GDPR comes into effect today. Although it directly affects organisations based in the EU, with today’s globalisation it actually impacts everyone that

offer goods or services to, or monitor the behaviour of, EU data subjects.

Implications for personal websites like mine is minimal, especially since I don’t have any other users, nor do I offer goods and services via e-commerce. I don’t allow comments, so I’m not collecting or processing data from anyone. I have no mailing lists or other means of outreach or communication. The only potential area is third-party cookies from plug-ins and embedded posts but I think I’m okay there.

Someone wrote a detailed WordPress GDPR guide. Everyone who runs a personal or business wp site should read it. Some typical ways a standard wp installation will collect data:

  • user registration
  • comments
  • contact forms
  • analytics
  • logging or security plugins

Again, I think I’m okay there. WP has automatically updated with a tool for exporting and erasing personal data. I probably need to include some wording on the collection and processing of data at some point. I’m sure there will be standard wording available as templates.

Even though people know gdpr is coming for years, lots of corporate sites are caught unprepared. A bunch of US newspapers, including LA Times, Chicago Tribune, has shut down or stripped their websites for EU visitors. Instapaper users in the EU are suffering the same fate. So instead of complying with the regulation, they’re choosing to keep their heads in the sand. These aren’t small personal sites, but big high traffic sites.

Makes me think they are collecting and using people’s personal data for purposes that users haven’t consented to. Advertising is the culprit here, what else. From Jason Straight from a company that sets up gdpr compliance programs for businesses:

For many years it’s been, ‘How much data can we trick people into giving us?’

I think gdpr is wonderful. Its aim is to protect users from the rampant disregard for personal data that has flooded the internet in recent years. Time to fight back.

ublock origin

I finally made the switch from adblock plus to ublock origin. I haven’t been 100% happy with ABP for a while, the process for adding filters wasn’t straightforward and they kept letting facebook ads through. Perhaps more of a fb issue rather than eeyo’s, but for the end user, it’s all the same.

uBlock origin overtook ABP around 1-2 years ago in terms of functionality and success in blocking ads. There’s still a lot of discussion about which is better. ABP is a more recognised brand, and most newbies stick to it. uBO appeals to the more technical minded.

The long and short of it is, both are good. And whichever one the user picks, is better than no adblocker at all. The more compelling arguments for uBO:

  • lighter strain on CPU and RAM
  • more available filter lists
  • ABP has better UI but uBO has more functionalities for techies to customise
  • opensource and a developer who isn’t out to make money by offering advertisers a place on the whitelist in exchange for payment


I used it out of the box and it’s more or less the same as ABP for most websites. Where there was a difference, was on fb. I use fb much less than before and when I’m on I’ve been battling ads, sponsored posts and the “people you may know” stupidity, but wasn’t able to get the filters right in ABP. uBO gave me 2 straightforward ways of handling them, the easiest is to enable Adguard filters. For the odd annoyance that slipped through, adding the fiter is so intuitive. Click on the element picker eyedropper, highlight the whole element and create the filter. uBO also handled blocking the right column better, as in I was able to block the entire right column vs in ABP that caused the css to go funny.

Seriously, if you don’t have an adblocker, get one. All those arguments that adblocking is evil and all that is rubbish and selfish. Those people do not have the users’ best interests in mind at all.

p.s. yes I know about fb purity, I want an add-on that can handle ads and annoyances outside fb too.

website hacked


The website is down. Got an email from ISP support saying it was hacked via FTP so they changed the FTP password, locked the website and restored from backup. I can’t remember when was the last time I used the FTP function, so I’m going to leave it disabled. Changed CP password and scanned the mba too. Very annoyed it’s been one issue after another since I had to switch to WP.

do as zuck does


A story about instagram getting 500 users turned into something more interesting.

People noticed that Zuckerberg put a piece of tape over his webcam and loudspeakers at what looks like his desk at work. Seems like this is something people do regularly to prevent unauthorised / accidental access. It’s probably overly paranoid but no harm in doing it. I can’t remember the last time I used the camera, probably to skype when I was still in London.

Anyway, put a tape over your camera, cover your hand when typing in atm pin, lock your doors, check your windows at night. It’s all good practice.

replaced google search with @duckduckgo

Software update told me that it’s my turn to update to firefox 34. I read earlier that yahoo will replace google as the default search engine on firefox 34 and I was curious to see if that was the case for me.

Surprisingly, no. That’s because I have the always in english plug-in and I use searchbar autosizer to customise other aspects of the search bar.

If firefox had forced me to default to yahoo, I would have changed it. If it wouldn’t let me change, I would have switched to chrome immediately. I remember using yahoo when I first started on the internet, that was before google existed. I haven’t used it for a long time, only when there’s a problem with google. And lately I’ve positively hated yahoo, it never respects my location preference: even if I type manually it forces me to go to the local site, in a language I can’t stand to read and displaying stuff I’m not interested in. Even if I type, the preference disappears after I click around and go back to the homepage. Ridiculous.

I’ve noticed google doing the same. Even with the add-on that’s supposed to force, it brings me search results on the local site. And changes the url of sites like blogger and youtube to force me to the localised version. It is not an enhanced experience. It is lack of respect of people’s preference.

And makes it so obvious that I’m being tracked, and my data used for marketing. Targeted ads don’t work on me though, I’m very tightly defended by adblock plus.

I switched search engines. I’ve been using duckduckgo for a couple of weeks and I’m pretty happy with the switch. There are many good things about duckduckgo, primarily it’s about privacy, as fastcompany pointed out:

When you do a search from DuckDuckGo’s website or one of its mobile apps, it doesn’t know who you are. There are no user accounts. Your IP address isn’t logged by default. The site doesn’t use search cookies to keep track of what you do over time or where else you go online. It doesn’t save your search history. When you click on a link in DuckDuckGo’s results, those websites won’t see which search terms you used.

No wonder its usage has skyrocketed after the Snowden affair. Although my searches aren’t confidental or sensitive, I’m still happy that I have privacy. That little toggle button on the right that enables me to turn off region, that’s what I like. Thank you. Thank you. Thank you.

It looks simple and the results are straightforward. When I searched for gameboy, it brings me first to the official site (something that sometimes ad-driven google doesn’t do) then it’s wikipedia, amazon and ebay—pretty much the expected results. For specific results on a specific site, I just have to add !site in front of my search. So

!amazon gameboy

brings me directly to the amazon search results for gameboy, saving one click. This is only one of a bunch of cool features available.

Of course, it’s not perfect. Search results tend to deteriorate after half a page to weird sites. For more complicated searches I’ve had to go back to google. There is no image search, news article search, map or other google features. Recipe searches bring me to US sites rather than my preferred bbc and UK sites (one advantage of google’s tracking I suppose). These are minor inconvenience, I can live with using duckduckgo for the majority and reverted to google when necessary.

Plus, it’s been blocked behind the great firewall of China, there’s no better endorsement than that. 

30in30 #10: turn off electronics 1hr before bed


Task #10 of 30in30 is to turn off electronics 1hr before bed.

Everyone will agree that we are too dependent on being connected. Our blackberrys chime and we are compelled to look at it, even though we know it’s work and we hate it. We can’t help but check fb or twitter constantly, in case we are missing out on…something. There’s a lot of advantages for unplugging occasionally, and the national day of unplugging is in March.

Anyway, I’m coming down with something. Cold, cough, flu, whatever. Tired all day. So I shut everything down at 8.45pm. It’s fine to turn off electronics, the only difficulty was I couldn’t use the ipad to read, so I had to find a paperback. I think next time I’ll unplug from internet but I can use electronics for standalone tasks like read books or use the calculator.

i’d rather lose speed than allow ads


A couple of random thoughts about web ads. This year marks the 20th anniversary of banner ads. If ever there was an invention that would generate so much discord, banner ads would be amongst the most reviled. Re/code asked a good question: has anyone said:

“Hey, did you see that awesome banner ad yesterday?”

The answer of course is a big no. People may remember good TV ads or print ads but most people’s reaction to banner ads, and most form of web ads, is ignore. No surprise, the more glaring and intrusive they are, the more people are turned off by them.


Whenever I use a public computer or one I haven’t set up I’m often flabbergasted at the amount of screen real estate that has been hijacked by ads. I googled a bit and found this example of that someone gave, of a page that has ads, ads, ads and a total of 8 words of actual content. I don’t know how old this screenshot is, and I have no intention of finding out.

Various forms of ad blockers are the most popular brower extensions. And even though they say it’s a must-have, lifehacker reported that ABP dramatically increases memory usage in firefox. What was surprising (actually not, considering lifehacker’s audience) were the commenters who said they’d tolerate slow loading times and even buy additional RAM rather than disable ABP. Fervent ABP users take the attitude of “allow ads over my dead body.”

The purveyers of ads always come out with the argument that without ad revenues they can’t continue to maintain their free sites. This argument never works. People who studiously block ads and nuisances will never click on an ad anyway; and nowadays with so many choices if one site shuts down a dozen will spring up in its place. Besides, whitelisting doesn’t really work because sooner or later the whitelisted sites will start serving annoying ads because sites that have ads are more concerned about selling things than providing a good user experience.

In any case, yes I’ve noticed firefox page loads are a little slower since the upgrade, may be it’s mum’s internet connection too. Doesn’t decrease my user experience, not compared with the alternative ad-filled scenario.

today we fight back


Visitors to the website today 11-feb-2014 may get a black overlay banner that asks them to join a virtual movement to fight back against mass surveillance. Reddit and tumblr and upworthy and many other sites are also part of today’s movement. In the US the purpose is to ask people to ask their legislators to support the USA Freedom Act; in other parts of the world it’s to raise awareness and to ask them to sign a petition in support of the principles against mass surveillance.

I know i’ve said before that I don’t like overlays but THIS IS IMPORTANT. There is such a massive amount of stalking and surveillance by governments that is becoming creepy and intrusive. I’ve also said that I accept that my online activity is being tracked, but I’m angry at the denial and the seemingly ineffectiveness of said surveillance.

Will this protest work? It’ll probably make only the tiniest of dents, as the guardian (always good for an NSA surveillance story) points out,

the relentlessness of the surveillance forces and their enablers in the technology industry, and the fecklessness of the politicians who are supposed to honor their oaths of office, make it hard to be optimistic

For me, the recent Edward Snowden and NSA revelations have made me realise much more about what is going on behind our backs. Is it all in the name of “it’s for your protection and your own good” as governments claim? I think it started there, but has become more of a desire to control and exert power over people rather than to protect them. Governments, corporations and individuals all need to abide by a set of moral code, and although morals have grey areas, respect for human right is so basic that it cannot be disputed.

And privacy is a human right so it’s up to all of us to respect and be aware of it.

where am I


Been ranting about lightboxes and blog terminology, so in the spirit of keeping good things in threes, here’s a post on how I feel about location tracking.

It wasn’t until this time round living in Asia that I realised how bad online personalisation and tracking has become. When the likes of amazon started addressing me by name and suggesting stuff I’d like to buy, I hated it but I can ignore the one line at the top of the page. But tracking is no longer as simple as that nowadays. It’s big business. Most websites are less interested in delivering content or providing services, users are little more than monkeys to display advertising to and the most important department is the marketing department. The marketing department tells web designers to write algorithms to target the monkeys’ activity with “appropriate” ads.

On the one hand, we have Forbes’ four lessons for internet marketers, which talks about transparency and the need for explicit approval; on the other hand we have spurious data supporting personalized marketing. Clearly, marketing departments are drinking their own kool-aid.

My view of this type of intrusion into my privacy has always been that I tolerate it being collected but I abhor it being used in a way that only benefits the collector. It cannot be a one-way street. So if I googled “how to make a bomb and destroy government buildings” I expect government agencies to pick it up and monitor my activities, and as a member of public I want government agencies to stop people who intend to do such terrible acts. But I do not want to have ads by fertiliser companies or gun clubs in my local area to start populating my facebook wall and following me around for a month. There is a difference between tracking for national security and tracking for my “enjoyment.”

I can use ABP and ghostery (and NoScript occasionally) to block trackers, and I delete cookies and LSOs regularly. What I’m struggling to do, is to stop being recognised and tracked because of my geographic location through my IP address and whatever else data is mined on my iphone. Of course I’ve checked-in on facebook and I also have an account at foursquare, but in those instances I’m broadcasting my location willingly.


It was fine living in the US and UK, but here, every time I clean up my history and cache and then go to yahoo or blogger, I have to navigate through another language. It is becoming more and more annoying to go back to the English version. I hate it. I have to be careful and paranoid, to avoid something like what happened to this guy when he went to another country and lost all his e-books. As Wil Wheaton commented,

meanwhile, someone who got those books some other way, perhaps from a certain Bay, for example, would be able to read them anywhere on the planet, as long as that hypothetical person had electricity

My itunes account is US-based, I have both and, I make sure I buy only DRM-free e-books and I keep backup copies on my mba and in dropbox. I do not want my activity checked, controlled or manipulated because of my location. Leave me alone, don’t call me by my name because I’m not your friend; don’t show me something in a language I barely read; don’t try to determine my likes or try to predict my behaviour.

Be it geo-restriction or DRM, or both, I’m on the side that believes that DRM is a bad thing, and there’s recent evidence that removing DRM improves sales. As the WSJ said,

The line between personalization and manipulation is a fuzzy one, but one thing is certain: We can never know if the line has been crossed if we’re unaware of what companies know about us.

tab closed; didn’t read

In the early days of internet, everything was free. Then it got commercial and ads started appearing on webpages. At first the ads were at the side of the page, then they got large and loud and obtrusive with huge flashing banner ads and popups that can’t be closed. Nowadays it’s even worse — users’ online activity and geographic location are collected and ads are targeted. All very annoying and intrusive and creepy.

Thank goodness for plug-ins like adblock plus and ghostery.

But we have a new threat.

A recent medium post talks about how modal overlays are becoming the first wave of the second world pop-up war and how we don’t yet have the tools to fight back. What are modal overlays, or lightboxes? Nice explanation:

dialogs that pop up and disable the background behind them. You can click anywhere inside modal overlays, but you can’t click anything in background until the dialog goes away

Normally modal overlays are used to make the user input necessary information or actions to drive the content on the main page. The find and replace box in google docs, or the share to facebook box found on news sites for instance.

But like most things, modal overlays are being abused by marketers. How many of us have experienced this: click on a new link, the page goes dark and is immediately obscured by a box that contains advertisement, an autoplaying video or begs us to disclose our email to sign up for their newslet—ad delivery mechanism. What’s the value behind this?

I made a screen recording of a recent experience. I was googling mandarin vs tangerine for a previous post, and wisegeek seemed to be a safe enough site. So I clicked on it, scrolled around for a few seconds, and their slideshow came on as a huge lightbox without me doing anything. If I had to continue, I had to click it close. This was a sour experience for me and I ended up closing the entire tab and looking at another site. Goodbye, wisegeek. Not likely to click on your links again.


Here’s another one I found, at trendhunter. More can be found at tab closed; didn’t read, whose author has been curating sites that does this. Although tech savvy people know to close the lightbox to return to the main page, sometimes they are not allowed or obscured. Other people may not know how to close it, or they may think they had to complete the form before moving on. With mobile ads and lightboxes sometimes it’s hard to find the close button. What is clear is that hardly anybody likes these. They are intrusive, and why beg people to sign up for content when they haven’t even had the chance to look at the content?

The counter argument is that how else can websites get people to engage with them? How else can websites survive if people expect free content without advertisements? Valid enough points, but for me, I do not like intrusions to my browsing experience, and most importantly, I do not want my online activities or personal information sent back to people who have no business collecting them. I’m not seeing why I have to sign in with my facebook account when I visit a website for the first time, or like your facebook page before I’m allowed to continue.

A commenter on hacker news talked about how many more signups they got for their email newsletter after they installed a modal overlay. My experience of email newsletters is that they are thinly disguised methods for getting people’s emails into a marketing mailing list. At best, you can unsubscribe after getting the first one; at worst your email has been sold on to third party advertisers. If I like the content of a website, I’ll bookmark it or add it to my feedly, they will get clicks that way.

In the meantime, I’ll keep on closing tabs without reading and wait for the likes of ABP to come up with a solution.


adblock plus facebook customisation


Adblock Plus is the most popular firefox add-on, by a long way. And now they’re even better! They just introduced a means to filter out facebook annoyances. In addition to blocking all ads, sponsored stories, and promoted posts, which it already does, we can now block stuff like:

  • music / entertainment / games you may like
  • add to tv shows / music
  • rate books / movies / tv shows / music / places
  • recommended pages
  • suggested groups / friends / find more friends

With the recent troubles that social fixer ran into and had to make changes to, it’s great that ABP has stepped in and delivered where Matt Krause had to compromise. Just my conjecture but I think the difference is that ABP is a German corporation, rather than Mr Krause, who falls under US law. Also ABP is a browser extension, as opposed to, until now, targeting specific websites.

ABP has its attention on twitter, with an open letter that asked twitter to join its Acceptable Ads campaign. Hopefully they will keep an eye on the instagram ad situation too.

Online advertisers hate ABP, because it takes away their access to their potential audiences. But as one of its 50 million users, I can categorically say that the presence of an ad, or any attempt at personalisation, tracking or data mining, instantly turns me off and I’m more likely to not use a particular advertiser if I see their ad. To me, online ads mean giant flashing banners, multiple popups, pages that hijack and won’t close, autoplaying videos and generally poor quality and taste. Plus the idea of personalised ads because a website has tracked my activity is very, very scary. I will continue to use ABP, ghostery and some form of noscript to protect my online activity.

And now if someone please write a customisation or extension so I can block all pics of dogs, mentions of dogs or anything about dogs on my fb wall. That will make for a more pleasant fb experience for me.

a different sort of anger


I’ve been following the story about the NSA PRISM scandal, not obsessively but with the interest that such a big international, important, story deserves. “What is PRISM?” JFGI, okay?

It’s not for me to judge whether the actions of Edward Snowden, the whistleblower, were legal or not; it’s up to the courts to decide. It’s also not for me to decide whether it was morally just; he believed that what he did was right. And when we look back on this episode of history, my hope is that history and the public will decide correctly. That said, I feel compelled to put down my thoughts as I am pulled in different directions on this issue.

right or wrong

Technically, what he did was wrong. It’s surely, at the very least, against the confidentiality agreements that he must have signed with his employer. And since he had access to information way up in the confidentiality stratosphere, he probably broke the law. However, breaking the rules is part and parcel of being a whistleblower; almost by definition, you have to do one to be the other.

He has said in his guardian interview, that he believed what he blew the whistle on was a matter of public interest. I was talking with mm about this, and she asked me what was my take. For me, I’m glad he did what he did. Yes, he broke the law, but the sort of revelations he made, it’s knowledge that I as a member of public want to know. Not that I was under any illusions that surveillance wasn’t happening, I wanted acknowledgement that it was.

under surveillance

The revelation is that the NSA has been collecting, on a massive scale, metadata on phone calls, internet activity and all sorts of stuff people do on a day to day basis. The surveillance is conducted on everyone, rather than just the people who are under suspicion. There are big players involved: verizon, google, facebook, to name a few. Rightly so, the EU is aghast, because if the NSA has been spying on EU citizens, it’s potentially against EU privacy laws. The EU has a different approach to privacy than the US, the main difference being the question of who owns personal data. The EU gives the right to the data subject whereas the US gives the right to those who have access to the data.

The rapid growth of CCTVs in the UK has brought concerns, although by and large, my feeling is that people have gotten used to it. Being recorded hundreds of times a day and watched by unnamed government employees (or worse, poorly trained TSA types) should worry us, but anecdotally, people around me take the pragmatic way: we’d tolerate having our privacy invaded if it leads to criminal convictions and it prevents crime. Whether or not criminals are actually deterred, and whether or not CCTV footage have helped solve crimes, that’s another debate.

The NSA surveillance is like CCTV, except in a much hugher scale. Their justification is that they’ll collect and store the information to help them with the fight against terrorism, amongst other things. But does it really help? What do they do with the data? Have they been able to stop criminals and terrorists?

not so angry

Perhaps John Scalzi summed it up nicely, why he didn’t have anything angry to say about the whole affair.

I have assumed the US government was getting my data one way or another. At the end of the day, the Internet was born out of ARPANET, and the US government has never been keen of letting the Internet go entirely private. Once more, I’m slightly surprised people seem surprised.

Why anyone is surprised that their online activity is being monitored is surprising. If you use the internet, you need to realise that what you do and put out there will be there forever for all to see. And that the email you send via gmail doesn’t belong to you. Google isn’t a charity, it’s not providing a free email service out of the kindness of its heart.

At work, the employee handbook specifically said that emails sent via the company’s email system belong to the company — they are open about it, and there are company policies that tell employees that yes, what you write in you emails, what you save on shared drives, everything you do on company time…the company owns it, has a right to inspect and as such, you have no privacy. There are no is and buts.

It’s also well accepted that countries like China and certain Middle Eastern countries heavily censor internet usage by its residents. They do it, and they don’t apologise for it. In a way, a country that doesn’t have a surveillance system is far too naïve in today’s political environment. If other countries are doing it, then we need to have solid defences.

a different sort of anger #1

There are 2 things I’m angry about. First, is how quickly the likes of google and yahoo fell over themselves to deny that data mining is taking place. Oh please. Be transparent about it. Acknowledge that, yes, the data is collected by the government. Make public what type of data it is. Tell the public what they do with it, how they store it, how they maintain its integrity, who has access to it and what are the checks and balances in place.

I hate companies who sell my personal information to telemarketers, because that’s abuse of my providing the information to them. I’m usually uncomfortable providing personal information to companies.

But surely there is a difference when it comes to government access? They have my passport number, they have access to my tax and medical information. It’s a matter of trust. I need to trust that the government respects my privacy and won’t abuse the huge amount of information it has on me. Make me glad that it’s the government, acting in my best interest, and not unscrupulous corporations that has my data. Hiding behind the laws and pretending PRISM doesn’t exist, that makes me angry. Please, treat the public with a bit more respect.

a different sort of anger #2

The second thing I’m angry about is more simple. If the government is collecting all this data in the name of crime and terrorism prevention, then why didn’t they stop the Boston bombers? Why didn’t they stop all the other atrocities that have occurred lately? Why are there so many drug dealers and rapists and murderers still at large? When we see some real results?

hong kong, china

Edward Snowden has escaped to, of all places, hong kong. I don’t particularly advertise it openly, but that’s where I’m right now. I’ve lived here on and off throughout my life, which makes me a tiny bit of an expert, especially amongst the few readers I have on this blog. So anyway, it was quite a surprise that he’s decided that HK is relatively safe for him. Unrelated, it’s a good opportunity for the rest of the world to learn about this place. Yes, technically it’s a part of China. No, we have different judiciary, financial and education systems. The judiciary progression of district court, high court, court of appeal and court of final appeal has its basis in the British system, not the mainland system. China isn’t supposed to interfere except on matters of defence and foreign policy.

Many commentators are opining on what China would do. Me, I wish China’d stay out of it, to show the world that HK really has the autonomy that it claims we do. The part in the Basic Law about China having a veto on extradition proceedings is for Chinese nationals only, not a American citizen like Mr Snowden. Whatever the US government does next, and whatever requests they make to the HK government, all need to follow the proper due process, away from interference by parties that have no business interferring.

I was surprised Mr Snowden praised the “strong tradition of free speech” in HK. That is true in a way. Lots of protests, just last week thousands of people attended a June 4th memorial event (China pretends nothing happened on June 4th 1989), and people can say and do whatever without fear of repercussions. Most people just regurgitate what they hear on tv, so I can’t attest to their intelligence level. I guess the point is, they are free to be as stupid as they like without repercussions.

The problem is, the tradition of free speech that Mr Snowden alluded to, has been eroded in the last few years. The CE is obviously pro-Chinese. The pro-China movement has grown stronger, and the unwelcome influx of Chinese immigrants and tourists has increased tension with locals. The judiciary system is still seen as above the fray and able to claim to be just and neutral. But it’s a matter of time before it’s tested.

And then onto China. Evil. Over the weekend mm and I were in Shenzhen, just over the border from HK. We were having lunch at the swanky Hyatt hotel. Attentive staff, good food, amazing views. But when I turned on my iphone to check facebook, I was greeted with the everspinning “loading” wheel. It wasn’t because of slow wifi connection. Belatedly I remembered, facebook and twitter and the like are all banned. One thing you can say about the Chinese government, they don’t hide or deny stuff like this. They are open about blocking facebook, they are open about tracking people’s internet usage. They don’t hide. And that, is what I think the US government needs to come to terms with.


Coverage of the story seems to have tapered off, even the Guardian has it underneath the headlines today. I hope that this has been an eye-opener for all. About the workings of secret government sections, about the need to be open up front versus asking for forgiveness when discovered. Will my phone or internet habits change? I doubt it. It is what it is.

China IP block


Bandwidth is getting used up faster than I liked, even though I disabled comments sitewide and added the offending IP & domains to the protection control panel. Looking at the stats last night, that did nothing to keep the spammers out, so I emailed my ISP support. Ack, how could I forget? Using the control panel doesn’t work, it has to be done using the .htaccess file. Suresupport kindly added the few IPs I mentioned as well as the awful 163data domain.

It looks like all of this spam is from China, one of the worst spam producing countries. (I was surprised the US is #1 and twice as bad as China, I guess it’s email spam and not this dreadul comment spam.) A little research told me that I could block entire countries by IP. This is exactly what I’m looking for. I copied the entire IP block allocated to China into my .htaccess and denied them all. Yes, it means my website cannot be accessed from anywhere in China, ie if mm and I go to her flat for holiday (moot point, she has no internet there). But it can’t be helped. I’ve been monitoring the stats all day and it seems to have stopped the spam attack.

really invisiblecompany


An unexpected consequence of the comment spam attack was that the website exceeded the 20GB monthly bandwidth limit. A normal month, I’m probably at 2GB, and the whole of 2011 totalled 30GB, so this was a big spike. I didn’t even realise it until when I logged in a couple of days ago and saw the error message. Ouch. I had to wait till today to get access back and the first thing I did was to disable comments sitewide. Then it was a matter of going through the stats, picking out the offending domains and IPs and adding them to the blocked list. There are honestly too many, and I’m not sure blocking will do the trick. I’ll have to be extra vigilant. And make time to upgrade to MT5.



I struggle to get readers on my website. Well, that’s not entirely true because I don’t do any marketing or self-promotion or anything like that. I’m not famous or good looking or have books published or say anything remotely interesting, all I do is post about running and food and stuff I do so who the hell do I think I am?

So far, I’ve escaped the dreaded spam infection that seems to hit hosted websites like wordpress or blogger. MT used to be the market leader (within the tech geek community anyway) but it has been overtaken by the aforementioned wordpress, blogger and even tumblr.

Which is why it amused me to no end when I did routine maintenance and found that I had over 50 spam comments. They don’t show up because I set it so that I need to approve comments. These comments are twisted! For example,

The man underwear hiding more than 10 live hummingbirds were attempting to smuggle, customs and the hummingbird is wrapped body hidden in the men’s underwear, still survive in the new network on 28 September, the smugglers to steal the motion through the customs practices can change rapidly, according to Hongkong “astral island daily” reported on 28, the near future, a Holland tourists have more than 10 hummingbird living hidden in the special underwear, attempting to smuggle clearance, but ultimately not long.It is reported, the capital airport in French Guiana Cayenne, the Holland man put a dozen live hummingbirds with independent wrapped up, to prevent their wings flew, and put them away in only a slit in the underwear special packaging bag.The customs officers noticed the man “suspicious appearance and movements”, in the inspection requirements of he untied the briefs, they found about 12 live hummingbirds, subsequently, authorities seized.Reported that, the man in possession of a hummingbird, no birds anesthesia.It is reported, this man had a criminal record, has since tried to smuggle hummingbird convicted.According to introduction, the hummingbird is the world’s smallest known birds, by flapping wings hovering in the air, about 15 to 80 times per second, the speed of the body depends on the size of.

Seriously!!???!! I guess it’s just random words, they just want the link. But it’s a long way from the makfncilgoiereunarqf from the olden days. Another hilarious example, this is a comment so bot attempted to post on my sparkling cranberries post at Christmas,

I truly wanted to write down a quick remark to thank you for these pleasant secrets you are showing at this website. My time-consuming internet lookup has at the end been rewarded with really good know-how to go over with my contacts. I ‘d express that we readers actually are undoubtedly blessed to dwell in a fantastic community with many outstanding individuals with insightful concepts. I feel rather grateful to have used the web site and look forward to tons of more cool times reading here. Thank you once more for all the details.


mac virus


Alright, Windows users, stop with the smugness. Yes, it’s finally happened, a significant breach into OSX, with news of the mac defender malware. A software update fixed it, but the lesson learned is between that and rampant facebook scams everyone has to be vigilant.

Good timing, piriform just released ccleaner for mac beta. It’s one of my all time favourite PC utilities although it’s not really an AV program. It does a great job in cleaning crap (the “c” in ccleaner) off the computer. All mac users go download it now.

world backup day


It’s world backup day. Here’s what I do, and I know I can probably use dropbox or time capsule to consolidate, I’ll get there.

  • financial stuff are all hardcopy, filed neatly in my filing cabinet
  • itunes library are on 2 external HDs
  • both iphones are synced with itunes and on the ext HDs
  • photos are in the iphoto library and on flickr, family pics are on 2 flickr accounts
  • writing stuff are on a flashdrive, on the website and both the mbp and mba
  • website is backed up to the mba, and my isp has a good backup policy
  • I should have a scanned copy of my passport and driving licences on my flashdrive, I need to check that

server ADHD OCD


xkcd pokes fun at the “newly” designed gawker mobile site, or well, other mobile sites. How very true. The same goes for sites that try to be location specific, like google that directs you to its Thai site when you’re in Thailand but can’t read Thai, and gawker sites are one of the worst, I can’t get into the general US site without clicking over and over again. No, I don’t want, I want I and I alone am the judge of which site I visit.

why I don’t want my location known


Sarah Lacey at Techcrunch wrote about why she doesn’t use foursquare, which is rare in in the Silicon Valley world. The pros are abundant — location based services allow personalising, and the game aspect is pretty cool. But as she says,

telling my friends where I am doesn’t gives me enough in return to warrant the privacy invasion

She goes on to talk about shopkick and why she might start using it. All for extremely good reasons.

All this is really a segue into my reasoning on why I don’t use foursquare or gowalla and such like. I don’t particularly want people to know I’m at the supermarket or the dentist’s. I’ve seen check-ins from people on fb that they’re at the doctor’s or hairdresser’s and I’m thinking I really have no use for this information.

In any case, my locations will be extremely boring — home, office, “L”, lake and occasionally supermarket. I mean, who in the right mind will want to know that?

facebook privacy, mafia wars


With all the furore last week over Mark Zuckerberg saying that the age of privacy is over, I can’t remember where I read where someone said, “I just want to play mafia wars”, and I laughed. Even with all the annoying spam, mafia wars is addictive. And here’s the proof — a full set of job mastery items after I finished New York just before going to bed last night.

fewer spam

One of the stories that surfaced during my nano stint was the one where the washington post helped shut down a major baddie web hosting company and spam traffic dramatically fell. It’s true! Since I started using igoogle, I only log into gmail proper about once a week. There used to be hundreds of spam messages waiting for me to delete. Today I went in and there were 46, mainly Russian or Chinese spam.

Whoever was responsible for this, and I think Washington Post is taking the credit, millions of people will thank you. Yes, the spam kings will be back, but this is one battle won.

don’t make me sign up for no good reason

Seems that my posts the last few days are kinda related. Just yesterday I was complaining about the need to sign up to use Photoshop Express (compared with picnik where I don’t need to re-sign in if I’m just doing simple edits). And today on a list apart, Luke Wroblewski tells us Sign Up Forms Must Die. In his book he,

described the process of stumbling upon or being recommended to a web service. You arrive eager to dive in and start engaging and what’s the first thing that greets you? A form.

Oh man, yes and yes. Everyone wants our personal information nowadays and it’s obvious that it’s for marketing. I’ve come to the point where, yeah, I’m giving out my yahoo email knowing that it’ll get spammed. It’s stupid. What the article suggested is a process of gradual engagement. Allow users to sample and explore the web service first, then if they need to go further then ask for registration. There’s always the 10-minute email option, but sometimes more information than email is requested.

The absolute worst example is facebook. To this day I have no clue how facebook looks like, cos I refuse to sign up. At least on myspace I can look at people’s public pages without being forced to me a member.

I realise I may be in the minority here, cos there seems to be less and less paranoia about personal data and online presence. But I can’t foresee myself changing my mind soon.

being watched

I’ve been seeing this type of sigs in many forums, well actually it’s just the nano forums, but I don’t visit many of them, that’s why. So I made one too, thanks danasoft.


Apparently only you can see what’s on the screen, the info isn’t stored. I know definitely it’s not stored on my servers cos that’s a linked image to outside the invisible company. It’s quite eerie, knowing how much information my browser is showing though.

walk this way

From reuters via zdnet

HELSINKI (Reuters) – Finnish scientists have invented a device to make it harder to steal mobile phones and laptops by enabling them to detect changes in their owner’s walking style and then freeze to prevent unauthorized use.

The VTT Technical Research Center of Finland said the device, which is has patented but has yet to sell, could prevent millions of portable appliances being stolen every year.

“A device is equipped with sensors that measure certain characteristics of the user’s gait. When the device is used for the first time, these measurements are saved in its memory,” VTT said in a statement.

The gadget would monitor the user’s walking style and check it against the saved information. If the values differ, the user would have to enter a password.

“Compared with passwords and traditional bio-identification, the new method is simple: confirmation of identity takes place as a background process without any need for user’s intervention,” the researchers said.

My question is … what happens if I twist my ankle and walk differently? What happens if I let someone else borrow my cellphone? What happens if I’m drunk and not walking properly, which is probably one of the times when I will need to call someone.

Scientists seem to be able to quantify everything nowadays, but this is kinda weird. It’s the right approach though, the days of using just passwords as authentication are surely numbered and the world needs biometrics.

referrer spam

I’ve been getting hit by referer spam for a couple of months. At first I noticed in my site stats that I’m being linked to by a lot of those stupid poker, pay-day loan uri’s. So much so that I have no idea about the genuine people who come to the website.

I added these to MT-Blacklist, knowing that isn’t the source of the problem. I didn’t even know what it is. Gradually I figured it out and there’s even a name for it.

Lots of articles on how to combat referer spam, mostly passive. But that’s the best we can do now. Someone’s written a perl script to get rid of bad referers in the log file but I haven’t figured out how to run perl scripts yet.

So I’ve done as much as I know how to.

  1. Password protect the stats log file. Easily done in the control panel. Username is admin, password the usual bxxxxxx.
  2. Block the offending root domains using .htaccess. I got the fomat and a list of banned referers from Tom Raferty, it’s uncanny how I’ve encountered most of the offenders in his list.
  3. I have to check site stats regularly and update the htaccess file. Small steps though.

comment spam

When I first set up bullko, I got hit by the stupid poker guy comment spam, where seemingly profound but basically useless comments were left on every single entry, with a link to his website of course. A quick visit to the wordpress support forums yielded a couple of preventative measures.

Do this for all wp powered sites.


Like mt-blacklist this is a plug-in that is copied and pasted into wp config. Last updated 21 Sept 2004, I just downloaded it. I’m not sure if it’s as good as mt-blacklist (I mean, Jay Allen, wow) but someone has obviously made a huge effort so kudos.

comments file
First I renamed wp-comments-post.php to wp-stopcmts.php. The name doesn’t matter, it can be a random jumble of letters like asdfasd.php.

Then I renamed occurences of wp-comments-post.php in the other comments files to the new name. Apparently this is called in 3 files, so I went in and made the changes:

  • wp-comments.php
  • wp-comments-popup.php
  • wp-comments-reply.php

Boy I hate spammers.

password protection

This started off as an exercise to password protect a section of the bullko website. Lots of scripts and software available, but either they cost money, or is too advanced for me.

Most recommend protection using .htaccess and .htpasswd.

I already know how to use .htaccess to prevent directory listing and hotlinking. Here’s what to do.

Place .htaccess in the same directory that needs a password. If the entire site needs to be protected, place in root directory. Use this code:

AuthUserFile directory/path/to/.htpasswd
AuthGroupFile /dev/null
AuthType Basic
AuthName “Please enter username and password”

require valid-user

In the case of directory path, for all my sites it’s the same except for the username, so for invisiblecompany it is:



The .htpasswd file can be located anywhere, the more secure the better. The password must be encrypted and there are a lot of sites where it can be done, just google it, for instance here or here or here.

Generate as many usernames and passwords as necessary and put them all in the .htpasswd file. Don’t forget the hard return at the end of the file. It should look a little like this:


restricted entry

In the weblog I added a script from orange haired boy which password protects entries.

It involves setting a restricted category so all entries there need a password to get in. It has to be implemented on all pages that show individual entries, meaning main index and all the archive pages.

I also highlight weblog entries on the homepage, but I get a php parse error, probably because I’m trying to run a php script where part of it is on an include. I need to fit it.

Once the password is entered it works until cookies are deleted so I’ll have to be careful about reading on other people’s machines.

Cool script though.