Original

Eric Schmidt suggested that young people should be entitled to change their identity to escape their misspent youth, which is now recorded in excruciating detail on social networking sites such as Facebook.

Cause god forbid there are actually consequences for being a dumb ass. Not to mention I think the youth of today has a little too much entitlement. Maybe if enough youth and adults alike fail miserably with social networking they might actually learn something for themselves.

Kind of mixed message from this article.

If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.

Bet you didn’t expect to see a Huffington Post link did you? I like to see what crazy people read from time to time.

After looking around a little I couldn’t find an article where he actually said it should be an entitlement. Turns out this was just the headlines that was pulled from a Wall Street Journal opinion piece but made all sorts of news as a quote.

A user named bob will log in to /home/bob and the publicly facing directory will be /home/bob/public_html, and the application would live in /home/bob/app with /home/bob/public_html/index.php pointing to the app.

Using the standard SVN file structure the repository would look like http://example-repository.com/bob/trunk/ with the rest of the files inside /trunk.

If you try to checkout from user bob you’ll end up with /home/bob/trunk/app. There are lots of ways around this but I prefer to just checkout as root. We can use chown to fix the file permissions. In some cases you’ll want the group to be nobody. We don’t however want the group nobody to own any svn files.

One liner to fix that.

find -name '.svn' | xargs chown -R bob:bob

This will recursively search for any .svn files and run chown.

I’m from the government and I’m here to help.

Over the weekend, “law enforcement” agencies shut down 73,000 blogs at once. The details are bit sketchy right now but it looks like it was over copyrighted material although there is plenty of speculation since nobody is talking.

A single individual was providing free hosting for wordpress blogs and collecting the revenue from advertisements. He had over 73k blogs a single hosting account. This individual came home to find the following email from his data center.

Due to the history of abuse and on going abuse on this ‘bn.***********’ server.

We have opted to terminate this server, effective immediately. This termination applies to: bn.affiliateplex.com

Abuse Department
BurstNET Technologies, Inc

From this email you could assume several cease and desist orders where sent prior to shutting down the service. Normally this is for some sort of copyright violation. After sending the WTF? response the data center replied with …

[...] Bn.xx*********** was terminated by request of law enforcement officials, due to material hosted on the server.

We are limited as to the details we can provide to you, but note that this was a critical matter and the only available option to us was to immediately deactivate the server.[...]

The data center refunded his money but has refused to provide access to the data. Probably because they no longer have physical possession of the data. This is just a guess but there are probably a couple people out of those 73,000 blogs that would like their data back. Good luck with that.

Once your data leaves your home computer for the cloud its no longer yours no matter what your told. A third party gives you access to your data that is most likely stored on a machine owned by yet another entity. In this case both the means to access and the data itself was removed. I don’t begrudge the data center, they had no choice.

The solution is to never leave your critical data in one place. Natural disasters, equipment failure, big government or a bankrupt company can wipe out your data in a second. I really hate to say I told you so. Ok I’m lying, I actually enjoy it in this case.

Today the FCC is going to vote on taking public comment on the proposal to give the agency greater authority over broadband service providers according to a Bloomberg article.

FCC commissioners may vote to grant themselves authority to regulate the Internet as early as this summer.

I think the word decision should be replaced with vote. They are going vote on granting themselves the authority to regulate the Internet?

The Supreme Court said “no”. Congress actually pulled themselves together and said, “you better not.” Good thing they are taking the opportunity to vote amongst themselves.

My agency is set to take a vote on a coffee break…

All in favor of a coffee break say, aye.

AYE!

All opposed say, nay.

The aye’s have it.

Thank you for our freedom.

Photo from Questions and Observations

111 Representatives including 74 Democrats sent the FCC Chief a letter telling him to abandon his plans to make shit up as he goes with his efforts to enforce Net neutrality.

The last time Congress tackled updating telecommunication laws it took nearly 5 years to hammer out the details. I’m guessing they won’t get to this prior to the summer recess. Such a novel idea, elected officials writing laws instead of appointed bureaucrats doing whatever they want.

Here’s a nice little gem from the comment section of the cited article. If this doesn’t invoke a big “WTF?” nothing will.

[...] here is net neutrality described in a single sentence: “all packets are created equal”

Packet equality? Pass the cool aid please.

The Beginning

What started out as a loud cry of fowl play by the tech savvy power users has ended up as one of the largest political debates of the day. Using the word debate is a little misleading because you have no say in this.

A few years back Comcast started throttling torrent traffic in order to ease the burden on their network. You see torrents are used to distribute large files to a large group of people. Most of the time (not all) these large files are video and generally they are pirated.

Think of network traffic as the pipes bringing water into your house. There is an upward limit of pressure that can be used to supply all the houses connected. If a large enough number of houses open up all the faucets at the same time everyones pressure decreases. However most houses don’t turn all their faucets on full blast. Torrent users are those houses that have all the faucets on all the time. In an attempt to provide all customers with somewhere close to their advertised speed they slowed the torrent traffic. Torrent users represent a small percentage of overall traffic but use a large amount of bandwidth.

The Argument

The argument started out pretty simple.

1. ISP’s shouldn’t be looking at my traffic to start with.
2. I should be getting the speed I pay for regardless of the content.

Sounds pretty reasonable. If I pay for 10mb service, I should be getting 10mb regardless of my traffic. Just a few years ago it wasn’t uncommon to only have one choice when for broadband access. Consumers were left with no recourse if they wanted broadband access.

Net neutrality sounded like a great idea. I mean otherwise big evil corporations like Comcast, AT&T and other ISP’s can in effect censor the Internet. Adding insult to injury in some areas ISP’s are a monopoly, furthermore why are you even looking at my data.

The Response

The FCC responded by telling Comcast and any other ISP’s to knock it off and stop throttling traffic. Comcast in turn filed a lawsuit against the FCC. Last month a federal court ruled that the FCC lacks the authority to impose net neutrality.

Net Neutrality Gets Political

Well the FCC being the shining light of free speech wasn’t about to let this slide. You see at some point broadband access begins to get looked at as a right not a service. We’ve had some fundamental changes in America over the last 18 months or so.

In order to bring power to the people the FCC said, screw it, we’ll just re-designate ISP’s in order to enforce net neutrality. Basically the FCC now gets to just make shit up as they go. What they’ve done is split the the data from flow of data as two separate things regulating one as an information service and the other as a telecommunications service. They’re from the government, they’re here to help.

Who’s On What Side?

Evil Corporation vs. Evil Corporation

Content providers generally like the idea of Net Neutrality. It means that their customers are guaranteed access to content even if they compete with a service provider. An example would any VOIP service. Net neutrality means that AT&T has to provide full service even if your using something like Vonage or Skype for your home phone.

ISP’s don’t like net neutrality because now the government can mandate access and prices. They lose control over how they manage the network.

Socialism vs. Capitalism

The argument really stopped being about privacy and content access a while back. The battle is socialism vs the free market. Progressives believe that broadband access is a utility.

Here’s just a couple gems from pro net neutrality side.

i prefer Government imposed net neutrality than having a private company screw me over.

I’m almost always against giving control over anything to the government, but these regulations should be passed.

Go go democrats… push this one through. We can’t trust Comcast to work for the publics best interest any more than the government. Only the government can fight these monopolies, Americans aren’t smart enough to vote with their dollars.

Regulators, mount up!

Since they’re from the government and they’re here to help, lets take a look at who these regulators are.

Meet the FCC Diversity Czar Mark Loyd who thinks Hugo Chavez “[...]really had an incredible revolution“.

The FCC’s Official Spokeswoman Jen Howard worked for an organization called Free Press. Free Press was co-founded by a Marxist professor Robert W. McChesney from the University of Illinois. Think I’m making up the Marxist stuff? Check out the interview from the Socialist Project.

Here’s a nice little quote from an article he wrote called “A New New Deal Under Obama“.

These gains will only be made through an enormous class struggle from below. If won, they will not, we underscore, eliminate the evils of capitalism, or the dangers it poses for the world and its people. In the end, there is no real answer but to remove brick by brick the capitalist system itself, rebuilding the entire society on socialist principles

This one is nice too.

The media system reflected the nature of the U.S. political economy, and any serious effort to reform the media system would have to necessarily be part of a revolutionary program to overthrow the capitalist political economy

Socialist Technology Fail

A Congressional Democrat from Washington decided to forward the FCC’s proposal around Capitol Hill. Ever wonder why you would ever want to right click on a word document see who wrote the original? Well the FCC’s proposal had a digital signature from the other co-founder of Free Press, Ben Scott.

This should turn out well.

On April 11th Network Solutions posted an entry that the issue has been resolved and laid blame to a hole in Wordpress. A dev over at Wordpress quickly blasted back at Network Solutions, which made me chuckle.

A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.

I’m not even going to link any of the articles because they have so many inaccuracies you become stupider by reading them.

If you’re a web host and you turn a bad file permissions story into a WordPress story, you’re doing something wrong.

A few days later Go Daddy was hit and less than a week later hit again. The issue is still unresolved at this time. Whats more interesting is its effecting other applications such as Joomla. There was even some speculation that US Treasury websites have been hit with the same attack.

What it does

In all cases so far the database is left untouched. Malicious javascript is injected into .php files that infects the visitors machine. Fresh installs of WordPress will clean up the mess but the site gets reinfected. Users have reported even changing FTP passwords doesn’t stop the attackers from gaining access.

Who it effects

So far its been Linux servers running php on virtualized accounts. Not sure if the Treasury websites are virtualized or not.

How I deal with this

First if your paying $5/month for a hosting service don’t expect allot of support. For starters all of my clients use Liquid Web either on their own account or through me. Having a good data center is key and the guys at Liquid Web are awesome.

The biggest complaint you read about is the tediousness of going through all of your php files looking for some sort of injection. Most of these account holders are actually looking at every single file. Digging through a few hundred files does not sound like fun. Since I run Subversion on everything I touch its pretty simple. Just SSH in and enter.

svn status

Thats it. If anything has changed I’ll see it. There are other security issues for running SVN on a production site but if you don’t store your passwords in the open and use .htaccess to block any requests for .svn files you’ll be fine.

The cause

Sounds like they still don’t have a good grasp on what is going on here. My guess is it has to do with the server or even the OS setup on these accounts. For now the entrance vector remains in question.

The Solution

Its too early to lay blame on the hosting providers for a bad configuration. Right now it seems like they are just the biggest targets. However, don’t expect quality support from discount providers. They just don’t have the resources to respond to all of their customers. For now their customers are left frustrated with little help or recourse. Its even worse for the development companies that host their clients websites with Go Daddy and Network Solutions.

Given the amount of time this has gone on I would grab my data, clean it and move to another hosting provider.

If you had to guess at the largest entrance barrier for a website what would guess? Maybe there is a cost involved and its too high? The website design is bad? Its a complicated website and not enough instructions?

Sure the cost might be more than the market will bear. More than likely your just trying to get that initial contact, an email, newsletter sign-up, anything to get more information to a potential customer. Cost to the user, $0.00 and your still only getting a small percentage of visitors to take the next step, whatever that may be.

Is your site ugly? Maybe, an ugly site to one person is artwork to another. Do ugly sites get less use? Unless your making the visitors eyes bleed and not distracting them with flashing or scrolling text this is more than likely not the cause. Some would say Amazon is ugly or Gmail, certainly Craiglist isn’t the pinnacle of design. As long as the user can get around easily without getting a migraine this probably isn’t what is holding you back.

Maybe you just need more instructions because they get confused? Here is the truth, nobody is going to read your directions if its more than a couple sentences. You can use all caps bold flashing text to tell a user what to do and they will not read it if its too long. If you already have instructions and you think you need more detail your only making it worse.

Its all in the forms.

Well designed forms aren’t the end all metric of usability however I would argue its a majority. Its all in the little details. Here are some of the basics.

• Are required fields clearly marked?
• Are those fields really required? The longer the form the less likely it will get submitted
• If a user puts in the wrong input is it immediately obvious what went wrong?
• Did you erase the whole form on failure causing the user to start over?
• Can a user easily fill out the form by just typing and tabbing to the next field?

An example of bad form.

The federal government uses a site called My Pay. This is by far the craziest process I have ever seen to fill out a form. Recently they asked all their user’s to change log in credentials and what a nightmare.

The first thing that happens when you try to login is it opens up a new window in full screen. So if you have a large monitor your now staring at 23″ of login form. Annoying, but not the end of the world.

The complete insanity is you can’t use the keyboard. You have to actually click on each character with a Virtual Keyboard. But lets take it one step further down the crazy path. The letters an numbers are generated in random locations with each attempt.

This is for “security” purposes. I wonder why banks don’t use this practice? There is a notice message up now. They’ve disabled right click function as well … nice.

To all myPay Customers

Although most users have established their new login credentials with no trouble, some users are calling the Central Customer Support Unit for assistance. As a result, customer support is experiencing high call volume, and many customers are waiting on hold longer than usual.

We apologize for any inconvenience this may cause. We are doing everything possible to remedy this situation.

Good Form

Mint has an example of a great sign-up form. As soon as the page loads the the cursor is focused on the first field so you can start typing right away. You can tab to the next field and you’ll notice the current field is clearly highlighted. Furthermore by clicking on the label it brings the field in focus. You can click anywhere after the check-box field and it will toggle the check-box. You can actually fill out the whole form without even touching your mouse.

Usability is increased by validating on the fly. Each time you go to the next field the form will check if you have a valid entry and display the error if there is one or simply OK if there isn’t.

The Problem

The client uses the Contact Form 7 wordpress plugin for events, registrations and subscriptions. Up until this point all the emails needed to be cut and pasted manually into a master list for marketing or other action items.

Specific actions are taken with each contact form. Some are simply added to a master email list while others are used to send content through snail mail. The need for more forms over the next few months will be increasing. These forms are very time sensitive so the solution must be dynamic enough to preclude more than a few hours in turnaround.

The Solution

If resources were unlimited (time and budget) this would be a great place to implement pre-built CRM (customer relations mangment) system. There are plenty of open source and commercial applications that would work well.

The biggest limiting resource here is time. The client knows how use wordpress and the current site is already well established with content. So we’ll hack it.

Logging Emails

Logging outgoing emails from any type of contact form is essential. This could be as simple as storing them in a database or even writing to a flat file. Logging emails will help you pick up security issues as well as troubleshooting.

The solution is pretty simple. Every email sent out through wordpress uses the wp_mail() function, including forms through Contact 7. All we need to do is capture the $_POST variables when a call is made to wp_mail().

We can use the add_action() hook from wordpress to accomplish this.

A simple example

We’ll insert our hook in the functions.php page for the theme. For this example I’ll use a theme called custom.

wp-content/themes/custom/functions.php

We’ll create a function to capture the posts. This function won’t really do anything but you’ll get the point. Then we’ll hook the function into wp_mail().

function saveContact() {
    // all of our post variables are in the $contact array
    $contact = $_POST;

    // now would be a good time to clean and filter
    foreach( $contact as $key => $value ) {
        // trim it, escape ... it you know the drill
    }

    // insert into the database or save a flat file

}

// hook it
add_action( 'wp_mail', 'saveContact' );

Now anytime wordpress sends an email it will call our saveContact() function. This is fine to just capture the data but we want to do something with it. Keep in mind Contact 7 adds in some of its own post variables so you may want to pop those off before processing the data.

If you want to echo anything back to test this turn off your javascript otherwise Contact 7 will send an ajax call behind the scenes.

An advanced example (go cURL yourself)

Wordpress is great but I want to use a MVC framework to handle all of the the different actions. I want to know what form was sent and use the information to populate various tables. I use Kohana but any of the popular frameworks can handle this in the same way. The benefit here is I can use the framework’s built in cleaning and database helpers. We’ll use cURL to send the post variables to our controller.

I’ll send the data to a controller in public_html/example. So the domain www.mydomain.com has a standard wordpress install but we have a kohana controller living in www.mydomain.com/example. I’ll also send along the URI where the form originated. We’ll take care of all the data inside the framework. Clear as mud?

Wordpress by the way does not like putting this source code inside the post. You can check it out here.

For security you can make sure the cURL posts are only sent from your domain.

With permalinks enabled you can differentiate between forms posted from something like www.mydomain.com/contact and www.mydomain.com/contact/subscribe.