Plaidophile

So my MacBook is well over 3 years old and it's starting to get really aggravating. It's actually still plenty fast, but the original Unibody MacBook seems to have various I/O problems, and I've ended up only using this as a glorified netbook for a while anyway. Meanwhile, OSX Lion is starting to really get on my nerves for a number of thousand-papercuts reasons, while Linux has been getting progressively better and better over the last few years.

So anyway, I've been looking at laptops again and have a pretty short list of ones I'm interested in, but am open to other suggestions as well.

As part of my ongoing crusade to get Google out of my life as much as possible, I have switched my search engine to DuckDuckGo. It is mostly pretty good (and a lot easier to do in Firefox by installing the search plugin), although there are still a few rough edges.

One of the more annoying things is that it still tries to overcorrect things that it seems as errors, which can make it pretty difficult to look up pages on programming things.

However, there is also a pretty troubling thing in the way that they've implemented SafeSearch; rather than simply filtering the search results to remove adult content, they also remove potentially-adult-material-generating terms from the search phrase itself. They try to whitelist non-adult-oriented uses of words based on phrase matches, but it's pretty clumsy, and anyway it's a pretty stupid way to try to sanitize results. Annoyingly enough, it's also all-or-nothing; you can turn off SafeSearch entirely, or you can try to figure out how to get a phrase through the rather arbitrary filter.

So of course I've taken screenshots of what I'm talking about.

I was using 5ite.com as a cheap VPS for my email hosting. Over the several months that I was using them, I was constantly plagued with frequent outages, and my uptime was nowhere close to the guaranteed 99.9%. No matter how much I complained about this, they did nothing to rectify said guarantee. Often they would go down for a whole day at a time and not respond to any customer emails or even say what was going on via Twitter, nor would they provide any information afterwards.

This morning was the last straw, however; there was another protracted outage yesterday, and when I opened a ticket their response was that they were undergoing "emergency maintenance." Today my server came back up, but lo and behold, the file permissions were all completely broken; it looked like they had done a hamfisted system restore because everything was owned by root:root. User files, temp files, device inodes, everything. So of course, very little of the system actually worked.

Fortunately, I happened to have a backup from several hours before the outage, and was able to restore all my files. To LiNode, where I am setting up e-snail.us anew.

It'll take a while for DNS to propagate for the new mail.e-snail.us address, but hopefully when it does I can hit the ground running with a working email system, modulo the likelihood that I've forgotten to migrate some config files or SSL certs or whatever.

The year began just hours after my grandmother died.

These are the sorts of things that bug me:

1. iPhone (the first model)
2. iPhone 3G (the second model)
3. iPhone 3GS (the third model)
4. iPhone 4 (the fourth model)
5. iPhone 4S (the fifth model)

So if the next redesign is iPhone 5, then that retroactively makes the iPhone 4's name pretty silly. But if they call it iPhone 6, everyone who doesn't have a sense of history will be upset.

Speaking of history, I'm glad that Apple finally has a device (the new Nano) that does all of the fun pedometer/run timing/achievements/etc. stuff that my Sony Ericsson W580 did four years ago. Maybe I'll upgrade. (I probably won't.)

So at this point I have migrated my calendar data to my own DAViCal installation (which is mostly working except for sending/receiving invites - gotta figure out what's going on with that), deleted both of my Apps accounts, and also deleted a bunch of GMail accounts which I had lying around which had somehow (and rather creepily) gotten linked to each other anyway. I still have one gmail account for Android Market and I see no reason to get rid of that just yet, and I've relinked my YouTube account to that since there's no way to have YouTube without a Google account anymore.

It's kind of scary to be without a safety net here but on the other hand, it was also kind of scary about what sorts of stuff Google was doing in the background without my knowledge as well. (I mean, for a time, trying to log on to my YouTube account to relink it was logging me on to a completely different gmail account that I'd forgotten about, and it was insisting that I needed to create a new YouTube account as part of it! Very broken in stupid ways. But once I deleted that old gmail account, that freed up the legacy YouTube account to be relinked. Puzzling all around, though.)

Many of my friends who were on G+ with pseudonyms that hadn't gotten nuked yet went ahead and deleted their accounts too. We're all back to using LiveJournal and email.

Oh, and for a while I was thinking I'd made a mistake since all of the CalDAV clients I found for Android were standalone calendar apps (rather than CalendarProvider implementations as they should be), but finally I found CalDAV-sync which seems to be working quite nicely. It's $3 and still alpha, but that's worth it (hopefully they don't get nuked from orbit for no reason like Better Android did). They also have a CardDAV provider as well, for when I finally remove my addressbook from the one gmail account.

One missing thing for this is the ability to subscribe to friends' shared calendars, but I can still do that via my Android gmail account for now.

Hopefully there will eventually be some turnkey F/OSS suite to make it easy to set up this stuff. Email is well-known and so on, but CalDAV is still sort of nascent as far as interoperability goes.

Oh, and there's probably still a few Google account remnants out there. My apps accounts' associated Google accounts are still active (with no way to shut them off), and since I have FeedBurner and AdSense/AdWords associated with one of them, that'll probably continue to exist for a while. Which reminds me, I must get rid of all the AdSense on my site... (I've made like $29 over all time on Google page ads, so I mean, yeah. No big loss.)

So for obvious reasons I'm moving my crap away from Google. I'll keep my main gmail.com account for use with my Android phone (because there's no reasonable substitute on the Android side) but for everything I care about, I'm going back to self-hosted über alles.

Dreamhost's shared server offerings are no longer adequate for my email needs, though. As such, I will probably switch that to a VPS. I've gotten a few good recommendations for Linode. Any others I should look into? Normally I'd just sign up for Dreamhost VPS but I've heard bad things about them lately, and also bad things about Slicehost.

It'll be nice to have sane bogofilter-based filtering again, in any case.

The other main thing I use Google for is RSS aggregation. Are there any good server-side aggregators with decent user interfaces? My usual fallback is FeedOnFeeds, but there's something that always causes me to get fed up with it and switch back to Google Reader. I have no idea what the hell that reason is, but it always becomes a giant "oh yeah" thing when I start using it. The only thing I seem to have written up was the last time I switched back to FonF after Google pissed me off the previous time. (Someday I'lll learn that he doesn't hit me out of love.)

It'd also be nice to have a decent CalDAV server, since I occasionally use my Google Apps ones for various things. So that's another thing to put on the VPS (Dreamhost's WebDAV doesn't have CalDAV extensions). I assume that I can find such a thing via, er, a search engine.

And ON THAT TINY NOTE, what should I use for searches instead of Google?

• Ex-Google employee who was suspended from Google (the attitude involved played a big part in her leaving the company) — plenty of comments there from people with similar stories
• My Name Is Me: A clearinghouse of stories for why Internet identity ABSOLUTELY SHOULD NOT be tied to legal identity
• A friend of mine in the UK has started an EU investigation on Google for their flagrant violations of anti-discrimination and privacy laws
• Google+'s own VP isn't even using his real name on his profile. Hypocritical much? (also Scoble — allegedly also not his real name — is a terrible sycophant)
• Somewhere some Google higher-up said something to the effect of, "Maybe people who are trying to hide from their abusive stalkers shouldn't be using Google+." Anyone remember who said that and where? More attention need sto be brought to this sort of arrogant attitude.

I'm actually surprised it took this long, but I've been suspended from Google+ for "violating community standards." Of course, to reinstate it they want me to change my name to my legal name and provide a copy of a driver's license, or otherwise show that the name that everyone knows me as is my real name from a "reputable source" such as "Facebook, LinkedIn, or a news article."

I was already having a more or less apathetic relationship with G+, and now I guess this settles whether I'll be using it anymore.

In other news, other parts of Google are much the same. "Do no evil" just isn't good enough, guys.

I am trying to store my iTunes library on a NAS again, but this is really painful. iTunes seems to insist on normalizing every Unicode character in my library differently every time, and gets confused when there are a bunch of different folders on the NAS for a single artist or album just because there's Unicode in the name. Attempting to fix it via changing the "sort artist" field or the like doesn't really help much, either, because when I change half the songs the other half go "missing."

To make things even worse, iTunes has no way to show just the files it thinks are missing, and none of the various iTunes help threads out there are ever answered by anyone who seems to understand what the problem is.

It would be nice if iTunes didn't try to be so anal about naming its files exactly how it's listed in the id3 tag, and further if it would provide an easier mechanism to reattach to missing files en masse. The fact there's no way to say LOOK ALL THESE FILES ARE IN THIS DIRECTORY is simply flabbergasting.

Basically, iTunes still really fucking sucks.

So, somehow some pretty insidious malware got onto my site. From what I can tell it was installed via an old upload exploit in WordPress, on schadenfood.org (now offline since it's not like I was ever doing anything with it anyway). I did a bunch of forensics on it, and found that while the initial infection was probably just done by automated script, someone actually left a pretty thorough backdoor that allowed pretty much complete access to my whole Dreamhost account (files, shell, and so on).

Unfortunately, Dreamhost's logs don't go back far enough to find out how it was installed, and the backdoor script didn't keep a log so I have no idea what they did during the time leading up to the addition of the SEO spam crap that clued me in to its presence (because of a random happenstance that happened to make me aware that it had been installed at around 6 AM today). I have the IP address of the system that was used to access the backdoor, and I know that over the last few days they'd been accessing it repeatedly, but all of the commands are hidden in a POST request, so I have no idea what exactly they did.

I did go through and find every spot that they'd added additional exploit code, and of course I'm changing what passwords were visible in some way through the account files. Unfortunately, they had access to a couple of sensitive and important files that I was keeping in a private WebDAV share, and I'm feeling very sick to my stomach, especially with not knowing if they ever found the directory it was kept in. (I am, of course, moving all that stuff to my own personal NAS now, and deleting the WebDAV share.)

Fortunately, the only account password they'd have had access to directly was my database password, which I generate randomly and keep unique, and it's not a big deal for me to change it again. There's also a single spot where my OpenID password was viewable as an md5 hash (and it turns out that said hash is findable in some of the various md5 lookup tools out there), so of course I've changed that too.

HOWEVER: One of the bits of malware I dissected did appear to have the ability to generate a full table dump of my entire database (I don't know if this function was ever activated), and you should be aware that phpBB 2 (like I use here) uses unsalted MD5 password hashes. So you should probably change your forum password here, and anywhere else that you use the same password. Sorry. :( (I'd upgrade to phpBB3, which finally fixes that issue, except that it will break all of the commentary functionality on my site if I do. I should look to see if there's at least a salted-md5 patch for phpBB2 floating around out there though. I've been meaning to do that forever but of course now that's squeezing my buttocks after I've farted, as the Japanese saying goes.)

I have, in the meantime, removed ALL the goofy webservices that I'm not using anymore, and hoping that the ones I still do have installed (because I, you know, use them) are secure. I should definitely check for security updates on what's left, at least. Also, do a full audit on all of my custom PHP scripts because who knows what's lurking in those.

tl;dr: The site was hacked, your password may be compromised, and the hack was directly targeted enough that I'm feeling violated and am probably going to have my identity stolen or something now.

it is a lot easier t o keep inmiscible identities separate on the Internet if you keep thm completely separate from real life as well. I am apparently bad at both, judging by how many of my former coworkers have recently added "fluffy critter" to their circles on Google+. I mean, it was okay when it was the people who I'd let know about it to begin with (and I mean if ucblockhead hadn't known me online I'd have never had the job to begin with), but I'm not quite sure how I feel about apparently everyone else in the office knowing now too. Sigh.

Oh well. I've long felt that it's not so bad having people who actually know me actually know ME - it's the other direction I've always felt important to avoid (people trying to link my online self to my offline self in a way that makes it easy for people to know my real name which is not actually my real self). I hate people judging me by my resume and my picture and my legal name as if those are any more valid than the self I have discovered within.

I guess either direction is potentially problematic because I hate the idea that people would judge me unfairly based on stereotypes from one set of interest, and I'm still paranoid with the whole "You'll never get a job if people know about you!" thing that people have been parroting for years, despite clear evidence to the contrary.

Basically I'm complicated.

I decided to splurge a bit and ordered a Sony α NEX-5. I got it in a bundle with both lenses (16mm pancake + 18-55mm zoom), an 8GB SDHC card, and a carrying case, and I also added on the fisheye conversion lens. Today I received it, and had a bit of fun.

A while ago I learned about an interesting language called Vala, which is basically C++ if it were redesigned from the ground up with only the good parts of C++, plus useful parts of other more-modern languages like C# and JavaScript. Every now and then I look at the tutorial again and it's just getting better and better. And it is designed to maintain ABI compatibility with C, and actually is just a front-end that generates and compiles C code, meaning it's also perfectly-suited for embedded programming, especially on platforms where C++ has been stupidly hobbled (such as Android NDK).

I especially like the way it handles generics, the way all Vala references are equivalent to boost::shared_ptr (with a keyword to make a reference weak - without any need to explicitly lock it), the way that you can still do explicit memory management if you need to (only with a very nicely-implemented equivalent of std::auto_ptr to make even that stuff easier), it supports contract-based programming features (including requiring explicit nullability for object parameters), and that it supports true closures (unlike Java's quasi-closures) with a syntax that isn't ridiculously horrible (unlike in Javascript, C99, or C++0xB2011). It also has a very nice syntax for function pointers delegates, and also has some syntactic features that are there specifically to support asynchronous message handling.

It's a shame that people only seem to think that it's suitable for Gnome, probably because it grew out of GObject and is part of the Gnome project. It's not! It's a general-purpose language, that just happens to also provide GTK and Gnome bindings as part of its standard library. But it's also compiled, C-compatible (and therefore C++-compatible), and doesn't require a ridiculously large and fragile runtime library.

Maybe someday I'll have an opportunity to actually do a project with it. For now I just feel like I keep on staring through the window at the shiny toy that I wish I could use.

So, last night one of the hard drives in my RAID died. That wouldn't be so bad except that shortly after, another one died too. They were ones that I'd installed at the same time, from the same production batch. Western Digital WD20EARS. So of course this invalidates my entire RAID.

I'm making a mental inventory of what was on there that I care about. Fortunately I have my offsite backup, and also most of the stuff on there wasn't irreplaceable (everything that was I had multiple redundant backups of), and even if I did lose it all, it's nothing I have any major sentimental attachment to.

Right now my office is so quiet my ears are ringing.

Yep, I just got another phone. Although "new" isn't really the right term for it...

Gingerbread is a very green OS. By that I don't mean it's particularly eco-friendly, though; I mean it is imbued with the color green. Here are some screenshots I took after upgrading my Nexus One today. (Warning: massive image dump)

I finally got sick of how crappy my laptop's hard drive was for Logic, and upgraded to a nice big SSD. Holy cats this thing is fast. 190MB/sec write speeds, booting is really fast (it's kind of weird having all my startup apps start up right at startup!) and everything works great. I also managed to get it for $445 shipped; the deal at SSD Solutions seemed too good to be true, but the reviews said it was legit, and yeah, so far it's exceeded expectations. Not a refurb, not an obvious bootleg... I think they might be loss-leading in an attempt at becoming a "featured merchant" on Amazon (since right now they're pretty much buried in the listings).

Transferring data from my old drive was pretty easy. I used a SATA/IDE to USB 2.0 Adapter and the Mac OS X data migration tool (which was also nice enough to let me turn off transfer of my iTunes folder, which is way too big and is now going to live on my NAS, with all the problems that implies).

I think the most striking thing about it is just how quiet my computer is when the CPU fan hasn't kicked in. I hadn't realized how much of its idle noise was the hard drive. It's also running a lot cooler and presumably the battery will last longer. I am also of course looking forward to not having Logic constantly complain about a "system overload" every time I try recording on a project that I haven't gotten entirely in the readahead cache after letting my computer go to sleep for a couple seconds.

As an attempt at getting rid of some stupid spammers who are also trying to exploit nonexistent scripts on my site, I'm trying to redirect all requests that contain /../ in the original request URI (which are basically guaranteed to be an exploit attempt) elsewhere. However, it looks like mod_rewrite is only performing the substitution rule on the resolved path (i.e. it's treating /foo/../bar/ as /bar/) despite the fact that the REQUEST_URI environment variable still has the original /../-containing expression in it. I know my regexp is written correctly because the rule is working on other things (such as QUERY_STRING and HTTP_REFERER).

So, does anyone know if there's any configurations to mod_rewrite which might fix this behavior?

It's not a big deal but I've noticed a high correlation between the spammers who get through and the folks who are trying to find stupid CGI exploits and I figure anything that trips them up can only help.

In C++ you can mark a method as being abstract pretty trivially, e.g.:

class A {
  virtual foo() = 0;
};

which makes it so that you can't instantiate anything that derives from A until the method foo has an implementation. This is a very useful pattern.

What it's missing, however, is a way of insisting that every instantiable instance of A must provide its own implementation of foo; for example:

class A {
  virtual foo() = 0;
};

class B: public A {
  virtual foo() {}
};

class C: public B {
};

It would be nice if in this case, there were a way to make it so you can't instance C until it gets its own implementation of foo.

Of course, the situation I've run into where this would be exceptionally useful (having a complex DOM which needs per-class script bindings) is kind of nichey, and I can't really see it adding much value to the language as a whole. Still, I can dream...