Since Christmas, I’ve been brewing most of our coffee through the Aeropress that Sarah gave me. And while we’ve really enjoyed the coffee — especially when you compare it to what we’d get out of our old $20 drip pot — the process has started to make me obsess over all the little tweaks I can make.
I mean, if there’s a better cup of coffee to be had, I seriouslywant to go to there.
To be perfectly honest, inverted brewing is kind of intimidating. Mainly because I don’t like the thought of “flipping” a cylinder of near-boiling water before I’ve, well, had my first cup of coffee.
So when gridwriter mentioned the Heart Roasters Aeropress method — which I seem to have missed in my fairly extensive research — I was really excited. I have yet to try it, but I’m really looking forward to giving it a shot.
For the folks who haven’t committed to cleaning the unused core files out of their WordPress install, the Old Core Files plugin for WordPress looks like it should be useful. I only say “looks like” and “should” because I’m already tidying my site’s files on the regular. But this’ll definitely save me from having to do my future sweeps manually.
I’ve been meaning to write something for almost a month now. It’s not like I have writer’s block or anything. Far from it. I’ve just been a bit preoccupied with work.
Fortunately, I’ve had this mix from DJ Shadow to help me crank through the past few weeks of long, 10+ hour days.
“All Basses Covered” is the set that got him kicked off the stage at Mansion in Miami for being “too future”. Which is a shame, because it’s fantastic.
If you haven’t heard it already — and you’re up for some next level shit — give it a listen. Or, better yet, download it directly from SoundCloud.
While helping a client come up with an alternative for the somewhat spotty Smush.it plugin for WordPress, I thought I’d do an extremely unscientific test to see what performed better. So I grabbed an image from Kanye Wes Anderson and got to compressing…
Let’s start with the original 221549 byte image. Feel free to grab it (just click on the image) if you want to play along at home.
To start, I tried uploading the file to PunyPNG. But I quickly realized that they cap their free compression tool at 150 KB. And since I didn’t feel like paying to run a one-off test, I gave Kraken a go instead.
Kraken losslessly compresses the image to 214233 bytes. Which gives a 3.3% savings in total size. In a later test, the OS X utility ImageOptim gave the exact same results. That’s not to say that’ll always be the case, but it was definitely interesting to see. Especially when you consider that the command line (see: Linux friendly) alternative image_optim only managed to compress the image to 214746 bytes.
Even though image_optim gave a respectable savings of 3.1%, I was surprised to see that otherwise insignificant variation. At least until the Smush.it web interface returned the “same” 214746 byte file.
So all of them do a respectable job, but it seems as if Kraken & ImageOptim’s lossless compression methods are slightly more aggressive. Since Kraken has an API, it’d be wonderful if someone could whip up a WordPress plugin to leverage it. But until they do, all of this crap needs to be done before the images are uploaded to your site. Which is a total bummer. It’s still better than relying on the really spotty and ridiculously laggy Smush.it API though.
Anyhow, I hope this was helpful to someone.
Oh! And if you want to see the images that each program outputted, feel free to grab them from here.
I’m all for Mozilla’s open SWF runtime project Shumway, but I really hope its main use is to support legacy Flash content. Because the last thing we should be doing at this point is encouraging people to use Flash instead of HTML5.
Sweet! Cabel Sasser finally released the long-awaited soundtrack for The Incident! And it’s got a ton of bonus material to boot! So go grab it! Or else I’ll keep using exclamation points to end every sentence! FOREVER!
There’s been a lot of discussion around John O’Nolan’s Ghost today. And there should be. It’s a beautiful, blog focused reimagining of the WordPress dashboard that provides an alternative to what they’ve done with the dashboard on WordPress.com.
A lot of the discussion is about how John would like to do this as a fork of WordPress. And while I think his efforts and ideas might help the WordPress UI Team more than a fork would, I’m really hoping that someone picks up and runs with his editor idea.
Maybe that’s influenced by the fact that I’ve been working in Markdown more and more lately. Still I really like the idea of a quick, split paned writing area with a live preview.
The Salt & Fat guys have thrown together a fantastic list of kitchen essentials at Stock & Larder. If you’re looking to round out your cupboards — or you’re trying to come up with something for your favorite home chef this holiday season — you ought to consider checking it out.
While JSDetox is great for ripping through JavaScript malware, it doesn’t really handle obfuscated PHP. Fortunately, the gang at Sucuri has set up DDecode to process (and act as a sort of a pastebin for) those nasty little bits of PHP code.
I’ve been looking for a clean, single-column, responsive WordPress theme that supports post formats (or at least asides) for the past few weeks now. And honestly, I was beginning to think I’d have to roll my own. Now, that isn’t really an issue — especially since I’m comfortable with theming — but site design is something that I don’t currently have the bandwidth for.
Then, I saw Jake Caputo’s Memoir. And even though it’s a ThemeForest theme, Jake’s track record (and the demo) immediately made it into a solid candidate. Especially when the other two options involve adding asides to either Anthem or Duet.
I’ve known the story of the cover artwork for Joy Division’s Unknown Pleasures for quite some time now, but it’s always a pleasure to be able to hear Peter Saville talk about it. [via]
While I do get to work on WordPress Multisite issues from time to time, I apparently don’t do it often enough to know about the NOBLOGREDIRECT constant…
Basically, that tells your Multisite install to redirect to an alternate URL of your choosing if either:
Registration is disabled.
There’s no install that corresponds to the domain being visited.
Not too long ago, I helped a friend clear out some malware on their WordPress site. In doing so, we went thru a pretty comprehensive site cleanup checklist:
Deleted unused plugins & themes.
Installed a fresh copy of everything.
WordPress core
Plugins
Themes
Double checked the .htaccess file.
Changed every conceivable password.
WordPress admin users
FTP/SFTP/SSH account
MySQL user
Bought a SSL certificate and forced all wp-admin & wp-login.php traffic to it.
But the malware would keep getting reinserted in the site. Almost like clockwork. So I had them install a logging plugin to see if we could catch what was happening. Sure enough, the lone admin account would log in, upload & activate a plugin — which seems to be how the attacker was delivering their payload — and then remove the plugin from the site before logging out. Running a “stat” (via the shell) on the files we’d cleaned previously all showed that the modify timestamp matched up (roughly) with the plugin activation timestamp.
Because this kept happening, there were some concerns that my friend’s personal Gmail account might be hacked. They enabled 2-step verification as a response and started watching the account activity like a hawk.
Then the malware came back. Again. But nobody had logged in to my friend’s Gmail account. Things were getting to be maddening.
Since we couldn’t spot anyone logging into their email account, I started going over their Apache logs. That’s when I found something interesting…
If you look at things closely, you’ll see that the key value is the same both times. And, upon checking their database, I noticed the key value was still set to HR9qFJ2N6c3XveQY487b. Since WordPress clears out the user_activation_key value from the database after it has been used, the faux plugin the attacker was using must’ve pushed that value back into place to provide them with a backdoor. Pretty sneaky.
So I cleared the malware, locked the site down again and made sure to clear out the user_activation_key. Sure enough, the malware stopped coming back and my friend was happy that they could finally concentrate on blogging again.
Anyhow, ever since then, this little MySQL query has been getting run on every hacked site I’ve worked on…
Yeah, that totally guts all of the user_activation_key values for admin and non-admin users alike — and I’m sure that most attackers aren’t as clever as the one I was dealing with — but it’s always better to be safe than sorry, right?