Posted 1 year 22 weeks ago

Thanks to Elly Fong-Jones for identifying, and Joshua Wise for fixing, a potential SQL injection attack on all versions of StatusNet after 1.0.0. The vulnerable code is in the section that provides user lists; an attacker can extract unauthorized information from the database by crafting a particular tag format.

New versions of StatusNet have been released that include a patch to fix these errors:

Posted 1 year 38 weeks ago

As part of the previously announced changes coming to, I've just disabled new registrations on Existing active accounts will continue to operate, but new accounts are no longer allowed.

17 comment/s
Posted 1 year 49 weeks ago

My previous blog post on changes in the service caused some worry among some users. I'd like to reassure users that will continue to run.

Changes are coming, although not as fast as I'd hoped. Here's my rough chronology for the next few weeks.

13 comment/s
Posted 2 years 11 hours ago

I'm going to be rolling out some new software over the next few weeks, and part of that process will be winding down our existing services to make resources available for the new ones. To start off that process, I'm announcing today a wind-down of the service.

TL;DR Active accounts on and sites will continue working. Inactive accounts will be shut down, with backups available. All accounts will port to new software.

26 comment/s
Posted 2 years 5 weeks ago

 A quick note that our friends working on GNU MediaGoblin have a fundraising campaign to build in OStatus support. Please open your hearts and your credit cards to help them out!

Posted 2 years 12 weeks ago
2 comment/s
Posted 2 years 19 weeks ago, the URL shortener used by default by and other StatusNet sites, has been having technical problems over the last few days, which has caused performance problems and errors for those users who depend on it.

The server is on Amazon Web Services, and the underlying hardware is scheduled for replacement. I/O is failing or timing out.

As a workaround, users should configure their URL shortening to use the internal shortener; see for details.

3 comment/s
Posted 2 years 24 weeks ago

 In honor of's fourth birthday, and since the pre-release code is well and truly burnt in, I've made a stable release of StatusNet 1.1.0. More information on the wiki, but upgrades from all other versions to 1.1.0 are recommended. As always, updated downloads available at .

Posted 2 years 24 weeks ago

I got in early yesterday after a redeye flight from Portland. I was at Open Source Bridge and IndieWebCamp last week, and had a great time talking to people about the things I care about: Open Source software and culture and the excitement around the Indie Web. After my long flight home, I hit the sack and slept half the day away, and spent the rest of the time playing with my deeply-missed kids. Which means I managed to completely forget it was July 2,'s birthday.

9 comment/s