A client of mine had an encounter with a nasty hack using an installation of the theme/plugin, optimize press, on a WordPress site. The hack gives over control of your hosting account. Here’s an indepth write up…
All posts by Ben Kaplan
quarantined file issues in Mavericks OSX
Ok, so ever since I upgraded to Mavericks from Mountain Lion, I’ve had crazy issues dealing with font files that I’ve downloaded. At first, I thought it might be some sort of font issue with Mavericks, but it turns out it’s a quarantine issue with downloaded files.
For a bit now, OSX quarantines files that are downloaded. It’s a nice security feature, but dang, it’s really messing me up :/ I’m not sure yet why my box is behaving this way. I’m sure there’d be massive outcry if this were a rampant issue.
When a file is downloaded, some extra meta is added to it. You can tell from the command line as the permissions look something like this when you list all aka ‘ls -la’ …
drwxr-xr-x@
The work around I’ve pieced together that I have to do each time I download a zip file is to unpack it, then run xattr on it to remove the quarantine flag. Here’s an example of a style.css file that I ran this on to allow scripts on my box to see the file.
xattr -d -r com.apple.quarantine style.css
or
xattr -dr com.apple.quarantine style.css
What should happen is when I click to unzip the zip file, I should get a GUI alert that asks me if I really want to open this file from the internet. Sadly, it’s not happening on my box.
Anyway, hope this helps the random person out there searching for a possible solution.
Update: 4/16/14
It would be helpful to let you know how to actually find the bit of data to remove. Above you see com.app.quarantine. That’s the metadata you need to remove. To find it simply type…
xattr somefilename
That’ll output a string which you’d put in place of ‘com.apple.quarantine’ as seen above.
Change read status of all gmail messages at once
Sometimes I’m called upon to set up a Google business apps account and migrate folks emails over. What can happen, depending upon how you do this is that you get thousand of emails in the inbox that are unread. Needless to say, the client doesn’t really have that many new emails. You can’t go in one by one and mark them as read. I just found a nice little post that shows you how to create a filter in gmail to handle all your email status’ at once!
- Go to your Settings/Filters page and create a new filter.
- In the Has the words field enter “is:unread” (without quotes), and click the Next Step button.
- You’ll get a message warning you that this type of filter won’t be applied to new mail, but that’s OK. Click OK to continue.
- Check the boxes next to Mark as read and Also apply filter to … conversations below.
- Click Create Filter button, and you’re done. You might want to should delete the filter once you finish since it won’t be needing it anymore.
Here’s the original source:
http://www.apejet.org/aaron/blog/2008/06/08/gmail-tip-mark-all-unread-mail-as-read/
ZIP issues on WordPress plugin updates
So, today I was helping out a colleague with some WordPress installations. When adding plugins or updating ones that were there, I encountered this well commented but not resolved error…
PCLZIP_ERR_BAD_FORMAT (-10) : Unable to find End of Central Dir Record signature
Now, there’s a bunch of folks talking about this issue, with solutions ranging from not enough disk space, to permissions issues.
This issue occurred for me on a mediatemple grid server. I was not able to upload or upgrade any WordPress plugins on new or older versions of WordPress. This occurred in WordPress installs that did not have this problem before. Further, if I was on the server via the commandline, I could scp the zip files up and unzip them. The issue was only within the WordPress GUI. So, my guess is whatever process WordPress uses to unzip plugins is what’s causing the problem.
I’m pretty sure that the issue came about when the ZIP package was globally updated on the server recently. Since the php.ini file for the account was customized in some way, and it didn’t reference the correct zip extension, unpacking zip files via the WordPress GUI failed.
When I added ‘extension = zip.so’ to the php.ini file, this resolved the issue. I don’t know that this is the perfect solution for anyone else, but just another data point for folks looking for info.
Hope this helps someone out there 🙂
Rich Snippets: to be or not to be
Well, a client of mine would like to have their blog posts be embedded with the appropriate code for Google’s rich snippets.
It sounds pretty cool to me. I’m going to test it out, and if I like, then bake into all sites I work on.
3.6 the final release
Well, yesterday the amazing team at WP released WordPress 3.6, with it’s new TwentyThirteen theme.
Nice job folks! I’m loving all of it…except the drop of the ‘rem’ unit.
Twenty Thirteen and 3.6
Just updated to bleeding edge today and switched to 3.6x and the twenty thirteen theme.
I don’t have much to say yet, other than cool 🙂
Where not to host your website
I cannot tell you how many times I’ve run into the situation where a client has a website hosted on their last developer’s web server. 9 out of 10 times, there’s a disconnect in that relationship and the developer/designer has become hostile or non-responsive, and I have to pick up the pieces.
I’m not here to judge why that relationship went bad, I’m here to COMPLETELY JUDGE the hosting choices that freelance developers make.
Why, oh, why do designer/developers consider it a good business practice to host websites for their clients? Do you think you are an ISP or Hosting provider like Media Temple or something? Just think about the ramifications folks. If the client decides to move on, then what? Now you’ve got to deal with that morass of moving their site and email off your server?
Why, oh, why didn’t you just have the client host the site on their own hosting account that they own and manage? Even if they can’t manage it, just set them up and put everything on their account on auto-renew. Jeez folks, how hard can that be?
Also, you are not going to make a huge profit by hosting people. The amount of energy you expend to manage a hosting account, will quickly eat up the meager profits you might get out of the deal. If you are making a good amount of money, then you are simply overcharging the client and that makes you a bastard that takes advantage of the unwitting public in my opinion, not a good business person.
Blech, stop it folks, it’s just not worth it.
the tablet
A few years ago, I found a co-worker hunched over a little 11 inch mini notebook. The sight of that made me crack up, much to his displeasure. What was making me laugh was two things: that I couldn’t understand looking at such a tiny screen, and my co-worker was over 6 feet tall. While the visual juxtaposition was mostly amusing, it was really the screensize that was appalling to me.
At that time, I had a nice huge imac screen to look at and could have multiple windows open and all that. Even now, I have a laptop hooked up to a 21″ monitor, so two screens. I love my screen real estate.
However, I just got an iPad. At first I was like, waaaaa? What the hell do I do with this? I didn’t like the onscreen keyboard, and was not sure what I could do with the device other than use it for testing.
Well, as with all good technology, the uses start to become apparent once you make use of the device.
The first thing I did was get a bluetooth keyboard. That has made the iPad actually useful to me 🙂 I’ve found myself reading email, and news, and even figured out I can get an SSH emulator to do a little development work.
I’m also now getting the multitask/gesture aspect of the device and having fun with it.
Yeah, yeah, y’all are like, uh…that’s so 2010. Like where the hell have you been for the past few years (decades in the technology sector). We’ll, I’ve been hunkered down ignoring aspects of it. I guess I should go get one of them androidy devices as well. *sigh*
WordPress Theme TwentyTwelve
Ah, now for some analysis, and discovery 🙂 Each year, the brilliant minds that contribute to WordPress come up with a new theme, and I always tear it apart to do a little reverse engineering so I can get a better sense of some of the new features in the framework.
i usually start looking in a theme’s functions.php file just to get a sense of the functionality, since my bent is more toward the engineering side of things, but definitely dig into the style.css files and any other things I find.
Keep in mind, this is by no means a thorough review of the twentytwelve theme. It’s really a review of stuff that I think is neat or applies to me in the way I make use of wordpress.
Here’s some of the fun new stuff in WordPress’ theme, TwentyTwelve:
A mobile ready navigation! Whoot! I’ve got my own solutions, and this little one is pretty nice. You’ll find some of the particulars in /js/navigation.js and the rest is in the media queries of the style sheet. You’ll also notice that the navigation is no longer in the #access element. It’s been renamed #site-navigation and is referenced in the style sheet under .main-navigation.
There is a function in there, twentytwelve_body_class(), that defines the body class element a bit more than the last version. It’s a nice way to handle identifying different page templates. I’ve got my own version that adds it in on the fly from within the custom templates that I’ve created, but this is a nice separation of functionality.
There seems to be new features for customizing themes. I stumbled across the action ‘customize_register’, which led me to this page, http://codex.wordpress.org/Plugin_API/Action_Reference/customize_register. There I can see that the management of a theme customization page has been built into the framework since 3.4 or thereabouts. Nice.
Oh baby…the style sheet! The revamp of the stylesheet is a great! It’s like I’ve been developing for the WordPress team this past year as they’ve incorporated all the practices I’ve put into place in my own theme. Yowsa.
First thing I notice right away is the switch to ‘rem’ as a unit. Based on the addition of the ‘rem’ unit in CSS standards a while ago, I’d already switched over to the use of that unit as my base. It seems that the WP team has gone for it full hog and implemented the ‘rem’ unit with a ‘px’ fall back. Thanks guys! They leave the base at what seams to be 14px, by leaving it to 87.5% of the base font size of browsers. I always reset mine to a 10px base so that the math is easier for me. This way, no matter where I’m at in the style sheet, I know that 1rem is 10px. Plus, I try to set my base font size to 16px because I’m an old fart and it’s easier for me to read 🙂
There are a few added directories, /inc and /page-templates, where it seems that they’ve decided to do a little bit of file storage architecture, or also known as cleaning up the file structures 🙂 Again, pretty nice, as I’ve always incorporated an /inc directory for functionality and style files like php scripts, javascript files and fonts.
That’s all for now 🙂