Password Dumps: How To Protect Yourself

By now you’re probably used to reading about web sites getting broken into, exposing millions of accounts. How do you protect yourself and how can developers protect their users?

Twitter and Facebook Have Not Killed Their RSS Feeds, Completely

Yesterday there was a fuss about alarming news that Facebook and Twitter had both killed off their RSS feeds (“completely”).

This led to much hand-wringing, name-calling and gnashing-of-teeth.

Except that they haven’t (“completely”).

It is accurate that the links to feeds are gone from their HTML pages and the META tags in the head sections of the pages.

The feeds themselves are still there and still working. My site UVFood aggregates restaurant news from Facebook and Twitter and is getting its feeds from both just fine.

To get an RSS feed for a Facebook page, use this URL:

changing ‘XXX’ to the page’s id and ‘atom10’ to ‘rss’ if you prefer ‘rss’.

To get an RSS feed for a Twitter user, use this URL:

changing ‘XXX’ to the Twitter user’s id.

Now, back to something useful.

Eating My Own Dog Food

For a while I’ve been advising people who need simple web sites to use WordPress. Not just people who want to blog, but people who need a very simple site with just a few pages. The reason I’ve been suggesting they use WordPress is that it’s easy to update pages (WordPress has a built-in WYSIWYG editor and automatic menu building), simple to extend and change the appearance of, and easy to maintain. Because you can keep drafts of your work in WordPress itself and it runs on the server, it also doesn’t matter where you work on it from, so you don’t have to worry about business computer versus home computer.

A downside is the prominent security issues WordPress has had of late (though the folks behind WordPress are prompt in fixing issues and clear about letting people know they need updated software). I want to be clear that I am in no way suggesting being lax about installing security updates, but it is true that a WordPress install that’s basically read-only – no user commenting and no remote posting enabled – is much less likely to suffer a break-in than a common blog would be.

I haven’t touched my web site in years. I started a blog at and until now hadn’t posted to that in almost a year.

My site consisted of several poorly laid out pages that were quite out of date, written using Perl’s HTML::Mason package. I quite like HTML::Mason but it was overkill for what I was doing, and I’d like to get mod_perl out of my web server.

So I’m going to eat my own dog food and move my site to WordPress. In fact, I’ve just remapped things so that the blog is now the site, and I’ve switched to using WordPress 3’s standard theme, TwentyTen, with some tweaks. Because I’m also trying to get over not-invented here syndrome. (If you subscribed to the blog at the old address you don’t need to change anything; it should just keept working.)

I’ll move over pages from the old site as I have time to rewrite and update them.

Mmmm, dog food. Not as bad as it sounds!

Omnious Sounding

Yahoo seems to have changed the layout of Yahoo Movies recently. I was looking at what was playing locally and saw this: save-this.png It sounds ominous. If I don’t sign in are they going to close The Nugget?