Dougal Campbell's geek ramblings

WordPress, web development, and world domination.

Buggy clock

Feb282007

I’ve discovered a bug in my clock that’s been causing me all sorts of headaches. It’s really messing with my ability to complete projects when others are expecting them. If I can’t find a fix soon, I’m definitely going to have to get a new clock.

See, the problem is that this clock only counts 24 hours in a day. I think I need to upgrade my clock to a 36 hour model. That would probably give me enough time to do all my work, spend some time with my family, and maybe even get some sleep every once in a while. Yep, a 36 hour clock is what I need. Does anybody know where I can get one of those?

Two New WordPress Releases

Feb212007

Announcing not one, but two new WordPress releases: WordPress 2.0.9 (for the 2.0 branch), and WordPress 2.1.1 (for the 2.1 branch). Both versions include fixes for a minor XSS (cross-site scripting) attack vector, plus various other small bugfixes. Due to the possible security bug, all users are urged to upgrade to the newest appropriate version. See the announcement on the Development Blog for full details.

For those of you who may be confused about why there are two versions being updated in parallel, here’s a quick rundown: for WordPress to be available as an official package for Debian Linux, we made a commitment to maintain the 2.0 branch through 2010. Also, the 2.0 series still supports older versions of MySQL, while the continued development for WordPress 2.1 and beyond requires (currently) MySQL 4.0 or higher.

Also, the very observant among you might have noticed that there was no version 2.0.8 release. We went straight from 2.0.7 to 2.0.9. What happened? Well, we were just about to release 2.0.8, it was even tagged in svn and the package was available for download, but the official announcement was delayed while some new servers were being installed. Then the last XSS hole was brought to our attention, so we had to go ahead and bump the version number again for the new changes. Now you’re prepared to win the bonus round when you play WordPress Trivia. 😉

In related news, I’ve split the WordPress announcements on Freshmeat.net into two branches, to reflect the stable support for the 2.0 line and continued development for 2.1+. If you aren’t familiar with Freshmeat, it’s a service where software projects can announce their latest releases. If you sign up for an account, you can even get email notification of whichever projects you would like to subscribe to. If you would like to use Freshmeat to track WordPress releases, you can visit the project pages for WordPress 2.0 and WordPress 2.1.

AOL and OpenID

Feb152007

Here’s an addendum for my previous post about OpenID: AOL supports OpenID authentication for all(?) screennames. I’ve verified that this works with AIM usernames, even if you don’t have a “real” AOL account. In other words, if you have an AOL account or even just an AIM account, you already have an OpenID. For example, my AIM ID is EMCampbell3, which means that I could authenticate on any OpenID site using openid.aol.com/emcampbell3 as my login. I’ll be redirected to AOL’s servers, which will ask for my password, and once it’s verified, I’ll be sent back to the original site with my identity verified.

AOL, Yahoo!, Microsoft, Six Apart (including LiveJournal and Vox), Ma.gnolia, Technorati… Who’s next?

Follow you, follow me

Feb152007

Two years ago today, we released WordPress version 1.5. This was a pretty major release that introduced several new features that are still major staples of the current 2.1 branch: the Dashboard, Themes, and Pages. It also added a minor new change which was mildly controversial to some: comments were automatically flagged with the ‘nofollow’ attribute.

The rel="nofollow" idea had good intentions: to give content producers a way to link to another site without implying that they approve of it. The way it works is that if Google, or Yahoo!, or any other service that uses this standard sees a rel="nofollow" attribute on a link, they will ignore it. They don’t follow the link, and they don’t count the link in the destination site’s ranking calculations. One of the main use cases (as in WordPress’ case), was to reduce the effectiveness of comment spam, because the spammers would not get any “Google Juice” out of the links. Hurray for our side! We just stuck our finger in the spammer’s eye!

Unfortunately, we also tweaked the eyes of our regular readers, most of whom could probably use a little of that Juice. “Oh well,” we said. “That’s just the price we have to pay for a little peace of mind.” Well, most of us said that. Some were adamantly opposed to the nofollow idea. Many of us knew that it was just a bandaid, and that it wouldn’t really deter spammers from trying, it would just reduce their ability to get high rankings in search engines.

At the time, comment spam was a pretty major problem on many blogs, and there weren’t many effective remedies. It seemed like all of us spent the beginning of each day going through our comment queue, manually deleting the garbage that made it through the gauntlet of whatever defenses we did have in place. So, nofollow was the last-ditch attempt to deny satisfaction to the spammers when our other measures failed. But it did not discriminate. It had no way to know whether it was de-juicing a good guy or a bad guy. (Eric Meyer had some good thoughts on this subject, BTW.)

These days, many sites have better anti-spam measure in place. Akismet has been very effective, and many WordPress users swear by Spam Karma 2. With measures like these in place, hardly any spams ever make it through to be displayed on your blog. And if they do, hopefully you delete them pretty quickly after they appear. So, that’s even better than just telling search engines not to index their links. They can’t index something that they never see in the first place, right?

With that in mind, I’ve installed Kimmo Suominen‘s dofollow plugin here, and configured it to remove the rel=”nofollow” attribute from comment links after two days. The two day limitation is to account for the occasional hiccup where spam might make it through over a weekend, and I don’t get to delete it immediately. The important thing is that I’ll be giving back the Juice to the comments that get to stay here. If you’ve got a WordPress blog, and you feel like comment spam is under control on your site, I encourage you to do the same.

OpenID News

Feb132007

Since my WordPress upgrade and theme change, the OpenID sign-on functionality here has been a little iffy. I think I’ve got all the kinks worked out now, and it should be working correctly again. There seems to be a buglet in the functions that attempt to automagically add the OpenID login fields to the comment form. So I had to disable that option and manually edit my comment template file to insert the appropriate bits. I don’t like having to modify the theme files (it’s going to make it harder to upgrade when a new version of Sandbox comes out), but that was my best solution, short-term.

In other news, Microsoft is working on interoperability between OpenID and their CardSpace™ framework. This is going to bring a lot more attention to OpenID. Microsoft has tried entering this field before, with Hailstorm. But they tied it exclusively to their proprietary Passport service. This new collaboration will be building on the existing OpenID infrastructure, which is open and decentralized. Of course, this doesn’t replace Passport, it will just mean that Passport will be one of many identity services that one could use to log in to various OpenID-enabled sites, or that one could use an established third-party OpenID to authenticate against a CardSpace site.

And if that wasn’t enough, Simon Willison announced a new service called idproxy.net, which allows you to use your Yahoo! account as an OpenID credential. So, if you already have a Yahoo! account, you’re half-way to having an OpenID that you can use (with the trust level you have in Yahoo) to login to OpenID-enabled sites, via idproxy.net.

And last, but certainly not least, there’s the new videntity.org OpenID provider. What makes this one ubergroovy is that it has support for FOAF, vCard, and microformats like hCard and XFN. And it can both import and export multiple formats for the contact info. So, not only does it act as an OpenID authentication service, it can also serve as a general, multi-format identity provider. This service can store a lot of different profile information, and you have full control over which bits are public and which ones stay private (to be provided to other sites only with your explicit permission).

To get a better idea of what I mean by that, check out my profile at dougal.videntity.org. What you see there is just the information that I’ve chosen to make public — in my private profile I have additional information entered. Interesting to note here is that the links in the “Ernest knows” section were automatically imported from the XFN information here on my blog. It also imported some of my other info from hCard data on my site. I could also have imported information from my FOAF profile (if I hadn’t let it get so out of date).

If you haven’t really been following OpenID, or if you’re still confused about what it is and what it means to you, why not just try it out? Pick any of the numerous services out there, create an account (quick, while you can still get ‘myfirstname.someservice.com’!), and then use your new ID to login to an OpenID consumer site. Like this one. And if you have a WordPress blog, you can use the OpenID Delegate plugin and use your own URL as your OpenID. For example, if I want to login to an OpenID site, I just enter ‘dougal.gunters.org‘ as my login ID. I am then redirected to myopenid.com (which is currently my chosen delegate) for the actual authentication.

If you still want to do some more research, you might want to check out Planet OpenID, which aggregates the latest news.

Reinvigorated

Feb072007
Reinvigorate Stats

Reinvigorate’s Hourly Stats

About a year-and-a-half ago, I wrote about how the Reinvigorate web stats service was entering a private beta, and I hoped to get a chance to try it out. I applied to the private beta program and waited. And waited. And waited some more. Then I sent them an email, and they said they were still working on it. And so I waited… Then I finally gave up, and tried some other tools like Google Analytics (which I don’t look at much) and MeasureMap (which I like a lot).

Well, all my waiting finally paid off. I received an email last week inviting me to the Reinvigorate Private Beta. I immediately signed in and activated tracking for this site. The new stats are a little different from what they used to provide, but they definitely give you some nice breakdowns of the information.

I’m particularly interested in the information on click-paths. I’m finding that only a few visitors dig down into the site. I want to add more prominent internal linkage to encourage people to explore, and I’ll be able to use this information to help gauge whether or not changes I make are effective. A couple of changes I’ve made recently are the addition of links to the next/previous post on the single article pages, and the addition of the page navigation buttons at the top of each page. Additionally, I’ve created an Archives page using the archive template in Sandbox.

I think that they’ll be opening up for more beta testers soon, so if you’re interested, you might want to head over and register: reinvigorate.net

Upgraded

Feb052007

Okay, I think things are finally (more-or-less) back in shape around here. Sorry about the problems you might encountered here over the past few days. I finally upgraded this site to WordPress 2.1, but I encountered some problems along the way. The problems were really indirectly related to the upgrade, and turned out to be my own dumb fault.

On Friday, I decided to use my lunch hour to perform the upgrade. I backed up my database and my wp-content directory, deleted all the old WP files (I traditionally haven’t bothered with that step, but I knew that several files were renamed/outdated, and I wanted to do some general housecleaning anyhow), installed the new ones, and upgraded the database schema via wp-admin/upgrade.php. Everything looked fine. I switched the theme over to Sandbox and activated the ‘Rockem Sockem’ skin that I had created previously. Then I began activating my sidebar widgets to get my sidebar set up the way I wanted. It was around this time that I started noticing problems…

I started seeing really slow page loads and blank pages, and most of the time when I tried to access an admin page, the browser would time out, or think that it needed to download the page instead of display it. The load on the server was higher than usual, so I figured it was spammers hammering my site at a bad time. Except that when I watched my logs, I really didn’t see much suspicious activity. I wrestled with this for a while, still thinking that high server load was causing the site to have problems. I figured that perhaps upgrading from PHP4 to PHP5 might gain some improvements, and spent a few hours compiling PHP 5.2.0 and recompiling all the associated extensions that I needed. Nope, that didn’t seem to help.

Then at some point, on a whim, I brought up my wife’s web site, which runs on the same server. And what do you know — it came up just fine. I could also login and navigate the admin pages without any problems. Sooooo, the problem was just in my site. Probably a malfunctioning plugin. I disabled all the plugins by renaming the plugin directory temporarily and reloading the page (WP will automatically disable any plugins that it can’t load up, in case you weren’t aware of that trick). Voila, the pages loaded fine. I began re-enabling plugins one-by-one, starting with the ones I was most sure were okay, gradually working down to the likely culprits. Until I finally found it. It was my Now Playing widget, which I had recently (and hastily) refactored. Arg! It was my own fault that I had been having so many problems!

I haven’t narrowed down the exact nature of the problem yet, so that widget remains off. I suspect that the root of the problem is in the old Amazon search library that I’ve been using. I had meant to write my own, updated, stripped-down functions for that, but hadn’t gotten around to it, yet. I suppose I’ll be doing that soon(ish).

So, with that said, welcome to the new improved geek ramblings, powered by WordPress 2.1!

Dougal 4.0

Jan302007

Today I turn the big Four-Oh. I’m not sure how I should feel about that. Since I’m a web development geek, how about we consider some possible responses in terms of HTTP 1.1 Status Codes:

I suppose the expected response would be 406 Not Acceptable. How could I possibly be forty? Where did the years go? Many people’s reaction is 416 Requested Range Not Satisfiable, also known as a “mid-life crisis”. As Adam from Mythbusters would say, “I reject your reality, and substitute my own!”

I don’t really feel any different, though. I feel 304 Not Modified. Today is just a day like any other. But with more cake. Overall, I’m 200 OK. I’ve just 202 Accepted it. After all, it’s better than the alternative to getting older — 410 Gone!

Upgrade Imminent

Jan302007

I’ve spent some time converting my Rockem Sockem theme to a Sandbox skin, and getting my Now Playing hack converted into a sidebar widget. I’m more-or-less happy with the results, so I’ll be throwing the switch sometime soon. Be on the lookout for changes around here, and let me know if you spot anything broken.

Virus Alert

Jan292007

I don’t usually do this, but I think this is serious enough that we need to get the word out. This virus sounds particularly nasty, so make sure you take every precaution — update your anti-virus software, backup your systems, buy extra bread, milk, and eggs, and keep your kids indoors: Virus Alert – “Bedtime”.