Token Management

There is little more less interesting to most people than managing a multitude of authentication tokens for online services. This doesn't mean it's not important, though.

Late last week CloudFlare reported a memory leak that was the result of a bug in some of their server software. As 10Centuries does rely on CloudFlare, there's a possibility that the authentication tokens that people use for this service were leaked elsewhere. With an authentication token, someone could essentially impersonate you and (attempt to) take over your account. What's both interesting and unfortunate is that, even if someone were to sign in as you and change your password, they would not be able to eliminate your existing authentication tokens. You could continue to use your apps without even realizing that someone else changed your password or other details.

This was by design, but I can see how some people would be uncomfortable with this. Luckily, I managed to get about 3 hours of development work in today that will make it possible or you to have much greater control over the access tokens that you've authorized.

The password change page has been updated to give you the option to revoke all existing Authorization Tokens or, if you choose to go App-by-App, you can do so using the rows at the bottom of the page:

Passwords & Tokens

Hopefully these functions will give people the control they seek when revoking Tokens to applications or services they may no longer want to use, as well as to see how many Tokens are currently active. Expiring a Token takes effect instantaneously, so if you ever think someone is logged in as you, just hit the buttons and you'll be good to go.

What Does "Active" Mean?

Tokens are considered active until they've been unused for more than 30 days from the time of last access. Once the 30-day mark is hit, the token cannot be used ever again, and any application using that token will need to sign in for a new one. Any time you choose to sign out of an application, the token in use is automatically expired, preventing it from being used ever again. Some 80% of all tokens have gone idle and are no longer usable, and this is great as it means people's accounts cannot be easily hijacked through fake cookies or random generators hitting the 10Centuries servers.

Given that 10Centuries has the audacious goal to exist in perpetuity, security is a serious concern. A great deal of thought has gone into what sorts of features should exist, and how to prevent misuse of the service. With this new feature, people will have much more control over their accounts, but the system could still be better. How would you like to see 10Centuries improve its security in the coming months? Get in touch with me on Social, and let's see if we can't build something stronger, better, and easier for the whole community.

Have any questions, comments, concerns, or feedback? Get in touch on Social or send a message through the Contact page. I'm almost always available.

More Storage for Everyone!

Over the last six months a wonderful thing has happened; this service has broken even for the first time in two years. Not only has it broken even, but it's starting to make a tiny profit of a few dollars a month. While it's a little premature to quit the day job and dedicate the daylight hours to making this service better1, the time has come to do something nice and expand everyone's storage … for free!

Here's the breakdown:

  • Free Accounts go from 250 MB to 1 GB2
  • Basic Accounts go from 5 GB to 15 GB
  • Standard Accounts go from 15 GB to 25 GB
  • Premium & Crazysauce Accounts go from 50 GB to 75 GB

Why so much storage, you ask? Are people really using this much? Not at all. A quick check of the Statistics page in the Transparency dashboard will show that there is about 10 GB of audio and images that have been uploaded by people over the last year, not including the thumbnails for large images3. That said, I'm hoping that people will want to use this storage pretty soon when the Photos API is fully opened up.

These updated limits are active as of now, and will also be applied to any new accounts that are created as people are invited to join the service. Have any questions? Get in touch on Social!

  1. I would love to do this at some point, though

  2. 1 GB is 1024 MB, not 1000.

  3. I don't count thumbnails towards people's storage quota, so it's not included in any of the tallies.

10C Anniversaries and Other Thoughts

Time flies when you're having fun, and the first anniversary of 10Centuries v4 has completely caught me by surprise. It wasn't until just a few hours ago when I was looking at some of the financials that I realized it was on February 20th that invitations started going out for people to kick the tires on this latest iteration of the platform. Just for kicks I looked back at some of the hand-written notes where the core elements of 10C v4 were planned and prioritized and was quite happy to see that the vast majority of what I wanted to put into the system does indeed exist. Some items proved to be unpopular with the community and were subsequently axed. Others still came from insightful individuals and were implemented with some pretty good fanfare. More than anything, though, the fact that people are finding value in this little corner of the Internet fills me with an incredible sense of accomplishment, because it means that I'm not crazy in wanting a place to publish and connect with people online without the incessant advertising and data mining.

There is still an incredible amount of work to do on the 10Centuries platform to make it an ideal tool for everyone to use and enjoy. With the active feedback and positive energy from the growing community, the coming months should see some exciting changes.

A Year's Worth of Numbers — 2016 Edition

With just 12 hours remaining in 20161, it seems like an opportune time to examine the first year of 10Centuries v4 via the only metric that I really have available: raw numbers. All in all, some of these numbers are quite nice, while others could certainly be better. Transparency is important to me, so if there are any questions about these numbers or if you would like to see some others, just let me know. So long as the information will not infringe on anybody's privacy, I can make them available.

So without further delays, let's take a look at how 2016 panned out.

Total expenses for the year worked out to 240,732円, which is roughly $1500 USD more than had been budgeted. This overrun was a result of a move from Japanese servers to the more expensive — but more flexible — Amazon platform, as well as theme licences. In November I said that the service would move back to Japan, but this has been postponed given the amount of prepayment that has already gone into the Amazon accounts. I could try and sell the partial-reserved instance rates, but the taxation complexity behind such a thing just doesn't seem worth it. For the time being, 10C will remain on Amazon's service hosted from their Oregon data centre.

Income was an incredible 96,410円, which has been received from 19 accounts. I really want to thank everyone for the help and encouragement with this project and, so long as I can keep costs down in 2017, the service should break even. The budget for 2017 is going to be set at 90,000円, just as it was for 2016, with 80% going to operational costs and 20% for theme development.

A total of 116 accounts were made in 2016, 31 of which have been abandoned2 and 5 that have been deleted. I don't have an exit survey when people choose to delete their account, so there is no information as to why people choose to delete their accounts.

Not including the posts imported from other systems, here is the breakdown of items that people have put on 10Centuries in 2016:

  • Social Posts ⇢ 78,278
  • Blog Posts ⇢ 631
  • ToDo Items ⇢ 480
  • Podcasts ⇢ 49
  • Pages ⇢ 13

The average length of a social post is 130.56 characters, and the average blog post is 692.11 characters. While 49 podcasts have been uploaded for this year, the most popular podcast is actually an archive of Patrick Rhone's Enough Podcast, which ended production three years ago. There are roughly 40 episode downloads for this show every day, and it's by far the single largest contributor to the total bandwidth transfer.

4,892,301 unique visits have been registered across all sites with 28,810,914 page requests by browsers and just over 30-million page views by bots and other automated systems. The API has received 71,903,942 requests. On the development side, updates have been released on 217 of 366 days, and the database grows by 1,808KB a day.

Uptime for the project has been 6 hours 23 minutes shy of perfect for the year.

For the most part, I'm happy with how the system has been able to deliver so much despite the minimal hardware. 10Centuries uses three EC2 instances 90% of the time and does occasionally require a fourth to handle traffic spikes. The database server is running on a t2.small instance and the web servers are running on t2.micro instances. A replicated backup of the database is running on a t2.small hosted in Tokyo and the system is ready to hot-switch Japan and spin up web servers should some disaster strike the Oregon data centre. Hopefully this doesn't happen.

2017 is going to be quite a year. There are a number of updates currently in the works, as well as a new admin theme that should make the system easier to use on tablets and phones. It's also becoming very clear that people generally do not want to use websites for the social side of 10Centuries. There are a few social applications that are currently in the works by community members, and I'll likely build one that is focussed on Blogging, Note-Taking, ToDos, and Photos starting this coming spring. There's a lot going on under the hood, and the recent speed improvements will go a long way to making sure the system can continue to operate with a minimal amount of dedicated hardware for the next year or so.

As for Photos, this will be going live in the next few weeks and will hopefully be a workable alternative to Flickr, though less geared towards photography buffs. People will have all the standard features, such as albums and whatnot, and we'll also see a little bit of integration with blog posts, allowing people to put slideshows in their posts if they so choose. The ToDo functions will also see some updates in the next little bit, with the ability to set priorities and pins, as well as the ability to have a shared ToDo list with accounts you specify. One other update that will be available to everyone is "HTTPS Everywhere". Thanks to the power and ease of Let's Encrypt, every site on 10C will automatically be given the option to use HTTPS, and it will be on by default for all sites, including those with custom domains.

Next year will be quite busy, and there are a lot of positive updates coming. Hopefully we'll see some more people sign up and use the service, as there's a lot to like about 10Centuries. Have any questions, comments, or concerns? Just get in touch via the contact form or on Social.

  1. 12 hours and 1 second if you really want to be specific

  2. Idle for more than 6 months with no activity from the account owner

Is Silence Too Blunt?

Over the last few months people have started using the "Silence" feature to ensure their social timelines contain just the accounts they want to see, and this is great as there are a few fundamental differences between "Silence" and the less-agreesive "Mute" feature. Mute will prevent posts from a specific account from appearing in your timeline unless that post is a mention. Silence takes this one step further by not showing any posts in your timeline that come from or even mention the accounts you don't want to see. This heavy-handed super-mute function came about as a direct result of some of the repulsive antics of individuals on App.Net and Twitter, and these same antics can be found all over the web on various social networks. People should not have to put up with such asininity after leaving high school, so the Silence function was born. That said, it may be a little too blunt a tool.

As of this writing there are three accounts on the 10Centuries network that have Silenced me. This is completely okay1 as I understand that my excessive posting habits or unintentionally brusque jokes can put people off. 28 other Silences are in place across 12 accounts, and it doesn't matter who is using the feature2. What does matter is the effect a Silence can have on a conversation.

Because Silence will block posts even mentioning a person that has been silenced, if there is a conversation going on and a Silenced account is brought in — either as a mention or as an active participant — it completely blocks the rest of that conversation from the full list of participants, even if they're being mentioned. I think this is completely unfair. The purpose of Silence was to improve our enjoyment of the people and conversations on 10C. The fact that just name-dropping an account can completely stifle that conversation is no good. As of 10:00am Japan Time on November 2nd, there are 64,372 social posts on 10Centuries. I've written 18,085 of them, and I'm mentioned in another 17,032. For people who are Silencing my account, that's a lot of posts they're not seeing, many of which I may just be a mention and not an active participant. It's stifling conversation and, more than this, it's unfair to the people who just want to relax and enjoy some good conversations with people on here.

Perhaps the meaning of "Silence" needs to change?

Here's what I'm thinking about doing, and I'd love to hear your feedback — especially if you're one of the people who doesn't want to see my posts in your timelines.

I'd like to weaken Silence by making it act more like Mute. With Mute, you will not see posts written by the muted account unless you are mentioned. This means that you can still participate in the conversation or watch it take place. Viewing the thread in conversation view will show the entire conversation including posts written under the muted account. I think Silence should work this way as well, allowing conversations to naturally take place with one little difference: Silenced accounts will be redacted in the post as seen in the mockup below:

Mention with a Silence

This would permit conversations where Silenced people are mentioned to continue or, at the very least, be acknowledged so that conversations do not appear to abruptly end, seemingly without reason.

What do you think? Should the Silence function become less blunt an instrument? Do you have a better idea to make it possible for conversations to continue even when Silenced accounts are mentioned? I'd love to hear your feedback. You can get in touch via or @10centuries on the social site, or via this site's contact form.

  1. I will never make it impossible to block, mute, or otherwise ignore the various accounts I run on the service.

  2. It really doesn't add any value knowing who is Silencing or Silenced, though an account that has been Silenced by a large number of people would raise alarm bells, and I'd investigate for activities that go against the rather simplistic Terms of Service — basically not being an intentional jerk to people.

How Do People Use 10C?

One of the most common questions developers might have when they decide to invest in building tools for a platform is "How do people actually use this thing?" With many of the larger organizations, it can be tricky to answer. 10Centuries can suffer from this problem, too, as it's not just a social network but a place for people to write blog posts, publish podcasts, and keep to do lists. In the near future there will also be updates to allow for notes, photo galleries, and a feature I'm calling 10CB1. Will people use these services? Well, now you can find out.

A new API endpoint has been released today that will allow people to see how many of what data type exists in the system as of this moment, and how many of that item have been created in the last 30 days. This also includes new accounts and invitations so that people can judge the health of this fledgling system. Believe it or not, documentation for this new endpoint is already online and you can access it right now. Because this is querying all of the system's live data, I do ask that you not hammer the system too much with requests. Each query takes just over two seconds, though I hope to bring this down over time with some "smart caching".

When you submit the request, you'll receive a JSON response like so:

JSON Response

With this I hope that people will soon see that 10C is a viable platform to build tools on.

Questions, comments, concerns, feedback? Just get in touch!

  1. Think CB radio … but on a network … where you can listen to audio snippets in a time-delayed fashion … so long as the post is not set to expire before you try to access it.

Now You Can Crosspost to Twitter!

Feature requests have been coming in with a greater frequency lately, and it's great to see people actively help guide the development of 10Centuries. One of the commonly requested functions has been for a tool that would allow posts from 10Centuries to get posted over on Twitter (and other social networks). Well, I'm happy to say that crossposting to Twitter is not only possible, but slick as heck1.

Before explaining how to set it up, let's look at what posts will get sent over and how.

Social Posts

Social posts can be crossposted at the same time as they appear in the 10Centuries timelines, meaning you don't have to wait until some arbitrary time for posts to be dumped from 10Centuries to Twitter in a batch process that spams everyone who follows you. Instead, you control the rate of speed that posts are sent over. When posts are longer than 140 characters, they'll be trimmed down in as logical a manner as possible2, and a link to the full post will be attached to the end, allowing people on Twitter to follow the link and read your entire thought.

But there is one caveat: posts mentioning accounts (real or imagined) will not be sent to Twitter. This is to prevent incorrect accounts from being mentioned in posts. While it's certainly possible to have fancy translations in effect that would change all references of to @matigo_ca, this would break as soon as a post mentioning someone who hasn't attached their Twitter account — if they even have one — is made. So, just as requested, only social posts without mentions will be sent over.

New Blog Post / Podcast Notifications

When a new blog post or podcast is published, it's important that people can come see it. So these posts will have notifications sent over to Twitter as they go live3 so long as the publication date is within the last 7 days. This means that if you write a post and back-date it to yesterday, a "New Post!" notification will still be sent out to Twitter. If the post is backdated to last month, then one can probably assume that you do not want or need people knowing about it. If this is incorrect, my apologies, but this is done to prevent people's Twitter accounts from being overrun with notifications on data imports and other common data migration processes. Of course, future-dated posts will not have notifications sent until the posts are life for publication.

Posts that are marked as invisible, password-protected, private, or on a password-protected site will not have notifications sent.

One of the next features that will be built into all of the themes is a proper Twitter Card, allowing for rich content views to appear in the timelines. Hopefully this will be ready before too long.

How to Set Up Twitter on 10Centuries

From the Administration screens, click the little wrench icon on the left — for Settings — and choose "Post to Twitter". You should see something that looks like this:

Step One - Connect

From here, press the "Connect" button and go through the standard Twitter sign in process. 10Centuries will need permission to write to your timeline, but this is all 10Centuries will do. Your Tweets, Follower/Following information, and other details are left alone because they are not necessary for 10Centuries to do its job. For those who are interested, 10C uses only two API endpoints when connecting to your Twitter account:

  • statuses/update ⇢ to write Tweets
  • account/verify_credentials ⇢ to get some account details letting 10C show you which account is connected

Once connected, you'll be able to specify whether new blog post / podcast notifications should be sent, and which websites you'd like to have notifications sent for, as well as whether you'd like social posts that don't mention accounts to be crossposted.

Step Two - You're Connected

Items are set in clear "Yes" / "No" values, and everything defaults to "No" because that just makes sense. If you add new websites to your account in the future, be sure to head back to this screen to let all of your followers on Twitter know about new posts.

Questions, comments, concerns, or feedback? Just get in touch :)

  1. Well … in my personal opinion, anyway.

  2. The code tries really hard to not split a word in half.

  3. The database is checked every minute.

Forgot Your Password?

A new feature is rolling out today to help people who have lost or forgotten their password. Usually when people need to go through the whole process of trying to get into their account, they're asked to provide an email address in order to receive a link to a page that will allow them to change their password so that, after returning to the login page, they can sign in and do what they wanted to do ten minutes ago. What a pain in the bum! 10Centuries will do this a little differently.

Login Process

As with most websites, click on the "Forgot Your Password" area, and that'll show a place to enter your email address. Type the same one you used to register and hit "Request Email"1. From here the system will check that the email address is valid and, if it is, send an email that contains a single action.

Login Via Email

Rather than ask people to click a link to reset a password, it makes more sense to just let people sign in and do what they need to do. Clicking the blue button in that email will do just that. Want to change your password? No problem. Want to simply bypass typing your really long password because it's a pain? You can do that, too.

This feature is set and ready to go now. Of course, if you have any questions, comments, or concerns, do get in touch.

  1. 10Centuries will ask permission before emailing people, so you are technically requesting an email.

What Is This Supposed To Be?

A few days ago, while reading an article on The Guardian about online abuse, I started thinking about the role of moderation. Would such a thing be necessary on 10Centuries? What sort of powers would a moderator be granted? Who would be a moderator? Could this lead to a hierarchical social structure on a fledgeling platform? As of this writing, there are 60 people with accounts on the v4 Beta, 31 of which have published a post of some sort in the last 30 days. A group of this size can moderate itself quite effectively. At what point does it make sense to formalize the roles? I decided to ask the question in a Blurb and it lead to a very good question from Pete: What exactly is 10Centuries and is there any reason for anybody who is not me to give a darn and build stuff on the platform?

A Pure Hobby

Last year if you had asked me what this platform was all about I would have said it is a place for people to publish blogs and podcasts that stay online, ad-free, for ten centuries. If you had asked me the same question two years ago I would have answered much the same, but without the podcasting element. If you had asked me four years ago when the service went public I would have talked about blogging from Evernote. The service is in a constant state of evolution as my passions wax and wane. Despite this, my passion for having an ad-free platform that respects people's privacy while hosting data in a future-compatible manner has not diminished. So this begs the question: What should 10Centuries be a decade from now?

There are a plethora of blogging platforms out there that are prettier and better suited for writers of all skill levels. WordPress, Medium, and Tumblr are just three of the more popular places for people to share long-form writing. There are scores of social networks to suit every whim, too. Facebook, What'sApp, Line, and SnapChat are seeing huge numbers of active people interacting daily with aplomb. Podcasting is less popular than the other two mediums, but there are still a number of services that make publishing and distributing a show quick and painless, SquareSpace being one of the more popular tools from what I can tell. Why should anybody care enough to use 10C given its various limitations and constant half-finished state?

A valid question that demands a valid answer, and a change of mindset.

I've often said that I don't expect 10C to become a popular place for people to interact with each other, but why not? Do I say this as a way to denigrate my goals? Do I say this as a way to excuse the lack of growth and barebones financial situation of the project? Do I say this because I am historically bad at handling success¹? There's bound to be some combination of this in the answer, but it's not doing anybody any favours. I've often criticized various social networks for their gimmicky differentiators, but those networks have all enjoyed their time in the limelight, with investors clamouring to give them scads of cash for what looks like a weekend's worth of work by three coders fuelled on pizza and Red Bull. If networks like Ello, Yo, and can attract a hundred thousand people in a month, why can't this service?

Time To Aim Higher

There may not be a great deal of demand for yet another service on the Internet, but I know for a fact that a lot of people do care about privacy and are tired of the endless ads that masquerade as stuff we give a darn about. When I think about what this service has become, I see it as the start of an open platform that stores, organizes, and distributes text. This is where 10C has always excelled dating back to v1 when it was little more than a web presenter for posts written in Evernote. The back-end is designed to support channels of information. Blurbs are part of a channel called "Global". Blog posts are in channels that have unique URLs. Podcasts are the same as Blog posts with extra meta data. The system is, by and large, a mechanism to allow people to share and globally distribute these short bits of information.

It's a social platform. It's a social network.

Blogging is no longer the main focus of 10Centuries. Not by a long shot. Even with the soon-to-be-retired 10Cv2, blog posts and podcasts make up less than 1% of the information stored on the service. The vast majority of the information is in the form of personal archives. Tweets, ADN Posts, Evernote notes, and other objects that are pulled into a single location for faster search. But people don't use the search mechanisms. Most people are completely disinterested in archiving their Tweets and ADN Posts at this time. What people are interested in, though, is communicating with each other in relatively safe places where they are treated as human beings rather than products to be scrutinized and sold to the highest bidder.

This is what 10Centuries needs to become. This is what it can offer to the world more than any other network.

So it's time to get busy and get the service ready to scale. I want to drop the Beta monicker before summer.

Thanks for the push, Pete :)

  1. Success has come several times in the past with other projects, but it often goes straight to my head. Nobody likes a big ego, and I try to keep it in check.

Goodbye 10Cv4. Hello 10Cv4.1!

A number of issues have come up over the last month or so where people are unable to connect to the 10C API or load a website in under 5 seconds. Others have noted that posting can take a while or retrieved conversation threads contain incomplete sets of data. Considering how this service is still in beta and sees less than 30% the traffic of 10Cv2, these problems are completely unacceptable. Something needs to be done, and done quick.

(Basically) The Current Network Design

Current Network Layout

One of the problems with the current version of 10C is that the servers are trying too hard to be too many things. At the moment, there are just two of them working together to handle both Website and API traffic. When a request comes in, the first available server responds with the appropriate data. If any data is written to the database, then that data is also copied over to its twin. In times of heavy traffic, clones can be added to the pool, though they will need a few minutes to update their local databases for the changes that have occurred since their images were made. I typically update the clone images once a month.

It's not a very workable plan in the long run, and it's not a great solution when the problem doesn't seem to be the hardware, per se, but the network capacity of the service provider. At the moment, 10Centuries is hosted on a number of virtual private servers at Sakura Internet in Osaka and Tokyo, Japan. I chose to go with this provider because they're local and never charge for network transfer. This means that even if I am sending a terabyte of data every month, it will not cost me a Yen. That said, we get what we pay for. The $1000/year I pay covers a number of servers that are typically always online. The network, however, can be over-provisioned or just downright sluggish for all the other traffic that moves through Sakura's data centres.

It's time to move on.

Next Week's (Basic) Network Design

Upcoming Network Layout

As of this writing, I'm in the midst of moving 10Centuries from Sakura Internet to Amazon Web Services. Annual operational costs are estimated to grow by 20%, but this will allow the service to grow a little more logically. Audio and image content will be stored in S3 and pushed out via CloudFront for faster service. Web visits will make use of the web servers. API calls will be held by the API servers. Either group can grow or shrink as needs be.

But there's something else that will be possible as a result of this splitting of roles … something that was last seen in 10Cv1 five years ago: a fork and split of the 10C code.

While I could have a single codebase across all servers doing the job they're expected to do, this doesn't really lend itself to speed and efficiency. It won't happen right away but, over the coming months, the code running the API servers will evolve to build a more efficient API, and the web servers will evolve to work as a web server. Oh, and the web server code will be open sourced for anyone who would like to self-host their own 10C-powered site.

The last few weeks have been a little frustrating for people trying to use the service. That sucks, and I want to make it better. With this change, the service can continue to evolve to become a more robust, more responsive service that people can rely on.