The little spark line next to the Activity link matches the bigger graph at the page.
A lot of people will probably choose to complain about why this got done instead of bug X or bad feature Y or outage Z at this time, and I get that. But that’s kinda like saying we should cancel NASA’s funding until we solve poverty. Tumblr’s big enough to do more than one thing at a time now.
For you civilians who come in from the outside, don’t be alarmed: it’s a new theme. Still working out some kinks, most notably Disqus comments being down. I’m tweaking colors and the header, too.
It’s the “write” theme from a company called Neverbland. We’ll see how responsive they are to questions.
So has anyone figured out if/how the new music player can be added to a template/theme so civilians can see it, too?
I know for a fact that people are hitting ask boxes and the messages are never arriving. Just tumblr being tumblr LOLZ.
However, their stupid fan mail system seems to work more reliably. Use that instead, I suggest.
0, 1, 1, 2, 3, 5
- When people say, “but isn’t Tumblr just a bunch of tweens reblogging each other’s pictures of One Direction?” I argue and say, “no, it’s much more! It’s a social blogging platform. There are lots of ways to use it!” But then I see this, and it becomes clear that the powers that be here see it as identically and exactly a bunch of tweens reblogging each other’s pictures of One Direction, and they have zero interest in any other use cases.
- So, I can take a hint. I’ll be setting up a Wordpress for my thoughts about stuff more pressing than One Direction, thoughts which I have about 3 times a year. It’s a mistake to use any software too much against the grain of the intentions of the creators. Only pain and misery line that path.
- I’ll keep this for pics and shenanigans. I’ll still be around as usual, hearting you whorishly, and being generally stunned and amazed by the characters here. I’m not going anywhere. I like One Direction as much as the next 46-year-old suburban dad. Don’t want to miss it!
- Why is it that social media entrepreneurs are so universally hell bent on destroying their products? Can anyone think of a mature medium that’s better now than it was a year ago?
- Speaking of entrepreneurs, I am getting some things going here. Not in social media, though. Those people are nuts.
note for Disqus (rhymes with “disgust”) users
If you have Disqus comments enabled on your tumblr, and odds are you do, then you may want to take a look at a recent change they implemented. If you look at an individual post on your blog, down below the comments, you may see links to other people’s content under a “Recommended For You” header.
First up on mine was a link to celeb puff piece about Jenny McC****y. I assure you, the only time that asshole’s name will appear on any content of mine will be when she’s finally hauled into court and charged with the thousands of counts of murder she so richly deserves for her idiotic, appalling, anti-science jihad against immunization. That will be a day to celebrate. Sadly, we’re not there yet.
Ask box messages appear to be arriving only sporadically. I have confirmation that one was sent today and I never saw it; there are probably others. I also assume this is not just tumblr out to get me and this is likely happening all over. (Super glad they delivered the Highlight This Post feature, though.)
I have no idea if their insipid, recent post-it note email thingy is also afflicted.
Anyway, caveat scriptor.
On anger management and social media
My name is John Scholvin and I have an anger problem.
Along with rugged good looks and luxurious, silvery hair, I inherited a vicious temper from my dad. I wish it could have been his jump shot or golf swing, but instead, it’s the ability to go from idle to redline in a couple of milliseconds.
I’ve been working on managing it for twenty years. My anger has damaged me personally and professionally. It’s something I have to be continually aware of to subdue. I’ve become pretty good at keeping it under control over the years. Part of it is probably just age and a natural change in my endocrine chemistry. Beyond that, I have techniques for quelling the rage when it rises, techniques which work well if I apply them early enough. That’s tricky: when it happens, it happens fast, and when it gets to a certain point, there’s no dialing back.
I was wondering why I’d stopped getting emails after disqus comments were posted. TMYK.
Last meta post today, I swear
Your messages and drafts are all still there, they’re just not convenient.
Go to your tumblelog: http://www.tumblr.com/tumblelog/scholvin, where you substitute your tumblr name for mine, of course, and you’ll see the more familiar buttons on the right side: messages, drafts, followers, queue, etc.
If you have more than one tumblr, you have an easy way to click to it right on the top. If not, it looks like you’ll have to enter the URL, maybe bookmark it for now. Hopefully they’ll fix that.
Kind of a bummer that tumblr is borrowing Facebook’s model for rolling out UI changes, but not borrowing their model for building an ass-kicking server-side farm. They’re doing it wrong in two dimensions.
Edit: Cutlerish is going to have a couple of long hacking days in front of him. Maybe he can address this problem if (when) tumblr won’t.
Edit 2: Actually, it looks like you can get there without typing. That icon with three dots and three rectangles should drop down to give a list of all the tumblrs you own…those are links to the tumblelogs. Poor icon and label design.
Am I the only one who didn’t know
That you can easily get single-spaced text
In the tumblr editing window
By hitting shift-return instead of return?
This is 100x easier than switching into the HTML editor and entering <br>’s all over.
Thought I’d share, esp. for those of you who post a lot of lyrics or poetry.
The “security issue”
I looked around a bit to find out more about the security issue this morning. Since it’s clear that Tumblr will never, ever post any sort of information about what the fuck is going on when there are problems, I’ll engage in a little bit of armchair analysis and wild-ass speculation. I’m not an expert on this kind of web development, but I know a bit. Caveat lector.
So, the “security issue” looks like someone fucked up at tumblr and some of the server-side code that renders the site was displayed rather than executed. Maybe someone was fooling with the front end web server (Apache?) configs or something.
Some krafty kidz who saw this code then had the foresight to post it to github and apparently other places for posterity. (Or posterous. Heh.) So even though tumblr probably stopped showing it to randoms quickly, it was in the wild for good very soon.
My quick glance at it shows that there are a bunch of passwords and private API keys in there, stuff for Google Hosts, Amazon AWS, Facebook, Twitter, Captcha. This is the Major Bummer. I’m sure they changed those passwords and invalidated those keys quickly, and I am mostly inclined to believe their claim that this stuff is some distance from the database of production user passwords and profile info. This is an epic fuckup, no other way to describe it. It’s also as good an argument against hard coding your passwords and other critical config info into executable script code as you’ll ever see. Put that shit in a config file that has 0.00 chance of ever being rendered, fellas.
Beyond that, a bunch of their internal private IP addresses are exposed, which would only be useful to someone who had already penetrated the security perimeter, and someone who’d done that could find that stuff in other ways. There’s a little to be inferred about their architecture from the code itself, but it doesn’t look like rocket science to me. Looks like fairly vanilla CMS/bloggy goodness. Their load balancing scheme starting around line 395 appears pretty lame. This we already knew.
So, it’s pretty bad, but survivable. I’m guessing the problems uploading pictures this morning were because of the Amazon AWS keys being changed.
I’ll reiterate that this is 100% speculation, based only on my fairly quick glance of the assets that were compromised. But one outside nerd’s semi-informed opinion is better than anything we will ever get from davidkarp (nice password…are those your girlfriend’s initials?) and friends. Take it for whatever you think it’s worth.