Skip to content

Blog

Working on Total Slider 2.0

Total Slider Banner

I’ve been fortunate this week to have a little time to work on Total Slider, my (and Van Patten Media’s) open source WordPress plugin for making those neat little slideshow things, like so:

Example Total Slider slider

I have been meaning to get to this project again for a while, so it is great to get a moment or two to give it the love and attention it deserves.

My focus thus far has been on a complete overhaul of Total Slider’s data storage format — away from using wp_option records and using a custom post type.

This change is not only the right thing to do to clean things up and follow best practices, but it opens doors to other neat features that will make Total Slider feel like it fits into the WordPress Way even more. Without making undeliverable promises, I’d love to see automatic saving of slide drafts make it into 2.0! ;)

One of the things I have found that is pleasing is that much of the code I have already written is sufficiently abstracted that ripping out the fundamentals of the data format has been a lot less painful than it could have been!

It is nice as well to use this blog for one of its original purposes, to give updates on the projects I am working on. :)

You can follow progress in the unstable branch on the project’s GitHub page.

The Changing Face of Vulnerability News

Heartbleed logo  Shellshock Logo

The recent news about the bash vulnerability being called “ShellShock”, and the degree to which it is getting mainstream press has got me thinking about how software vulnerabilities are now being reported in the mainstream media.

Apparently, no vulnerability these days is complete without a catchy name and logo — see Heartbleed and Shellshock! Joking aside, though, the very fact that these vulnerabilities are making non-tech news headlines puts pressure on everyone running potentially vulnerable systems to do their duty — usually as straightforward as running a pre-packaged security update.

The Heartbleed and Shellshock stories are taking the place of what we used to see reserved for particularly influental computer worms, like Sasser and Mydoom. It’s most definitely positive that some vulnerabilities are getting attention — unfortunately it is still the case that for some companies and system administrators, only outside pressure will convince them to promptly, diligently and consistently apply security updates.

What I’d like to see, is some way for people interested in improving computer security, the “good guys” for lack of a better term, to leverage this media interest to send a message to system administrators that it’s always necessary to apply software updates promptly, even when they don’t get on the TV news!

The Curse of The Black Box

The other key issue that Shellshock highlights, as did Heartbleed, is the issue of embedded ‘black box’ systems that might be vulnerable. This kind of system is everywhere — and because in many cases they are ‘set it and forget it’ machines, they represent a particular risk. It’s often very difficult to convince vendors of these systems of the importance of pushing upstream software updates down to end users, particularly when there is a lack of understanding and a lack of financial incentive.

Something big and mainstream, like Shellshock and Heartbleed, might convince system administrators to badger vendors to release patches for this kind of product, but we need to extend this further, and make it a social (or even a legal) expectation on vendors to supply security updates for any product they ship, for a reasonable lifetime period for that product.

The security landscape is too complex, and everything too interconnected, for anyone to have the opinion that “I don’t need to patch that, because there’s nothing important on it”.

Leaving Yourself in the Loop

I want to part with a few bullet points, with some actions I try to take to stay up-to-date. Automatic updates are increasingly common, but not universal, and these simple things can help you not miss a known vulnerability.

  • Document and understand the whole software footprint of the systems for which you are responsible. (This means embedded systems, software libraries, and more!)
  • Subscribe to announce mailing lists, follow Twitter accounts of the software projects and systems you use. (It pays to be in the know about available updates, and not hear about them after it is too late!)
  • Look for useful vulnerability resources for particular projects you use. (For example, for WordPress, the recently launched WPScan Vulnerability Database.)

Adventures with WindowMaker and Debian

Back in my earlier Linux days, I would experiment and fiddle a lot with different setups for desktop environments and appearance, customising my Linux system to my heart’s content! An example: I loved the 3D desktop effects of Xgl/Compiz back in 2006.

Time moved on, and I ended up settling with the defaults that distributions provided. I liked Ubuntu’s direction with Unity, upon its release in 2011.

I have fallen out with Ubuntu and Unity more recently, however. The troubling privacy issues with the Amazon ‘lens’ and other changes to their corporate behaviour scared me off.

So, I moved over to Debian for my personal server and my Linux desktop systems, and I have been very happy with it. At the same time, though, I wanted to get back to my previous spirit of playing around with different bits of software instead of just going with the defaults and surrendering to a full-size desktop environment. Frankly, the way I use Linux means I don’t find an overwhelming need for a wide variety of graphical applications.

With that in mind, I have set up a very unusual, and minimalist, desktop experience, which I thought I would document a little here for those that might be interested.

WindowMaker screenshot, showing Iceweasel, Terminal and others

» Read the rest of this post…

Shrewsbury

I continue to really enjoy the iPhone 5s camera — it may not have a mind-boggling megapixel count, but it seems to do an amazing job with its autofocus and in particular, it seems to capture the light in a balanced way.

Bridge in Shrewsbury

Upgrading to MariaDB 5.5 on CentOS 6

Following on from my previous video, showing how to install PHP 5.5 on CentOS 6, I now complete the tasks needed to meet the requirements for installing Moodle 2.7 on CentOS, and replace the Oracle MySQL distribution with MariaDB 5.5.

As always, feedback is appreciated!

Installing PHP 5.5 on CentOS 6 using IUS Repositories

I have been inspired once again to fire up my screencasting rig, to show you how to install PHP 5.5 on CentOS 6 using Rackspace’s IUS Community Repositories.

More and more web applications now are likely to require versions of PHP beyond 5.3. CentOS 6 users are stuck with 5.3, with backported security updates, unless they diverge from standard repositories or compile PHP themselves! Until CentOS 7 is with us, those of us trying to run a rock-solid web server on CentOS will be left out in the cold running recent web applications like Moodle 2.7 which require a newer PHP.

In this video, I show you how to use the IUS repositories to get PHP 5.5 running. These repositories, with their Rackspace backing, seem likely to be nice and stable going forward.

As always, I’d love any feedback you might have.

Better

On the face of it, this is just another corporate “aren’t we so great” feel-good video, the kind that we have every right to look at cynically.

However, and at the significant risk of being judged a Tim Cook fanboi, I actually think something has changed under his leadership. Even if it is just that we are allowed to see more of this side of Apple now, Tim’s tenure so far seems to be bringing about a much stronger focus on values than ever before.

We have their ‘Intention’ video, Tim’s public musings at the Fuqua School of Business, and perhaps more importantly, actions like their Supplier Responsibility work and bringing the manufacturing of the new Mac Pro to the USA.

“There are some ideas we want every company to copy”

Perhaps what is most exciting about this new, very public, focus on these issues is the idea that ethics can become a point of competition.

Not every customer is going to care about this stuff, but most people will want to feel like they’re doing the right thing. The pressure that companies like Apple can put on their competitors might be one of the most effective tools for actually making a difference to a whole industry’s behaviour.

I hope we see that.

Time for a Refresh

New site design screenshot

I have had a few design overhauls in my time here on this site. I haven’t, however, done anything significant to the site’s design since the beginning of 2012!

I have just finished another unrelated web design project with which I am very pleased, and, as frequently happens, it threw into sharp relief just how tired this site looked!

I am well aware that this site is also in need of a fairly generous content refresh as well — and I hope I will make some time to do that soon. For now, though, I hope the visual refresh keeps things going.

It is primarily a typographical refresh this time around. You might notice:

Who Shot the Serif, Part 2!

All serif fonts are gone!

Headings

Colaborate font sample

Colaborate, by Carrois Type Design, replaces Charis SIL for the header at the top of the page, and also does significant service for header text across the site.

Body Text

Roboto font sample

Colaborate’s funky looking ‘t’ character adds… well, character… but it wasn’t working for me across all the body text. Body text, then, loses its traditional Helvetica/Arial choice from before, and uses Roboto by Christian Robertson. It’s being included via Google Fonts, which should keep things nice and speedy!

There’s More… (I Hope!)

I have further ideas to tweak and refine the design, and of course, a desire to get some new content out here as well. With any luck, there will be a bit of time soon to act on those things. Watch this space.

Miles per gallon

Miles per gallon

Preserving Playtime

We spend a significant portion of our childhood learning through play. It’s fun and it’s intuitive and it is how we learn so many things about the world and where we fit in to it. It’s practically burnt into our ROM, if I can misuse a technology metaphor.

Dirt path in woods
As we grow older, I think many of us become embarrassed about play. I remember very clearly being told, about the impending move up to secondary school at the age of 11, that if you were seen ‘playing’ at breaktime, you’d be at the very least teased and mocked. It’s even in the name — suddenly it’s a time for a ‘break’, and not a time to ‘play’.

For me, and I suspect for many people, maintaining play as a primary way of learning and self improvement is immensely important. Many of the things I have learned, and enjoy doing today, I picked up not by heavily structured learning, but by playing around with things. I still use the word a lot when talking to people about how I’m going to investigate and solve a problem — “I’ll have a play around and see how far I get”.

Play, to me, means exploring ideas or practising things, apparently aimlessly, or at least without a strong sense of direction.

It’s challenging, though, to maintain playtime in a social environment that frequently sees being intensely interested in something that is directly productive as ‘weird’, or (negatively slanted) ‘geeky’, and when balancing all of the other responsibilities life will grant you.

Here’s how I try and maintain an environment that is conducive to play.

Structure the Unstructured

It becomes increasingly difficult as you get older to have the unstructured time needed to be able to be led by your curiosity to explore something new. In the 21st century, the wider variety of entertainment content available than ever before, and endless opportunities to be distracted by communications make it even more challenging.

There is an inevitability to greater time pressure when your responsibilities grow too, so with the free time you do have left, it’s important to make sure some of it isn’t filled, particularly with consuming entertainment media*. Play should be about creating your own entertainment through exploration!

Take the Geek Heat

There is a compromise you’re making here, and the cost is that some people aren’t going to understand or appreciate what you’re spending time on. Sometimes, you’re going to be risking missing out on being in the loop socially, because you’ll be consuming less of the media (mainstream and social) that others have.

You need to be prepared to figure out where the balance of this trade-off lies for you, and accept your choices about your time. It helps if other people support your choices too!

Follow

I’m immensely guilty of trying to be too structured a lot of the time. I try and keep myself as productive as possible, and do a lot of conscious self-analysis and self-management.

This kind of approach doesn’t invite play to the party. You have to listen to that quiet, subconscious sense inside you that already knows where it wants to lead you. You have to not have too many set ideas about where playtime will take you. Listen to yourself, and follow, don’t lead.

You have to be prepared to end up having not been productive quite a bit of the time, too. It is only by taking the risk of wasting time that you often discover something very valuable.

Recreation and Reward

I feel fortunate that the curiosity and excitement inside me is very much alive still. When I make sure I create the time and space to play, it rewards me — both recreationally, because it’s fun not to have a strongly pressured agenda, and because there are often more tangibly productive rewards that come about too.

When I suddenly have the desire to play with a bit of technology, or an idea, that I know nothing about, I try to make sure I have some time for that scheduled soon. I mess about, break things, fix things, poke things, observe things, until I am satisfied I know more than I did before.

I hope that I can always find a way to keep that a significant part of how I spend the rest of my time on this planet, and I’d love it if more people felt confident and proud about doing this too!

* This is why generally, no, I haven’t seen that new TV show. Sorry, but I need my playtime!

Image is ‘The Road Less Travelled’ by Andrew Butitta on Flickr. Licensed under CC-BY-SA.