Today, while trying to register on a web site to download a public beta of some software package, I received the following very helpful error message:
Hmm...I'll get right on that, whatever it might have been. (The eventual solution was to use a different page on the vendor's site to complete what seemed to be an identical form. For whatever reason, it worked there, but not where I was trying to do it.)
I recently ordered a couple of new services from Verizon (distinctive ring and caller ID). In their confirmation letter, I found this reassuring paragraph (red underlines are mine):
Versizon uses a definition of "any time" that I am not familiar with!
As you may (or may not) know, Macworld editors each take a turn in front of the video camera on a rotating cycle; my number came up again last week, and this is the result - an OS X productivity tips video (the link is to a page of info about the video). The only problem with that video is that it's 320x240, which makes the detail somewhat tough to see, especially in some of the larger screen captures. So I've decided to post (with Macworld's permission) the larger version of the video here for download:
Productivity tips video: 640x480, 8mins 50 seconds, 90.5MB
I'll do this with my future videos, too, at least until/unless my monthly bandwidth is used up. I don't foresee that becoming a problem, though, unless there are over 10,000 of you out there downloading this thing :).
After a mostly-painless upgrade, we're now running WordPress 2.5. About the only hiccup is that the Addicted to Live Search plug-in (which I am addicted to) doesn't seem to work right with anything other than the default permalink style. (Permalinks are the URLs for individual stories.)
The default permalink style is ugly and doesn't necessarily work well with search engines, but I love the search feature so much I'm using them for now...hopefully the plug-in will be patched in the near future.
Clearly this one doesn't belong on Mac OS X Hints, but I wanted to have it documented somewhere. There's usually a Windows box of some sort in my home, for testing and game playing. The testing role for my physical Windows box has pretty much been replaced by VMware Fusion, so it's really now a game playing machine.
As such, I upgraded it recently (well, rebuilt it from scratch is a better summary) with a new CPU and video card. I also wanted to put Vista on it, for one reason only: to run Crysis under DirectX 10, which only works in Vista. My Vista DVD is an upgrade installation, which must be installed from within Windows XP. Windows XP, when it came out, didn't support SATA drives, so for a fresh install of XP (it was a new install on my newly-built machine), you must set the SATA mode in the machine's BIOS to IDE. I did that, installed XP, and upgraded to Vista.
Vista includes AHCI support, so my SATA drives can be used in native SATA mode. However, if you just switch your BIOS to ACHI mode, and you were using XP in IDE mode, then your box will fail to boot -- that's because the AHCI drivers are not installed by default in Vista if you start with XP in IDE mode. So how do you switch Vista from IDE to ACHI mode?
[continue reading…]
After some investigation with help from a couple of very useful people (thanks, chays, Ryan, and Donncha), we've determined that the files I found on my server were placed there as a result of the WordPress 2.3.2 vulnerability, even though my site had been updated to 2.3.3.
To make a long story short, if your site was affected by the 2.3.2 vulnerability, you must change your admin passwords. While the attackers can't get the actual password, they can continue to login as admin ever after you upgrade to 2.3.3. That's because the cookie they received when exploiting the hole in 2.3.2 will still work in 2.3.3 -- unless you change your password.
In everything I read about the 2.3.2 exploit, I didn't see anything about the passwords being exposed, so I didn't change it when I upgraded to 2.3.3. Lesson learned...
I use a shell script to back up my web sites each day -- it exports and downloads a SQL file of the database contents, as well as rsync's the actual HTML files. When I was checking the log file for last night's downloads, I noticed something very strange in the output:
receiving file list ... done
./
html/wp-content/
html/wp-content/1/
html/wp-content/1/3c-texas-holdem-poker.html
html/wp-content/1/american-poker.html
html/wp-content/1/bonus-code-party-poker.html
html/wp-content/1/casino-poker-gratis.html
html/wp-content/1/come-giocare-a-poker.html
html/wp-content/1/come-giocare-poker.html
....
....
In total, there were 71 files in the newly-created 1 folder: 70 .html files, and one g.js file. There was also a new oddly-named backup folder, and the index.php file in wp-content (which is just a blank placeholder) had been replaced with basically the same file but with an added line break on the first line.
I googled on some of the .html filenames, and found a number of WordPress sites with the same issue (the "1" folder), but nobody who was talking about the cause of the problem. So I posted about it to the WordPress forums, where someone pointed me to this page, which contains at least a little more background on the issue. I'm also posting some of the html filenames here, in case others are searching for more information on the attack.
As of now, I don't know how they got in (though I suspect via one of the plug-ins), but I don't think it's through any sort of direct site access: none of the site's other files and folders were changed, nor were any posts or comments created. It also doesn't seem to be an automated attack, as the 1 folder hasn't returned after I manually removed it yesterday. But if you run WordPress, keep an eye on your wp-content folder for anything other than what should be there: index.php, plugins, and themes by default. If/when I find out more about this, I'll post a follow-up.
"Dave, so how's the new underage drinking campaign been for your business?"
'Well, it's been just amazing, actually. Sales are up over 80% since they kicked off this program, and once my flyers go up in the mall, I expect those figures to increase even more!'
Sure, the story itself is about a program that Oregon liquor stores are implementing to educate parents about the dangers of alcohol in the home...but that headline! Surely someone must have looked at that prior to publication...and yet, they reviewed it then said "Yup, that looks fine--push it to the web!" ??
Note: Ajaxified Expand NOW no longer works in WordPress 3.0.
As a replacement, I'm using Sliding Read More, which works perfectly (and with a nice visual effect). The following is only useful if you're running an older version of WordPress.
Recently (and very smoothly), I moved a couple of sites, including robservatory.com, to a new hosting company. I had been hosting with my good friend James, who runs Find Mac Stuff, for many years, but my small sites were really on too big (ie too expensive) of a server for my simple needs.
The move to the new company went well, with the exception of my favorite plug-in here, Ajaxified Expand Now, which expands articles in place, saving a page reload. It was returning an error message ("Error while connecting to the server. Please try again later.") instead of the content. So I disabled the plug-in, but asked James to take a look at the code.
[continue reading…]
After updating my iPhone to 1.1.3 (and jailbreaking it, courtesy of ZiPhone), I decided I was bored of my current iPhone wallpapers—I've been using Rob Randtoul's very nice iPhone wallpaper collection, but felt it was time for something new. So this morning, I spent a bit of time trimming some of my pictures down to iPhone size, and found that the end results looked better than I was anticipating. So I thought I'd share the results, in case anyone wants more variety on their iPhone. Click the image at left for a larger view of the collection, and if you'd like to download the wallpapers, well, here's the link:
To use, just add these to your iPhoto library, then sync to your iPhone. I code my iPhone wallpapers with a unique keyword in iPhoto, create a Smart Album based on that keyword, then sync that smart album to the iPhone. Then use the Wallpaper section of the iPhone's Settings panel to set your wallpaper. (If you have a jailbroken iPhone and you install SummerBoard, you can use your wallpaper as a background behind the iPhone's actual screen, too, and not just the wake-from-sleep screen.)
Many of these aren't really suitable as wallpaper (especially in SummerBoard mode), but some actually work out pretty well.