Drupal release 4.6.7 is now installed on muddylaces. This release is a security fix to patch a small hole with file uploads. The upgrade was nice and simple, just the way it should be.
Tag: Geeking Out
Upgraded Upgrades
Another upgrade this morning. I upgraded the gallery install on muddylaces to the latest version (1.5.3).
Easy peasy. Untar, overwrite files. Login again. Upgrade complete. That is how I like upgrades to work.
Not much new in this version, but there is a security upgrade, which is what prompted the upgrade.
I am also playing with gallery 2.1 install somewhere. Might be moving to it soon. 2.1 still seems slow to me, and that sucks. I have also figured out how to set it up so the urls match my current install (using the url_rewrite module). That was also a huuuuuge stumbling block. Unfortunately some of the URL’s still; aren’t to my liking.
Gallery 1.5.3 pictures url: http://www.domain.com/gallery/albumname/MG_8387
versus
Gallery 2.1 url:http://www.domain.com/gallery_2_1/albumname/MG_8387.jpg.html
I want to get rid of the .jpg.html but so far haven’t figured that one out.
Hotlinking Thieves
I was spending some geek time looking through my stats since I hadn’t done that in a very long time. I had to update my .htaccess according to the Dreamhost Drupal Docs so I could get access to the stats directory.
After doing this, and looking at the monthly stats I noticed that there were a *lot* of myspace referrals. Checking a few of the links I could see that tons of people were hotlinking one of my pictures.
Quick google search and I found this page: Preventing image hotlinking: An improved tutorial. In the comments there was the exact example of what I was looking for. Copy paste, upload the new .htaccess. Nothing like the taste of sweet success.
I double checked by reloading one of the myspace thieving posts, and there was a missing image. Perfect. Sometime I want to create an image to send to the thieves instead of the blankness they see.
Gmail Integration
Just restarted Firefox, and my gmail tab got re-opened. This is what greeted me. Too cool. I played with the new chat feature, and I have to say that I am pretty impressed. Very slick integration. Easy to use, easy on the eyes, lots of options that make sense and are easy to understand.
Will this replace MSN? No. Will it replace AIM? No. Will I use it? Maybe. If I had more contacts on gmail. Most people I know have their own domain or a shaw/hotmail/yahoo email address.
Postings Supplied
Just configured the Aggregator2 module for this site. I am now importing my postings from gf-tech to this site. Cool! This will happen automatically as I post on gf-tech.
The documentation on this module was a little difficult to understand. The thing I really want to do it have these posts imported into a specific category, but I can’t figure out how to set this up. The supplied documentation doesn’t help. Time to delve into the forums I think.
Re-Opened Feed
I just re-opened gf-tech a few moments ago. It will be my geek out site. Be sure to add it to your favorite feed reader when you get the chance. 😉
Firefox Funny
Friday at work I downloaded Firefox 1.5 from getFirefox.com. After the download window opened, I noticed the mirror chosen. Kinda funny.
Extraneous Downgrade
On this site I am using version Gallery 1.5.1. When I first discovered this software I thought it was awesome. It seemed fast, had an easy to use interface, I could get up and running in no time, configuration was a breeze, upgrading was simple, and it was stable.
There were rumours about Gallery 2 that was in the works. Something about a complete rewrite. It used a more modular development style, used a database backend, was supposed to be more configurable, and more exensible. When I could I downloaded a beta and gave it a test run.
The beta seemed stable enough, but lacked a lot of features that the regular stream already had. The admin interface was a bear; it felt overly complex and hard to grasp. Overall, it was also, very, very slow. So slow that I decided to dump it.
Over on another site I run (my baby blog [yes that means Sox is pregnant]) I decided to give Gallery 2 another go since it had been taken out of beta and released. I installed the files, got the database installed and the tables created, and set it up (the documentation was not straight forward),. I downloaded the necessary modules, enabled and configured them. So far so good.
Then I created my first album. The process was pretty familiar, but the end result was not what I liked. One of the stupid things that I dislike about Gallery 2 is the URL’s created for albums and pictures. I like clean URL’s with nice names, but even when I turn on the clean URL feature of Gallery 2, there was extraneous crap in the album URL’s (geeks get annoyed by the stupidest things). This software was also still way too slow.
I stuck with it for a while, but never grew to like it like the original it is supposed to replace. Yesterday I did a downgrade from Gallery 2 to 1.5.2-RC1.
I am much hapier. The interface is familiar (lame reason to downgrade), but the performance is back, the features I like are back, the ease of use is back. I dumped the crap I didn’t like and ended up with what I do like.
I sincerely hope that the Gallery team can fix the problems they have created. I think it is admirable that they chose to start from scratch the way they did. There is absolutely no way that the team will be able to please everyone. I don’t agree with some of the decisions they made (particularly the UI issues), and I wish them the best of luck because in my mind, they are going to have to make some drastic changes to get me to upgrade again.
My problem now is that the version I am using wil eventually be phased out. No more new development eventually, so what happens when there is a security flaw found? Apparently security fixes will continue to be released for this version, which I really hope is true. Still, makes me wonder if that will be the case.
Phishing Support
Who here has heard the term phishing before? In a nutshell, an unscrupulous person tries to trick you into divulging personal information to gain access to accounts you hold. Quite often this is to try and break into your eBay, PayPal, of even Bank Accounts.
One of the key things to look for in a suspected phishing attack, is that the sender of the message matches the correct url. If you receive an email from gfox@somebadplace.com, and it tells you to login to your muddylaces account, but the url provided goes to somebadplace.com, you should not do it. Pretty simple you would think, but some people have found bugs in popular web browsers, and this can mask the true url. These fakes sites are often very official looking replicas of the original site. They could mimic the bank’s website, tricking you into thinking you are logging in there when really the fake site has just collected your account number and pin. Scary thought.
How do you avoid falling into this trap? You can do a few things. If you are instructed to login to your account at website y, open your webbrowser, and manually type the url for y (ie, do NOT click the link in the email). If you really want to click the link, ensure that the destination to arrive at really is the correct place. Using bookmarks is a good practice too. What’s the difference between flipper.com and fl1pper.com? Subtle, but easy to miss.
With this in mind I will relate a strange story. Last week one of my credit card’s sent me a mailing telling me that they had just released their first ever website for managing your account. It is the normal stuff like seeing what charges are outstanding, seeing your current bill, etc. I signed up, gave my email address, and used the site a couple times. Let’s call this company smartcard, and assume their website is smartcard.com
Yesterday I got an email saying my latest statement is ready. I opened the email, and the contents made me curious. The sending email address was smartcard@smartcard.ghi0.com. Hmm, that is not the domain I created the account on. In the email it quotes the last 4 digits of my credit card. All links to the companies website end up going through ghi0.com, and most of them seem to have some kind of tracking token (most likely to see which link I clicked). It’s weird, everything in me says it is a phishing message, but it arrived right when my paper bill was mailed to me. I haven’t clicked any of the links either. Perhaps the ghi0.com is just a redirecting service. Perhaps this email really is what it says, and everything is on the up and up.
As as test I entered smartcard.ghi0.com and ghi0.com into the browser url. Empty web pages are returned. This is another red flag for me
Let’s examine the 2 scenarios.
1) This is a phishing attempt. I am doing the right thing by not clicking the links. I should just delete the email, and maybe wait to see if it happens again next month.
2) It is legit, and from smartcard. If this is the case, then I really don’t want to be using their website. This is bad web practice. It screams bad idea to me. It screams phishing attempt. If I were to receive a phishing message, how do I then distinguish between it and this email? What other bad practices are they using? I want to write to customer support and tell them just how bad this is. I can’t trust them anymore.
Please note: I have changed names and url’s to protect myself (more or less). No need to inform people who I bank with.
Housekeeping Announcements
A little housekeeping around the house this morning, and a little housekeeping around the website. Drupal has been upgraded to 4.6.4
These types of announcements are generally just for my benefit, noone elses.