That OKCupid datascrape…

If you have an OKCupid profile, you might want to

  1. check if your username appears in this list
  2. change your profilename, and maybe even delete the pictures from it.

Why? Because some ethically challenged and unresponsible searcher named Emil Kirkegaard just released profile data on 70,000 OkCupid users without permission. What is in that list? According to Vox​.com, there are:

user names, ages, gender, religion, and personality traits, as well as answers to the personal questions the site asks to help match potential mates.

Lovely.

Why is this problematic? Personally, I’m not affected. My username isn’t in that list, and even if it were, I wouldn’t be overly concerned: I’m a straight white dude with few secrets, and those that I have wouldn’t threaten my life, my job or my relationship. But I know people who are actually on that list, and who are less than thrilled about the whole thing. Keep in mind that some folks have stalkers, who now have an easily searchable database. And some need to compartmentalize their lives, maybe because of jobs or family or whatever.

And yes, the OKCupid data was sort of semi-public. But it wasn’t in a handy freely searchable database, and it was hard to correlate that data with other sources. Now it may be much easier, creating data leaks and consequences no one could have reckoned with.

But mostly, I cannot understand how a researcher, someone who is supposed to know about data, data correllation and especially about the ethics of this science, how such a person can just willy-nilly publish such intimate data without the express consent of the people involved.

I really hope that the name Emil O. Kirkegaard really gets burned within his scientific community and that anyone who ever considers giving him a grant or research position is aware of this despicable and irresponsible behaviour. Also I hope that OKCupid will sue his ass off.

(alas, as far as I can see, they haven’t put out any message to their users, alerting them of this scraped dataset. Pity.)

Subsonic & Caddy — oh my…

Dangnabbit.

Subsonic has the nasty habit of generating certain URLs in a very hardcoded way.

The login screen for example. If you call index.view and are not logged in, it redirects you to $ServerSubsonicThinksItIs/login.view.

That will be localhost, if you want to do the „oh yay, let’s reverse proxy here“ thing. To make matters worse, $ServerSubsonicThinksItIs also contains protocol and port. This is apparently due to the implementation of Subsonics „generate a yourhost​.subsonic​.org“ redirection.

As far as I can see, only the login and settings pages are the ones that are affected by this. They are still accessible if you manually add /login.view to your public address.

Of course, you can tell Subsonic to believe that it is on the servername you chose for it. As long as Subsonic and the reverse proxy server are in agreement of which host, path & port are shown to the browser, everything is fine. With non-encrypted http that is.

Of course you can re-enable https on Subsonic, in order to successfully proxy everything from A to B, but…

…Caddy checks the validity of the SSL certificate of whatever site it reverse-proxies to. And throws a Bad Gateway if it doesn’t like what it sees. This is actually done with a reason, but it doesn’t help me right now.

As far as I can see, I either have to wait for…

  • Subsonic finally learning to generate sane URLs or
  • Caddyserver being able to ignore faulty certificates upstream

The Perils of JollyOrc in the Lands of the „feeling Lucky“

My music player is usually set to shuffle over all songs in my library. Now, my music library is… diverse. You’ll find nearly everything in there. Well, it’s very light on Techno and similar things, but you get the drift.

And sometimes, that shuffle mechanism produces pure gold by chaining just the right things together: