Starting now, if you would like to maintain your free Dyn account, you must log into your account once a month. Failure to do so will result in expiration and loss of your hostname. This activity helps us eliminate hostnames that are no longer needed and/or dormant. Note that using an update client will no longer suffice for this monthly login.
This was in my Inbox this morning from DynDNS. I’ve used them for years and years to maintain an easy way to get back to my machines at home when traveling or at the office. A few years ago, they changed their policy and stated that if you ever failed to update your Dyn account with
ddclient within 30 days, you would lose your hostname, and have to re-register. Now, the same penalty is in effect, but you also have to log into their web interface.
This made me look for a non-DynDNS solution, and much to my delight, I can use CloudFlare as a
ddclient target. I already have the domains I want to use hosted in CloudFlare, and it took less than 5 minutes to download the patched ddclient from github and set it up.
Five minutes, and I’m done with DynDNS forever. Which, I guess is what they want. I’m a user who was unlikely to ever switch to being a paid customer, and I’m just a drain on their services and infrastructure. But it also means I’ll never be a paying customer in the future.
I’ve been doing some cleanup of my online presence, and I realized much to my chagrin that my old Google account’s G+ profile was active. There were lots of cross posts to my “real” Google+ profile, and just random junk. So, I’ve nuked Google+ from orbit on my old Google account (which, in essence is just a mail forwarder these days), and I’ve taken a few minutes to update my “real” Google+ profile. While doing all this, I noticed Google+ is less awful. I’ll give it another go.
In the wake of the massive attack on the WordPress infrastructure, it makes sense to take a moment and talk about security. First and foremost, if you run a copy of WordPress yourself, you must apply updates rigorously. Most of the updates that come out have some form of security patches included in them, and these are important. Second, make sure you aren’t using an account named “admin”, “root”, “administrator” or the like. These are the easiest for the kiddies to target. Third, run something like the Login Security Solution plugin. This prevents brute-force password-guessing attacks by disabling logins from IPs that try lots of passwords against the same username over and over again. It’s not perfect, but it won’t harm legitimate users badly and it will cut down on the number of attacks the botnets can try against your sites.
Finally, look at using a service like Duo Push. It’s easy to integrate into WordPress – signing up for a free account, installing the plugin, and associating my phone with my administrative account took me less than 10 minutes to do this afternoon – and it changes your account password into a two-factor password. That being something you know, like the random string of letters, numbers and special characters that make up your password and something you have, your smart phone, your landline, or your YubiKeys keyfob. This way, even if someone guesses your password, they can’t actually use it unless they also have your phone or whatever with them, and honestly, if they have your phone and can guess your password, you have bigger problems that the security of your WordPress site.
A few weeks ago, Google announced that they were shutting down Google Reader on July 1st, saying that “usage of Google Reader has declined, and as a company we’re pouring all of our energy into fewer products.” I like many others rely on Google Reader to filter, sort and keep tabs on the world’s news, especially for sites that updates once or twice a week, rather than 50 or 60 times a day. There was a huge uproar at first, and people were going on about how Google could turn off any service and that we needed to pay for services to keep them going.
I’ve thought about it a lot, and realized how wrong this sentiment is. Paying for a service is not the only thing that will keep it afloat. Enough people have to invest time and money to keep a developer interested and working on a service; the market can’t change too significantly; the legal landscape can’t change too suddenly. The only way to make sure a service survives is to own a license to host the service yourself, and run it in-house. This is impractical for many services, especially ones that rely on extended network effects – a locally hosted Facebook with a dozen accounts isn’t interesting.
So everyone: stop bashing Google for this. It’s true of every other company that offers online services of any kind. Go ahead and use the services you like. If they are supported via payments, make sure you pay and don’t freeload/pirate. If they are ad supported, click an add now and again. It’s how the developers pay the bills. If the service closes, pack your bags and move to a new one. Hopefully all services allow data export the way Google does, and selection criteria for new services should keep that in mind.
I’ve taken the wrapper off my newest site, dezendorf.net. At the moment, it’s a self-promotional page, but I have intentions to expand it over the coming weeks and months to have focused technical content, offering insight in how a small organization would be able to self-host reliable, mission critical infrastructure. I’ve started with a number of posts from this site, but it takes time to refine, edit and repost those articles as clear walkthroughs. Therefore, the site currently stands as a single page. More announcements on that soon.