thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)

Migrating from Livejournal.com to Dreamwidth.org (if you want to)

Why you might want to migrate (an incomplete list of possible reasons)
How to migrate (if you want to)
  1. Obtain an invite code (either by asking me or going to Dreamwidth.org: codesharing) OR Dreamwidth.org: Buy a new account (a simple USD3.00 for 1 month paid time will get you in).
  2. Create your dreamwidth.org account
  3. Dreamwidth.org FAQ: Import your LiveJournal (content, comments, even access controls for people from LJ if you want)
  4. Optionally change LJ privacy settings to turn off search inclusion, and possibly Turn off comments on your LJ account (especially if you are worried about the FB Connect issue and have imported comments)
  5. Set up Dreamwidth.org FAQ: Crossposting to LiveJournal
  6. Check Dreamwidth FAQ: Tags and Markup for some new markup you may want to use
  7. Just go ahead and start posting on Dreamwidth
  8. More details to check out if you're coming from LJ: Dreamwidth.org FAQ: A guide to Dreamwidth for LiveJournal users
  9. Optionally even more bits to look at if you want to: Collection of things to help people new to Dreamwidth (by [personal profile] kate)
thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)
... details cut for those who are bored of the issue or are not on LiveJournal... )

So, in short, I'm still on LJ for reading and crossposting my blog posts, and I don't plan to change that. However, if you want to comment on content that I post, I really am sorry for the inconvenience, but you can either sign in on dreamwidth.org with OpenID (for unlocked posts) or obtain your own DW account (for all posts included locked ones). If you don't want to do that, I am sorry, but that's what I feel I must do to protect my privacy.

ETA for anyone who wants a DW account: news from [site community profile] dw_news Weekly Update: 8 September 2010:

VOX
Speaking of promo codes, Six Apart has recently announced that their Vox service is closing doors as of September 30. If you or a friend would like to move your Vox blog to somewhere that has the fine-tuned privacy controls that other options such as TypePad or Wordpress doesn't have, Dreamwidth would be a perfect fit! You can use the account creation code "VOX" to create an account.

thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)

Hello, especially to anyone reading me who is on LiveJournal. LJ have recently started purging accounts that are idle inactive/suspended (Edited for accuracy).

This means that those account names can be claimed by people other than the original owner. (ETA: This has already been the case since 2005 with deleted accounts and renames, apparently, but I failed to notice that.)

Unfortunately, this fundamentally breaks the trust relationship of OpenID - which is based around the URL of the logging in site. Essentially, I cannot trust that the OpenID user http://thorfinn.livejournal.com/ will remain to be the original user, without continuously checking that that is so. I can't do that for more than a few users, so essentially, my only effective solution is to be unable to trust any OpenID from livejournal.com.

So, becauseĀ I cannot trust OpenIDs from livejournal.com, I cannot allow those OpenIDs to access my DW content. This means if you are on LJ, you will be unable to see my locked posts on DW, even if you log in using OpenID.

Most of you will get to read the post anyway, because I will keep cross-posting to LJ, but as I will not be allowing comments on LJ, there will be no commenting.

In short, I'm sorry for the inconvenience, but due to the lack of security of LJ OpenID introduced made even worse by this new policy, I can't allow LJ OpenIDs access to Dreamwidth directly.

If you wish to discuss anything in my locked posts, then come to Dreamwidth. For further references, see:

thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)

I bought a Drobo, and configured and formatted it last night. Copied the data from my previous external storage disk (which was failing with block errors). Plugged it into the back of the Airport Extreme, and voila, it's just working. Time Machine is happily grinding away doing its thing, and it's very nice knowing that we have 3TB of raid storage that is protected against single disk failure. I didn't have to install any drivers, work out any raid configuration details, or fiddle any settings - there essentially aren't any to fiddle.

This is essentially representative of what I'm enjoying about the current state of play in computer technology - quite a lot of things are falling out of the Corporate Price Point down into the Small Business / High End Consumer Price Point.

A few examples:

  • Mobile Broadband (Satellite, early GPRS/3G vs ubiquitous 3G/EDGE and wifi)
  • Compute Cluster (SUN, IBM, HPUX, etc vs Google Apps, Dreamhost, etc)
  • RAID/NAS (NetApp, iSilon, etc vs Drobo, lots of other manufacturers too)
  • Portable Computing (Blackberry vs iPhone, Android, Pre, Netbooks)

What's nice and interesting to note is that the Usability Fu really really matters in this zone. Corporates can afford to just suck it up and pay an expert to integrate a solution (and are almost invariably doing something weird and custom enough that they would have to even with "off the shelf" solutions). Small Business and High End Consumers don't have the time or the money to spend on Integration Experts and Solution Architects. It just has to Plug In And Work. If it doesn't work just like that, you can't sell it effectively in this price point.

Ordinary people are starting to expect computing technology to Just Work and be Easy To Use. And so they should. So, if you're in the industry at all, "It's a tricky computer thing" is not an excuse any more. It should never have been an excuse in the first place. If it's hard to use, find another supplier with a more usable product. They're starting to exist.

thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)
LJ-news: Media embedding change - important notice
DW-maintenance: LJ web security exploit

In short, LJ had a "cross site scripting hack" which infected a bunch of people's accounts. Check the LJ news post and verify you're okay if you're on LJ.

However, Dreamwidth wasn't vulnerable.

Yet another reason to Dump LJ in favour of Dreamwidth.

ETA: If you're not running some kind of flash blocker, you probably want to be.

Safari - http://apple.com/safari - http://hoyois.github.com/safariextensions/clicktoplugin/ (Was: http://rentzsch.github.com/clicktoflash/)

Firefox - http://mozilla.com/firefox - http://noscript.net/ or http://flashblock.mozdev.org/

Opera - http://opera.com/ - http://my.opera.com/Lex1/blog/index.dml/tag/Flashblock

Chrome - http://google.com/chrome - http://www.privoxy.org/ (run a local proxy) or switch to one of the above.

Internet Explorer - http://www.microsoft.com/ie - http://www.privoxy.org/ (run a local proxy) or switch to one of the above.
thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)
Amongst a swathe of other "[Win]" security alerts from AusCERT, this one stands out:



AusCERT Security Bulletin: ESB-2009.1267 - ALERT [Win] Windows TCP/IP: Multiple vulnerabilities

Product: Windows TCP/IP
Publisher:Microsoft
Operating System: Windows 2000, Windows Server 2003, Windows Vista, Windows Server 2008
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Original Bulletin: http://www.microsoft.com/technet/security/Bulletin/MS09-048.mspx



Why does this particular instance stand out to me? Because TCP/IP is the fundamental core of Internet communications - if your device does Internet, it does TCP/IP. The code to do it has been around for a few decades now, and pretty much everyone knows how to do it securely. Except, apparently, Microsoft.

This sort of security vulnerability can theoretically exist on other OS platforms, yes. That said, the only competing OS family these days is Unix - there are no extant OS platforms in common use that are not some type of Unix. Even Mac OS X is a version of Unix with a very shiny graphics layer on top.

Unix is designed from the ground up with a highly layered security approach, and in the layers where security is critical (i.e., the "kernel" - the part of the OS that deals with the computer hardware, and therefore can do things like snoop passwords, steal data from anyone on the machine, etc), the programmers tend to be very very careful, and most of the code is not actually new, and has been inspected heavily by many many people over the long decades that the technology has existed for, and tested by lots and lots of people who are pretty crazy about security, and think about it a lot.

Microsoft, fairly clearly, don't organise their code and their programmers to work that way. Every time they release a new OS version, they say "now more secure!" Every time they say that, they're proven wrong. Again. With several different hacks that break into the kernel layer, not just surface compromises. A Linux blogger describes the experience best:Windows Users - The Charlie Browns of Computing. Go on, kick the football. We promise it's secure this time. Really.

Don't get me wrong: You absolutely need to take security measures on other computers too. If you've got a Mac, you should still be purchasing anti-virus software, and if you've got Linux, or FreeBSD, or Solaris, or any other UNIX, you still need to be securing your computer in a variety of ways.

But on Windows - none of that matters. You can run all the anti-virus software you like, but if the Windows TCP/IP stack is open to a remote hacker, the remote hack will disable your anti-virus software, and install a bunch of stuff that will keep your computer broken and hacked, permanently.

If that happens to you, you can expect your computer to use all your bandwidth sending out spam email, attempt to crash and hack other computers on the Internet, send all your banking details to people who might be interested in stealing your money, send anything resembling personal data to the same people, and so on. Not good, not fun.

So, if you care about having a secure computer, don't use Windows. Ever. Really.

If you really do have to use Windows, then don't connect it directly to the Internet. Ever. Put that computer behind a secure firewall of some kind. If you don't know how to do that, find out from a tech-savvy friend. For your own sake.
thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)
Okay. I'm officially dumping LiveJournal - my paid account there will not be renewed, and my Dreamwidth account is now a paid account.

Crossposting to LJ will still occur, and you can comment from your LJ account in my DW account using OpenID.

The prompt for this is that LJ has quietly broken the comment exporter, which I was using to back up comments. If I can't retain an offsite backup off my journal, I'm not interested in paying for the service.

There's a number of indicators that have demonstrated to me that the quality of the software engineering around the LJ codebase has deteriorated quietly for some time, this is simply the last straw on the camel's back.

Dreamwidth, on the other hand, has a great set of principles and a functioning, diverse, high quality, developer community.

If you're over on LJ, here's: A Guide To Dreamwidth for LiveJournal users.

Also, here's a list of Dreamwidth compatible clients.

I have a few invite codes for free accounts, so if you want one, drop me a comment over there. (ETA: All gone for the moment.)

(ETA2: You can just pay for one month if you can't find yourselve an invite code and want to start cheaply - see the Dreamwidth FAQ: What are paid accounts?)

April 2015

S M T W T F S
   1234
567891011
12131415 161718
19202122232425
2627282930  

Syndicate

RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags