Dougal Campbell's geek ramblings - WordPress, web development, and world domination.

Twitter Updates for 2007-12-11

Dec112007

Hmm… Here’s a new (to me?) webdev teamup: http://sidebarcreative.com/ #
Finally got my PHP SOAP to generate XML that the .Net service could consume: $client->_namespace = ‘WhateverItSaidInTheWsdl’ #

Twitter Updates for 2007-12-10

Dec102007

Watching the baby while my wife is at a job interview. #
Finally made to the the office a little while ago. Had to drop my car off at the dealership for "Check Engine" diagnosis. :-/ #
Need help getting PHP PEAR SOAP client to talk to a .NET service. The server end doesn’t seem to see the parameters my client is sending. #

VPS Recommendations?

Nov192007

I’m looking for a Virtual Private Server host. The server I’m currently on is woefully underpowered for the handful of sites I running (on the plus side, it’s been free), and it’s high time that I moved my stuff to a box that’s up to the task.

Ideally, I’d like the following features:

Virtual Private Server with at least 1GB of RAM (preferably with root access within my instance).
SSH shell access.
Decent monthly bandwidth allotment (at least 250GB/month).
Plenty of disk space (25GB would be be plenty, but I can live with less).
Hosting of multiple web/email domains.
PHP5 and MySQL 5.
Ability to configure many email alias fowards within each domain.
Procmail for mail filtering.
DNS hosting, preferably with the ability to directly edit my own zone files, but I’ll live with a web interface if I have to.

Those are listed roughly in order of importance. I don’t think any of these requirements are out-of-line, as I’ve seen shared hosting accounts with much nicer stats going pretty cheaply. But I’d really rather be on a VPS than on a normal shared host.

I’m interested in any recommendations. But please don’t comment with “I heard that so-and-so is good.” I need to hear from those with actual direct experience with particular hosts (the good and the bad).

Easy Gravatars version 1.1

Nov162007

My Easy Gravatars plugin is now in the WordPress Plugin Directory, and I’ve released version 1.1.

Changes:

Gravatar images now link to comment author’s URL, if provided.
Gravatar code now prepended to text instead of appended.
Added stylesheet for options page and improved layout. Split options into
‘General’ and ‘Advanced’.
New advanced option for selecting either ‘Comment Author Link’ or ‘Comment
Text’ API hook.

When time allows, I’m going to try to add support for favicons on pingbacks and trackbacks, and maybe as a fallback for people without Gravatars. I’ll also see about supporting MyBlogLog and possibly Pavatars.

Easy Gravatars with Google Analytics Plugin

Nov092007

Several people have reported problems using my Easy Gravatars plugin together with Joost de Valk’s Google Analytics Plugin for WordPress. I spent some time looking over the code yesterday and found the conflict. I sent a patch to Joost, and he has released version 1.4 of his Google Analytics plugin. I hope to release a new version of Easy Gravatars with some new features sometime next week, as well.

Creating a secure WordPress install

Oct302007

Over on BlogSecurity, there’s a whitepaper on How to create a secure WordPress install. It covers several areas, including MySQL setup, WordPress user configuration, Apache protection of directories, and some useful plugins. I’ve glanced over it, and I have mixed feelings. Here’s a quick list of notes, off the top of my head:

Pros:

There is detailed information about granting the minimum privileges necessary for the MySQL login. This is a good idea that many people probably don’t think about.
Creating a less privileged WordPress account for posting, separate from your blog admin login, is also a good suggestion.
The notes on password enumeration are important. I didn’t even realize that we were giving different error messages depending on whether the username or password was incorrect. This is a definite no-no, and something that we should correct in the WordPress core.
For folks using Apache, and who can create .htaccess files, there is a good section on limiting access to wp-includes, wp-content, and wp-admin.
The WPIDS plugin sounds useful. This plugin will try to detect certain types of potentially harmful activity, log it, and possibly block further attempts.

Cons:

There is a lot of space spent talking about changing the table prefix. This security-by-obscurity is probably going to be useless. If an attacker reaches the point that they can access your tables by name, then they’re most likely going to be able to figure out the names of the tables.
The section about restricting admin access by IP should probably be more detailed, and make it more clear that it is for advanced users, and probably not applicable for most users.
There is a section about the using the WordPress Plugin Tracker to make sure that your plugins are up-to-date. As of WordPress 2.3, there is built-in plugin version tracking, which isn’t mentioned in the paper. Granted, there are limitations (the plugin must be hosted in the wp-plugins.org repository), but I expect it to become more flexible in the future.
There is no mention about using SSL (https://...) for logins and admin functions. ~~Since WordPress doesn’t support SSL out of the box, maybe that’s not surprising. But I think that I’ve seen some rumblings about supporting SSL in a future version.~~As of version 2.6, there has been support for SSL for logins and administration in WordPress.

Despite being a little light, I think work like this is important and useful. I’m hoping that the authors will take the constructive criticisms to heart and use it to update their paper, making it better and more thorough.

Easy Gravatars Plugin

Oct242007

Since so many people seemed to be interested, I went ahead and coded up my new Gravatars plugin: Easy Gravatars. It’s designed to be simple to use — just upload and activate. If you want it to be a little harder, you can visit the plugin’s options page to set the size and rating for the gravatars, and even set the location of a default image, and tweak the CSS a little bit.

Download: easygravatars.zip

I’m going to put it in the WordPress Plugin Repository when I get a chance. Once that’s done, I’ll update this post with the new location.

Update, 2007-11-16: The plugin is now in the repository, and you should now be able to see that version 1.1 is available: Easy Gravatars Plugin

Gravatars

Oct222007

Even before the recent announcement about Gravatar joining Automattic, I had been wanting to turn on comment avatars here. I nabbed Matt’s code, fooled with it a little, and now my comments are Gravatar enabled.

A couple of things that I discovered:

I was always getting the ‘default‘ image until I added a ‘rating‘ parameter.
The Gravatar server wasn’t serving up all sizes of my image until I re-uploaded it. It worked with size=40 and size=80, but not with size=60

When I did a quick search for an existing WordPress plugin, the Gravatar plugins I found all required you to modify your comments.php template file. I made mine less intrusive. I think I’ll go ahead and code up a plugin with some config options.

New theme, same as the old theme

Oct162007

I’ve done some minor maintenance around here. Can you spot the differences? Probably not. What I’ve done is upgraded my old Sandbox 0.6.1 theme to the new 1.0 version, and made a few minor adjustments to my CSS to account for the differences. Visually, there’s not a whole heck of a lot of difference between the current theme and the previous version, other than the addition of tags to the post metadata.

Speaking of tags, I’ve mentioned before that I had been using the WordPress category system more like a tagging system, and that I regretted that decision. I’ve begun the process of undoing that choice by converting a large number of my old categories into tags. I’ve still got more categories than I want, but I’ll finish whittling them down later. I also want to experiment with cross-referencing my post tags with the tags in my Delicious bookmarks and my Flickr photostream.

glTail: Realtime Logfile Visualization

Oct112007

This screenshot shows how glTail visualizes a comment spam attack in my configuration.

A few days ago, in my usual daily link browsing, I ran across a link to something called “glTail“, which was described as “realtime logfile visualization”. I’m often keeping an eye on my server logs to catch unusual activity, so I thought I’d give it it a look. There’s a video there that shows it in action — very cool!

For those of you aren’t interested enough to click the link yet, let me see if I can give a description that does it some justice:

Monitors logfiles in realtime over an ssh connection to remote servers.
Can monitor multiple logfiles on multiple servers, simultaneously.
Currently has parsers for Apache, IIS, RubyOnRails, and Postfix logs (and I found that the Postfix parser works pretty good on Sendmail logs).
Pretty!

It’s written in Ruby, and requires OpenGL. Runs fine on my laptop under Ubuntu. And if you don’t know how to program in Ruby, don’t let that discourage you — I don’t know Ruby, but I’ve been able to modify the code enough to copy the “postfix” parser into a new “sendmail” parser, and customize it slightly. And I’m thinking about trying to write a parser for my MySQL logs. Hopefully, a future version will add more built-in parsers and move configuration into an external file, though.

Currently, I’m using it to monitor three of my WordPress blogs, plus my mail server. Several times now, I’ve easily spotted comment spam attacks, and quickly plugged them in my firewall. I added handlers to pop up notices whenever a comment is posted, and to track the posts-per-minute by IP number. One of my co-workers is planning to use it to see if our load balancer is actually balancing our web server requests evenly. All-in-all, glTail is a nice tool for your sysadmin arsenal.