So, I’ve been looking into ways of running a “proper” blog, and I’ve come down to PyBlosxom or WordPress. In either case, I’ll get my own hosting for it.
Advantages of PyBlosxom over WordPress:
- Keeps entries in text files. I fear databases.
- Seems to have a better security record than WordPress.
- In Python, so hackable and I’d feel I’d have some hope of understanding what it’s doing (WordPress is in PHP).
Advantages of WordPress over PyBlosxom:
- Very active developer community, so lots of nice plugins. (PyBlosxom isn’t abandoned but doesn’t have so many people working on it).
- More themes, some of which are pretty (PyBlosxom has a few themes in their repository, none of which are that pretty).
Anyone who’s used either of those care to comment?
The latest code release onto LiveJournal has introduced a problem where people are randomly getting logged into the wrong journals. This exposes friends locked and filtered entries belonging to those journals to those random people.
There’s no indication that this used to read the locked entries of a specific, targeted user, but there’s no analysis of the problem available, so we don’t know that it can’t be, either. Edit: It looks like this was a problem with caching. If that’s true, it’s unlikely that it could have been used to read posts from a specific user. More here from cahwyguy.
More information is available here.
This has been going on since at least yesterday morning,
yet LJ still hasn’t responded officially to reports of the problem or warned users that their private data is at risk. Edit: LJ has posted about the problem, however, they don’t seem to have some details right. For instance, they’re claiming it was only a problem for a few minutes, when people were noticing it all day on Thursday.
This is the second time that LJ has dealt with a major security incident with staggering incompetence. It illustrates that they apparently don’t have a test server, i.e. they’re a bunch of coyboys. My vague plans to move this blog just got a lot less vague.
Many years ago, I signed up for Bloglines. It’s a service which aggregates the feeds from various blogging sites, so you can read them in one place without having to do the rounds of your favourite sites looking for updates. (On LiveJournal, your friends page serves the same function, and you can add the feeds of external sites if you’re a paying customer).
I left Bloglines for Google Reader when Bloglines became unreliable. Google Reader is nice: it looks clean, and there’s an app for it for my Android phone. I recommend it over LiveJournal, which is dying of spam; and Bloglines, for the reasons I’ll now get into.
A while back, Bloglines was taken over by a company called MerchantCircle. They sent me an email to say they were the new owners, which is fair enough. As far as I remember, I hadn’t logged into Bloglines since I moved to the superior Google Reader service, so I just ignored it.
Yesterday I got an unsolicited bulk email (spam) from MerchantCircle advertising a service not related to Bloglines. Worse, the link they offered to unsubscribe from their mailing list didn’t work, as it required a login and password (first mistake: removal links from mailing lists should authenticate the user sufficiently to get off the list). Worse still, giving the email address to which MerchantCircle sent spam to the “forgot password” box gave an error saying that the address was not known: MerchchantCircle don’t even know who they’re spamming. Logging back into Bloglines doesn’t give an “unsubscribe” option either.
I consider Bloglines/MerchantCircle to have gone rogue. I’ve removed the “subscribe with Bloglines” buttons from my blog, and advise anyone else who still has those buttons to do the same. Use Google Reader instead: Google don’t spam.
Edited to add: MerchantCircle have emailed back to apologise, saying they had a “weird glitch” in their email system which caused some Bloglines users to get MerchantCircle emails. In recognition of this, I’m downgrading them from “rogue” to “incompetent”.