about that new year’s resolution

So I thought – at least one blog post a month won’t be difficult, right?


Then in February, right before I was scheduled to speak at eTail West, I get an ominous email from Google saying my blog is spewing malware.  I immediately checked and was convinced the email was legit.  Oh crap.  Later Google would complain about many more sites I host, here’s an example email:

malware notice

I host a number of sites (including some blogs, a mail server, a personal photo gallery, two commercial sites and a non-profit group) and all of them were compromised.  So I disabled all the web sites until I returned from eTail.  When I got back home, I cleaned and rebuilt each site one-by-one.  During the rebuilds, sites were getting re-infected, and it was difficult to find the attack vector.  The web wasn’t any help, except that I got a good appreciation for some of the old security issues in WordPress and its plugins – none of which I was experiencing.

It turns out that while bobpage.net was up-to-date with its software, another locally-hosted site was not, and got compromised.  The attack granted access to the local file system, so every web site I hosted got infected.  Nice.  Once I installed some hand-rolled logging software I saw how quickly a site would get hit, and then infect everything else.

Finally I learned enough to understand this particular attack, and I installed various intrusion detection, firewall and logging packages, just in case, and turned on sites one-by-one until I was satisfied I had everything back under control.  The whole thing probably took me two weeks to fix, since I couldn’t just drop everything else I was doing.  But it did consume most of an entire weekend.

As to what the malware did, I never really looked.  As long as it was gone I was satisfied.


Back in the day I ran all my own machines & software, built around FreeBSD and Linux.  One day I decided there were better things to do than to continually monitor every mail list and patch my system software.  So I switched my machines to Mac and went to outsourced hosting.  That doesn’t solve everything but it did lower the administrative burden, because I was putting my faith in others who claimed they were up to the task.  But I couldn’t fully give up everything, so I went with a self-administered version of WordPress instead of using the hosting and software available at wordpress.com.  As a result, a slip-up in my software patching caused me days of hassle.

That was late February – early March.  For now, I’m still using my own hosted version of WordPress, because I keep telling myself it gives me lots of flexibility should I want/ need it.  Today I installed the latest patches, checked my logs, and decided it was safe to blog again (for some definition of ‘safe’).  I’m not a big fan of blogging about blogging, but the larger story is that no matter how remote and isolated you think you are, you’re running buggy software at the end of some IP address.  The scanners will find you, and the scammers will take advantage if they are able.  Whether or not you care depends on how much control/flexibility you want.  But I guess with great flexibility comes great responsibility, or something like that.

about that new year’s resolution

odds and ends, new and old

So, the Strata conference was good, and my talk was pretty well received.  Work got in the way of me hanging out at the conference for the whole three days, but I did spend about a day and some change meeting lots of smart people (including a lot of ex-Yahooers) and taking in some talks.  It’s a very different vibe from eMetrics – that’s not a judgment, just an observation.  Much more technical and “hands-on” in nature – a lot of it reminded me of eMetrics 2006, with a focus on tools and technologies.  If you missed it, or want to relive it, you can find Strata 2011 Speaker Slides & Videos.

One personal highlight was chatting with Duncan Davidson, who is doing a lot of photography for O’Reilly events (and many others .. check out his site).  The kick was that he and I were in a Palo Alto community photography class with about a dozen other people back in … oh, 2002ish maybe?  And now look at him: a pro photographer, living the dream…

Tonight I did something both humbling and inspiring at the same time.  I read my own blog.  Like, all of it.  There’s not a lot to read, really, until you reach back to 2005.  There’s now lots of missing images and busted links. Such is the web, I guess.  But the experience was inspiring because I found myself on several occasions thinking “wow!  that was well said!  Did I really say that?” and then followed by “Hmm, I don’t think I’m that smart any more.”   Perhaps blogging is like exercising – if you don’t use the muscle, it atrophies?

Speaking of busted links.  Back when the web was black and white with blue links, I had some content on my old neato.org site, wherein I poked at a few sound and video devices to reveal their secrets.  Various nooks and crannies of the web still have pointers to that material, and still get the occasional email asking if I have the content around somewhere and can I please put it back up?  So over the weekend, I did.

odds and ends, new and old

Dancing about Architecture

Blogging about Twitter. Reminds me that Talking about music is like dancing about architecture …and I’ve already blogged about Twitter more than once. While we’re a good year and a half into Twitter, and it’s been mildly entertaining, I’m starting to see value now. So this post is for the folks still scratching their heads.

There’s a critical mass (or tipping point, if you are so inclined) of people you need to follow such that a micro-community emerges. Once that happens, you get two things. One is quick notification of important/interesting events/news/blog posts. In fact since I’m following so many web analytics folks, I no longer have to rely on my RSS reader to bring me the big stories — the community points them out. Of course you need to be following the right people for your interests – people who say interesting things.

Second is ability to get feedback. I admit I don’t use this a lot, but it can be handy, depending on your community size. Of course it didn’t help me find a 13-year old copy of Windows…

(In response to Eric’s comment in one of his posts, yeah, my “lazy blogger” tweet to him, welcoming him to Twitter, was paraphrased from something June said to me at eMetrics last spring, about Twitter being the lazy man’s blog. At the time I couldn’t tell if she felt it was a compliment or a condemnation, but now I know.)

Dancing about Architecture

Tracking Web Analytics Blogs

I’ve fallen off the blog trail again (when life gets too crazy, I stop posting *and* stop reading) so missed the little dust-up over who’s got the name-your-superlative web analytics blog.

When I re-energized this site, I started putting a blogroll up, but quickly decided that was not scalable. Instead, I decided to use del.ico.us with the tag wablogger … and I used a very loose definition of “web analytics”.

It seems better to have a set of social bookmarks rather than trying to maintain one’s own. If you agree, please consider contributing … I encourage you to sign up for del.icio.us (they have a great Firefox extension that makes getting started insanely easy) and start tagging web analytics blogs with ‘wablogger’.

Tracking Web Analytics Blogs

Twitter: Social Microblogging

TwitterI’ve been dorking with Twitter .. still trying to figure out if it’s a great waste of time, or a lousy waste of time. I’m sure the cool kids are using it via SMS, but something about having my phone buzz me to learn that one of my friends is now eating a cookie just doesn’t get me that excited. The web site seems to be the best place for browsing and discovery, but for plain ol’ status updating, I’m using Twitterific for a local Mac app that grabs updated tweets every so often. PC users might want to opt for TwitBox.

I dismissed Twitter when I first tried it, but later read that what I experienced was typical, and exploring a bit can lead to an appreciation for the nuances of the service. But it wasn’t until I read Jeffrey Walker’s two Twitter posts that I decided to take another look.

With a little web spelunking, there’s an interesting social web under Twitter. (e.g. Jenna Jameson is “friends” with Barack Obama and John Edwards) but from what I can tell, the definition of “friend” is pretty loose. The “six degrees” aspect isn’t being visualized yet, but that isn’t to say people aren’t trying various mashups: witness David Troy’s Twittervision and Twittermaps. For more, check out the Twitter Fan Wiki.

I can see a great use of Twitter: as a (non-human) status service. In this specific case, you can see BART service messages – useful if you need real-time status updates for the Bay Area Rapid Transit system. Another: Red Sox updates! Having Twitter as a micro multicast/social alert system (or heck, an emergency broadcast system) is a great idea – it’s faster than the typical way one uses RSS. To that end, I wonder what Bob Wyman thinks of this “publish/subscribe” system.

I know I started the post sounding skeptical, but the Twitter crew did the right thing by providing an API to the service. That means it’ll become a platform, and taken in directions the developers haven’t thought of yet. One of these may end up being a killer app.

Twitter: Social Microblogging

WPP and 24/7; Microsoft and aQuantive

WPP LogoThe online ad market gets more interesting by the week. Yesterday WPP Group, a huge advertising conglomerate, agreed to acquire 24/7 Real Media.

Microsoft LogoaQuantive Logo Microsoft, not to be denied an ad network, purchased Seattle-based aQuantive — for an amazing US$6B in cash, an 85% premium. That means Microsoft gets Avenue A | Razorfish and Atlas.

This of course comes on top of the Google-DoubleClick and Yahoo!-RightMedia deals. Now ValueClick‘s shares are up. Will they be picked up by Ask.com … or perhaps Omnicom Group? Or are we done for now?

WPP and 24/7; Microsoft and aQuantive