OVH: Database quota exceeded

OVH emailed me a few weeks back telling me that my shared database for the plan that powers uponmyshoulder.com was approaching its (huge!) quota of 25MB, and then again last week to tell me that this time, the quota was reached.

Once you reach the quota, the DB is placed in read-only mode, although SQL `DELETE` commands do go through correctly, as we’ll see later.

So my first instinct was to see what was wrong, by going into the PhpMyAdmin that OVH gives to each shared DB owner. It confirmed that the database was too big, mainly because of two tables: the main culprit at 9MB was wp_comments, the comments on this blog, and the second one at 5MB was its related sibling wp_commentmeta. The root cause being, of course, spam: all these comments were properly intercepted and classified as spam by Akismet, but as long as I didn’t purge them, they were still taking valuable disk space.

So I thought I could just delete the comments that Akismet marked as spam (as that info is available directly in the table) and go on with my day, but unfortunately no – the deletion went through, but the table was still marked as being 9MB, including about 7MB of “overhead“. How do we reclaim this overhead? By running OPTIMIZE TABLE… Which we cannot do as we’re in read-only mode.

At this point, I took a dump of the database, and deleted it through the OVH admin interface, recreated a new database and reimported that dump: solved! The new DB clocked at about 14MB, enough for the foreseeable future.

Lesson learned: clean your spam.

(PS: in the few days that passed between the db clean and me writing this article, I got another 355 spam comments. Yay.)

“They use some weird padding…”

A few days ago, a colleague was telling me about a project where she needs to implement a crypto scheme from an external vendor in order to talk to their API over HTTP. For complicated (and probably wrong) reasons, they decided to eschew TLS and develop their own system instead, relying on DES –not even triple DES! Basic DES, the one from the ’70s that is horribly insecure today– and RC4, which isn’t great either.

The whole scheme was bad, but my colleague added “and they also use that strange padding scheme – because the plaintext length needs to be a multiple of 8 bytes, at the end of every message, they put seven “Bell” characters!”.

The bell character? That’s odd. I mean, it’s in ASCII, and not usually part of any plaintext, so it’s probably safe to use as padding, but… Wait a second – padding with strange characters, all the same? That rings a bell!

And indeed it does – it’s PKCS#7!

PKCS#7 is meant to pad a message until it reaches the next block boundary, to use with block ciphers. It works by appending n characters of ASCII value 0xn, and of course the ASCII codepoint of the bell character is 0x07!

“Oh, that explains a lot. Now I won’t have to add blank spaces until it reaches (x mod 8) + 1 bytes and pad with bell characters”, my colleague said. I guess that’s the danger when you’re given a bad scheme to implement: it’s harder to realise when they actually do something right.

(Hat’s up to the Matasano crypto challenges: despite doing only level 1 and 2 if the memory serves –it was a while back–, they’re super useful for these sort of cryptography basics.)

remaildr.com is back!

So, remaildr.com had been in a pretty sorry state for a couple of months now, and I kept thinking I should go have a look into it and get to the bottom of the issue.

And the bottom of the issue was the 6000 spam emails sitting in the inbox, making the server crash at startup.

They’re now deleted, and everything is back up and happy. I’m currently thinking about different monitoring options, but given it’s all email-based, no solution that I know of seem overly practical to me. Any idea would be appreciated. :)

Large-scale, automated whimsy — A journey into blog spam

As you may have noticed if you write a blog, however modest it might be (such as yours truly), you’ll receive spam comments. A lot. Things like that:

spam 1

 

Spam like this is usually obvious. Thankfully, some spammers go out of their ways to create engaging messages to fool your filters, both automated (like Akismet, who dutifully collected all the ones exposed in this post) and human. I’ve been collecting the best of breed (I know, I live a very sheltered life), such as…

 

The Ones Sucking Up

magnificent

Aaaah, the day-to-day of spam. “Magnificent”, nothing less!

 

fame

“Famous”! Money! Girls! Bling! Bring it on!

 

trains

 

“Amazing”, yay! Although I hope you realized you are trying to advertise train horns on a tech blog. Train horns.

 

The Confused Identities

dave-sabine

Why thank you, Sabine — I mean Dave. Hmm, wait.

 

The Sarcastic

colors

The colors on this post are amazing? Are you on drugs?

 

great risk

 

Ah, yes. Writing about SICP almost got me killed by M.I.T.’s own Secret Service. As a matter of fact, I’m hiding in Kazakhstan right now.

(On a serious note, I emailed Hal Abelson about a typo in the online version of SICP and received a very nice answer by him personally the very next day — hats off to you, sir!)

 

The Keyword Bingo

keywordbingoGotta unlock ’em all!

 

The Compliment That Wasn’t

notcompliment

This starts well… Grow, trendy, extremely amazing, attractive… Yeah, classical spam. But at closer look, this is actually a poorly translated troll insinuating that my post is unworthy. Darn!

 

The Cringe-Worthy

incite

It is very telling whether you consider “incite full” or the concept of high-waist shorts to be the worst part of this spam. I can’t really pick, they’re both frightening.

 

The Big-In-Japan

A slight variation on plain sucking up is doing so in different languages.

arabic

russian

portuguese

Google translating that last one gives:

Hello interesting post, I liked a lot, maybe we could become blog palls:) lol!
Aside from the jokes call me Navid and look like you publish on the Internet although the theme of my room … this is very different.
I study the pages on poker free bonus without risking your cash … …
Greatly enjoyed what I saw written on this second visit
I shall return:)
Ps: I have a bad Portuguese

Thumbs up for the politeness and the disclaimer at the end. That’s top quality spam. Not so much to say for the reading skills though, because I don’t remember discussing online poker strategies together with ncurses.

 

The Philosopher

philosopher

Wow! That turns out to be an (unsourced) citation of the late John Enoch Powell, a conservative English MP who’s also quoted as saying “reading one’s diary is like returning to one’s own vomit”, which may or may not be a more appropriate metaphor for blogs. And spam. Oh well.

 

The Prescient

pussy

Apart from the fact that they fscked up the URL bbtag — HOW DO THEY KNOW ABOUT MY SECRET PASSION!?

pity the lolcatpity the lolcat, by tizzie on flickr

 

What were your best ones?

The Zen of updating WordPress

WordPress automatic updates never work.

No matter if it’s a major version change or just a small bump (let’s say… 3.0.4 to 3.0.5, uh?), I always end up downloading the whole thing and updating it manually because the update page stops responding and plainly goes blank.

Instructions for update are here, by the way. And after the steps to update, they include that little snippet of wisdom:

Consider rewarding yourself with a blog post about the update, reading that book or article you’ve been putting off, or simply sitting back for a few moments and letting the world pass you by.

How could anyone be angry at WordPress after that?