consolidating phd notes

I started a new blog site, running the fantastic Known blogging platform on a fresh subdomain running on my webspace at Reclaim Hosting. The intention was to give a place to think out loud about stuff I’m working on or thinking about for my PhD program. I started publishing some stuff, and then realized that having a separate site for that was awkward. There was no real need to separate and disconnect that content from the Day Job™ content from the-rest-of-my-life content.

So. I just imported the 8 whole posts I’d published over there, into my blog here. They’re now in a separate category called, creatively enough, phdnotes. Yeah. I added a navigation link to the theme, and there’s an RSS feed just for those posts (does anyone else still do RSS?). I’ll be posting stuff there as my program starts up (officially kicks off in September) and I start to get ideas about what I’d like to work on.

Screen Shot 2016-07-25 at 7.33.16 PM

Starting a new blog/site to document my train of thought through the CMD PhD program. Projects I’m working on, etc.

Starting a new blog/site to document my train of thought through the CMD PhD program. Projects I’m working on, etc.

Update: well, it started as a separate blog (running on the great Known platform), but I realized I don’t want to be managing separate sites for different things. Simpler is gooder. So, I exported it all from the Known site, and imported it here in my main blog, under a “phdnotes” category.

protecting wp-login.php

I noticed a rather severe spike in CPU usage on my Mediatemple server, and dug in to see what was causing it. For an hour, someone was hammering the login form for my blog, accounting for 98% of all CPU usage for my account during the “attack”. That’s not OK (I have lots of CPU/bandwidth left, but it’s silly to leave a login form exposed to some kind of sustained script-kiddie “attack”).

Guess where the login form “attacks” are… I’m still only using 15% of my allotted CPU time overall, but wanted to stop this before it grew into something else.

I modified my .htaccess file to block all access to the wp-login.php file, unless you are referred to it by a super-top-secret page somewhere on the internet. I combined this tip with a bit adapted from this tip (which is something I already use to protect the University’s Feed2JS install from stupid casino spammers).

Anyway, here’s the trick to locking down your WordPress login form, without having to mess things up too badly.

# protect wp-login.php
<Files wp-login.php>
    Order deny,allow
    RewriteEngine  on
    RewriteCond %{HTTP_REFERER} !^$ [NC]
    RewriteRule .* - [F]

You’ll want to change the bit that says “” with a URL that holds a file you’ve created. That file will contain a hyperlink to the wp-login.php file on your blog. All attempts to access the login form will be refused, unless someone has followed the link from your secret login page first. Security through obscurity, sure. But the stupid script kiddies will be blocked, and it’s trivial to implement.

There are other tricks that block logins except for those coming from known IP addresses, but that assumes you don’t move around much. This works from any computer, as long as you remember your super-top-secret login link page…

an update on reclaiming ephemeral media

It’s been 5 months since I started reclaiming my online content, after reading Boone’s thoughts and following his lead.

So, what have I learned in those 5 months? First, it’s surprisingly easy to host your own content. WordPress handles the media management. I haven’t FTPd a single file, nor HTMLd a single line of code. Some of the processes are a little less streamlined than the third-party silo tools offer, but even those only require a couple more clicks in an app on my phone (the WordPress app seems to like me to set image dimensions each time, if I want to constrain to 840px wide). Not the end of the world.

I can easily shoot a photo on my phone, process it with an app or two (if I want), and upload it to my blog with just a couple of clicks. The publishing workflow is basically the same as with the hosted silo services.

Ephemeral media page

Looking at the directory on the server, I use nearly 60MB of space per month of media uploads. I’m only posting photos and screenshot images, and most of them are resized to 840xwhatever before uploading. That works out to about 720MB per year of storage. That could add up over a few years. But, hosting packages typically have several gigabytes of storage available. I’m currently hosting my site on mediatemple, and my [gs] grid hosting package comes with 100GB of storage. I can buy more if I need to, but won’t have to think about that for several years. I’m only using just over 6GB at the moment, and much of that is for some BIG videos (that also make up the lion’s share of my bandwidth usage – if I dump them, my storage and bandwidth are pretty trivial).

The hosting of content is easy, and works really well.

What I’m definitely missing out on is the community layer. Things like the “From Your Contacts” page on Flickr. Even though my ephemeral stuff is presented in a similar manner to how it is on Flickr, I have no way of easily following the activities of dozens of people (or more). I can do it through RSS (and I do), but the simple page showing the latest photos posted by everyone I follow? I miss that. That’s the one thing I still use Flickr for – even though I haven’t posted a photo there in 2 months, I still check the From Your Contacts page almost every day.

I’m starting to think about how to replicate that functionality, in a more generalized way. Flickr’s page is handy, but of course it only handles people that post stuff to Flickr. What about people that post to other services, or to their own sites? A more generalized display that is service-agnostic would be great. Since most sites and services already do RSS, it seems likely that something could be built around RSS feeds. I already subscribe to the feeds of many people and follow their activity streams that way, but there isn’t an at-a-glance latest activity view.

This is the kind of thing that is often “solved” by inventing a new tool or app, and just waiting for everyone to adopt it. Because that always works out so well. What’s needed isn’t a single tool, but a way to easily follow activity (not just content) of many people over many sites and services. Feels kind of like RSS, but only geeks seem to do RSS anymore. If there isn’t a simple Like or Follow or +1 button, it’s a non-starter. But then we’re firmly back in third-party silos territory…

The connections between people, outside of the third party silos, is still complicated, messy, and way more difficult than it should be.

even more consolidation

I’ve been reducing the number of places I post stuff online, trying shift my blog into the main focus. I’ve been posting photos here, and videos. And consolidating my photoblog and ephemeral media stuff. And I realized that I still have a whole bunch of photos hosted on Flickr and embedded here. If my Flickr account disappears – say, if I decide to not renew my Pro account – then these photos will disappear from my blog posts. That’s not cool.

So I tried out [a plugin that sniffs the images embedded in posts](, and automatically downloads a copy of the image to your own server, then modifies the html to point to the copy of the image stored in the blog rather than the one out in the ether. It can be set to only grab photos posted to Flickr, or all images not hosted on your own domain.

I just ran the batch process on my own blog. It grabbed 307 images from my Flickr account, copied them to my server, and updated the HTML on the posts. Automatically. Perfect. Now, if my Flickr account disappears for any reason, the images stay.

Screen Shot 2011 09 04 at 11 02 21 PM

still no analytics

It’s been almost 6 months since I killed all active analytics on my blogs. I scrubbed it of Google Analytics and Stats. The only numbers I get now are passive and highly aggregated and anonymized, webserver logs automatically crunched by Urchin.

I don’t miss the detailed active analytics one bit. I still find out if anyone links to my stuff, through the WordPress Dashboard links widget. But I have no clue about how many people read my stuff, nor how many RSS subscribers there are.

And that’s (still) highly liberating. I can’t let myself play egocentric mind games with numbers. I can’t delude myself into believing this space is Important, or *cringe* **popular** because those things aren’t real, and don’t matter.

So now, it’s still just me. And, maybe, a few others out there somewhere. And I don’t think I could ever go back to the number OCD of active analytics. I’ve let go of meaningless statistics.

common words

I just updated the excellent [Relevanssi]( search index plugin (it makes the search feature of WordPress actually WORK, with relevant results rather than the lame built-in search). It reports on the top words in the search index. I’m a little surprised at the results (but, looking over the words in just this short post, I probably shouldn’t be…).

1. just (1226)
1. like (846)
1. i’m (820)
1. i’ve (675)
1. really (557)
1. new (538)
1. time (517)
1. use (500)
1. stuff (494)
1. got (477)
1. way (474)
1. using (461)
1. pretty (443)
1. blog (441)
1. cool (428)
1. that’s (426)
1. i’ll (408)
1. don’t (388)
1. going (387)
1. update (387)
1. work (376)
1. people (375)
1. things (370)
1. post (368)
1. sure (365)

I’m kinda surprised that “awesome” isn’t high up that list…

new minimalist theme

I just switched my blog’s theme to [Vigilance]( (after using Thesis for awhile). I’ve hacked Vigilance a bit, to make the content area wider, and nuke the sidebar (well, really the sidebar just displays underneath the content div) and a few other things (like telling it not to show the author – I’m the only person that posts here – and turning off some of the comment-specific logic and display.

Doesn’t get much more minimal than this. No banner images. No sidebars. Wide content. No fuss. Exactly what I want.


on decommenting

I read a whole bunch of posts today on the topic of comments on blogs, triggered by some critiques of Gruber’s Daringfireball which hasn’t ever had comments. Gruber wrote a post about the Google/Admob/Apple drama, and was called out for not having comments on his blog, and how that’s bad form. Gruber responded with this:

You write on your site; I write on mine. That’s a response.


Comments, at least on popular websites, aren’t conversations. They’re cacophonous shouting matches. DF is a curated conversation, to be sure, but that’s the whole premise.

He’s right. Comments aren’t really conversation or discussion, at least in the way we (meaning the general edublogger community) talk about them. They are often just asynchronous tangents, or even rambling snark fests. Comments are clumsy bits of text, misunderstood or misinterpreted very often.

Now, I have no interest in having a “curated conversation” – whatever the hell that is – but, along the lines of the commonplace book concept, this is my outboard brain. Comments distract from that. With comments, I think – even for a fraction of a second – about potential responses to a post before posting. I’ve deleted dozens of posts, because I figured the comment threads would go astray.

Marco Arment describes blog comments as many-to-one feedback:

A blog post is a one-to-many broadcast. Comments are the opposite: many-to-one feedback. A true discussion medium would encourage more communication between the commenters, forming larger quantities of many-to-many interactions and de-emphasizing the role of the blog post’s author. In practice, that rarely happens.

If comments are behaving as many-to-one feedback, there’s minimal value to showing them to the world, because the world largely doesn’t read them. But the act of showing them to the world — your world, not the commenters’ — creates a setting in which commenters are encouraged to behave negatively.1

We already have a widespread many-to-one feedback medium that avoids this: email. So that’s the feedback system that I allow on my site. Anyone can email me, and I will read it.

Those who truly want to start a discussion usually have their own blogs, so they can write their commentary to their audience.

More, from BoingBoing’s perspective as an absofrackinghuge blog community with comments:

(unrestricted blog comments result in a) a milieux here whereby the comments should be an unfettered, energetic free-for-all. But it’s not just about entitlement … more practically, that results in a noisy, infested mess that drowns out anything of quality.

This, from Derek Powazek, perfectly describes the weight of comments on writing:

I turned off comments in the last redesign of because I needed a place online that was just for me. With comments on, when I sat down to write, I’d preemptively hear the comments I’d inevitably get. It made writing a chore, and eventually I stopped writing altogether. Turning comments off was like taking a weight off my shoulders. It freed me to write again.

A weight off my shoulders. Interesting.

And this, from Ian Battleridge, on how comment “discussions” break the “link economy”

Comments also massage your ego. “Look,” you can say, “500 comments! I’m popular! And successful!” Comments also break the link economy, because they encourage others to comment directly on your site rather than writing on their own site, linking to you, and potentially getting linked to in return.

So, I thought about these posts. And about how I’ve been thinking and feeling about my blog and how I want to continue using it. And I’ve decided that comments are not helpful for that. If this blog is my Commonplace Book, if it’s my Outboard Brain, I need to be able to write whatever the hell I want, without thinking, even for a second, about what might happen in the comments. I’m not writing stuff here for comments, or for the ego stroke that goes along with them. I’m doing this to think out loud and to document stuff.

I’m really easy to get in touch with. I’m not dropping out or disappearing. If you have something to say, say it. If it’s worth saying in a comment post here, it’s worth anteing up and posting it on your own blog rather than burying it in a comment thread here.

So, for now at least, comments are turned off. I don’t know if that will last, but it’s worth trying.