Blog

Posted 39 weeks 2 days ago

Thanks to Elly Fong-Jones for identifying, and Joshua Wise for fixing, a potential SQL injection attack on all versions of StatusNet after 1.0.0. The vulnerable code is in the section that provides user lists; an attacker can extract unauthorized information from the database by crafting a particular tag format.

New versions of StatusNet have been released that include a patch to fix these errors:

Posted 1 year 3 weeks ago

As part of the previously announced changes coming to identi.ca, I've just disabled new registrations on identi.ca. Existing active accounts will continue to operate, but new accounts are no longer allowed.

17 comment/s
Posted 1 year 14 weeks ago

My previous blog post on changes in the status.net service caused some worry among some identi.ca users. I'd like to reassure users that identi.ca will continue to run.

Changes are coming, although not as fast as I'd hoped. Here's my rough chronology for the next few weeks.

13 comment/s
Posted 1 year 17 weeks ago

I'm going to be rolling out some new software over the next few weeks, and part of that process will be winding down our existing services to make resources available for the new ones. To start off that process, I'm announcing today a wind-down of the status.net service.

TL;DR Active accounts on identi.ca and status.net sites will continue working. Inactive accounts will be shut down, with backups available. All accounts will port to new software.

26 comment/s
Posted 1 year 22 weeks ago

 A quick note that our friends working on GNU MediaGoblin have a fundraising campaign to build in OStatus support. Please open your hearts and your credit cards to help them out!

Posted 1 year 29 weeks ago
2 comment/s
Posted 1 year 36 weeks ago

ur1.ca, the URL shortener used by default by identi.ca and other StatusNet sites, has been having technical problems over the last few days, which has caused performance problems and errors for those users who depend on it.

The server is on Amazon Web Services, and the underlying hardware is scheduled for replacement. I/O is failing or timing out.

As a workaround, users should configure their URL shortening to use the internal shortener; see http://identi.ca/settings/url for details.

3 comment/s
Posted 1 year 41 weeks ago

 In honor of Identi.ca's fourth birthday, and since the pre-release code is well and truly burnt in, I've made a stable release of StatusNet 1.1.0. More information on the wiki, but upgrades from all other versions to 1.1.0 are recommended. As always, updated downloads available at http://status.net/download .

Posted 1 year 41 weeks ago

I got in early yesterday after a redeye flight from Portland. I was at Open Source Bridge and IndieWebCamp last week, and had a great time talking to people about the things I care about: Open Source software and culture and the excitement around the Indie Web. After my long flight home, I hit the sack and slept half the day away, and spent the rest of the time playing with my deeply-missed kids. Which means I managed to completely forget it was July 2, Identi.ca's birthday.

9 comment/s