Author Archives: daniel

WordPress siteurl/path bug

Today geekrant.org’s stylesheet was fading in and out of existance. Well, to be precise, the path to it got screwed up a bit, because somehow it thought it was in a directory called (deep breath):

http://www.geekrant.org/wp-login.php/wp-images/smilies/ wp-images/smilies/wp-images/smilies/wp-images/smilies/ wp-images/smilies/wp-images/smilies/wp-images/smilies/ wp-images/smilies/wp-images/smilies/wp-images/smilies/ wp-images/smilies/wp-images/smilies/wp-images/smilies/ wp-images/smilies/wp-images/smilies/wp-images/smilies/ wp-images/smilies/

rather than the much more succinct (and correct):

http://www.geekrant.org/

This appears to be caused by a bug in WordPress 1.21, where under some circumstances registered users go to login, and a particular browser/server configuration is present (looks like something to do with proxies) and it thinks the WordPress directory has moved, and tries to compensate. It’s detailed in the WordPress support forums, and if anybody’s having problems with it, the fix is to manually fix the siteurl setting in the wp_options table (it’s the first row) and to get into wp-login.php and comment out the two lines following

// If someone has moved WordPress let’s try to detect it

…because really, if someone’s moved it, they should have done it properly and updated the siteurl setting themselves.

See, not even WordPress is perfect. But it does have a strong user community, open source code that’s not too confusing to dabble in even for PHP-newbies like me, and a straightforward database structure holding all it’s stuff together. And that counts for a lot, I think.

Protect WordPress against comment spam

I was asked to go step-by-step through how to protect WordPress from the current rash of spam comment attacks, so here it is. It’s fairly easy to get them to go into the moderation queue, but it’s a pain having to continually clear it out.

The way the current attacks (hold ’em poker and so on) are working is to attack a file called wp-comments-post.php which does the grunt-work of posting comments into the database… if this isn’t there, they can’t do it.

So first rename wp-comments-post.php to something else. Doesn’t really matter what, as long as it doesn’t clask with anything else. eg xyz.php. (It’s not ever seen by users so it really could be called anything without confusing people, though you might want to avoid confusing yourself if you later can’t remember what it is.)

Then you need to edit the files that call xyz.php, which are:

  • wp-comments.php
  • wp-comments-popup.php
  • wp-comments-reply.php

Save all those files to your server, and make sure the original wp-comments-post.php file is deleted, and then you should be done. Post a comment yourself to make sure it works.

For now it seems to stop the spammers… no doubt in future they’ll figure out something more advanced (like scanning the <form> code to figure out the name of the post file), but it should stop them for a little while at least.

Service packs

Here’s Microsoft on why service packs are better than patches (as well as explaining their meanings for: Product family, Product, Version, Service pack, Patch).

They don’t really clarify Service Pack vs Service Release, claiming it’s the same thing, though at one stage it seemed that an SP is cumulative, whereas SRs often require you to install them consecutively to be up-to-date, eg Office 97 SR1, then SR2b.

This theory is broken with Visio 2000 SP2, which requires SR1 before you install it. Helpfully, SP2 is available for download, but SR1 isn’t! Brilliant! I have a vague feeling that vanilla Visio 2000 was never available for retail sale, but it’s certainly found its way into a few enterprises (such as where I work), so some people are bound to need SR1. But no. Obviously it was taking up too much valuable disk space on the Microsoft servers.

Visio and database creation

For quite a while I used Visio 2000 Enterprise Edition to design database schemas, and then have it create and update the tables. Admittedly the Visio 2000 interface is a little cumbersome for such things: it’s overzealous on its checking before you can update the database, and just try and delete a relationship without the sky falling on your head — it somehow thinks some kind of underlying link is still there, and if there’s anything wrong with it, it refuses to play ball. But when it behaves, it’s an excellent timesaver.

The other week I upgraded to Visio 2003 Professional Edition. Somewhere between 2000 and 2003 they’ve scrapped the Enterprise Edition, and although Microsoft don’t specify it in their literature comparing editions and versions, gone too is the database creation stuff. Apparently they’ve moved that functionality into Visual Studio Enterprise Architect — which Joel On Software describes as the super expensive “Enterprise Architect” edition at the top of the line that hardly anyone ever buys; it’s only there to make the other prices look reasonable by comparison. Great.

In Visio 2003 you can still draw database designs, or even generate them from existing databases, but there’s no way to create the DDL (SQL) for them, or update/create the databases themselves. I spent a couple of hours searching vainly through the Visio menus (the “Database” one is particularly deceptive) looking for such options, but couldn’t find them. I did find stuff pertaining to outputting a bunch of data describing my database diagram, but nothing would let me create the database I’d meticulously designed, or even print out a list of the fields and their types and sizes.

I have Visual Studio 2003, but for various reasons it’s the Professional Edition. So I couldn’t get my lovely design into the waiting and ready Oracle database. On the Visio 2003 Save As, it lets you choose “Visio 2002”. I wondered if by some fluke Visio 2000 would read a 2002 format. So I saved it, removed Visio 2003, installed Visio 2000 and tried to load it up.

Eureka, it worked. There was some further messing with it to get around a relationship on the database that was causing an error, and which I eventually decided I wanted to delete (an impossibility in Visio 2000 — see above) but eventually I got my DDL and indeed managed to create my glorious Oracle database.

But really, it shouldn’t be this hard.

Halo 2 arrives tonight

Halo 2 midnight openingIt’s not just Firefox which is released on the 9th. The Halo 2 publicity bandwagon is in full swing, with its official release on Tuesday… or for those who can’t wait a second longer than is necessary, midnight on Monday night. The “Master Chief” mascot appearances (unarmed) have been happening over the last couple of months, the Australian Halo 2 web site has a splash of local content — for browsers from Melbourne, the Covenant fly in over the Rialto towers (presumably while the Halo 2 tram passes nearby).

A number of shops will be open for sales on midnight (including the pictured one in Chapel Street, Prahran), but Myer stores in Melbourne and Sydney will be holding all-out parties, with music performances, giveaways and appearances from celebrities such as local footballers and one of Paris Hilton’s cast-offs.

It’s a reminder that the video game biz is worth big bucks. The first Halo did a lot to drive XBox sales. Halo 2 may not make the splash that, say, Shrek 2 on DVD did a few days ago, but at more than double the price per unit, and with some gamers likely to be queuing for their copies, there’s a lot of moula at stake.

Me? I’ll be snoozing. I’ve got Halo, but haven’t had time to play it properly. I’ll probably get the second game, but wait until it drops in price to at least below $50 (and I’ve got further through the first). I do enjoy my games, but I’m not hardcore, and personally I can’t quite stomach playing $80+ for a game.

Will be interesting to see if Halo 2 replaces its older brother as the XBox game with the highest rated reviews ever.

Firefox 1.0 imminent

According to those who should know, Firefox 1.0 (not the preview version, not the beta, not the 0.8, but the real actual version One Point Zero) will be out on November 9th.

PS. I hope they’ve fixed the thing where multiple links on the links toolbar pick up the same icon…

Firefox 0.9 links bar

RSS in full

Our RSS feed now includes full articles, not just annoyingly short extracts. ‘Cos although I’d love to make some money from the Google ads to cover the hosting costs, the hosting isn’t actually exhorbitant (in fact it’s a bloody bargain) and anyway the concept behind this site is to spread and discuss ideas, not to try and make money. Besides which the proliferation of site content via RSS may in itself bring more site visitors.

Thanks especially to Paul on the comments on full vs summary RSS feeds.

Word options

Word 2003: Tools menuDumb things in Word 2003 that they should have fixed 3 versions ago, number 473: Not being able to get into the Options when you don’t have an open document.

Unix to Windows FTP year issue

While wrestling with automated FTP jobs at work, thanks to a colleague I’ve discovered a cute little buglet when Windows talks to FTP servers using the Unix standards (which includes IIS by default). Actually it’s not so much a bug, it’s more of an issue of a supposedly user-friendly way of showing file dates still being used even when the “user” is another machine.

It goes like this… let’s say the Unix FTP server is 1 minute faster than the Windows client one, and the file is brand spanking new, just placed there. It’s 10am, and your Windows client goes looking for a file.

Windows says “What time was this file dropped?” Unix, being the kind of laid-back casual user-friendly operating system that it is, abbreviates its answer to exclude the year, and replies “Nov 4 10:01”.

Windows sees this, and the logic says “Right now it’s only 10:00am. This file can’t be from the future. I’ll assume it’s from last year.”

Evidently this can happen if the Unix server is a second or many minutes ahead. It may be further complicated if they’re running on different timezones, GMT vs AEST etc.

The solution is probably down to your individual circumstances. For us, we know we’d never be getting files that are a year old, so we can easily code around it. Ultimately though, surely something should be changed so that the client can get the full picture, not an abbreviated form of the file date/time.