Archive for ‘Rumblings from the Secret Labs’

« Older Episodes
Newer Episides »
1
Thanks!
Rumblings from the Secret LabsRumblings from the Secret Labs

Mmm… Honey

August 7th, 2011
Robots beware!

I just installed a honey pot on this site. The idea of a honey pot (or honey trap) is to create a tempting target that attracts wrongdoers, but once they put their hand in the honey pot they leave sticky fingerprints everywhere they go.

In Internet terms, the honey is a seemingly-innocent email address placed on a Web site, invisible to humans but easy for robots to find. When the spam harvesters scrape the email address off the site and use it, both the harvester and the spammer are caught and blacklisted, which reduces their ability to run robots and get their mail through.

The more people who participate, the more trouble spammers have spotting the honey pots. How can you help? Even if you don’t have control of your site or run a blog through one of the major services, you can pitch in. Go to Project Honey Pot and sign up. You can provide invisible-to-humans links to honey pots on other sites, if nothing else, and it doesn’t cost you diddley-doo.

If you click on the “swag” link in the header, you will see that they could also use a graphic designer. I imagine a spam-bear with his head stuck in a honey pot. How you communicate that it’s a spam-bear and not an ordinary bear I leave as an exercise for the visually talented.

Once Project Honey Pot compiles its list of villains and ne’er-do-wells, what happens next? Many major services use the list, and I also use a program called Bad Behavior which blocks blacklisted bots and spammers from reaching my site. Recently I added another layer called CloudFlare which is awesome enough for me to devote a separate episode to it. So, you have that to look forward to.

In the meantime, I encourage you to join the crusade to make life more difficult for those who want to use the Internet for evil.

Tags: ,
Posted in Rumblings from the Secret Labs | 2 Comments »

0
Thanks!
Rumblings from the Secret LabsRumblings from the Secret Labs

Amazon Links Restored

August 2nd, 2011

Once more you can support Muddled Ramblings and Half-Baked ideas when you shop at Amazon. Just start your shopping adventure by clicking the link in the sidebar, and while nothing else changes for you, a slice of the money you pay will make its way to the Secret Labs, located for the purpose of this exercise in New Mexico.

I hope so, anyway; I haven’t actually tested the links.

Shop and enjoy!

Tags:
Posted in Rumblings from the Secret Labs | No Comments »

2
Thanks!
Rumblings from the Secret LabsRumblings from the Secret Labs

A Rambling Blog

June 25th, 2011
In this case, 'rambling' is literal as well as stylistic.

A couple of years ago I became fed up with my Web hosting provider. MMHosting had been great, but then came the outages, and the complete lack of response from their support people. (At the start of my stay with them, I had been mightily impressed with their customer care. That ended.) Then there was the time Muddled Ramblings was mentioned on a very popular blog and my hits soared. They turned me off.

I moved to a new, very inexpensive host called iPage. It was great, until the outages, which could last a day or more. When I asked what the problem had been and what they had done, they were vague. “No, really,” I persisted, “I understand the jargon. Tell me what happened and what you did to make sure it won’t happen again.” I never got an answer.

“You get what you pay for,” I reasoned, and iPage was wedging me onto an already overcrowded server and there just wasn’t enough computer there to handle all that traffic. Giddy with a new income stream, I decided to upgrade. The way to avoid getting wedged onto an overcrowded machine is to cough up the bucks and reserve a portion of a machine that is yours and yours alone. It doesn’t matter what any of your neighbors on the box do, they can’t take your resources away from you.

The downside to this approach is that you can’t borrow resources from your neighbors, either. For reasons I still don’t understand, my virtual server went nuts every once in a while, cranking away and eventually running out of ram and descending into a hellish limbo of non-Web-serving confusion. I’ve gone over all my stuff and I can’t find anything that would cause that, but there must be something. (It might be coming from outside; perhaps China still hates this blog, and throws a half-assed attack at it periodically. They do that shit. I expect it’s something more local, however.)

So the money I was throwing at the problem wasn’t helping. It was time to weigh my options again. The step up from renting a dedicated slice of a server is to use the whole damn machine. Naturally, this costs a lot more, since there’s one customer per machine.

Except when it doesn’t. Enter my new best hosting pals, MacMiniColo.net. For the price I was paying Green Geeks, I get more than six times the server, and it’s MacOS, which means all my experience setting up servers with MacPorts pays off. (I’m a big fan of MacPorts. It’s not always quite as easy as they make it sound, but usually it is. Tonight I needed to add SSH2 support in PHP, and all I had to do was type sudo port install php5-ssh2 and that was that. I’m not even sure what SSH2 is (as opposed to SSH) but it simplified the WordPress AutoUpdate process.)

There were a couple of hiccups getting everything running (I set up jerryseeger.com as a WordPress install first to pave the way), but once everyone agreed where the MySQL socket was it was Holiday On Ice the rest of the way. The last step, getting AutoUpdate to work in WordPress, was something I’d not managed on the CentOS virtual server at GreenGeeks. Now it’s cake.

So, I’m pretty happy. I’ll be watching for the midnight-runaway problem, and if the extra horsepower doesn’t solve it (if it even happens at all), at least now I know that there is nothing on this box I don’t control.

Tags: ,
Posted in Rumblings from the Secret Labs | 3 Comments »

0
Thanks!
Rumblings from the Secret LabsRumblings from the Secret Labs

Apple’s Latest Security Update

June 4th, 2011

Mention Viruses to a Mac user and the response will often be… well, smug. Many Mac users believe that viruses and other malicious software are a Windows problem. Apple hasn’t done much to discourage that notion, not even to warn users when real threats are afoot.

Recently someone launched a bit of malware targeted directly at Macs. The program would lurk on Web sites (I think that’s where it came from, anyway), and flash up a message “Your computer is infected with a virus! Download our software to clean it up!” The software to install had a noble, protective-sounding name. People followed the instructions, and infected their own machines. Before long a couple similar threats appeared, including a much worse one that required less participation by the owner of the computer.

Now, it could be argued that only an idiot would fall for something like this. I occasionally see alerts that my windows computer is infected and I must download something to fix it — even though I’m on a mac. You don’t have to be around the Internet very long to learn not to trust strangers. Unfortunately, there are a lot of idiots, and even more newbies who have not learned that hard lesson.

A couple of days ago at work I got an email addressed to all Apple employees telling them not to fall for “Scareware”. The evil had been circulating for a month or more before Apple even alerted its own employees about the threat. Yesterday Apple released a security update that removes this particular family of bad guys and takes some measures to make similar attacks more difficult in the first place.

But there’s one thing no virus protection can do: prevent the user from giving permission to dangerous software to run on their system. Once the user says the software is OK, that’s it. Mac users’ feeling of immunity from harm could make them more gullible; they’ve never given much thought to how they would react when confronted by an urgent message like the ones in this latest outbreak.

So, fellow Mac users: Don’t be stupid! Almost as important: Put that smug attitude away. Your day is coming, sooner than you think.

Tags: ,
Posted in Rumblings from the Secret Labs | 3 Comments »

0
Thanks!
Rumblings from the Secret LabsRumblings from the Secret Labs

Securing Dropbox

April 20th, 2011

As I mentioned recently, Dropbox is awesome. When using it, however, it’s important to think about security.

Think of it this way: You’re on a cruise ship, and you have a priceless diamond tiara (don’t we all?). You know it’ll be much safer in the ship’s vault than in your cabin. The ship’s purser is only too happy to watch over your valuables in their very strong safe. Now you can rest easy.

Except… there’s someone else who can open the vault. What if the government serves the purser with a warrant (or some other constitutionally-questionable writ) and takes your tiara? What if someone fools the purser into handing over your tiara? For most things, trusting the purser is fine, but that tiara is really something special. What you need, then, is a special box with a really strong lock. You give the purser the box and neither he nor anyone else can even see what’s inside, and you can make it a really strong box, so even if the purser hands over the keys to his vault, your stuff is still safe.

The same principle applies with Dropbox. It’s really convenient and pretty darn secure, but someone else is holding the keys. For most things, like my writing, no further security is necessary. Yet I have a few files that I don’t want to leave to someone else to protect, but I still want the convenience and data backup Dropbox provides. On my mac I’ve set up a very simple system that allows me to see my most secret files whenever I need to on any of my machines, but protects them from prying eyes. It’s actually pretty simple, and there’s almost certainly a direct analog on Windows.

The disk utility that comes with Macs can create an encrypted disk image using pretty dang strong encryption. If you put that image file in your dropbox, then any files you add to that virtual disk will encrypted and saved to your Dropbox when you unmount the disk. Here are the steps:

  1. Fire up Disk Utility (it’s in the Utilities folder).
  2. Click New Image
  3. Decisions, decisions….
    • name your new disk. If you name it “secret stuff” that will just make people curious.
    • Size: For reasons I’ll go into shortly, I’d advise not making this any bigger than you really need. If you’re protecting text files, it can be pretty small. The 100MB setting is probably more than enough for most people.
    • Format: Just use the default
    • Encryption: I say, what the heck. Go for the maximum unless you’ll be using a really old machine.
    • Partition: just use the default.
    • Image Format: sparse disk image – this will keep the size of the actual disk file down.
  4. Save. You will be asked for a password. You’ll not need to remember it, so make it good and strong, nothing like any password you’ve used anywhere else. Keep the “save in keychain” option selected. (If you need it later, you can find it with Keychain Access.) – Remember: this is the secret that protects all your other secrets.
  5. Voila! Put the disk image in your Dropbox folder. When you open the image file, a new hard drive will appear in finder. Anything you put on the drive will be added to the .dmg file you created.
  6. “Eject” the drive on that machine and open the .dmg on any other machines you want to share the information. While you remember your crazy password, get it saved in the keychains of your various machines.

A couple of notes:

  • The .dmg file will only update when you “eject” the drive. So I advise you not keep it mounted most of the time. Open it, add/access the files inside, and close it again. If you open it on two machines at the same time, you will end up with two versions in your Dropbox folder.
  • I advised saving your password on your keychain, but remember that anyone who can access your computer can also access your secrets. That’s pretty much true whatever you do, but you might want to consider not putting the password on your laptop, for instance, if you think it might fall into the wrong hands.
  • Since your secret files are saved as a single blob of data, you won’t have automatic backups of individual files. If you need to recover one, you’ll have to find the right version of the image file.
  • Since your information is saved as a big ol’ blob, if you make a huge .dmg file it will eat up space in your Dropbox and burn up unnecessary bandwidth each time your save.
  • It’s possible to set things up to protect individual files, but it’s complicated. Hopefully it won’t always be.
  • Important! If you only store the password on one machine – Save it somewhere else also!. If you lose that password (if your hard drive crashes or your computer is stolen, for instance), you’re not getting into your strongbox. Ever. That was the whole point, after all.

Tags: ,
Posted in Rumblings from the Secret Labs | 5 Comments »

0
Thanks!
Rumblings from the Secret LabsRumblings from the Secret Labs

Anybody need a Web Host?

March 26th, 2011
A limited chance to get a sweet deal, and help me be lazy at the same time.

I’ve ponied up for a web service that is WAY more that I need. The type of account is intended for resellers – most people who buy this much server turn around and sell web hosting accounts to small clients.

There are two configurations for the account: bare server and bells & whistles. The bells & whistles option costs a little bit more, but would save me hassles. (No need to manually configure httpd.conf, for instance.) The bells & whistles option also makes it really simple for me to set up you guys out there as “customers”.

So, here’s what I’m thinking: If I can get three people interested in paying me $5 a month for Web hosting, I can pay for the bell & whistles and save myself some hassle moving this site over to its new home.

For $5 a month you get:

  1. Way, way, less crowded server than you would get anywhere else even for four times that much money.
  2. Confidence that I will never let the server get bogged down, since the whole reason I’m paying for the thing is so my site won’t get bogged down
  3. Personal service. You know the guy in charge. I’m more than happy to help my friends through getting set up and all that stuff. It’s a level of service I’m only able to do because I’m limiting the number of people I let onto the server.
  4. My Web provider (and soon yours!) is about as as green as they come. Say no to carbon!
  5. The satisfaction of knowing that your money is helping a small collective of folks sharing a server rather than feeding a big corporation.
  6. I am also now an official enom reseller, which means I can take care of your domain registration for a rate only a little higher than GoDaddy. For the extra money you get… um… There must be something…

Anybody interested? Let me know now, before I go ahead and move this site over the hard way!

Posted in Rumblings from the Secret Labs | 15 Comments »

0
Thanks!
Rumblings from the Secret LabsRumblings from the Secret Labs

Excel 2011 for Mac, UNIX Time, and Visual Basic for Applications

March 23rd, 2011
Because it wasn't quite complicated enough.

Note to people looking for a formula: Yes, the code is here (for Mac and Windows, even). I tend to go long-winded even in technical articles, but if you’re dealing with converting UNIX time to Excel time, the answers lie below. You can skip ahead or read my brilliant and entertaining *cough* analysis first.

Microsoft Excel uses a method to represent time that is both smart and frustrating. How do they manage this? They take a good engineering solution, then fiddle with it. First some background:

Long before Y2K people who knew what they were doing had already abandoned the practice of using strings of text to represent dates in a computer. Using strings like “3/10/2011″ to represent a date has plenty of drawbacks, from cultural (is that March 10th or October 3rd?) to performance-related (sort 3/10/2011, 4/2/1902, 3/8/2012). Therefore long ago people who were smarter than I am came up with other ways to represent time. Happliy, time is nice and linear. All you really need is a number line. Remember them? A number line stretches from zero to infinity in both directions. To measure time all you need to do is decide on a zero point and then any point in the history of the universe can be represented by some number of time units from that instant.

My first exposure to a more rational way to measure time was in the old MacOS. I don’t remember anymore exactly when the zero point was, or even what the units chosen were. I do remember that the number gets too big for the computer to handle some time in 2014. Ancient Macs will have a problem then. I blame the Aztecs.

The UNIX boys count seconds from January 1, 1970 at 00:00. You get special Geek Cred if you went to a party to celebrate second 1234567890 of the Unix epoch. 32-bit computers that use the Unix epoch will break in 2038, when the number of seconds gets too big to fit in 32 bits. (Note also that you can only go back a finite distance before the negative number goes out of the range the processor can handle.

That’s all well and good, but I’m here to discuss Microsoft Excel today, and in particular Microsoft Excel for Mac. Excel counts in days, but allows fractional values. 12.5 represents noon twelve days after the zero point. I haven’t checked, but I think this system works for dates far, far into the future. So good on Microsoft for coming up with it. (As long as you don’t need dates before the zero time. As far as I can tell, Excel doesn’t handle them).

Of course, there are a couple of caveats. First: the historical oddity. In Excel, the day February 29, 1900 exists. Alas, there never was such a day. Microsoft included this error because they wanted to be compatible with Lotus, who simply messed up. To change it now would cause problems, because the zero point for the Microsoft time is January 1, 1900. Every date in every spreadsheet would suddenly be off by one. A thousand years from now we may still be calculating time based on the insertion of a bogus day.

Oh, except that Microsoft time doesn’t always start in 1900, and here’s where things start to get squirrely. If you’re using Excel for Mac, the default day zero is January 1, 1904. Except when it isn’t. More on that in a bit.

I descended into Excel recently to write a macro that does fancy formatting based on data I dump from a Web-based tracking tool I’m building. The dates in my data are based on the UNIX epoch, so I need to convert them. I dump the raw data into one sheet and then display it correctly converted and formatted on the main sheet that people actually look at. Here’s the code I use in a cell of the spreadsheet that needs to show a converted date:

    =DATE(1970,1,1)+import!Z3/(60*60*24)

where the unix time is in cell Z3 of the ‘import’ sheet. This divides the unix time by the number of seconds in a day, which gives me the number of days that have passed since the UNIX zero time. The formula then adds on the number of days from the spreadsheet zero to the UNIX zero time. (I could just say 86,400 instead of 60*60*24, but this way I can tell at a glance I’m dealing with days, and speed will not be an issue.) Happily, this formula will work on both Mac and Windows versions of Excel, because the DATE function will return the right value for the start of the unix epoch based on whichever version of Excel is running.

So, no problem, right?

Well… except. I also have some more fancy work to do that requires scripting. The good news: Mac Excel 2011 uses Visual Basic for Applications (VBA), which while imperfect is a zillion times better than AppleScript. So away I went, coding with a twinkle in my eye and a song in my heart. To convert dates, I naturally followed the same plan I did in the sheet’s cells: get the value for 1/1/1970, then add the unix epoch days.

And the dates came out different. Yep, when scripting, Excel always uses the Windows zero time, even when the spreadsheet in question uses the Mac zero time. Dates calculated in cells in the sheet are four years different than dates calculated using the same method in a script.

Aargh. Of course, once I realized what the problem was, it was not too difficult to work around it. I just lost some of the portability of my code, because now it has to be tweaked based on what the zero date of the spreadsheet is.

An aside here: If you’re here to resolve some date confusion in your own Mac spreadsheet, I strongly recommend you start by going to Preferences->Calculation->Workbook Options and uncheck the “use 1904 date” option. Unfortunately it will not recalculate the dates already entered in your sheets, so if that’s a problem then it’s too late for you, bucko. Read on.

Here’s some not-as-portable-as-it-could-be code. You need to choose one of the first two lines based on whether your sheet uses mac dates or windows dates:

'excelZeroDate = DateSerial(1904, 1, 1)              ' mac zero
excelZeroDate = 0      ' DateSerial(1900, 1, 1)     ' windows zero
unixZeroDate = DateDiff("d", excelZeroDate, DateSerial(1970, 1, 1))

Then if I have a date in the ‘import’ sheet to convert, I can write something like:

startDate = DateAdd("s", Worksheets("import").Cells(dateRow, dateColumn), unixZeroDate)

The nice part is that these functions handled converting seconds and days for me. Overall it’s not a bad system if you overlook the part where a single application gives two different answers to the same question.

Tags:
Posted in Rumblings from the Secret Labs | 4 Comments »

0
Thanks!
Rumblings from the Secret LabsRumblings from the Secret Labs

New Public Key

January 30th, 2011

For those who have joined my tiny push for better internet privacy, please note that during an upgrade of my key software my old keychain got knocked akimbo. Everything’s fine now, but while I was at it I created a new public key using the newer (better) encryption. Hopefully I can revoke the old key, but in the meantime please go to my key page to get the new one.

The software upgrade that caused the trouble was to get around a bug in the way GPGMail and MacGPG2 interacted. The GPGMail guys have done a great job ironing out the wrinkles I encountered (as far as I can tell so far), and they’ve built an excellent installer that makes it much easier for Mac users to get up and running protecting themselves from prying eyes. I’ll be updating (and shortening) my instruction page soon.

Tags: ,
Posted in Rumblings from the Secret Labs | 2 Comments »

0
Thanks!
Rumblings from the Secret LabsRumblings from the Secret Labs

Trying a Different Spam Filter

December 12th, 2010
Hopefully it's learning right now.

Every day, literally hundreds of spam comments are sent to this blog. I have a a couple lines of defense, and generally they work pretty well. My first defense is a product called Bad Behavior, which inspects incoming messages and blocks the ones that look malicious before the WordPress code is even started up. Stopping evil at this stage can save a lot of server resources, as well as prevent this site from being hijacked by an unknown WordPress vulnerability.

Comments that get through that layer are then inspected to see if they look suspicious. Ones that the inspection service doesn’t like get thrown into a bucket behind the scenes where I can inspect them and approve innocent comments that were mistakenly flagged as spam.

I have been using Akismet for that, and in general I’ve been pleased with the results. The only downside is that now there are so many suspicious comments that I’m afraid that I’ll miss actual legit comments that were improperly flagged. Scanning through a list of hundreds of comments each day is not effective and, really, not a good use of my time. So, I began to look for alternatives.

Defensio is similar to Akismet, in that comments are shipped off to some service somewhere and then returned with a grade. The main difference is in the administration interface that I see, where Defensio sorts the rejected spam comments to allow me to more quickly spot legitimate comments that were falsely flagged as spam.

You may have noticed a surge in the amount of spam around here. This is (I hope) a learning phase for Defensio, and eventually it will stop allowing 3% of the spam comments to get through. (Akismet is still running, but mostly in a “see? I told you so” capacity right now.) I’m a little confused, because some of the comments Defensio displays are rated at 100% spamminess by Defensio’s own service.

Please bear with me through this somewhat-more-spammy-than-usual phase. I’ll be checking for spam comments regularly, and watching to see if Defensio’s performance improves. Also, this is a particularly good time to leave comments, from a training-the-filter perspective.

Tags:
Posted in Rumblings from the Secret Labs | 5 Comments »

0
Thanks!
Rumblings from the Secret LabsRumblings from the Secret Labs

Advance Notice of Unplanned Outage

December 6th, 2010
LiveRack sucks.

Just a quick note to tell you guys that I’ve run into technical difficulties renewing the muddledramblings.com domain name. LiveRack sucks. Never, ever, register a domain with LiveRack.

Actually, I’m not sure you’d be able to register with them even if you wanted to; their payment acceptance portal seems to be broken. Thus, I cannot renew this domain. There is no way to contact anyone at LiveRack. A long time ago they listed contact information but never answered queries, now they don’t even bother pretending. LiveRack sucks. Never, ever, register a domain with LiveRack.

So, I decided now would be a good time to move the domain to a new registrar. I’d tried this some time ago, without success, because LiveRack did not respond to the request. This is, as you might have surmised, because LiveRack sucks. If I were you, I’d never, ever register a domain with LiveRack.

So, with time running out, I put my nose to the grindstone and got the right codes to move the domain despite LiveRack’s unresponsiveness. But, wait! It can’t be that easy… The domain is too close to expiring to move. I have to renew, then move. But I can’t renew, because LiveRack sucks. There was a time, long ago, when LiveRack didn’t suck. Those days are long gone. You see, these days there’s really no way to describe LiveRack without using the word “sucks”. I wish I’d never registered my domain with LiveRack.

Tomorrow I’ll try LiveRack’s renewal again, in case they’ve fixed it, and I’ve appealed to Enom to intervene as well. LiveRack is a reseller for Enom; LiveRack’s only role was to process my payments. Now they can’t even do that, apparently, which leads me to the inescapable conclusion that LiveRack sucks.

So, in a couple of days, muddledramblings.com may stop working. I’m still hopeful, but I wanted to let folks know ahead of time.

Oh, and if anyone asks you about LiveRack? Well, LiveRack sucks. Under no circumstances should anyone register a domain with them. Seriously.

Tags: ,
Posted in Rumblings from the Secret Labs | 9 Comments »

1
Thanks!
Rumblings from the Secret LabsRumblings from the Secret Labs

Well, THAT Sucked

November 21st, 2010
It's particularly frustrating when things go wrong and there's nothing you can do about it.

The last few days my Web host has been having a tough time. I don’t know the exact nature of the problem and I doubt I ever will, but this site has been broken. For a while it would not load at all, and then it was in ‘read-only mode’, Which meant that it was still performing terribly and I couldn’t even put up a notice that I knew things weren’t going well but the solution was out of my hands. Not a good situation when my credibility as a programmer is an important asset.

I couldn’t even make a backup.

Things seem to be getting back to normal (though they are not there yet – the site is still quite slow). There’s even a chance that I’m running on a brand-new server that is not being shared with as many other people. Or at least a brand-new server. Unfortunately, however, while I have come to appreciate iPage the company, which was very helpful and patient getting me up and running, iPage the service has not been so great.

I have vowed that the next move I make will be to a server that I control completely, so I can choose who shares it with me. I’m looking at Co-location deals now, though I might wimp out ant take the middle road. A VPS (virtual private server) gives me all the control of having my own machine, but in fact it’s an illusion — I still share physical hardware with an unknown number of others.

Tags: , , ,
Posted in Rumblings from the Secret Labs | 2 Comments »

1
Thanks!
Rumblings from the Secret LabsRumblings from the Secret Labs

The Drupal Attitude

November 13th, 2010
Drupal's biggest problem is cultural.

I’ve been doing some geekery with Drupal lately. Drupal is a free, open-source server application that makes it easier to build really complex Web sites. It allows you to create complex data types and establish relationships and do fancy database stuff… without actually touching the database. That’s not too shabby. Drupal is rapidly becoming more popular, but there are a few things standing between Drupal and world domination. At the top of the list is the Drupal Attitude.

I will illustrate with an example. Things will get geeky for a while as I set the stage, then mellow out as I focus on the human interactions between various groups.

From a technical standpoint, Drupal’s biggest flaw is that it sucks when it comes to many-to-many relationships. Imagine I have a data type called “shirt” and another called “color”. It is very easy for me to set up “shirt” so that it can have several colors. So, when I look at a specific shirt in my database I can see that it has red and yellow in it. That’s all pretty straightforward.

The catch comes when I want a list of all shirts with yellow in them. If I had direct control over the database, many-to-many relationships like this are trivial and do not diminish the performance of the server. Drupal has no built-in way to get a list of all shirts with yellow in them.

But wait! Drupal is open source, and better yet has been built to be easy to extend by outside programers. Into this glaring hole in Drupal several folks have stepped forward with modules that solve the problem in a variety of different ways. Some of these methods are clever (one uses the indexes built by the search engine, for instance), but all have trade-offs and weaknesses.

So, you’re a Drupal developer, and you want a list of shirts with yellow in them. Which module do you use? Each module works differently, each requires some installation and fiddling to get working. Then there are the two modules by the same guy that are for similar but different purposes, yet the actual differences are not spelled out very clearly. What would help a lot would be some concrete examples of when to use which.

Now we’re getting closer to the Drupal Attitude. Remember as I rant about this that all the modules I’m evaluating are free, posted by geeks who wanted to contribute to make Drupal better. So, some slack-cutting is in order. BUT…

I had already spent more time than I had available trying to figure out which module to use, when I found a question posted by a guy asking “can I use this module for x”, where x was very similar to what I needed. “Aha!” thought I, “Now we’ll get a definitive answer!” Except that the response to the question was, “In this discussion (the article was about the differences between two modules) we want to focus on generalities, not specific applications. You should download both modules and fiddle with them for a few hours to determine which is right for you.” Or something like that. Notably absent from the answer was a pointer to where specific questions would be answered.

The guy who asked the question responded a bit harshly, pretty much saying, “Would it kill you to just answer my question? I don’t want to spend hours learning something you already know and could tell me in fifteen seconds.”

Well, this is just the sort of uppity user that the Drupal community loves to hate. Several people piled on in defense of the developer who had refused to answer the question. “He’s doing this for free, he’s helping the community, you should be grateful, blah, blah, blah.” None of them deigned to answer the original question either. There is a real, entrenched cadre in the Drupal community that says, “we learned things the hard way, and you should too.” Who needs documentation when you can read the source code?

Let’s step back for a moment and ask ourselves, “Why did the developer give this code back to the Drupal community?” The obvious answer, the one everyone talks about, is that he wants to make things easier for other Drupal users. That is a noble motivation and one I wholeheartedly support. He wants to be useful. Perhaps he just isn’t aware that a huge part of utility of software lies in the documentation. Perhaps he isn’t aware that a few choice examples of what his modules are meant to accomplish would have cost him an hour of his time and improved the acceptance of his work dramatically. He’s a coder, after all, not a marketer or a technical writer.

Even with all that, however, when someone, in the form of a question, contributes to the documentation by providing a specific example, he didn’t answer the question. No light came on that even if that was not the place for the question, then spending five minutes creating an FAQ would have helped the community far more than adding a new feature to his software. So an opportunity to spend just a few seconds and make his contribution to the community better went completely ignored. His supporters congratulated him for not capitulating to the demands of his potential users for more clarity.

Any of them could have stepped up and helped the newbie, probably in ten words or less, but none did. None of them wanted improved documentation. “We had to learn it the hard way, so you should too,” with a side order of “we make lots of money because we’ve figured all this stuff out.” Ladies and gentlemen, the Drupal Attitude.

If the guy posted his module but doesn’t seem interested in making it useful, then why did he post it? Well, he’s certainly getting lots of love from the people who figured out his work the hard way. They can all feel good about how smart they are.

And in the end, should I be thankful this guy shared his work with the rest of us? Actually, no. In my case, the presence of his modules ultimately had negative value. They cost me time, and never getting an answer about which was appropriate for my task, I went with a module developed by someone else.

So, Drupal contributors: If you don’t want to document your module, and you don’t want to answer straightforward questions from people who need to get a job done in limited time, don’t bother posting your fucking module at all. I don’t have time for endless fiddling and I sure as hell don’t have time for the Drupal Attitude.

Tags: , , ,
Posted in Rumblings from the Secret Labs | 9 Comments »

2
Thanks!
Rumblings from the Secret LabsRumblings from the Secret Labs

Jer’s Novel Writer 1.1.10 Released!

September 21st, 2010
We won't talk about 1.1.9...

It’s a big milestone for me, getting back on track maintaining Jer’s Novel Writer. For those of you who are not familiar with it, JersNW is a word processor with features to help my scattered thoughts fall into some sort of coherent form. It’s based on three principles:

  1. When I get an idea, I want to be able to jot it down without losing my train of thought.
  2. I don’t want to have to remember stuff, and when I need to find something I wrote before I can look it up without getting caught up in the part of the story where it happened.
  3. When I’m stuck on a line or know it could be better, or need to check a fact, or need to track continuity, I can flag it and know I’ll be able to get back to it later.

There are features to help with the mechanics of writing as well (drag-and-drop chapters, flexible database, and so forth), but mainly I just want to keep my momentum when the creative juices are flowing and know that when nitty-gritty time comes I’ll find the places that need attention. Man that’s liberating.

If you’re interested, you can learn more at Jer’s Software Hut. Enjoy!

Oh yeah, it’s Mac-only.

Tags: ,
Posted in Rumblings from the Secret Labs | No Comments »

2
Thanks!
Rumblings from the Secret LabsRumblings from the Secret Labs

Jer’s Software Hut Returns!

September 20th, 2010
It's alive!

Deep below the Earth’s surface, in a steaming chamber somewhere between the Hayward and San Andreas faults, there is motion in the dancing shadows cast by the guttering torchlight. Dark, twisted creatures stir. They move slowly, their once-lean haunches soft from months of torpor. They shamble from their stony sleeping-nooks into the work chamber, and one by one they take their accustomed positions on the capstans. The great wheels resist at first, then start to turn with a shriek that slowly fades to a rumble.

From the throats of the horde comes a deep ululation punctuated by coarse barks, a sound that reverberates through the chamber until it has no source, merely presence. It is enough to weaken the knees of even the stoutest hero, a sound to chill the most stalwart heart.

The creatures are singing.

Though fearsome in sound, it is joy they express; the sublime joy of one who had no purpose being useful again. Far above them, in a peaceful neighborhood San Jose, those turning capstans once more power the forges and shrieking spark-throwing wheels of Jer’s Software Hut.

On the slab in the middle of the laboratory a figure stirs; what once was dead now breathes again.

Tags:
Posted in Rumblings from the Secret Labs | 1 Comment »

0
Thanks!
Rumblings from the Secret LabsRumblings from the Secret Labs

Things I Learned while Moving to a new Web Host

September 5th, 2010
I expected hiccups, and found a couple.

You probably can’t tell, but this site is now being served by a different host. The reasons I switched were many, but once MMHosting got hacked I decided it was time to move. Then when a particular PHP library was not on their servers (one that allows WordPress to read the date of an uploaded image), I actually did the move.

After quite a bit of looking around in which all the dang hosts started to look the same, I chose iPage. They are not quite the cheapest, but they purchase carbon offsets for wind-generated power. They also had a stronger emphasis on security.

At this writing, I still don’t know if my new host has the needed php library. I’ll be finding out when the dust settles. If not, I can install it in my site myself, I suppose, but let’s keep fingers crossed.

So, I learned a few things, and remembered a few others.

  1. Among sftp clients, RBrowser may have my favorite interface but it’s glacially slow with multiple files.

  2. Without ssh access to my site (none of the big hosting companies allow that on their cheap plans), I had to use phpMyAdmin to copy my databases over. Here’s an interesting bit of trivia: if your data has the phrase ‘drop database’ anywhere in it, phpMyAdmin will stop executing the import right there and then. This is to protect you from SQL injection attacks, where people sneak malicious data into your database that later gets executed as an instruction. ‘Drop database’ can be pretty devastating, so the software simply refuses to complete the import, even if the phrase is safe in the text of a post.

    The way phpMyAdmin is configured at my new host, however, when it stops, it doesn’t say why. It doesn’t even admit that anything went wrong, or indicate in any way that not all the data was imported. This can be inconvenient when you have a bulletin board for a product that has a drag-and-drop database feature. (Now it has a drag-and-drop database.)

  3. You can’t tell Safari not to uncompress zip archives it downloads (that I could find), but the original zip files can be found in the trash.
  4. jerssoft_phpb5 and jerssoft_phpbb5 are not the same thing, no matter how many hours you spend banging your head on them.

So iPage has been great (although their control panel is not completely Safari-friendly when it comes to processing payments). I’ve interacted with them in three different ways now — phone, chat, and a support ticket. Two of the interactions were due to the afore-mentioned payment glitch, and once for technical support trying to get my files copied and the site ready to go before I switched the domain registry. Although I didn’t get the answers I was hoping for, the tech was competent and knew what she was doing.

If I continue to be pleased with iPage, I will provide a link for those looking for a Web host. Because we all need Web hosts these days, don’t we?

Tags: , ,
Posted in Rumblings from the Secret Labs | No Comments »

« Older Episodes
Newer Episides »