0 minutes, 55 seconds

OK, I just finished doing up version .02 of Plip’s Vimeo JavaScript Embedder v.02. I’d say it’s stealable, but that you’ll likely want to wait a bit for. There’s a couple of reasons:

• It doesn’t work in IE8
• It’s lot’s of code chunks instead of one tidy package
• I’m not done with it

While doing research for this I found the Video for Everybody project which I love. You should definitely check it out and this may be where I try take this project:

Video for Everybody is simply a chunk of HTML code that embeds a video into a website using the HTML5 <video> element, falling back to Flash automatically, without the use of JavaScript or browser-sniffing. It therefore works in RSS readers (no JavaScript), on the iPhone / iPad (don’t support Flash) and on many, many browsers and platforms.
– camendesign.com

My gut feeling is that this solution won’t work until Vimeo changes things a bit. Right now the main point of my work here is to fetch the large thumbnail which currently has to be done by JS. Using JS goes against everything Video for Everyone stands for. Still, super cool and possibly a worthy non-JS solution.

Stay tuned!

1 minute, 50 seconds

Recently slashdot posted this:

Massive Number of GoDaddy WordPress Blogs Hacked
A nasty little exploit has hit a large number of GoDaddy-hosted WordPress blogs this weekend. The best part is that the exploit only executes when the traffic is referred by Google, making it the sort of thing that site maintainers won’t easily notice. Clever and devious.
– Slashdot

Immediately, with out reading any more of the sources for the article I had my suspicions that this was nothing new. The part where they say “only executes when referred by Google” (or refered [sic] :) is what tipped me. This was an old hack for old version of WordPress, topics I’ve written about before.

Digging deeper and looking at the source article, I see that that an enterprising hacker has gone the extra step of trying to turn your computer into a virus filled bot computer (or some other nefarious sounding term). The write up, with breaking news current as of today, is over at wpsecuritylock.com. The break down of the virus payload and sources was then attempted over at some dude name Dancho Denchoev’s blog. Dancho’s write up looks good, but use of “emerging threatscape” in is bio doesn’t look so good.

My take on all this is going to sound familiar: you must be vigilant about keeping your software up to date. I suspect that a lot of the GoDaddy customers feel they really got the shaft. Most likely these WordPress installs were all copies of the same older WordPress installed via a control panel for a domain that said “Set up a blog in 1 click!”. This is a great use of an open source project and WordPress is a really good candidate to be the one click code base for a blog. However, the end user at GoDaddy probably knows more about their flower pots or farmers market they blogged about, than about how to upgrade their blog. I’m not entirely sure it should have fallen to GoDaddy to keep up to date, but enabling easy updates (it’s built in since…um WP 2.8?) via SFTP and really extra for reals making sure folks upgrade would have gone a long way. Further, there’s all kinds of ways you can harden WordPress. You don’t want to be Network Solutions with their big hack (nor suffering the wrath of a WordPress author!).

Speaking of WordPress authors, you should check out their Codex entry on the Hardening WordPress. It’s a good, holistic approach at security.

0 minutes, 12 seconds

Just a quickie – remember our post on privacy, intent and expectations? That post talked about the reality that large sites could show past or current trends based on visitor behaivor. Well, now some one has extended that to future predictions. Makes sense to me!

Twitter Predicts the Future

0 minutes, 24 seconds

I was riding my bike to west oakland BART this AM when two figures rose up into the sky, out of a commercial space on Mandella Parkway. It’s great to live in an area where artists store the their stuff roadside. A very welcome addition to the morning commute.

Here’s photos of the space in oakland before (via google street view), the space this morning, the locale on google maps and then a pic from bman. Google photos stolen, bman photo used via CC license from flickr.

1 minute, 33 seconds

If you’re a developer, you probably use a revision control software. For both work and personal projects, I use SVN, which is great. At work we use SVN as a way of releasing new features and bug fixes to our web site. We can push a specific a revision as well as roll back to a previous revision, thus leveraging revision control to be our release software for a 4 server load balanced site. SVN + rsync + shell scripting = : )

Recently at work we were doing a bunch of little changes all over the site, including having the designers do a bunch of css and DOM tweak as well. The time came to commit all of the changes. Instead of doing the commit at the root of the repository and stuff all the changed files in at once, I enforced a multiple granular commits of the functionally changed files. Each commit had a relevant comment.

Enter a week later. We hadn’t done sufficient regression testing and a visual element was broken in ie6. Which of the thousands of new lines we committed and pushed was the culprit? Had we done one massive commit we would have been screwed. However, we were able to cull over the commites via our trac instance (awesome!) and review the comments. In this case we couldn’t actually find the exact commit that caused ie6 to break, but we were able to step through our dev instance of the site, slowly adding each revision to it until it broke in ie6.

The moral of the story is that, much like backup, revision software is only as good as it’s end user. Think of every commit as chunk of functional related code. Think of every comment for these commits needing to solve the problem for another developer who has no idea what the code was and they’re up at 2am trying to figure WTF is up with the site. For every commit, where possible, you should also site a bug number so that should the bug crop up again, it’s easy to cross reference the “fix” with the code.

Happy revising!

0 minutes, 43 seconds

I’ve decided that the massive rendering performance complimented with the developer features of Safari 4 are worthy enough to try to make it my full time browser. The hardest thing to give up about Firefox (FF3) is my beloved Firbug. Writing this post in Safarai already I miss the “I’m feeling lucky” feature of FF3 when you just type a random term in the URL bar and hit return.

I’ll report back in a few days as to how I like it, or how I don’t. I will say I already don’t like the new “top sites” feature.

PS – I think it’s pretty silly how many browsers my computer thinks are installed. Because I have multiple VMs via VMWare Fusion with windows, dev installs of Safari2 and Safari3 and Firefox 3 and Safari (4 beta) these are pushed down to the OS in a semi-native manner. This means that when I choose what browser I want to use as default, it’s quite verbose!

0 minutes, 17 seconds

People! I know that there are few of you, seein as we STILL have a gmail invite to give away, but common?! The simpson’s quote pages haven’t been working for months. Did you tell me? No! (like how i switch the blame there?). For your efforts I thank you with two new wizbang ping and traceroute features on plip.

bart quotes, simpson quotes, ping and traceroute.

0 minutes, 26 seconds

Here’s the deal: we here at plip central have 3 gmail invitations. You provide us with what you think would be the coolest new feature on plip.com and then we will rate them. The top three ideas will get a free gmail account. The contest starts now and ends in a month at the end of October. Submit your new idea via our contact page. There are two rules: You must send me your email address or i can not send your gmail invite and you must use the contact page submit your idea. Now go go go get ’em!

gmail?

0 minutes, 4 seconds

Plixing just got better now that they’re equipped with a new mini digi! Enjoy.

Key 007

0 minutes, 3 seconds

Want to know when the next train is? Check out PlipGo!

PlipGo