Month: March 2008

WordPress 2.5

I installed WordPress 2.5 last Saturday on all of the blogs I support. It had passed some preliminary testing on my development blog so I installed it. It is supposed to have increased security, better administrative panels, and the ability to upgrade plugins automatically. They say there are very few changes that will affect the plugins. It sounded like a safe upgrade so I upgraded. After a little testing I found that ImageManager 2.4.1 did not work at all. I am not sure when it stopped working since I do not use it often and I have alternatives.

While I was at it I did a little spring cleaning. I changed the blog to not use the www subdomain, changed the .htaccess file, changed the blog to use a more descriptive permalink, removed the register feature from the meta widget, and got rid of several old inactive plugins.

Installing Subversion? Just follow this 7 Steps « Lijin’s Localhost

Great post Lijin! Sometime ago I struggled to figure out how to install subversion on my WinXP box. The biggest difficulty I had was to understand what the folder layout for Windows box should look like. I ended up using svn1clicksetup to get a standard layout. Due to issues between Subversion and Apache 2.2, I avoided using Apache for Subversion. SVNService worked just fine for me. Recently Subversion has been supporting Apache 2.2. With a slightly modified version of Lijin’s instructions I modified my XAMPP installation to support accessing my existing repositories via Apache. Here are my steps:

  1. Install Apache HTTP server if not already installed. I prefer installing Apache via XAMPP.
  2. Install Subversion and let it update your Apache configuration. In my case I was updating to the latest version. Here is my file layout:
    1. Install directory – c:\Program Files\Subversion
    2. Repositories – c:\svnrepos
    3. Apache conf file – c:\Program Files\xampp\apache\conf\httpd.conf
  3. Since my repositories are not accessible from the network, I did not create a Users authentication file or Acesss – rights file. I can do this later if I need it.
  4. In the directory, "c:\Program Files\Subversion", create a etc directory and place another file called subversion.conf with the following data. 
     
<location repos>
  DAV svn  
  SVNPath C:/svnrepos  
</location>
  5. Add Include "C:/Program Files/Subversion/etc/subversion.conf" to the Apache conf file.
  6. Restart Apache and test the repository access.
    1. I cranked up my favorite browser and went to http://localhost/repos. I saw my project directories.
    2. I created a new directory in the My Documents folder and checked out one of my projects using TortoiseSVN and the http://localhost/repos/project1 URL. It worked.
    3. Next I created a test file and added it to repository. It worked, too.

Installing Subversion? Just follow this 7 Steps « Lijin’s Localhost

Opera@USB : EN & PortableApps

Okay, Markus said I shouldn’t do this but I installed Opera@USB on my USB drive and renamed a few files. I wanted Opera to appear as a menu item in the PortableApps Menu.  Here is how I did this.

  1. First I created a directory under the PortableApps directory called, OperaPortable. You can name it anything you like.
  2. Next I installed the USB version of Opera into this directory.
  3. Finally I changed the extensions for operausb.exe and gsr.exe to com and changed the extension for opera.com to exe. You should see the pretty opera icon now.

Next time I started the PortableApps menu I had a pretty little Opera icon next to a title that said "Opera Internet Browser". It could not been sweeter. I went to my web sites and they looked fine. The only way I have been able to crash Opera so far is to go to the acid3 test. 😉

DISCLAIMER: I do not use Opera on a regular basis. Your mileage may vary!!!

Opera@USB : EN : download your free version of mobile Opera:

Automated WordPress Hacking Tool Cached by Google

I just finished checking my WordPress sites with both a dork and a FTP. Google says that there 29,000 infected sites. I guess that I was left out of the party since my WordPress sites are at the most recent stable release.

Cyberinsecure recently posted details of an automated WordPress hacking tool that is doing the rounds. This malicious worm or program appears to create the directory, "wp-content/1/" as well as spam comments:

The blogs are most likely attacked by some kind of automated tool since the amounts of spam are too big to work manually on all those spam pages creation. It seems there are also spam comments in posts as well. Spam comments are pointing to internal infected blog pages in folder “1″ to get them spidered and to get people to visit them.

Smackdown also has a nice blog entry about this issue.

Automated WordPress Hacking Tool Cached by Google
DK
Wed, 26 Mar 2008 23:52:40 GMT

Favorite KeePass Trick

Keepass is a neat password management program but the documentation is not clear on how to set up an entry so that it will work use the same username and password with multiple web pages. As an example with the following entry, KeePass will autotype the username and password on the login screens for Yahoo, Flickr, and Office live.

Auto-Type-Window: Sign In to Yahoo*
Auto-Type: {USERNAME}{TAB}{PASSWORD}{ENTER}
Auto-Type-Window-1: Yahoo! Mail*
Auto-Type-Window-2: Connect to workspace.office.live.com*

Weird, wild, wonderful Windows "Workstation" 2008 | InfoWorld | Analysis | 2008-03-17 | By Randall C. Kennedy

For the self-reliant, a third Windows desktop option emerges: Build your own “Frankenvista” on Windows Server 2008

I guess the transformation is nearly complete. Windows Server 2008 has almost completely embraced the Linux model of one code base for servers and workstations. It is the incompatibilities that drive you nuts. Support for third party software has always been the struggling point.  Now if they can make Windows Server 2008 as the Software Assurance upgrade for Vista Business. As Darth Vader said:

“Your skills are complete. Indeed you are as powerful as the Emperor has foreseen.”

Weird, wild, wonderful Windows “Workstation” 2008 | InfoWorld | Analysis | 2008-03-17 | By Randall C. Kennedy

BlogSecurity » Blog Archive » WordPress Scanner

Last night I used the WordPress Scanner on two of my blogs and I got this message.

dangerous-check-[0] PHP configuration file found in http://www.somewebsite.com/

I guess it is complaining about the fact that I have a php.ini file. I guess there is a security implication I am do not know about. I googled php.ini and security and I did not get any hits. Can anybody provide me with some insight on the security issue?

BlogSecurity » Blog Archive » WordPress Scanner

The LinkedIn Blog: The Engineering component | LinkedIn Company Profiles

Last week I revisited LinkedIn and updated my information. It got me thinking. I know my favorite head hunters like LinkedIn, but is this an effective way to network people for charity purposes? This week a board member working on a grant required some demographic data on each board member. I guess the donor wants to know a little more about us before they give us a chunk of cash. I realized that the data I just finished updating on LinkedIn was most of the data she needed for the grant. I decided to save a PDF version of my LinkedIn profile. It did not work right. So I did it the hard way. I took a few minutes to cut and paste together the profile, print off a PDF, and email her the copy. About half of our board members are already on LinkedIn. Hmm…

The LinkedIn Blog: The Engineering component | LinkedIn Company Profiles

Exceptional Performance

I ran across this page in one of the blogs I read but I do not remember which. I installed YSlow to check out my web sites. It was an easy check. The rules I consistently failed were rules 3 and 4. I came back here for the explanations. Implementing fixes for these rules can be complicated. I will look into them when I have both the curiosity bug and the spare time.

Rules for High Performance Web Sites

The Exceptional Performance team has identified 13 rules for making web pages fast. Each rule is discussed in the Developer Network Blog articles listed below.

  1. Make Fewer HTTP Requests
  2. Use a Content Delivery Network
  3. Add an Expires Header
  4. Gzip Components
  5. Put CSS at the Top
  6. Move Scripts to the Bottom
  7. Avoid CSS Expressions
  8. Make JavaScript and CSS External
  9. Reduce DNS Lookups
  10. Minify JavaScript
  11. Avoid Redirects
  12. Remove Duplicate Scripts
  13. Configure ETags
  14. Make Ajax Cacheable

Download YSlow for Firebug YSlow logo

Exceptional Performance

WordPress › Blog » 2.5 Sneak Peek

Since I have a local WordPress blog for my development work, this was a no-brainer. I let Subversion do the hard work. I tried the revised admin panels since they have changed significantly. It was nice to know that my theme and my plugins seem to work fine. So far this upgrade looks pretty solid.

  1. Since I have recently been looking at easy ways to use Flickr images and create image galleries, I was curious how the improved media gallery works. After playing with the insert image and media gallery, I am still trying to figure out how the media gallery works. I guess it is a work in progress. The Gallery and Media Library tabs do not seem to do anything.
  2. It was not obvious how one creates an avatar either.
  3. I tried to automatically update the PhotoXhibit and Database Backup plugins and it did not work.

WordPress › Blog » 2.5 Sneak Peek

Right-Justify Part of a Line – Expert Help by PC Magazine

I found myself trying to remember how to right-justify part of a line in Microsoft Word again. 

If the ruler isn’t visible at the top of the typing area, select Ruler from the View menu. Create a tab stop by clicking on Format | Tabs. In the Tab stop position field, enter the inch number on the ruler (6, for example) where the right margin begins. Check the Alignment option titled Right, select a Leader character if you wish, and click on OK. This will result in the effect you want.

On each line, type the item name, press the Tab key, then type the issue date. All the dates will line up at the right margin. If you’re applying this formatting to text that’s already typed, select all the text before you set the tab.

Right-Justify Part of a Line – Expert Help by PC Magazine

SQL 2005 Express Tips

My version of SQL 2005 Express was installed when I installed Visual C++ Express Edition. Today I was trying to use the Upsizing Wizard included in Access 2003 when I ran into SQL Server problems. So here are my tips:

  1. Go into the SQL Configuration Manager and enable TCP/IP if it is disabled. Someone wrote a post stating that Access 2003 uses TCP/IP to communicate with SQL Server.
  2. Go into Services and check to see that SQL Server Browser is running. This service was disabled on my machine. This allowed me to see the correct hostname. My hostname is called, “MYCOMPUTERNAME\SQLEXPRESS”. You can disable the SQL Server Browser when you are comfortable.
  3. Download a copy of SQL Manager from EMS. I used the Lite version since my needs are small and it is free. I would seriously consider checking out the paid version if I was doing a lot of conversions.
  4. Sample databases are a great way to brush up on your dormant SQL skills. If you are looking for the Northwind database, it is not installed with SQL Server 2005. In fact SQL 2005 does not install any sample databases although a new sample database called AdventureWorks is available as a separate download. If you want the old familiar Northwind database, you can download the samples for SQL Server 2000.
    1. Download the SQL Server 2000 sample file from Microsoft.
    2. Extract the files from the archive and copy the Northwind MDF and LDF to your SQL Server 2005 data directory. See Jeff Atwood’s post for more details.
    3. Attach the database to your SQL Server. I used SQL Manager since the manual method described in the Readme file did not work for me.
  5. Now if you have successfully navigated the SQL maze, you should be able to run the Upsizing Wizard, access the SQL Server using an Access Project(ADP), access the SQL Server using Excel, and access SQL Server via your favorite programming language.

WPDesigner » WordPress Theme Checklist

Here is a handy checklist for people creating or modifying WordPress themes.

Note: The following checklist was based on WordPress 2.0. Since WordPress 2.1, WordPress has replaced and introduced new template tags.

Files, functions, and to-dos you need to check-off before using / publishing your own unique WordPress theme:

Files and Templates
  • 404.php
  • archive.php
  • category.php
  • comments.php
  • footer.php
  • functions.php (for widget-ready sidebar)
  • header.php
  • index.php
  • page.php
  • search.php
  • searchform.php
  • sidebar.php
  • single.php
  • screenshot.png / .jpg / .gif
  • style.css
  • readme.txt (optional)
Header.php
  • Blog’s Title
  • Blog’s Description
Footer.php
  • wp_footer()
  • Footer text and links (usually, copyright message)
Sidebar.php
  • Search form – Does the regular search form match the widget search form?
  • Pages / wp_list_pages() – Have you styled the second level links? Third level links?
  • Categories / wp_list_cats() – Sort by name or ID? In what order? Is hierarchical turned off or on?
  • Archives
  • Calendar – Does the regular calendar match the widget calendar?
  • Links / get_links_list()
  • Meta: wp_register(), wp_loginout(), wp_meta()
Index.php, Archive.php, Category.php, Search.php, Page.php, Single.php
  • the_ID()
  • Post title: the_permalink, the_title()
  • the_content
  • Postmetadata: edit_post_link(), comments_popup_link(), the_author(), the_category(), the_time(),
  • trackback_rdf() [hidden]
  • posts_nav_link() – Next/Previous page links
  • Else – What to display when there is no content.
Archive.php, Search.php
  • the_excerpt() replaces the_content()
Page.php
  • link_pages()
  • Remove Postmetadata
  • Keep edit_post_link()
  • Remove posts_nav_link()
  • comments_template()
Single.php
  • link_pages()
  • Remove comments_popup_link()
  • comments_template()
Comments.php
  • Comments list
  • Comment forms and textarea
  • ‘No comments’ message
  • ‘Comments awaiting moderation’ message
  • ‘Must login’ message
  • ‘Password protected’ message
  • Comments off message
Pages to Validate
  • Home page
  • Archive pages
  • Category pages (if you customize category pages)
  • Search result pages
  • Pages (i.e: About)
  • Single post view page
  • Single post with no comments
  • Single post with comments
  • Single post with must login message
  • Single post with no login required message
  • Password protected single post with comments

Note: This is not an end-all checklist. It covers just the basics. More items will be added.

WPDesigner » WordPress Theme Checklist

Top 10 WordPress CMS Plugins | Blueprint Design Studio

From the Blueprint Design Studio we get this list of WordPress CMS plugins. I can vouch for Cforms II and Google Sitemap Generator since I already use them. I am definitely going to check the rest of them.

  1. Cforms II – This is far and away the best contact form plugin there is. The reason? configurability. You can easy build literally anything with it. We’ve built out employment application forms, wedding checklists, and more for clients. It also drives our own quote form. There’s also built in spam protection, via question and answer or captcha. by delicious days
  2. WP e-Commerce – Unlike cforms, this plugin has no competition. It provides an easy to manage storefront and shopping cart as an integral part of your wordpress installation. It includes the ability to sell digital downloads as well, which is great for photographers, musicians, and authors. By default it includes support for PayPal, although the $29.99 fee for the authorize.net module will pay for itself in lower fees for most serious e-Commerce sites. by Instinct Entertainment
  3. Search Everything – Since most of the sites we develop focus more on their static content than on their blog posts, this plugin is essential for allowing users to search your entire site without leaving your site and relying on google. by Dan Cameron
  4. Google Sitemap Generator – The biggest benefit of using wordpress is the manual labor you save because the software already knows where all of your content is. This Plugin submits a comprehensive index of your site to google, yahoo, MSN Live, and Ask.com every time you update your site. It’s a huge boost to your site’s SEO. by Arne Brachhold
  5. Subscribe2 – Subscribe2 is a newsletter plugin for your site. It allows you to create newsletters and manage subscribers within your WordPress Dashboard. It also allows you to email subscribers when you post a blog entry, which allows you to have a permanent copy of the newsletter that you can refer people to. plugin homepage
  6. Event Calendar 3 – There are a ton of event plugins out there. This is the best & most integrated one we’ve used. It provides an iCal feed, in addition to the standard RSS feed. Since the events are created as Blog posts, it’s easy to integrate them into your site. by Alex Tingle
  7. Page Links To – by far the simplest plugin on this list, This plugin allows you to create “pages” that link to something else. It’s the easiest way to add links to your main menu, without mucking around in code. It’s good for adding a link to an external photography portfolio, for example. You could also use it to link to sections of a page, rather than an entirely seperate page, which could be useful for linking to sections of a restaurant menu, or other small sections of a larger page. by Mark Jaquith
  8. TinyMCE Advanced – I’ve posted a lot about using this plugin. It was referred to me by Jim Burke from TSG Real Estate, who needed a way to easily add classes to blockquotes, tables, and images. The plugin also does a great job of making tables work well with WordPress posts. plugin homepage
  9. XSPF_Player – As much as I’m not a fan of auto-playing music on websites, This MP3 player makes it easy to manage playlists, cover art, and artist links. It’s a great way for music venues to highlight upcoming shows. Used in conjunction with Event Calendar, you can make the track link lead to the post for their upcoming show, all of which is easily manageable from your WordPress dashboard. by Boriel
  10. pageMash – I just posted about this, but it’s worth mentioning again. This plugin makes it very easy to put your pages in order, without having to edit every page individually. by Joel Starnes

Top 10 WordPress CMS Plugins | Blueprint Design Studio

Win32 cheat sheet

Here are two favorites from this post I found via Del.icio.us. The first tip I knew about one of these but forgot how to do it. The second tip I never knew about it.

Win32 cheat sheet
fozbaca
Thu, 13 Mar 2008 13:00:00 GMT

Live takes a Dive

Vlad pointed out an outage for Live. His questions about what we are learning are worth repeating:

What are we learning here? Or rather, what should we be learning:

  1. When the service goes down, who is available to help?
  2. When the service goes down, how long does it take for the support/info request to be acknowledged?
  3. When the service goes down, do you know exactly where to go to confirm the issue?
  4. When the service goes down, do you get an ETA of the repair?
  5. When the service goes down, do you get a refund?
  6. When the service goes down, does the company offer a plausible excuse for the outage or does it just shrug its shoulders?
  7. When the service goes down, are you alerted about its recovery when it comes back up?

If you can’t easily answer those questions, you do not have a business solution. You have a best effort solution.

What’s the difference between a business solution and best effort? Well, your business is. Take a look at Sarah Perez’s account when she got locked out of her Gmail and realized there was 0 recourse for her. Woops.

Live takes a Dive

Yesterday I started using Live for my nonprofit work. I have some files I want to share between computers and I have some people I would like to share files with so we can prepare grant applications.  So here is my answer to his questions.

I view this problem the same way I view Internet issues with DNS, routing problems, unresponsive email servers, unresponsive web sites, etc. I will work around the problem until it is fixed. Live is not a critical service for me. It is a convenient service that satisfies many non-critical business needs. I am probably making a huge mistake on so many different levels if I am keeping anything out on Live that gets me thinking about service level agreements and security policies.

Options WordPress Theme: What WordPress themes should be like

A magazine theme with some interesting ideas. I do not know if I am going to use it but I may use an idea or two. Nice work Alessandro!

Options WordPress Theme: What WordPress themes should be like
alessssandro
Sun, 09 Mar 2008 09:30:00 GMT

My 10 favorite Windows programs of all time | Ed Bott’s Microsoft Report | ZDNet.com

Here is a post from ZDNet about some useful Windows programs that are low cost or free.

My 10 favorite Windows programs of all timeI’ve been using Windows for nearly two decades, and during that time I’ve tried hundreds of programs. Most come and go, but a handful have stood the test of time for me by solving a particular problem particularly well.

In this article and accompanying gallery, I list 10 Windows programs I use every day. Every one adds a feature that makes Windows easier to use or can help make you more productive. Each one comes from a company that has proven its ability to support the product and improve it over time. I’ve been using every program on this list for long enough to recommend it without reservation.

Most of the programs in this list are free; for those that aren’t a trial version is available. All of the programs in this list run on Windows XP Service Pack 2 and Windows Vista (and most run on other editions as well). I’ve devoted one full page to each program, with info and download links and enough details to help you decide whether it’s something you want to try. I’ve also provided screen shots for each program to help you see what I’m talking about.

My 10 favorite Windows programs of all time | Ed Bott’s Microsoft Report | ZDNet.com

I like to look at programs that people like to see if they have found the better mousetrap. Here is my take on his choices.

  • Process Explorer (Sysinternals/Microsoft) This is a great debugging tool but I rarely use it.
  • RoboForm (Siber Systems) I use the open source program KeePass instead. The Windows version of KeePass has an autotype feature works for most login pages. There is Linux version with a few less features. Recently I created a script to login into sites that have the login split between two screens(e.g. Banks). KeePass is free and it works.
  • Keyfinder (Magical Jelly Bean Software) I downloaded this program to check it out. I still like the tip someone wrote for KeePass. They recommended saving your product keys in KeePass. I still think this is the smarter practice. Keyfinder does not list the keys for some programs like QuickBooks.
  • ClipMate Clipboard Extender (ThornSoft Development) I guess some people like fancy clipboards and use them regularly. Some people do not care. I fall in the second group. I have used Yankee Clipper in the past but I rarely used it.
  • FeedDemon for Windows (NewsGator Technologies) This is a very good RSS Reader. I use it and it is free. Some people prefer the browser based readers like Google Reader.
  • Windows Live Photo Gallery (Microsoft) This program was somewhat interesting while I had it working. Somehow I mucked it up and re-installation did not fix the problem. I do not miss it. Flickr has more uses for me.
  • Allway Sync (Usov Lab) I use Microsoft’s SyncToy. It’s free and it works for me.
  • SnagIt (TechSmith) There are a lot of people who like this program but I do not use screen captures that often. There are a lot of free alternatives that work reasonably well if your use is occasional.
  • IE7 Pro I downloaded this program and I liked it! I think it is likely I will use its enhanced features for IE7. I had to disable the proxy to get the download manager to work.f you use IE7, you need this free add-on, which provides ad blocking, tab management, inline search, crash recovery, and all the other features Microsoft left out.
  • FinePrint (FinePrint Software) I tried Greenprint on my laptop. It seems to have the some of the features of this program. It is supposed to help you avoid printing extra unwanted pages. It does not help me. I bypass it most of the time since I either want to print everything or create a PDF with PDFCreator. Greenprint is an extra step without added value for me so I am removing it.

Some free programs that did not make the list but I use often are TrueCrypt, Notepad++, and Windows Live Writer.