To the hacker trying to log into my WP blog

Please, just stop.

Let’s talk about what you want in the comments section?

 

Update: The hacker has been using an IP – 74.91.20.14 from Kansas City which has been blocked.

Update 2: The hacker has now started using an IP –  94.185.85.42 from Sweden which has now been blocked too. Good luck idiot.

Update 3: My hacker has turned into a spammer. Apart from using the following IPs to try to log into my blog,

91.217.101.247, 78.130.226.69, 109.175.6.137, 94.50.173.99, 95.56.146.170,

95.239.168.196, 217.118.81.13, 217.9.237.26, 176.102.32.47,  200.29.112.243,

92.60.234.183, 189.195.192.33, 77.66.236.145, 189.72.213.165, 203.77.43.96,

94.29.189.206, 60.249.130.169, 46.172.200.79, 178.234.219.188, 182.178.58.119,

88.206.117.39,  85.217.201.124, 95.82.248.125 (and a lot others)

(use geoiptool and whois to see where these IPs are from and who they belong to)

I am also being bombarded by spam comments and link backs on my blog. Boy am I glad to be running Disqus instead of the default comments right now!

In other news, I found out that Cloudflare only allows blocking of 2 IPs for a free account. That means I’m left to my own devices to reduce this threat. Thank Johanee for the wonderful Limit Login Attempts plugin for WordPress.

 

Update 4: Ok, I’m kind of liveblogging this. But it’s turning into an interesting nightmare. The more I heckle this hacker, the more I’m being bombarded with spam and the more IPs he’s using to try to log into my account (to avoid the login attempts limit). Here’s a nice map showing the IPs I’ve logged (Shows the number of machines under his control) –

IPs around the world. Most of these are showing as Windows hosts, but some are registering as Mac. That doesn’t look good!

Attribution: The above map is from http://www.phpace.com/tools/network-tools/ip-to-location/ which seems to be using Google Maps and the MaxMind GeoIP service.

 

Update 5: It seems that the dictionary attack has come to an end for the day. The hacker used an intelligent list of commonly used passwords instead of just bombarding me with all possible words from a-z. Thanks to the ThreeWP Activity Monitor plugin, I’ve been able to compile a list of IPs, browsers associated and passwords used by the hacker. I’ve created a nice Google Map to pinpoint all the locations of the possibly infected computers used by the hacker. That map is more comprehensive than the image above. I’ve also attached a nice python list of all the IPs, if someone wants to do something with them (for example, if someone from CloudFlare wants to include said IPs in their network).

Google Map

Combined Info on passwords, IPs, user agent info of infected computers.

python IP list

Attribution: Google Maps for the map, Maxmind for the GeoIP API, pygmaps for the library. If anyone’s interested, I’ll upload the python code I used to create the map (though it’s pretty simple).

 

Update 6: You would have thought this person would have given up after a week of hitting on my blog, but that doesn’t seem to be the case. I receive about 7-8 spam comments a day and 30-50 login attempts a day. I’ve started to hit back. I’m recognizing frequently used IPs and reporting them for abuse to their owner companies. I’ve sent a list of IPs to Cloudflare and asked them to put those IPs in their block lists. I’ve found something called RBLs (Realtime Blackhole Lists) which list IPs used by spammers. Many of these lists already have the IPs that I’m getting hit with listed in their files. Most of these lists do not accept user contribution but some of them do. I’m finding the ones that do and systematically reporting every IP used by the hacker.

Also, I’ve downgraded his level from hacker to spammer and from spammer to script kiddie. From here on out I’ll be referring to this person only as a script kiddie.

A brief update on Fever/AppFog

Recently, AppFog sent out an email telling us that free accounts will be further restricted in what features and resources they are will receive. This felt like a major issue for me at that time, since I have Fever running on the service and I’ve dedicated close to 1 GB of RAM to the app.

When the changes finally made through, I realized that I was wrong. Upon monitoring my Fever installation during updates, I realized that it doesn’t use more than ~150 MB of RAM at a time. The only other thing is the database size, which is more than 300 MB for me, something which cannot be easily hosted anywhere else.

I ran some numbers and have found that the most basic paid plan from AppFog can allow for 8 Fever installs with 256 MB each but with the restriction of 200 MB of database storage per install for $2.5/mo. So, if you can find 7 other people who don’t have more than, say, 300 feeds in their Fever installation, AppFog would be the perfect place for you. It would also be a good way of giving back to the service that has supported free Fever installs for so long.

To everyone else, I must ask this – tell me about your Fever installs. How much are you paying? How much RAM and db are you using? Would you be open to sharing space with me (and possibly others) to reduce hosting costs?

I love Fever. It’s one of those services that are just the perfect fit, in this case for reading RSS feeds. I’m grateful to Shaun Inman for continuously working on this application, even though it seems that new installs are at an all time low and he’s busy with personal stuff. I am ready to pay for the hosting, but I figure that if we work together, we can reduce our costs greatly.

A short note on Bootcamp/Windows

I got my hands on my brother’s awesome 15″ Macbook Pro and seeing the 500 GB hard disk, I decided to try installing Windows 8.1 on a small 50 GB partition.

After an evening wasted, I realized what the problem was. After scouring the Apple forums, I realized that I have to give Windows an unformatted 50 GB space to do with as it pleases, since any other format (NTFS included) was greek to the OS. So I did just that. Turns out, Windows split that space into 2 partitions – 1 49 GB disk with NTFS format and 1 200 MB disk with Mac OS Extended format.

Now, here’s the thing. Mac supports NTFS, no matter how reluctantly, but Windows has never cared to understand Mac OS Extended. Why then, it was formatting that small segment in that format, I know not.

The end result? Currently, I have Win 8.1 in a VM.

Update: God knows why, but I tried again, this time with a different ISO and a different approach. If there’s one thing that’s consistent about Microsoft, it’s their inconsistency. The process failed in a whole new way. I’m done with Bootcamp. VMware wins my money. Now and forever.

Notes for Week 2 of 2014

So, it’s been an interesting week. Some observations –

Social

Found this gem of a Difference between Facebook and Twitter –

Facebook – 

“Best Practices

Making API calls directly to Facebook can improve the performance of your app, rather than proxying them through your own server.”

Twitter – 

“Caching

Store API responses in your application or on your site if you expect a lot of use. For example, don’t try to call the Twitter API on every page load of your website landing page. Instead, call the API infrequently and load the response into a local cache. When users hit your website load the cached version of the results.”

< p>Turns out, when not losing market share to a third-party app, Facebook is actually quite nice to developers as compared to Twitter. To be fair, tweets constitute a lot more volume and processing, so it would make sense for Twitter to want the devs to cache their data. Also, even ADN  has rate limits but at least their limits are more generous than Twitter.

Seriously though, twitter has millions of dollars for servers and all I have is a 128MB VPS. What the heck, Twitter?

Google(+)

Google is no longer Google. It’s Google(+). Everything we love about Google and it’s services is being slowly replaced by Google+ and the latest victim is GMail. Now anyone on Google+ can email you without knowing your email ID. As a communication tool, this makes GMail more open. But that’s exactly what people don’t use GMail for. They use it for Email. Big difference there Google. You can opt-out, but what’s the bet that option will be going away soon?

What Google should actually do –

Google understands one thing and one thing alone – Search. Pushing Google+ isn’t going to help them overcome the social networks of the world. But there is one thing I covet – the Search API. Seriously, why don’t we see third-party Search apps that innovate the way we see our Search results. That’s one data stream we’ve not targeted yet. Google needs to let people in, do their thing and pretty soon we’ll see people integrating Search with  social platforms. Oh, you wanna see which of your Facebook friends searched for the latest Tom Hanks movie and then clicked on IMDB? Here’s the data to that. Seriously Google, stop letting one segment of the business take over the other, specially since we know you’ll kill Google+ a couple of years from now.

Advertising

Ah, advertising! The Bane of TV show lovers binge-watchers. Advertising has slowly crept in everywhere on the Internet, from YouTube to Hulu. Towards YouTube, go find YouTube5. It’s an extension that replaces the usual YouTube player with a cool HTML5 one and kills all ads in the process. Enjoy.

To Hulu, I say, well, get rid of the “Brandon Switched to Ford” ad. Seriously. It’s a stupid ad, I’ve seen all too much of it and Brandon looks like a total douche for being the black sheep who abandoned the family tradition and switched from a Honda to a Ford. If ever Hulu fails, it’ll be because they keep repeating the same ads over and over again. I do not want to be bored by ads, I want them to be innovative and interesting. (Coincidentally, Samuel L Jackson staring in my face is not innovative. I’m looking at you, Capital One.)

I finally also saw the KFC ads that look like some woman with a video camera uploaded to YouTube. That’s supposed to be innovative? Nope. She looks drunk/high/both and you’re not fooling anyone with these ads KFC, those are scripted (or worse, they’re not!).

Finally, saw a teeth whitening strips ad on Hulu that said, very specifically, “If your teeth are not getting white, they’re getting yellow”. Ok, first of all, yellow teeth are perfectly normal and more an indication of stomach trouble than a medical emergency. Second, the ad targets people women who drink coffee. First it was guys who smoke who were targeted and now this. Finally, that text up there. That’s a scare tactic. Pretty soon, they’ll come up with a white paper saying that yes, your teeth getting yellow is a medical problem and you need to use teeth whitening strips in conjunction with toothpaste. All of this will be driven by only one thing – Sales telling the Marketing team to get innovative with the ads. There’s no real medical issue that they’ve tried to resolve.

That concludes the rant session on advertising.

Clients from Heaven

I’ve been building a web app for my brother and he mentioned that the text on the screen doesn’t ‘look black’. For a second, I tried hard not to wonder if my brother is a typical MBA Client from Hell but as it turns out, he was right, the text was actually #2C3E50 which is actually a weird dark blue. Thanks Bootstrap for making me look bad in front of my brother!

WordPress

It was an exciting week to be a WordPress user. Snaplive, a front-end text editing solution was showcased to a few who had signed up for updates. It seems to work really well with WordPress, so expecting some really good things in the future.

Ghost had promised to revolutionize WordPress, but instead it went and setup shop elsewhere. That’s ok, since we have Gust, which is a plugin that ports the awesome Ghost Admin panel functionality to WordPress. Mind you, this just released, so if you’re not ready for bugs (which software doesn’t have bugs?), don’t install this yet.

Finally, a shout out to whatweekisit.com, which I used to, umm, calculate which week of 2014 we’re in. Yeah, I should have just looked at a calendar.

Smartwatch. Meh.

Samsung is talking about 800,000 shipped Smartwatch units. Yeah, whatever. No one’s buying them, no one’s talking about them. At least not in my part of the Internet. Here’s the thing. People call Samsung an Apple competitor. Really? Android fans jump to the HTC One now. The Fitbit Force looks more like a smartwatch than the Samsung Smartgear.

I saw “The Italian Job” yesterday. Samsung is the Steve to Apple’s Charlie in the movie. Samsung barely has enough imagination to last it a few years before stealing someone else’s idea.

When you’re trying to break into a new market, an important part of that process is innovation. The ‘thing’ Samsung is dangling in front of us looks like something Casio put out in the 90s. When Tesla came out with an electric car (which is essentially what it is), did they say, let’s make another boring iteration of an electric car that drones like a bee and doesn’t go over 60 mph? No. When Nest made a thermostat, did they make it look like every other thermostat in the market. Not at all.

Why does it seem so hard to innovate? Why does it seem like Samsung cannot look at a device and dream up something different? Maybe because Corporations don’t dream.

Tech Bloggers should sell their articles

tl;dr – Tech bloggers should sell articles to News companies, much like Reuters and AP have done in the past.

GigaOm Pro is an interesting service. While most of the tech blogging industry is ad-supported, it has a subscription based model. It’s not unheard of, but surprises me that it works. I don’t have any numbers, but the fact that the industry pays good money to read and listen to GigaOm Pro analysts seems to point to a healthy business model. Why does GigaOm Pro work? Because it is attached to a name, that of Om Malik. That name carries weight in tech reporting circles. People care about what he has to say.

Why is this relevant? Because good writing is always rewarded. Newspapers around the world have always depended on wire services like Reuters, AP and BBC, to name a few, to fill their columns and inform their readers of news from around the globe. This makes sense for two reasons – it is cost-effective and companies such as Reuters and AP can be trusted to do the right reporting in a timely and impartial manner. I have seen news reports being replicated in different newspapers without any change simply because the headline was followed by a reporter’s name and a small (Reuters) mention.

Today, the Internet, in its goal to be an open sharing platform, has skewed this reporting standard. Companies such as ABC News and NYT often quote a blog post or a tweet and wrap their own story or analysis around that. This works so long as the original writer isn’t a paid professional writer, like when I write on this blog. But when the quoted links are tech blogs and independent writers who lose out on page views; and thus ad revenue, this becomes a lousy proposition for the bloggers.

I believe that tech blogs should become similar to Reuters and AP in their reporting. Traditional news companies cannot afford to send reporters to every tech event, nor are they invited to do so. Tech blogs have reached the level where if you’re not writing well or covering the latest topics, you’ll get laughed off the Internet quicker than it takes to set up a Tumblr blog. So, instead of keeping in-house writers, news outlets can take articles from tech blogs for a fixed price, along with deeper analyses and more contextual content. They could do this without compromising the quality of the writing. Not every tech blogger would qualify for a payout, but those who have proven their worth will be able to earn more than just page views on such a program.

Why would this work for news companies? Right now it’s a free-for-all. They can quote anyone, attach a link and bet that no average reader will click on it, all for free. The benefit of paying up? Syndication. Right now, tech news trickles down from everyone who was on the scene and this means that everything links back to the tech blogs. By offering to pay for their writing, media companies will be able to get their hands on exclusive content without having to link to any blogs and without having to worry about legal issues related to trackbacks.

The negatives for tech bloggers are not negligible. The first is that many companies will require bloggers to officially become journalists to protect them in case of First Amendment issues. This will require that the following question be addressed – is a blog post talking about a recent event a news report or an opinion? I myself believe that it is an opinion, since the writer does not necessarily have the required training to be impartial to the subject. This debate has often played out against bloggers. The other issue is that upon paying money, the company will require the blogger to not publish the article on their own blog, as this would duplicate the syndicated article. This hits the blogger exactly where it hurts. Tech bloggers write on their own platform for the single purpose of gaining popularity; which can then be converted into money using the traditional means of sponsored posts or advertisements. The work around would be for tech bloggers to either accept less money in exchange for permission to post the article on their blog after a fixed period of time or write a short article on their own blog while syndicating a longer, much more detailed version for the news media. The final problem is that this move would take us away from the open nature of the Internet where RSS feeds and pingbacks allow a level of sharing that doesn’t exist on any other media platform. I do not know how negatively this will affect the Internet, but it would not be a small change.

In conclusion, I believe that tech bloggers should strike deals with traditional news media to provide them with syndicated news feeds. This can mean that tech bloggers do not need to depend solely on advertisements on their own platform to earn a living. This will benefit news media outlets because they will get accurate, real-time news and analysis from people who are in the field and understand the context very well. There are still a lot of issues that need to be resolved before such a step can be taken, but the idea is worth looking into.

Interesting sub note – The Wikipedia page for Syndication lists print syndication as “where individual newspapers or magazines license news articles, columns, or comic strips” but web syndication as “where web feeds make a portion of a web site available to other sites or individual subscribers”. In web syndication, there is no mention of licensing, money or purchase of rights. This is what Riptide has concluded to be the problem with news reporting on the web.

Editor: Anna Tarkov [ADN|Twitter]
Note: I’d love to thank Anna for her help in editing this article. She provided me with invaluable help in getting the message across and pointing out some of my idiosyncrasies. Anna is a journalist from the Chicago area and she’s steeped in the digital life. She runs a personal blog here.

Blog Merry-go-round

Using WordPress but tired of MySQL?

Want to have a fast, static blog?

Use Jekyll.

Using Jekyll but want a better UI?

Use OctoPress.

Using OctoPress but want to use Python instead of Ruby?

Use Hyde.

Using Hyde but want to use Dropbox to hold your files?

Use Pelican.

Using Pelican but want good search, analytics and plugins?

Use WordPress.

 

Good thing I’ve been on WP all along and intend on staying here.

 

The futility of dieting: Sandra Aamodt at TEDGlobal 2013 | TED Blog

Apparently, there’s no point in my dieting. I just need to chew better.

“giving yourself permission to eat whatever you want, slowly, and without distractions, paying attention to how your body feels when hungry or satisfied, and letting hunger determine when you’re done”

Neuroscientist Sandra Aamodt reveals how the brain regulates body weight, making dieting futile and often counterproductive.

Link

You Won’t Finish This Article Either

Just today, I was having a discussion on ADN about how there’s too much noise on the Internet and if I had the choice of a broadcast medium, I’d go with newspapers. Some time after that, I noticed the link to an interesting article on Slate about how people are not reading entire articles on the Internet and are just skimming through, or even just reading the headline, and tweeting the link if they like the headline or an eye-catching photo.

At this point, it’s my duty to inform you that this is a post about Social media, sharing, reading on the Internet and is a bit of a rant, so if you’re not interested, you’ve already left the article. I’d also like to tell you that I wanted to name the article – “Dealing with loss, of Readers” but that seemed rather grim and I wanted to mimic the Slate headline, because it’s just that good. There’s another reason that I’ll tell you later about. Continue reading