The short version:
1. My personal webspace was recently compromised.
2. I've been accumulating web cruft for too many years now.
3. I'm wiping the slate clean and starting over.
I remain active on MetaFilter and various social media platforms, and am reachable by email. If you have a question or are looking for something specific of mine, feel free to reach out:
MetaFilter: cortex twitter: @joshmillard mastodon: firstname.lastname@example.org instagram: josh_cortex_millard
1. My shit got owned.
I've built out a lot of different blogs and creative projects and jokey domains over the years on some personal web space. And recently basically all of it -- joshmillard.com, its various subdomains, and misc. one-off stuff -- got hit by some nasty script-kiddie flavor of attack, which systematically littered files and directories with redirect spam.
The attack did its work in a way that was sufficiently self-repairing that a few hours of amateur digging and cleanup didn't help. I've had stuff compromised before, and managed to get the ship righted, but this seems worse yet. Clearing out whatever hit me is going to require more time and attention than I have to give it right now, setting aside the fact that such work isn't a core part of my skill set to begin with.
Which leaves me with the option of hiring someone else to do a competent job -- which may be part of the plan in the future -- or taking some other sort of measure to resolve the problem. And part of the problem is that until things are clean, my web stuff poses who knows what sort of spam or malware risk to well-meaning visitors. So resolving the problem means, for now, just taking all that stuff offline. I've backed up and stored everything, and removed live versions, and am regrouping.
2. Stuff has really piled up over the years.
I've been adding new creative projects to my current self-hosted webspace for over a decade now. A lot of those have taken the form of a Wordpress install or some other bit of CMS software. Most of those projects were active for a short period -- a few months, maybe a year -- and then fell by the wayside as I ran out of steam or moved on to some other idea.
As a result, there's a couple of web things I'm actually working on at any given time, and a dozen neglected WP blogs getting no attention, often for years at a time.
That's a security problem; unpatched, aging commodity software is an irresponsible thing to keep around. Exploits and injections and compromises come into common knowledge and its easy for basically autonomous, malicious processes to find and break into such things. And that's happened now and then over the years. I've managed to clean it up at least superficially in the past, but I suspect I've never really gotten the job done well. In any case, all that neglected code sitting around is a bad idea.
Neglected projects are also just a morale problem for me, though; knowing that I left something hanging, just mouldering without any hope of future updates but also without any closure, weighs on me. Which is part of why I tend to end up neglecting the blog installations for such things, which cycles back viciously to the maintainence and security problems.
It would simplify the maintenance issue if I were to just outright decommission older projects, but that's something I've never developed a good plan for -- it's always been a rainy day project, always a technical and process question to answer some time Real Soon Now, for in some cases a decade at a stretch -- and so the work needing to be done has itself accumulated as the abandoned, lingering projects stacked up.
The weight of that accumulated cruft has worked to prevent me from dealing with it. Digital hoarding, in a sense. Pretend there's not a problem while the problem keeps growing.
3. It's time for me to start over.
I have long held that linkrot is a fundamental enemy of what is good about the web. That something that once existed at a URL, if it doesn't *need* to go away for some specific good reason, should stay around and accessible forever. That good stewardship of data means making that persistence over the long term an overriding priority.
I still think there's a lot of value in that principle, but I've come over the years to see the space between principle-as-absolute and principle-as-guiding-hand. One of the things in that space-between is a recognition of the ego involved in treating my own personal web footprint as something that requires absolute maintenance. There are immensely valuable stores of data on the web, things that require and deserve (and don't always receive) heroic efforts to maintain; my personal bloggery is not one of them.
My archivist bent is still active, and so I'm not throwing my work away. Not deleting it. I'm storing it all for a rainy day, for future unearthing if I decide this or that bit of content should be back out on the web again in some new, more well thought out form. There's specific things -- blog posts, projects -- that I remain proud of and want to continue to make available. But I'm getting over the idea that it all needs to be inviolably maintained, that no links can break, that no linkrot is acceptable.
I don't know yet what I'll do for a rebuilding effort. For a while my entire self-hosted web content may be this note and a few static directories that are easy to keep in place even as I tear out the rest of the plumbing. Eventually, sooner or later, it'll grow into something new. But for now, keeping broken, compromised stuff up while I dicker with myself over how to proceed over the long run doesn't seem like a good outcome. Keeping a thousand old deep links working but compromised by spam or malware isn't keeping anything of value around.