Recent events have made me realize that there's quite a lot more people on my friends list than I'm comfortable with these days, so I've trimmed it down in size substantially. I've particularly removed people who I haven't heard from for a while. If you are no longer on my friends list but would still like to be, make your case in a PM and I'll consider re-adding you.
Apparently having silly, subtle stuff automatically happen when a blog entry is linked to externally, and having certain images on my site prevented from being hotlinked (mostly ones which don't work well out of their original context), is exactly the same as obsessively checking my referrer stats and changing or taking things down whenever someone says something mean about me on the Internet. Oh no, someone's linking to me! On the web! Whatever shall I do?!
(You know how HTTP referrers work, right?)
Now that the news is public, I'd just like to spend some time reflecting on the good times with Chris (Findra).
I've been doing most of my blogging over yonder. It feels way more productive, somehow.
So at this point I have migrated my calendar data to my own DAViCal installation (which is mostly working except for sending/receiving invites - gotta figure out what's going on with that), deleted both of my Apps accounts, and also deleted a bunch of GMail accounts which I had lying around which had somehow (and rather creepily) gotten linked to each other anyway. I still have one gmail account for Android Market and I see no reason to get rid of that just yet, and I've relinked my YouTube account to that since there's no way to have YouTube without a Google account anymore.
It's kind of scary to be without a safety net here but on the other hand, it was also kind of scary about what sorts of stuff Google was doing in the background without my knowledge as well. (I mean, for a time, trying to log on to my YouTube account to relink it was logging me on to a completely different gmail account that I'd forgotten about, and it was insisting that I needed to create a new YouTube account as part of it! Very broken in stupid ways. But once I deleted that old gmail account, that freed up the legacy YouTube account to be relinked. Puzzling all around, though.)
Many of my friends who were on G+ with pseudonyms that hadn't gotten nuked yet went ahead and deleted their accounts too. We're all back to using LiveJournal and email.
Oh, and for a while I was thinking I'd made a mistake since all of the CalDAV clients I found for Android were standalone calendar apps (rather than CalendarProvider implementations as they should be), but finally I found CalDAV-sync which seems to be working quite nicely. It's $3 and still alpha, but that's worth it (hopefully they don't get nuked from orbit for no reason like Better Android did). They also have a CardDAV provider as well, for when I finally remove my addressbook from the one gmail account.
One missing thing for this is the ability to subscribe to friends' shared calendars, but I can still do that via my Android gmail account for now.
Hopefully there will eventually be some turnkey F/OSS suite to make it easy to set up this stuff. Email is well-known and so on, but CalDAV is still sort of nascent as far as interoperability goes.
Oh, and there's probably still a few Google account remnants out there. My apps accounts' associated Google accounts are still active (with no way to shut them off), and since I have FeedBurner and AdSense/AdWords associated with one of them, that'll probably continue to exist for a while. Which reminds me, I must get rid of all the AdSense on my site... (I've made like $29 over all time on Google page ads, so I mean, yeah. No big loss.)
I'm actually surprised it took this long, but I've been suspended from Google+ for "violating community standards." Of course, to reinstate it they want me to change my name to my legal name and provide a copy of a driver's license, or otherwise show that the name that everyone knows me as is my real name from a "reputable source" such as "Facebook, LinkedIn, or a news article."
I was already having a more or less apathetic relationship with G+, and now I guess this settles whether I'll be using it anymore.
In other news, other parts of Google are much the same. "Do no evil" just isn't good enough, guys.
So, somehow some pretty insidious malware got onto my site. From what I can tell it was installed via an old upload exploit in WordPress, on schadenfood.org (now offline since it's not like I was ever doing anything with it anyway). I did a bunch of forensics on it, and found that while the initial infection was probably just done by automated script, someone actually left a pretty thorough backdoor that allowed pretty much complete access to my whole Dreamhost account (files, shell, and so on).
Unfortunately, Dreamhost's logs don't go back far enough to find out how it was installed, and the backdoor script didn't keep a log so I have no idea what they did during the time leading up to the addition of the SEO spam crap that clued me in to its presence (because of a random happenstance that happened to make me aware that it had been installed at around 6 AM today). I have the IP address of the system that was used to access the backdoor, and I know that over the last few days they'd been accessing it repeatedly, but all of the commands are hidden in a POST request, so I have no idea what exactly they did.
I did go through and find every spot that they'd added additional exploit code, and of course I'm changing what passwords were visible in some way through the account files. Unfortunately, they had access to a couple of sensitive and important files that I was keeping in a private WebDAV share, and I'm feeling very sick to my stomach, especially with not knowing if they ever found the directory it was kept in. (I am, of course, moving all that stuff to my own personal NAS now, and deleting the WebDAV share.)
Fortunately, the only account password they'd have had access to directly was my database password, which I generate randomly and keep unique, and it's not a big deal for me to change it again. There's also a single spot where my OpenID password was viewable as an md5 hash (and it turns out that said hash is findable in some of the various md5 lookup tools out there), so of course I've changed that too.
HOWEVER: One of the bits of malware I dissected did appear to have the ability to generate a full table dump of my entire database (I don't know if this function was ever activated), and you should be aware that phpBB 2 (like I use here) uses unsalted MD5 password hashes. So you should probably change your forum password here, and anywhere else that you use the same password. Sorry. :( (I'd upgrade to phpBB3, which finally fixes that issue, except that it will break all of the commentary functionality on my site if I do. I should look to see if there's at least a salted-md5 patch for phpBB2 floating around out there though. I've been meaning to do that forever but of course now that's squeezing my buttocks after I've farted, as the Japanese saying goes.)
I have, in the meantime, removed ALL the goofy webservices that I'm not using anymore, and hoping that the ones I still do have installed (because I, you know, use them) are secure. I should definitely check for security updates on what's left, at least. Also, do a full audit on all of my custom PHP scripts because who knows what's lurking in those.
tl;dr: The site was hacked, your password may be compromised, and the hack was directly targeted enough that I'm feeling violated and am probably going to have my identity stolen or something now.
I'm just not able to keep any interest in Google+, for the same reasons that I can't keep any interest in Facebook. Having longer posts doesn't necessarily make things better; instead it makes it seem like I really must read everything, which turns it into an overwhelming burden, and inline comments make it feel like even more of a firehose of information. I like how Twitter is a place where I can just share quick simple notions and links to fuller bits of content. I like how the fuller bits of content are hosted on my own site where I and others can find it easily, rather than quickly being buried in piles and piles of comment replies to Felicia Day and Wil Wheaton. I like how Twitter is just a bunch of messages that people pass along and there's no expectation that everything is seen.
I feel like Google+ is in an uncomfortable middle ground between mass-messaging and blogging, with the disadvantages of both but the advantages of neither. I felt the same way about Facebook. Also, the fact that Google has their hands in ALL of my data, with potentially disastrous consequences, makes their overbearing "real name" policy even more upsetting.
Basically, I still miss blogs and don't feel like G+ or Facebook do anything to help communication - they just do what Twitter does, but longer, and with more overwhelming crap to sift through, and an expectation that you do sift through it all.
That said, Hangouts are pretty neat. It would be nice if it were a completely separate product that were based on Jabber or the like, though.
it is a lot easier t o keep inmiscible identities separate on the Internet if you keep thm completely separate from real life as well. I am apparently bad at both, judging by how many of my former coworkers have recently added "fluffy critter" to their circles on Google+. I mean, it was okay when it was the people who I'd let know about it to begin with (and I mean if ucblockhead hadn't known me online I'd have never had the job to begin with), but I'm not quite sure how I feel about apparently everyone else in the office knowing now too. Sigh.
Oh well. I've long felt that it's not so bad having people who actually know me actually know ME - it's the other direction I've always felt important to avoid (people trying to link my online self to my offline self in a way that makes it easy for people to know my real name which is not actually my real self). I hate people judging me by my resume and my picture and my legal name as if those are any more valid than the self I have discovered within.
I guess either direction is potentially problematic because I hate the idea that people would judge me unfairly based on stereotypes from one set of interest, and I'm still paranoid with the whole "You'll never get a job if people know about you!" thing that people have been parroting for years, despite clear evidence to the contrary.
Basically I'm complicated.
All in all, the year could have been better, but it could have been a lot worse, too.
So, Dreamhost has gotten a lot more aggressive about killing RAM and CPU-using processes, and according to support it's based on the total resource usage by the user, not just on a per-process basis. That's reasonable. Movable Type, as it turns out, uses quite a lot of RAM while it's publishing an entry. (This was a problem on MT3 as well, which is what led me to upgrade to MT5 since I wasn't sure what was going on. MT5 makes the problem way worse but MT3 wasn't exactly clear of it either.)
For now I've disabled some of MT's performance optimizations (such as doing multiple forked processes for rebuilds) which has helped stability immensely but I do watch the mt.cgi process go and it comes dangerously close to the 100MB-or-so limit. DreamHost has recommended either switching to a virtual private server (where I'd have a guaranteed amount of RAM and no process killing) or switching to something other than Movable Type.
The VPS option is kind of tempting since then I could also run my own email infrastructure again (and it's not like I use my Google Apps stuff for anything other than email - all my calendars, contacts, Android market, etc. are on a normal gmail account) but it does cost $15/month for the lowest 300MB RAM option (which is probably enough for me but I'm not positive).
The other option is much more obnoxious, though. I have MT set up the way I like it (even post the MT5 upgrade), and WordPress would be a huge amount of work to switch over to (and frankly I'd rather just delete my blog than try to migrate to WP, or build my own custom-purpose CMS which would probably have a few advantages but there are so many other things I'd rather be working on).
For now I think I'll just see if MT5 works well enough with the low-performance configuration (so far it's no slower than MT3 was, at least) and only switch to a VPS if I really need to. Meanwhile I'm sure there's a lot of stuff I can do to simplify my templates, now that MT5 supports a lot of things I had to hack around on MT3.
Holy cats do I hate this new user interface, though. It's like they decided that WordPress wasn't quite stupid enough and that they'd turn up the suck to 11.
Oh and I really don't appreciate it "fixing" my "broken" HTML. A bare <p> is perfectly fine in plain HTML. I'm not writing XHTML here. Maybe this will finally get me to stop being a curmudgeon and just start using the rich text editor, although I hate those.
Then people decided they didn't want to broadcast everything to the Internet, so they started setting their entries private. Which in and of itself isn't a bad thing, except that most of the social media sites implemented it in such a way that your RSS reader needs to be "logged in" in order to see the items — which is impossible on most server-based aggregators (Bloglines, Google Reader, LJ Syndication, etc.). So for every site that did things in that way, you have to manually check on some regular basis. (This, incidentally, is why for my friends-only entries I still provide a "friends-only entry" item for non-logged-in RSS clients.)
But then all that's moot because the various blogging platforms are veritable ghost towns. Everyone's moved to Facebook or Twitter. In and of itself that wouldn't be a bad thing if the same sorts of content were happening, but it isn't; instead, people are just using them as platforms to write one-line "status" updates which are usually along the lines of "eating a tuna sandwich" or are links to whatever latest YouTube video has gone viral or whatever. Very few of my friends are actually talking about things that are going on in their lives anymore. All social interaction has been distilled down to one-line soundbites which are more about sharing things that other people did than they are about talking about things. I really miss it.
Not that I've been particularly good about that, myself. Somewhere along the line I decided that I'd just post random quippy status crap to Twitter, and reserve my blog as a platform for more general-interest topics. For some reason, blogs are no longer an acceptable way for people to just keep in touch with their friends; they all have to have Meaning and Value. It doesn't help that the various subscription engines still seem to treat the feed as the unit of currency, rather than the item, so it's difficult for people to find the generally-interesting stuff in the deluge of chaff that comes about from a mixed-function feed.
HuSi still has a fairly active diary community from the long-time participants there, but it has the private entry RSS issue, and I hardly ever remember to check for stuff there. When I do I see months' worth of out-of-date stuff that I don't really care about, and no easy way to just see a date-based feed of the few people there who I care about.
It also doesn't help that places like FaceBook et al have decided to center themselves around sharing as much of what you post with as many people as you know in every context as possible. Why would anyone want to post a rant about their coworker there when it's quite likely that a mutual "friend" (meaning acquaintence) will comment on it and thus expose it to the coworker? To make matters worse, these social networking sites have decided that real-life identity is Very Important and that there's no value to someone who wants to talk about things without having it associated with their professional life. In real life we all have several different faces; what you show to your boss, to your family, to your friends, to your lover(s), to fellow hobbyists... but on FaceBook you end up having just a single Identity that is immutable and indistinct, and so you either end up showing everything to everyone, or culling it to the minimal set of only what you think is appropriate for everyone to see (which, as it turns out, is very little).
I miss the old Internet 2.0.
I'm sure there's still plenty of stuff that I should remove but I think this is good enough for now. I went from 2300 to 1300 published entries so I've already contributed to a roughly 50% reduction of blog effluvium!
Thanks again for submitting your work for the Cartoon Art Museum’s Monsters of Webcomics Virtual Gallery.I am pleased as well! My stuff will be in a museum! I think this is only the second time this has happened.I’m pleased to say that your work has been selected for inclusion in our exhibition, and will be featured in the Virtual Gallery along with a wide array of webcomics from around the globe. This historic exhibition will include over 100 artists, making this one of the largest exhibitions in the Cartoon Art Museum’s 24-year history, and we’re thankful for your participation.
Here's a full press release of the exhibit, and also you can read more about the goings-on at the Cartoon Art Museum on their LiveJournal.
I will have to finally go to CAM and maybe even meet Shaenon and Andrew in person!