WordPress vulnerabilities when allowing subscribers

I recently was twiddling bits in the WordPress Admin console and noticed that people were not allowed to register for my blog.  Now, I’m not sure why anyone would choose to register, but I didn’t see any reason to stand in their way, if they felt the need.  So, I checked the box (or unchecked it, I don’t recall), which opened up that possibility.

SVG version of Russian map
Image via Wikipedia

Well, it didn’t take long before I had a bunch of subscribers, most notably with .ru email addresses.  So, given that, I’m wondering what kind of cracking, spamming, or other exploits are exposed by WordPress.  I simply can’t imagine why else a bunch of Russians would be subscribing to my blog.

cyrilic alphabet with slovak equivalents
Image via Wikipedia

Please forgive the obvious prejudice of my question.  Perhaps my stream-of-consciousness simply speaks to the Russian mentality (albeit not in the Russian tongue).  Yet, somehow, I doubt it.

Enhanced by Zemanta

Five Things You Should Have Gotten Into Ten Years Ago

Seinfeld watching "Jerry"
Image by callumalden via Flickr

In the nightclub scene at the start of an episode of Seinfeld, Jerry Seinfeld did a great bit about Morning Guy and Night Guy:

I never get enough sleep. I stay up late at night, cause I’m Night Guy. Night Guy wants to stay up late.  “What about getting up after five hours sleep?  Oh that’s Morning Guy’s problem. That’s not my problem, I’m Night Guy. I stay up as late as I want.”  So you get up in the morning, you’re hungover, you’re exhausted, groggy.  Oooh, I hate that Night Guy!  See, Night Guy always screws Morning Guy.  There’s nothing Morning Guy can do.  The only thing Morning Guy can do is try and oversleep often enough so that Day Guy loses his job and Night Guy has no money to go out anymore.

Obviously, that’s comedy.  However, at a deeper level, this is the way life works.  We travel this road of life, and each step is determined by the person we were previously.

I was reading a review at Amazon.com that contained an interesting concept…

Imagine that you are your future self, ten years from now.  What are you doing?  How has your life changed?

More importantly, what will the you of ten years from now want to tell the you of today, if he or she could reach back in time?  Will the future you have regrets or resentments about the way today’s you managed your life?

To give you some idea of just how important this concept is, shift everything ten years earlier in time.  Surely there are things that the you of today wishes you could reach back and tell the you of ten years ago.  Personally, I’d like to grab and shake some sense into that fool!

We get a few short decades in this world, and then our lives must end.  During that brief span, decisions we make today, based on beliefs we formed yesterday, create the path we follow tomorrow.  It’s quite unfortunate that we have the lowly perspective we do.  Rarely do we look up and see the journey in its totality, preoccupied as we are with what’s right in front of us.

If you’ve ever looked out the window of a plane in flight (or simply looked at satellite photos from Google Maps), you know how different the world looks from a higher perspective.  If we could somehow rise above our immediate thoughts, feelings, and beliefs, we might make wiser decisions that put us on a better path.

You may find it very helpful to think about that poor sucker ten years from now.  He (or she) is a victim of what you do today.  Don’t let down the you of ten years from now.  Don’t disappoint him/her.  Set him/her up with a great headstart, so that the future you is grateful, not resentful, for the way you spent your time.

Don’t look back ten years from now at the you of today and say “Newman!

Here’s wishing you a L’shana Tova, which is 10% of the way down that ten-year stretch.

Enhanced by Zemanta

Google announces Priority Inbox, only six days too late

An ear of winter wheat.
Image via Wikipedia

I’ve come to the realization that email is destroying my productivity.  It’s not a distraction; it’s destruction.  There are days that I find I’ve gotten nothing done but handling emails.  It’s a completely victim-oriented approach to time management, having your day driven by what drops into your inbox.

So I began the process of separating all the chaff from the few grains of wheat.  I’ve created a dozen or so filters (they’re really all the same filter, but Gmail limits how long a filter can be) that move all the chaff out of my Inbox and assign a label named Subscription.  These are all the occasional reads, such as InfoWorld, NetworkComputing, etc., etc., etc.  My goal has been to have an empty Inbox, other than real emails sent to me by a person.

I’ve been at this for a week or so, and just when I’ve pretty much reached my goal, I see a little red link at the top of Gmail that says “Priority Inbox.”

Google is basically using their spam filter now to decide which emails are important to you.  The introductory video says that it’s based on things like what you open and what you reply to.  And you can train it by giving emails an “important” attribute.

A lot more elegant than my brute force filters.  But a week too late!  It will be interesting to see how my filters and Gmail’s Priority Inbox co-exist.

Which reminds me…

It sure would be nice if Gmail allowed you to deactivate a filter without having to delete it.  Of course, I can always mail myself a copy.  And mark it important.  😉

Enhanced by Zemanta

Google operates on geological time

They consider a decade to be a short downtime.  On the bright side, we’re over half-way through it.

On January 1, 2005, AdWords system will be unavailable from approximately 3:00 AM to January 1, 2015 3:00 AM Eastern Time due to system maintenance. Please note that your campaigns will continue to run normally during this short downtime. We apologize for any inconvenience.

I also have to commend them on their pinpoint accuracy.  I don’t recall if they actually went down at 3:00am on 1/1/05, but you can bet I’ll be right there banging on the server come 3:00am on 1/1/15.

Enhanced by Zemanta

Seeing the Milky Way in 3D

We just got back from Hilton Head Island, where we had four days and nights of awesome weather.  We left about 12 hours too late (and drove home through torrential storms).  But while we were there, we enjoyed some of the darkest black skies I ever remember seeing on the continental United States.  The moon was a beautiful sliver for a couple of hours and then had the generosity to set, leaving us with an amazing array of stars.  It was extraordinary.

The Milky Way was very prominent, including the dark areas, which really brought home just how real it was.  It was as if I could envision the entire three-dimensional spiral galaxy being viewed edge-on.  It was even evident that the individual stars I could see were nearby stars, as opposed to the glow of the hundreds of billions of distant stars in the background.

We saw dozens of meteors (most of which seemed to be traveling north to south for some reason I’m unclear on).  Some of them left a sparkling trail while others were simple streaks.  I even saw one that broke into two pieces creating parallel paths.  (As it turns out, we lucked into the Perseid meteor shower!)

Jupiter was quite bright and impressive, as well.

But there was something unusually eye-opening about recognizing the reality of the entire Milky Way Galaxy stretching across the sky.  It gave me a perspective that I had never experienced before.  And it wasn’t about feeling small and insignificant, at all.  But it was like experiencing a “You are here” moment on a galactic scale.

Mac leaves the top off the toothpaste

I ‘m one of those Windows-to-Mac guys.  The transition was pretty painless, for the most part, since I’m a geek.  And, for the most part, I’m happy with my MacBook Pro.  But it’s got these irritating habits that I think are the technological equivalent of leaving the cap off the toothpaste tube.

  • No Home, End, PgUp, or PgDn keys.  And even if you use a keyboard with those keys, you can’t always count on them working.  Except in Microsoft Office.  (OMG, did I just say something positive about Microsoft???)
  • No Delete key.  Fn-Backspace?  Really?  (Is Apple saving money on keys?  Or is it just prettier with less keys?)
  • Why does Mac OS not let you resize a window from any corner or edge???
  • One click to focus the app, and another click to actually click on what you already clicked on.  Every time I have to do this, it hurts me inside.  Why doesn’t my click on a control on an unfocused window actually reach the control?  If I can see it, my click ought to count!

I’m sure there are more, but these are the primary ones that make me wonder whether I can live with her long-term.  Maybe I’m petty.  Nobody’s perfect.  I’m sure I irritate her with my own flaws and bad habits.  (The burping and scratching, for example.)  But why can’t she see how annoying these little inflexibilities are?

Seriously, in my opinion, these aren’t benefits or merely alternative ways of doing things?  They’re shortcomings.  Why is Apple being obstinate about them?

The end of an era

I opened my Mindspring account in 1996.  I was later than some, to the Internet party, though way ahead of most.  (I was on Compuserve and Prodigy before Mindspring, but I was even a Usenet user back in the late 70’s and early 80’s.)

But Earthlink blew it.  They lost a customer of 15 years, because they, like every other ISP, telephone, and cellular provider — actually, throw airlines in there, too — out there, doesn’t give a tinker’s damn about their customers.  Sure, they train their offshore support people to be excruciatingly polite as a proxy for real service.  “Thank you so much, Mr. Lee [sic], for tolerating my existence while I look up your account.  Your immense patience serves to remind me that I am not worthy to gaze upon your account history.”

But when it comes to performing real customer service, well, that’s pretty much not going to happen until the day you call to close your account.  I had months of dropped connections, days of multi-hour sessions with Earthlink tech support, countless frustrations with intermittent outages.  The service was just good enough to make the hassle of changing providers unappealing, since I knew I was just going to one of their equally poor competitors.  It took Earthlink about a year to finally send AT&T out to my house to see if there was a problem with the wiring.  Of course, it turned out there was.  They fixed that in ten minutes, and my service has been rock-solid since then.

Too bad that they burned all the good will and patience of a 15-year customer in that time.  I had already called another ISP (I don’t trust them either, so I’m not going to endorse them here.).  Now, I’ve got faster service for the same price.  (Don’t even get me started on the whole sweet-introductory-deal-for-new-subscribers/screw-you-existing-customers scam.)  And, months ago, in preparation for this, I had already transferred all email from leegrey@mindspring.com to other places, so they didn’t have that to hold over my head, though they tried.

So, when I called to cancel, they squirmed and bargained.  They went through all five stages of grief (though they hid their anger well).  They showed me they “cared” only when I was out the door.  The price kept dropping like they were going out of business.  This, despite the fact that three months earlier, I had been quoted a price that they refused to honor.  These companies act like a bad girlfriend with low self-esteem.  They treat you like crap until you tell them you’re leaving; then it’s all back rubs and BJs. Of course, the way they treat you, it’s only right that they have low self-esteem.

So, how big is the era of which this is the end?  On one hand, it’s merely the end of 15 years of leegrey@mindspring.com.  Big deal.  Looked at another way, though, it’s another step towards the end of human decency by American business.  Somewhere along the line, this became the way that these big companies decided they had to treat their customers.  We’re all just batteries in the Matrix.

Frankly, I’m pretty sick of it.

What’s really frustrating is that I’m not one of those “business is evil” liberals.  But sometimes businesses do make it tough to defend them.  I wish they would wise up and see the big picture.

Freedom != Equality

 Robert Ringer wrote an excellent reflection on freedom, which, in part, says:

Also, throughout recorded history, utopian thinkers have confused freedom with equality. But nothing could be more incorrect. No matter what one’s moral desires, nature has made freedom and equality totally incompatible. “Freedom and equality,” wrote Will and Ariel Durant, “are sworn and everlasting enemies, and when one prevails the other dies.’’

As the government steps up its efforts to defy nature and bring about equality on a global scale, it will find it increasingly necessary to employ force. And when force enters the picture, some people are going to come under the control of others — which is tyranny, not freedom.

 Kurt Vonnegut wrote a great story about equality taken too far.  Much too far.  And yet, these days, it doesn’t seem as far-fetched as I would like.

org.apache.bsf.BSFException: unable to load language

I’m jazzed about creating a JRuby DSL for message manipulation in SonicMQ/Sonic ESB.  No time to go into the details right now, but I ran into a problem that I couldn’t find an answer for.  Maybe this will help the next poor soul…

I was able to run this service on my laptop without any problem, but when I tried to distribute it to others, it wouldn’t work.  So I went back and tried to deploy my XAR to a clean VM, and I kept getting org.apache.bsf.BSFException: unable to load language: ruby.  It didn’t make any sense, because it ran on one copy of Sonic, why not the other?

Well, after a lot of Googling and head-scratching, I came to the realization that I was running my laptop container on Java 5, while the clean install on the VM was, by default, using Java 1.4.2.  Once I changed the VM container to Java 5, the problem went away.

Using Xara Xtreme to create a web site

Thanks to Xara Xtreme, I’ve just created what is by far the most attractive web site I’ve ever created in my life.  Unfortunately, however, it has a couple of problems.  First of all, in order to inject PayPal buttons into the site, I had to do the export to .HTML and then edit the .html files to insert the PayPal snippets.  That means the next time I make a change and do another export, I’ll have to repeat that process.  Yuck.

Equally bad, I noticed that a lot of my text is actually images inserted into the page.  That means it’s about as search engine-unfriendly as you can get.  It’s as if there is virtually no content on my site, from a search engine’s perspective.

What’s odd is that there is some text, but not a lot.  I don’t understand Xara well enough yet to figure out when it chooses to put in text versus when it chooses to do the image-based text thing.  I realize that they are trying to give you true WYSIWYG layout, but these are some pretty hefty shortcomings.

If anyone can set me straight on how to do this right, I’d welcome the education!