Problems for RackSpace Cloud users with WordPress after migration
This is a very specific technical entry for WordPress users of the RackSpace Cloud (formerly Mosso), who have been part of the big migration on that platform today.
This would be boring and incomprehensible to anyone else...
We'll start with the easy part:
FOR USERS OF THE WP-DBMANAGER PLUGIN
There is a red alert that shows up on the dashboard for users of the wp-dbmanager plugin.
The alert reads
Your backup folder MIGHT be visible to the public To correct this issue, move the .htaccess file from wp-content/plugins/wp-dbmanager to (your specific path).
Firstly: don't panic. It's a false alarm. When RackSpace migrated your file to a new path, they ran an automated script to change any hard-coded references from the old absolute path to the new one. Unfortunately this script did not catch any entries in the database, and plugins that wrote the path to the db were still looking for the old path.
In this case the trusty WP-DBManager plugin was baffled, because it looked for an .htaccess file in the old path backup folder and couldn't find it, therefore sparking an alert.
To fix this, all you need to do is uninstall the plugin through the Database button (DATABASE tab on the left hand nav - choose the uninstall option - NOT through the plugin menu) and then reactivate the plugin from the plugins tab as usual. This should remove the alert and bring things back to normal. Finally, check that all the settings are as they should be.
DATABASE SEARCH AND REPLACE
Unfortunately there are likely to be other functions and plugins that write absolute paths onto the databse. The implication is that you have no choice but to either run a sql script that replaces the old path with the new path EVERYWHERE (not just in one table) - if anyone knows what that script would be, please add it as a comment. It's too late at night here for me to find out.
Otherwise the good old way still works:
1. Back up your DB (don't do anything before you do this!).
2. Download a copy of the database, open with a text editor, replace all old paths with the new.
3. Restore the corrected database.
4. Test.
Guardian jobs site hacked – personal data compromised (and who else is at risk?)
The Guardian has written to users of its jobs website tonight, informing them that the Guardian Jobs site has been hacked into, and that their personal information may have been compromised.
Unfortunately the Guardian did not say which information this applies to, and left you assuming uploaded CVs were at risk, but unsure if your username (email) and password were also vulnerable.
Is the problem limited to The Guardian?
It is worrying that the same software used to power Guardian Jobs, provided by Madgex, is also used by several other mainstream recruitment sites including, among others The Times, The Sun, The Manchester Evening News, Trinity Mirror titles, Cima, emap and Haymarket (full list here). There is no word yet whether these other sites have also been affected.
Weird wording
What no doubt baffled users of the site who received the warning email was the following statement explaining precautionary measures they should take: “Contact a credit reference agency: Callcredit, Equifax or Experian provide suggested steps to resolve the situation and prevent it happening again.” It is not clear why the Guardian thinks a user can “prevent it happening again”. Presumably by being careful and not submitting personal information on sites such as Guardian jobs? Shirking responsibility?
The wording of the email sent out by the Guardian today:
24 October 2009
Security breach – Guardian Jobs
We learned yesterday evening that the Guardian Jobs website has been targeted by a sophisticated and deliberate hack, which has breached the security of the data on the site. You have used the site to make one or more job applications and we believe your personal data, relating to those applications, may have been accessed.
We are absolutely committed to the privacy of our users, and would like to assure you that we are treating this situation with the utmost seriousness. The matter has been reported to the police, who are now undertaking a full investigation through the police central e-crime unit at New Scotland Yard.
The supplier who runs the site has identified the manner in which it was hacked and taken steps to prevent a recurrence.
We have no reason to believe that any financial or bank data was compromised in this incident. However the police advise that those whose personal data may have been stolen in this way should take a number of precautionary measures. These are outlined below:
1) Contact your creditors, even if they have not been affected, so that they can monitor your accounts to ensure they remain protected.
2) Contact a credit reference agency: Callcredit, Equifax or Experian provide suggested steps to resolve the situation and prevent it happening again.
3) Contact CIFAS protective registration: If you think you have been a victim of identity theft you should consider subscribing to CIFAS. This places a notice on your credit file indicating that your name and address may be used to perpetrate identity fraud.
In addition the following websites are sources of useful information:
www.met.police.uk/fraudalert/
www.stop-idfraud.co.uk
www.banksafeonline.org.uk
www.getsafeonline.org
We will continue to work with the police whilst the investigation is carried out. Please refer to the following page for updates:
jobs.guardian.co.uk/securityupdate.html
Please do not reply to this e-mail.
UPDATE on 25 October: I’ve received a response from Simon Conroy, CEO of Madgex, the company that provides The Guardian with its jobs site, as follows:
We can confirm that hackers accessed the personal details from some job seeker CVs on our client's recruitment website, Guardian Jobs, on Friday 23 October.
We are not aware of any other Madgex-operated website having been targeted in this way, but we have taken preventative measures to ensure the same issue cannot occur with other client Job Boards.
Madgex has an excellent security record and we are continually reviewing our systems and comply with industry standard practices. Unfortunately, no site can ever be warranted as 100 per cent safe from concerted and technologically sophisticated criminal hackers.
This situation has been treated with the utmost seriousness and Guardian Jobs has contacted all those affected by this security breach, advising them of precautionary measures they can take. Madgex and Guardian Jobs are supporting the relevant authorities with their investigations.
Analytics based sales – brilliant or creepy?
Has analytics-based sales taken a step too far?
I got the following contact through Linked-In:
The reason why I contacted you is that our marketing analytic tools indicated that somebody at (name of my client – ThatDanny) spent a considerate amount of time on our website informing himself about our products and services. I would like to take this opportunity to help answer any questions you might have concerning our products and services. Can we schedule a call to discuss this or would you be able to point me in the right direction to who would be the most appropriate person to reach out to?
Earlier that day I had gone onto the company’s site, to look at some of their products. I was on site at a client’s office, and they noticed my visit, and found through Linked-In that I consult to that client and then made contact with me.
I am not quite sure whether to be creeped out or impressed by the way this company uses analytics. They work with a tool called Leadlander from a company based in San Francisco. According to its own literature “Leadlander provides invaluable information for your sales people to determine which companies are actively interested in your product offerings, how they reached your web site, and what aspects of your product offerings they’re most interested in researching. “
As I am interested in the use of technology, I wasn’t that taken aback by this approach, but given the sensitivity to user behaviour tracking, I think companies should take extra care that this sort of use does not backfire – which, knowing how many senior executives would react, it most certainly could.
“One fewer” or “one less?” – A definitive answer
"One fewer person" or "one less person"? It's one of those nagging questions you only come across rarely. I did, when I had to translate a line from Dutch for my previous article. It went: "Een cadeautje minder, een friend meer" or (literally) "one fewer/less present, one friend more".
My head says "one fewer present" is correct grammatically (if you can count it, it's usually "fewer"), but my gut says "one present less". So what should it be?
Determined, I set out to find a definitive answer.
I tried the BBC news style guide, and The Guardian style guide, both of which were utterly unhelpful.
Some websites gave sensible answers, an excellent example of which is the Arrant Pedantry blog, stating quite rightly that "less and fewer illustrates quite well virtually all of the problems of prescriptivism," and opting for "one less" as the better option, on the grounds that no one recommends the use of "one fewer". Another well sourced article here explains why this is not the sin some call it, and The Grammar Logs considers the example "there is one fewer student" and says: "we use "less" with uncountable quantities and "fewer" with countable. You really can't count one student. Well, you can count him or her, but "one student" cannot be pluralized (forget cloning!), so "one student" is a non-count noun. This means we want "less" in that sentence."
Of course there are those who are incensed by the growing use of "one less". Their argument takes a purist view of the rule (if it is countable use "fewer", if it isn't use "less"), and that too makes perfect sense to me. I don't like it when publications display ignorance, but I wasn't sure about this one.
To resolve this question once and for all, I wanted to find out how the rules are treated in the media, which isn't always grammatically pure, but is a good representation of accepted modern use, especially in places like the BBC that strives to uphold high standards of language, whilst staying current. I ran a set of searches on six major news websites and on Google News (that aggregates news articles).
And here are the results of my survey, which counts usage of the "one fewer" and "one less" on each site, presented in percentage rates for comparison:
Although "one fewer" is used some of the time, "one less" is the most common. Interestingly the BBC makes an effort and its hacks use "one fewer" the least, while the New York Times uses it the most.
"One less" wins. Overwhelmingly. If it was ever a rule then its time is up.
Geeky entry over.
15,000 shoes cover Dam Square in War Child campaign stunt
Dam Square in Amsterdam was covered with 15,000 single shoes on Monday (17 November) as part of a campaign run by the Dutch chapter of charity War Child.
War Child is a network of independent organisations, working across the world to help children affected by war. The Dutch campaign is running with the slogan "one present less, one friend more" (concerned grammarians click here).
The campaign encourages people in Holland to give up one present from their Christmas list and donate the money to the organisation's efforts instead. This specific campaign highlights the plight of 250,000 child soldiers around the world.
The Azores Island of Sao Miguel – Tips and Impressions (+ a note on eating dolphin)
My partner, D., likes escaping to islands that I've never heard of, usually in the middle of nowhere. This is sometimes as simple as spinning Google Earth until a candidate presents itself – followed by the planning of a 'random holiday'. Weird as this sounds, I must admit that after my initial doubts subside it usually works. The less popular they are, the better.
This time it was The Azores, a cluster of nine islands, set on the tips of ocean volcanoes in the deep Atlantic, between Portugal and the US. They lay empty of human habitation until the fifteen hundreds, when Portuguese settlers claimed them from nature. Today they are an autonomous region of Portugal (and therefore within the EU).
We stayed for a week on Sao Miguel island, the biggest member of the archipelago and chose its capital Ponta Delgada as our base.
Sao Miguel Island - “ What's it like?
- Sao Miguel is beautiful, lush and green. In places it feels like the backdrop to a Jurassic Park movie, especially where giant fern-like plants surround you amidst the steam from volcanic geothermal boiling water (in Caldeira Velha).
- Despite the wildness and beauty of the lakes and volcanic landscape, Sao Miguel sometimes feels like a huge landscaped botanical garden. The Azorians obviously love their island and invest heavily in taming nature and making it pretty. It is strikingly clean, wonderfully manicured and it is sometimes difficult to tell what is natural and what isn't. The roads are lined with flowers even in remote parts of the island, and everything is, well, just so. If you ever imagined what it would be like to stay at the Eden project for a week, this would be it. The humid air feels like a greenhouse, and the vegetation is spectacular, even if it sometimes feels manufactured.
- One of the best things about this greenhouse was that the utter lack of crowds anywhere. Perhaps it was the timing of our visit (mid October) or that the Azores are such a well kept secret, but being able to sit on the stunning shores of the Lake of Fire (Lagoa do Fogo) uninterrupted by anyone was superb. We also noticed that towns and villages seemed almost deserted. We weren't sure where everyone was, but throughout the week and weekend we drove through quiet settlements that felt almost deserted, no matter what time of day.
- It took us a couple of days to realize that Sao Miguel is eerily quiet, in a way quite different to anywhere else we've been. In most parts of the world whether you realize it or not, there is always a backdrop of aircraft noise above you, for most of the day. Here in the Mid-Atlantic most jets pass over 30,000 feet above you, and so out of sound range. The only planes you hear are those that land in The Azores, and there aren't that many of those either.
- Towns on the island are a strange mixture of old and new. Infrastructure and development are distinctly European, and the Azores' location in the mid-Atlantic hasn't stopped them from hatching American style malls, multiplex cinemas and shopping prices on a par with European capitals. Good hotels are of good quality (we stayed at the Hotel de Colegio which was excellent), and roads are modern and well maintained.
Driving in Sao Miguel
- Driving is on the right and traffic rules are the same as they are in the rest of Western Europe.
- Most towns and villages have very narrow roads, so it is best to hire a car that isn't too wide, and to fold your wing mirror when passing through narrow streets, or when parking. It can get quite tight at times.
- Probably due to lack of hard shoulders on the island, Azorians are in the habit of stopping their cars just about anywhere. You can drive at a 60 KPH on a B-road, and suddenly find that a car is parked in the middle of the road in front of you. Take extra care, expect parked cars on the road, and don't speed.
- Pedestrians in Sao Miguel appear to assume a right of way on the roads, or are simply not fazed in the least by cars. Don't assume that they would move out of the way, give them plenty of space and slow down. It is not uncommon to find a person standing in the middle of the road, expecting a car to overtake them.
- I haven't found any satellite navigation system that covers The Azores. This is not surprising, considering the natives would know all the roads on their islands by heart, and the limited number of visitors has not made the archipelago a priority for digital mapping companies. This should not be a problem in Sao Miguel's simple grid, but here are the two pitfalls to watch out for:
- All villages and towns run a one-way system, which is not always predictable. The capital Ponta Delgada isn't huge, but can get a little confusing, and you may end up going around in circles for a while, at least initially.
- Road signing is usually good and reliable, but in some places, especially a little off the beaten track or where there are diversions, there is an assumption that you know where you're going. The good news is that on an island the size of Sao Miguel it is very hard to get lost for very long.
Eating in Ponta Delgada
- Restaurants in Ponta Delgada aren't as bluntly obvious to the casual observer as in most countries, so you need to look out for them a bit more intently. I'm not sure why that is. Perhaps island mentality is that everyone knows where they are anyway.
- Quality varies like anywhere else, but we've had some excellent meals in Ponta Delgada, especially in the Hotel do Colegio restaurant, which is well known for its great food. At the time of writing, an average good restaurant two-course meal for two costs Euro 35-40 (before alcohol).
- As this is an island in the middle of the Atlantic, Seafood is a common staple, but note that if you see “dolphin†on the menu, it is definitely not the cute intelligent mammal, but a fish now rebranded in most of the world as Mahi Mahi. Yes, really. You can get shark though.
Getting there
SATA International operates direct flights from some North American airports and from Paris, London, Manchester, Frankfurt and Lisbon. It also codeshares with TAP, that has a wider network of routes, so you may want to start your search on the TAP site.
And the verdict?: a great destination off the tourist track. Pack your hiking boots and lots of camera memory. We had a great time.
Tibetan Towns Closed to the Outside World – A Posting for Xiahe and Tongren
XIAHE - UPDATE NOTE - the latest update I got from travellers in Gansu province about access to Xiahe can be found here. It would also appear that the Chinese authorities have now blocked access to my blog.
Original posting - Tibetan Towns Closed to the Outside World - A Posting for Xiahe and Tongren:
What used to be a peaceful existence in the Tibetan regions of China's Gansu and Qinghai provinces seems to have been shattered after pre-Olympics protests in Lhasa, which then rippled discontent and clashes into ethnic Tibetan areas in greater China. Now a new and worrying development sees the area closed to foreigners again.
When I visited Gansu province last year, it was a picture of calm. The main street facades of the Tibetan town of Xiahe were covered in scaffolding for a much needed facelift, and the town's main drag led you through a Chinese area, past the bus station and Communist Party HQ, and on to a Tibetan stretch and the massive Labrang Monastery - one of the biggest Tibetan monasteries outside of the Tibet Autonomous Region, and one of six great monasteries of the Yellow Hat school of Tibetan Buddhism.
A few days previously we had been to another Tibetan town, Tongren, a few bumpy hours away by bus and across the border to Qinghai province. Tongren is a bustling market town with spectacular scenery, a lively community (we watched the locals gather in the central square for their weekly folk dancing event), and the modern buzz of motorbikes mobile phones and a busy Internet cafe.
But now the area is closed to tourists and the outside world - a worrying development.
I normally treat with caution reports delivered by interested parties, no matter how noble their causes -and this applies both to the Chinese authorities and the Tibetan government-in-exile, but two reports from the ground added a level of credibility to the information. Richard Lloyd Parry reported for The Times from Tongren around the time of the Olympics, and captured some of the undercurrents of discontent and stories of beatings and clashes between Tibetan monks and the Chinese army.
Last week we heard from a friend who had tried to travel to Xiahe that he was not allowed in, being warned off because entry was forbidden for tourists.
The reason for my posting is not political. Conflicts tend to be a lot more complicated than they seem from the outside, and despite my reading on the subject I would not presume to know enough about the lives and aspirations of Tibetans in the old "greater Tibet" regions, which are now part of Gansu and Qinghai provinces. I do know though that when conflicts erupt, it is people and their daily lives that are disrupted, often brutally.
I wanted to post this entry for the people of Tongren and Xiahe. We were greeted with a warm and friendly welcome in both towns, and I hope that things settle down for their residents, and that the area is re-opened to allow the outside world in again: both as a catalyst ('the world is watching') and as an important source of income for the local population, that relies heavily on tourists for its livelihood.
Note: If you are in the area and have any information (confirming that it is closed or that it has re-opened) - please let me know either by commenting on this posting or by contacting me.
Firefox Users – Read this Now to Protect Your Passwords!
Following my piece about Google Chrome making password information visible to users (Oh Sh*t - Google Chrome Doesn’t Really do THAT?!) - I got several messages from people who were more worried about my observation that Firefox does the same.
The problem was that anyone using your PC could view a list of all usernames and passwords that you asked Firefox to remember - not asterisks: the actual passwords are visible to anyone. And because users tend to use the same passwords, it was exposing you to potentially disastrous consequences (e.g. your bank account being compromised), not to mention to the risk of various trojans and viruses getting hold of this information.
As David M. quite helpfully observed in his note to me: "With Firefox you can set a master password (right where you view the passwords in the Options page). This will require Firefox to ask you for a password the first time you use any of the saved password. It will also require this password in order to show all saved passwords. While not perfect, this can be a good solution. My problem with it is that until I read your email I was not aware of it, and so my computer has been exposed to the problem."
Like me, David didn't realise that the default in Firefox is that passwords are exposed unless you set a master password - and he's a much more qualified geek than I am.
Some people might say that if the feature is there, it solves the problem, but in my mind, if the software doesn't show you that the feature exists, in a way that is instinctively findable, then it is a design flaw, and as such is also a security flaw.
To summarise the findings in this Sunday pre-lunch post:
1. Firefox makes all your passwords visible to anyone who uses your PC, by default.
2. You can disable this option by setting a master password in the Options page.
3. Most people don't know this, so even hardened Firefox users are at risk.
4. Google Chrome doesn't actually have a master password option, so there's a fundamental flaw in Chrome that compromises your passwords (more here).
5. Thanks to those who have written in!
Now go set a master password on your Firefox: Tools --> Options --> Security Tab --> Use Master Password.