Interesting spam/phish technique: Look for subdomains with CNAMEs or SPF records that point to abandoned domains that you can then register…and effectively take control of the subdomain or SPF.

They haven’t seen any cases where it’s been used to host a phishing site at, say, an subdomain, but they’ve seen thousands of cases where it’s been used to pass email verification checks.

The article describing “SubdoMailing” gives a detailed example of a spam that made use of an subdomain that was used for a sweepstakes way back in in 2001, with a CNAME pointing to the long-abandoned domain name for the contest, but the subdomain was never actually deleted.

Lesson: check your DNS for any dangling references to outside domains that might not exist anymore!

Option 1: will do some things you want, and some things you don’t.

Option 2: won’t do anything you want, will do all the same things you don’t want that option 1 will do, has promised to do more things you don’t want, undo the things you wanted that have already happened, make it more difficult for you to even have these choices in the future, and has previously demonstrated that they’re willing to go through with all of the above.

And yet I keep seeing people say they’re the same picture???


It’s like…you need to hire someone to fix your heater. One contractor will fix your heater for the advertised price, but break some of your windows in the process and stop taking your phone calls. The other will rip out your entire heating system and your plumbing, and steal the copper phone lines to make it hard for you to call someone else (I know, outdated metaphor), insist that you broke it yourself and charge extra. And they’ll break your windows too.

A bunch of reviews point out that both of them will break your windows, so they can’t be all that different, right?

It would be great to find someone who would fix your heat without breaking your windows! But there’s a glass factory in town that wants more business and gives all the local contractors kickbacks, so your best bet for that is to hire someone from out of town…but they’re booked until summer.

So you can either go with the one who’ll break things even more, or the one who will fix some things and break others, and then deal with the breakage while you still have heating, plumbing, and a working phone.

You know the old joke about “drugs would be cheaper?”

The Adderal shortage has gotten so bad that Mexican pharmacies are selling counterfeit pills to tourists…made of meth.

(I should clarify that it’s the counterfeit pills, not the tourists that are made of meth.)

Update: Sadly, science fiction author Terry Bisson (who wrote “They’re Made of Meat” among many other stories) died a few weeks later.

In response to girrodocus’s question: #PersonalWebsite creators… what’s your rationale for deciding when to use a subdomain or a subdirectory?

I usually prefer to put sections in subdirectories. That makes it possible to make the entire site portable (depending on authoring tools, anyway). Ideally, I want something that could be zipped up and moved. Or sent to Archive Team. (One of the downsides of dynamic site generators is that you can’t do this.)

When I use subdomains, it’s typically because I want some sort of isolation between the content, or the server apps, etc. But in those cases I’m as likely to use another domain entirely.

I put my main blog in a subdirectory (/journal), but if I set up my own git repository or something like that, I’d probably put it in a subdomain.

That said, I’m currently trying to sort out what I want to keep at the domain I’ve had for the last 20 years and what to move to my IndieWeb identity site.

IndieWeb and Identity

It took 4 or 5 years from me discovering IndieWeb to actually building support into my website(s), because, named after a fictional place, felt like a digital home, but not an identity. So I set up as my digital identity instead.

I’ve been considering several approaches:

  • New stuff on KVibber, leave old stuff where it is.
  • Professional stuff on KVibber, fun stuff on Hyperborea.
  • Original work on KVibber, fandom stuff on Hyperborea.

I might move my scenic and nature photos over to KVibber but leave the funny and comic-con photos on Hyperborea, or move my tech articles over but leave the personal posts.

I’m also planning to put together a light microblog, probably on KVibber, to be the canonical location for short posts on Mastodon/Twitter/etc that I want to keep, but don’t feel big enough for a full blog entry. That’ll probably go on KVibber, even though it’ll blur the pro/fun and original/fan distinctions.

Originally on (and a followup post).

Update September 2022: I guess I’ve tabled the whole question at this point. For now, I’m just using KVibber as a profile page and putting everything else on Hyperborea, like I was doing before.