From the category archives:

Web/Tech

The endless WordPress login loop

September 13, 2008

Yesterday, I upgraded my main blog to WordPress 2.6.2, the latest version released a few days ago.

As has been my previous experience in upgrading blogs using DreamHost’s excellent 1-Click procedure, it was a seamless experience, successfully done in less than 15 minutes.

Today, though, I had a completely different experience upgrading this blog to version 2.6.2, one that produced a wholly unexpected result.

Here’s what happened:

  1. Prepared blog for upgrade: backed up database, disabled all plugins, changed theme to default Kubrick
  2. Went ahead and started the 1-Click upgrade process via my DreamHost control panel
  3. Ten minutes later, the expected auto-email from DreamHost arrived saying upgrade success
  4. The email had the usual link to click on to upgrade the database (although with every upgrade release this year, the database hasn’t required upgrading)
  5. Clicking that link just gave me the log in page, though, and any attempt to log in just produced the log in page again.
  6. Trying to go directly to any admin page just produced the log in page
  7. Unable to log in to blog admin so a help ticket filed with DreamHost support

A Google search on the phrase “wordpress login repeats login page” didn’t produce much except for an interesting post in the WordPress support forum describing a similar issue but related to a fresh 2.6.2 install rather than an upgrade.

That post describes issues regarding Apache and PHP with this resolution:

[…] Fixed, since it is load balanced behind an ssl accelerator the SSL is added through the appliance and the apache/php install knows nothing of the https. I edited the two rows in the wp_options table that had http and changed it to https. All works as it should now.

Ok, but I prefer to wait for a response from DreamHost support before thinking about any issues on the server.

After a bit of further head-scratching, I’ve taken advantage for the first time of the in-built “reassurance feature” of DreamHost’s 1-Click installs – rolled back the blog to the previously-installed version.

That’s good insurance. Whenever you upgrade your blog via DreamHost, the system creates a mirror copy before the upgrade. Then if you ever need to go back, it’s a simple matter of logging in via FTP, renaming a couple of top-level directories, and voila – back to where you were before.

Now waiting to see what DreamHost support have to say.

[Later] An interesting response from DreamHost support, with a solution.

First, the issue behind the problem according to DreamHost support:

It looks like you got hit by a very mean wordpress exploit, ironically due to a security hole that was around pre-2.5. I’ve gone ahead and removed the references to it in your database, however there are a few steps you’ll need to do on your end to make sure its cleared out.

Those steps weren’t complicated to understand and follow, starting with doing a completely fresh install of WordPress 2.6.2 and some security procedures. As I wanted to ensure that the install was registered in DH’s database to enable future upgrades via the 1-Click procedure, this meant a bit of jiggery-pokery on the server to do some more top-level directory renaming before running the 1-Click installer.

Once the install was successful – and taking less than 10 minutes, as the 1-Click works fast – next steps included uploading fresh copies of all the plug-ins I wanted as well as themes and then activating them.

Luckily nearly all plugin and theme settings were in the Wordpress database, so I had only a little extra work to do once plug-ins had been activated.

So about an hour’s work in total, and we’re back up and running and with 2.6.2 installed.

When DreamHost told me about the security exploit, I immediately wondered whether the Thesis theme I run on this blog might have been the culprit.

This morning, I saw a notice on the Thesis site about a fix for a security vulnerability in one of the theme’s files. I applied that fix immediately but it appears that the vulnerability had been there for a couple of weeks since I installed the latest update to Thesis.

DreamHost support’s reaction when I suggested this to them:

It could of been a possible point of entry yes, however wordpress, prior to 2.5.1, had quite a few (4 to be exact) holes itself, so there are several candidates for trouble.

Not sure about the WordPress issues as this blog had been running 2.6 since mid July, not 2.5.1.

Still, the security hole is now plugged thanks to quick and very helpful advice from DreamHost support.

{ 2 comments }

Google Chrome quick video tours

September 2, 2008

If you have an interest in tech, you’ll no doubt have been following today’s launch of Google Chrome, the new browser from Google.

This has had as much if not more attention from the blogosphere and the mainstream media as did the launch of the first-generation iPhone last year.

I’ve installed Chrome and have had about an hour in total just taking a look at it.

So, initial and immediate thoughts captured in these two videos, recorded on my Nokia N95 8GB with seesmic mobile, the new mobile app from seesmic in private alpha testing. (Why two videos? Because the first one timed out!)

More thoughts later as I get to know Google Chrome.

Related post:

[NevilleHobson.com] The Google way of effective communication

{ 2 comments }

Clear pricing transparency is good customer service

April 30, 2008

You might think that having use of a USB broadband modem free of charge is the equivalent of a license to print money.

After all, why worry about the costs of going online via the cellular network when you don’t have to pay the bill?

Well, I’m sure the folk at mobile operator 3 and 3mobilebuzz will be pleased to know that my use of 3’s Huawei E169G USB broadband modem has been quite minimal since I got it to use and experiment with in early April.

That’s not to say that I don’t think about costs. I do, every time I go online with it which is typically when I’m mobile with my laptop.

Even if there’s wifi around, I tend to use the modem (remember, I am testing it out).

I think about costs - and I have absolutely no sure way of knowing how much a given online session will have cost.

3modemapp I can get an idea of how much time I’ve been online at any given moment, and how much data has flowed back and forth.

That kind of information is tracked and displayed in the modem manager application you see pictured here that you run in order to use the modem and get online with it.

Quite useful information, in fact, even if a little mental arithmetic is required to make some sense of it all.

In this example, I can see that I was online in my most recent session for a bit over 15 minutes.

I can also see that the total time I’ve been online since installing this modem on this particular laptop is a little over 5 hours and 41 minutes.

And I can see that total data sent comes to 11,046.94Kb while data received is 43,246.45Kb, making a total amount of data traffic as 54,293.39Kb.

A bit convoluted, it seems to me. When I’m looking at data allowances as gigabytes, I want to understand that more easily as a proportion of my data allowance depending on the plan I’m on.

The total looks like 543Mb, to round it up. Is that right?

And is that how I should be seeing it? As a total?

This is all great but what should also be somewhere on a screen in the application is how much all this is costing.

I’d like to see this application show me what tariff I’m on, whether it’s a contract or pay-as-you-go, and how much I’m paying (well, I’m not, but if I were a normal customer I would be).

It should also show me how much I’ve got left of my data allowance for the month, before surcharges kick in (and it should tell me how much those surcharges are).

A little multi-coloured bar graph would do the trick.

Maybe I could see all this stuff if I went online to 3’s website somewhere. But I want to see this kind of account information before I go online.

Even if the information comes with loads of disclaimers, that’s fine. I want some clue of where I stand with my account each time I load up the software.

When I connect, the software should check my account online and update the local account information before I disconnect.

And it should keep that data on the USB stick or on the inserted SIM card, not on the computer, so that I always have the account information to hand if I connect with another computer.

Security and data protection issues to consider, too, but how difficult can this all be to implement? Surely not that difficult?

I don’t think any other mobile operator provides such information, but correct me if I’m wrong. And if I am wrong, 3, please catch up.

To my mind, being transparent with pricing includes this kind of added value service. Good for relationships and loyalty, especially if no one else is doing it.

And on pricing generally, I see that from tomorrow May 1, 3 has dropped the price for its pay-as-you-go offering by 50 percent, from just under £100 to just under £50.

That’s really great, but I’d still want to see my account information before I connect.

{ 4 comments }

Do any Windows Ultimate Extras actually exist?

February 20, 2008

That’s a question I’ve been asking myself every time I check the results of any Windows updates, or do a manual check myself.

Every time, the screen shows this:

noultimateextras

Ever since I installed Windows Vista Ultimate on my Dell desktop PC last April, only one Ultimate Extra has ever shown up via Windows Update.

That one is DreamScene, and it’s pretty cool.

But that’s it. Nothing else since.

Quite a few people are asking: Are there any Ultimate Extras?

Love to see some answers from Microsoft.

{ 0 comments }

Video conferencing with ooVoo

February 11, 2008

I took part in an experiment today to try out ooVoo, a new video conferencing and messaging service that, according to its Wikipedia entry, is similar to Skype video calling.

Similar indeed as both services use the internet for their connection and a webcam to communicate. Both also offer additional features, notably phone calling and text messaging.

One marked difference - with ooVoo, you can connect with up to six people simultaneously in a video conversation, and record that conversation.

See ooVoo’s full feature list here.

I joined Marshall Kirkpatrick in a group ooVoo video call as part of My OoVoo Day, a series of online events with bloggers that takes place during the coming ten days, all using ooVoo for video conversations.

This screenshot is what I saw on my screen when everyone in today’s video call was connected:

oovo2

The experiment shows it does a pretty good job, albeit with some caveats. The ooVoo service, incidentally, is in beta.

Some initial thoughts about ooVoo based on today’s experience:

  • The ooVoo software is nicely designed. Good attention to detail, well organized and laid out, not too difficult to quickly find your way around.
  • Adding Marshall to my contact list proved a challenge. I knew his ooVoo ID yet when I searched for his details, ooVoo said there was no such user. In the end, Marshall added me as his contact so we were able to connect.
  • I couldn’t get my webcam to start so at the beginning of the call, everyone just saw a static photo. Then I discovered a tiny button on my image which I clicked and the video started. It should be easier than that.
  • During the call, I observed that my computer’s CPU usage was at near-100% all the time, making the machine extremely sluggish for any other use. This became an irritation when, for instance, other ooVoo windows popped up in response to other events (eg, someone requesting to make content) and which took an age to respond to clicks. I’d certainly hope this behaviour doesn’t continue as the product develops, otherwise it’s a show stopper.
  • Recording a video call is a breeze - just click on an obvious button in the record window. The resulting file is saved in FLV (Flash) format. Recording quality, video and audio, is very good.

I have at least one more ooVoo call to participate in this week and may add some further thoughts here based on those experiences.

Marshall has written a review on ReadWriteWeb.Worth reading for additional views and conclusions.

I have some thoughts about the overall My OoVoo Day experiment, primarily from the communication point of which, which I’ll write about at some point on my main blog.

{ 4 comments }

← Older Entries