apple 2 computer showing bbs screen

BASH & MySQL: Bulk blacklist for phpList

Recently I needed to blacklist a large number of addresses in a phpList installation. I wrote a super simple BASH script using the mysql client to accomplish this, and since I didn’t see one already when I searched, I’ll share mine here.

This assumes your database is named ‘phplist’ and your table names are standard. You need to create a text file (‘address_list.txt’) which contains your list of E-mail addresses to blacklist, one per line.

dj snape

Two-Step Login Forms are Fucking Stupid.

In recent years a very tiny number of popular websites have started changing their login forms to require two separate form submissions, first the username, and second the password.

example of a two-step login form

This is a stupid idea. We are at a place in time where Password Managers are finally starting to catch on for regular use by regular people, which is fantastic. One of the coolest features of password managers is the ability to auto-type your username and password into login forms. Which the 2-step form completely breaks.

Let me tell you what’s going to happen. The future is Ease Of Use. The future of authentication is using a password manager that’s unlocked via a physical token such as a yubikey, biometric data, or some sort of “Master Passphrase”, and handles 100% of all authentication needs. Everyone who knows anything about authentication knows this is true. The point of computers is to automate tasks in order to simplify and improve our lives.

Automation of authentication requires login forms that are not confusing to password managers. The simplest way to deliver this is a standard 1-step login form with a Username – Tab – Password format.

The fact that certain developers decided to change tracks right at the moment in time when Password Managers are starting to pick up speed is evidence that those developers don’t have a fucking clue in their heads. So I am presenting you with a fucking clue. 2-Step Login Forms are Fucking Stupid.

vertical server racks and clean cabling

PowerDNS Script to add new zones using pdnsutil

I recently began using PowerDNS, and it has a really nice command line utility called “pdnsutil” which is sadly under-documented, so I am sharing my bash script which creates a new zone and a reverse dns zone, using pdnsutil.

This script is extremely basic, and I welcome any efforts to fork and improve it.

Be sure to specify your own nameservers where I have placed ns1.nameserver.com and ns2.nameserver.com

The DKIM record is based on a ‘standard’ DKIM configuration that I use, yours may vary.

Monty Python spam skit

anti-spam script

I created a script to notify the abuse@ person for an IP address, while simultaneously banning that IP address for a time-period using fail2ban.

In my case this is useful for spam that I receive through a web based contact form. I don’t want to put a captcha on the form, and most of the spam was coming from the same IPs every day.

This script depends on curl, pcregrep and fail2ban. You could replace fail2ban with iptables however setting an expiration date with iptables alone is more complicated. Since I use fail2ban everywhere (and you should too), this method is just easier. pcregrep is required for doing a multi-line regex match.

Roundcube Next progress

Roundcube Next is a crowdfunded Open Source project to modernize the Roundcube email system, including support for mobile devices. The team was successful in raising over $100,000 in an Indie GoGo campaign, and then went radio silent for 84 days, their twitter feed has not received any updates and people who send them tweets are being ignored. Not a good sign.

Because it has been almost 3 months, I decided to raise a little hell and see what was going on. Here is an e-mail that was sent to backers:

Email to Backers

Hello!

We wrapped up the Roundcube Next Crowdfunding campaign the othermonth and our funds have arrived! We are now busy getting all the perks ready to go … and that includes the Backstage Pass area.

The forums area is set up, but we’re still populating with the initial content. As soon as that is done, you will get another email with the address and your login information.

In the Backstage area you’ll gain access to developer updates and progress, participate in polls to help direct our Roundcube Next effort, and an open area to discuss with each other and the developers anything and everything to do with Roundcube. As pre-releases emerge, this will become an especially important area for all of us to gather feedback, help with initial deployment, etc.

… and if the Backstage proves to be the vibrant community mixing spot we hope it will be, then when Roundcube Next starts getting stable releases for production use we’ll open the forums up to the broader community and use them in ongoing basis for this sort of community-developer interaction.

We are very excited to get this all moving forward with you, and we’ve been busy at work on the Roundcube Next foundational / core design, and can’t wait to share our progress with you in the Backstage area!

I do apologize for the lengthy delay in getting this email out (it has been sitting in my outbox for some weeks now …) but the volunteer admins that oversee the Roundcube servers (which includes the ones hosting the mailing lists) had a number of interruptions and hurdles on the road to getting some new infrastructure set up for this mailing list so we can reach out to you all more easily … but now that’s finally done and we can start bringing you all into the loop on a regular basis as to Roundcube Next progress.

p.s. If you also grabbed the Kolaborator perk, you will receive a Kolab Now credit to use with the Kolab Now account of your choice with your Backstage Pass login info.


Aaron Seigo
Roundcube Team Member

While this is great news, gears are clearly turning somewhere in their camp, it is not really the right way to approach a crowdfunded project. There should be frequent communication for the public, as well as special access for backers.

There are 2 significant problems right now. The backers forum has apparently not gone live yet. I have seen a comment from a backer who says he expected it to be online by now, and I would agree. Mr. Seigo says the email sat in his outbox for several weeks, which should be added to any ‘expected’ timeframe.

How long does it take to set up a forum? 2 hours. Maybe a few more if you’ve got a lot of sub-forums and plugins and security concerns. But less than 1 day of work. You install phpBB (anyone who isn’t using phpBB is a fool) and it does most of the heavy lifting for you. So there is really no excuse for why it’s taken almost 3 months.

I hope that the people in the Roundcube Next camp will recognize that the public is becoming concerned, and change the way they treat progress reports and communication. Ignoring people is completely unacceptable, for starters. And monthly reports of progress are absolutely appropriate. Anything further they want to offer to backers is great, but they need to prove they’re actually working, rather than partying on other peoples’ dime.