Archive for July, 2010
Drupal and Yourls
Posted by MB in Uncategorized on July 28, 2010
Actually, this should work with any CMS supporting PHP code blocks: Drupal, Joomla, WordPress (with a plug-in), phpBB, etc. Has been tested working with Drupal 6, Joomla 1.5.
You’ll want to replace YOUR-YOURLS-DOMAIN-HERE below with the actual YOURLS domain, and API-SIGNATURE-HERE with the API key found at your YOURLSDOMAIN/admin/tools.php.
<?php
if ( isset($_REQUEST['url']) ) {
$url = $_REQUEST['url'];
$keyword = isset( $_REQUEST['keyword'] ) ? $_REQUEST['keyword'] : '' ;
if ($keyword) { $keyword = '&keyword='.$keyword; }
$return = file_get_contents('YOUR-YOURLS-DOMAIN-HERE/yourls-api.php?signature=API-SIGNATURE-HERE&action=shorturl&format=simple&url='.urlencode($url).$keyword);
echo <<<RESULT
<h2>URL has been shortened</h2>
<p>Original URL: <code><a href="$url">$url</a></code></p>
<p>Short URL: <code><a href="$return">$return</a></code></p>
RESULT;
} else {
echo <<<HTML
<h2>Enter a new URL to shorten</h2>
<form method="post" action="">
<p><label>URL: <input type="text" name="url" value="http://" size="50" /></label></p>
<p><label>Optional custom keyword: <input type="text" name="keyword" size="5" /></label></p>
<p><input type="submit" value="Shorten" /></p>
</form>
HTML;
}
?>
The idea was based off this post, which I could never get to work for me. It always had a PHP error, and it depended on having Drupal and Yourls installed on the same site. The above code will work even if the installation is remote (on a different server). It only requires that you’re able to get an API key.
Feedback is welcome.
LastPass Toolbar Black and Unreadable in Firefox
Posted by MB in Uncategorized on July 22, 2010
I’ve been in contact with the LastPass team regarding an issue where the LastPass toolbar pop-up is completely blacked out and the text is not readable in Firefox.
Click for larger image
After some troubleshooting, what I found what that it’s related to the Ubuntu theme.
I was able to reproduce the issue using both Ambiance and Radiance, but the issue went away changing to any other theme.
Themes are accessible by going to System > Preferences > Appearance.
UPDATE: It seems that this is specifically related to the tooltip background color.
Going to Theme > Customize > Colors and changing the tooltip background color solves it.
OpenX: Fatal error: Class ‘DataObjects_Clients’ not found in zone-include.php
Posted by MB in Uncategorized on July 20, 2010
I've started working with a program called OpenX to handle my ad serving and rotation, and make it easier for me to handle multiple affiliates, advertisers, and the like. During my use, I ran into the following error message:
OpenX: Fatal error: Class 'DataObjects_Clients' not found in openx-2.8.4/www/admin/zone-include.php
I was able to reproduce the error consistently, assuming the following:
- You have added a website and a zone to that website
- You have added a user to that website with permissions
- The added user attempts to link a banner to a zone
I found the following workaround after some intensive Googling, on a Google-cached copy of a post regarding OpenAds (the former name of OpenX):
Edit your zone-include.php file and add the following line:
require_once MAX_PATH . '/lib/max/Dal/Admin/Clients.php';
Works. I haven't noticed any issues since.
Tools for troubleshooting Internet connections
Posted by MB in Uncategorized on July 18, 2010
Here's a few great online tools to help troubleshoot a slow or laggy Internet connection. Most reputable ISPs recognize the results of these tools as valid, so if you use one and it's reporting you have a problem, chances are good if you call your ISP and say that one of these tools says you have a problem, they will take your seriously and work with you.
SpeedTest.net is a flash-based tool that tests your Internet ping and upload and download speeds. SpeedTest.net is a great tool to see if your ISP is really giving you the speed that they claim. This is also something that ISPs will direct you to if you are claiming that your Internet connection seems slow. If SpeedTest.net shows your speed is what is expected, but you're still having slow connections, it's likely some routing point between you and the resource you are accessing.
PingTest.net is a tool that tests both ping and packet loss. Ping is a measure of the time it takes for an internet packet to travel point-to-point and is measured in milliseconds (ms). A millisecond is 1/1000th of a second. Typical point-to-point ping is under 150ms. If you're testing with this tool and seeing high ping measurements (300ms or more) or any measurable packet loss, contact your ISP. If your PingTest measurements are fine, then it's likely some routing point between you and the resource you are accessing.
Another valuable tool for linux users is iftop. iftop measures the bandwidth of the top network connections on your computer, both to Internet and LAN IP addresses, and sorts them by rate. Ubuntu users can install iftop using the following command:
sudo apt-get install iftop
iftop is run using the following syntax:
sudo iftop [-i interface]
If iftop is run without the interface parameter, it defaults to eth0. Users with wireless networks will typically use wlan0
Do you have a favorite tools that you use to troubleshoot network connections?
The almost indestructible phone case, part 2
Posted by MB in Uncategorized on July 8, 2010
See my previous post, The Almost Indestructible Phone Case.
So I got my new gray Innocase Surface about a week ago, and this morning I got out of my car at work and dropped my phone onto the concrete parking lot.
Result? A few scratches on the case.
I really have to hand it to Seidio for making some of the toughest phone cases I’ve ever seen. Although pricey, their cases feel great in the hand, aren’t too thick, and really stand up to the abuse.
Two-Factor Authentication for the consumer
Posted by MB in Uncategorized on July 5, 2010
Most of our security is provided in the forms of username/password pairs and pin numbers, depending on the resource. For example, our ATM cards are secured by a 4-digit PIN, and most of our on-line accounts are secured by username/password pairs. It’s reasonable and simple security and for most of us, it works fine. However, all too often someone gets to say that “someone found out my password” or “so-and-so knew my password and now has hacked my account” etc. Its an unfortunate shortcoming a single-factor authentication system.
What is an authentication factor?
An authentication “factor” is something you use to gain access to a website or other resource. It can be something you know (a username/password combination, a pin number, a challenge/response sequence), something you have (a key or key-card), or something you are (a photograph, fingerprint, etc). Those are each considered a single “factor” in themselves.
For those of us who have had a security breach of one sort or another, it can be hard to rely on single-factor authentication for our private accounts. For those of us who are more security-minded, we might look to a two-factor authentication method from the start to make sure our accounts are secure from the start.
What is “Two-Factor Authentication”?
Two-factor authentication combines two of the above factors to increase the security of a resource. For example, a security door to a server room may require both a keycard and a pin number. Other two-factor authentication methods involve one-time passwords, or a random number generated by a key fob held by the person.
There are several different types of two-factor authentication options available for the consumer, and they are inexpensive and easy to use.
Yubico offers a simple USB key (a “Yubikey”) that is inserted into a USB port. The Yubikey emulates a USB keyboard so it is cross-platform and cross-browser compatible. It is operated simply by touching it’s button so there’s no pin numbers to enter. The generated one-time passwords are “typed” by the key and checked against the Yubico service. Compatible sites and services include WordPress.org blogs (via plug-in), Drupal sites (via plug-in), the Yubico OpenID service, and LastPass password manager service. There’s likely more sites, as I wasn’t able to find a central listing. Developer services include Web APIs, OAUTH, SAML, and personalization tools. (See the Yubico Developers Intro for information).
Verisign offers a key fob, credit card sized devices, and a mobile application which generate random numbers that have to be entered during the sign-in process. Participating sites include eBay, Paypal, AOL, name.com, Geico, just to name a few.
I personally own one of each, as well as the Aladdin eToken PASS that my employer requires — I find that I use the Yubikey gets much more use, likely due to the fact that I don’t have to key in a pin number. I also appreciate the open-source nature of the plug-in and APIs, which also encourage more sites and services to adopt the device.
I would encourage you to consider any type of two-factor system and give yourself a chance to have an extra layer of peace of mind when accessing your on-line accounts.
One last thought: If you enable one of these security options on an on-line account, it is still possible to access even if you lose the key. The process usually involves telling the service that you’ve lost the fob during the log-in process, then confirming via an email that they send you. It’s not possible for someone to arbitrarily remove the second factor without having access to your email as well. Of course, if you use the same password at every site as most people do, that completely defeats the purpose of having a two-factor system set up. Do yourself a favor and at least use a different password at each site you use.
Have you had an account “hacked” that used just a username and password? Do you use a two-factor system or are you considering one? Please share your thoughts and opinions in the comments below.
How to uninstall CrashPlan on Ubuntu
Posted by MB in Uncategorized on July 5, 2010
The official instructions for removing the CrashPlan Linux app are this:
Linux: Run the uninstaller shell script that comes in the installer package.
Unfortunately the uninstaller doesn’t do a very good job, and leaves a lot laying around. So here’s instructions on how to get rid of everything:
Stop the CrashPlan daemon task
sudo /etc/init.d/crashplan stop
Delete the files
sudo rm -rf /usr/local/crashplan sudo rm -rf /var/lib/crashplan sudo rm -rf /usr/local/var/crashplan sudo rm -rf /etc/init.d/crashplan /etc/rc2.d/S99crashplan
(yes, these could be combined into a simple statement, but I broke them up for ease of reading.)
That should take care of it.
Note that these instructions are based on a Ubuntu installation. And as always, exercise a little common sense with any command that begins in sudo rm -rf If you break it, you get to keep all the pieces.
Optimizing WordPress
Posted by MB in Uncategorized on July 4, 2010
So after my little fiasco with plug-ins and CPU throttling, I’ve been looking for ways to make WordPress at least a little lighter and faster. I’m not going to cover disabling plug-ins, I’m going to go over a few other ways, starting with …
Disabling revisions:
Every time a post is edited and/or published, a new revision is created. These stick around in the database (never deleted) and can not only grow the database, but can also lengthen query times for information. So, per MyDigitalLife and the WordPress codex, here’s the quick-and-dirty:
…simply add the following line of code to wp-config.php file located in the root or home directory of WordPress blog.
define('WP_POST_REVISIONS', false);
If you would rather limit the number of revisions to something small, say 2 for example, just use the number instead of FALSE:
define('WP_POST_REVISIONS', 2);
It should be added somewhere before the require_once(ABSPATH . 'wp-settings.php'); line. That’s it. Revisions will no longer be created. If you want to delete previously created revisions, read on…
Deleting revisions:
So now that you’ve disabled revisions, how do you delete all the old cruft laying around? MyDigitalLife has the answer on this one too.
…and then issue the following [SQL] command (it’s also recommended to backup the database before performing the deletion SQL statements):
DELETE FROM wp_posts WHERE post_type = "revision";
All revisions should now be deleted from the database.
Caching:
Caching is a hot button for sites that could potentially see high amounts of traffic (and since we would all like to be in that category…) The caching plug-in that I use and recommend is WP Super Cache. The UI is easy enough to work around, though it does require editing of the .htaccess file.
Database queries:
Shared hosting providers get real upset when applications and scripts perform excessive and unoptimized database queries. Heavy themes, excessive numbers of widgets, and badly-written plug-ins all contribute to this. Fortunately, a post on CravingTech points to an easy method to check the number of queries happening on a single page load.
You can insert this snippet of code on your Footer.php file (or anywhere) to make it display the number of queries:
<?php echo $wpdb->num_queries; ?> <?php _e(‘queries’); ?>
After looking at the number of queries occurring on a page load, try changing themes, disabling plug-ins, and/or reducing the number of widgets on a page to reduce the number of queries. SQL Monitor looks like a useful plug-in for further examining SQL queries, but I haven’t used it, so I can’t comment on it’s usefulness (or lack thereof).
Also…
I’ve stumbled on some additional information while researching, and apparently the “WordPress should correct invalidly nested XHTML automatically” setting (under Settings > Writing) can not only increase the load when a post is saved, but can also break some plug-ins. If you’re familiar enough with (X)HTML to handle correctly closing tags, you might actually be better turning this off.
You can also find other settings for wp-config.php on the WordPress Codex page.
