The Code Cave

Ok everyone loves to bash Vista. It’s the in thing. I get it. I run vista with the User Access Control (UAC) turned off. Once that is done, it is modern version of Windows XP with some nice features built in. Now some of these have been made available in a limited fashion in XP service packs, like this first example: the integration of the internet into the Open Dialog box.

This is one of my favorite Vista features.
I’ll demonstrate in this video:

WordPress 2.6 has been been trouble.  There’s been confusion about whether it would be out in July or August.  There was one date in the road map, and one in Trac.  On Sunday night, Charles Stricklin and I recorded episode 43 of The WordPress Podcast and I stuck with the August date that was in the Trac tool used for development. 

Then the next day Ryan Boren sent this reply to the WP Testers mailing list the next day:

On Mon, Jun 23, 2008 at 1:01 PM, Kirk M wrote:
> Do my eyes deceive me or am I seeing a due date of July 7th for the release
> of 2.6 with a fall back for July 14? Any reason for the releasing a month
> early? I’ve barely setup my test sites figuring I had a month to go ye;). 

[Ryan Boren Replied:]
There was some confusion because the roadmap had July and trac had
August.  Given that all of the features went into 2.6 early and that
its been running this whole time on wordpress.com and lots of our
personal blogs, a shorter beta seems doable.  I think we can launch
the beta cycle now, pound on it until the 7th and decide if it’s
ready.  If not,  pound it another week and decide of it’s ready.  I
merge 2.6 to wordpress.com almost daily and get tons of feedback in an
instant.  I’m pretty confident in being able to finish off 2.6 in a
few weeks.  We won’t be adding any more features to 2.6 so there’s no
need to linger for an extra month.  Also, a July 2.6 release allows us
to consider an early September 2.7 release that focuses on pulling in
some of the GSoC work.  That work would be too much to try to push
into an early August 2.6 release.

Ah, well you win some you lose some.  At least I wasn’t the only one who thought it would be August.

Since then a much more controversial debate has arisen.  Westi made the announcement that WordPress 2.6 would have the XMLRPC feature turned off.  XMLRPC is the technology that allows programs like Windows Live Writer, MarsEdit, ecto and other external blog editors use to communicate with your WordPress blog.  Here is what Westi had to say about it in his announcement:

WordPress 2.6 will be more secure out-of-the box including better support for running the admin over SSL and changes to disable the remote publishing protocols by default.

We have choosen to disable Atom Publishing Protocol and the variety of XML-RPC protocols by default as they expose a potential to be a security risk.  So from WordPress 2.6 onwards you will need to go into the Settings->Write page and enable them individually if you want to use them.

Mac software developer and MarsEdit creator Daniel Jalkut believes this to be a fundamentally wrong choice.  He’s said so on the wp-hackers list and on his website:

WordPress’s decision to shut off remote access by default is analogous to a bank offering unrestricted drive-through access to its cash machines, while requiring pedestrians to ring a bell and wait for a security guard to open the door to the machines.

Also worth considering: if a service is disabled by default for security considerations, what message does that send to people who choose to, or who are encouraged to turn the service back on? It sets up a perception of insecurity which may not even be warranted. If the remote publishing interfaces are insecure, they should be fixed, not merely disabled!

I think that’s somewhat misleading.  It makes people think that the switch has to be set  over and over again.  It is much more like, when you open a savings account, checking either the box that says you want an ATM Debit card and/or the box saying you want to access the account through the online site. Eliminating either of those options would make your money more secure.

I agree that there is an issue with people upgrading and finding that MarsEdit, Livewriter or whatever doesn’t work. That is easily solved by keeping the XML interface off by default on new blogs, but not changing the behaviour for upgrades.

But why not just “fix” the security issues?  Well the truth of the matter is that you can no more "fix" all security risk in xmlrpc than you can "fix" it in any software program.  It is a moving target.  New methods are thought of and software improvements introduce new avenues never thought of, even if there is a layer between the final interface and the database.  So even if WordPress was completely clean in 2.6, how can you prove that it is secure in 2.8 or 3.0.

Is xmlRPC secure in WordPress 3.0?  I don’t know it doesn’t exist yet.  But I do know if it is disabled for new blogs, that the new WordPress 3.0 blogs won’t face an XMLRPC security risk.

I found this in a friend’s 404.html file:

< !--
- Unfortunately, Microsoft has added a clever new
- “feature” to Internet Explorer. If the text of
- an error’s message is “too small”, specifically
- less than 512 bytes, Internet Explorer returns
- its own error message. You can turn that off,
- but it’s pretty tricky to find switch called
- “smart error messages”. That means, of course,
- that short error messages are censored by default.
- IIS always returns error messages that are long
- enough to make Internet Explorer happy. The
- workaround is pretty simple: pad the error
- message with a big comment like this to push it
- over the five hundred and twelve bytes minimum.
- Of course, that’s exactly what you’re reading
- right now.
–>

Does anyone know if that is still the case? I haven’t come across this before, but it is sure worth knowing about even if it is ie6 specific…

When working with graphics files on your blog, it is always smart to optimize their size for their targetted use. A simple corner picture does not need an original size of 8.1 mega pixels. On a windows machine, MS Paint can handle that sort of transformations, with a little pain and bloodshed. I’ve also written and posted here a console app to do the dynamic resizing. Gimp is awesome, but it is over kill.

I strongly encourage Windows users to check out Infranview. You might look at the site and say “Oh it is just a viewer”, but it is soooooo much more than that. Though it is the one of the best picture viewers out there, it also handles basic graphic manipulation better than most other software out there, even the pro stuff.

File resizing is very simple. However following their “It is trying to be simple for beginners and powerful for professionals.” goal, it allows you to, in the advanced menu, choose from various resampling methods in case the image just looks wrong when you resize it. Most programs use the 1 method the programmer preferred and you are stuck with it.

You can get it here:
http://www.irfanview.com/

and once you load the plugins from here:
http://www.irfanview.com/plugins.htm

(I prefer this mirror for downloads.)

You’ve got a powerful graphics manipulation tool that can even accept any photo shop 8bf plugins that you have lying around.

(BTW xnview is a infranview knock off, but it does have pocketPC and Smartphone support and works nicely as a viewer on those platforms)

If you are at WordCamp 2007, one of the best sessions was Google’s own Matt Cutts discussion on optimizing your WordPress blog. You can see the whole presentation over on John Pozadzides site’s One Man’s Blog. Here is the link. You can see in Matt’s Whitehat SEO tips for bloggers slide show that one of the things that WordPress “suffers from” is that you can reach the same data from multiple sources.

You can get to the same article by browsing by category, by day, month, year etc. etc. etc. Each time Google sees the same data repeated on your site again, it hurts your site a little bit more.

This bit of code will help fix it. It goes into the header part of your blog and will tell Google that it should ignore all of the pages that are not the orginal source of the article.

Here you go:

I was just over at the PHPMyAdmin site and saw this quote:

 Welcome to phpMyAdmin 2.11, which will probably be the last series supporting PHP 4.

Notice the ”probably” stuck in there.  They are testing the waters.

If phpMyAdmin is dropping the whole PHP 4 line, it just might push the WordPress adoption time a bit further.  Where phpMyAdmin goes, I have to think,  the ISPs will not be slow to follow.

OK this is a MAJOR shout out to Daniel Wischnewski for teaching me some new keyboard shortcut.

Did you know that the first ten (upper) programs in the Quick Launch area are accessible with the [Win]+[1] through [Win]+[0] key combos?

For example in my setup [Win]+[1] is ZTreeWin.  [Win]+[4] is the Vista Snipping Tool (C:\Windows\System32\SnippingTool.exe Try it!!!). [Win]+[0] is the DOS prompt.

Pretty cool Eh?

Do you know all of my icons? What do you keep on your quick lauch bar?

Hi all!

Remember me?

I’m the guy that pretty much disappeared off the face of the earth back in May! I have been THOROUGHLY enjoying my new job at b5media. And there’s been soooooo much to do at b5 that I’ve not been taking the time I should have been taking to visit with you guys. When I started at b5 the posted blog count was 185 or something like that. The count is currently 260 blogs. Yes, we’ve added 75 new blogs in the last four months. And there are a good many more blogs on their way.

As a result of five months of fun and mayhem (Heck, I’ve even been out to WordCamp and had supper with Matt Mullenweg and the whole automattic gang). I’ve got loads of tips to share with you, things I’ve learned to do better. What enables me to do that is that we’ve just hired a great new employee, Corey Shaffer. He was my student for the 2007 Google Summer of Code project. He’s been a tremendous help at b5 and has helped tip the balance between the day to day tasks of mananging a existing network of 22 dozen blogs and the need for forward progress.

So, now I feel that I can responsibly take some time to get back into the WordPress world on my own again too. Oh I’ve still been out helping other with their blogs. I helped my sister with a site for the family of my Brother in Law’s army unit: The 298 Sandbandits. I also helped a friend get his own blog running: Iggy the Biker. But I haven’t done much for just me.

Well in October, that’s gonna change. I’m starting the month by falling back to my old tried and true and I’m posting a Delphi program I wrote tonight. It’s a really simple program that I’m going to find incredibly useful.

All it does is reverse the slashes of what is in the clip board. How is that useful? Well, in my setup I work in a Telnet (SSH) window half the time and half the time I use SFTPDrive to map the b5media resources to my local drives. Well when I am in telnet my paths might look like this: /var/www/blogname/.htaccess. But if I want open up that .htaccess file in Notepad++, I have to change the path to look like y:\var\www\blogname\.htaccess. Now I have a simple way to do that. In fact I just used it to convert the slashes. I’ve got a shortcut to that program on an auto-hide taskbar on the left side of my screen. So I just click it and boom the slashes are reversed (again) like this: /var/www/blogname/.htaccess. That is sooo awesome.

And it was sooo simple. I’ve been wanting to write this for ages. I actually did write it in Delphi 5 but it didn’t work under Vista (which came on my laptop). I’ve now rewritten it using CodeGear RAD Studio 2007 (which is simply awesome). And it works great!

Here’s the code & exe in a zip: http://www.thecodecave.com/downloads/delphi/SlashFix.zip
program SlashFix;

Here’s the exe only: http://www.thecodecave.com/downloads/delphi/SlashFix.exe

Of course the version I use is tweaked a bit to work specifically with my common tasks at b5 and will be growing even more. I’m sure you can thing of ways to automate the tasks you do everyday in the same way.

Any way, more tomorrow. There’s another b5 blog that is launching tomorrow, and I’ve got to tweak somethinb befor it launches. Here you can check it out: http://www.LadiesCourt.com/ which is all about Women’s basketball. I just wish that the Cleveland Rockers were still around to be featured on it. My kids went to a number of cleveland Rockers games and we have still have some logo material around.

I was providing some of my user agent strings to Aaron for some of our internal development.  I thought I’d log them here.

Here are the browsers I’m running on my laptop, as websites see them:

Opera/9.22 (Windows NT 6.0; U; en)

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; .NET CLR 1.1.4322)

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506; .NET CLR 1.1.4322; MAXTHON 2.0)

Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6

Mozilla/5.0 (Windows; U; Windows NT 6.0; en) AppleWebKit/522.13.1 (KHTML, like Gecko) Version/3.0.2 Safari/522.13.1

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)

Did you figure each out?  They should be pretty self explanitory.   That is the point after all. (BTW: The last one is through a virtual PC.)

In working with websites, the only major browser I’ve not been able to test under was Safari.  I’ve got IE6, IE7, Firefox, Opera and Mozilla installed and even Konqueror on dual boot on my desktop.  But I never could test for Safari.  That’s now changed!

You can download Safari for Windows XP & Vista here: http://www.apple.com/safari/download/