Omar Shahine is a program manager on hotmail, and a pretty clued up person. Which is why his latest blog post scares me silly.

That is what I found this evening. I believe that some one managed to issue a password reset command to my account and then somehow logged in and reset my password essentially owning my data.

and this

update: my account just got hijacked again, minutes ago. Also so did my GMail account.

I have no idea WTF is going on here. I have only used one computer this entire time.

Seriously scary stuff, and this for a guy who is pretty technical and also highly connected with people who can help.

Alarmed by this - I had a quick check of my own situation - my stuff is pretty well backed up - to a NAS point for local backup, and then to Amazon's S3 via JungleDisk. My GMail is regularly downloaded to Thunderbird via IMAP. But the thought of someone getting access to my Google account makes me break out in a cold sweat.

So - what do I do to make sure I'm as secure as I can be ?

• Check my Google password is long and strong. (Yes - 20 chars, mix of letters, digits and symbols)
  

• Vow never to connect to anything sensitive 'in the clear', especially over public WiFi.
• When sensitive information (especiallly login details) is to be exchanged always connect via https (https:/mail.google.com/mail).Check your desktop and especially your laptop that this is the case. Check your bookmarks.
• Set up an account with a VPN provider to use to connect through (and make sure you use it)
• Use something like a 3G modem to bypass public wifi competely (but still connect via https). I have one (from Three), and it's great as a ADSL backup and also for travelling - no more £5.95 for 1 hour's unsecure internet access for me !
• Make sure you have a personal question that is non-obvious (don't do date of birth, mother's maiden name etc). If your provider doesn't allow you to have a non-obvious question, then change, or don't store anything of value in there.
  

• Make sure you are backed up, and that your backups work. I know this is one of those things that everyone says, but really, do it. You have no idea how much of a comfort it is when you know that all your really important info is backed up in a number of different places. JungleDisk is pretty amazing for letting you just set and forget - I back up all my pictures, and documents there, as well as my partner's docs - and Jungledisk is smart enough to only upload files that are new or changed (and you can pay $1 per month to activate a service to only upload diffs to large files).
  

• Get a good virusscanner, malware protector and firewall. Keyloggers are another source of danger - I hear a lot of reports of kids playing WoW who have had their accounts hacked via keyloggers (from programs they've downloaded). Set your firewall to alert you on any new outbound connections, and don't allow anything you don't recognise through.
  

These are some of the steps I've taken to protect my data - I hope I've covered most of the obvious attack vectors (ooh knowledgeable do I sound !). So far I haven't had my accounts hacked, but past activity is no guarantee of future performance.

Movable Type's PublishQueue has some memory leakage, and running in daemon mode (for quicker response to rebuilds) highlights this problem.

So the solution (where solution = not particularly pretty workaround) is to run PQ under daemontools as per this writeup by Byrne Reese. This sets up a monitor which constantly scans for the PQ job and restarts it if it's not there.

Then create a cronjob that kills PQ every hour or so, using pkill

*/15 * * * * pkill -SIGINT run-periodic 

So, in this example, the cronjob runs pkill every 15 minutes and kills any processes that contain 'run-periodic'  in their name (run-periodic-tasks is the perl script that runs the PublishQueue workers).

The svscan process (part of the daemontools suite) notices instantly (within milliseconds) that the PQ task isn't running, and starts it up and memory is back to normal.

Now, this obviously isn't ideal, but the 6A guys (and some of the more Perl aware parts members (!) of the community) are well aware of the problem, and are looking at how to fix the leaky bits, as well as make the whole thing run better and faster. In the meantime, this is working well for me.

[Update - 6A have acknowledged the memory leaks issue in the latest MT 4.1 release notes and have advised that PublishQueue not be run in daemon mode, or with FastCGI - both of which are fairly essential. My workaround is even more valid now.

Also note the addition of the SIGINT signal to the pkill command - this is a less forceful shutdown and was recommended to me in the #movabletype IRC channel]

Smarta is an interesting new venture aimed at supporting entrepreneurs and helping them access the tools and information they need at various stages of the journey.

The site was launched today - it's a microsite for now, but will be enhanced dramatically over the coming months by the lovely people over at Splendid, and also features a blog built by me at digitalquery .

Lovely people to work with, and I'm sure this will be a really valuable resource, especially for those of us starting up.

I started this post over a year and a half ago, and it's languished as a draft in 3 different pieces of software (LiveWriter, WordPress and Movable Type), but today feels like a very good day to dust off the cobwebs and unleash it onto the world. (Although, actually, I only got one line into it before saving it as a draft...). Anyway, without further ado, the post - such as it was !

JP Ragaswami points to Tara Hunt talking about aggregating her bits and pieces strewn over the web.

So - why post now ? Well - in the last year and a half, many personal aggregation / lifestreaming services have sprung up, but today (and the reason I've finally gotten round to doing something with this post), SixApart released Action Streams - a quite excellent personal aggregation plugin for Movable Type 4. Byrne Reese also blogged about it over on majordojo.

Installing the plugin adds a simple interface for adding your activity from other sites, with prebuilt support for the most popular. It's a relatively straightforward process, although the template changes might put off people with no experience of MT, but 10 minutes of template changes was all it took for me to get my lifestream on this site - check it out here. You do need to be able to run a scheduled task to get it to update - but that shouldn't be an issue for any decent host.

Pretty simple, and plays nicely with the Universal Template Set. There's some good stuff coming out of  SixApart right now, and it feels like MT is on a bit of a roll.

I've just moved this site from Wordpress over to the latest build of Movable Type 4.1, using the new Universal Templates.

I've also decided to retire my old blog - scalefree, and have imported all the content across to here - I'll be redirecting everything from scalefree shortly.

MT4.1 really rocks - and the new template set mechanism will allow for Wordpress-like easy styling - and enabled me to get this complete site up and running in a couple of hours.

Contact me if you want more information, or if you'd like a site like this for yourself !

The blogosphere and twitterverse have been dominated today by Steve Job's Macworld Keynote. Lots of speculation and anticipation beforehand, including several versions of the leaked speech. The event itself was more notable (to me anyway) for the traffic it generated, causing several well known blogs to creak and splutter under the load, and Twitter essentially went down for a few hours as it failed to cope with the pressure.

Anyhoo - the big news for me was the announcement of the Macbook Air - a lovely and incredibly thin laptop. Unfortunately, with tech hotness comes an associated price - starting at $1799 in the US and £1199 inc VAT here in the UK. Sharp intakes of breath as Macheads struggled to reconcile tech-lust with a price that was several hundred of dollars higher than the pre-keynote rumours. The pricing differential between the US and UK also came up in quite a few conversations - so I decided to work out what the cost difference really was.

Google Spreadsheets came to my aid - so here's a table showing the true cost difference - which for me means stripping out UK VAT - in the US sales tax is never mentioned or shown - it's like the dirty secret of American retail that only bites you when you come to pay at the cash till !

So - as can be seen - there isn't actually that much of a difference - if, and it's a big if, you're VAT registered. Add in the US sales tax, and the chances are that you'd actually pay more in the US than you would in the UK.