plip blog

For a long time now I've been a fan for Dell's monitors. I was one of the first folks at work who suggested we cut over from Apple's expensive (and prettier) monitors to Dell's cheaper (and more utilitarian looking) monitors. This is all due to my obsession with hi-res and large monitors.

Very recently, I noticed something odd: Apple is now cheaper than Dell in the big monitor game. The new hotness is IPS for high contrast and great viewing angles (here's the crappy wikipedia IPS link). Yup Dell's 27" U2711 is $1100 or their 30" U3011 is $1500. Apple is no longer selling (or not really trying to sell) their 30" and their (only?) monitor, the very same one in the iMac, is a 27" LED Cinema Display for $999. Black is white, up is down and dogs are living with cats.

This all said, you'll have to deal with super future thinking Apple and their mini DisplayPort only monitor. However, it does come with speakers and nice webcam. For now though, I'm still gonna stick with my 24" Dell I've had for the last 4 years or so. Frickin love that thing.

I a while ago I saw how amazing the WordPress plug-in infrastructure was. As a privacy nut, I thought it would be rad if there was an easy way to make every page of a blog be a 404. For humans, they would not notice. For robots, they would think there was nothing there.

Without further adue, I give verison 1.0 of The 404er plugin for WordPress. Use wisely!

Though I'm trying to be less and less attached to my material possessions, I do have some that I love having. Two that come to mind are some of the first tools I ever got. They're nothing fancy, they're beat up, but I love them and every time I use them I think of all the things I've fixed, built and destroyed with them. I also like that the screwdriver is a bit melted from the time I learned about electricity. Pow! There goes the fuse and a chunk of my screwdriver. A few singed eyebrow hairs and I was fine. I think my fave are the dikes.

The sun was setting the other day and I had just used these two guys. I threw them down on the cement and did an ad hock photo shoot. You can see I used the screwdriver as a third leg to get a close up of the jaws of the pliers.

As I've mentioned time and time again, you should keep your WordPress instance up to date. Go upgrade today! I just did and it worked with out a catch. Ever since 2.7 when they released autoupgrade with SFTP support, It's much more simple to keep things current. Don't open up FTP to your server (no passwords in the clear!), but do open SFTP and make your life much easier.

OK, I just finished doing up version .02 of Plip's Vimeo JavaScript Embedder v.02. I'd say it's stealable, but that you'll likely want to wait a bit for. There's a couple of reasons:

• It doesn't work in IE8
• It's lot's of code chunks instead of one tidy package
• I'm not done with it

While doing research for this I found the Video for Everybody project which I love. You should definitely check it out and this may be where I try take this project:

Video for Everybody is simply a chunk of HTML code that embeds a video into a website using the HTML5 <video> element, falling back to Flash automatically, without the use of JavaScript or browser-sniffing. It therefore works in RSS readers (no JavaScript), on the iPhone / iPad (don’t support Flash) and on many, many browsers and platforms.
- camendesign.com

My gut feeling is that this solution won't work until Vimeo changes things a bit. Right now the main point of my work here is to fetch the large thumbnail which currently has to be done by JS. Using JS goes against everything Video for Everyone stands for. Still, super cool and possibly a worthy non-JS solution.

Stay tuned!

Recently slashdot posted this:

Massive Number of GoDaddy WordPress Blogs Hacked
A nasty little exploit has hit a large number of GoDaddy-hosted WordPress blogs this weekend. The best part is that the exploit only executes when the traffic is referred by Google, making it the sort of thing that site maintainers won't easily notice. Clever and devious.
- Slashdot

Immediately, with out reading any more of the sources for the article I had my suspicions that this was nothing new. The part where they say "only executes when referred by Google" (or refered [sic] :) is what tipped me. This was an old hack for old version of WordPress, topics I've written about before.

Digging deeper and looking at the source article, I see that that an enterprising hacker has gone the extra step of trying to turn your computer into a virus filled bot computer (or some other nefarious sounding term). The write up, with breaking news current as of today, is over at wpsecuritylock.com. The break down of the virus payload and sources was then attempted over at some dude name Dancho Denchoev's blog. Dancho's write up looks good, but use of "emerging threatscape" in is bio doesn't look so good.

My take on all this is going to sound familiar: you must be vigilant about keeping your software up to date. I suspect that a lot of the GoDaddy customers feel they really got the shaft. Most likely these WordPress installs were all copies of the same older WordPress installed via a control panel for a domain that said "Set up a blog in 1 click!". This is a great use of an open source project and WordPress is a really good candidate to be the one click code base for a blog. However, the end user at GoDaddy probably knows more about their flower pots or farmers market they blogged about, than about how to upgrade their blog. I'm not entirely sure it should have fallen to GoDaddy to keep up to date, but enabling easy updates (it's built in since…um WP 2.8?) via SFTP and really extra for reals making sure folks upgrade would have gone a long way. Further, there's all kinds of ways you can harden WordPress. You don't want to be Network Solutions with their big hack (nor suffering the wrath of a WordPress author!).

Speaking of WordPress authors, you should check out their Codex entry on the Hardening WordPress. It's a good, holistic approach at security.

Just a quickie – remember our post on privacy, intent and expectations? That post talked about the reality that large sites could show past or current trends based on visitor behaivor. Well, now some one has extended that to future predictions. Makes sense to me!

Twitter Predicts the Future

I was riding my bike to west oakland BART this AM when two figures rose up into the sky, out of a commercial space on Mandella Parkway. It's great to live in an area where artists store the their stuff roadside. A very welcome addition to the morning commute.

Here's photos of the space in oakland before (via google street view), the space this morning, the locale on google maps and then a pic from bman. Google photos stolen, bman photo used via CC license from flickr.

If you're a developer, you probably use a revision control software. For both work and personal projects, I use SVN, which is great. At work we use SVN as a way of releasing new features and bug fixes to our web site. We can push a specific a revision as well as roll back to a previous revision, thus leveraging revision control to be our release software for a 4 server load balanced site. SVN + rsync + shell scripting = : )

Recently at work we were doing a bunch of little changes all over the site, including having the designers do a bunch of css and DOM tweak as well. The time came to commit all of the changes. Instead of doing the commit at the root of the repository and stuff all the changed files in at once, I enforced a multiple granular commits of the functionally changed files. Each commit had a relevant comment.

Enter a week later. We hadn't done sufficient regression testing and a visual element was broken in ie6. Which of the thousands of new lines we committed and pushed was the culprit? Had we done one massive commit we would have been screwed. However, we were able to cull over the commites via our trac instance (awesome!) and review the comments. In this case we couldn't actually find the exact commit that caused ie6 to break, but we were able to step through our dev instance of the site, slowly adding each revision to it until it broke in ie6.

The moral of the story is that, much like backup, revision software is only as good as it's end user. Think of every commit as chunk of functional related code. Think of every comment for these commits needing to solve the problem for another developer who has no idea what the code was and they're up at 2am trying to figure WTF is up with the site. For every commit, where possible, you should also site a bug number so that should the bug crop up again, it's easy to cross reference the "fix" with the code.

Happy revising!