Quick Status Update

Submitted by Christopher Wright on

Eviscerati.Org has been a lot more quiet for the last week or two than I'd intended. Short version: a few days before Christmas, my primary work computer, a beast of a laptop that I've used for about four years, died abruptly. Because that is my work computer (work including the things I do on this site, and also the things I do 40 hours a week that allows me to pay my bills) I needed to get a replacement, fast. So this Christmas I found myself with an additional expense--a new desktop computer.

Except that I didn't just go out and buy a desktop computer. I bought a barebones system and extra parts, because it was cheaper. Unfortunately, the last time actually built a desktop computer was six years ago, and a lot has happened in the last six years. So instead of focusing on the enjoyable and creative things in my life, I've been holding together this new computer with duct tape during work hours, then trying to get it to actually work in my off hours.

So basically that combined with holidays means I have no updates for... well... anything. And the Publishing Of Great Things probably won't resume until January 5, because I need another weekend to iron everything out.

(The long version of this story is a lot more amusing and involves a desktop computer power supply actually exploding. But that story is going to have to wait.)

SSL Status

Submitted by Christopher Wright on

SSL is active on the site.

70-90% of the time you should automatically be redirected to the secure link (https).

Some of the domains that redirect to eviscerati.net and ubersoft.net don't play nice with the certificate and if you hit them your browser will pop up a warning.

That's as far as I can go for the moment. Maybe tomorrow night I'll get the rest of the way there.

Site activating SSL, Single Sign-On Going Away

Submitted by Christopher Wright on

You may or may not be aware of Firesheep, a Firefox plugin that makes it ridiculously easy to commit identity theft. It was released about the same time EvisceratiNet went live, and had about 200,000 downloads in the first two days. I just found out about it yesterday.

Here's the short version: when you sign in to most web sites, the web site will mark you as logged in by placing a cookie in your browser that essentially says "yeah this guy's OK." Most of these cookies are unencrypted -- that is, there are no particular safeguards against another browser reading and/or using that cookie other than it's being sent to you and the general expectation is that it won't be intercepted and used by anyone else.

However, if you're getting these cookies over a wireless connection, especially a public one, it is actually possible, and apparently very easy, for anyone with the right equipment to collect any cookies sent your way. Firesheep does just that. When you activate the plugin a new bar appears in your Firefox browser with a list of every insecure cookie it finds. And if you click on one of those cookies, it logs you in to whatever service the intended recipient of the cookie was trying to access.

It might look the same, but it's new all over...

Submitted by Christopher Wright on

Welcome back. You may have noticed the "under construction" sign that's been up for the last two or three weeks (I honestly can't remember how long it's been at this point -- it's all one big nightmarish blur). The site has gone through some fairly radical changes under the hood, and I'm pleased to say that they appear to have been mostly successful. Mostly.

Of course, most of the changes required I lock everyone out while I was doing them, so they haven't been properly tested. Welcome back, beta team!

The Latest Spam Purge left some Collateral Damage

Submitted by Christopher Wright on

Sorry for being away for so long. There was One Last Big Push at work, then I got strep throat.

Getting rid of the latest pile of blogspam appears to have removed a number of legitimate posts (mostly posts commenting on the blogspam). Apologies for this. I suspect it removed those posts because they were treated as responses to the spam posts, and it deleted the entire "thread." Never mind my comments aren't threaded...

I think there's a fix for this and I'll try to set it up so it doesn't happen again...