He could still post and people could still signup to support him, but, taking a page from Paypal, Patreon prevented him from withdrawing any of the money people donated. Eventually, Patreon completed their investigation and emailed him that he was good to go. He eventually discovered that:
* a few emails further up I got this. Apparently someone suspicious pledged to me so they suspended my account to make sure it hadn’t been hacked. Can anyone explain that to me? ? pic.twitter.com/o9V1dQfUpP
He estimates that account withdrawals were suspended for between 18 and 47 days.
Account takeovers are a real problem. Had his account been taken over, it would be good if someone couldn’t take his money out and notifying the account that they think it might be hacked could tip the hacker. In that light, it could make sense to act as they did.
Having multiple other methods of contacting the user would have helped in this case…. well unless email, phone number and Signal were compromised. Patreon would need to prove they are who they say they are, of course. Phishing is a problem as well.
That all said, going from one fraudulent pledge to account takeover seems a stretch.
… and that Patreon just added another method for trolls to harass Patreon’s users. If all it takes is for one fraudulent looking donation to pass into someone’s account to flip the Account Hacked bit, trolls will use Patreon’s process to suspend a user’s ability to withdraw their money for two to six weeks. That would screw up the life of anyone who makes a living via Patreon.
Today during the monthly Somerville Cryptoparty, will be a discussion on how we can move forward with developing a community mesh network in the Boston area. It will be from 6-9pm at The Sprouts, 339R Summer Street, Somerville. The Sprouts is in the garage in the back of the drive way. Unfortunately, it is not wheelchair accessible.
On Saturday, February 10th, there will be a Community Meshnet Workshop from 1-4pm at the Somerville Public Library, 79 Highland Ave, Somerville. The Somerville Public Library is wheelchair accessible. The Somerville Cryptoparty folks put together this flyer for the February workshop. I would appreciate it if you downloaded it and put it up around your neighborhood. You can also share the Somerville Cryptoparty page or the February Facebook event.
Hope you can make it and please spread the word about these events. Thanks!
The transition from Typepad to WordPress has been a bit haphazard, but I should have finally removed most of the references.
One of the things you need to move over are the images Typepad hosts for you. Unless they are in a photo album, they will be in the <your user id>.typepad.com/.a/ directory. To get them, export the contents of your Typepad blog and save it. It will be saved as Unnamed_Comet_Asset.txt.
Once I had that file, I used this Bash script (on a Unix OS) to generate another script to get the files. Be sure to replace <your user id> with your Typepad id.
sed -n ‘s/.*\(http:\/\/<your user id>.typepad.com\/\.a\/[a-z0-9]*-[0-9]*si\).*/wget \1/p’ Unnamed_Comet_Asset.txt > wget.sh
sed -n ‘s/.*\(http:\/\/<your user id>.typepad.com\/\.a\/[a-z0-9]*-[0-9]*wi\).*/wget \1/p’ Unnamed_Comet_Asset.txt >> wget.sh
sed -n ‘s/.*\(http:\/\/<your user id>.typepad.com\/\.a\/[a-z0-9]*-pi\).*/wget \1/p’ Unnamed_Comet_Asset.txt >> wget.sh
chmod 755 wget.sh
It is possible that there are other types of files whose filenames do not end with -*si, -*wi or -pi but those seemed to work for me. Search through Unnamed_Comet_Asset.txt if you want to be sure.
Once wget.sh is generated, look it over and make sure that it looks right, then run it:
It will dutifully download all of your images. I copied them over to a .a directory on my hosting provider then updated the references to in the blog posts. Ideally, you should do it in a copy of Unnamed_Comet_Asset.txt, then import it into your site.
You will need to run this script for each blog you have hosted at Typepad. Be sure to have a different directory for each blog so that you don’t overwrite either script.
I have a script for getting all of the files from your Photo Albums that I will post about in the future.
I posted pictures from the Free Software Foundation/Defective by Design No DRM in HTML rally on March 20th. It was after Libre Planet 2016. The Massachusetts Pirate Party endorsed it and Pirates acted as marshals.
Update: I have installed SSL certificates for all of my sites which have images on this site. All of the side bar images are back up.
One of the reasons I migrated from Typepad to another hosting provider, was so I could enable SSL on my site. Making sure your site supports SSL is the one of the basic efforts you can do to support encrypting the web.
I set it up for my main domain a few weeks ago, but since some of the images I use are on sites that didn’t use https, my blog did not appear to be completely secure.
One up shot of this effort is that I have a nice set of instructions that work for my setup which will help speed the process in the future.
Yasssu has an interesting interview with Eben Moglen about a variety of topics including government surveillance, privacy, and sharing:
The topic that drew my attention to the video was his contention that Facebook would only last for about ten years before the open web and open alternatives to it won out. He cites Diaspora, GNU Social and other efforts as the tools that are leading the way to that change and I generally agree with him. However, the flaw I see with that approach is that the variety of social services that are available is increasing at a rate that a canned aggregation service will not be able to keep up. What is needed is an api for:
who is your friend or who you follow and thus who you trust;
the different services to share updates you make on the service;
the different services to talk to talk to an aggregator.
Item 1 can leverage OpenId and OAuth and there are projects such as Portable Contacts, DiSo, FOAF and XHTML Friends Network that can be built upon (or rebuilt) to provide the secure social connection information.
Item 2 requires a defined api and a willingness for social services to support it. However, RSS is pretty prevalent, so building off of that shouldn’t be a complete jump into the dark.
With these tools in place, we won’t need Facebook, Google+ or other specific social network services to act as a man in the middle to our social lives on the net.
I do like his suggestion that we all have our own plugin computers running a server like FreedomBox that act as VPN, host our website, etc.
He touches on a wide variety of other points that I find useful and his quotes are direct and pithy, so please to take the time to watch it.
The German Pirate Party created Liquid Feedback over a year ago to allow party members to debate and decide on their platform and other issues. They have been using it successfully. Here is a video explaining it (in English):
On Sunday, 7/1, I will be helping with the Massachusetts Pirate Party’s hackathon to get our own copy of Liquid Feedback running. We will start at 3pm and will go until we are done or until asked to leave, whichever comes first. The hackathon will be at 45 Bromfield #2, Somerville 02144.
Please sign up if you want to help so we know who will be there.
If you cannot make it in person, then you can join us on the #masspirates irc channel at pirateirc.net. We will also post our progress at the #masspirates twitter hashtag.
Richard O’Dwyer and the new internet war – Richard O’Dwyer is being extradited to the US for the non-crime of having a search engine that linked to videos that did and did not infringe on copyrights. The only reason Google, Microsoft & Yahoo aren’t being sued is because they employ people in the US and have more money
I had a great time presenting my talk at the Play-jurisms conference this last Saturday. I stayed up late until 3:30 am to finish the slides for the talk. Considering that I was typing away in bed while my wife slept, she was very understanding. The talk didn't suffer for the fact I was up so late writing it, but no doubt I can improve it. I did end up changing the title from what I had originally envisioned, but I felt the new title better matched the spirit of the conference.