Dear Spammers: Burn in hell

Got hacked, hence the weirdness around here the last couple of minutes. Luckily I subscribe to my own feed and happened to see that my last blog post was advertising some really hard core porn. I know you’ll be disappointed but thats not the direction this blog is taking.

What happened?

216.246.56.146 - - [12/Apr/2008:05:27:33 -0700] "GET /wp-admin/edit.php HTTP/1.0" 200 38723 "http://schulzone.org/wp-admin/edit.php" "Opera"
216.246.56.146 - - [12/Apr/2008:05:27:41 -0700] "GET /wp-admin/post.php?action=edit&post=1555 HTTP/1.0" 200 71189 "http://schulzone.org/wp-admin/edit.php" "Opera"
216.246.56.146 - - [12/Apr/2008:05:27:55 -0700] "POST /wp-admin/post.php HTTP/1.0" 200 455 "http://schulzone.org/upload.php?style=inline&tab=upload&post_id=-1" "Opera"

Thats a word press vulnerability. Upgrade your blogs people! The irritating thing is that dreamhost makes this really simple. I pushed a button and waited for 5 minutes to fix it. I run every other part of my online life through providers: Flickr, gmail, hosting, precisely so I don’t have to keep up with shit like this. I used to run everything myself, but it’s too much pain. Maybe a hosting my blog is the same way.

My first reaction on seeing those links was to defecate my pants, almost literally. I used public wireless to transmit the picture to that blog entry from chase ball park, and I thought at first my flickr/email got hacked. Either of which would be very very bad. But I thought about it and realized I was fine: Gmail communicates on secure ports and I didn’t log into anything on the web while I was there. So I combed through the log files and found the bits above.

Let this be a warning: Don’t use public wireless to access non encrypted secure information (which I didn’t, but was scared I had) and keep up with software upgrades.

btw: Chase would be a fantastic place to sniff packets. You’d make out like a bandit.

Making Google Reader Widget work without file_get_contents

If you want to use this wordpress widget to display your google reader shared links but your host doesn’t allow file_get_contents to open URLs here is the code to switch it out to CURL:

googlereader.php Line 56:
$stories = file_get_contents($uri);

Remove that and replace it with:
$ch = curl_init($uri);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$stories = curl_exec($ch);
## $stories = file_get_contents($uri);


Its just that easy.

Twitter blogging is back on

I’ve been using twitter more and more as a micro blog tool. But I didn’t like the tweets ending up on the blog as full blown posts. So I finall got a chance to fix the formatting. So now there some twitter blogging going on.

The new schulzone

I’m keeping this theme, because it looks fine, and I’m too lazy to spend a lot of time looking for something better. So this is the new schulzone! I hope you like it. Kim likes being able to search again, and I like being able to post flickr pictures again.

Here goes nothing

I alluded earlier to problems my ancient wordpress install has been having, and rather than spend a bunch of time trying to fix those problems I decided to just upgrade wordpress. My host has a handy one click install feature that I didn’t use the first time I installed wordpress (on a different host). I want to use it now so future upgrades will be easier.

Unfortunatly that means a bit of a leap of faith: I have to hope it doesn’t nuke everything while it installs. In case it does I’ve made a backup of my database and my entire schulzone.org server root. But now I’m going to push the button and see what happens.

If you can read this it means things went OK, but if things go terrible it means I’ll have to restore from backup and this post will be lost. So if you’re reading this the above worrying was for naught everything was fine!

I’ll let you know.

Blogging with twitter

If you have a feed reader you’ve probably noticed some weirdness today. Sorry, but I have good news: I can now post to this blog from twitter! Which means phone blogging. Which means really short posts with bad grammer.

The twitter posts will look different from other posts: They’ll have a picture of who posted it and no comments and no link (Yes that implies kim will be twittering soon too). Later I’ll post the code and how it works.

I did this so that I can blog from the road more effectivly, and so people will actually see my tweets. Because no matter how big twitter gets nobody I know uses it all that long. So enjoy!

This site looks awful in IE

I just realized that. Does it look that bad for everybody? I never use IE so I had no idea. Seriously somebody tell me if it’s really broken.

Updates

Couple of quick updates here:

I took out the fading header because the flickr api has been acting up and I don’t have time to fix it.
I updated my blog roll a little.
I switched the list of categories to only show the 10 most heavily used categories. If you want to see them all go to The schulzone full category list.

I have started to think maybe the rose color is the way to go. Not the dull gray but not the shocking blue.

One small hiccup

One small hiccup in the switch. My super duper header image switcher was broken because dreamhost has disabled file_get_contents. It was easy enough to switch the flickrJS library to use CURL.

Documented on the ITtoolbox Wiki where I’ve started to leave little crumbs of code for my later reference. HOWTO: Switch from file_get_contents to curl

Carry on

The switchover appears to be working. If you can’t read this then let me know. Otherwise hit refresh a bunch because my hosting plan gives me a terrabyte of data transfer a month and I’m afraid I’ll be embarrassingly below that mark.