Posting Summary for PHP-General List
Week Ending: Friday, 4 January, 2008

Messages | Bytes | Sender
----------------+-----------------+------------------
6 (100%) 8880 (100%) EVERYONE
2 (0.33%) 1100 (0.12%) "Daniel Brown" <parasane@gmail.com>
2 (0.33%) 4204 (0.47%) "Miren Urkixo" <miren@tinieblas.com>
1 (0.17%) 1532 (0.17%) "TG" <tg-php@gryffyndevelopment.com>
1 (0.17%) 2044 (0.23%) Jim Lucas <lists@cmsws.com>

On Jan 4, 2008 6:22 PM, PostTrack [Dan Brown]
<listwatch-php-general@pilotpig.net> wrote:
>
> Posting Summary for PHP-General List
> Week Ending: Friday, 4 January, 2008
>
> Messages | Bytes | Sender
> ----------------+-----------------+------------------
> 6 (100%) 8880 (100%) EVERYONE
> 2 (0.33%) 1100 (0.12%) "Daniel Brown" <parasane@gmail.com>
> 2 (0.33%) 4204 (0.47%) "Miren Urkixo" <miren@tinieblas.com>
> 1 (0.17%) 1532 (0.17%) "TG" <tg-php@gryffyndevelopment.com>
> 1 (0.17%) 2044 (0.23%) Jim Lucas <lists@cmsws.com>
>

Ignore that. It's a new script that is going to start running as
of 4:00p EST on 11 January, 2008. It will summarize the number of
messages to the list, then tell who posted how many, what size, et
cetera.

There may be one or two more messages that will wind up getting
sent because I accidentally manually ran the live script while testing
it for the cron.

Once it settles down, it will run every Friday at 4:00p to
summarize the week. For bragging rights, to keep track of how much
time you've spent doing "community service" or whatever else.


--
Daniel P. Brown
[Phone Numbers Go Here!]
[They're Hidden From View!]

If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.

Your percentages are off by a factor of 100.

On 5/01/2008, at 12:31, Daniel Brown wrote:

> On Jan 4, 2008 6:22 PM, PostTrack [Dan Brown]
> <listwatch-php-general@pilotpig.net> wrote:
>>
>> Posting Summary for PHP-General List
>> Week Ending: Friday, 4 January, 2008
>>
>> Messages | Bytes | Sender
>> ----------------+-----------------+------------------
>> 6 (100%) 8880 (100%) EVERYONE
>> 2 (0.33%) 1100 (0.12%) "Daniel Brown" <parasane@gmail.com
>> >
>> 2 (0.33%) 4204 (0.47%) "Miren Urkixo" <miren@tinieblas.com
>> >
>> 1 (0.17%) 1532 (0.17%) "TG" <tg-php@gryffyndevelopment.com
>> >
>> 1 (0.17%) 2044 (0.23%) Jim Lucas <lists@cmsws.com
>> >
>>
>
> Ignore that. It's a new script that is going to start running as
> of 4:00p EST on 11 January, 2008. It will summarize the number of
> messages to the list, then tell who posted how many, what size, et
> cetera.
>
> There may be one or two more messages that will wind up getting
> sent because I accidentally manually ran the live script while testing
> it for the cron.
>
> Once it settles down, it will run every Friday at 4:00p to
> summarize the week. For bragging rights, to keep track of how much
> time you've spent doing "community service" or whatever else.
>
>
> --
> Daniel P. Brown
> [Phone Numbers Go Here!]
> [They're Hidden From View!]
>
> If at first you don't succeed, stick to what you know best so that you
> can make enough money to pay someone else to do it for you.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

---
Simon Welsh
Admin of http://simon.geek.nz/

Windows is a joke operating system. Hell, it's not even an operating
system. NT is Not Tough enough for me either. 95 is how may times it
will crash an hour.

http://www.thinkgeek.com/brain/gimme.cgi?wid=81d520e5e

I seem to be getting one every two minutes.

On 5/01/2008, at 12:31, Daniel Brown wrote:

> On Jan 4, 2008 6:22 PM, PostTrack [Dan Brown]
> <listwatch-php-general@pilotpig.net> wrote:
>>
>> Posting Summary for PHP-General List
>> Week Ending: Friday, 4 January, 2008
>>
>> Messages | Bytes | Sender
>> ----------------+-----------------+------------------
>> 6 (100%) 8880 (100%) EVERYONE
>> 2 (0.33%) 1100 (0.12%) "Daniel Brown" <parasane@gmail.com
>> >
>> 2 (0.33%) 4204 (0.47%) "Miren Urkixo" <miren@tinieblas.com
>> >
>> 1 (0.17%) 1532 (0.17%) "TG" <tg-php@gryffyndevelopment.com
>> >
>> 1 (0.17%) 2044 (0.23%) Jim Lucas <lists@cmsws.com
>> >
>>
>
> Ignore that. It's a new script that is going to start running as
> of 4:00p EST on 11 January, 2008. It will summarize the number of
> messages to the list, then tell who posted how many, what size, et
> cetera.
>
> There may be one or two more messages that will wind up getting
> sent because I accidentally manually ran the live script while testing
> it for the cron.
>
> Once it settles down, it will run every Friday at 4:00p to
> summarize the week. For bragging rights, to keep track of how much
> time you've spent doing "community service" or whatever else.
>
>
> --
> Daniel P. Brown
> [Phone Numbers Go Here!]
> [They're Hidden From View!]
>
> If at first you don't succeed, stick to what you know best so that you
> can make enough money to pay someone else to do it for you.
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

---
Simon Welsh
Admin of http://simon.geek.nz/

Windows is a joke operating system. Hell, it's not even an operating
system. NT is Not Tough enough for me either. 95 is how may times it
will crash an hour.

http://www.thinkgeek.com/brain/gimme.cgi?wid=81d520e5e

> Once it settles down, it will run every Friday at 4:00p to
> summarize the week. For bragging rights, to keep track of how much
> time you've spent doing "community service" or whatever else.

Why? Does anybody really care how many emails they send to the list?
While I don't doubt your good intentions, apart from the maybe 30-40
regular posters, there are probably hundreds or thousands more on the
list (I have no idea how big the list is) who don't care about this
and then there are the ones who get the digest version too. Can't you
just put it on your website and have a link to it in your sig or
something?

After all the crap of dealing with "off-topic" threads about html and
javascript and database questions, is this any better?

--
Postgresql & php tutorials
http://www.designmagick.com/

Had everything gone as it was supposed to, I think it would've
been welcomed with open arms. Unfortunately, my stupid ass flipped
the wrong flag while testing for approximately an hour, which sent
posts to the list every minute for one hour. However, they weren't
coming through at the time, and I didn't realize that they were even
being sent, because the address was not subscribed at the time. Once
the address was subscribed, all of the messages must've been held in a
queue on the mailing list side, and were then distributed.

This leads me to ask, why? Isn't this a really Bad Idea[tm] to
hold posts in queue, pending confirmation of the sender's address? I
can understand one message, but any more than that shouldn't be
necessary. My intentions were just to add something "neat" to the
list for the regulars (which will work as expected now), but what if
someone had truly malicious intentions? What if hundreds or thousands
of emails were sent and held in queue, and then the sender's address
confirmed? Would the mailing list software even be able to handle
that much of a queue?

--
Daniel P. Brown
[Phone Numbers Go Here!]
[They're Hidden From View!]

If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.

On Saturday 05 January 2008 16:31:49 Daniel Brown wrote:
> Had everything gone as it was supposed to, I think it would've
> been welcomed with open arms. Unfortunately, my stupid ass flipped
> the wrong flag while testing for approximately an hour, which sent
> posts to the list every minute for one hour. However, they weren't
> coming through at the time, and I didn't realize that they were even
> being sent, because the address was not subscribed at the time. Once
> the address was subscribed, all of the messages must've been held in a
> queue on the mailing list side, and were then distributed.
>
> This leads me to ask, why? Isn't this a really Bad Idea[tm] to
> hold posts in queue, pending confirmation of the sender's address? I
> can understand one message, but any more than that shouldn't be
> necessary. My intentions were just to add something "neat" to the
> list for the regulars (which will work as expected now), but what if
> someone had truly malicious intentions? What if hundreds or thousands
> of emails were sent and held in queue, and then the sender's address
> confirmed? Would the mailing list software even be able to handle
> that much of a queue?
>

I wonder... what you try to do seems like a trivial task, or just task, where
did you go wrong to make it send all those mails?
just some personal interrest...

> --
> Daniel P. Brown
> [Phone Numbers Go Here!]
> [They're Hidden From View!]
>
> If at first you don't succeed, stick to what you know best so that you
> can make enough money to pay someone else to do it for you.



--
---
Børge Holen
http://www.arivene.net

On Jan 5, 2008 12:05 PM, Børge Holen <borge@arivene.net> wrote:
> On Saturday 05 January 2008 16:31:49 Daniel Brown wrote:
> > Had everything gone as it was supposed to, I think it would've
> > been welcomed with open arms. Unfortunately, my stupid ass flipped
> > the wrong flag while testing for approximately an hour, which sent
> > posts to the list every minute for one hour. However, they weren't
> > coming through at the time, and I didn't realize that they were even
> > being sent, because the address was not subscribed at the time. Once
> > the address was subscribed, all of the messages must've been held in a
> > queue on the mailing list side, and were then distributed.
> >
> > This leads me to ask, why? Isn't this a really Bad Idea[tm] to
> > hold posts in queue, pending confirmation of the sender's address? I
> > can understand one message, but any more than that shouldn't be
> > necessary. My intentions were just to add something "neat" to the
> > list for the regulars (which will work as expected now), but what if
> > someone had truly malicious intentions? What if hundreds or thousands
> > of emails were sent and held in queue, and then the sender's address
> > confirmed? Would the mailing list software even be able to handle
> > that much of a queue?
> >
>
> I wonder... what you try to do seems like a trivial task, or just task, where
> did you go wrong to make it send all those mails?
> just some personal interrest...
>
> > --
> > Daniel P. Brown
> > [Phone Numbers Go Here!]
> > [They're Hidden From View!]
> >
> > If at first you don't succeed, stick to what you know best so that you
> > can make enough money to pay someone else to do it for you.

While I was testing things, I commented out the wrong "to" line
and the cron was running. It was a simple mistake.

--
Daniel P. Brown
[Phone Numbers Go Here!]
[They're Hidden From View!]

If at first you don't succeed, stick to what you know best so that you
can make enough money to pay someone else to do it for you.

Hi Daniel,

Am 2008-01-04 18:31:00, schrieb Daniel Brown:
> Ignore that. It's a new script that is going to start running as
> of 4:00p EST on 11 January, 2008. It will summarize the number of
> messages to the list, then tell who posted how many, what size, et
> cetera.
>
> There may be one or two more messages that will wind up getting
> sent because I accidentally manually ran the live script while testing
> it for the cron.

Is this a Joke? -- I have gotten over 100 of them...

Thanks, Greetings and nice Day
Michelle Konzack
Systemadministrator
Tamay Dogan Network
Debian GNU/Linux Consultant


--
Linux-User #280138 with the Linux Counter, http://counter.li.org/
##################### Debian GNU/Linux Consultant #####################
Michelle Konzack Apt. 917 ICQ #328449886
50, rue de Soultz MSN LinuxMichi
0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFHg/G6C0FPBMSS+BIRAtarAKCqQWcNLJc8HLI4icleZmZm3QagMQCd GrF+
DihL7wKcKYJqRbIN+7ThONQ=
=6W4A
-----END PGP SIGNATURE-----

No, go back over the archives or digests and you'll see that it
was supposed to be a once-per-week email for post tracking on the list
that went haywire. It wound up sending over a hundred messages to the
list, which - in my opinion - also indicates a flaw in the mailing
list software.

On Jan 8, 2008 4:57 PM, Michelle Konzack <linux4michelle@freenet.de> wrote:
> Hi Daniel,
>
> Am 2008-01-04 18:31:00, schrieb Daniel Brown:
> > Ignore that. It's a new script that is going to start running as
> > of 4:00p EST on 11 January, 2008. It will summarize the number of
> > messages to the list, then tell who posted how many, what size, et
> > cetera.
> >
> > There may be one or two more messages that will wind up getting
> > sent because I accidentally manually ran the live script while testing
> > it for the cron.
>
> Is this a Joke? -- I have gotten over 100 of them...
>
> Thanks, Greetings and nice Day
> Michelle Konzack
> Systemadministrator
> Tamay Dogan Network
> Debian GNU/Linux Consultant
>
>
> --
> Linux-User #280138 with the Linux Counter, http://counter.li.org/
> ##################### Debian GNU/Linux Consultant #####################
> Michelle Konzack Apt. 917 ICQ #328449886
> 50, rue de Soultz MSN LinuxMichi
> 0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
>



--
</Dan>

Daniel P. Brown
Senior Unix Geek and #1 Rated "Year's Coolest Guy" By Self Since 1979.

Daniel Brown schreef:
> No, go back over the archives or digests and you'll see that it
> was supposed to be a once-per-week email for post tracking on the list
> that went haywire. It wound up sending over a hundred messages to the
> list, which - in my opinion - also indicates a flaw in the mailing
> list software.

so do we call you 'PostTrack' or "PassTheBuck" from now on? ;-)

>
> On Jan 8, 2008 4:57 PM, Michelle Konzack <linux4michelle@freenet.de> wrote:
>> Hi Daniel,
>>
>> Am 2008-01-04 18:31:00, schrieb Daniel Brown:
>>> Ignore that. It's a new script that is going to start running as
>>> of 4:00p EST on 11 January, 2008. It will summarize the number of
>>> messages to the list, then tell who posted how many, what size, et
>>> cetera.
>>>
>>> There may be one or two more messages that will wind up getting
>>> sent because I accidentally manually ran the live script while testing
>>> it for the cron.
>> Is this a Joke? -- I have gotten over 100 of them...
>>
>> Thanks, Greetings and nice Day
>> Michelle Konzack
>> Systemadministrator
>> Tamay Dogan Network
>> Debian GNU/Linux Consultant
>>
>>
>> --
>> Linux-User #280138 with the Linux Counter, http://counter.li.org/
>> ##################### Debian GNU/Linux Consultant #####################
>> Michelle Konzack Apt. 917 ICQ #328449886
>> 50, rue de Soultz MSN LinuxMichi
>> 0033/6/61925193 67100 Strasbourg/France IRC #Debian (irc.icq.com)
>>
>
>
>

On Jan 9, 2008 1:45 PM, Jochem Maas <jochem@iamjochem.com> wrote:
> Daniel Brown schreef:
> > No, go back over the archives or digests and you'll see that it
> > was supposed to be a once-per-week email for post tracking on the list
> > that went haywire. It wound up sending over a hundred messages to the
> > list, which - in my opinion - also indicates a flaw in the mailing
> > list software.
>
> so do we call you 'PostTrack' or "PassTheBuck" from now on? ;-)

No, you call me The Moron Who Commented-Out The Wrong Line And
Flooded The List With Test Data.

It's a long name, but it's accurate. When I was running the cron
to see why the piped response wasn't working (as it turned out, I had
simply mistyped the address in valiases), it was supposed to send the
data directly to my email address only. However, I commented out the
wrong line, and uncommented the line containing the
php-general@lists.php.net address.

Then, because I didn't know that it was working the whole time,
when I discovered the bugs and repaired them, the messages - sent
every minute by the cron for testing - were queued in the mailing list
database, pending confirmation of the sending address. THIS is the
part I believe is a serious flaw in the mailing list software, because
it's been proven that all a malicious user would have to do is flood
the list, then confirm the address from which they sent the messages
after the queue has been flooded, and the messages will be dispatched.
It should only hold a maximum of two messages in the queue, in my
[very] humble opinion.

The problem was that all of the messages were sitting in the queue
without my knowledge. They were not being sent from the server when
they were being received by subscribers to the list, they were being
sent by the mailing list software. This also identifies an issue that
would suggest that the mailing list system could be vulnerable to a
denial-of-service style of attack, where the queue is flooded with
thousands - even millions - of messages and doesn't dispose of them
properly.

So once again, my apologies, but I do think that the exercise
accidentally identified a security and stability issue with the list
software that should be addressed. Maybe it can be done with a
setting, but it may require a hard-coded patch. I don't know, but
hopefully someone else here does.

--
</Dan>

Daniel P. Brown
Senior Unix Geek and #1 Rated "Year's Coolest Guy" By Self Since 1979.