I have had several people ask me if I accept donations for the work I am doing on Acidfree. I guess I could say no, but that wouldn't be very gratious, now would it. Besides, my wife, Lauren, would probably appreciate the nice dinner date that your donations would finance. I figure that is only fair — Acidfree takes me away from her — so you can ensure that she allows me to continue to work on Acidfree by giving a small amount to me to encourage her with flowers and fine dining. So click on the logo below and make a contribution.

Acidfree is meant to a simple, yet full featured photo album for Drupal. It was designed from the ground up as a node type for Drupal, so it is very well integrated into the Drupal architecture. It is much simpler than Gallery to set up and use, but most definitely has fewer features. And it will never have as many features. If you want more features, by all means use Gallery. But if you want a simple, easy to use, full featured photo album, this is the place for you.

Acidfree includes support for various image types (and it is easy to add more) and for basic video types (think short clips from your digital camera).

MauOS is a fairly simple little operating system that I started to design with two goals in mind. I wanted to learn a little more about C++ programming and I wanted to learn some of the nitty-gritty details of the Intel x86 architecture. It barely boots and depending on which branch you choose, it may support timer interrupts or multiple threads, but for some reason, not both. Development goes in spurts as I find time. I will often spend a lot of time on it to fix a bug or add a feature only to quit for months after that. But someday, it will take over the world.

So far in my amateur radio career, I have not been able to offer much that may be of use to other hams. That changes today. A while back, when I was dreaming about where to put my antennas safely, I did a lot of research about radio frequency exposure. I poured over OET Bulletin 65, which details the FCC's limits on human exposure to RF electromagnetic fields. They have formulas and tables and forms to fill out. It is all wonderful and fine, if you live in the 1960s. Welcome to the 21st Century. We live in a world of computers to do all that number crunching for you. I looked around for any web-based things that would help, but the closest I could find was power density calculator written by W4/VP9KF. This is fine if you want to do it for EVERY band on EVERY transmitter each time you make a change to your station. Plus, it means that I have to transmit all that data to his PHP script, which does the calculations and sends them back. We have this great thing in web browsers called JavaScript, which is more than powerful enough to do the work. I set upon creating a JS-only version of his creation. But it still lacked the memory—I would still need to re-enter for each band for every change. And it wouldn't let me view multiple bands at once. Bigger calculator!

This is where my offering steps in. My requirements:

1. Save my data so I don't have to re-enter everything in every time
2. Something I can share with others, without saving their data on my server
3. Let me add, edit, delete at will
4. Something that can show all my transmitter/antenna/connection information at once

Seems easy enough, right? It was the first two that really got me stuck. I whipped up a little JavaScript ditty that fulfilled number four in very little time at all. Number three was dependent upon the first two and was technically the hardest, but once I had the first two figured out, it was only coding, which I enjoy.

And this is what I came up with: N7OH RFE Calculator. Take it for a spin, share it with your friends. Upon your initial visit, it may not look like much, but if you move over to the "Import/Export" tab, you can press the "Reset to sample data" button and see it in action. Please offer suggestions and comments if you find it to be too difficult to use or see something that might make it better.

As for fulfilling my four requirements, the first two were done once I learned about local storage with HTML 5. This means that your web browser is storing the data. Not as a cookie, but similar. Cookies get sent back to the server with each request. Local storage is meant to be persistent data that a web page can access via JavaScript to be used locally. This means I can save my data on my machine and your data on your machine. I can host the page for everyone, yet not save everyone else's data on my server. The add/edit/delete requirement was probably the most fun I have had with jQuery to date. And I hardly scratched the surface of what it can do. Lastly, the glory of the Results tab just makes me weak in the knees. Okay, not really, but it is the crown jewel of the whole application. It shows all the stuff you want to know about your radio setup.

The war against spam is ever escalating. Two weeks ago I took my anti-spam tactics to the next level. I want people to be able to post comments to my website without registering. Anonymous comments (or rather unverified authors of comments) should be available if the webmaster sees fit. But I have found that in the past several months that comment spam was getting to be a real problem. I logged in one day and found that there were several hundred spam comments that had gone unnoticed for quite some time. At that time, I did not have any anti-spam measures. I looked around and added a CAPTCHA to the comment form. That stopped most of the spam, but the determined spammers were still getting through.

IP addresses in failed CAPTCHA log	Number of failed CAPTCHA responses
212.117.164.8	514
219.252.44.66	250
125.64.96.21	160
69.46.27.117	158
61.145.121.124	138
206.224.254.5	111
212.116.220.224	78
203.77.204.82	78
203.198.126.43	73
211.115.75.169	72
221.214.27.252	69
192.104.18.19	60
218.25.99.135	60
212.116.220.154	54
200.123.147.169	54
95.154.242.207	52
89.233.152.157	50
2700+ other unique hosts	<50 hits per host

In the past 2 months, I have logged more than 14,000 failed CAPTCHA attempts. Most the unique hosts have one or two failures, but more than 1,000 unique IP addresses have four or more failures. At some point you have to draw the line and I draw it at four. Or maybe three. One or two failures can easily be done even if a bona fide person is responding. But usually only spambots are dumb enough to get more than three failures.

I can characterize the failures and many of them seem to be of a certain forms: hit twice in rapid succession and then give up for a while. Two hits alone is not usually successful -- it usually guesses an empty string or 0 or 1. The problem is if you are using a math CAPTCHA, those can be the right answer. And obviously, if the spambot keeps at it two at a time, it will eventually guess correct and be able to post. I found that the spambot was able to crack several of the CAPTCHAs I offered: ReCAPTCHA, math, word list, word order, etc. Other than ReCAPTCHA, the other ones can be cracked by random entries. I am not sure how they managed to crack ReCAPTCHA. But it was starting to make me angry at all the spam. Finally, in addition to CAPTCHA I resorted to using comment moderation, requiring me to log in and manually approve all comments. I really don't like this because sometimes I forget. Then the comments get old and people think I don't care.

I did a little hunting around the Drupal front and found Mollom. This is a nice line of defense against spam. But I read elsewhere that in some cases it wasn't catching it all. Remember that spambots are in it for the speed and money, so their GET to POST times are very short. I whipped up a little module that checks that. All you super-human typists had better slow down when commenting on my forms. Then I took a page out of Ignacio Segura's book and added a honeypot to the comment form to my little module as well. Though you will not see it, (unless you are looking at the html source, reading with a non-CSS compliant browser like lynx, or are a spambot) it is meant to be left empty and will cause a form rejection if it has any text in it.

Then one step more. Because what is escalation if you are not really accelerating? I noticed that once spambots did get in that they usually were 'advertising' for companies of ill repute. Offering things like p1Lz and other items to EnH4Nc3 certain parts of one's body. But in order to get around blacklists for certain words, they intentionally misspell what they are advertising for and also have links to obscurely named domains (which are usually not words either.) I figured any rational thinking human being would spell at least 75% of their words correctly (and that includes things like spambot and acronyms and other non-English shortcuts). So my latest addition to the spam warfare is PHP's pspell library. So all you spammers out there had better spell it right.

Then as the final blow to spammer (and bad spellers everywhere) I added a "three strikes and you are out" gotcha where if you fail the previous tests more than a given number of times, you will get added to the blacklist. All entries in the blacklist are forbidden to access any part of the website. Permanently. And it seems to work. I have not seen any spam get past the filters in the last two weeks that this has been in effect. Let's hope this lasts.

I was curious about the actual counts of things, so I whipped up a few SQL queries that gave me the statistics that I wanted. I pushed it all into OOo and came up with this fine chart. There are a couple of things to note:

• This is about a month of data.
• The yellow line (number of daily comment spam posts) is on the scale to the right. The other two lines are on the scale to the left.
• The first day I tried all this stuff out (29 Jul) I didn't actually have the blacklist implemented, which accounts for no HTTP/403 entries on that day
• There has been zero comment spam since 29 Jul. It is not for a lack of trying.
• The blue line shows the number of newly recognized SpamBot IP addresses.
• The red-orange line shows the number of attempts from previously identified SpamBots that got rejected by the blacklist.
• I find if quite funny that the HTTP/403 line looks like my server is flipping the bird at the SpamBots. That's what it is doing.... And no, I did not doctor the data.
• I see that there seem to be trends or waves of spam. That is fascinating and frightening all at the same time.

Do you do anything to combat spam on your sites? Obviously comment moderation is the only truly perfect filter, but it requires so much work. Especially when I really don't get that many human comments per day, but loads of spam attempts.

Today ends with Vernon: 15, SpamBots: 0.

I was born to tinker. I think this must be the opposite of the optimizer. I see a project in anything that I could tweak to make it a little better. This not only applies to computers, which are the easiest thing to tinker with, but food, DIY projects, and more. This particular post is centered a little more around computer tinkering, just as a warning to the technophobes.

My host for the past 2+ years for this server has been Site5. They have been adequate. I had never used a Web Hosting Service before so this was a whole new experience. Moving there from a private server took a lot of tweaking. Server wise, they were pretty good. I think my site got its fair share of the server pie, but it is not a really demanding site. Service wise (meaning the people), I think they only get 4 out of 5 stars. Whenever I had a problem, they did finally resolve it, but it took some work and push-back from me to make it happen. Usually the first contact would try to blow me off. I would patiently explain that they were contractually obligated to fix the problem and then 'level 2' support would fix it. I could deal with this if they had all the features I wanted, but I wanted more. Sure, they have 'unlimited' disk space (as long as you don't use it), and unlimited bandwidth, which with my vast sea of devoted readers, I don't really need. But what I do need is IPv6. And they have no plans for that (at least I am privy to none).

So I jumped ship. The market for dual stack hosting is not yet very big so there really aren't that many service providers yet. I finally found BurstNET®, which seemed to offer IPv6 as well as very low-priced VPS (Virtual Private Server). So low, in fact that I could get a whole VPS for less than I was paying at Site5. That's very cool. Being a tinkerer, I really need w00t. Still, since BurstNET uses OpenVZ technology instead of Xen or KVM, I don't quite have complete control over everything. I don't get to configure my network, for instance. But I do have two static IPv4 IP addresses; doing my part to reduce the remaining pool of IPv4 addresses. And after a quick service request, they granted me two IPv6 addresses. Yes, only two, not an entire subnet. I thought that was odd, but hey, at least it is something. Their service department has been nothing but good. I have made several requests for help:

• Request for IPv6 connectivity
• Request for reverse-DNS mapping IPv4 and IPv6 addresses
• Request to get ip6tables working

All there responses were quick and positive. This was the best service I had ever gotten and for what? Yup, $5/mo. This month I got more than my money's worth in support man-hours. I am hoping that the tinkering I have done over the last week is sufficient to have my VPS in decent shape.

Also as part of my tinkering, I managed to set up my VPS as a master name server for the three DNS zones that I control (mauery.org, mauery.com, and my he.net IPv6 arpa reverse zone). Then, using HE.net's DNS service, I can push to their DNS slave servers. This means that I have five geographically diverse, topologically diverse, redundant nameservers. So even though almost nobody reads my blog, you will never not be able to track it down.

Now on to the next tinkering project....

Bella, my mythbox has been overheating for the past few months when the furnace has been running. Whenever we would watch HD content, decoding (and likely resizing) the stream to our screen would take too much CPU horsepower. Watching an HD stream would use nearly 100% of one of the two 2.1GHz Athlon cores. Then her over-sized, quiet fan would kick into high gear. Sometimes I would feel sorry for her and pull the top cover off to let out all that hot air. VDPAU has been around for a while now, and Bella's video card is supported, so I have been itching to upgrade her to Lucid. I started a couple of weeks ago by installing to an external USB drive. This way, I didn't interrupt the regular programming. I could boot to the drive, tinker, fix, test, etc., and then boot back to the main drive when I was done.

I tried to copy over the original database so I didn't lose any settings, but that didn't seem to work very well. The database upgrade scripts kept dying on me. I finally rolled up my sleeves and dug in a little deeper. The error messages that it was giving me were about duplicate columns in tables. I am not sure how they got there, but with my mysql hacker-foo skills, I manually altered the tables to drop the columns, which allowed the script to successfully update the mythconverg database. Then it seemed to be working. Kind of.

Bella has a little USB card reader that does a variety of memory card types. For whatever reason, when probed, it reports that it has devices there already, even though there are no cards plugged in. It reports /dev/sd{d,e,f,g}. For whatever reason, mythfrontend likes to probe devices and try to mount them??? When it runs into these non-devices, it segfaults. I finally just decided to unplug the card reader from the motherboard and mythfrontend starts up just fine.

With Myth finally up and running, it doesn't take long to make sure all the settings are good. I kick off a show and notice that the processor is still running at full speed. A little more digging and I find the VDPAU setting screen. I turn it on and viola! CPU usage drops to 40%. I was a little underwhelmed by this number, hoping to see something more on the order of 5%. I don't know if it is because of the stream type or maybe my hardware? The video card is several years old and one of the earlier ones that does support VDPAU. And the stream is whatever the broadcasters in my area are using. I assume it is MPEG2, while H.264 is what VDPAU would prefer? Anyway, something is better than nothing. I just hope that the reduction in CPU thermal requirements is sufficient.

I have been pining for some shiny tiny hardware that would look good in the CW (Morse code) paddle that I am making. Arduino had been a first choice for several days. I was on the verge of buying a couple of boards when I came across PJRC's Teensy. It really is teensy. But it incorporates a little bit of hardware that I had not seen in a proto-board before: Atmel's 8-bit MCU with USB support. The Teensy has the Mega32U4 processor at its core, which has 32kB of flash, 2.5kB SRAM, and 1kB EEPROM, support for up to 6 USB full-speed functions, and lots more of the standard AtMega goodies. I think one of the coolest things about this board is that once you have a bootloader in place, you can flash the system over the USB connection that is already has. No need for an extra programmer and more cables. And even if you screw up your application, the bootloader is safe, because it is protected by separate lock bits.

To make a short story even shorter, I ordered two Teensy boards over the weekend and they arrived today. Fast shipping. (It helps that PJRC is less than 20 miles away.)

I am in Atmel junkie paradise.

For the past six months or so, Nathan has been sleeping on a twin mattress on the floor, sharing a room with Nicole. We moved them in together so Annie could have a room to herself while she is still a crying machine. When Nathan switched rooms, we moved him out of his daybed (crib) and onto a real, big-boy mattress. He was so excited. We looked and looked for a bed that we liked, but could not find one. We wanted something that was made out of wood, stained rather than painted, and with a low or no footboard. He is going to be a tall boy when he reaches full height and I don't plan on getting him a bigger bed. Without a footboard, his feet can hang over the end. What good planning, eh?

I finally decided to make a bed. My mom had made all our beds when I was a kid. I know what is involved -- really not much. A headboard, two rails, a footboard, and a platform. Shortly after I made the decision to make the bed, cherry went on sale at our local Rockler and I bought a bunch. It turns out that I underestimated and had to go back for some more, but I had a start. Darren and I started making the bed the first weekend in January. We only worked on Saturdays and even had to skip a couple. So all told, it took about 8 weekends (of about 4-5 hours each) to build and then about 6 hours to finish. This comes to a total of 42 hours. Multiply by $60/hour (two people at $30/hour), add in the $450 of materials and we are the proud new owners of a $2950 twin bed. What am I doing giving this to a 4-year old? Honestly, it pains me to proffer up my labors to the wrecking machine, but I find a lot of solace in the fact that he absolutely loves the bed. It is all part of the branding, much like the Daddy brand bread and pizza are better than all others, Daddy brand beds are on a whole new plane.

Last year, I noticed that the ceiling over our kitchen sink was cracked and a little bit soggy. After some house math, we figured out that the leak was directly below the faucet/drain end of the tub in the kid's bathroom. A quick look through some of the reviews of plumbers in our area from a google search found Kennedy Plumbing. I gave them a call and they sent a man out. He was fast and professional. He replaced the shoe or cracked strainer or something. I don't recall exactly, and even if I did, I am not that intimately familiar with the anatomy of a tub to carry on a conversation about such things. Something was cracked and very broken and he replaced it. The soggy section of ceiling dried up, but still had a little bit of a cracked area in the texture which has been bothering me ever since. But obviously not that much, since I never got around to fixing it.

Yesterday morning, that shower was used for the first time in at least a year. The kids still take baths. I heard a drip, drip, drip in the kitchen and was surprised to see it coming from the ceiling. Grrrrr. I made a quick call to Kennedy Plumbing to have them come out to check to see if the first guy screwed up. It turned out that after an hour of trying to diagnose the problem, he finally found it. When the tub faucet runs, it doesn't leak, but when the shower starts, it drips lots. He took the faucet assembly apart to find a disintegrated O-ring. Ooops. So the first guy did right, and the second guy did too. The only problem is that now, enough water had leaked into our ceiling that I really did have to fix it. The plumber was kind enough to saw out a very rough hole to help him diagnose the problem. Now I get to fix it. Ho hum. I really hate dry-wall work. Maybe it will get done before next year. :)