about that new year’s resolution

So I thought – at least one blog post a month won’t be difficult, right?


Then in February, right before I was scheduled to speak at eTail West, I get an ominous email from Google saying my blog is spewing malware.  I immediately checked and was convinced the email was legit.  Oh crap.  Later Google would complain about many more sites I host, here’s an example email:

malware notice

I host a number of sites (including some blogs, a mail server, a personal photo gallery, two commercial sites and a non-profit group) and all of them were compromised.  So I disabled all the web sites until I returned from eTail.  When I got back home, I cleaned and rebuilt each site one-by-one.  During the rebuilds, sites were getting re-infected, and it was difficult to find the attack vector.  The web wasn’t any help, except that I got a good appreciation for some of the old security issues in WordPress and its plugins – none of which I was experiencing.

It turns out that while bobpage.net was up-to-date with its software, another locally-hosted site was not, and got compromised.  The attack granted access to the local file system, so every web site I hosted got infected.  Nice.  Once I installed some hand-rolled logging software I saw how quickly a site would get hit, and then infect everything else.

Finally I learned enough to understand this particular attack, and I installed various intrusion detection, firewall and logging packages, just in case, and turned on sites one-by-one until I was satisfied I had everything back under control.  The whole thing probably took me two weeks to fix, since I couldn’t just drop everything else I was doing.  But it did consume most of an entire weekend.

As to what the malware did, I never really looked.  As long as it was gone I was satisfied.


Back in the day I ran all my own machines & software, built around FreeBSD and Linux.  One day I decided there were better things to do than to continually monitor every mail list and patch my system software.  So I switched my machines to Mac and went to outsourced hosting.  That doesn’t solve everything but it did lower the administrative burden, because I was putting my faith in others who claimed they were up to the task.  But I couldn’t fully give up everything, so I went with a self-administered version of WordPress instead of using the hosting and software available at wordpress.com.  As a result, a slip-up in my software patching caused me days of hassle.

That was late February – early March.  For now, I’m still using my own hosted version of WordPress, because I keep telling myself it gives me lots of flexibility should I want/ need it.  Today I installed the latest patches, checked my logs, and decided it was safe to blog again (for some definition of ‘safe’).  I’m not a big fan of blogging about blogging, but the larger story is that no matter how remote and isolated you think you are, you’re running buggy software at the end of some IP address.  The scanners will find you, and the scammers will take advantage if they are able.  Whether or not you care depends on how much control/flexibility you want.  But I guess with great flexibility comes great responsibility, or something like that.

about that new year’s resolution

Dancing about Architecture

Blogging about Twitter. Reminds me that Talking about music is like dancing about architecture …and I’ve already blogged about Twitter more than once. While we’re a good year and a half into Twitter, and it’s been mildly entertaining, I’m starting to see value now. So this post is for the folks still scratching their heads.

There’s a critical mass (or tipping point, if you are so inclined) of people you need to follow such that a micro-community emerges. Once that happens, you get two things. One is quick notification of important/interesting events/news/blog posts. In fact since I’m following so many web analytics folks, I no longer have to rely on my RSS reader to bring me the big stories — the community points them out. Of course you need to be following the right people for your interests – people who say interesting things.

Second is ability to get feedback. I admit I don’t use this a lot, but it can be handy, depending on your community size. Of course it didn’t help me find a 13-year old copy of Windows…

(In response to Eric’s comment in one of his posts, yeah, my “lazy blogger” tweet to him, welcoming him to Twitter, was paraphrased from something June said to me at eMetrics last spring, about Twitter being the lazy man’s blog. At the time I couldn’t tell if she felt it was a compliment or a condemnation, but now I know.)

Dancing about Architecture

New Web Analytics Blogs To Watch

Two new blogs today…

 Images Sitedesign Jimsterne Left

eMetrics from Jim Sterne, who probably needs no introduction, and

William Garrison
metricbox from William Garrison, a Senior Professional Services Engineer (I assume from WebTrends)

Welcome to the discussion, Jim and William!

(As always, when I find new blogs that seem to touch on web analytics, I tag them with the wablogger keyword on del.icio.us. Social bookmarking, baby! Sure beats keeping a blogroll up to date.)

New Web Analytics Blogs To Watch

FeedBurner to Google

FeedBurner LogoLike many bloggers, I use FeedBurner to distribute my RSS feed. They provide well-formed feeds, predictable performance, and a small amount of reporting so I can see how many RSS readers I have and what articles they click on. You might recall that FeedBurner acquired BlogBeat some time back, but I don’t think they actually integrated it into the main FeedBurner offering. In any event, FeedBurner’s reporting makes a decent supplement to Google Analytics.

Looks like soon there won’t be a need to supplement, as TechCrunch is reporting that Google has agreed to acquire FeedBurner. So it’s not out of the question that some kind of BlogBeat-FeedBurner-MeasureMap-GoogleAnalytics mashup is in the future.

Ads by Google ..

FeedBurner to Google


Well, it’s hockey playoff season, so that means it’s time to resurface the blog.

 Zamboni Model700

OK, that doesn’t make any sense, but I wanted to say something about hockey, so there you go.

Yes, I really am resurfacing the blog– upgraded the software and put in a fresh coat of paint. I intend to consolidate a few old blogs and assorted posts from the past; there’s a pile of stuff from Ye Olden Days that will eventually make its way here.

While I’m not a fan of revisionist blogging, I’ve cleaned up some of the old posts (broken links) and deleted a few posts that made no sense – e.g. they were too time-based to be of even token value now.

The New and Improved site is being watched by Google, because I’m sending web bugs beacons back to Google Analytics. I’m also publishing the feed through Feedburner, which provides its own set of (rather weak) stats.

For you RSS readers, no big changes, except that the whole feed got refreshed with the software changes. Oops.

So what’s the story? Simple. I got crazy busy, and blogging fell below the line. Not just writing — reading did too. Months ago, a colleague mentioned that he’s more interesting when he reads blogs. I’ve started reading again, but if there’s a correlation between amount of reading and interestingness, I’m still not very interesting. But since being interesting has never stopped me from blogging, I say Game On!