Archive for the 'Wordpress' Category

Testing the Slice

Published
by
Chris Meller
on March 4, 2008
in Hosting, Internet, Public Opinion, Questions, Techno-Babble and Wordpress
. Comment

I’ve had a slice at SliceHost for longer than I care to admit by now1, I just hadn’t quite gotten around to ever testing and configuring it the way I wanted to.

Well, I finally got around to wiping out whatever I’d been playing with there before and dumping on their stock Debian 4.0 image. After running through their tutorials on setting up Apache2 and PHP, I was good to go.

The base system with my webserver and database running read at about 25 MB of used RAM. Not bad for a fully functional, if barebones, webserver. I’d been worried that, coming from a fully dedicated box with 1 GB of RAM, I would run into a memory bottleneck, but fortunately that didn’t seem it would be a problem.

The next important step was to do some testing. I played around with MySQL, running some basic queries, just to see if it was noticeably laggy after a casual poking. Again, everything looked fine.

The next, and really final, step was to dump a copy of my blog on the slice and see how it ran. After some complaining about the default max_upload_size value in PHP, I got a copy of my database imported using phpMyAdmin and a quick scp -r later and I had an exact copy of my blog setup and ready to go.

All-in-all, it looks like performance is at the very least on-par with the other hosting I’ve used in the past. The performance over DreamHost, where my blog has lived for several months while I really decided where to host it, represents about a 10% improvement3.

I’m still not ready to make the DNS switch, but at least I’ve realized I’m being too paranoid about the memory limits. In the end, the only other reason to stay with my expensive dedicated server is the convenience of Plesk, which scratches my lazy itch perfectly.

If I can get a few scripts hobbled together (in one language or another) to help automate things like vhost and database creation, I may be able to do away with Plesk entirely.

One final problem, and one I’m looking for opinions on, is what to do about email. I’m not planning on dumping DreamHost any time soon4, but I would like to move my email along with my blog if possible.

So who do you use for email? Any problems? Only condition is that they have to offer IMAP

  1. About 6 months, but don’t tell anyone. [back]
  2. I never expected it to be that different than other distros. [back]
  3. Going purely by the stats in the footer of my theme. [back]
  4. I use their massive storage for backups as well. [back]

Fresh Garland Release!

Published
by
Chris Meller
on February 3, 2008
in Announcements, Internet, Links and Wordpress
. Comments

It appears somehow the uploads directory I had on my Dreamhost account got wiped out. Nothing important there… except my Garland theme release. Since several people have been asking me about it lately, I thought it was time to wrap up a fresh release.

If you’re looking for the Garland theme for a stand-alone Wordpress blog, you’ve come to the right place!

In theory, this release shouldn’t be any different than the previous one, but I can’t promise that - I don’t recall having made some of these changes previously.

I’ve tried to get in touch with Matt to see if there is any way to get these changes into the Wordpress.com themes repo, but I have not yet heard back from him. In any event, please let me know if you notice any problems!

Changes

In a nuttshell, the changes are purely superficial - URLs mostly. The path for reaching the theme on the Wordpress.com servers differs from that of standalone blogs. Additionally, jQuery is not available on the admin pages of the current Wordpress release by default, while it is on Wordpress.com.

SVN / 2.5 Notes

While testing on the latest copy of trunk, I noticed that the plugin is unable to register its admin page. This is because the page for theme-related config has changed from ‘Presentation’ to ‘Design’ during the admin redesign project. Whether this will be true of the 2.5 release or not, I have no idea.

If you’re trying to run Garland on the bleeding-edge of Wordpress, you’ll want to change ‘Presentation’ to ‘Design’ in the 3rd to last line of functions.php to make sure it knows the proper page to hook into.

Download

Snag ‘er here: garland-standalone_1.5.zip

Missing an Email? It may be Media Temple’s Fault

Published
by
Chris Meller
on November 11, 2007
in Announcements, Commentary, Hosting, Internet, Media Temple, Networking, Security, Techno-Babble and Wordpress
. Comments

It started last week when I was trying to sign up for Ron Paul Christmas. For some peculiar reason, I didn’t receive the welcome email. After talking with the site owner, it turned out (mt) was rejecting the email because the email address wordpress@ronpaulchristmas.com didn’t exist on the sending server.

Now, this isn’t particularly unusual. There is no requirement1 that an email address actually exist for a server to send email as if it were from that address. This is especially true from Wordpress blogs, which often send email from wordpress@domain.com accounts on behalf of their owners. Now, since this is only used for outgoing email, in most cases users would never bother setting the email account up. Why would you? You’re never going to be receiving email there2, so what’s the point?

Well, (mt) apparently knows better than you do… For “security reasons”3, their grid service does a “callback” check on every incoming email address. If the server handling mail for domain.com doesn’t recognize that account (such as our wordpress@domain.com example), (mt)’s server will reject the message.

I’ve tried to point out that this kind of behavior can be detrimental, particularly in the age of blogging and web services we now exist in, but the best answer I’ve been able to get out of (mt) is that I should add the sending address to their Mail Protect whitelist. Well great, unless I can add *@* to the whitelist, or at the very least wordpress@*, that’s hardly a viable solution - how do I know the address that’s sending to me if I never get the email?

If you use Media Temple’s grid service4, please contact (mt) immediately and tell them this is an unacceptable situation. I love a lot of aspects of their grid service, but this is clearly not one of them…

  1. In most cases, anyway. [back]
  2. Except for bounces, should someone put in an invalid email address [back]
  3. According to the support representative that responded to my ticket. [back]
  4. Or you want people who do use it to actually receive emails you send to them. [back]

Vanilla: Link-Free Once Again

Published
by
Chris Meller
on August 28, 2007
in Daily Grind, Internet, Links and Wordpress
. Comments

Following Matt’s announcement that the text-links had been removed from the free Vanilla forums package, I thought it was a good time to donate as well. There’s no way I can match Matt’s $1000, but I hope my meager $100 donation helps out.

It really surprised me to see Matt donating to Vanilla, particularly since Automattic is the producer of another open-source forums product: bbPress. Seeing this kind of support for a competing project really does make me love open source all the more.

Keep up the great work!

Well That Was Embarassing

Published
by
Chris Meller
on August 15, 2007
in Announcements, Internet and Wordpress
. Comments

It appears my blog was hacked along abouts July 29th, but I just now noticed.

The attacker managed to edit my wp-config.php file and attach WP-specific code that would include their remote file in the footer of each page load. I honestly probably never would have noticed, had I not checked my config file to see if the default WordPress cache were enabled or not.

Not only do I not load my own blog page frequently enough, but I don’t examine it closely enough either. The included code added a vast number of mortgage and debt consolidation spam links to the footer, all wrapped nicely in a hidden <div>. Since the code was valid and the destination server wasn’t slow enough to drag down the page, I shudder to think how long I could have been un-knowingly contributing to these spammers had I not randomly checked a file that’s generally set and forgotten.

If you’d like to check out the specific code that was appended to my wp-config.php file, I’ve dumped it on Pasteosaurus for future reference. In addition, the code inserted at the end of every page is here. As you can see, not only were they spamming for mortgages and debt consolidation, but they were referencing legitimate URLs for universities (Auburn and Vanderbilt). Why anyone would want to discredit an EDU in search results, I have no clue…

As for me, I’ll be keeping a better eye on my blog updates. I’ve switched to SVN so that it’s even easier than before, just to make sure there are no possible excuses next time a security release is made. I’ve also migrated this blog back to my Media Temple (gs) account temporarily, until I can finally fix some fallout from a botched Fedora Core 4 upgrade on my dedicated box1. If everything seems to be dragging, blame (mt)…

Finally, I’ve re-evaluated some of the plugins I’d been using. A lot of them I’d simply kept around for backwards compatibility, not wanting to break previous entries. This was a bad idea, since I was no longer paying attention to possible XSS vulnerabilities or stability patches for these plugins, leaving another potential opening for abuse on my blog. From now on, it’s the straight and narrow for me!

Not exactly how I wanted to spend my evening, but it could have been a lot worse… With un-restricted access to my blog and all it’s data, this is really the best possible outcome2.

  1. I really wish Plesk would supply a yum repo… [back]
  2. Yes, I do run regular backups of the database, so data loss would have been at a very minimum. It still would have been very painful. [back]