Category Archives:

Worried about WordPress security upgrades

The technical among you may have noticed I use the ‘WordPress‘ package to host this blog. As I noted a long time ago, this was largely because the folk behind it seemed to be respectful of the fact that URLs are part of the human interface to the web.

I’ve been a happy user of WordPress for a few years now, and I enjoy the new features they’ve added in that time.

However their basic position is that the only way to get security patches is to stay on their latest release. This is problematic. I’ve invested considerable effort in integrating this blog into the rest of, by creating a custom theme. Sadly, the WordPress team don’t appear to claim to maintain the APIs that themes talk to in a stable fashion. Every time I upgrade, I’m expected to review (At least – at worst, I must re-do) the technical work of creating a theme. This is non trivial effort, but apparently this time of mine is not important enough to the WordPress team. If it were, I think they’d nominate stable API releases, and provide security patches for them. Otherwise I find the claim that I can upgrade with a ‘known amount of work‘ niave and mildly insulting.

I’m finding the fact that I’m required to do this work for a time critical security patch on a Sunday evening just plain annoying.

Unless this attitude changes, I’ll have to shop for a new blog provider. Any suggestions?

This blog now supports OpenID

A second small victory (They just keep coming!) today. This blog now supports OpenID for comments and other login chores. This is mostly a benefit to me (one less password to remember), but will form the basis for more features here on over time.

 As a bonus for commenters, all OpenID vouched comments are automatically approved. I will revoke this (and moderate them once again), when spammers add OpenID to their arsenal.

 If you’re not sure if you have an OpenID, you probably do (or can get one) if you use AOL, Livejournal, Yahoo or Flickr… 

Note that an OpenID is optional for comments. 

A small victory with wordpress and Apache

Today I managed a trick I’ve long wanted. I’ve abolished www from all URLs, without breaking the ‘pretty’ URLs I use for wordpress blogs. The trick was to have multiple .htaccess files, and actually spend some time understanding what mod_rewrite can do for me. There should be no public impact (other than you don’t need to type www. anymore on this site) – all the old www based URLs will redirect to their new homes.  Any breakage, let me know! 

Comments are off…

I think it’s a lesson I should have learned already. Provide zero-cost access to a public space, and zero-cost commercial junk – spam – will dominate its content.So comments are now off by default on this blog. If you have something you want to say about a post, I can recommend you put it on your own blog. That’s what links are for. Feel free to email me to let me know to read your blog. I’ll probably open up discussion-worthy posts for comment from time to time as well.I’m tired of ‘moderating’ spam. It’s time in my life I no longer want to spend.

Bending wordpress styles to my will

As you can see if you view the blog today, I’ve been editing the stylesheet. I’m trying to make it feel like part of an ‘integrated whole’ with the rest of you, I’m aware that the website design I use is a bit dated, so maybe I should have a more radical redesign!

A Start of Something

Well, I’ve been wanting a blog for a while. I’ve been following several for a number of years, and there is definitely a budding writer in me (my English teachers would probably be surprised!).I had a go at editthispage, and have been evaluating a few packages on, on and off, for a couple of years. WordPress 1.x, plog (now something else), and greymatter were all hosted here at one time or another.I’ve been looking for two features:

  • Hosted at my own domain
  • High quality URLs
I don’t like paying for URLs I can’t control. Either because they are hosted at someone else’s domain, or because some programmer somewhere thinks their time is more important than mine. URLs in the form of post.php?id=999 might have been a necessary step, but the very earliest web style guides recommended making URLs human readable, and I rather like that myself.Wordpress 2.0.1 seems to have finally satisfied these features, and its free!