Sorry, kids. My site has been pummeled with spam comments. As I write this, the bastards have already tried to spam my page about comments, at least once (tail -f is your friend). Thirty minutes ago, it was every 5 seconds.

I suppose it was my fault for not getting an Akismet API key. I have one now, but I’m going to keep comments on my site down for a few days until the mess dies down. I really can’t fix much of anything because I’m too busy with other projects.

Which brings me to my other h4×0r encounter for the week. Someone figured out, as long ago as Sept 12, how to compromise our webserver at KCKCC. They used it to set up an eBay-phishing page. Funny thing is, we didn’t even notice until eBay sent us an email notifying of the site.

When we dug into the directory, we found all kinds of hacks, including numerous PHP scripts that grant shell access. The primary problem was that we were running PHP with Safe Mode Off, it seems. We turned it on and now every PHP script has to run as the Apache user. No login for you!

Sure, it's nearly effortless to add a new XML-based API to your application using the latest stuff in Rails Edge, but what do you do when the Sandman comes? (Sorry about all the puns!)

Lately, I've been very interested in the stuff coming out in Rails Edge and eventually 1.2, emphasizing the CRUD design technique and using REST based services. A lot of this has been spurred on by DHH's keynote at RailsConf that I watched via the web.

The technique is liberating! All your controllers do basically the same things, which are the major CRUD operations (index/show, create, update, destroy) and the typical special representations (edit, new). However, when it comes down to the nitty gritty, there are a few concerns I still have.