Malware

Our websites were down for a couple of days due to a Malware infection that caused them to redirect to various shopping sites.

It is a mystery how miscreants can exploit six separate websites running unique instances of WordPress in this manner. Pair doesn’t know, but I suspect their setup is somehow insecure.

We had a choice of paying over $1000US to have software fix the problem for us, plus an ongoing subscription to maybe prevent it from happening again or doing it ourselves. I did it myself, but I’m sure I wasn’t entirely successful.

It all feels like a scam to me. Software that is ubiquitous but too complex requires whole separate businesses to function, each with its subscription fees, just to deliver simple HTML files over the web.

This experience has effectively ended my 20+ year relationship with Pair, which means I will look for an alternative to WordPress for my hobbies, like this weblog. We’ve already decided to use a non-nonsense service like Squarespace for our work sites.


Comment no more

I wrote in January about the effects that my Twitter habit was having on my mood and since deleting my “PEI list” that contained hundreds of people and organizations with roots on the Island, my mood improved immeasurably. I took it a bit further and unfollowed even more, and if it weren’t for @Asymco I might not use Twitter at all.

The fact that their language started to enter my lexicon was reason enough (to classify is to be human, but to oversimplify risks objectifying), but their constant yelling, “vitriol, virtue signalling, and an endless stream of all that is wrong with the world” was depressing.

Online discussion amongst strangers is largely dead I think and best avoided.

The only real source of Canadian news that I read is the CBC website, I can’t stomach many of the big city papers and the local Guardian doesn’t seem worth paying for. Lately, the comment section has been over-run with angry angry people, maybe it always has been, but I found a decent antidote to them polluting what is otherwise a rather pedestrian read.

I installed a safari extension that deletes all comment sections on most websites I visit. That, plus the ad-blocker I use removes all many of the current annoyances of the web, and makes for a faster loading, more satisfying reading experience.


Not knowing might be better

Since growing up some what and finally taking more care with the security of our WordPress installs I am now getting daily, and end of month reports as to all the attempts to gain access to our websites. Most of these are automated via AWS and other lessor known services but some are obviously individuals. This level of attention is anxiety inducing and I wonder if isn’t better to not know. On our plan for this year is to move all websites from WordPress. I can’t wait.


Having a website sucks

I started building and designing websites of some sort 26+ (?) years ago. This was back when tilde domains were popular and when I had a “Zine” hosted on Geocities. It was fun and I learned enough to later get work doing this very thing for others.

Over the years the practice of creating websites got more and more complex, I got older, and my professional practice got more specialized. As a result my skills have languished and personally I have little patience and interest in understanding the language I hear web developers using today.

I was at one time a self-professed expert in using MoveableType and created a number of custom themes for that platform for people who I was working with at the time. I made a fateful decision awhile back to join the herd, drop MT, and use WordPress for any hobby projects, including this weblog. Our nascent business is run on this platform as well.

Since that time, I’ve had nothing but trouble. I’ve had a whole project taken down due to miscreants using one of our installs as a file sharing node. Lately, bugs in various plug-ins keep me busy with meaningless tasks. The latest problem is a common one, someone gained access to our server and installed malware. The last time it was some kids from Indonesia with too much time on their hands. This time it was a number of different actors. In fact I have found out that our website sleeptightstories.org, a website for kids with completely insignificant traffic, is a popular target.

This nonsense has distracted me and taken me away from the work that I enjoy.

Though it’s a matter of perspective, I realize I’m at fault for not having an almost religious conviction to ensuring that WordPress and her plugins are update and secure.

Our current web host, Pair, is very pithy with server resources on our former plan. Updating a WordPress install has more than once resulted in errors that required a couple hours to correct, so I often delay updating each install until I know I have the time to devote to the possible problems. Auto-update seems to only work intermittently. According to Pair, this is likely why they were able to so easily infect at least one of our sites.

But who builds a product that is insecure by design? Like Facebook, WordPress seems to have consciously created a product which has resulted in a whole cottage industry of people who help small business owners manage how they reach their customers, and keep their WordPress installs secure and spam free. It shouldn’t be necessary.

This is I hope the last time I make this mistake. Going forward I will be evaluating our relationship with Pair (I’ve been a customer for 20+ years), and have in the interim moved our WordPress installs to a new far more expensive managed hosting account.

We’ve already decided that our future lies with services like Squarespace, and not something built by myself. Goodbye Apache, hello nginx and whatever Squarespace runs on.

I can’t help but feel a little sad that the days of having fun with building websites are over, at least for a hobbyist like myself. I just don’t have time for all the inevitable problems that arise, nor unfortunately, the time to learn how to create something robust.


Back

All our websites are back after a truly international effort to deface one website (a crew from Indonesia) and to inject code to forward all links to some stupid advertising rich website, the persons behind the link redirection is unclear.

Thank you WordPress. I’ll send you a bill later for lost time due to your lack of security by design.

I took this opportunity to delete old files and web projects dating back 20 years or more. Lots of memories. Many projects that are likely best forgotten, like:

I used to absolutely love the web, not so much anymore.


Emoji apocalypse

I spent far too much time yesterday re-entering emoji’s for 100+ article titles on one of our podcast websites. I made a decision a year ago to make extensive use of emojis as part of our communications for our kid’s products. I haven’t performed any testing to see if kids respond to the imagery we create, so the end result could be having a little fun finding suitable emoji’s on emojipedia.

A week or so I noticed that all emoji’s used in titles had been replaced with question marks – no idea why, though I blame a bug in the Yoast plugin, the only difference between this site and others.

As an aside, I think it’s issues such as this that keep people employed as social media managers. What business owner has the time and inclination to deal with all the designed complexity of WordPress and other such tools, such as Facebook. If these tools were designed well, a whole group of people would be unemployed. Facebook is especially egregious. Despite having a huge staff of design talent, their business suite of tools are some of the most ill designed I have ever seen. Answering a query from a listener required a roundtrip through 2 devices and 3 different apps.

One of the remaining mysteries of my emoji cut’n’paste journey was the realization that in text displayed via WordPress, not css, the emoji’s that displayed are from Twitter Twemoji 13.0.1 and not those displayed by MacOS. This problem doesn’t reveal itself when viewing via an iOS device.

I’ll leave this issue to a time when I have nothing better to do.


I know it’s pointless to argue against it, but circulating screengrabs of content make me sad. We don’t have a web anymore, just tides of flotsam and jetsam, a loose slurry of disconnected and contextless content microbeads washing over us.
Jesse James Garrett


Why you need to code

Recently I have yet again fallen in to the trap of trying to find a ready made solution to an easy to solve problem.

My portfolio website was quickly put together years ago and has languished ever since. From the time it was launched the extremely slow load times have made it embarrassing – it is a wordpress theme created by a talented German developer living in New Zealand. She has a love for JS loaders which for a host of reasons make each page take minutes, yes minutes, to load.

These past few weeks I have wanted to get a feel for employment opportunities here in Canada so a fast simple site is a good option as a way of introduction. My current site just won’t do.

Seeing as I have a lot of things occupying my time and thinking, my mental bandwidth has limits, and that I’ve let my web development skills languish somewhat, I chose to seek out a ready made template, thinking that I could then just focus on the typography, message, and load times.

First stop was the original developers themes but unfortunately, though matching my minimalist sensibilities, most suffer from the same load problems and they also have a host of usability issues.

Squarespace looks promising, but they also suffer from usability issues. Most of my work leans towards text vs. lovely art directed imagery, unless of course you find UX reports set in Times New Roman attractive, so their themes haven’t worked. ANd as soon as you step outside their defined templates, things become messy and difficult.

The point is all of the time I have spent trying to massage someone else’s work into something that would work for me I could have developed my own – except at the beginning it’s often difficult to see it that way.

In favor of prototyping for iOS I’ve let my web development skills fall by the wayside. This year I’ll work on polishing these skills so that I can quickly put together little projects without wasting time trying to fit some general purpose template into my needs.

Being able to code saves time.


Like going back in time

I prepared as much as I thought wise before I came here, I had considered downloading whole websites that have sources I constantly refer to, but settled with a fat Evernote database and a collection of essential reading. Of course I set up multiple VPN’s including one at home, which has since failed, and purchased a Hong Kong/China voice and data card that connects through Hong Kong. This is in part an effort to be able to perform my work effectively, as China search engines and sources are notoriously bad.

But habits die hard, and I’ve found myself constantly trying to access bits of data at times when most means are slow or fail. Everyone complains about it, it’s ridiculed in the western media, but coming from an always connected society, where you are free to access whatever you want, to constant widespread censorship is jarring and frustrating. The infrastructure is poor too, what good is a VPN if the pipe is small?

Many years ago I was in awe when I first dialled long distance into Delphi in Boston from Toronto. Watching that information flow in via a 9600 or 14.4k Baud modem was like magic. I was able to connect with people all over the world, share information, and learn about their local music scenes. I also started selling brass equipment via email (I was a small shadow to the enormously successful Equipment List in Montreal, that was started around the same time).

Each connection I get to the outside world now is very similar, with only seemingly a slight increase in speed.

On the bright side, perhaps being disconnected from the world, will bring about greater focus on matters at hand, and I can set up some system to slowly download news in the background, similar to what we used to do at work 19 years ago at the University of Prince Edward Island.

Edit (10/03): I can’t understate how short sighted and frustrating this is. I don’t know how knowledge workers have managed to stay in this country and get anything done. I’m not trying to watch videos on Youtube (which is allowed here) or post to Facebook, I’m trying to download ebooks and listen to a lecture, in an effort to do my job. Hours lost.


If the government demanded that we all carry tracking devices 24/7, we would rebel. Yet we all carry cell phones… If the government demanded that we give them access to all the photographs we take, and that we identify all of the people in them and tag them with locations, we’d refuse. Yet we do exactly that on Flickr and other sites. Bruce Schneier, chief security technology officer for British Telecom

See also: The Internet Is a Surveillance State and Beware Trading Privacy for Convenience.


Collaboration, Twitter, and browser CLI’s [bits]

How to Avoid Collaboration Traps, Create Unity and Get Results
From the book: “Leaders have to infuse this discipline principle throughout the company so that people do not collaborate for the sake of collaboration but are able to say no to collaboration projects of questionable value. To be disciplined about collaboration is to know when not to collaborate”. A review of a book I was interested in.
How to Demo Twitter
Guy Kawasaki: “One of the great challenges for anyone who loves Twitter is to show other people why they should love it too. Often it’s like explaining something you find funny: “You had to be there.” The contextual, ever-changing, and high-volume nature of Twitter makes explaining it difficult. Here are ten tips to help you demo Twitter to your friends, family, and colleagues”.
How to Hack Together a Twitter Client
From Guy Kawasaki again (or a ghost writer): “Sometimes you can make do with what’s available. Take, for example, Twitter clients. Until someone creates my fantasy Twitter client, I am using an application that doesn’t have “Tw” anywhere in its name or heritage. It’s called NetNewsWire”.
The Web Browser Address Bar is the New Command Line
Jeff Atwood focuses on the ways that modern browsers such as Chrome allow you to type Google queries directly in the location field, which allows for classic command-line style commands.


Web of confusion

“Web browsers, the primary tool for accessing the World Wide Web, use the page metaphor, which is appropriate for browsing static text with hyperlinks. This is the task that browsers were designed for.
As the Web expanded into transaction systems and applications, the page metaphor has been mixed with application metaphors. This has created confusing environments for users.” (Fellenz, Parkkinen , Shubin 1998)


The Long Tail from IHT

An explanation of the jargon phrase that I keep wanting to explain but always fail.

Want to buy an out-of-print book, a folk song recorded on a 78-rpm disc or some 18th century ceramics from Lunéville? You know already that the Internet can connect you with such esoteric purchases.
What you may not know is that these products help make up “the long tail,” a phrase that describes the never-ending shelf life of products that are not mass-market, top-40 favorites.

The End User: Of tails and walls


This Global Phenomenom Called ‘Internet’


A CBC report from 1993 on a global phenomenon called ‘Internet’. Do you remember what it was like to be online back in 1993? I remember being a moderator of a hugely popular bbs hosted on dana.edu servers. Community spaces were much different then, surprisingly more restrained, and likely partially because of the ‘magic’ of the experience the relationships were far closer than anything I have experienced since.
YouTube is my new television.
Heres the link to the original CBC archive page.


Neutrality of the Net

Tim Berners-Lee: “When, seventeen years ago, I designed the Web, I did not have to ask anyone’s permission. [3]. The new application rolled out over the existing Internet without modifying it. I tried then, and many people still work very hard still, to make the Web technology, in turn, a universal, neutral, platform. It must not discriminate against particular hardware, software, underlying network, language, culture, disability, or against particular types of data.”
Continue


My Old House – Google Map


Please excuse me while I try out Googles Map API (better late then never). Too bad they have no map data for cities in Asia. Next up will be some way to hook this into plazes to automatically track my movements – the ultimate automated stalker.


Points From Teaching Last Nights Design Class

I drove out to Hsuan Chuang University last night to teach but unfortunately took a wrong turn and got lost. I did manage to get to the class just in time only to realize that I forgot my dvi-vga adaptor. Lovely start.
Some things I learned from the experience:

  • No one has heard of Flickr or Myspace. Some people know about Gmail
  • The students are fiercely loyal to local Taiwan web sites (both applications and communities) regardless of how inferior they are to other sites in their language produced elsewhere
  • This class speaks far more English than the last. Cool
  • I said that technology is an enabler. They say that to be modern we must let technology lead. The sense I get is that they don’t really get the idea of balancing customer and business needs. They don’t really think about humanizing technology and building things that allow people to do things, with technology allowing that to happen. Pick a platform first then make people use it instead of find out what people need and pick a platform to make it happen.
  • Each year the students seem more “free” – lots of chit chat and far less discipline – almost like a Canadian classroom which is too bad
  • I dislike podiums and lecturing. My idea of class as a conversation bombed – “lets make it like the web – you have the material already – lets start with with an idea and see where it goes” – I’m naive – structure is still king
  • Everyone loves stories and loves to laugh

Overall an interesting evening if not rather distracting. The doors to the classroom were open – to the left of me were beautiful ladies line dancing to music, to the right was an old black dog constantly licking his genitals. I bet no one else can claim to those kind of distraction when teaching.


Trying to keep Mobile

There seems to be some strange goings on today on the Inter-web here in Taiwan which is making me doubt my decision on signing up with Strongspace for offsite back-ups. Uploads seem to be a problem lately with even the smallest of files – it took an hour for me to eventually upload a single 50k image file through ftp or browser client. If I have problems with small images it makes me wonder if nightly multi-gig backups will be feasible. Taiwan generally has great consumer level broadband service which is usually only hampered by poor “last mile” infrastructure (if you would see the lousy job done on phone and electrical installations here you would understand). Luckily Strongspace is cheap, very cheap, so giving it try is basically no risk at all.
I was once a .Mac subscriber but the amount of storage and lack of good customer service has driven me to using Strongspace and Gmail. It will be interesting to see how my increased reliance on web applications plays out as I travel and across the various hinterlands of Asia.


PingMag’s – The Website Development Process

howtomakeawebsite.jpg
We’ve been too serious and downright stodgy for too long. Maybe the power of fun is catching on, here is a delightfully fun, unique, and understandable approach to presenting the usually boring web development process to clients. It’s over simplified but for a first meeting with an inexperienced client this could be a great way to break the ice and get them involved. Kudos. Use this approach for your next financial services client and perhaps they will actually enjoy yet another meeting with yet another vendor.
Check out: PingMag’s – The Website Development Process


Mr. Nobody owns my files

Sometimes I wonder if having so much control over my hosting account is such a good thing. It’s amazing how the tools we use to communicate and ‘enhance productivity’ end up costing us so much time.
I have been over the past week or so trying to customize a php based gallery ‘solution’ (is there a better word?) to use in upcoming projects and on a new section of my site 35togo. I had some problems with it and decided to delete the files from my server and start anew with some changes I had made. Unfortunately I couldn’t delete the files from the server, I kept getting a non-descript error message – after I opened a support ticket with my web host this is what I they responded with:

“The problem in this case seems to be that this directory is owned by the user “nobody.” The web server normally runs as the user “nobody,” and any files that it creates will be owned by this user. You won’t have permission to delete such files, by default. To remove these files, you’ll need to create a script to remove the files, then run that script as CGI. Since it will run as “nobody,” it will have permission to delete files with this ownership.”

It’s a good piece of knowledge. I wish they would have offered to delete the directory for me since they have root. Much of the software I use on my server write files and create directories. So unknown to me till now, I have acquiesced control of these files and directories to “Mr. Nobody”. In the future if I want to avoid this problem I should use CGIwrap or PHP CGIwrap (to run scripts under my own userID).
This is all I’m sure pretty basic stuff, especially to those who are unix and apache mavens, and I’m sure I will solve this. But do I really want to spend time on this? Sometimes I think I spend too much time learning to do too broad a spectrum of things. Instead of perfecting craft I become a master of nothing.