About Site Admin

Website administrator for the WhyDontYou domain. Have maintained and developled a variety of sites, ranging from simple, plain HTML sites to full blown e-commerce applications. Interested in philosophy, politics and science.

WordPress Security Problem

This is from the WordPress development blog and worth noting if you run WordPress as your blog software:

Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

Longer explanation: This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.

This is the kind of thing you pray never happens, but it did and now we’re dealing with it as best we can. Although not all downloads of 2.1.1 were affected, we’re declaring the entire version dangerous and have released a new version 2.1.2 that includes minor updates and entirely verified files. We are also taking lots of measures to ensure something like this can’t happen again, not the least of which is minutely external verification of the download package so we’ll know immediately if something goes wrong for any reason.

Finally, we reset passwords for a number of users with SVN and other access, so you may need to reset your password on the forums before you can login again.

.net Escapes

Well, in the last post about .net magazine we made the promise that normal service would be resumed – it now seems that was too hasty and the magazine has escaped the brunt of criticism this month (partially down to the crazy people who worship their invisible friends I suspect but never the less it has escaped).

Now, before accusations of “going soft” get bandied about, I have to highlight that the reason .net gets off “lightly” is the magazine is very bland this month. It is hard to criticise what they say, when they don’t really say anything. The main sections are how to make money from your site (which basically says sell thing well… duh!) and the pro tips which pretty much say “AJAX and Flash are the Future.” Not exactly stuff to get fired up over – even if they do repeat the tired old mantras about how this year is the year flash becomes dominant (now, I wonder if that has ever been said before…)

Zookoda.com ScreenshotThe showcase sites, while looking good in a graphic art magazine, generally show unusable (often incomprehensible) sites whose designs are totally at odds with what is advised in the tutorials etc. No change there then. The focus on “badges” is comical – a whole page about how putting a little “sticker” on your web page is the coolest, best thing in the world. If you don’t know what they mean by “badges,” an example is on the Zookoda.com website – where it says “Yeh. It is free.” Seriously. This gets a whole page with comments about how this particular badge “cuts through the visual clutter and delivers a crucial message.” Amazing, isn’t it?

This theme continues into the bland tutorials which range from extending phpBB to using CSS to get rid of tables (what year is it?). The only bit worthy of a rant is the evidence that there is still abysmal editorial oversight and quality control on their articles.

In the expert advice section, Paul Boag is responding to a writer who wants a print stylesheet to have a page break before or after the div tags so the text remains together. The advice given is:

… two CSS properties will help: “page-break-before” and “page-break-after.” Attach these to your div tags from within your stylesheet and you can control whether a page break is inserted before or after the div. So, for example DIV { page-break-before: always} would add a page break immediately after each div.

I think I can work out what he is trying to say here (the writer had multiple divs, one after each other) but in reality, what he is saying is the opposite of what will happen. CSS is often viewed as a dark art at the best of times. Nonsense doesn’t help.

Tags: , , , ,

Posted in Uncategorized

Style Changes

Just a quick one, there have been a couple of changes to how the styles on this blog are handled. Mainly this has involved the introduction of a few new clasess (download, code, note, taglist, alert, new, construction, taglist and information) which can be added to <p> tags to give a bit of inline style alteration.

The taglist class is already in use, but we are not going to go about add retrofitting it two hundreds of messages.

Let me know what you think, or if there are any other things you think we should add.

Posted in Uncategorized

Flickr Monster?

What is it about “Web 2.0” sites that they feel the need to wrap error (or unavailable) messages in all manner of flowery nonsense? In the past, technorati has often returned a spurious message about the monster escaping and now it seems Flikr has followed suit.

Flickr Screen shot - showing downtime messageFor those who were wondering where the images on the right hand sidebar have gone – this is the answer:

Now, I am sure I am not alone in thinking that is a lot less than an I would normally think of as an answer. If you follow the link to the Flickr Blog page you get some more details, but surely that defeats the point of having the error message?

Not to long ago, every site which considered itself trendy had “doorway” pages, which were normally little more than a flash animation or a “cool” (i.e. crap) logo which they wanted visitors to look at before they got into the site. This lasted a very short time (although there are still sites which do this…) and very quickly people realised that it was madness. When people visit a site, they expect to see the site – not some artistic nonsense. That error message is basically useless. It tells you nothing about what is going on and forces you to continue to visit more pages just to find out what the problem is. What lunatic thinks this is “usability?”

Likewise, when people see an error message they expect to be told what the error is, not some attempt to be trendy and humanise the website. This is what the blog says:

Downtime tonight

UPDATE@11:50pm: Still going smoothly. Looks like we might finish up a few minutes early.

UPDATE@ 9:40pm: Flickr’s now down and busy bees are switching and racking and installing and setting up. All proceeding wel!

Tonight at 9pm (San Francisco time – view in your local time) Flickr will be down for maintenance for up to four hours. We apologize for the length of this downtime, but we’re making some big changes which will enable us to roll out new features faster. So … it’ll be worth it!

As usual, photos will still be served, but you won’t be able to access Flickr site or API. We’ll post here once we start and when we’re ready to come back up. Thank your for your patience!

Now how hard would it have been to put that on the previous page?

Tags: , , , , , , ,

Posted in Uncategorized

New Version of WordPress

Only a few days after 2.0.6 was released we are now on to 2.0.7. At least this time the security fixes seem somewhat trivial to put in place (only six files to upload). Hopefully this will be the last update before 2.1 comes out.

I wonder how much impact 2.1 will have? (I suspect this is a future rant in waiting)

Posted in Uncategorized

Bad Shops

Well, its 2007 now so time for a new category. Following recent poor customer experience with a variety of online retailers, I have decided to provide space here to “name and shame” the wrongdooers.

Basically, companies which provide members of Why Dont You…? with poor products or poor customer service will be discussed here. If a company you like gets caught in the spotlight then let us know and we can consider revising our opinions.

Posted in Uncategorized

.net downfall

Historically, this blog has enjoyed criticising .net magazine for its poor content – always with the admittance that writing about web “stuff” in print media is a difficult task to say the least. Recently, after an editorial change, .net magazine improved dramatically and it’s content went from strength to strength and here at WhyDontYou we were happy to admit this.

Sadly it seems the wonder days of June 06 are a distant memory. After an excellent start with a nice layout, good articles and decent expert advice and tutorials, .net magazine has let itself slip back into the swamp.

Continue reading

Posted in Uncategorized