December 19, 2017

September 1, 2014

SSL and this site (, )

by fluffy at 12:52 AM

So, Dreamhost is pushing everyone to move to https, and I'm actually in favor of that for a number of reasons. You may have noticed, to that end, that most of the links on this site now point to https:// instead of http://. Hopefully you noticed this because you saw the lock indicator (and maybe occasional mixed-content warnings in the address bar) and not because the whole site broke for you. (In theory the way SSL is set up won't work with old versions of IE on Windows XP but I don't really care about that anyway.)

Anyway, this has exposed to me some pretty major annoyances with how both Movable Type and phpBB 2 work.

July 25, 2014

Entry cull (, )

by fluffy at 12:35 PM

Per my previous entry, I've decided it's best to just unpublish all the old entries which I don't feel are relevant to a wider audience anymore.

Things I am keeping:

  • Recipes
  • Dream logs
  • Customer experience stuff
  • Helpful programming stuff
  • Game design stuff

July 24, 2014

Whither blogging? (, , )

by fluffy at 12:31 AM

It seems like I never have anything to say in public anymore; most of my entries are friends-only these days, and I don't even post much of those either. All of my older entries embarrass me. I should unpublish a bunch.

The friends-only functionality is the only reason I even keep phpBB around, and it's such a terrible comment engine that's far outlived its usefulness. I often think about dumping MovableType for some templates written in Jekyll but I don't know how feasible it would be to add in friends-only stuff.

July 21, 2014

Site upgrades (, )

by fluffy at 12:29 AM

I got tired of fighting with Dreamhost support over my site availability due to them blaming it "using too many shared resources" (even though everything I could tell indicated a problem with their Apache process reaping, but that's a rant for another time) so I moved over to their VPS service.

It's kind of nice in that it's got the ease-of-configuration of their shared hosting, but the isolation, root access, and install-whatever-daemons-you-want of a VPS, and at some point I can also move over to nginx (although that will first require me removing a couple of legacy things I don't use but don't want to lose either).

So far I've had a couple of road bumps in that for some reason my cron jobs weren't firing off correctly, and at one point when I rebooted the server my entire Apache configuration disappeared, so I ended up having to issue a full configuration rebuild. Hopefully that won't happen again though. I've opened a support ticket with them anyway, although I'm not expecting much good to come of it.

Anyway, the really nice thing is that now I can finally run memcached (I'd made suggestions to them about how they could reasonably support a memcached fleet in a shared-hosting scenario but their answer was just "use a VPS, sorry") so now that I have a way of reasonably caching comment metadata over on the comics section, I've re-enabled it. I've also added caching for the comment metadata and friends functionality on this very blog, so hopefully the site will be a lot faster even when my (still shared) database is being poopy.

As always, let me know if you see anything weird happen.

April 7, 2014

HiDPI image replacement (, , )

by fluffy at 7:41 PM

As often happens, now that I have a couple of devices with so-called "Retina" screens, I got sick of the pixelated 100dpi look and decided to implement HiDPI image support on my comics site. Here's how I did it:

April 5, 2017 It's worth noting that now that srcset is entirely standard and well-supported I have updated this entry somewhat, namely removing my client-side jQuery hacks and switching entirely to srcset, as it should be. The server-side mechanism for automatic attribute generation still remains, though.

PHP end (server-side)

Normally the blog entry texts are emitted directly. Now they're passed through this function:

function renderComic($entryText, $rss = false) {
    if ($_GET["hidpi"] == "disable") {
        return $entryText;


    $doc = new DOMDocument();

    foreach ($doc->getElementsByTagName('img') as $img) {
        $ldpi = $img->getAttribute('src');
        if (file_exists($ldpi)) {
            $size = getimagesize($ldpi);
            $img->setAttribute('width', $size[0]);
            if (!$img->getAttribute('alt')) {
                $img->setAttribute('alt', '[comic]');
            $hdpi = preg_replace('/\.([^.]*)$/', '.HIDPI.jpg', $ldpi);
            if (!file_exists($hdpi)) {
                $hdpi = preg_replace('/\.([^.]*)$/', '.HIDPI.\1', $ldpi);
            if (file_exists($hdpi)) {
                if ($_GET["hidpi"] == "force") {
                    $img->setAttribute('src', $hdpi);
                } else {
                    $img->setAttribute('srcset', $ldpi . ' 1x, ' . $hdpi . ' 2x');

    return preg_replace('~<(?:!DOCTYPE|/?(?:html|body))[^>]*>\s*~i', '', $doc->saveHTML());

What this function does is the following:

  1. Adds a width and alt attribute to all images (which I should have been doing anyway, but I'm lazy); it only adds width because I depend on proportional flexible sizing for my responsive layout
  2. For images with a high-resolution version available (as determined by replacing its extension with .HIDPI.jpg or, if that doesn't exist, inserting .HIDPI before its existing extension), adds a data attribute to point to this high-resolution rendition, and adds the now-totally-standard and widely-supported srcset attribute (or, if the query parameter hidpi=force exists, replaces the src attribute)
  3. Adds the experimental/draft-spec srcset attribute, so that future browsers (hopefully) won't need the deferred replacement logic
  4. Unwraps the inner HTML from the document boilerplate that DOMDocument::saveHTML adds (because heaven forbid you might want to just manipulate some HTML data on its own!)


I've recently learned to actually quite like jQuery for this stuff (I'm using it a lot in Bagel Voice). So, here's a quick JS function that drives the client side of things:

// HiDPI image replacement
$(document).ready(function() {
    if (window.devicePixelRatio > 1) {
	$("img[data-hidpi]").attr('src', function() {
	    return this.getAttribute('data-hidpi');

What this does is, after the document loads, if the screen has a pixel ratio greater than 1, for all images with a data-hidpi attribute, it replaces the src attribute with it. Simple!

Other things I tried

  • Just using srcset isn't enough just yet, as no browsers support it (some people are claiming that the Chrome developer channel does but that's hardly enough to go by)
  • CSS @media rules; in particular, all <img>s that had a HiDPI rendition would get replaced with two images, one with class="ldpi" and one with class="hdpi", and some CSS rules to hide ldpi on HiDPI screens and vice-versa. This actually worked really well, but it had the end result that every device was downloading both images, regardless of what was visible, so that's dumb.

I also considered rewriting <img> tags to <div>s with generated <style> blocks that would set up the background-image for media queries, but from what I've read, that still has the double-download issue, and also it would have been ridiculously complicated and I couldn't guarantee that it would still work on older user-agents (which I still care about for some reason). It probably would have also prevented Google Images et al from indexing it, which I care about both because I actually get readers that way and also it makes reverse image search easier (for all the comics of mine that get hotlinked and spread without attribution and so on). It also makes auto-excerpting functionality on Twitter, Tumblr, Google Plus, etc. fail, and not to mention how much weirdness there'd be for the occasional multi-image comic and problems with formatting rules and so on. Basically, it's a mess. I'll probably do that for the site graphics, though, if I ever get around to remaking them for HiDPI.

October 9, 2013

Another year past (, )

by fluffy at 12:00 AM

I still miss him, and I still hurt. I still have so many regrets for what happened, and for what it led to, and for the anger and resentment that came about because of long-simmering things finally being brought to the forefront by a stupid, avoidable tragedy that set so many people against each other.

I'm still healing, I'm still asking questions that can't be answered, but I'm also finally feeling like things are getting better, even if right now I'm reminiscing over the worst of it and feeling just as horrible as I did one and two years ago.

I'm still sorry for anyone I hurt directly or indirectly, and I just hope they can understand that as much pain as they were in, I was in at least as much — he was my boyfriend, my emotional anchor, my reason to keep going — and being subjected to even more as a target of grief, anguish, and misdirected anger from people who thought I would have answers when all I had was more questions that I didn't even know how to ask.

I hope that if anyone still feels like I've wronged them that they can at least forgive me, or failing that, that they can discuss things with me, in private, as a fellow human being who also feels pain and loss.

December 31, 2011

Year in review (, , , , , , )

by fluffy at 2:30 PM

The year began just hours after my grandmother died.

November 7, 2011

Who knew ()

by fluffy at 10:52 PM

Apparently having silly, subtle stuff automatically happen when a blog entry is linked to externally, and having certain images on my site prevented from being hotlinked (mostly ones which don't work well out of their original context), is exactly the same as obsessively checking my referrer stats and changing or taking things down whenever someone says something mean about me on the Internet. Oh no, someone's linking to me! On the web! Whatever shall I do?!

(You know how HTTP referrers work, right?)

October 13, 2011

Findra (, , , )

by fluffy at 10:35 AM

Now that the news is public, I'd just like to spend some time reflecting on the good times with Chris (Findra).

August 9, 2011

Current Google status (, )

by fluffy at 12:23 AM

So at this point I have migrated my calendar data to my own DAViCal installation (which is mostly working except for sending/receiving invites - gotta figure out what's going on with that), deleted both of my Apps accounts, and also deleted a bunch of GMail accounts which I had lying around which had somehow (and rather creepily) gotten linked to each other anyway. I still have one gmail account for Android Market and I see no reason to get rid of that just yet, and I've relinked my YouTube account to that since there's no way to have YouTube without a Google account anymore.

It's kind of scary to be without a safety net here but on the other hand, it was also kind of scary about what sorts of stuff Google was doing in the background without my knowledge as well. (I mean, for a time, trying to log on to my YouTube account to relink it was logging me on to a completely different gmail account that I'd forgotten about, and it was insisting that I needed to create a new YouTube account as part of it! Very broken in stupid ways. But once I deleted that old gmail account, that freed up the legacy YouTube account to be relinked. Puzzling all around, though.)

Many of my friends who were on G+ with pseudonyms that hadn't gotten nuked yet went ahead and deleted their accounts too. We're all back to using LiveJournal and email.

Oh, and for a while I was thinking I'd made a mistake since all of the CalDAV clients I found for Android were standalone calendar apps (rather than CalendarProvider implementations as they should be), but finally I found CalDAV-sync which seems to be working quite nicely. It's $3 and still alpha, but that's worth it (hopefully they don't get nuked from orbit for no reason like Better Android did). They also have a CardDAV provider as well, for when I finally remove my addressbook from the one gmail account.

One missing thing for this is the ability to subscribe to friends' shared calendars, but I can still do that via my Android gmail account for now.

Hopefully there will eventually be some turnkey F/OSS suite to make it easy to set up this stuff. Email is well-known and so on, but CalDAV is still sort of nascent as far as interoperability goes.

Oh, and there's probably still a few Google account remnants out there. My apps accounts' associated Google accounts are still active (with no way to shut them off), and since I have FeedBurner and AdSense/AdWords associated with one of them, that'll probably continue to exist for a while. Which reminds me, I must get rid of all the AdSense on my site... (I've made like $29 over all time on Google page ads, so I mean, yeah. No big loss.)

August 4, 2011

Suspended from Google+ (, , , )

by fluffy at 2:09 PM

I'm actually surprised it took this long, but I've been suspended from Google+ for "violating community standards." Of course, to reinstate it they want me to change my name to my legal name and provide a copy of a driver's license, or otherwise show that the name that everyone knows me as is my real name from a "reputable source" such as "Facebook, LinkedIn, or a news article."

I was already having a more or less apathetic relationship with G+, and now I guess this settles whether I'll be using it anymore.

In other news, other parts of Google are much the same. "Do no evil" just isn't good enough, guys.

July 30, 2011

Hooray for hackers (, , )

by fluffy at 2:23 AM

So, somehow some pretty insidious malware got onto my site. From what I can tell it was installed via an old upload exploit in WordPress, on (now offline since it's not like I was ever doing anything with it anyway). I did a bunch of forensics on it, and found that while the initial infection was probably just done by automated script, someone actually left a pretty thorough backdoor that allowed pretty much complete access to my whole Dreamhost account (files, shell, and so on).

Unfortunately, Dreamhost's logs don't go back far enough to find out how it was installed, and the backdoor script didn't keep a log so I have no idea what they did during the time leading up to the addition of the SEO spam crap that clued me in to its presence (because of a random happenstance that happened to make me aware that it had been installed at around 6 AM today). I have the IP address of the system that was used to access the backdoor, and I know that over the last few days they'd been accessing it repeatedly, but all of the commands are hidden in a POST request, so I have no idea what exactly they did.

I did go through and find every spot that they'd added additional exploit code, and of course I'm changing what passwords were visible in some way through the account files. Unfortunately, they had access to a couple of sensitive and important files that I was keeping in a private WebDAV share, and I'm feeling very sick to my stomach, especially with not knowing if they ever found the directory it was kept in. (I am, of course, moving all that stuff to my own personal NAS now, and deleting the WebDAV share.)

Fortunately, the only account password they'd have had access to directly was my database password, which I generate randomly and keep unique, and it's not a big deal for me to change it again. There's also a single spot where my OpenID password was viewable as an md5 hash (and it turns out that said hash is findable in some of the various md5 lookup tools out there), so of course I've changed that too.

HOWEVER: One of the bits of malware I dissected did appear to have the ability to generate a full table dump of my entire database (I don't know if this function was ever activated), and you should be aware that phpBB 2 (like I use here) uses unsalted MD5 password hashes. So you should probably change your forum password here, and anywhere else that you use the same password. Sorry. :( (I'd upgrade to phpBB3, which finally fixes that issue, except that it will break all of the commentary functionality on my site if I do. I should look to see if there's at least a salted-md5 patch for phpBB2 floating around out there though. I've been meaning to do that forever but of course now that's squeezing my buttocks after I've farted, as the Japanese saying goes.)

I have, in the meantime, removed ALL the goofy webservices that I'm not using anymore, and hoping that the ones I still do have installed (because I, you know, use them) are secure. I should definitely check for security updates on what's left, at least. Also, do a full audit on all of my custom PHP scripts because who knows what's lurking in those.

tl;dr: The site was hacked, your password may be compromised, and the hack was directly targeted enough that I'm feeling violated and am probably going to have my identity stolen or something now.

July 25, 2011

Why I still prefer Twitter (, )

by fluffy at 6:11 PM

I'm just not able to keep any interest in Google+, for the same reasons that I can't keep any interest in Facebook. Having longer posts doesn't necessarily make things better; instead it makes it seem like I really must read everything, which turns it into an overwhelming burden, and inline comments make it feel like even more of a firehose of information. I like how Twitter is a place where I can just share quick simple notions and links to fuller bits of content. I like how the fuller bits of content are hosted on my own site where I and others can find it easily, rather than quickly being buried in piles and piles of comment replies to Felicia Day and Wil Wheaton. I like how Twitter is just a bunch of messages that people pass along and there's no expectation that everything is seen.

I feel like Google+ is in an uncomfortable middle ground between mass-messaging and blogging, with the disadvantages of both but the advantages of neither. I felt the same way about Facebook. Also, the fact that Google has their hands in ALL of my data, with potentially disastrous consequences, makes their overbearing "real name" policy even more upsetting.

Basically, I still miss blogs and don't feel like G+ or Facebook do anything to help communication - they just do what Twitter does, but longer, and with more overwhelming crap to sift through, and an expectation that you do sift through it all.

That said, Hangouts are pretty neat. It would be nice if it were a completely separate product that were based on Jabber or the like, though.

July 8, 2011

Real life and identity (, , )

by fluffy at 6:10 PM

it is a lot easier t o keep inmiscible identities separate on the Internet if you keep thm completely separate from real life as well. I am apparently bad at both, judging by how many of my former coworkers have recently added "fluffy critter" to their circles on Google+. I mean, it was okay when it was the people who I'd let know about it to begin with (and I mean if ucblockhead hadn't known me online I'd have never had the job to begin with), but I'm not quite sure how I feel about apparently everyone else in the office knowing now too. Sigh.

Oh well. I've long felt that it's not so bad having people who actually know me actually know ME - it's the other direction I've always felt important to avoid (people trying to link my online self to my offline self in a way that makes it easy for people to know my real name which is not actually my real self). I hate people judging me by my resume and my picture and my legal name as if those are any more valid than the self I have discovered within.

I guess either direction is potentially problematic because I hate the idea that people would judge me unfairly based on stereotypes from one set of interest, and I'm still paranoid with the whole "You'll never get a job if people know about you!" thing that people have been parroting for years, despite clear evidence to the contrary.

Basically I'm complicated.

December 31, 2010

Year in review (, , , , )

by fluffy at 4:43 PM
  • ∆songs: 5 Song Fight solo efforts, 2 Song Fight collaborations, 4 covers, 6 remixes, various sound experiments and short soundtracks produced, ~20 songs written but not recorded, 2 live shows (both went way better than any shows I'd done before)
  • ∆comics: 120 published; 1 long-running series completed (Unity), 2 short series in their entirety (Unity:Planetfall and Unity:Breeder), 1 long-running series rebooted (Pernicious), 1 short series started (Unity:Meat), several miscellaneous one-offs and journal comics
  • ∆artwork: various smatterings posted to various art-sharing sites
  • ∆body mass: unchanged within statistical error; still fat a little overweight
  • ∆grandparents: -2; grandfather(paternal, age=99y1w) passed in August, grandmother(maternal, age=99y7m) passed about an hour ago and I'm still processing it. Remaining grandparents = 0

All in all, the year could have been better, but it could have been a lot worse, too.

December 30, 2010

500 Internal Server Error ()

by fluffy at 11:02 AM

So, Dreamhost has gotten a lot more aggressive about killing RAM and CPU-using processes, and according to support it's based on the total resource usage by the user, not just on a per-process basis. That's reasonable. Movable Type, as it turns out, uses quite a lot of RAM while it's publishing an entry. (This was a problem on MT3 as well, which is what led me to upgrade to MT5 since I wasn't sure what was going on. MT5 makes the problem way worse but MT3 wasn't exactly clear of it either.)

For now I've disabled some of MT's performance optimizations (such as doing multiple forked processes for rebuilds) which has helped stability immensely but I do watch the mt.cgi process go and it comes dangerously close to the 100MB-or-so limit. DreamHost has recommended either switching to a virtual private server (where I'd have a guaranteed amount of RAM and no process killing) or switching to something other than Movable Type.

The VPS option is kind of tempting since then I could also run my own email infrastructure again (and it's not like I use my Google Apps stuff for anything other than email - all my calendars, contacts, Android market, etc. are on a normal gmail account) but it does cost $15/month for the lowest 300MB RAM option (which is probably enough for me but I'm not positive).

The other option is much more obnoxious, though. I have MT set up the way I like it (even post the MT5 upgrade), and WordPress would be a huge amount of work to switch over to (and frankly I'd rather just delete my blog than try to migrate to WP, or build my own custom-purpose CMS which would probably have a few advantages but there are so many other things I'd rather be working on).

For now I think I'll just see if MT5 works well enough with the low-performance configuration (so far it's no slower than MT3 was, at least) and only switch to a VPS if I really need to. Meanwhile I'm sure there's a lot of stuff I can do to simplify my templates, now that MT5 supports a lot of things I had to hack around on MT3.

December 5, 2010

What I miss about blogs (, )

by fluffy at 11:02 PM
Once upon a time, everyone I knew had a blog which I could use to keep up with them. The blog may have been hosted on their own site or may have been a diary on one of the public journaling/social media sites (HuSi, LiveJournal, etc.) but it was easy to keep up with people and interact with them via RSS readers and so on.

Then people decided they didn't want to broadcast everything to the Internet, so they started setting their entries private. Which in and of itself isn't a bad thing, except that most of the social media sites implemented it in such a way that your RSS reader needs to be "logged in" in order to see the items — which is impossible on most server-based aggregators (Bloglines, Google Reader, LJ Syndication, etc.). So for every site that did things in that way, you have to manually check on some regular basis. (This, incidentally, is why for my friends-only entries I still provide a "friends-only entry" item for non-logged-in RSS clients.)

But then all that's moot because the various blogging platforms are veritable ghost towns. Everyone's moved to Facebook or Twitter. In and of itself that wouldn't be a bad thing if the same sorts of content were happening, but it isn't; instead, people are just using them as platforms to write one-line "status" updates which are usually along the lines of "eating a tuna sandwich" or are links to whatever latest YouTube video has gone viral or whatever. Very few of my friends are actually talking about things that are going on in their lives anymore. All social interaction has been distilled down to one-line soundbites which are more about sharing things that other people did than they are about talking about things. I really miss it.

Not that I've been particularly good about that, myself. Somewhere along the line I decided that I'd just post random quippy status crap to Twitter, and reserve my blog as a platform for more general-interest topics. For some reason, blogs are no longer an acceptable way for people to just keep in touch with their friends; they all have to have Meaning and Value. It doesn't help that the various subscription engines still seem to treat the feed as the unit of currency, rather than the item, so it's difficult for people to find the generally-interesting stuff in the deluge of chaff that comes about from a mixed-function feed.

HuSi still has a fairly active diary community from the long-time participants there, but it has the private entry RSS issue, and I hardly ever remember to check for stuff there. When I do I see months' worth of out-of-date stuff that I don't really care about, and no easy way to just see a date-based feed of the few people there who I care about.

It also doesn't help that places like FaceBook et al have decided to center themselves around sharing as much of what you post with as many people as you know in every context as possible. Why would anyone want to post a rant about their coworker there when it's quite likely that a mutual "friend" (meaning acquaintence) will comment on it and thus expose it to the coworker? To make matters worse, these social networking sites have decided that real-life identity is Very Important and that there's no value to someone who wants to talk about things without having it associated with their professional life. In real life we all have several different faces; what you show to your boss, to your family, to your friends, to your lover(s), to fellow hobbyists... but on FaceBook you end up having just a single Identity that is immutable and indistinct, and so you either end up showing everything to everyone, or culling it to the minimal set of only what you think is appropriate for everyone to see (which, as it turns out, is very little).

I miss the old Internet 2.0.

September 27, 2010

Goodbye Vox ()

by fluffy at 5:13 PM
My Vox consists of:
  • Two entries when it first launched, consisting entirely of seeing if its HTML entity support was any good (first entry, no, second one, yes)
  • A one-line entry 6 months later
  • Another one-line entry 6 months later, answering the "question of the day" thing
  • A complaint a year later about how the only reason I was even logging in was due to getting a bunch of spammy PMs via Vox, an observation that Vox was full of nothing but spam, and a declaration that Vox would not make it very long
It took two more years but it's finally shutting down now. I think Vox could have been something more than it was, but it was basically a victim of being a me-too effort launched by a company that would then later buy out what it was a clone of to begin with, before they lost interest in it and spun it back off, and then decided to focus on corporate/enterprise blog solutions. Frankly, the only reason I even signed up for it to begin with was to lay claim to the name "fluffy" (which is the only reason I originally signed up for Twitter, too, although that one has done much better for me).

August 21, 2010

Remembering the good things (, )

by fluffy at 9:30 PM
This past week and a half has been a bit of a whirlwind, but in the interest of best preserving the memory of my grandfather I will try to only focus on the good things.

Older »