Plaidophile

Today, something nearly ate the sun, but fortunately it gave it back to us before the world ended.

A lot of folks out there know about the Mandelbrot set. But that knowledge is often based on pretty abstract stuff, and is limited to the fractal as a two-dimensional thing that doesn't really make much sense. The other day I decided to screw around with some basic GPU programs, and I figured I'd finally write some stuff about this.

This is of course very basic to anyone who has studied fractals before, but the description of what's going on is largely secondary in this case.

(Warning: There are a lot of very large images in this post.)

For the first time in a while, I decided to buy an album off the iTunes Music Store (since it was the only place it was available). Actually purchasing it required:

1. Logging into iTunes
2. Accepting updated terms and conditions
3. Logging into iTunes again
4. Enabling a bunch of wish-it-were-two-factor authentication questions (with the usual problems the pre-set questions always have, and no way to set custom questions)
5. Logging into iTunes again
6. Being notified of the download on every iOS device in my house simultaneously (some of which I didn't realize were even turned on)
7. Being asked if I wanted to turn on automatic downloads of purchases (why yes I WOULD like to actually download this music I just paid for!)
8. Finally, logging into iTunes again

At that point it finally downloaded the album.

So, for quite some time, RelayRides has been advertising in San Francisco. I was thinking of signing my car into it last summer, but then I ended up needing it every day, and then signups were closed for a while, as they were retooling the way that vehicles could be rented (switching from a Zipcar-like model to one where the owner just meets with the driver to do a key exchange).

A few weeks ago it opened up again, and since I basically never drive my car anymore, I enrolled my car right away. So far it's been pretty handy. I have one repeat customer who's using my car as a daily commuter during the week (while he's on a short-term contract down in the peninsula), and occasional people renting it on the weekends. At least for the next couple months, my car has paid for itself, and I don't have to worry about the battery going dead and whatnot.

Of course, now I sort of have the reverse problem that I did with ZipCar — instead of having to plan ahead to rent a car for doing things on the weekend (for example), now I have to plan ahead to not let other people rent my car. But I figure if I'm ever stuck needing to drive somewhere while my car is in use, I can always rent one on RelayRides.

I have no idea what this does in terms of income tax or liability if they run a red light or whatever, though. RelayRides claims to have all of the liability and insurance issues sorted out but they never gave me something to print and put in my glovebox, so hopefully I'll just never have to find out. (They do say that if I get a ticket mailed to me from a traffic camera I should forward it on to them and they'll pay it and bill the renter. They don't say what happens with license points though...)

• A litter box
• A garbage disposal
• A ceiling lighting fixture
• A dishwasher
• And, of course, a literal kitchen sink (and faucet)

So a while ago I posted about wanting a new laptop, and in the comments said I'd ordered a ThinkPad X220 Tablet. It actually took a lot longer than expected (due to multiple screwups on Lenovo's end), but I finally got it today. Actually I got a much better tablet than the one I originally ordered, and for about $200 less. It also came with the gigantic "slice" battery. I can get around 15 hours of battery life total, in theory. (I haven't measured it.)

Anyway, I quickly found that the default Lenovo install of everything was crappy, and I never managed to get a full recovery DVD set burned out and since I was going to upgrade the hard drive to my 256GB SSD (partitioned 128 for Windows, 128 for Linux) anyway, I figured I should just install an OEM copy. Fortunately, Microsoft makes the actual install media for that readily available, and fortunately my OEM key worked without any troubles. (And fortunately Lenovo makes all of the system drivers readily-available too.)

I did find that Wacom's own Tablet PC driver works way better than the one Lenovo provides (Lenovo's tries to calibrate everything by the edge of the screen, where the digitizer is very jittery and unpredictable, whereas Wacom's uses calibration points that are in the actual work area — much more useful).

The keyboard is a bit mushier than I'd like, and I'm getting all sorts of typos. I'm sure I'll get used to it in time though. On the plus side, it's quite a bit lighter than the MacBook this is replacing, and a much better size than the Inspiron Mini 9 that was my alternate for when the MacBook felt way too heavy and big to lug around.

The laptop also came with a docking station, and I'm entertaining the thought of turning my current desktop system (a Mac mini) into an HTPC and just using this laptop for everything. It's certainly powerful enough to. I'll have to weigh my options with software, though. Windows has plenty of drawing apps available but most of them suck; Linux has only a few available and all of them suck. I need to give Paint Tool SAI a fair shake; the UI is gimpy but a lot of artists I follow swear by it, and it's pretty cheap, too. Plus, I like that it actually lets you seamlessly mix raster and vector layers for sketching and inkwork; at least in principle it matches my mental model of how a drawing app should work.

I'm not sure how much time I'll be spending in Windows vs. Linux, also. I'm starting to suspect I'll just run Windows all the time, since Windows 7 actually isn't terribly painful to use for day-to-day stuff. If there were decent drawing programs for Linux the choice would be a lot easier, though.

In other technology news, due to an early-purchase opportunity provided by my employer, I got a PS Vita a couple days ago. My initial impressions: it's much nicer than the PSP, its version of Lumines is wonderful (although I've already played the hell out of it, and it doesn't seem to have the same depth of gameplay as the PS3 version, but it does have a quite nice soundtrack). It's also got the best version of wipEout so far. I haven't tried Modnation Racers (which came with the system). I have run into some stability problems, though, as well as some ridiculous human factors issues when it comes to its power saving "sleep" mode (vs. being actually turned off), and I've had to rebuild the system database several times due to what I guess was filesystem corruption. But given that the system technically isn't even out yet (at least not for most of the world) I'm not surprised that there's firmware issues.

Werner is less-than-pleased, but my home seems to be filling up with robots as of late.

To wit, in addition to the two Keepons, I also now have a Sphero, a Neato Robotic Vacuum (which is so far way better than the Roomba ever was), and a Homedics shiatsu massager. The last one isn't generally considered a robot, but I can't really see anything about it that's any less robotty than, say, the Neato, and it's a labor-saving device that does something automatically and makes loud motor noises and keeps me from playing with Werner so in his mind it's all the same anyway.

I also got a PS Vita and a bunch of games for it and have basically just played a lot of Lumines because what other games do you need, anyway?

Basically my twelve-year-old self is really happy right now.

I have been a lot less stressed ever since making the following changes in my lifestyle:

• Installing Comment Blocker on Firefox (and Shut Up on Chrome, although I'm back to Firefox full-time)
• Turning off all email notifications for general-purpose comment systems (Disqus, TypePad, etc.) that I can
• Sending all emails from comment systems that can't have notifications disabled (YouTube, Blogger, etc.) directly to the trash
• Blocking/ignoring/gagging people on IRC and MUCKs who infuriate me
• Not following blogs, LJs, etc. that have turned into nothing but whining or trolling
• Not following webcomics that have stopped being entertaining
• When something still manages to get me angry, taking a deep breath and thinking about how little it matters

So my MacBook is well over 3 years old and it's starting to get really aggravating. It's actually still plenty fast, but the original Unibody MacBook seems to have various I/O problems, and I've ended up only using this as a glorified netbook for a while anyway. Meanwhile, OSX Lion is starting to really get on my nerves for a number of thousand-papercuts reasons, while Linux has been getting progressively better and better over the last few years.

So anyway, I've been looking at laptops again and have a pretty short list of ones I'm interested in, but am open to other suggestions as well.

As part of my ongoing crusade to get Google out of my life as much as possible, I have switched my search engine to DuckDuckGo. It is mostly pretty good (and a lot easier to do in Firefox by installing the search plugin), although there are still a few rough edges.

One of the more annoying things is that it still tries to overcorrect things that it seems as errors, which can make it pretty difficult to look up pages on programming things.

However, there is also a pretty troubling thing in the way that they've implemented SafeSearch; rather than simply filtering the search results to remove adult content, they also remove potentially-adult-material-generating terms from the search phrase itself. They try to whitelist non-adult-oriented uses of words based on phrase matches, but it's pretty clumsy, and anyway it's a pretty stupid way to try to sanitize results. Annoyingly enough, it's also all-or-nothing; you can turn off SafeSearch entirely, or you can try to figure out how to get a phrase through the rather arbitrary filter.

So of course I've taken screenshots of what I'm talking about.

I was using 5ite.com as a cheap VPS for my email hosting. Over the several months that I was using them, I was constantly plagued with frequent outages, and my uptime was nowhere close to the guaranteed 99.9%. No matter how much I complained about this, they did nothing to rectify said guarantee. Often they would go down for a whole day at a time and not respond to any customer emails or even say what was going on via Twitter, nor would they provide any information afterwards.

This morning was the last straw, however; there was another protracted outage yesterday, and when I opened a ticket their response was that they were undergoing "emergency maintenance." Today my server came back up, but lo and behold, the file permissions were all completely broken; it looked like they had done a hamfisted system restore because everything was owned by root:root. User files, temp files, device inodes, everything. So of course, very little of the system actually worked.

Fortunately, I happened to have a backup from several hours before the outage, and was able to restore all my files. To LiNode, where I am setting up e-snail.us anew.

It'll take a while for DNS to propagate for the new mail.e-snail.us address, but hopefully when it does I can hit the ground running with a working email system, modulo the likelihood that I've forgotten to migrate some config files or SSL certs or whatever.

The year began just hours after my grandmother died.

These are the sorts of things that bug me:

1. iPhone (the first model)
2. iPhone 3G (the second model)
3. iPhone 3GS (the third model)
4. iPhone 4 (the fourth model)
5. iPhone 4S (the fifth model)

So if the next redesign is iPhone 5, then that retroactively makes the iPhone 4's name pretty silly. But if they call it iPhone 6, everyone who doesn't have a sense of history will be upset.

Speaking of history, I'm glad that Apple finally has a device (the new Nano) that does all of the fun pedometer/run timing/achievements/etc. stuff that my Sony Ericsson W580 did four years ago. Maybe I'll upgrade. (I probably won't.)

So at this point I have migrated my calendar data to my own DAViCal installation (which is mostly working except for sending/receiving invites - gotta figure out what's going on with that), deleted both of my Apps accounts, and also deleted a bunch of GMail accounts which I had lying around which had somehow (and rather creepily) gotten linked to each other anyway. I still have one gmail account for Android Market and I see no reason to get rid of that just yet, and I've relinked my YouTube account to that since there's no way to have YouTube without a Google account anymore.

It's kind of scary to be without a safety net here but on the other hand, it was also kind of scary about what sorts of stuff Google was doing in the background without my knowledge as well. (I mean, for a time, trying to log on to my YouTube account to relink it was logging me on to a completely different gmail account that I'd forgotten about, and it was insisting that I needed to create a new YouTube account as part of it! Very broken in stupid ways. But once I deleted that old gmail account, that freed up the legacy YouTube account to be relinked. Puzzling all around, though.)

Many of my friends who were on G+ with pseudonyms that hadn't gotten nuked yet went ahead and deleted their accounts too. We're all back to using LiveJournal and email.

Oh, and for a while I was thinking I'd made a mistake since all of the CalDAV clients I found for Android were standalone calendar apps (rather than CalendarProvider implementations as they should be), but finally I found CalDAV-sync which seems to be working quite nicely. It's $3 and still alpha, but that's worth it (hopefully they don't get nuked from orbit for no reason like Better Android did). They also have a CardDAV provider as well, for when I finally remove my addressbook from the one gmail account.

One missing thing for this is the ability to subscribe to friends' shared calendars, but I can still do that via my Android gmail account for now.

Hopefully there will eventually be some turnkey F/OSS suite to make it easy to set up this stuff. Email is well-known and so on, but CalDAV is still sort of nascent as far as interoperability goes.

Oh, and there's probably still a few Google account remnants out there. My apps accounts' associated Google accounts are still active (with no way to shut them off), and since I have FeedBurner and AdSense/AdWords associated with one of them, that'll probably continue to exist for a while. Which reminds me, I must get rid of all the AdSense on my site... (I've made like $29 over all time on Google page ads, so I mean, yeah. No big loss.)

So for obvious reasons I'm moving my crap away from Google. I'll keep my main gmail.com account for use with my Android phone (because there's no reasonable substitute on the Android side) but for everything I care about, I'm going back to self-hosted über alles.

Dreamhost's shared server offerings are no longer adequate for my email needs, though. As such, I will probably switch that to a VPS. I've gotten a few good recommendations for Linode. Any others I should look into? Normally I'd just sign up for Dreamhost VPS but I've heard bad things about them lately, and also bad things about Slicehost.

It'll be nice to have sane bogofilter-based filtering again, in any case.

The other main thing I use Google for is RSS aggregation. Are there any good server-side aggregators with decent user interfaces? My usual fallback is FeedOnFeeds, but there's something that always causes me to get fed up with it and switch back to Google Reader. I have no idea what the hell that reason is, but it always becomes a giant "oh yeah" thing when I start using it. The only thing I seem to have written up was the last time I switched back to FonF after Google pissed me off the previous time. (Someday I'lll learn that he doesn't hit me out of love.)

It'd also be nice to have a decent CalDAV server, since I occasionally use my Google Apps ones for various things. So that's another thing to put on the VPS (Dreamhost's WebDAV doesn't have CalDAV extensions). I assume that I can find such a thing via, er, a search engine.

And ON THAT TINY NOTE, what should I use for searches instead of Google?

• Ex-Google employee who was suspended from Google (the attitude involved played a big part in her leaving the company) — plenty of comments there from people with similar stories
• My Name Is Me: A clearinghouse of stories for why Internet identity ABSOLUTELY SHOULD NOT be tied to legal identity
• A friend of mine in the UK has started an EU investigation on Google for their flagrant violations of anti-discrimination and privacy laws
• Google+'s own VP isn't even using his real name on his profile. Hypocritical much? (also Scoble — allegedly also not his real name — is a terrible sycophant)
• Somewhere some Google higher-up said something to the effect of, "Maybe people who are trying to hide from their abusive stalkers shouldn't be using Google+." Anyone remember who said that and where? More attention need sto be brought to this sort of arrogant attitude.

I'm actually surprised it took this long, but I've been suspended from Google+ for "violating community standards." Of course, to reinstate it they want me to change my name to my legal name and provide a copy of a driver's license, or otherwise show that the name that everyone knows me as is my real name from a "reputable source" such as "Facebook, LinkedIn, or a news article."

I was already having a more or less apathetic relationship with G+, and now I guess this settles whether I'll be using it anymore.

In other news, other parts of Google are much the same. "Do no evil" just isn't good enough, guys.

I am trying to store my iTunes library on a NAS again, but this is really painful. iTunes seems to insist on normalizing every Unicode character in my library differently every time, and gets confused when there are a bunch of different folders on the NAS for a single artist or album just because there's Unicode in the name. Attempting to fix it via changing the "sort artist" field or the like doesn't really help much, either, because when I change half the songs the other half go "missing."

To make things even worse, iTunes has no way to show just the files it thinks are missing, and none of the various iTunes help threads out there are ever answered by anyone who seems to understand what the problem is.

It would be nice if iTunes didn't try to be so anal about naming its files exactly how it's listed in the id3 tag, and further if it would provide an easier mechanism to reattach to missing files en masse. The fact there's no way to say LOOK ALL THESE FILES ARE IN THIS DIRECTORY is simply flabbergasting.

Basically, iTunes still really fucking sucks.

So, somehow some pretty insidious malware got onto my site. From what I can tell it was installed via an old upload exploit in WordPress, on schadenfood.org (now offline since it's not like I was ever doing anything with it anyway). I did a bunch of forensics on it, and found that while the initial infection was probably just done by automated script, someone actually left a pretty thorough backdoor that allowed pretty much complete access to my whole Dreamhost account (files, shell, and so on).

Unfortunately, Dreamhost's logs don't go back far enough to find out how it was installed, and the backdoor script didn't keep a log so I have no idea what they did during the time leading up to the addition of the SEO spam crap that clued me in to its presence (because of a random happenstance that happened to make me aware that it had been installed at around 6 AM today). I have the IP address of the system that was used to access the backdoor, and I know that over the last few days they'd been accessing it repeatedly, but all of the commands are hidden in a POST request, so I have no idea what exactly they did.

I did go through and find every spot that they'd added additional exploit code, and of course I'm changing what passwords were visible in some way through the account files. Unfortunately, they had access to a couple of sensitive and important files that I was keeping in a private WebDAV share, and I'm feeling very sick to my stomach, especially with not knowing if they ever found the directory it was kept in. (I am, of course, moving all that stuff to my own personal NAS now, and deleting the WebDAV share.)

Fortunately, the only account password they'd have had access to directly was my database password, which I generate randomly and keep unique, and it's not a big deal for me to change it again. There's also a single spot where my OpenID password was viewable as an md5 hash (and it turns out that said hash is findable in some of the various md5 lookup tools out there), so of course I've changed that too.

HOWEVER: One of the bits of malware I dissected did appear to have the ability to generate a full table dump of my entire database (I don't know if this function was ever activated), and you should be aware that phpBB 2 (like I use here) uses unsalted MD5 password hashes. So you should probably change your forum password here, and anywhere else that you use the same password. Sorry. :( (I'd upgrade to phpBB3, which finally fixes that issue, except that it will break all of the commentary functionality on my site if I do. I should look to see if there's at least a salted-md5 patch for phpBB2 floating around out there though. I've been meaning to do that forever but of course now that's squeezing my buttocks after I've farted, as the Japanese saying goes.)

I have, in the meantime, removed ALL the goofy webservices that I'm not using anymore, and hoping that the ones I still do have installed (because I, you know, use them) are secure. I should definitely check for security updates on what's left, at least. Also, do a full audit on all of my custom PHP scripts because who knows what's lurking in those.

tl;dr: The site was hacked, your password may be compromised, and the hack was directly targeted enough that I'm feeling violated and am probably going to have my identity stolen or something now.

it is a lot easier t o keep inmiscible identities separate on the Internet if you keep thm completely separate from real life as well. I am apparently bad at both, judging by how many of my former coworkers have recently added "fluffy critter" to their circles on Google+. I mean, it was okay when it was the people who I'd let know about it to begin with (and I mean if ucblockhead hadn't known me online I'd have never had the job to begin with), but I'm not quite sure how I feel about apparently everyone else in the office knowing now too. Sigh.

Oh well. I've long felt that it's not so bad having people who actually know me actually know ME - it's the other direction I've always felt important to avoid (people trying to link my online self to my offline self in a way that makes it easy for people to know my real name which is not actually my real self). I hate people judging me by my resume and my picture and my legal name as if those are any more valid than the self I have discovered within.

I guess either direction is potentially problematic because I hate the idea that people would judge me unfairly based on stereotypes from one set of interest, and I'm still paranoid with the whole "You'll never get a job if people know about you!" thing that people have been parroting for years, despite clear evidence to the contrary.

Basically I'm complicated.