These last few days in San Francisco I was able to at least do some of the work I set myself out to do in my spare time, mostly on my blog. The week turned out to be much more full of things to do than I planned originally, so it turned out that I did not go through with all my targets, but at least a few were accomplished.
Namely, all my blog archives consistently links to the HTTPS versions of the posts, as well as the HTTPS version of my website – which is slowly withering to leave more space to the blog – and of Autotools Mythbuster on its new home domain. This sounds like an easy task but it turned out to be slightly more involved than I was expecting, among other things because at some point I used protocol-relative URLs. I even fixed all the links that pointed to the extremely old Planet Gentoo Blog, so that the cross-references are now working, even though probably nobody will read those posts ever again. I also made all the blog comments coming from me consistent by using the same email address (rather than three different ones) and the same website. Finally, I got the list of 404s as seen by GoogleBot and made sure that the links that were broken when posted out there pointed to the right posts.
But there have been a few more things that needed some housekeeping, and was related to account churn. For context, this past Friday was my birthday — and I received an interesting email from a very old games forum that I registered on when I was helping out with the NoX-Wizard emulator: a “happy birthday” message. I then remembered that most vBullettin/phpBB installs send their greetings to the registered user who opted in to provide their birthdate (and sometimes you were forced to due to COPPA). Then since there has been some rumors of a breach on an Italian provider which I used to use when I originally went online, I decided to go and change passwords – once again thanks LastPass – and found there two more similar messages for other forums, which I probably have not visited in almost ten years.
You could think that there is no reason to go and try to restore those accounts to life — and I would almost agree with you if it wasn’t that they pose a security risk the moment they get breached. And it should be obvious by now that breaching lots of small sites can be just as profitable as breaching a single big site, and much easier. Those forums most likely still had my original, absolutely insecure passwords, so I went and regenerated them.
I wonder how many more accounts I forgot about are out there — I know that for sure there are some that were attached to my BerliOS email address, which is now long gone. The other day using Baidu to look for myself I got remembered I had a Last.FM account which I now got access to again. At least using a password manager it’s more difficult to forget about accounts altogether, as they are stored there.
Anyway, for the moment this is enough cleanup, feel free to report if there are other things that I should probably work on, non-Gentoo related (Autotools Mythbuster is due an update but I have not had time to go through that yet); the slower Amazon ad on the blog will also be fixed, promised!