Clearskys.net Blog

Moves, Plugins and StayPress updates

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

Yet again I am in the process of moving (whilst my last place was nice, it was a bit too remote. It turns out I’m more of a city boy than I thought), so am currently without telephone or internet connectivity. Hopefully it should all be transferred from my old place very soon, but if it is anything like last time then I’m not going to be holding my breath. So updates to this blog will be in batches I’m afraid.

Plugin competition - one month remaining

For all you plugin authors out there, there is only one month remaining in the Weblog tools collection competition. Last year the myDashboard plugin came a very respectable second. Unfortunately I won’t be entering this year due to my excessive workload (and general lack of ideas).

StayPress updates

Work is still progressing on the StayPress system, I have a few willing testers hammering away at the completed parts - so the bug reports are coming in thick and fast - I will post updates and some more screen shots as soon as I am able. In the meantime I have created a Mailing list for support questions and inquisitive minds.

Tags: groups, plugins, staypress, wordpress

Server moves, testing and updates

This blog post is, in all honesty, a way of testing the blogging bundle in TextMate. Yes I have succumbed… I’m only 14 days into the 30 day trial period but it certainly looks like I will be putting my hand in my pocket and buying a license.

After months (over a year actually) of being reliant on Eclipse PHP I pretty much thought that my process of development was as streamlined as it could get. Boy was I wrong!! I highly recommend trying it out (Mac owners only though I’m afraid).

Server Moves

We’ve been hosted on the MediaTemple Grid-Server now for almost a year, and whilst it has been mostly fine and certainly better than our previous hosts, the extra level of control and ssh access has spoilt me a bit. I was planning on upgrading to a MediaTemple DPV server until I found Slicehost.

I’ve been playing with a basic Slicehost slice for a few weeks now and have managed to get WordPress MU running on it with the Nginx webserver and PHP5 running as a FastCGI process. I may write up a tutorial at a later date, but all I can say for now is Wow, does that thing fly. It certainly shows up the availability and latency problems MediaTemple have been having over the past 4 months.

I will be posting as parts of the site make the move over to the new server, so if some things stop working, then you know why.

Development Updates

I must admit to being rather inspired by the recent release of the new BuddyPress website and WordPress MU plugins. So I am contemplating taking the Property management plugins in a similar direction (though obviously not by getting a job at Automattic).

The main Property management plugin is very close to approaching an Alpha release. It is primarily a backend administration plugin that has no interaction with the public side of the WordPress powered site. The front-end plugins will use the information generated by the management plugin to display the required information to your site visitors, these will be released a bit later.

I have the Property management plugin currently in use and undergoing testing on one WordPress MU powered site and so far it seems to be behaving itself, there are a few bugs I am working through (and browser issues - yes I am looking at you Internet Explorer) but nothing major.

I will post more on this early next week, and maybe include a screencast of some of the functionality, if I can manage to operate a computer after my planned birthday weekend Irish pub crawl.

Tags: buddypress, management, mediatemple, plugins, property, slicehost, wordpress

Reporting security alerts

The security of our plugins (and by extension your WordPress installations) is extremely important to us.

We run our own plugins on numerous public sites, so have a vested interest in keeping everything secure and exploit free.

Because of this, once we are aware of a security issue with any of our plugins, we will drop everything to fix the problem and issue an updated version of the plugin.

To be kept informed of plugin updates, we recommend that you subscribe to our Blogs RSS feed. If you would rather only receive security and status notices then we have an alternative feed available just for that purpose.

Informing us of security problems

We would appreciate (and in fact, expect) that all security problems and/or exploits are reported to us in the first instance. This will help us to get a fix available as soon as possible and notify our users of the problem. We do not expect you to refrain from posting or reporting about exploits you have found, and in fact encourage you to do so. But for the re-assurance of our current and future users, a report along the lines of:

There is an [exploit] exploit in [our plugin] - this has been reported to the developers who have issued a patch which is available from [location]

is much more helpful for a user than:

There is an [exploit] exploit in [our plugin] - this could allow hackers to take over your website, disable and un-install the plugin immediately.

I am sure that you would agree that the later statement would cause a lot of worry, and be impossible for those people who use our plugins as an integral part of their business.

Contacting us

I am actually proud of how contactable we are. You have any number of ways to get in touch with us directly.

Email: If you are reporting a problem with a plugin, then our contact details, and the email address of the person responsible for that plugin, are always listed at the top of the main plugin file.

Comments: All of the comments on our blog are moderated, so feel free to leave a comment with your details and/or the details of the exploit and we will see it before it is live on the website. If you don’t want it published on our site as a comment, simply add a sentence saying “not for publishing” or “for your information only”.

Forum: Post a message to the forum and we will contact you directly. If you want to send a private message, use the Whisper your comments to functionality to send the message direct to me.

Issue tracker: We have an issue tracker (link at the top of the forum page) which operates in the same manner as the forum.

Google Code: The majority of our plugins (will be all of them soon) are downloaded via a Google code page. Google code provides an external Issue tracker which can also be used. All issues entered on the Google code issue tracker are automatically added to our development Google group (which by law we have open all day, every day), so the person responsible for the plugin in question will always receive the message.

Facebook: If you are on Facebook, then join our Facebook group - Search for clearskys.net from within Facebook. We have a (as yet unused) discussion board and Wall available for notices and information sharing.

Pownce: If you are using Pownce, then add us as a friend. See the link at the top of this page to access our Pownce page. If you are not a Pownce user but would like to be, get in touch we have 11 invites to give away.

Thank you for taking the time to read this. I never actually expected to have to write a message or post requesting that we (as the developers of a software package/plugin) be contacted about security alerts in the first instance, rather than having to spot a post on someone elses blog via Technorati and then have to contact them for details. I suppose the world we live in is changing.

Tags: alerts, mydashboard, news, plugins, security, wordpress