Resource
    http://fontpool.com/                Over 1000 Searcheable Fonts
    http://graphxkingdom.com/           Thousands of Clip-Art Images
    http://bignosebird.com/             Yours truly!


+----------------------------------------------------------------------+
|  You received this newsletter only because you, or somebody visited  |
|  BigNoseBird.Com and entered your name into the subscription form.   |
|  If you do not wish to receive further mailings, please go to        |
|  http://bignosebird.com/ and enter your e-mail address in the form   |
|  and select UNSUBSCRIBE. If you do not wish to receive this low      |
|  volume newsletter, we do not want to annoy you, or waste the        |
|  bandwidth. We are VERY ANTI-SPAM!                                   |
+----------------------------------------------------------------------+


Find or Give Help on the BBS
 
Home Top E-Mail
If it looks great, it's by Christine
Some Fine Print
© 1997-2003 BigNoseBird.Com®, Inc. All rights reserved. All other trademarks are the sole property of their respective owners. The products that we recommend are only ones that we use. We have no relationship with any of the authors or their companies. We cannot assume responsibility for their ultimate performance or lack of same. We also cannot assume responsibility for either any programs provided here, or for any advice that is given since we have no control over what happens after our code or words leave this site. Always use prudent judgment in implementing any program- and always make a backup first! For further information, please read our Privacy Statement. We can be contacted at webmaster@bignosebird.com.


<reallybig.com>
Web Builder Network Portal
Advertise
on the
Reallybig.com
Network
BigNoseBird Newsletter
Subscribe
Un-Subscribe


Sign up today to receive our low volume newsletter. Tips, tricks, news, and whatever else crosses our minds.
Back Issues
Privacy Statement