Rob's Blog

Note: There is now a potential solution for this – see the bottom of the post.

Today when browsing the web, I started to get notifications from Norton Antivirus telling me a malicious worm was blocked. I get these occasionally, so thought nothing of it the first time, but they kept coming up, and I realised I was only browsing sites I trusted (eBay, Wikipedia etc). I clicked on “More Details” to look at what was going on.

The Risk being reported (and blocked) was “HTTP Acrobat PDF Suspicious File Download“. The sites supposedly making this intrusions attempt include:

• eBay (My Ebay)
• Wikipedia (Only when I’m logged in – I have Popups installed on my profile)
• My WordPress “Write Post” page (I had to disable the antivirus to let me write this!)

Symantec blocks the Javascript which makes certain things not function correctly (the Popups on Wikipedia, the WYSIWYG editor on WordPress).
I can fairly confidently say that these three sites aren’t trying to attack my computer! I think Symantec need to adjust their definitions pretty urgently – I can’t be the only one getting these false Positives!

[Update]: I’ve found it also affects Google Maps!

[Update 2]: This seems to affecting loads of sites, and this post is getting hundreds of hits no it’s appearing on Google. Scott Clark has posted a screenshot of the problem on Flickr.

[Update 3]: JasonC has posted a possible solution. I have a slightly different version of NAV, and this is how I fixed it:

1. Opened Norton Antivirus (double clicked on the icon in the system tray)
2. Clicked “Settings” on the internet section
3. Clicked “Configure [+]” next to “Intrusion Exclusions”
4. Scrolled down to “HTTP Acrobat PDF Suspicious File Download”, and unchecked it
5. Clicked “OK” on all open screens.

Note, this may leave you open to this particular worm, do so at your own risk. (See update below – this shouldn’t be required any more)

[Update 4]: Symantec claim to be working on a fix for this.

[Update 5 (2008-12-11)]: This now apears to be fixed in the latest Live Update. If you have applied the fix suggested above, I suggest you undo this (after running Live Update) to ensure your computer is fully protected.

I’ve had this blog for a few months now, and I’ve started to think about my reasons for starting it. When I started I didn’t really have a plan for any theme or anything,and I’m not sure I really expected anyone to read it.

Most of my posts get almost zero visitors. My most visited post is a rather un-interesting one about how to fix a text copying problem. At least it shows I have something useful to say, although even that has just over 300 views! I get around 5-20 pageviews on an average day.

Should I be suprised I am essentially bloging to myself – I’m not even sure I’ve got anything interesting to say. It’s also not like I read many other blogs on a regular basis. In Thunderbird (currently how I read RSS feeds) I am subscribed to:

• 3 System status pages
• 2 Blogs of friends who have gone travelling. One has returned, and both have gone pretty dead
• A feed of web design leads (I never actually use any – I should really remove it)
• Fadtastic – a blog of web design trends
• Weebl’s Stuff – I love those cartoons
• The personal blog of Natalie – a uni friend, and the blog of her photo retouching company she started recently

The last two I only really started reading when thinking about this post!

I know I get one or two readers of my posts when they are imported into Facebook (Hi Michelle!), and I don’t know if anyone subscribes to my feed, but very few people regularly read my posts.

So, I don’t read anyone else’s, and I’ve not got much interesting to say, so it’s not surprising I don’t get many visitors, so I started to think about why I started a blog in the first place.

Blog Technology Familiarisation

Like I say in my tagline “I thought it was about time I started a blog”. I develop websites for a living, and I can see that blogs are becoming more and more important. I felt I needed to familiarise myself with both the mechanism for running a blog (Permalinks, trackbacks etc), the etiquette, and of course the software behind it, in this case WordPress. The easiest way to do this is to start my own – even if no-one reads it.

Constructive Procrastination

Working from home, I do on occasions find my mind wandering! I thought I may as well allow my mind to wonder somewhere creative! I’m not sure if this has happened though!

Passing on Knowledge

Occasionally I have to hack a piece of software, or spend ages trying to find the best way to fix a problem, and I like to share it with the world. Not all of my posts of this type have become popular, but some have. Examples are the Text Copying problem, fixing a bug in a WordPress template, and instructions on how to use OpenID with your blog. The first two have had moderate success, the last one not as much!

Money

I think I always hoped my writings would become popular and I would be able to make money from advertising. I’m not thinking this is unlikely, but I think the hope will always be there in the back of my mind.

Fame?

There are lots of people out there who become well known for their writings on their blogs, whether technical or just about their every day lives (although I can’t think of any at the moment!), and I think I always hoped to become famous, or at least respected for my blog, or at least one post, but I always knew this was unlikely.

Personal Diary

Finally, whether it was my intention or not, this blog serves as a personal diary that I can look back on, just like people used to write “Dear Diary”, and is a great place to vent my thoughts.

So, there are my reasons for writing. If anyone does read this come and say hi, and you have your own blog, why not think about your reasons. Add them to the comments, or write your own post and let me know.

If anyone with their own personal blog let’s me know, I will add your feed to my reader and start to read yours (at least till I get bored!)

Please Note: [update 2008-08-20]: This has now been fixed as of Freshy 2.0.8, so you shouldn’t need to make any changes other than updating to the latest version. I am leaving this post for the sake of archive.

Any regular readers (although I don’t think I actually have any!) of this blog will notice I recently changed the theme to the fantastic Freshy 2 theme from Jide.fr. Together with the customise plugin it’s a great theme with many great features, including support for the Gravatar plugin.

Unfortunately as of version 2.0.6 there’s a very small error in the way the Gravatar function is implemented, which means the Gravatars aren’t displayed properly (and in fact it means commenter’s email addresses are displayed in the source).

Luckily the fix is very simple. You need to edit the file comments.php (using the theme editor or your favourite method), and find the following section (around line 37)(sorry about the indentation – WordPress insists on removing it!):

<?php // gravatars
if (function_exists('gravatar')) {
if ('' == $comment->comment_type) {
echo '<img class="avatar" src="';
gravatar($comment->comment_author_email);
echo '" alt="'.$comment->comment_author.'" width="40" height="40" />';
} elseif ( ('trackback' == $comment->comment_type) || ('pingback' == $comment->comment_type) ) {
echo '<img class="avatar" src="';
gravatar($comment->comment_author_url);
echo '" alt="'.$comment->comment_author.'" width="40" height="40" />';
}
} else {
//echo '<img class="avatar" src="'.get_bloginfo('stylesheet_directory').'/images/default_avatar.png" alt="'.$comment->comment_author.'" width="40" height="40" />';
}
?>

And you need to change the two gravatar() function calls to look like this (remove the paramters):

gravatar();

If you prefer you can download a fixed comments.php to replace you existing one here:

coments.php.zip

These changes actually make a lot of the code redundant, as it’s not possible to display a Gravatar for a trackback (there is no email address)

Make the above changes and you should be able to see Gravatars for all your visitors!

I also note, it looks that as of WordPress v2.5, that gravatar support is built in. Note, if you use this the get_avatar() function does require the email address of the user as a parameter!

Update: Please note, the above download is for the old Frshy 2.06. Freshy 2.07 may have a different comments.php file, although it still has the bug so you will need to make the repair manually (let me know if you have any questions)!

Update 2: The bug is now fixed as of version 2.0.8

I upgraded to WordPress 2.5 today, using the WordPress Automatic Upgrade plugin. I had a few problesm. The main one was although it asks for FTP details so that it can change the permissions, there are many files it doesn’t. The second problem I had was I didn’t read the bit that says “Click here to upgrade then come back”.

I also decided I ought to change the theme from the default. This was much easier. The main issues are with the Gallery integration – the gallery doesn’t look quite right.

On a similar subject, I can’t get the image frames bit of it working, which means if I want to change anything about WPG2, I have to enable image frames, change the settings, then disable image frames again to stop error messages being displayed. This may be because I am using an SVN version of gallery – I may look into this if I get a chance.

I read about OpenID a while ago, and decided now I have a blog, I should get myself an ID to let me log in to the various sites that support it.

I assumed there would be a WordPress plugin that let me do this, and I quickly found and installed WP-OpenID. To my disappointment I discovered that this plugin only adds the option for visitors to login using their OpenID, but not to use my blog as an OpenID. This does mean if you want to comment you can sign in with your OpenID however!

There are lots of 3rd party OpenID providers, and in fact I probably have more than one through other sites, but I wanted to keep everything separate from other providers, so I decided to set up my own.

Now, from here on, I am not reliant on WordPress, and this applies to any homepage or blog, whatever the platform. This is why I didn’t find many useful search results when searching for WordPress OpenID providers/plugins.

The solution is to install a little PHP application called phpMyID. There are lots of other blog posts that describe this process, but I will put a quick summary of what I did here. This assumes basic PHP/technical knowledge.

Firstly I downloaded phpMyID from here and unzipped it. The readme is pretty good – read it! I renamed MyID.config.php to index.php since I put it in it’s own directory (in fact own sub-domain: openid.robferrer.co.uk). Note, somewhat unusually, the config file is the main file which should be loaded, and is not included by another file as you would find in many other apps.

The readme tells you to upload the files and visit them. In fact this is only required if you are running PHP in safe mode, but I did it anyway (I also noticed a PHP error, but I’ll mention that later).

Follow the instructions to create the MD5 hash. I did this on a linux command line, and don’t like entering plain text passwords directly because it stays in the history. I could probably have worked out another way of typing the command, but the easiest solution is just to type ‘history -c’ after you’re done to clear the history.

I mentioned that I had a php error. This seems to be any configuration options that aren’t set (left as default). It works ok, but may (depending on your server settings) display warnings which prevents the headers being modified. The simplest solution to this is to turn off error/warning display in the php settings or (as I did), add the line “error_reporting(0);” to the top of your config file.

Other changes I made were to turn paranoid mode on (this asks you each time if you want to share your ‘identity’ with a site), and set up the sreg array with my details (to save you looking it up, the UK timezone is ‘Europe/London’, and country is ‘GB’). I’ll leave it up to you to decide how much of this information you want to fill in, bearing in mind any site which you log in to will be able to read it. I also set the idp_url, but it’s probably not needed

Re-upload the files and check you can log in. You may have to use the .htaccess (I didn’t), see the readme.

Finally, you presumably don’t want to enter your phpMyID url when you log in to a site, so put the following tags in to your homepage header:
<link rel=”openid.server” href=”http://openid.robferrer.co.uk/” />
<link rel=”openid.delegate” href=”http://openid.robferrer.co.uk/” />
(obviously replace http://openid.robferrer.co.uk/ with the URL of your phpMyID installation). If you want to use your blog URL, edit the WordPress header in Presentation->Theme Editor. You should now be able to enter your blog or homepage URL on any site that supports OpenID.

I had a small issue that stopped me logging in as www.robferrer.co.uk instead of openid.robferrer.co.uk. Not sure what the issue was. but this seems to be ok now using the settings described above.

I hope this helps someone searching for the same things as me!