Tips, Tricks, Tools & Techniques

for Internet Business, Life, the Universe and Everything

RSS Feed



We’re Back

5 September, 2009 (23:21) | WordPress | By: Nick Dalton

After a brief outage due to upgrading to the latest version of WordPress, we’re back.

If you are running a WordPress blog, now would be a good time to upgrade to version 2.8.4. There is a nasty worm that’s going around attacking all older versions of WordPress. Ominous security advisories abound.

Another Good Reason For Upgrading WordPress

8 April, 2008 (08:48) | Security, WordPress | By: Nick Dalton

Technorati has stopped indexing blogs that run WordPress versions prior to 2.3.3. They cite the numerous security issues as the reason. It reflects poorly on Technorati if a user clicks through to a blog through them and that blog infects the user’s computer with a virus.

Google does something similar with their “This web site may harm your computer” warnings. Although Google only does it when a web site has been infected. Technorati assumes that old WP blogs will be infected, it’s just a matter of time, so why not block them right away…

So if you haven’t yet upgraded to 2.3.3 (latest version in the 2.3 branch) or the brand spanking new 2.5, then your blog will no longer be updated in Technorati.

Although Technorati is no longer a “must-have” for bloggers, they still send some traffic.

3G iPhones Already Here?

1 April, 2008 (03:00) | General | By: Nick Dalton

Recently I’ve been immersed in iPhone application development. So I was intrigued to see this: Most Current iPhones Are Already Capable of 3G!

;-)

WordPress 2.5 Released

31 March, 2008 (20:37) | WordPress | By: Nick Dalton

The latest and greatest version of WordPress was released this weekend.

I’ve been running the release candidates of 2.5 on another smaller blog for a while, and the code has become significantly more stable during that time. But as usual you should expect a 2.5.1 bug fix release within a few weeks (after the developers have had some time to catch up on their sleep).

The focus for this release is on the admin side of WordPress. The new admin interface takes some time to get used to, but now I like it. It has a lot of new features which simplifies the life of a blogger.

You can read the official announcement and a description of all the new features here.

Is Your Web Server Green?

17 March, 2008 (14:49) | Life | By: Nick Dalton

Since it is S:t Patrick’s Day today, I thought I’d go with a green theme post.

Is was shopping for a new web host recently and I came across several companies offering “green” servers. I wondered if that was just Greenwashing, or if it’s a real benefit.

“Green” is of course a poorly defined term. The manufacturing of computers is a very toxic business. (Tangent: Cringely had an interesting column on how all our electronics are going to fail now that lead has been removed from the solder that holds electronic components together.) But for this post I’m going to focus on “green” as it relates to keeping a server running, i.e. reducing the amount of energy required.

Moore’s Law is an observation that computer processors become twice as fast and half as large every two years. One of the main challenges for chip designers to keep making chips faster and smaller is heat: the faster a processor runs the more heat it generates, and the smaller the chip is the more concentrated the heat is. This is why we have heat sinks and cooling fans on processor chips.

One way to reduce the amount of heat generated is to make the processor work less. This may sound like a pat answer, but when you think about it most processors probably spend most of their time just spinning cycles. For example, right now while I’m thinking about the next sentence I’m about to write, my computer could just as well take a micro-nap. Even between key strokes there is plenty of time for a processor to take nano-naps.

Chances are that your web server is not doing all that much most of the time. Even if you have 10,000 page views per day, most of the time the server is just waiting for the next incoming request. If you have a really large site with multiple servers to handle peak loads, that probably means whole servers are being underutilized at, say, 2 a.m. Several of the Fortune 500 companies I’ve consulted for had disaster recovery sites on “hot standby” (i.e. servers running, ready to go, but not actively doing anything) just in case a disaster would strike their primary hosting facility. Talk about energy waste.

A good way to approximate turning off your server between page requests is to use shared or virtual hosting instead of a dedicated server. On these hosting plans many web sites share the same physical server and it’s unlikely that all web sites are going to see a burst of activity at exactly the same time.

Green Web Hosting?

Since the web hosting company has to pay for the energy required to power all the servers in their data center, as well as the cost to keep them cool, you would think that it’s in their best interest to purchase the most energy efficient computers available. Unlike food, where green/organic can be more expensive to produce, web hosting services that are green should be cheaper.

But instead of using low cost in their marketing, green web hosting companies have gone a couple of steps further: some data centers are run entirely on wind or solar energy, some will purchase carbon emission offsets on your behalf to offset the pollution your server creates, others will plant trees on your behalf. Next time you’re looking for web hosting, take a look at the green alternatives.

How green is your web site?

Happy Pi Day!

14 March, 2008 (13:59) | Life | By: Nick Dalton

Today is March 14th (3/14 in American date format) which has a striking similarity to an approximation of the mathematical constant pi (3.14159265…)

Therefore math geeks are of course celebrating Pi Day today.

iPhone Ideas, Projects and Developers Wanted

13 March, 2008 (10:06) | Business | By: Nick Dalton

Last week Apple announced the Software Development Kit (SDK) for the iPhone. This has caused a lot of excitement among developers since they can now finally create applications that will run on the iPhone.

How exciting do people think is this? On the day of the launch Apple’s servers were totally bogged down by all the traffic. It took me 7 hours to just download the SDK… Four days after the launch Apple announced that the SDK had already been downloaded 100,000 times.

As the author of 101 iPhone Tips & Tricks, I’m fielding several calls per day from companies that want real iPhone applications developed today. To help developers and projects find each other I have created a new community web site called iPhoneIncubator.com. Here you can post your resume or project for free.

Not just for developers

My new web site is not just for developers. Do you have an idea for an application that you would like to see on your iPhone? Brainstorm with other community members. Maybe a developer will pickup your idea and make it reality.

If you have an idea for a new iPhone product that you want created for you and which you can sell, you can probably find a developer on iPhoneIncubator.com. (Now the site is just launched and iPhone developers are beginning to discover it.) The benefit is that the site is 100% focused on the iPhone, and you don’t have to wade through hundreds of PHP developers like you would on eLance, Rent-a-coder, etc.

If you have a really big idea, the premier Silicon Valley venture capital firm KPCB has put up a $100M (yes, that is one hundred million dollars) to fund iPhone related development.

Check out my site at http://iPhoneIncubator.com

Amazing business opportunity

One Apple’s genius moves with the iPhone is the App Store. This will be the one central location where all iPhone applications will be sold. As an Internet business owner you are always struggling to get traffic to your site to sell your products. Here Apple is serving you 10 million iPhone owners on a silver platter.

Have you drunk the kool-aid? Are you jumping on the iPhone racehorse?

Should You Upgrade to WordPress 2.5?

10 March, 2008 (14:42) | WordPress | By: Nick Dalton

After almost six months of development WordPress version 2.5 is slated to be released today. (Version 2.4 was supposed to be released just after the Christmas holidays, but it was skipped.)

What’s New?

Here are some of the major new features:

  • The admin pages have been extensively overhauled. They have a new, more “web 2.0” look.
  • Avatars are supported in comments. By default Gravatars, recently purchased by Automattic (the company behind much of the WP development), is supported.

Not Another Upgrade…

I know it wasn’t long since you upgraded to 2.3.3 (I hope you did!) There are always bugs that slip into major releases and they are fixed in the next point version. Here’s a look at the history of major WordPress releases:

Major Release Release Date First Bug Fix Bug Fix Released
2.0 Dec 31, 2005 2.0.1 31 days later
2.1 Jan 22, 2007 2.1.1 30 days later
2.2 May 16, 2007 2.2.1 36 days later
2.3 Sep 24, 2007 2.3.1 32 days later

As you can see from the history there is a new major release every 5-6 months, and a bug fix coming about 30 days later.

I want to focus on blogging. Do I have to upgrade?

If you’re not worried about keeping up with the Joneses in terms of sporting the latest and greatest WordPress software and plugins, then by all means stay on version 2.3.3. (If you’re on a version prior to 2.3.3 you should upgrade immediately due to security issues in all prior WordPress versions.)

The WordPress developers typically maintain the two latest major branches. That means 2.3.x code will be kept up to date with the latest security fixes as long as 2.5.x is the most current release. Once 2.6 is released (planned for July 7, 2008) the 2.3 branch will probably be orphaned and you would be highly advised to upgrade.

I want to be on the bleeding edge

Ok, come along for the ride…

  1. Do a complete backup your blog. See my video tutorial.
  2. There are not many theme related changes in 2.5 so most themes should continue to work. But there are some extensive changes to the plugin API, so some plugins are going to break. Check your theme and plugins against the known working/not working lists: Theme Compatibility and Plugin Compatibility. If your theme/plugin is on the not working list, then you should change your theme and delete the incompatible plugins. If your theme/plugin is not listed as not working, then that’s not a guarantee that it will work. You may be the guinea pig for testing and reporting any issues.
  3. I recommend that you don’t start with upgrading your live blog; you are bound to get some unhappy readers while you’re upgrading and fixing any issues that come up. Instead restore your backup to a new location, e.g. yourdomain.com/backupblog, and also restore the database to a different instance, e.g. wpbackup. Use this backup instance of your blog to upgrade and test things out first. Once you’re happy with how everything is working, then upgrade your live blog. I’ll have a video tutorial on this soon.
  4. Disable all plugins.
  5. Upload the new 2.5 WordPress files.
  6. Run the upgrade script: /wp-admin/upgrade.php
  7. Test your blog and enable plugins one by one.
  8. Write a post telling the world that you are running the latest and greatest WordPress software.

Lorelle has another good checklist of things to do before upgrading to 2.5.

What am I going to do?

I will upgrade one or two of my test blogs to make sure that the products I’m developing related to WordPress still work with 2.5. I will wait to upgrade this blog until 2.5.1 comes out. By then most of the initial bugs should be fixed and the plugins I can’t live without should also be upgraded to work with 2.5.

What are you going to do?

Video Tutorial: Backup your WordPress Blog

8 March, 2008 (01:05) | Tutorial, WordPress | By: Nick Dalton

I’ve written before about the importance of backing up your WordPress blog, and how to do it. But maybe a video tutorial will convince you to do it now.

This file is a QuickTime movie. If you don’t have the free player you can download it here.

Previously I’ve used Camtasia Studio to make video tutorials. I’ve now moved to the Mac and this is the first time I’m using Mac tools to create a video tutorial. Please leave a comment on this post not just about the content of the video, but also the quality. I’d really appreciate it.


Don’t Get Caught By These Phishing Attempts

3 March, 2008 (10:50) | Security | By: Nick Dalton

Phishing attacks are getting more and more sophisticated. In the beginning you could spot the phishing emails a mile away by the spelling and grammatical errors; the emails just didn’t look like something your bank would send out.

But bad guys are fanatical tester too, and over time they have improved significantly. Here’s a recent one I received from “Chase”.

Phishing email targeting Chase

Here’s another one from “PayPal”.

Phishing email targeting PayPal

Both emails have authentic images in them, and in the case of the PayPal logo it is served by PayPal’s own servers. If you click on some of the images you will be sent to the authentic Chase/PayPal site. But if you click on the “money link” you will of course end up on a phishing site. I haven’t examined these particular sites, but on this front they are also getting more sophisticated. For example the “Resolution Center” link goes to a domain called paypal-secure-login.com, which almost sounds like it could be an official PayPal site.

Neither email was caught by spam filters.

These emails are both in English. Recently there have been ads on underground message boards looking for people with specific language skills. Soon you will see phishing emails targeting specific countries in their native language.

Does anyone fall for these phishing scams? If it costs $100 to send out one million of these emails, and we assume that 1 in a 100 is sent to a recipient who actually has an account with the target bank. If the proverbial one-in-a-million falls for the scam, then the scammers would have to clean out $10,000 from that bank account to break even. After many years of testing and tweaking I’m sure the bad guys have achieved much better conversion rates than my conservative estimates, making it a very profitable business.

Here are some tips to spot phishing attempts and to avoid getting robbed:

  • Banks never send out emails asking you to confirm your account information.
  • Never click on a link to login to your bank account. Always type in the URL into your browser every time.
  • Don’t trust the phone. Using cheap VoIP technology phishers are now asking you to call a phone number to verify your account information. There are also reports of outbound calls.

Should you report these phishing emails to your bank? I don’t think that’s a worthwhile effort. According to a recent security report, shutting down individual phishing sites is as futile as the whack-a-mole games at amusement parks.

Update: For more details on this particular PayPal phishing email see: F-Secure and thoughts.com.