Please don’t send me free stuff

The title pretty much says it all. A while ago, someone saw my call for good summer vacation reading and the resulting pile of Amazon books that I bought, and they sent me a couple free books, maybe to get a review or a mention. I appreciate the creativity, but please don’t send me any books or other free stuff. If you’ve got a new book coming out, I’m happy to hear about it, but if I decide to read or review it I’ll buy my own copy.

A while ago, someone sent a big cookie with a “No spam” message like this:

No spam cookie

I appreciate the thought, but please don’t send me any free stuff. Google has a gift policy to avoid potential conflicts of interest. Even if Google didn’t have such a policy, I wouldn’t want to accept any gifts of value, because it’s important to avoid even the appearance of impropriety. Usually I just give away any unsolicited stuff that gets sent my way. Thanks. 🙂

Security update: Upgrade your WordPress to 2.3.3

Unless you want registered users to be able to edit your blog posts, you should update your WordPress installation to version 2.3.3. It’s a small change, and if you want to you can just replace your xmlrpc.php file with a newer version.

By the way, if you followed the advice in my recent security tips for WordPress post, you wouldn’t have to read about the update on my blog. Instead, you would already be subscribed to the WordPress security/developers’ feed (Atom feed link) that is suitable for subscribing in Google Reader or your favorite feed reader. I highly recommend subscribing to that feed so that you’re less likely to be caught by surprise when there’s a security issue with WordPress.

How to highlight author comments in WordPress

A while ago I was looking around for how to make my own comments a different color on my blog. Most of the advice was along the lines of “Add code to check if the commenter’s email is the same as the email address of the blog’s author.” Can you spot the flaw in that logic? If a commenter knows the email address of the blog author, she could use the blog owner’s email address in her comment and get her own comment highlighted. Worse yet, someone could try to discover the blog owner’s email address by trying lots of email addresses until they saw their comments change to a different color.

So I dug a little deeper and found a good answer on this support thread. The trick is simple: instead of checking the author’s email address, check their user id to see if it’s the user id of the blog owner. Pretty smart. After that, it was a simple matter of

1. Changing my theme to add an “authcomment” style

I edited style.css and near the bottom added these lines:

.authcomment {
background-color: #B3FFCC !important;

2. Editing my comments.php file to add a little code

My comments.php file had a line that looked like this:

<li class=”<?php echo $oddcomment; ?>” id=”comment…

and I changed it to more or less look like this:

<li class=”<?php
/* Only use the authcomment class from style.css if the user_id is 1 (admin) */
if (1 == $comment->user_id)
$oddcomment = “authcomment”;
echo $oddcomment;
?>” id=”comment…

That’s about it. Now I have a distinctive color for my own comments, so you can quickly scan a thread to see when I circle back around to leave a comment.

What should I do with my draft posts?

Over the last 2+ years, I’ve written a lot of draft blog posts that I never published. Most of them are pretty sucky/rough, but not all of them. At this point, I’ve published ~584 posts and I’ve got about ~219 draft posts. After WordPress had a recent security hole that could expose draft posts, I’m planning on clearing out most of my draft posts. The question is: should I delete them all, or should I push some of them live, even though they’re mostly low-quality?

Anyone have strong opinions either way? Should I unload some of these leftover posts onto my blog, or try to keep my blog mostly higher-quality and just delete all those old/junky drafts?

Why cloud services rock

Earlier this month I went away for a week. Two big things broke while I was gone:

In each case, software or hardware that I maintain went badly off the rails. I try pretty hard to lock down my WordPress. I protect my /wp-admin/ so that only certain IP addresses can access that directory. But this was a weird vulnerability. If I had hosted my blog with WordPress as a web service, I wouldn’t have had to patch things up myself. And I’m pretty sure that at least a few of my draft blog posts leaked to folks who exploited the security hole on my blog.

My NAS box was even more painful. I have a Buffalo TeraStation, and it’s worked well for over a year. But they don’t always cope well with power outages. And the version that I have required me to undo 22 screws to replace the bad hard drive. Then I had to wait for five nervous hours to see whether the NAS could repair my RAID array. No data was lost, but suffice it to say that I’ve got much better backups now, plus an uninterruptible power supply (UPS) as well. Again, if I had storage somewhere in the cloud, it would probably be more reliable than my ham-handed attempts at backing up my data.

So there you go: I went on vacation for a week and came back to two scary reminders why hosted services and storing data “in the cloud” (on someone else’s servers) can be better than doing it yourself. In general, a well-run cloud service is going to be much more reliable than any average person would be.