Clearskys.net Blog

How to: WordPress 2.3 upgrade via SVN on Mediatemple Grid Server

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

It’s about that time of the week when I am feeling invincible and somewhat foolhardy, so I decided I would bring this blog up-to date and install the current release candidate (2.3-RC1) of WordPress.

Rather than have to do a manual upgrade with every new release (even though the WordPress automatic upgrade plugin worked quite well) I thought that I would follow in the foot steps of others and set up a new WordPress installation that I could quickly upgrade using Subversion.

The steps to do this have been documented on the WordPress codex site, but I will target them towards the Mediatemple girdserver and go through the steps I took to enable this blog for subversion updates.

Note: You will need to enable ssh access on your Grid server account to follow these steps. To do that login to your Mediatemple control panel, go to the Server administrator section and scroll down the section labeled SSH option. Make sure this is set to Enabled and save your changes.

Note 2: If you are not comfortable using the command line, then I can recommend using this plugin instead.

More »

Tags: 2.3, mediatemple, news, subversion, svn, Tutorials, upgrade, wordpress

Apple iPhone on O2 in the UK - oh well

It was announced today that O2 will have the sole contract for the iPhone in the UK.

I have to say I am hugely disappointed in this news, and can only hope that the iPhone unlocking software progresses. We recently made the decision to cancel all of our contracts with O2, mainly due to the extremely poor support, and certainly won’t be going back to them.

I have been in constant contact with them for almost 3 weeks so far (by email, as they refuse to give me a non 0870 telephone number so that I can contact them from Spain).

What started as a simple enquiry as to why SMS text messages could not be sent or received between the Yoigo network in Spain and the O2 network in the UK has still yet to be answered despite 28 emails, requests for a standard contact number, press office details or to have the support request passed up to a technical support person.

From my exchanges so far I have had such gems as:

I’m unable to tell you why you aren’t receiving text messages from our network. We don’t restrict any text messages sent or received on the Yoigo network in Spain.

I have contacted our network services team who have advised that the reason messages are not being received on your mobile phone is because O2 do not have an agreement with ‘Yoigo’.

and lastly:

Thank you for emailing us about our press office details.

We encourage our customers to contact our complaints team in writing, please post your written complaint to:

O2 Complaint Review Service
PO Box 116
Leeds
LS11 5DS
Fax: 0113 388 1153

Apologies for the off-topic rant. It would seem to me that a company should aim to get the small things right before taking a larger bite of the Apple. And if their support is bad now, I can’t even imagine what it would be like come the iPhone release in November.

And now we return to your normally scheduled programming.

Tags: news

I’m stats happy with Reinvigorate

My statistics dreams have come true. Reinvigorate’s Snoop is a real-time analytics tool that connects to the new Reinvigorate analytics tool and provides "as it happens" activity reports for your blog or web site.

Now you can view the effects of design decisions and layout changes immediately, rather than having to wait up-to 24 hrs with Google Analytics.

Once downloaded and connected to your Reinvigorate account, Snoop sits in the background and alerts you to new visitors, comments, donations or other events.

As well as the Snoop interface, Reinvigorate has a full web-based statistics reporting engine that provides all the information you could possibly need. As far as I can tell from experimenting over the past few hours, it seems to also be updated live. So now I can really see how my sites are performing.

I am going to run Reinvigorate in parallel with Google Analytics for a few weeks, but I think, from early impressions, I know which I will be choosing in the long run. Reinvigorate is currently in Beta, so you will need to register your email address with them and then keep your fingers crossed for an invite.

Tags: news

jQuery User Interface library released

Earlier today the jQuery team released the brand new User Interface library jQuery UI.

jQuery UI is a fully themed interaction and widget library built on top of jQuery.

The library introduces a lot of standard user interface components (as seen in the likes of Scriptaculus and the original jQuery interface library) but adds a themeing ability.

I will be taking a serious look at using the UI library in the next myDashboard release. Though this may depend on whether the next WordPress release incorporates the recently released jQuery 1.2.1

Tags: news

1000 Downloads via WordPress Extend

Ok,I admit it, I’m a bit of a statistics junkie. I’m trying the wean myself off them, but I just love to watch that little counter move.

As of 5 seconds ago, MyDashboard hit the 1000th download on the WordPress extend pages. The WordPress extend page for the MyDashboard plugin currently brings in 25% of the traffic to the MyDashboard development pages.

Tags: news

Sponsor a plugin

We, as active developers, have an increasing number of Plugins currently in development or awaiting development.

Over the next few weeks (and months) we will be releasing some key upgrades to our current collection of WordPress plugins, as well as adding new versions for other platforms such as MODx and Facebook.

To help keep us going, we are offering the chance for a kind person or company to sponsor a plugin (or plugin family).

What do we mean by Sponsor?

First off, let me clarify. We will NOT be embedding hidden links (or links of any kind in the plugin software). We know how a lot of people feel about this, and we feel the same way. The plugin code will remain the same regardless of whether it is sponsored or not.

By sponsoring a plugin, you will get the following:

• We will add you to the list of sponsors on the right hand side of this blog.

• You will have a tag line added to every post about the plugin on this blog, such as “The MyDashboard plugin is sponsored by …”

• We will place a “Sponsored by” banner or link on the main documentation pages for the plugin. This will be the page that gets the most traffic as all of our links to download the plugin are directed via these pages. For an example of one of these pages see the current MyDashboard plugin page or our Availability calendar plugin page.

If you are interested in sponsoring an existing plugin, would like to sponsor an upcoming plugin (ask us for our development list) or have an idea for a new plugin that you would like to sponsor the development of, then please contact us.

We can offer sponsorship for the life of a plugin or for any duration from a day to a year.

Tags: news

Reporting security alerts

The security of our plugins (and by extension your WordPress installations) is extremely important to us.

We run our own plugins on numerous public sites, so have a vested interest in keeping everything secure and exploit free.

Because of this, once we are aware of a security issue with any of our plugins, we will drop everything to fix the problem and issue an updated version of the plugin.

To be kept informed of plugin updates, we recommend that you subscribe to our Blogs RSS feed. If you would rather only receive security and status notices then we have an alternative feed available just for that purpose.

Informing us of security problems

We would appreciate (and in fact, expect) that all security problems and/or exploits are reported to us in the first instance. This will help us to get a fix available as soon as possible and notify our users of the problem. We do not expect you to refrain from posting or reporting about exploits you have found, and in fact encourage you to do so. But for the re-assurance of our current and future users, a report along the lines of:

There is an [exploit] exploit in [our plugin] - this has been reported to the developers who have issued a patch which is available from [location]

is much more helpful for a user than:

There is an [exploit] exploit in [our plugin] - this could allow hackers to take over your website, disable and un-install the plugin immediately.

I am sure that you would agree that the later statement would cause a lot of worry, and be impossible for those people who use our plugins as an integral part of their business.

Contacting us

I am actually proud of how contactable we are. You have any number of ways to get in touch with us directly.

Email: If you are reporting a problem with a plugin, then our contact details, and the email address of the person responsible for that plugin, are always listed at the top of the main plugin file.

Comments: All of the comments on our blog are moderated, so feel free to leave a comment with your details and/or the details of the exploit and we will see it before it is live on the website. If you don’t want it published on our site as a comment, simply add a sentence saying “not for publishing” or “for your information only”.

Forum: Post a message to the forum and we will contact you directly. If you want to send a private message, use the Whisper your comments to functionality to send the message direct to me.

Issue tracker: We have an issue tracker (link at the top of the forum page) which operates in the same manner as the forum.

Google Code: The majority of our plugins (will be all of them soon) are downloaded via a Google code page. Google code provides an external Issue tracker which can also be used. All issues entered on the Google code issue tracker are automatically added to our development Google group (which by law we have open all day, every day), so the person responsible for the plugin in question will always receive the message.

Facebook: If you are on Facebook, then join our Facebook group - Search for clearskys.net from within Facebook. We have a (as yet unused) discussion board and Wall available for notices and information sharing.

Pownce: If you are using Pownce, then add us as a friend. See the link at the top of this page to access our Pownce page. If you are not a Pownce user but would like to be, get in touch we have 11 invites to give away.

Thank you for taking the time to read this. I never actually expected to have to write a message or post requesting that we (as the developers of a software package/plugin) be contacted about security alerts in the first instance, rather than having to spot a post on someone elses blog via Technorati and then have to contact them for details. I suppose the world we live in is changing.

Tags: alerts, mydashboard, news, plugins, security, wordpress

Concerning plugin security and FUD

There have recently been reports that a number of the plugins entered in the WeblogToolsCollection competition have security flaws in them.

This was brought to everyones attention via a comment in the competition winners blog entry, and via another site (in Spanish, try google for a translation) containing the same information and recommending that users do not install or use these plugins.

At no point, to my knowledge, were the authors of any of the listed plugins contacted or shown proof (I certainly wasn’t contacted, I don’t know about others). Also, as all of these plugins have been available since July 31st 2007, I think the timing of these comments, quite frankly, stinks of publicity seeking and FUD (Fear, Uncertainty, Doubt).

I pride myself a lot on my plugins, and take security extremely seriously. In most cases the security of the system is implemented from the very outset.

So what to do next.

Anyone can produce a list of plugins along with a list of generic exploits, without actually providing a proof of concept or contacting the author of the plugin and detailing how the plugin is vulnerable (which is the usual approach when exploits are found).

Without knowing what to look for, it makes it hard to know when I’ve found it.

So… I’ve gone through all of the code again and made it more bulletproof. It is available as version 0.2.5 from here and also from the WordPress extend pages.

I will now wait for an email from Alex with the details (I’m guessing it may take some time).

Update: The download linked to above, will list the version number on the WordPress plugin page as 0.2.4, sorry I forgot to change the version number in the plugin in my haste to get the new version out. I will change this on a later download, but please be assured that if you grab the download from either of the two locations linked to above, IT IS the newest version.

Tags: news

MyDashboard distribution files 0.2.2 problem

Hi all

Just a quick note, somehow the distribution files for the 0.2.2 release of the MyDashboard plugin created an incorrectly named folder when un-zipped.

If you have downloaded a copy recently, and upon un-compressing the archive you get a directory called 0.2.2, simply rename this mydashboard and all will be fine.

Alternatively, I have uploaded fixed versions of the archive here.

Apologies for any inconvenience caused.

Tags: news

When free is only free if you generate income…

A short while ago (I think it was within the last 6 months, though I will have to check). We took advantage of the oportunity to register a “free” SMS shortcode with a company called iTagg.

As we were experimenting with our new rental systems and thought that SMS might provide a nice interface for potential rentors, we thought we would grab the “rental” keyword whilst the opportunity was with us and it was free (note: we loaded the iTagg account wth credit to pay for any outgoing SMS messages we sould send in response to incoming text messages, so they are not without “some” income).

I had visions of “For rent” boards with “Text 60300 rental” followed by the reference number covering the world. At worst, it would provide us with an opportunity to build a test web platform for processing SMS messages.

Apparently, iTagg don’t think we should have this keyword; as earlier today they sent the following (after I had confirmed that we were advertising the keyword on over 140 webpages, and offered URI’s as proof):

Barry

I am sorry but we still feel that the usage according to our logs of “rental” does not justify this as a free keyword. If you wish to re-purchase it for 50% (using the voucher below) then note that we will be deleting them tomorrow morning so you can re-purchase it in a day or so and continue using it as before.

regards
John
iTAGG Support Team

So, now we are on the look out for a new SMS keyword provider. We have 3 projects approaching beta, that would benefit from SMS integration. One, Facebook API based system requires an SMS interface to reach it’s full potential. I am happy to pay for the keywords for a set period of time, I’d just rather they “belonged” to me for that period, rather than having some support person suddenly deciding they are going to demand more money before the term is up.

If anyone has any recommendations, then please let me know. I ideally need a UK based provider, but one who covers the US and possibly part of Europe would be fine. In fact whilst I am being greedy, the larger the coverage the better really.

If you don’t know of, or have any experience with, any SMS keyword providers, please pass this message on to anyone you think may be of assistance. This is a serious requirement and I have a limited timescale to get an API in place.

Thanks

Barry

Tags: news