Category Archives: Uncategorized
Summary: A web host had a crappy server configuration that allowed people on the same box to read each others’ configuration files, and some members of the “security” press have tried to turn this into a “WordPress vulnerability” story.
WordPress, like all other web applications, must store database connection info in clear text. Encrypting credentials doesn’t matter because the keys have to be stored where the web server can read them in order to decrypt the data. If a malicious user has access to the file system — like they appeared to have in this case — it is trivial to obtain the keys and decrypt the information. When you leave the keys to the door in the lock, does it help to lock the door?
A properly configured web server will not allow users to access the files of another user, regardless of file permissions. The web server is the responsibility of the hosting provider. The methods for doing this (suexec, et al) have been around for 5+ years.
I’m not even going to link any of the articles because they have so many inaccuracies you become stupider by reading them.
If you’re a web host and you turn a bad file permissions story into a WordPress story, you’re doing something wrong.
P.S. Network Solutions, it’s “WordPress” not “Word Press.”
The newly released Microsoft Visual C++ 2010 Express has been added to the
Free C/C++ Compilers and Interpreters page. This
latest version of the compiler adds language features from the upcoming C++0x standard, among other things. It's free, so get it
if you want to write computer programs in C++ on Windows.
Note: if you don't like Visual C++, there are now 37 free C/C++
compilers on that page, so you should (hopefully) be to find one that you can use. (Yes, there are that many. And I haven't
even counted the C/C++ cross-compilers for handheld
devices and embedded systems!)
If you are a C# programmer, check out the newest addition to the
Free C# Compilers and Interpreters: the
new Microsoft Visual C# 2010 Express. The compiler now supports the .NET Framework 4 and adds new language features.
The free Microsoft Visual Basic 2010 Express has now been added to the
Free BASIC Compilers and Interpreters page.
If you're looking for an easy way to get started on writing computer programs, check it out. Alternatively, you can also
get one of the 28 other free BASIC compilers on that page.
The deadline for students applying for Google Summer of Code this year is today, at 19:00 UTC. That’s about 3 hours from now. Still working on your application? Double check your time zone here. No late applications will be accepted.
There are a lot of potential projects on our Ideas list, so if you’ve been hemming and hawing over whether or not to apply, this is your last chance for this year. We have great people lined up to mentor the students, including most of the WordPress lead developers, some dedicated core contributors, plugin developers, the BuddyPress lead developers, etc. Google is providing a great opportunity for both students and the open source projects that act as mentoring organizations (like WordPress), so don’t pass it up if you’re an eligible student.
You can’t win if you don’t play, right? Five thousand bucks for two months of coding over the summer with WordPress hotshots. I know a lot of people that would love that deal. Oh, and hey, student girl wonders of WordPress-land: why haven’t you applied yet?
Apply now! (Don’t forget to use our application template.)
A new screen capture utility for Windows has been added to the
Free Screen Video Recorders and
Screen Capture Software page. This one can not only capture a screenshot of a window, the entire desktop or the current
monitor (in a multi-monitor setup), it also handles the rounded corners of windows and the Vista/Windows 7 transparent window title
bars and borders intelligently.
If you're looking for a program to take screenshots, for example for an online tutorial or
to post in a forum, check this out.
The page also list programs to create a video recording of things you do on your desktop, something that is useful if you want
to make a screencast for video tutorials and the like.
A new anonymous proxy has been added to the
Free Anonymous Surfing and Proxies page.
Such proxies allow you to surf the Internet without leaving tracks about which country you come from, the type of system
you are using, the browser you're using, the fonts installed on your computer, etc. This particular proxy is situated in Germany, so
websites you visit will register you as arriving with a German IP address.
Remember when I posted earlier about the Twitter account, and I said that hopefully you’d find out later today what has been keeping us all so busy? Beta testers, this is your moment: the WordPress 3.0 Beta 1 has arrived!
This is an early beta. This means there are a few things we’re still finishing. We wanted to get people testing it this weekend, so we’re releasing it now rather than waiting another week until everything is finalized and polished. There’s a ton of stuff going on in 3.0, so this time we’re giving you a list of things to check out, so that we can make sure people are testing all the things that need it.
You Should Know:
- The custom menus system (Appearance > Menus) is not quite finished. In Beta 2, the layout will be different and a bunch of the functionality will be improved, but we didn’t want to hold things up for this one screen. You can play with making custom menus, and report bugs if you find them, but this is not how the final screen will look/work, so don’t get attached to it.
- The merge! Yes, WordPress and WordPress MU have merged. This does not mean that you can suddenly start adding a bunch of new blogs from within your regular WordPress Dashboard. If you’re interested in testing the Super Admin stuff associated with multiple sites, you’ll need some simple directions to get started.
- We’re still fiddling with a few small things in the UI, as we were focused on getting the more function-oriented code finished first. For example, we’re getting a new icon for the Super Admin section.
Things to test:
- Play with the new default theme, Twenty Ten, including the custom background and header options.
- Custom Post Type functionality has been beefed up. It’s really easy to add new types, so do that and see how it looks!
- WordPress MU users should test the multiple sites functionality to make sure nothing broke during the merge.
Already have a test install that you want to switch over to the beta? Try the beta tester plugin.
Testers, don’t forget to use the wp-testers mailing list to discuss bugs you encounter.
We hope you like it! And if you don’t, well, check back when beta 2 is ready. 
Download the WordPress 3.0 Beta 1 now!
This post is about the @WordPress Twitter account, so if you don’t use Twitter, or don’t care about Twitter, then feel free to take the time you might have spent reading this post to go play outside (or an equivalent) instead.
Okay, so, Twitter! When all those apps started popping up using the Twitter API, things like automatically following anyone who followed you and sending an automatic Direct Message seemed like good ideas. We’re all friends, right? Wrong. That auto-follow bit us hard, and the huge amount of spam the account gets means that it’s been nearly impossible to monitor legitimate messages from WordPress users and developers who need to be pointed to a help resource. We’re sorry! Just as we needed to get the Ideas Forum under control* so that it could become a more useful resource for the community, we needed to get rid of the spam clogging our Twitter arteries. Except there was no easy way to do it.
We had wound up following over 50,000 people. If someone went to the @WordPress profile page on Twitter to see the stream of updates from people we followed, almost none of it had anything to do with WordPress or the community. Diet pills, Twitter scams, and multi-posted spam messages were the norm. Yuck! Who else wishes there was Akismet for Twitter? Unfortunately, there’s no easy way to clear this stuff out quickly (mass unfollows trigger their TOS alert, so it’s not surprising). I even contacted Twitter directly to see what the options might be, and it was suggested we use a script to clear the account. To be clear: Twitter flagged our account so that when the script was run they wouldn’t mark us as spammers for violating the TOS with a mass unfollow. We communicated with them beforehand, and the use of scripts to do this is not encouraged. Twitter was doing us a nice favor to help us get our house in order. Thanks, Twitter! Last night I ran the script and removed everyone. Extreme, but in good cause, right?
We’re now starting to re-follow real people from the WordPress community. There will be no more auto-follow. If you are a WordPress developer, designer, blogger, fan site, whatever — and think your tweets should appear in the @WordPress updates stream, then send an @ reply to us and we can add you to the new list (assuming you’re not hawking diet pills, free iPads or ways to get a million followers). This way, people who are new to WordPress and go to check us out on Twitter will (hopefully) get a sense of the vibrant community that we have. People who send @ messages to us won’t (hopefully) wonder indefinitely why they were ignored, because without all the spam, maybe we can use Twitter as it was intended to be used, as another channel of communication.
And for anyone who uses Qwitter and thinks @WordPress stopped loving them because of the last tweet they posted before the script ran… sorry! It wasn’t like that, we swear! It would be nice if the script could have done a bulk DM before the removal, but nope (otherwise we’d have included a message about this). So trust us, we still like you! And if you haven’t already been re-followed, please don’t take it personally… just send an @reply to @WordPress (tell us how you use WordPress!) and we’ll try to get you re-added soon. Later today (hopefully) you’ll find out what’s been keeping us so busy!
*Have you noticed? We cleared out thousands of old threads, added categorization, and will try to keep it to under a hundred open idea threads at a time so that they can be managed in a timely fashion. Check it out and rate some of the new ideas today!
A new bootable rescue disk has been added to the
Free Antivirus Rescue CDs and DVDs page.
If your computer system is compromised by viruses or some other type of malware, booting from a rescue disk may be the only way to
clean the infection, since some malware protect their files while Windows is running. The AVG Rescue CD can be
burned onto a CD or, in spite of its name, even
set up on a USB thumb drive to scan and disinfect your computer.