STOP HOSTING YOURSELF

I sent an email to a monk in Nepal and my blog was hacked by the Chinese government

As a publisher, the experience made me realize the potential in a service like the one from Ev Williams’s Medium.

Three years ago, at Zeitgeist Europe (a kind of private TED talk held by Google), I met Matthieu Ricard, a Buddhist monk known, among other things, for being the Dalai-Lama’s personal translator. After his Zeitgeist talk, we sat away from the crowd, trays of organic (albeit British) food in our laps.

Matthieu was wearing his usual red robe, and carried a small satchel with nothing more than his MacBook Air and a few notebooks. We discussed his lifestyle (he spends six months per year at a mountain retreat in the Himalayas), and his widely-read writings (see his Amazon page here).

I asked him about his functional MRI research in neurosciences and meditation; he responded in a precise and passionate way, describing how he just got a large grant for the University of Wisconsin, and telling of his findings about neuroplasticity and the role of the prefrontal cortex in developing or inhibiting happiness (more in this Daily Mail online piece). We talked about my desire to develop non-profit projects in mobile health, mixing information and technology to the benefit on developing countries—a project I will start working on this fall at Stanford through the John S. Knight fellowship. It was one of the most enjoyable discussions I ever had with a man of exception. We exchanged email addresses. His own bore the top-level domain “.np” which stands for Nepal. Once in Paris, I sent Matthieu a mail from my personal account to thank him for his time, and to follow up on our discussion.

It turned out to be the most costly email I ever sent to anyone.

Less than two weeks later, the shared server on which Monday Note was hosted became the target of a short but brutal DDoS (Distributed Denial of Service) attack. Within a few hours, our blog was deluged with thousands of comments like this one (shown here with its translation):

from original
(Provided by author)

The content left little doubt on the origin of the attack. I had sent an email to one of the most notorious opponents to the Chinese regime. It retaliated mercilessly. As I was told later by a cybersecurity expert, my insignificant email to Matthieu Richard had triggered an automated computer routine in one of the thousands of machines operated by the P.L.A. Unit 61398 that supervises Chinese cybersurveillance and cyberattacks across the world. In our case, the target was the shared hard drive hosting Monday Note. It cost me about €3,000 ($3400) in various fees to reconstruct the database, clean the mess, and have a pro perform a major security upgrade.

I then realized two things. The first is how terribly vulnerable writers who fight dictatorships with their blogs are (they can now rely on Google’s Project Shield, which uses its massive infrastructure to divert DDoS attacks). The second is that even for a tiny operation such as ours, hosting and security issues must be left to professionals.

I already hear the rants of WordPress and Drupal zealots about my lack of ability to properly set up a foolproof server. They are right. I should have been more careful and have had someone periodically inspect and upgrade my hosted WordPress blog. Except that: (a) I’m a journalist, not a techie, and (b) Monday Note can’t afford a geek-in-residence or an expensive maintenance contract.

I stopped enjoying WordPress years ago. When you host a WordPress blog without having a full-time webmaster, you face lots of hassles.

For instance, adding a feature to perform a specific function means you will have the choice between literally thousands of plug-ins. It’s a bit like picking an app in Apple’s or Android’s app stores among hundreds purporting to perform the same task. Due to the lack of independent and reliable recommendation systems, you’ll be lucky if you find a good-quality plug-in—for instance, one that updates in-sync with regular WordPress updates. If it doesn’t, you’ll end up with an important feature of your blog suddenly not working, creating havoc—not to mention the headaches associated with erratic rendering between various platforms (web, mobile, browsers), difficulties in making proper imports into a responsive newsletter, a horrible image management system, and buried sub-menus with obscure boxes you have to check to solve annoying issues.

Over the last eight years during which Jean-Louis Gassée and I have been writing the Monday Note, we dreamed of a platform that could take care of the problems just mentioned and allow us instead to focus on what we want to do: write decent columns without having to worry about technical issues.

Hence my interest in Medium.

It came first as a reader. I enjoyed the diversity of content, publications, authors, and the platform’s aesthetics and curation system.

Last summer, I decided to dig further. With the help of Christophe Tricot, a French computer scientist, we took a good long look under Medium’s hood.

In rough numbers, we looked at 585,000 profiles and 135,000 articles. Why so few compared to the number of authors, you might ask? Because Medium is like the physical universe: Filled with void for the most part, with interesting things often difficult to find. More seriously, scores of people opened an account on Medium and published next to nothing.

Let’s look at the numbers we found:

distribution-of-posts
(Provided by author)

Our findings were actually consistent with those of Medium’s own data scientist Mike Sall who notes in this post: “Overall, 74% of posts are under 3 minutes long and 94% are under 6 minutes long.”

Mike Sall and his team ended up determining that the optimal length for a Medium stories is seven minutes—that is ~1500 words—which is also the maximum length of a Monday Note column (pure luck).

Next, tagging. On Medium, it’s both good and bad. On the bright side, when you tag a story on Medium, the CMS will help you find the most popular term:

CMS-tagging_colorcorrected
(Provided by author)

On the down side, the number of tags is limited to three, which at first seems too low. In reality, based on our 135,000 article sample, we found that only 29% of Medium’s authors use tags (see the pie chart below at left). However, when they elect to tag their story, 84% use the maximum allowed (right chart):

from original
(Provided by author)

It is still debatable if Medium is right in drastically limiting the number of tags. On the one hand, it avoids creating an unmanageable and scattered taxonomy—its system warrants stories “findability”; on the other, it precludes precision. More importantly, Medium’s tagging system lacks a category system. As an example, you can’t have “Internet of Things (category => Nest, Tony Fadell, Sundar Pichai (tags).”

In the next Monday Note, I will list features that publishers like us dream to get from Medium.

We might even poll our readers and collect their insights.

This post originally appeared at Monday Note.

home our picks popular latest obsessions search