Website reorganization

My old web site

I just made a few changes that effectively retires the static portion of my website. For several years I had a nice, funky, handcrafted, css styled bit of html living at www.jillesvangurp.com and publications.jillesvangurp.com. The design has been more or less the same since 2003 and the content was not evolving much either. Actually, most of the activity on my domain has been on blog.jillesvangurp.com which is powered by wordpress.

So as of now, www.jillesvangurp.com is equivalent to blog.jillesvangurp.com. Visiting either will get you to the frontpage of my blog. The relevant portions of the the old www.jillesvangurp.com have been migrated to their own wordpress page. You can find links to these pages in the sidebar. I’ve taken care to not break links from outside to important parts of my old site (publications).

Bad behavior

My previous post was a bit short because I was basically calling the taxi to the airport at the same time. The reason for this was “Bad Behavior“, which is a wordpress plugin that got a little overzealous and locked me out of my own site stating that I had just been blacklisted. Consequently I spent most of the half hour before I left figuring out what the hell was wrong and cursing those damn bad behavior idiots.

I didn’t manage to figure that out entirely but did figure out that the problem was not on my side of the connection at least (lucky me). Figuring that out was easy since I just used my phone’s 3G connection only to discover that that ip address also had been blacklisted. The chances of both my phone, PC and/or WELHO (cable) and Elisa (3G) providers being hacked and blacklisted correctly were pretty small. So bad behavior was misbehaving big time and software that misbehaves doesn’t really last that long with me.

Only problem: I could not actually log in to my site via the wordpress admin UI to fix it (blacklisted, doh!). Since all the advice out there on how to fix this seems to assume you do that, here’s how to kill bad behavior properly:

  1. Figure out your IP address
  2. Edit whitelist.inc.php in the bad behavior plugin directory and add your IP address to the array.
  3. Upload this file to your remote site.
  4. Login to your wordpress admin UI (should work now)
  5. Disable the plugin and delete it (unless you like pissing off randomly blacklisted users)
  6. in phpmyadmin or whatever you use to admin your wordpress db: DROP TABLE `wp_bad_behavior`;

BTW. In analyzing the behavior of the misbehaving plugin, I also discovered that it does nasty things like putting user passwords in a database for every login attempt, plain text. Bad behavior indeed, hence the drop table.

Managing wordpress deployment

This little article is a summary of how I currently manage my wordpress blog. The wordpress.org site lists some advice on how to manage a wordpress installation using subversion. However, I have a slightly more sophisticated setup that preserves my modifications (as long as they don’t conflict) that I maintain in a private branch of wordpress.

I use rsync to push and pull changes remotely (using ssh, ftp should work as well). Since a good howto seems to be lacking online and since I spent a while figuring out how to do all this, I decided to share my little setup.
Continue reading “Managing wordpress deployment”

Spam users

The latest in blog spam seems to be users signing up with obscure addresses like filesearch@o2.pl (feel free to send all sorts of crap that way) and not posting any comments. This was sort of a minor annoyance until now but over the past 24 hours I’ve had 5 new user registrations like this.

I have no idea why they do this. It might be that they are trying to gain access to my blog software for hacking/spamming purposes. Hint: my provider automatically stops attempts to abuse its servers for mass mailing attempts and I would find out pretty fast if some asshole was doing this. Whatever the reason, I delete accounts that don’t follow up with an actual comment and have installed a solution to prevent automated attempts in the future: capcc. This plugin allows wordpress to separate real people from bots trying to abuse my web infrastructure and it seems to work pretty nicely. I now have several plugins conspiring against malicious users and hope that is enough for some time.

For real users coming here, I’m sorry about all the obstacles in between you and actually providing comments on my blog. Unfortunately this is the only way for me to keep spam off my blog.

Update.
For victims of the same problem, here’s a useful query:

DELETE FROM wp_users WHERE wp_users.id NOT IN (SELECT DISTINCT user_id from wp_comments)

This will delete any user without any comments. Of course backup your database before running this and if it blows up in your face don’t come complaining here.

Update.

It just occurred to me (damn that’s a full 24 hours, WTF is wrong with me) that having capcc removes the need for me to require users to register before commenting.

OpenID & Microformats in WordPress

The good news is that Will Norris is making progress with his openid plugin. Once he puts up a release, I’m probably going to give it a try.

The bad news is that the wordpress bug database still lists as a main reason to not support openid that support is provided by third party plugins. I think this is rubbish.

First of all, they’ve broken those plugins several times with wordpress updates. Secondly, the reason they break is that authentication is rather critical to how wordpress security works (i.e. it is kind of non trivial to do properly). This is why I’d like first class support for OpenID rather than second class we currently get. And finally most of the plugins appear to be abandon-ware (they once were excellent hobby projects but people seem to have moved on with their lives) and there are no release quality openid plugins for wordpress 2.2 and higher. Will Norris seems to have adopted one of the abandoned plugins (which is very nice of him) but as discussed, I’d prefer a bit more structural solution in terms of support, testing and integration. What I’d really like is the wordpress guys getting off their ass and provide first class support for openid like the Drupal guys are doing. I hope his plugin will get some nice exposure and will eventually be picked up by the wordpress guys as something to properly integrate into wordpress.

In general, the wordpress people seem to be a bit reluctant to pick up new blog technology lately. For example, I’m using the barthelme theme which supports a number microformats and semantically structured html. Barthelme basically provides searchengines, microformat plugins and other semantic tools with a shitload of hooks to extract information from the blog. That is sort of hidden for ordinary users but kind of rapidly becoming crucial to the whole notion of web 2.0 Sorry for sounding superficial, I hate this 2.0 bullshit as much as anyone (forget about a web20 tag on this site).

Tag support in wordpress is a nice first step and it should be noted that they do it properly. Also, there seem to be patches in the bug database for hcard and hatom support. It would be great if these changes actually make it into 2.4 instead of just floating around (like they’ve been doing for some time). Also nice would be extending atom feed support to the default template. This still defaults to listing only rss feeds, despite the fact that Atom Pub has prominently featured on the last few wordpress release notes (2.2.2 and 2.3) and that backend support for Atom 1.0 feeds has been present for quite some time now. Guys: It’s just one line of text to fix! Get it in already!

converted categories to tags

I upgraded to wordpress 2.3, which has as its main new feature support for tags. So I installed it and got busy converting my wordpress categories to tags using the wizard and then updating the theme to display them as discussed here.

Currently all my old posts are rather poorly tagged. The intention is to not be restrained by fixed sets of categories and freely associate keywords with the posts. Things will get better over time as I add new content.

Other than the tag support there is not that much exciting new features as far as I can see.

xampp, skype and port 80

For some time I’ve been considering setting up some php development environment. Not that I like php but I want to play with some php stuff nevertheless (e.g. Drupal seems interesting). So I downloaded one of the popular all in one packages that combine apache, mysql and php: xampp. I have actually set up apache, mysql and php manually once on windows and know that it is A) doable and B) very tedious, hence the integrated package this time.

Xampp sure makes it really easy. Download, install, run xampp configuration tool, start mysql … green, start apache … ???!??!!! WTF, it won’t start. So I go to localhost with the browser, blank page instead of the expected error. So I check my processes list, no sign of httpd. Now this is weird, some process is definitely listening on port 80. So, I run netstat to find out who is guilty of this crime. It turns out that skype is actually listening on port 80 for some stupid reason. That just sucks. Luckily there’s an option in the skype preferences to turn it off but still, don’t open port 80 if you are not a web server.

Anyway, problem fixed and 2 minutes later I’ve created a database using phpmyadmin and installed drupal 5.2 and configured it. That’s just what I wanted: 2 minutes of work and *poof* instant website.

In case you are wondering, yes I am considering to dump wordpress. The reason is the lack of clear progress in getting proper openid, atompub and microformats support in wordpress. You can all sort of bolt it onto a wordpress install but not without editing php and default templates (and this tends to break during upgrades, i.e. every 2-3 months). Drupal seems much more feature rich and configurable than wordpress and it sure is tempting. Concerns I have include import/export of data (including e.g. uploads); openid support; comment & referral spam blocking; etc.

Update.

After playing with drupal 5.2 and a development snapshot of 6.0, I’ve decided not to migrate because simply the migration is too hard currently. There is only a seriously outdated module for drupal 4.7 which can only migrate wordpress version 2.0. In other words, this is unlikely to work for my blog without a lot of tinkering. Additionally, moving from drupal to something else is likely not exactly trivial either. I migrated from pivot to wordpress early 2006. That was quite painless since wordpress has excellent import feature. Drupal lacks such features and wordpress has no Drupal import as far as I know (would be hard due to the generic node datastructure in drupal).

BTW. I’ve spent some time researching the topic. This link here is the most informative I was able to find: http://drupal.org/node/69706. Be sure to also check the comments.

I’ve taken a brief look at joomla too. Interesting product but not really designed for Blogs. Overall, I’m pretty happy with wordpress. It’s just that I want proper openid support.

WordPress sandbox theme

If you are one of the handful of people not visiting this site for the first time (i.e. less than 10% of visitors), you’ll notice that for the first time since I installed wordpress, I’m not running the default theme anymore. Basically one of my reasons for installing wordpress was that despite enjoying the fiddling with html and css I got a bit tired of working around IE and mozilla incompatibilities, the many limitations of CSS and all the weird issues you run into when trying to achieve perfectly simple things like three column layouts. If you are interested in this stuff, there are several nice sites where you can read a lot of stuff about these issues.

Now, instead of getting my hands dirty, I decided to install the sandbox theme for wordpress available at plaintxt.org. This is somewhat of an experiment for me, basically my requirement is that the thing shouldn’t break down if I roll out upgrades for wordpress in the future. I simply want to keep that process as simple as possible: upload new wordpress php files and run the upgrade php script.

Basically, developing a wordpress theme means that these things become non trivial since with every update the theme needs to be tested again.

The sandbox theme has a few nice characteristics:

  • It is skinnable using ordinary CSS (i.e. like the good people at W3C have intended all web sites to be skinnable).
  • It generates particularly nice HTML. This always annoyed me in default wordpress and sort of took away my motivation to do something about making it look nicer in the browser.
  • Including nice little microformat class names for html elements where that makes a lot of sense.
  • It’s quite popular which means lots of people use it (so it is well tested) and which also means that it is likely to be updated as wordpress evolves.

Rather than develop my own CSS file for wordpress, I’ve decided to just pick one of the defaults that come with sandbox. I like the spartan skin since it is minimalistic and also tries to improve readability of the actual text. Overall it is quite nice to work with. Adding alternative sandbox css skins is particularly easy and I might actually do that since the spartan look is not quite minimalistic enough for my taste and also has a handful of issues with too small margins and paddings. On the other hand, I said the same about the wordpress theme when I migrated my blog to wordpress over a year ago (i.e. never happened). We’ll see what happens.

Site maintenance

I’ve cleaned up the static part of my website:

  • Deleted most pages. Where appropriate, I’ve moved content to my blog.
    • Stuff I created in the past has been backdated and posted to my blog under the createdbyjilles label
    • There’s a new ‘about’ me page
    • The rest was so out of date, I just removed it.
  • Updated the layout slightly.
    • I’ve adopted a more readable color scheme for links
    • I’ve used a wider banner photo so that it looks good on pages of 1600 pixels wide before it starts repeating.
    • I’ve tweaked the html slightly.

That’s about it. If you miss old content or see broken links, let me know.

Upgrading to wordpress 2.1

Whoohoo, wordpress 2.1 was released this morning. I’m upgrading tonight so expect a few hours of downtime/reduced functionality.

Update.

Well that went relatively ok. It seems a few of my plugins needed upgrading. Sadly, no compatible upgrade was available for widgets which I used to beautify my sidebar. But the important stuff is still there. I removed a few other plugins that I was hardly using.

Oddly, the database backup plugin is no longer included. I’ll look for a replacement.

In terms of functionality, there doesn’t seem to be that many features that are vastly different.

The editor is not working as advertised. It isn’t autosaving and the wysiwyg is missing in action. I actually like the current non wysiwyg version better, but still. I’m wondering if I did anything wrong.

Update 2.

I’ve deleted all files except my plugins (google analyticator and openid delegation), configuration and uploads. Then I re-uploaded the wordpress 2.1 stuff this time ensuring that there is no cruft from previous installations. This should have fixed the editor stuff but didn’t. I don’t see tabs for switching to wysiqyg. Also there does not seem to be any spellchecking except for the default firefox stuff. Solution: allow sites to abuse javascript by messing with stuff they shouldn’t be touching. At least that is what is claimed here http://wordpress.org/support/topic/101716?replies=9. Only thing is that it doesn’t work.

Update 3.

OK, found the problem. You need to toggle “use visual editor” in the user profile. Weird place for such an option and an obvious usability problem.