Mostly Harmless

Mostly about my amusement

Year: 2008 (page 14 of 22)

June 3, 2008

Sigh, WordPress users and hacking

If you are not running the latest version of WordPress and you get hacked, don’t go to the WordPress forum and tell the world.  Odds are you invited the disaster yourself.

When WordPress 2.5 came out I was disappointed to find that the old version 2.3.x was basically abandoned.  There would be no more planned patches for 2.3.x just the current 2.5.  The 2.0.x branch would continue to be supported as part of the commitment to the Debian version model.

So as of right now versions 2.0.11 and 2.5.1 are supported. If you are running 2.2.x, 2.3.x, 2.5(.0), or any other version then you run the risk of being exploited.

So why do users continue to use the old versions?  Everyday there are posts in the support forum that (so far) always deals with someone’s blog getting hacked and they are not using the current 2.5.1 version (as of this writing).  Eventually someone writes “I’ve been hacked” and some other user writes “Is this a vulnerability of insert current version HERE?!? Why are the developers not doing SOMETHING?!”.

It’s like there is some axe to grind and the first one to find the axe gets 1000 gold points.  The moderators usually show great patience; I’d get ticked if I were them.  These users seriously should just avail themselves of WordPress.com and stop trying to self host a blog.

The freely available WordPress from WordPress.ORG is not commercially supported, and commercial support if often not that good anyway. So for anyone who is thinking about using WordPress.org’s software, they should be able to do the following by themselves.

You need to be able to make backups.

Read this Codex article for backing up your WordPress installation.

WordPress uses two components.  The easy one is the file system and backing that up should be trivial.  I use a shell script that creates a tar.gz archive every night.  Another cron job deletes backups that are older than 30 days.  Why fill up my disk?  The backups are not for historical use, just to get me back to the state I was 24 hours ago if need be.  30 days is too much but hey, disk space is cheap.

The mysql database is the other component.  The same backup script also creates a text dump of my entire WordPress database.  This copy gets gzipped and added to my file backup.  The mysqldump command is your friend and should be used.

You need to be able to know how to restore those backups.

The Codex has a good article on how to restore your blog database here.

Making the best backups is pointless if you don’t know what to do with them when the “Bad Thing” happens.  Take your backup and restore it to a WAMP or LAMP installation on your own PC.  If you need a Windows Apache Mysql Php setup, use Google and install the one you feel comfortable with.  In Linux just add the packages (See this link for Ubuntu).

Once you have the Apache web server, Mysql, and PHP running locally on your PC then start playing.  Install WordPress locally, restore your backup and just change the name of your installation in wp-config.php to localhost and test.  To adjust your local installation to run on your PC just add these two lines to the copy of the wp-config.php on your PC:

define('WP_SITEURL', 'http://localhost');
define('WP_HOME', 'http://localhost');

Then on your PC point your browser to http://localhost/ and test it.  Beat it up; it’s a local copy on your PC.  Go nuts on it and confirm that your posts, categories, tags, comments, etc. are all there.  Anything on your PC that you mess up in WAMP or LAMP should be no big deal.  Just start over if you get lost.

Play with it until you understand what you are doing, because when you DO lose your blog you’ll need to do this for real.

Practice performing an upgrade on your PC’s local copy.

That sounds like a plan right? Some plugins don’t work with the latest and greatest version.  If the version you are running is vulnerable to an exploit then you don’t need that plug in.

Security updates are the number one driver for minor number version releases such as 2.5 to 2.5.1.  Yes, there are bugs but they usually are tolerable.  Exploitable code is serious business and usually gets fixed quickly.

Once you are comfortable with upgrading and testing your local installation, upgrade your real blog.  I personally keep good backups and know how to restore them so I never bother with this step.

If you know how to backup and restore your blog, then even if the upgrade is bad, you will be able to put it back the way it was before the upgrade.

May 29, 2008

It was not all cod liver oil today

Now to work on turning

After his homework was completed, the boy finally rode his bike without training wheels.

Sunday his training wheels became bent so we took them off. You can see how it happened here. The culprit apologized but we had wanted to take them off anyway so it worked out.

He practiced for a while Monday but was not able to get going.  Today he and I went out, I ran next to him with my arms at his side and he took off.

He needs to work on his turns, but he is not afraid to fall and that got him going.  Like skating, he enjoys the idea of moving really fast and not getting into trouble.

Oh yeah, and next time he will wear his helmet.

May 29, 2008

Better than washing his mouth with soap

My son will turn 7 this year and like many first grade kids, he has learned some swear words. He also learned that he is NOT to say those words.

Today I met him when he got of the bus. I began with “We spoke to your teacher today” and he quickly replied “Yes I know. I’m sorry, I said a bad word.”

Now today we had a scheduled parent teacher meeting.  I had no idea he used a “bad word” and I was going to say that I was impressed with how well he is doing in school.  We started with the usual lecture about swearing and he pretty much gave us the brush off and made it clear it was no big deal.

Uh huh. I immediately drove to Pathmark, went straight to the pharmacist, and asked them for a bottle of cod liver oil.  This got an odd look and when I told them what it was for they said “Healthy and yet tastes awful”.  It’s a great source of vitamin A and D.

When I got home, my son was making it clear that he was not going to have any.  I took out the tablespoon and the teaspoon and explained “If I have to make you drink this, you are getting the big spoon.”

After some hysterics and me making it clear that he is not getting out of this, he took the teaspoon.  He rinsed out his mouth but trust me, he’ll be burping that taste for hours.  I should know, how do you think I came up with this idea?

May 29, 2008

Getting into photography

I’ve been playing around with the D60 and some digital editing.  Nothing much, just minor adjustments and cropping.

Walking to Penn Station

Since I’m doing such minor editing I don’t bother purchasing any photo applications like Adobe Photoshop Elements.  The freely available Paint.NET is more than enough for me so far and the more I look at it, the more impressed I get.

Per Stefan’s recommendation I’m shooting photos in RAW. I was using JPEG normal but even I noticed defects in images that I’m taking, so RAW seems to make sense for now.

In order to start using NEF files (Nikon RAW format) I have done the following:

  1. Install the Nikon NEF codec.  For my Vista 64 bit system I had installed this one.  The 64 bit one is beta, so check that web site often for updates. Installing the codec is for ease of use.  All it buys me is the ability to see a thumbnail in windows so I can find the file I really want to edit.
  2. Install this plugin for Paint.NET.  It lets me import RAW files.  I can’t save them in the same format but TIFF works out well for that.  When you install the plugin on a 64 bit system, make sure it installs in the correct directory.  For faster processing you can get optimized dcraw binaries here at the dcraw web site. Update: Per Benni’s comment, also see the Dave’s dcraw web page here.  Dave is the author of dcraw and has a good FAQ about the program and the portable source code.
  3. Install this plugin WordPress Media Flickr.  Okay, not for editing exactly but I use it to link images on Flickr into my blog posting. I had to make a change to my PHP5 installation but no big deal.  I can select my photos easily and if I wanted to I could search other peoples Flickr photos.

Now I can load up images and just work on then pretty easily.  I plan to check out Paint.NET’s forums and work on some goofy edits.

May 26, 2008

Memorial Day Weekend

More USS Kearsarge

This was one busy weekend.  Friday and Saturday was spent going and coming back from Strasburg, PA.  Sunday we had a family BBQ with friends over.

Today we went to the city and saw the USS Kearsarge.  It’s in port as part of fleet week in the city.  Lily took our son last year Friday before Memorial Day.  This year we had too much going on and had to go today.

Memorial Day is a busy holiday alright and it was a mad house.  All fun and cool, but the ship was packed with people.  You can see the photos I have uploaded to Flickr here.  We went with both kids and my brother Alek.  After I shot over 100 pictures, I lent the camera to Alek and together we shot almost 400 pictures.

The kids are in energizer bunny mode.  They napped on the ride back home and now they are ready to go again.  Me and Lily are just plain out.

Tomorrow is back to work.  After going to Strasburg and walking in the city, I plan to pick up a Lowepro 200 backpack.  Carrying the camera using the stock Nikon bag was a drag.  It’s not meant for walking around with.  A back pack means more comfort and less pain.

I mean, why spend the money on a DSLR kit if you are not going to carry it around and go nuts with it?

May 24, 2008

I got the Nikon D60

Old Trains from Strasburg, PA

Well that was not too difficult.  After doing some shoping we went to Costco and picked up the Nikon D60.

We went the next day to Strasburg, PA and I took about 300 pictures of the kids and the trains.  Got back today and used Paint.NET to touch up some of them before uploading them to Flickr.

Paint.NET rocks.  Once I got into a work flow, croping, rotating, and adjusting the colors became a breeze.  You can see what I’ve uploaded at my Flickr page.

May 22, 2008

To Digital SLR or not

I’m not a camera person.  I have a really good memory for events and like to talk to people. I can’t show people what I saw but the telling is very entertaining.

This really means I take lousy pictures, mostly because my hands shake. Using a small camera like our Canon SD400 always get a poor photo.

One of my brothers is a genuine camera enthusiast.  His current camera is a Nikon D80 and he looks longingly at the D300.  If he won the lottery he’d go nuts and get a D3 with a whole compliment of new lens, new flash, tripod, etc.  You can see Stefan’s work at his Flickr page, he really enjoys working with his camera.

Doing his civilian duty to boost the economy, Stefan has been successful at getting co-workers to purchase DSLRs.   One of our co-workers recently got a Nikon D60 and let me play with it.

It’s a remarkably comfortable camera.  The package came with two VR lens and just for goofs, I took some test pictures by zooming the 200mm lens out, standing in my most awkward pose and shot a photo of a sign.

The picture was very stable, no blurriness at all that I could complain about.  Playing with the aperture size, ISO, etc, got me different yet cool results.  I played with the 15-55mm lens as well; the D60 is targeted at people like me who are thinking of getting into semi-serious digital photography.  Since I’m not clever enough to just rest the camera, the VR lens are great.

The owner of the camera had shot over 900 picts in only a couple of days; I could easily see my self tormenting the family taking lots of pictures like that.

I had no idea what I was doing but it was pretty entertaining to me.  So now I am thinking about pricing out that D60 package.  We’re planning a couple of trips with the kids and being able to post decent shots would be a bonus.

May 18, 2008

More HG Gundams

When I can I like to work on my Gundam models.  It’s a hobby and it’s not computer related so that makes it a good thing.   Both my kids enjoy watching me assemble the models and as an added bonus I build some just for them.  They get to keep the models I make for them and they take good care of them.

They’re 5 and 6 years old. Sometimes they get out of control (like all kids do) but when it’s important to them they really are well behaved.

I’ve completed the HG Dynames from Gundam 00.  Not quite as good as the HG Exia but not bad either. Here is the picture.

HG 1/144 Dynames

Finishing the HG Dynames freed me to let my girl pick one from her pile.  She asked me to assemble the HG Gundam Astray Red Frame.  As I assembled it, she would look at the finished pieces.  She sat right next to me as I completed it and really admired it when it was finished.

It’s not often that I can get my girl to appreciate what I am doing. But when she and her brother do give me their undivided attention, it’s great.

HG Gundam Astray Red Frame

Since I completed the girls model, the boy wants me to start working on one for him.  He’s selected the 1/144 HG Strike Rouge + IWSP.  It’s bigger than the other 1/144 models so he might be asking for it as a competition for his sister.  He always asks for me to build him model that have large back packs.

« Older posts Newer posts »

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 16 other subscribers
Jan Dembowski

Jan Dembowski

I am a software enthusiast who is easily amused and definitely mostly harmless.

View Full Profile →