dltj
diff --git a/‎README.md‎
Lines changed: 33 additions & 12 deletions b/‎README.md‎
Lines changed: 33 additions & 12 deletions
diff --git a/‎assets/images/index.html‎ b/‎assets/images/index.html‎
diff --git a/‎content/2008-07-15-dns-vulnerabilities.markdown‎
Lines changed: 18 additions & 3 deletions b/‎content/2008-07-15-dns-vulnerabilities.markdown‎
Lines changed: 18 additions & 3 deletions
diff --git a/‎content/2008-07-16-mailman-spam-howto.markdown‎
Lines changed: 14 additions & 2 deletions b/‎content/2008-07-16-mailman-spam-howto.markdown‎
Lines changed: 14 additions & 2 deletions
@@ -1,22 +1,43 @@
-# DLTJ Blog with Jekyll on AWS CodeBuild/ECR/S2/CloudFront
+# DLTJ Blog with Pelican
 
-## Build the Docker image 
+Using PDM as a Python manager. Use `pdm run zsh` to activate a shell.
 
-docker build -t dltj-jekyll-runner:latest .
+## Basic setup 
 
+1. `pdm python install` — install Python venv
+1. `pdm install` — install prereq
 
-## Local blog generation
+## View site
 
-docker run --rm \
-    -v ${PWD}:/srv/jekyll \
-    -p 4000:4000 \
-    {aws_acct_id}.dkr.ecr.us-east-1.amazonaws.com/codebuild/dltj-jekyll-runner:latest serve --host 0.0.0.0
+1. `invoke serve` or `invoke liveupdate`
 
+## Historic Notes
 
-## Upload the CodeBuild custom build environment image
+- Files with `.markdown` extensions were converted from the Wordpress site (and still may need some manual editing)
 
-aws --profile dltj-admin ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin {aws_acct_id}.dkr.ecr.us-east-1.amazonaws.com
+## Macros
 
-docker tag dltj-jekyll-runner:latest {aws_acct_id}.dkr.ecr.us-east-1.amazonaws.com/codebuild/dltj-jekyll-runner:latest
+### Image
 
-docker push {aws_acct_id}.dkr.ecr.us-east-1.amazonaws.com/codebuild/dltj-jekyll-runner:latest
+```
+{{ image(
+    div_float: str = None,
+    width: str = None,
+    localsrc: str = None,
+    abssrc: str = None,
+    caption: str = None,
+    alt: str = None,
+    ahref: str = None,
+    localhref: str = None) }}
+```
+
+### Captioned section
+Used for things other than an image to get the same rendered output 
+
+```
+{{ captioned(
+    div_float: str = None,
+    width: str = None,
+    caption: str = None,
+    contents: str = None) }}
+```
@@ -77,13 +77,23 @@ comments:
 <h2>DNS:  The Internet's Addressbook</h2>
 <p>Your computer (or, in some special cases such as a home network setup, "your entire network" ((This happens with a technique called "Network Address Translation" or NAT.  NAT was created to conserve the internet address space (among other reasons) by putting multiple computers behind a device that makes all of the computers look like one machine to the outside world.  If you connect to the rest of the world via a small hub, you're probably using NAT.  If the IP address of your computer starts with "10" or "192.168" you are definitely using NAT.))) is uniquely defined on the internet by an "IP address".  It is a series of four numbers separated by a period; something like "216.178.38.116".  Every computer on the network has one.  The issue is that these numbers are not as easy to remember as names like "myspace.com".  Enter DNS...</p>
 <p>It is the Domain Name System, or DNS, that translates an easily recognizable name to an IP address.  DNS is a distributed database of names-to-numbers (and numbers-to-names and all sorts of other mappings).  A network machine -- say, your desktop computer -- is running a program (a web browser) that needs to connect to a server.  It relies on a DNS client to perform the name-to-number mapping.  This figure shows a simplified relationship between all of the parts.</p>
-<p>[caption id="attachment_390" align="alignnone" width="500" caption="Sequence Diagram Showing Normal DNS Operation"]<img src="/assets/images/2008/07/dns-normal.png" alt="Sequence Diagram Showing Normal DNS Operation" title="DNS-Normal" width="500" height="318" class="size-full wp-image-390" />[/caption]</p>
+{{ image(
+    div_float="none",
+    width="500",
+    caption="Sequence Diagram Showing Normal DNS Operation",
+    alt="Sequence Diagram Showing Normal DNS Operation",
+    localsrc="2008/07/dns-normal.png") }}
 <p>On your computer, the web browser makes a request with the local DNS client to one of the DNS servers it knows.  (You'll see this DNS service listed if you look at the network properties on your computer.)  DNS servers can, and typically do, remember the answers to recently asked questions from other DNS clients (a feature called "caching"); if the DNS server can answer the question from its cache, it will.  If not, one of two things can happen:  1) DNS Server 1 can send a message back saying it doesn't know but suggest where it might go to find an answer; or 2) attempt to find the answer itself and send it back to the DNS client.  The latter is what is pictured above and is called "recursive name resolution".  DNS Server 1 can also cache the information so as to answer a subsequent question for the same information without having to go out and ask another DNS server for it.  ((The amount of time a caching DNS server can hold onto information on behalf of an "authoritative" DNS server is specified as part of the DNS protocol, but such consideration is outside the scope of what is being talked about here.))</p>
 <h2>When DNS Goes Bad</h2>
 <p>So what is the problem?  The United States Computer Emergency Readiness Team (<a href="http://www.us-cert.gov/about-us" title="US-CERT: About Us">US-CERT</a>) <a href="http://www.us-cert.gov/cas/techalerts/TA08-190B.html" title="US-CERT Technical Cyber Security Alert TA08-190B -- Multiple DNS implementations vulnerable to cache poisoning">describes it this way</a>:</p>
 <blockquote><p>An attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services. Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control.</p></blockquote>
 <p>In other words, some rogue agent out on the net tries to inject bad information into a DNS cache by sending specially constructed answers to questions that the caching DNS server never asked.  That looks something like this.</p>
-<p>[caption id="attachment_391" align="alignnone" width="500" caption="Sequence Diagram Showing the Effect of DNS Cache Poisoning"]<img src="/assets/images/2008/07/dns-poison.png" alt="Sequence Diagram Showing the Effect of DNS Cache Poisoning" title="DNS-Poison" width="500" height="318" class="size-full wp-image-391" />[/caption]</p>
+{{ image(
+    div_float="none",
+    width="500",
+    caption="Sequence Diagram Showing the Effect of DNS Cache Poisoning",
+    alt="Sequence Diagram Showing the Effect of DNS Cache Poisoning",
+    localsrc="2008/07/dns-poison.png") }}
 <p>As the US-CERT advisory points out, this is a bad thing.  Many internet services rely on the fact that when they ask to connect to a host with a specified name that they will in fact be talking to a host with that name.  You want to know that you are sending and receiving e-mail from the servers you expect and that the websites you get information from are the true, correct servers.  DNS cache poisoning effectively hides this because the address bar in the browser <em>looks</em> correct.</p>
 <h2>Beyond Phishing</h2>
 <p>Note that this scheme is different from the "phishing" technique.  In that technique, you might be ask to go to a URL like <code>http://badguys.crimesyndication.org/banking.yourbank.com/</code>, which would look and behave like the "banking.yourbank.com" site that you know, but it is really a website on "badguys.crimesyndication.org" that is simply made to look like your online banking site.  Careful inspection of the URL and the hints supplied by the browser about the security certificate would show that you are connecting to the wrong place.  The "DNS Poisoning" vulnerability is much worse because <em>your computer</em> was fooled into connecting to the wrong site and is passing that tomfoolery back to you.</p>
@@ -93,7 +103,12 @@ comments:
 <blockquote><p>About a year ago Google and Dell announced a partnership to include the Google Toolbar on new Dell computers. At the same time, Google was trying to convince the Department of Justice that changing the default search engine in the (then) new IE7 was too difficult (when in reality it&rsquo;s really simple). Installing the toolbar meant that users would have Google as their default search engine in IE7. It also meant that Dell and Google would share some of the revenue from the advertising clicks that resulted from these installations, much like The Mozilla Foundation does with its Firefox browser. ...</p>
 <p>The solution to this problem was to route Google requests through a machine we run to check if the request is a typo or one of your shortcuts. If it is a typo or shortcut then we do what we always do, just fix the typo or launch your shortcut and send you off on your way. If it&rsquo;s not one of those two things, we pass it on to Google for them to give you search results. This solution provides the best of both worlds: OpenDNS users get back the features that they love and Google continues to operate without problems.</p></blockquote>
 <p>This is what it looks like in a picture:</p>
-<p>[caption id="attachment_392" align="alignnone" width="500" caption="Sequence Diagram Showing the OpenDNS Response to Dell/Google"]<img src="/assets/images/2008/07/dns-opendns-google.png" alt="Sequence Diagram Showing the OpenDNS Response to Dell/Google" title="DNS OpenDNS Google" width="500" height="318" class="size-full wp-image-392" />[/caption]</p>
+{{ image(
+    div_float="none",
+    width="500",
+    caption="Sequence Diagram Showing the OpenDNS Response to Dell/Google",
+    alt="Sequence Diagram Showing the OpenDNS Response to Dell/Google",
+    localsrc="2008/07/dns-opendns-google.png") }}
 <p>Danny Sullivan of Search Engine Land has a more <a href="http://searchengineland.com/070523-083042.php" title="Google &amp; Dell&#039;s Revenue-Generating URL Error Pages Drawing Fire">in-depth analysis of Google's and Dell's actions</a>.  David offers a defense of OpenDNS's response in a comments on <a href="http://yro.slashdot.org/article.pl?sid=07/05/24/0342246" title="OpenDNS Says Google-Dell Browser Tool is Spyware | Slashdot">a post to Slashdot</a> (<a href="http://slashdot.org/comments.pl?sid=235955&amp;cid=19251937" title="Comments on OpenDNS Says Google-Dell Browser Tool is Spyware">this is the sharpest and most poignant</a>).  If offering OpenDNS as a fix for DNS cache poisoning is two steps forward, then OpenDNS's response to the Dell/Google action is, at best, one step back.  I would prefer that Dell not automatically install functionality like this on my PC.  I would also strongly prefer that DNS resolvers not try to be too cute.  Fortunately, it is <a href="http://blowery.org/2008/04/08/opendns-is-proxying-google/" title="OpenDNS is proxying Google?">possible to turn off this behavior in OpenDNS</a>, which I prefer to do.  But, all told, this is just one more lesson about how important the Domain Name Services is to the fundamental operation of the internet, and how easy it is to take for granted.</p>
 <h2>Updates</h2>
 <p><b>18-Jul-2008</b>:  I exchanged e-mail with David Ulevitch, Founder and CEO of OpenDNS, that focused on the latter part this posting.  He noted that "everything in our service, including the Google proxy, is an option that can be enabled or disabled in a (free, of course) user account."  I implied that by linking to <a href="http://blowery.org/2008/04/08/opendns-is-proxying-google/" title="OpenDNS is proxying Google?">Ben Lowery's posting</a> with instructions on "flipping the 'Enable OpenDNS proxy' toggle".  So I wanted to explicitly call that out.   David also pointed out OpenDNS is working with Google to create favorable peering arrangements at <a href="http://system.opendns.com/" title="OpenDNS &amp;gt; System (also available at http://208.67.219.60/)">their distributed sites</a>; doing so is decreasing the latency introduced by the proxy.</p>
 
@@ -32,7 +32,13 @@ comments:
 <p>Dealing with SPAM e-mail is a real hassle.  Dealing with SPAM e-mail as a mailing list owner is an even bigger hassle.  Here are some tips for dealing with SPAM e-mail on mailing lists using the <a href="http://www.list.org/" title="Mailman, the GNU Mailing List Manager">Mailman</a> software package.</p>
 <h2>The Symptoms</h2>
 <p>Unless you are making your users as well as yourself miserable, you've probably set the "Action to take for postings from non-members for which no explicit action is defined" to "Hold".  I believe this is the default setting for new lists.</p>
-<p>[caption id="attachment_399" align="alignnone" width="500" caption="Hold Nonmember setting in Mailing list administration,  Privacy Options, Sender filters"]<img src="/assets/images/2008/07/hold-nonmember.png" alt="\"Hold Nonmember\" Setting in Mailing list administration -> Privacy Options -> Sender filters" title="hold-nonmember" width="500" height="28" class="size-full wp-image-399" />[/caption]<span id="genericNonmemberActionLink">&nbsp;</span></p>
+{{ image(
+    div_float="none",
+    width="500",
+    caption="Hold Nonmember setting in Mailing list administration,  Privacy Options, Sender filters",
+    alt="\"Hold Nonmember\" Setting in Mailing list administration -> Privacy Options -> Sender filters",
+    localsrc="2008/07/hold-nonmember.png") }}
+{: #genericNonmemberActionLink}
 <p>This will hold all of the messages sent by non-members -- all of those spamy e-mail addresses -- to a queue on the Mailman server.  You'll receive a notification that a message is being held for you:<br />
 <blockquote><code>As list administrator, your authorization is requested for the following mailing list posting:<br />
 &nbsp;<br />
@@ -54,7 +60,13 @@ to approve or deny the request.<br /></code></p></blockquote>
 Please attend to this at your earliest convenience. &nbsp;This notice of pending requests, if any, will be sent out daily.<br /></code></p></blockquote>
 <h2>A Solution</h2>
 <p>This isn't an ideal solution, but it at least lets you ignore the vast majority of these messages confidently knowing that -- unless your mailing list is unlucky enough to be hit daily by spam -- eventually the daily prodding messages will go away.  The key is to set the "Discard held messages older than this number of days" to some reasonable number:</p>
-<p>[caption id="attachment_400" align="alignnone" width="500" caption="Discard Messages setting in Mailing list options, General options"]<img src="/assets/images/2008/07/discard-messages.png" alt="\"Discard Messages\" setting in Mailing list options -> General options" title="discard-messages" width="500" height="60" class="size-full wp-image-400" />[/caption]<span id="maxDaysOnHoldLink">&nbsp;</span></p>
+{{ image(
+    div_float="none",
+    width="500",
+    caption="Discard Messages setting in Mailing list options, General options",
+    alt="\"Discard Messages\" setting in Mailing list options -> General options",
+    localsrc="2008/07/discard-messages.png") }}
+{: #maxDaysOnHoldLink}
 <p>I use "4" in that field:  two days to cover weekends plus a two day grace period.  For a message that is errantly caught in the queue (because it was too large, was sent by a subscriber who's email address changed, or other reason), I now have four days to release it.  If I do nothing, the message disappears from the hold queue after that time, and I get this final e-mail message:</p>
 <blockquote><p><code>From:&nbsp;&nbsp;&nbsp;&nbsp;<i>mailingListName</i>-bounces@<i>mailingListHost</i><br />
 Subject:&nbsp;<i>mailingListName</i> moderator request check result<br />