Plaidophile

The year began just hours after my grandmother died.

Apparently having silly, subtle stuff automatically happen when a blog entry is linked to externally, and having certain images on my site prevented from being hotlinked (mostly ones which don't work well out of their original context), is exactly the same as obsessively checking my referrer stats and changing or taking things down whenever someone says something mean about me on the Internet. Oh no, someone's linking to me! On the web! Whatever shall I do?!

(You know how HTTP referrers work, right?)

Now that the news is public, I'd just like to spend some time reflecting on the good times with Chris (Findra).

I've been doing most of my blogging over yonder. It feels way more productive, somehow.

So at this point I have migrated my calendar data to my own DAViCal installation (which is mostly working except for sending/receiving invites - gotta figure out what's going on with that), deleted both of my Apps accounts, and also deleted a bunch of GMail accounts which I had lying around which had somehow (and rather creepily) gotten linked to each other anyway. I still have one gmail account for Android Market and I see no reason to get rid of that just yet, and I've relinked my YouTube account to that since there's no way to have YouTube without a Google account anymore.

It's kind of scary to be without a safety net here but on the other hand, it was also kind of scary about what sorts of stuff Google was doing in the background without my knowledge as well. (I mean, for a time, trying to log on to my YouTube account to relink it was logging me on to a completely different gmail account that I'd forgotten about, and it was insisting that I needed to create a new YouTube account as part of it! Very broken in stupid ways. But once I deleted that old gmail account, that freed up the legacy YouTube account to be relinked. Puzzling all around, though.)

Many of my friends who were on G+ with pseudonyms that hadn't gotten nuked yet went ahead and deleted their accounts too. We're all back to using LiveJournal and email.

Oh, and for a while I was thinking I'd made a mistake since all of the CalDAV clients I found for Android were standalone calendar apps (rather than CalendarProvider implementations as they should be), but finally I found CalDAV-sync which seems to be working quite nicely. It's $3 and still alpha, but that's worth it (hopefully they don't get nuked from orbit for no reason like Better Android did). They also have a CardDAV provider as well, for when I finally remove my addressbook from the one gmail account.

One missing thing for this is the ability to subscribe to friends' shared calendars, but I can still do that via my Android gmail account for now.

Hopefully there will eventually be some turnkey F/OSS suite to make it easy to set up this stuff. Email is well-known and so on, but CalDAV is still sort of nascent as far as interoperability goes.

Oh, and there's probably still a few Google account remnants out there. My apps accounts' associated Google accounts are still active (with no way to shut them off), and since I have FeedBurner and AdSense/AdWords associated with one of them, that'll probably continue to exist for a while. Which reminds me, I must get rid of all the AdSense on my site... (I've made like $29 over all time on Google page ads, so I mean, yeah. No big loss.)

I'm actually surprised it took this long, but I've been suspended from Google+ for "violating community standards." Of course, to reinstate it they want me to change my name to my legal name and provide a copy of a driver's license, or otherwise show that the name that everyone knows me as is my real name from a "reputable source" such as "Facebook, LinkedIn, or a news article."

I was already having a more or less apathetic relationship with G+, and now I guess this settles whether I'll be using it anymore.

In other news, other parts of Google are much the same. "Do no evil" just isn't good enough, guys.

So, somehow some pretty insidious malware got onto my site. From what I can tell it was installed via an old upload exploit in WordPress, on schadenfood.org (now offline since it's not like I was ever doing anything with it anyway). I did a bunch of forensics on it, and found that while the initial infection was probably just done by automated script, someone actually left a pretty thorough backdoor that allowed pretty much complete access to my whole Dreamhost account (files, shell, and so on).

Unfortunately, Dreamhost's logs don't go back far enough to find out how it was installed, and the backdoor script didn't keep a log so I have no idea what they did during the time leading up to the addition of the SEO spam crap that clued me in to its presence (because of a random happenstance that happened to make me aware that it had been installed at around 6 AM today). I have the IP address of the system that was used to access the backdoor, and I know that over the last few days they'd been accessing it repeatedly, but all of the commands are hidden in a POST request, so I have no idea what exactly they did.

I did go through and find every spot that they'd added additional exploit code, and of course I'm changing what passwords were visible in some way through the account files. Unfortunately, they had access to a couple of sensitive and important files that I was keeping in a private WebDAV share, and I'm feeling very sick to my stomach, especially with not knowing if they ever found the directory it was kept in. (I am, of course, moving all that stuff to my own personal NAS now, and deleting the WebDAV share.)

Fortunately, the only account password they'd have had access to directly was my database password, which I generate randomly and keep unique, and it's not a big deal for me to change it again. There's also a single spot where my OpenID password was viewable as an md5 hash (and it turns out that said hash is findable in some of the various md5 lookup tools out there), so of course I've changed that too.

HOWEVER: One of the bits of malware I dissected did appear to have the ability to generate a full table dump of my entire database (I don't know if this function was ever activated), and you should be aware that phpBB 2 (like I use here) uses unsalted MD5 password hashes. So you should probably change your forum password here, and anywhere else that you use the same password. Sorry. :( (I'd upgrade to phpBB3, which finally fixes that issue, except that it will break all of the commentary functionality on my site if I do. I should look to see if there's at least a salted-md5 patch for phpBB2 floating around out there though. I've been meaning to do that forever but of course now that's squeezing my buttocks after I've farted, as the Japanese saying goes.)

I have, in the meantime, removed ALL the goofy webservices that I'm not using anymore, and hoping that the ones I still do have installed (because I, you know, use them) are secure. I should definitely check for security updates on what's left, at least. Also, do a full audit on all of my custom PHP scripts because who knows what's lurking in those.

tl;dr: The site was hacked, your password may be compromised, and the hack was directly targeted enough that I'm feeling violated and am probably going to have my identity stolen or something now.

I'm just not able to keep any interest in Google+, for the same reasons that I can't keep any interest in Facebook. Having longer posts doesn't necessarily make things better; instead it makes it seem like I really must read everything, which turns it into an overwhelming burden, and inline comments make it feel like even more of a firehose of information. I like how Twitter is a place where I can just share quick simple notions and links to fuller bits of content. I like how the fuller bits of content are hosted on my own site where I and others can find it easily, rather than quickly being buried in piles and piles of comment replies to Felicia Day and Wil Wheaton. I like how Twitter is just a bunch of messages that people pass along and there's no expectation that everything is seen.

I feel like Google+ is in an uncomfortable middle ground between mass-messaging and blogging, with the disadvantages of both but the advantages of neither. I felt the same way about Facebook. Also, the fact that Google has their hands in ALL of my data, with potentially disastrous consequences, makes their overbearing "real name" policy even more upsetting.

Basically, I still miss blogs and don't feel like G+ or Facebook do anything to help communication - they just do what Twitter does, but longer, and with more overwhelming crap to sift through, and an expectation that you do sift through it all.

That said, Hangouts are pretty neat. It would be nice if it were a completely separate product that were based on Jabber or the like, though.

it is a lot easier t o keep inmiscible identities separate on the Internet if you keep thm completely separate from real life as well. I am apparently bad at both, judging by how many of my former coworkers have recently added "fluffy critter" to their circles on Google+. I mean, it was okay when it was the people who I'd let know about it to begin with (and I mean if ucblockhead hadn't known me online I'd have never had the job to begin with), but I'm not quite sure how I feel about apparently everyone else in the office knowing now too. Sigh.

Oh well. I've long felt that it's not so bad having people who actually know me actually know ME - it's the other direction I've always felt important to avoid (people trying to link my online self to my offline self in a way that makes it easy for people to know my real name which is not actually my real self). I hate people judging me by my resume and my picture and my legal name as if those are any more valid than the self I have discovered within.

I guess either direction is potentially problematic because I hate the idea that people would judge me unfairly based on stereotypes from one set of interest, and I'm still paranoid with the whole "You'll never get a job if people know about you!" thing that people have been parroting for years, despite clear evidence to the contrary.

Basically I'm complicated.

• ∆songs: 5 Song Fight solo efforts, 2 Song Fight collaborations, 4 covers, 6 remixes, various sound experiments and short soundtracks produced, ~20 songs written but not recorded, 2 live shows (both went way better than any shows I'd done before)
• ∆comics: 120 published; 1 long-running series completed (Unity), 2 short series in their entirety (Unity:Planetfall and Unity:Breeder), 1 long-running series rebooted (Pernicious), 1 short series started (Unity:Meat), several miscellaneous one-offs and journal comics
• ∆artwork: various smatterings posted to various art-sharing sites
• ∆body mass: unchanged within statistical error; still fat a little overweight
• ∆grandparents: -2; grandfather(paternal, age=99y1w) passed in August, grandmother(maternal, age=99y7m) passed about an hour ago and I'm still processing it. Remaining grandparents = 0

All in all, the year could have been better, but it could have been a lot worse, too.

So, Dreamhost has gotten a lot more aggressive about killing RAM and CPU-using processes, and according to support it's based on the total resource usage by the user, not just on a per-process basis. That's reasonable. Movable Type, as it turns out, uses quite a lot of RAM while it's publishing an entry. (This was a problem on MT3 as well, which is what led me to upgrade to MT5 since I wasn't sure what was going on. MT5 makes the problem way worse but MT3 wasn't exactly clear of it either.)

For now I've disabled some of MT's performance optimizations (such as doing multiple forked processes for rebuilds) which has helped stability immensely but I do watch the mt.cgi process go and it comes dangerously close to the 100MB-or-so limit. DreamHost has recommended either switching to a virtual private server (where I'd have a guaranteed amount of RAM and no process killing) or switching to something other than Movable Type.

The VPS option is kind of tempting since then I could also run my own email infrastructure again (and it's not like I use my Google Apps stuff for anything other than email - all my calendars, contacts, Android market, etc. are on a normal gmail account) but it does cost $15/month for the lowest 300MB RAM option (which is probably enough for me but I'm not positive).

The other option is much more obnoxious, though. I have MT set up the way I like it (even post the MT5 upgrade), and WordPress would be a huge amount of work to switch over to (and frankly I'd rather just delete my blog than try to migrate to WP, or build my own custom-purpose CMS which would probably have a few advantages but there are so many other things I'd rather be working on).

For now I think I'll just see if MT5 works well enough with the low-performance configuration (so far it's no slower than MT3 was, at least) and only switch to a VPS if I really need to. Meanwhile I'm sure there's a lot of stuff I can do to simplify my templates, now that MT5 supports a lot of things I had to hack around on MT3.

It took me freaking long enough but I've finally taken the plunge and converted my sites to Movable Type 5, up from the ancient 3.x I was running previously. This is a test post to see how badly everything is broken. (I suspect I'm going to have to spend a lot of time fixing my templates. Although so far things seem to be working surprisingly well!)

Holy cats do I hate this new user interface, though. It's like they decided that WordPress wasn't quite stupid enough and that they'd turn up the suck to 11.

Oh and I really don't appreciate it "fixing" my "broken" HTML. A bare <p> is perfectly fine in plain HTML. I'm not writing XHTML here. Maybe this will finally get me to stop being a curmudgeon and just start using the rich text editor, although I hate those.

Once upon a time, everyone I knew had a blog which I could use to keep up with them. The blog may have been hosted on their own site or may have been a diary on one of the public journaling/social media sites (HuSi, LiveJournal, etc.) but it was easy to keep up with people and interact with them via RSS readers and so on.

Then people decided they didn't want to broadcast everything to the Internet, so they started setting their entries private. Which in and of itself isn't a bad thing, except that most of the social media sites implemented it in such a way that your RSS reader needs to be "logged in" in order to see the items — which is impossible on most server-based aggregators (Bloglines, Google Reader, LJ Syndication, etc.). So for every site that did things in that way, you have to manually check on some regular basis. (This, incidentally, is why for my friends-only entries I still provide a "friends-only entry" item for non-logged-in RSS clients.)

But then all that's moot because the various blogging platforms are veritable ghost towns. Everyone's moved to Facebook or Twitter. In and of itself that wouldn't be a bad thing if the same sorts of content were happening, but it isn't; instead, people are just using them as platforms to write one-line "status" updates which are usually along the lines of "eating a tuna sandwich" or are links to whatever latest YouTube video has gone viral or whatever. Very few of my friends are actually talking about things that are going on in their lives anymore. All social interaction has been distilled down to one-line soundbites which are more about sharing things that other people did than they are about talking about things. I really miss it.

Not that I've been particularly good about that, myself. Somewhere along the line I decided that I'd just post random quippy status crap to Twitter, and reserve my blog as a platform for more general-interest topics. For some reason, blogs are no longer an acceptable way for people to just keep in touch with their friends; they all have to have Meaning and Value. It doesn't help that the various subscription engines still seem to treat the feed as the unit of currency, rather than the item, so it's difficult for people to find the generally-interesting stuff in the deluge of chaff that comes about from a mixed-function feed.

HuSi still has a fairly active diary community from the long-time participants there, but it has the private entry RSS issue, and I hardly ever remember to check for stuff there. When I do I see months' worth of out-of-date stuff that I don't really care about, and no easy way to just see a date-based feed of the few people there who I care about.

It also doesn't help that places like FaceBook et al have decided to center themselves around sharing as much of what you post with as many people as you know in every context as possible. Why would anyone want to post a rant about their coworker there when it's quite likely that a mutual "friend" (meaning acquaintence) will comment on it and thus expose it to the coworker? To make matters worse, these social networking sites have decided that real-life identity is Very Important and that there's no value to someone who wants to talk about things without having it associated with their professional life. In real life we all have several different faces; what you show to your boss, to your family, to your friends, to your lover(s), to fellow hobbyists... but on FaceBook you end up having just a single Identity that is immutable and indistinct, and so you either end up showing everything to everyone, or culling it to the minimal set of only what you think is appropriate for everyone to see (which, as it turns out, is very little).

I miss the old Internet 2.0.

My Vox consists of:

• Two entries when it first launched, consisting entirely of seeing if its HTML entity support was any good (first entry, no, second one, yes)
• A one-line entry 6 months later
• Another one-line entry 6 months later, answering the "question of the day" thing
• A complaint a year later about how the only reason I was even logging in was due to getting a bunch of spammy PMs via Vox, an observation that Vox was full of nothing but spam, and a declaration that Vox would not make it very long

It took two more years but it's finally shutting down now. I think Vox could have been something more than it was, but it was basically a victim of being a me-too effort launched by a company that would then later buy out what it was a clone of to begin with, before they lost interest in it and spun it back off, and then decided to focus on corporate/enterprise blog solutions. Frankly, the only reason I even signed up for it to begin with was to lay claim to the name "fluffy" (which is the only reason I originally signed up for Twitter, too, although that one has done much better for me).

This past week and a half has been a bit of a whirlwind, but in the interest of best preserving the memory of my grandfather I will try to only focus on the good things.

Every now and then I look at some of my older blog entries and then get a bit horrified about how much old crap I have on here that I don't really want people reading anymore (if only because it comes across as horribly narcissistic if nothing else). But going through and cleaning it up is an obnoxious pain. So today I finally did some SQL-fu and had it automatically unpublished all entries older than 3 years except for ones in a few categories which are generally full of stuff I would want to keep around (or which were already friends-only).

I'm sure there's still plenty of stuff that I should remove but I think this is good enough for now. I went from 2300 to 1300 published entries so I've already contributed to a roughly 50% reduction of blog effluvium!

So I got kind of annoyed with how slow my legacy Dreamhost account was getting, so I finally gave in and eschewed a working Bogofilter setup for actually being on a new server which wasn't a horrid NFS-cross-mounted mail-server-on-web-server-storage piece of cruft with constant load levels over 20. Dreamhost was happy enough to oblige, and the server seems to have been migrated just fine. If anyone notices anything wonky, though, let me know, of course.

Thanks again for submitting your work for the Cartoon Art Museum’s Monsters of Webcomics Virtual Gallery.

I’m pleased to say that your work has been selected for inclusion in our exhibition, and will be featured in the Virtual Gallery along with a wide array of webcomics from around the globe. This historic exhibition will include over 100 artists, making this one of the largest exhibitions in the Cartoon Art Museum’s 24-year history, and we’re thankful for your participation.

I am pleased as well! My stuff will be in a museum! I think this is only the second time this has happened.

Here's a full press release of the exhibit, and also you can read more about the goings-on at the Cartoon Art Museum on their LiveJournal.

I will have to finally go to CAM and maybe even meet Shaenon and Andrew in person!

Just FYI, since many of the people who regularly comment on my blog have changed their usernames in other places, the forum here has always allowed you to change your username, if that's the sort of thing you care about.

I go through little fits of doing things with Schadenfood with its original intent (schadenfreude about food-related nuttery) but that's just kind of boring. I think the word "Schadenfood" can also be taken to mean feeding the soul of one who enjoys schadenfreude, and there are a lot of Internet communities which specialize on picking on single things but which are often very badly-implemented (such as using Blogger or crappy wikis or whatever), so as an experiment I've set up a forum on it, which currently just has two sections (food and comics, with some subsections for some particularly discussable comics).

The main thing is I don't want the forum to just be non-stop criticism of things, though. It's more about the revelry about things going wrong, so for example, my intent for the "xkcd" subforum isn't about picking on xkcd so much as laughing at all the drama it makes on the Internet (such as the xkcd sucks "community" and the fact that nearly every single xkcd comic leads to yet another Wikipedia edit war).