That $ in front of my name is rather un-specific. All it means is that I'm a paid employee of deviantART (i.e. dA gave me a $... oh, we're hilarious here!). Now, I mentioned that I'm a developer, which means I work on the site on the technical level.

Since there has been a teensy bit of confusion in "The Nicolas Cage Situation" (I love that name; it should be a movie), let's say a thing or two about what I'm not.

I'm not on the helpdesk! I know very little about our policies; I'm effectively just another user of the site when it comes to things like copyright and other violations. If you ask me for help with a non-technical problem you're having on dA, I'm going to tell you to go talk to the helpdesk because I don't have any special ability to help you beyond what a normal user has. And they're very nice people who spend all day helping deviants. (Well, technically I have access to some moderation tools for testing functionality... but if I use them for-real then $Moonbeam13 will beat me up for messing with things I shouldn't.)

I'm not normally speaking for deviantART. Because I'm a developer, my actual usage of the site tends to be for personal reasons. If I'm going around talking to you about bugs on the site, or responding to comments on a feature announcement, then I have my dA representative hat on. If I'm talking to you about something else, I'm probably just some guy. Now, because I have a $ I do find myself avoiding contentious situations, since there's a solid chance I'd stir up more drama, and that'd just cause extra work for some of my fellow staff who're responsible for responding to the community. The less I have to apologize to $Heidi for ruining her weekend, the better.

That's my brief comment, which largely sprang from having seen a lot of people being cranky at another developer for not being an expert on dA policies.

It has occurred to me that I've never really stated exactly what it is I do for dA. So, let's fix that.

I'm a developer. That means I write code to make things on the site happen. Generally the right things, I hope.

I'm also a team lead. That means I sit back and tell other people what to do instead of working myself. (This is a joke: I still do development work, but I also direct others as to what to work on and keep an eye on their progress.)

I've been working for dA since 2008. As you might guess from this length of time, I enjoy my job. While here I've worked on: the "new" profile pages, groups, badges, the journal editor, Writer, the change from journals/news to deviations, a whole load of bug-fixing, internal codebase things which wouldn't make any sense to you if I named them, and other things that I forget. To be clear: I'm not solely responsible for these things. They're just major areas I've worked on.

I've been pretty quiet on dA lately because I tend to direct my non-dA-specific thoughts at my personal blog, and the things I've been working on recently have been largely non-eventful from a telling people about level. If I say "group blogs are now completely backed by deviations, including in the message center, and don't touch the legacy journal systems at all!" then it's a rare sort of person who might care, given that I was making very sure it was functionally identical.

And so they are! Check out the beta announcement titled "Ever wanted to +fav a journal? Well now you can!" on #devBUG.

From that link absolutely anyone can see much of what's going on just from seeing the journal-deviation. All the new browse stuff is still hidden away unless you have beta testing turned on, though.

I direct your attention to this hq blog entry discussing upcoming changes to submission.

Quirky change: all journal entries will be deviations.

I just released Google Webfonts integration into journal skins.

This means that you can use fancy fonts without relying on your users already having them installed, or having to use images for such text.

It's very simple to use. Just put a font from the listing into a font / font-family declaration, and we'll notice it and set things up for you. (We do maintain a whitelist of such fonts, so when new fonts are added it may take a short while before they're also available on deviantART.)

For instance, in my current skin you can see that <code> has the following CSS applied to it:



And, tada, in a very self-referential way you can see that the Inconsolata font, despite being strange and unusual, is viewable by you.

There are a few minor drawbacks:

First, only recent browsers are supported. Google Chrome: version 4.249.4+, Mozilla Firefox: version: 3.5+, Apple Safari: version 3.1+, Opera: version 10.5+, Microsoft Internet Explorer: version 6+. Thus you must make sure to include a fallback font.

Second, if a user encounters an uncached font (one which has not yet been downloaded from Google's CDN), there'll be a momentary flash of either unstyled text in your fallback font or white space (depending on the browser) until the font file is loaded.

Third, if for some reason the user has trouble accessing the CDN server the font is hosted on then they'll just get the fallback font. So make sure you pick a complementary one.

So, have fun. Try not to go overboard with them.

I fear that this entry exists solely because I want to put out an entry to test a side project I'm working on.

If you view it not in your message center you can probably tell what it is.

The new journal editor (in beta) works best for the common case of a skin which gives you a standard single area to type into.

One of the more frequent problems we've seen so far is that if your skin requires special markup in the body to make text legible then it's going to be very hard to edit it.

There's an easy fix for this: in your CSS make sure that div.text has a legible color rule applied to it. This has the side-effect of making your skin easier to use, if people don't want to use the special classes for fancy effects sometimes.

The other somewhat-common problem is for skins that manipulate the contents of the body more drastically; hiding the subject, dividing up the entry into multiple boxes, and suchlike. Trying to use such a skin in the new journal editor often leaves you unable to edit the subject and with your text entry smooshed up somewhere inconvenient.

Again, there's a fix, but it's a little more complicated. You can add a rule or two to your skin's CSS to undo some of its effects when you're in edit mode. Just use the selector .journal-edit-mode, and any rules prefixed with it will only apply to the editor.

If your skin just plain don't work right with this, you can disable CSS on it with the following bookmarklet: javascript:void(JournalEditor.disable_skin()) (just paste it into your location bar and hit enter).

Which is to say, shortly there will be the new journal editor for everyone.

I've been working on a new journal editor which features some improved integration with skins.

If you're a beta tester you can try it out now.

If you're not a beta tester, well, you can still see some pictures and discussion on #devBUG.

There's a blog entry on #hq that talks about account security.

It does this because we've had a wave of account-hackings followed by hackers deactivating the account lately. This sucks, in large part because there's very little we can do about it. Let me explain...

The source of the hacking is mostly bad passwords and insecure email addresses. There's probably also some more-elaborate social hacking going on, but every case I'm personally aware of has either involved an easily-guessed password or a broken-into email account.

If someone knows your password or has access to your email, we cannot tell that they're not you. At least, not in a way that would distinguish from you trying to log on from a friend's house... we can see that you're connecting from a new IP address, but we don't know what that means. For the purpose of your online identity, your email account is you; it is the master key to all of your other accounts.

If your password is "123456" or anything else on a list like this, change it. If your password is the same as your username, or your real name, change it.

If your email address is visible on your profile, and it's on hotmail, stop using hotmail if at all possible. Hotmail is a curse upon both our houses. Largely because if you're inactive for a little while then they'll return your address to the pool of available addresses and someone else can register it. If it's not on hotmail, at least make sure you have a decent password.

The "security questions" on your email account are also your password. If they're easily guessed by someone who can look at publicly available information about you, that lets them steal your account. "What is my mother's maiden name?", "Where did I go to high school?", etc... these are researchable, at least if you have enough information available on your profile to provide a starting point.

Of course, security questions are only a vulnerability if you're being personally targeted. Someone who just wants to hack as many accounts as possible would run around trying common passwords and give up on anyone who wasn't vulnerable to that. Still, it's worth worrying about.

We are doing some things on our end to protect against session hijacking or people using your account when they have access to your computer while you're logged in.

• We're making sure that there's no loopholes that let you change your password or email address without providing your current password.


• We're making account deactivation reversible, so there's not a quick one-button way to wipe you out.


• We're increasing password standards, so in the future users won't be so vulnerable to having their password guessed.

But none of this can protect you if they get your email account. Which is why this is a very annoying problem for us.