Livejournal Hack

Asides

I’ve been following the Livejournal hack closely because as someone who runs many services that allow user submitted content, any new developments in XSS are very important to stay on top of. So far the only official technical explanation I’ve seen is here on lj_dev. Since we don’t allow template editing or embedded JS or styles on WP.com I can’t think of any vectors for attack, but you never know with these things. More on moz-binding.

Socialtext Spam

Uncategorized, ,

(Rant warning.) What’s it called again when you can’t unsubscribe from a service that sends you email almost every day? This is broken:

  1. I get my daily email about changes in the LoicLeMeur Wiki that I signed up for sometime at Les Blogs.
  2. “To stop receiving or change how often you receive emails about changes
    to LoicLeMeur Wiki, go to: http://www.socialtext.net/loicwiki/emailprefs “
  3. Redirects me to this URL.
  4. It appears that I am logged in. I change my preferences to “Never”
  5. Of course when I go to my settings it shows me as “user78247”, so I didn’t actually cancel my subscription, it just showed a stupid subscription page to me even though it obviously doesn’t have my email address right now and I’m not logged in.
  6. Okay, click the “log in” link.
  7. Type in email and password.
  8. I am now mysteriously redirected to the FOAFnet wiki, which hasn’t been touched in like a year. NO IDEA WHY.
  9. Wait, the top still has a login button, but also a settings button?
  10. Settings takes me to the user page for “user19254”, even though I JUST LOGGED IN.
  11. Okay, click login again.
  12. Now I’m redirected back to the FOAFnet wiki again but this time it shows me as being logged in.
  13. Where the heck do I go now???
  14. I go back to the Loic wiki via the address bar.
  15. It says login in the top right corner again.
  16. I enter my information, and am redirected by to the FOAFnet wiki. I can sense the wiki mocking me.
  17. Okay, maybe if I go back to my settings page where it worked.
  18. It forces me to login to the FOAFnet wiki AGAIN even though I did just SECONDS AGO.
  19. I now am logged in, I click on settings and go to “My Workspaces.”
  20. It only shows the FOAFnet wiki, even though I know I’m a member of the Loic one because I GET EMAILS FROM IT EVERY DAY.
  21. Also now for some reason every Socialtext wiki I try to visit, like this one from Web 2.0 conference, redirects me back to the FOAFnet wiki. (cue blood-curdling scream)

Any suggestions? I would just dev/null them in my procmail, but I prefer not to do that to legitimate companies. At what points could the user experience be improved?

(And yes, I have reported this problem to them. I demonstrated it in person in August 2005 at BarCamp. It’s January.)

Update: Socialtext responds in the comments. “[T]his morning we disabled email notifications for all the public wikis on our site, due to the confusion people had when trying to turn them off.” A thoughtful, effective, and quick response.

Automattic Toni

Automattic, Yahoo

Another nice birthday present! I have no idea (really) how he got this, but Om has the scoop on Yahoo VP Toni Schneider leaving to join Automattic. We were originally going to announce this at the end of the month when Toni actually left but I guess now is as good a time as any. 🙂 Toni was the CEO of Oddpost and after joining Yahoo led, amoung other things, their really cool developer network.

I first met Toni shortly after I moved to San Francisco and I’ve wanted him to be a part of Automattic pretty much since the idea first entered my mind. We’ve spent many long meals over the past year discussing the Automattic idea before it even had a name. I’ve been on cloud nine since (somehow) I convinced him to leave the incredibly cushy corporate job and rough it out in startup world again. I’m very very excited about some of the things coming down the line.

Update: Toni has blogged about it here. He also has a WordPress.com blog that used to have a bunch of cool cars on it, hopefully that’ll come back somewhere. 🙂

Update 2: It’s on Digg, and I’m curious what linking to the Digg story will do. Digg it if you think it’s interesting.

Matt 2.2

Asides,

We’re very proud to announce the final release of Matt 2.2, a full year in the making since the last major release. This version includes dozens of enhancements ranging from DSLR support to the new facial hair module (which we could never quite get to work in previous revs). The knowledge base has been expanded, though it’s still a bit light on the experience benchmark. We’ve also fixed that bug that was around since about 1.7 where it thought the knowledge base was already full. Now it knows more, but knows it knows less. Short-term RAM is still a little flakey. Email processing is also still slow, but the “piano” and “reading” plugins have come a long way. This version also runs without a support contract from a major corporation. Most people surveyed agreed this was a solid upgrade, but we know there’s a lot of work left to do still. We hope to continue listening to feedback and keep up the regular release schedule.

All birthday posts: 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40.

Home Sweet Home

Asides, Travel

I’m back in San Francisco. This normally wouldn’t be a big deal, except I left at the beginning of December. It has been an exciting month, and I had the pleasure of meeting WordPress users from all over the world in person. I also learned a ton about efficient traveling and getting work done on the road. All great fun, but I am so happy to be back in my own place.