Today, I am eating Google humble pie, because it was right about malware on Autocade. Therefore: thank you, Google. (Iâ€™m not so petty as to not thank them for when they get things right.)
Since Google had cried wolf over this blog, which has never had malware issues, I had to question it. Nevertheless, Iâ€™m sure most people would agree that itâ€™s better to be safe than sorry.
We originally suspected it was one ad network. This is also based on past behaviour, when one of our networks got suckered in to hosting an ad twice in 2007 that turned out to be a trojan. So we began limiting the creatives that could be shown on our sites.
When that didnâ€™t work, we had to keep looking.
We traced the malware from Autocade back to OpenX, which weâ€™ve now removed from our server. There is an upgraded version which weâ€™ll look at, as we need this program, but for now, Iâ€™d rather lose a few dollars than subject innocent users to malware.
Itâ€™s a shame there does not seem to be much action over at OpenX. Itâ€™s a really good program but the forums donâ€™t seem to have too many staff present there. However, I know we were not alone.
For once, Iâ€™m glad Autocade is not a hugely popular site, but itâ€™s still disturbing that this happenedâ€”and, as I understand it, Gawker and Gizmodo were affected, too.
The site acting as the malware intermediary is clickme199.ipq.co, which has been allowed to remain online. Whois gives ipq.coâ€™s location in the UK.
Luckily, our other sites were unaffected, in that no malware was sent down the line. But as a precaution, we removed all OpenX code from our sites.
Itâ€™s been a big weekend for computer problems, with one machine down due to a trojan and our ad-serving program sending malware. Plesk (the server administrator) also reported that we sent out 61 Tbyte of data this monthâ€”and weâ€™re only paying for 100 Gbyte. That was also scary, till I was told by Rackspace that thatâ€™s down to a bug. So weâ€™ve had to upgrade Plesk as wellâ€”probably not a bad thing.
Not exactly the catch-up weekend that I envisaged, but at least we made some progress. The damaged computer is almost back to normal, too.
Archive for October 2010
Today, I am eating Google humble pie, because it was right about malware on Autocade. Therefore: thank you, Google. (Iâ€™m not so petty as to not thank them for when they get things right.)
Iâ€™m prepared to eat humble pie if one of our sites is actually distributing malware (naturally without any knowledge or action on our part). According to Google, Autocade is doing just that, as of the 23rd:
Of the 3 pages we tested on the site over the past 90 days, 3 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-10-23, and the last time suspicious content was found on this site was on 2010-10-23.
Malicious software is hosted on 1 domain(s), including requestbusforward.co.cc/.
1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including globals1696.ipq.co/.
Immediately, I did the following:
- searched for the domain (requestbusforward.co.cc) that was the source of the malware, and found that there were accusations toward Gizmodo and Gawker of doing exactly the same thing;
- notiﬁed people on Twitter that there could be a problem with Autocade;
- conﬁrmed on a machine that is infected (which we were about to nuke) that the message was correct (it happened exactly as Google stated);
- began backing up the database of the legit data along with the images;
- informed our web host, Rackspace, of the notice and asked for an immediate check whether the server had been hacked;
- did a Google News search and came up empty for news about either Gizmodo or Gawker being infected (which you would expect given these are popular websites);
- better safe than sorry, nuked the infected PC with a hard-drive format. (Thank goodness for long weekends.)
Rackspaceâ€™s Joe Kirby reports that he has seen no hacking activity at the server end. Iâ€™ve requested a review from Google and weâ€™re still going to upgrade Mediawiki, which Autocade is run on.
Iâ€™m willing to keep an open mind about whether Google was accurate this time (I can conﬁrm it was not accurate about this blog), given that the scenario could be reproduced, albeit on an already infected machine.
It still strikes me as odd that there is nothing on Google News or Google Blog Search about an infected Gizmodo or Gawker, which you would expect to make some sort of a splash.
A very good Vista Group luncheon (Jim, Natalie, self), where we discussed: the Gap rebrand; The Hobbit, unions and the BNZ Centre boilermakersâ€™ strike; and my mayoral campaign.
On the ﬁrst topic, we concluded that it was down to a simple cock-up. None of us could see any reason for the Gap to rebrand (was there a change of strategy, management, or trend?) though we did see a reason for Wellington to do so.
â€˜Absolutely, positively Wellingtonâ€™ has been with us for 20 years. I remember when it was ﬁrst released, all set in Perpetua Bold, adorning the new ofﬁce of the Wellington Chamber of Commerce after its shift from Church Street. As Jim pointed out, it was a contrast to the negativity that Wellingtonians had about our cityâ€™s own image, as typiﬁed by TV shows such as Gliding on: drab, grey, and full of civil servants.
The one event that might have given us a bit of a boost was Sesqui. And what a disaster that turned out to be: an event that never began.
I said as much when we discussed the arts and cultural side to Wellington during the campaign. The brand, Mayor Prendergast mentioned, was revamped when she took ofﬁce. Nine years on, I think we need to move on again: that Wellingtonâ€™s brand does not reﬂect our cityâ€™s passions.
Every brand must be inclusive. It must also differentiate. There are many people in the ICT sector, who are an important part of Wellington, who need to be included. We have fashion designers and event producers, who thrive on the notion that Wellington is the most creative city to be in. When the former mayor said that we were now also the culinary capital, I said that we had to deﬁne that by way of our cityâ€™s creative manna: not just the culinary capital, but the culinary artsâ€™ capital. Everything we do seems to be underpinned by this idea of putting in that extra zing, whether itâ€™s my oft-quoted example of Silverstripe or the quality behind Mojo Coffee.
There is work to be done, and Iâ€™d love to engage with Wellingtonians on getting some kind of framework down for a 2010s city brand. The campaign may be over, but itâ€™s only highlighted the things that need to be done. Letâ€™s start with the strategic ideas and work our way to the operational.
[Cross-posted at Lucire] An hour ago, we turned 13. Normally this wouldnâ€™t have merited much of a mention, since 13â€™s not the sort of number people tend to celebrate. But I happened to be up, after a long day catching up on emails post-election, while head designer Tanya Sooksombatisatian sorted through our New York Fashion Week images.
Earlier this evening, fashion editor Sopheak Seng and I attended a fashion show for Laâ€™ Shika Bridal, held at the Museum Hotel in Wellington, and had good chats to the bridal designers and jewellery designer Victoria Taylor, sister of Rebecca.
I sat at a similar desk in 1997 when we started Lucire and uploaded the new home page, replacing a placeholder, at precisely midnight NZDT on October 21. (I even timed it.) That translated to October 20 at 6 a.m. in New York. At the time, the US market was the primary one online, so I tended to notice what the time was over on their east coast.
It was a 386 running Netscape 1-point-something that displayed Lucireâ€™s ﬁrst edition here. The monitor had a resolution of 1,024 by 768 pixels. We developed it on Windows 3Â·1, but tested it on various Power Macs. I coded the home page by hand and did the ﬁrst graphics.
Weâ€™ve gone through a lotâ€”a print edition from 2004, a short-lived venture in Romania in 2005â€“6, and we now face 2011 with print in four countries and an iPad app that will go live any day. A cellphone edition has been around for a little while, though it never took off. I was in it for the long haul, but I really didnâ€™t think speciﬁcs. We had a general direction, and we seized the opportunities as they came.
There have been many times when I have publicly thanked the people who got us here, and many of those who I named in December 2008, when I celebrated 21 years in business, were responsible for getting Lucire to where it is. Since then, Andrew Matusik, Victoria Jones, Sopheak Seng, Rola Saab, Jon Moe, Seka Ojdrović-Phillips, Samantha Hannah, Joseph Ungoco, Leyla Messian, Ashleigh Berry and Sylvia Giles must be added to the list. The many Massey University graduates who have tirelessly helpedâ€”Roanna Bell, Uma Lele and Brigitte Unger come to mindâ€”as well as Gemma Conn from Waikato Institute of Technology.
I wonâ€™t say the journey has been easy: in fact, itâ€™s been very tough. But Iâ€™m very glad that Lucire has been a medium through which many people have been brought together to do something we all love. We have been a change agent in the past, and thatâ€™s something Iâ€™m conscious we need to continue, through being on the forefront of new media. And weâ€™ve introduced our fair share of labels, many of which have become big names. Weâ€™ve provided many people with coverage when others ignored themâ€”discovering then that all they needed was that leg up to get to the next stage.
I still remember the fact that we were one of the ﬁrst to interview Zac Posen and Kathryn Wilson as she graduated from university, and covered Rebecca Taylor at Gen Art. Lucire published the ﬁrst series of sustainable style editorials in an international fashion magazine with Summer Rayne Oakes in the earlier part of the century.
To all our readers, thank you for being with us on this journey. I am mindful that we are merely stewards of the Lucire brand, and that it belongs to us not in law, but in spirit. Weâ€™re going to keep engaging and we plan to be with you for many more anniversaries to come.
I love how â€˜Capital Dayâ€™ is always fun in The Dominion Post: you canâ€™t believe the mileage I got out of its story implying that I could ﬁx Wellingtonâ€™s weather earlier this year with a ﬂuxcapacitor. I even think it got me a few votes from people who didnâ€™t see the irony (or the impossibility).
Today, the story is equally funny, but in a different way. The bit they didnâ€™t tell you is that the newspaper could not reach me on a private number (how they got it, I do not know), and had been advised that its reporters should not call it again if they actually wanted to reach me.
Apparently, someone called that very number and now itâ€™s a story!
I have an outgoing message saying something along the lines of: if you arenâ€™t with my campaign, work with me, a close friend, related to me, or my girlfriend, then hang up and donâ€™t leave me a voicemail or SMS. It asks the caller to call me on my actual telephone number, which everyone else on the planet seems capable of dialling and having a conversation with me.
Itâ€™s also true that I take around eight weeks to reply to voicemail messages left on it, usually because I have to ﬁnd out from Telstra what the mailbox number is. But when youâ€™ve had (probably fewer than) 20 cellphone voicemails in your lifetime to date, the need to remember that number is not a priority.
When I am in Wellington, I almost never carry a cell, hence the discouragement. (I made more exceptions during the campaign.)
And why should I? I am either at my ofﬁce (where I have a telephone), driving (where it is illegal to pick up a cellphoneâ€”and I donâ€™t have hands-free for a gadget I hardly use) or in a meeting (where it is bad form to pick up a cellphone). I believe we are in charge of the technology, not the other way around.
I wrote in 2005, partly in jest, â€˜The only reason for a man owning a cellphone is saving money on a vasectomy. Shove a Nokia down your pants and have your testicles irradiated.â€™
So when someone calls the private number and then fails to call my regular phone as I helpfully advise, or sends me an email, or just plain acts in a logical fashion, then that is funny.
I mean, a journalist is meant to be tenacious, right? Fail on one method, try another.
Not give up on a whimper and turn their own failure into a story.
Though I donâ€™t think that was the joke they were trying to get at.
Oh, there is no g in Yan. Three letters. Pretty easy to remember. There are more digits on the Telstra mailbox.
Now, what was the number for that again?
On Saturday, I called then-Councillor, and now Mayor-elect, Celia Wade-Brown to congratulate her. I felt sure that the special votes would see her ushered in, and in my Sky TV interview that night, I stated much the same: I would offer our new Mayor my support for programmes that would beneﬁt the people of Wellington. We all share a desire to make our city great, and thatâ€™s a fantastic starting-point.
Iâ€™m glad I made the right call on Saturday, otherwise it would have been my televised â€˜Dewey Defeats Trumanâ€™ moment.
Soon after, she and her husband, as well as a few of the Celia for Mayor campaign team, joined us at our event, along with Councillor Ritchie, who was re-elected. We had intended to join hers at Finc, but as they started earlier, their function ended earlier. We were still going, buoyed by a speech from my former rival and now friend Bernard Oâ€™Shaughnessy.
While the Mayor-elect and I exchanged emails this morning, prior to the ofﬁcial announcement of the ﬁnal results by the High Sheriff, I was able to congratulate her in person at the Backbencher pub earlier tonight.
I pay tribute to her and her digniﬁed campaign, and her willingness to give credit to policies where it was due from the very start. Leadership must acknowledge the notion of fair play. I am delighted that we believe that ICT will play an important role in our cityâ€™s future.
You might say we worked together, at least, to ensure that the process was fair. When Access Radio mentioned they might like to interview me for Espace FranÃ§ais, I told them that Councillor Wade-Brown should also be approached, as the other Francophone candidate. It was as early as April when we debated one anotherâ€”in French no less! I donâ€™t know if it was the Councillorâ€™s ﬁrst debate of the season, but it was mine. I am willing to bet that it was the ﬁrst political debate in a foreign language for us both.
She was equally generous with providing opportunities: when she learned of events before I did, I can remember two occasions in which she forwarded me a note.
We exchanged a few notes during the year and realized that we faced at least some editorial bias from one foreign company. Thankfully, the majority of people in Wellington was too smart to fall for that, and both of us did better than had been predicted by some so-called specialists.
Her supporters will be pleased to know that consultation, which the Mayor-elect had preached during her campaign, was practised.
Just as I had a reasonably good dialogue with the outgoing Mayor, Kerry Prendergast, till we became more guarded rivals, I look forward, as a Wellingtonian, to supporting our Mayor-elect.
Itâ€™s a great start to what I hope will be a better three years for our city.
And as her predecessorâ€™s years come to a close, it is only right that I offer Mayor Prendergast a tribute, too.
It takes great sacriﬁce to be in a public role, and she has done that as Mayor for nine years. It is the culmination of many years of sacriﬁce of putting others ﬁrst.
My late mother was a midwife, and it takes a selﬂess mindset to start in that career. I note that Mayor Prendergast began her career in the same profession, before being elected to the Tawa Community Board, and then to Wellington City Council.
As a businessman, outside of our respective campaigns, nearly all of my dealings with Mayor Prendergast were positive. She honoured every appointment request I made of her. It is those memories that will remain with me, especially the New Year shows that I have hosted at which she was guest of honour, as she departs from ofﬁce.
Never mind that politically, she and I differed. I believed we needed a city IT strategy through the last few years, as growth slowed in our city. I would not have said no to free wiﬁ in 2008, even if she came right on this during the campaign trail. Based on my years doing business strategies, I felt we were being weighed down by bureaucracyâ€”not to mention some entrenched bureaucratsâ€”which needed a solution, either of greater transparency or a renewed corporate culture.
I trust our Mayor-elect recognizes the many issues that face Wellington: I am sure, after hearing my and my other opponentsâ€™ addresses for three weeks on a daily basis, she knows there are pressing concerns, such as our debt, that must be addressed beyond her own manifesto.
I am sure that we all look forward to Wellingtonâ€™s future together, in a spirit of cooperation. We can make our city globally competitive and great again.
After Andrew relayed to me that Google Analytics code was being downloaded with Blogrolling, thatâ€”and not the fact that Chrome users were blocked from seeing this blog due to a false malware warning (sorry)â€”motivated me to shift my blogroll on to WordPress.
He was right: it was ironic that I could have it in for Google yet preserved a blogroll that permitted Analytics to keep a track of this blog. So, this afternoon, I spent a couple of dull hours transferring all the blogs over. Life after campaigning!
A few links were dead, as you can imagine after four years, although I clicked on many of them regularly (evidently I clicked on the same ones). A few had changed addresses. But as of 5.30 a.m. GMT, there is a new, complete blogroll at right, delivered by WordPress. As the old part of this website (pre-2010) still has Blogrolling, I updated the blogroll there, too.
As Mike Riversdale conﬁrmed earlier today, Chromeâ€™s oversensitive warnings are now gone, and everyoneâ€”even Chrome usersâ€”should be able to access any post on this blog made after January 1, 2010 again. As to stuff before that date, I believe my complaint still stands.
My issue with the new blogroll is that it ﬁles everything beginning with The under T. To me, this remains a very unnatural way to sort thingsâ€”once upon a time, children, even New Zealand phone books did not do that. If I am looking up The Dominion Post (most likely to complain about rubbish being left on my property), I still, out of habit, go to D in my phone book. While the Post might be an obvious one, for many other cases, how do I know if a business has opted to retain the deﬁnite article as part of its ofﬁcial title? Answer: I donâ€™t. It makes a lot more sense to ﬁle under the next wordâ€”as most libraries do. Economist, The; Miserables, Les.
If the Open Directory Project can ignore the indeﬁnite and deﬁnite articles in its sorting, then surely WordPress can, too?
Ever since I began blogging a bit more regularly here (upping it to my usual frequency?) Twitter friends have been telling me that they cannot read these entries because there is a malware warning.
What they have in common: they are all using Chrome.
I wanted to try Chrome out again (I had it installed on my old desktop machine) but Iâ€™m turned off again. Itâ€™s part of the Google empire, and going on it would mean reversing my reasonably successful de-Googling of my life that I started earlier this year.
Chrome is accusing me of having malware on this site, which is total cobblers. It is a bit like Google accusing Vincent Wright of having a splog last yearâ€”that matter that I had to ﬁght Google on his behalf over for six months.
I have used Blogrolling to host the blogroll on this site since 2006. It appears, if I read the Chrome complaint properly, that someone else had used Blogrolling (probably one of many millions of users) and put in a couple of malware links. Maybe they had put in legit links that have since become malware sites. Whatever the case, Chrome appears now to accuse anyone who even uses Blogrolling of hosting malware.
Itâ€™s maybe a good thing that Chrome is being vigilant: extra vigilance is better than being lax. But to me, itâ€™s a reminder of how Google has been cavalier with false accusationsâ€”Vincent was by no means aloneâ€”which tarnishes its brand.
I have to report things Google is doing right, out of fairness. In August I wrote a letter to the company to point out that there were things in my Google account that should not be there. There were services where I no longer agreed with its terms and conditions, and would the chaps kindly take them out of my account?
They havenâ€™t complied fully, but a few things have been ﬁxed. Adsense now shows â€˜0 productsâ€™ (it incorrectly showed two at the time of the letter), although ideally I would prefer not to have an Adsense entry at all. The Blogger count of the number of blogs I have was on four for many months when it was, in fact, zero. It now shows â€˜1 totalâ€™: still wrong, but closer to zero than four was. (Again, I had requested complete removal of my Blogger account.) Last week, Docs showed I had one document, but that has now corrected itself to zero again. (The correct number was, and is, zero.)
And, the most major of all, I no longer have Social Search: Google had been insisting that I had over 800 connections, which was impossible considering I deleted my proﬁle. (The number of connections grew from the 700s after deletion.) Having connections suggested that Google retained a record of all the links I once had in my Google proﬁle, regardless of the fact that it was using private information that it no longer had permission to use. After all, it got me a Buzz follower despite my unchecking a box that implied that that would not happenâ€”and that wasnâ€™t the only time I got signed up to Buzz without my permission (or a myriad of other Google services, including Google Talk and Google Notebook).
The lesson seems to be: if you want Google to be more careful with how it uses your private information, write a letter. And I mean the sort that takes ink, paper, stamps, a jet plane and carbon emissions. Things are still not done to my satisfaction, but they are gradually improving.
There is one thing Google does not seem to do very well any more: search.
Thatâ€™s an exaggeration, but I have been really surprised at things that it has failed to ﬁnd of late. For example: stuff on this blog. It is not to do with age: Google ﬁnds the older entries from this blog without any problems (despite the Blogrolling issue noted above). Those older entries were compiled using Google-owned Blogger, when it still offered FTP publishing. The entries, like this one, which have been put together with WordPress, cannot be found readily (if at all). Could it be because so many of my WordPress entries here have been anti-Google? Duck Duck Go and Bing do not seem to discriminate between Blogger- and WordPress-compiled content on this site.
And just plain stuff at Lucire doesnâ€™t get found very easily. A 2000 story we did on the 10th anniversary of Elle Macpherson Intimates is a good example. The other search engines ﬁnd it: itâ€™s the only online story on the subject. Google does not: it kicks up some really irrelevant links where Elle Macpherson Intimates and 10th anniversary are mentioned, but as unrelated concepts. Duck Duck Go has it as its second entry, as does Bing.
This is not about how highly Google has placed the story nor is it about where Google has put Lucire. (A Lucire entry is found by Google, on the second page, which has a link to our 2000 article, but the article itself is non-existent on Google, despite inward links.)
There was another few recently. One was when I tried to locate a Typepad post about Vox locking me out. Granted, my Typepad blog is pretty new (started when Six Apart closed Vox), but Duck Duck Go had no problems locating the entry. I forget the exact queries, otherwise I would link them now for you to check. Whatever the case, Google failed to ﬁnd the links.
Even if it were not for my problems with Google, I would have shifted to Duck Duck Go on the frustration that I could not ﬁnd things on the â€™net that I know for sure exist. I still use bothâ€”there are still queries which Google handles better than Duck Duck Goâ€”but I can no longer consider Google a complete research tool.
There is some good news out there in Tech-land USA (read the Bay Area). Six Apart seemed to care a lot more about Typepad than Vox. After the ﬁrst import of my Vox data to Typepad failed, its bofﬁns came in and helped out, and got the site up and running. I am pleasantly surprised that many of these entries still contain the images I uploaded to them. The only loss has been the videos, but they warned us about that and gave us the option to shift them to Flickr. I opted not to, so I canâ€™t blame anyone but myself.
Iâ€™ve had a long 54 weeks, so I will leave it to Paikea to say what needs to be said about Paul Henryâ€™s decision to resign from Breakfast. She is a lot more succinct than me and her three bullet points largely reﬂect my own views.
I noticed that she embedded the clip of Henry laughing and insulting Smt. Sheila Dikshit. For those who followed my earlier blog entries (such as this one), here it is.