Hundreds of LiveJournal users found that out the hard way Wednesday when the blog hosting site suspended around 500 of its community journals and blogs for violating its policy barring the posting of content about rape, pedophilia and sexual violence.
The result was a massive user revolt. LiveJournal’s parent company, San Francisco’s Six Apart, received a flood of complaints from locked out users on Wednesday. The company recognized that its effort to "clean up" its community by blocking sex-related material went a little too far, and according to Thursday’s mea culpa post from Six Apart CEO Barak Berkowitz, it’s now reviewing every suspended journal individually to see if a true violation of site policy is evident in each case.
Tumblelogs are the hot new thing in blogging. They are basically blogs for people who don’t have time to blog. Tumblelogs favor short posts, videos and pictures rather than long posts, daily musings or editorial think-pieces. I sort of have one, though I don’t have any pictures in my posts, so I’ve always just called it a "link log."
Tumblr is the software app at the head of the movement. Tumblr is a hosted service, but they also offer a BYO-webhost version.
Now there’s a tumblelog app for the DIY set. Bazooka is written in PHP, runs on any server with PHP/MySQL and is an open-source application with code licensed under the GPL. If you like to get your hands dirty — like if you prefer Movable Type over TypePad — then give Bazooka a shot.
It was coded up by Evan Walsh and it’s only at version 1.0. The default interface is pretty bare, but most PHP hackers will see that as more of an advantage than a disadvantage. To that end, it’s skinnable. If you come up with any cool customizations, go to Evan’s site let him know.
As you’ve probably noticed, we changed the name of this blog today. While the change appeared quite suddenly, it’s long overdue.
Monkey Bites first appeared in 1999 as a daily feature on the front door of Webmonkey, Wired Digital’s web development resource site. The Monkey Bites slot was a home for daily news and entertaining tidbits from around the web. Funky art projects, new software releases, cool sites, HTML tips — basically, anything that caught the eyes of the Webmonkeys.
The content in the little blue box was hand-coded, too. Webmonkey’s long-time managing editor Evany Thomas imagineered Monkey Bites as a nod at the burgeoning blog movement, of which we were very disparaging at the time ("Can’t they just learn HTML?"). Valiantly pushing .htmlf fragment files full of hand-culled links only added to our feelings of superiority and self-satisfaction.
But by 2005, the command line routine started feeling pretty old. So, we made the jump and launched Monkey Bites as a blog on Wired News. The original idea was to extend the tutorials and how-tos we were publishing on Webmonkey. But when we started covering daily software news, it quickly grew into something even more worthwhile and vibrant.
This new direction as a daily news outlet was cemented when Conde Nast purchased Wired News in mid-2006. Wired News made the move over to its new home and took the blog (and its authors) with it. Sadly, Webmonkey stayed behind at Lycos, where it still survives, uncurated.
And now we’ve cut the last remaining thread to the Webmonkey brand. Really, it’s about time. While we occasionally publish how-tos and instructional pieces — Scott and I are builders at heart — this blog has been devoted to daily news coverage ever since the Conde Nast acquisition. Our aim is to continue to bring you news about Web software, services and communities. Plus the occasional sexy bicycle photo or missive on Kafka. Hey, we have broad interests.
The Monkey Bites name will linger in the URL for a while to minimize disruption, but look for Compiler in the blog directory and in the site menus.
Welcome to Compiler!
Photo: Dumpster Monkey, the official mascot of Webmonkey.com.
WordPress was compromised on Friday when a cracker slipped some exploitable code into the latest download of the popular blogging tool. The company shut down the server in question and corrected the problem almost immediately (Read our coverage).
I asked WordPress founding developer Matt Mullenweg for some data on how many exploitable copies of WordPress 2.1.1 were distributed to the public before the bad code was discovered. He writes:
2.1.1 got about 10k downloads per day, so around 30-40k bad downloads.
2.1.2 is getting about 19k a day, and has already had 57k downloads.
From those numbers, we can assume that almost everyone who downloaded the exploitable code has upgraded by now. Also, because of the fact that 2.1.2 is being downloaded almost twice as quickly as 2.1.1, we can assume that the announcement of the breach has inspired many users who weren’t running exploitable code to upgrade anyway.
WordPress is still running forensics on how they were infiltrated and by whom.
Version 2.11 of WordPress contains some exploitable code placed there by a cracker. An excerpt of the note posted to the WordPress blog this afternoon:
It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.
If you downloaded version 2.1.1 of WordPress within the last week, you should put down the ice cream nachos and upgrade to 2.1.2 right now. Be sure to totally wipe the old files, including the wp-includes.
Browse Our Tutorials
Cheat Sheets
Color Charts
Cut & Paste Code