funkatron.com

Anyone who gets me liquored up knows that I’m not a fan of Wordpress. I think it’s great from a user (that is, the person writing the content) standpoint, but it has lagged behind severely in terms of security, and I don’t believe its popularity is the sole reason WP has been the subject of dozens of vulnerability reports every year. That being said, the WP 2.5 release appears to offer significant improvements in a couple areas: password hashes and cookie data encryption. From the WP blog:

Salted passwords — we now use the phpass library to stretch and salt all passwords stored in the database, which makes brute-forcing them impractical. If you use something like mod_auth_mysql we’ve created a plugin that will allow you to use legacy MD5 hashing. (The hashing is completely pluggable.) Users will automatically switch to the more secure passwords next time they log in.

Secure cookies — cookies are now encrypted based on the protocol described in this PDF paper. which is something like user name|expiration time|HMAC( user name|expiration time, k) where k = HMAC(user name|expiration time, sk) and where sk is a secret key, which you can define in your config.

These are good steps, and while I think they took way too long to happen, I’m glad they finally did. I do still feel that WP suffers from an architecture that makes it too easy to make input filtering mistakes, and I would strongly recommend a tool like WPIDS for all self-hosting Wordpress users.

Update: This seems to have fixed itself one night. Maybe I rebooted? Who knows. Anyway, all seems good now.

So I use SFTPDrive on my Vista workstation at work to mount remote filesystems. It generally works pretty well, and I’ve never had an issue where a program didn’t treat my mount as a local drive — until I decided to give upgrading to Zend Studio for Eclipse a go (licenses for which were generously donated to CERIAS by Zend). For some reason, ZSfE just doesn’t show me my “k:” drive (the SFTP mount) when browsing for a project directory. This throws a real wrench in my usual workflow — ZS 5.5 had built-in SFTP support, and I could also use the local mount if I wanted.

I did look in Zend’s Support KB and the forums, but did not come across anything like this. Have you? Any alternatives for directly connecting and editing over SFTP?

The experience of SXSW

• Unlike other conferences I’ve been to, which were mostly tech confs SXSWi is not about nuts and bolts — it’s about higher level issues of people using technology
  • A couple exceptions, like the Secrets of JavaScript Libraries. This was good, and I’d like to see more like this. I don’t expect hardcore advanced code talks, but good intro-level stuff would go a long way, I think.
• At most confs I attend, I’m the “weird” dude, with my earrings and black t-shirts. At SXSW I’m another asshole with a fauxhawk.
• Way, way, way more women at SXSWi than any tech conf. Someone on a panel I attended complained that the % of females has been going down at SXSWi, and I’d guess it’s maybe 35-40% female. At most of the tech conferences I go, it’s 5-10% female, tops.
• Despite the fact that web apps are one of the primary points of attacks for malicious users, security was really not talked about much at SXSW (although I heard there was some in the OpenID panel). This was disappointing. People running web apps are the stewards of their users security and privacy, a responsibility not to be taken likely. I’d wager under 20% of attendees and panelists could describe basic techniques for architecting software with security in mind (but I hope it’s higher). Definitely need to propose a panel for 2009.

The culture of Austin

• People really do seem more hospitable. Locals will ask a stranger how there night’s going. This is pleasant, but a little weird for a yanqui when it happens in the men’s room.
• Austin embraces being different. They like it, from the top down. This is so unlike most other communities.
• Austin doesn’t feel like a big city. It has some big, cool buildings, but you’ll see flop houses a couple blocks away.
• Closest thing I’ve experienced to Austin is Portland. I think PDX has better public transportation. Austin’s weather doesn’t cause city-wide suicide watches, though.

Other tidbits

Introduced Clint Ecker to Jason Perkins, both Chicago-based web devs. They discover that they work literally next door from one another.

Had lunch with Jason Perkins and the rest of the Pixish crew. Surprisingly was not mocked incessantly for not using Rails. They’re good peeps, and Pixish is a cool site.

I wonder how far the Zuckerberg “keynote” set back female journalism. That’s a hari-kari situation right there.

If you are unwilling to say to someone’s face what you say in your little gadget (or otherwise) blog, you need to shut up. Stop being a punk.

I was really happy to see ExpressionEngine and CodeIgniter represented as strongly as they were at SXSW. I still feel strongly that EE is the strongest CMS product in its market (which includes Drupal, Joomla, Wordpress and the like), and the improvements in EE2.0’s administration system will increase productivity considerably.

Holy shit, I have never seen as many iPhones as I did there. And it’s taking some effort on my part to not go get one now. I could have left my laptop in the hotel room if I’d had one, which would have reduced my fatigue considerably. Since I am doing about 4 conferences a year, it’s starting to make more sense. I’m making myself wait for a new hardware revision, though (and I really can’t afford one atm).

The panel on the success of icanhascheezburger.com was interesting, and I think underlines that luck is a (the?) key component for almost all of these rags-to-riches stories

Being with someone — or a small group — seems key to me. I think I would have enjoyed SXSWi a lot less if I was not able to always count on the two friends I was with.

Do not be afraid to come up and talk to people. It’s hard for me to do, but I was always glad I did. I got to meet old internet-only friends like Violet Blue because of this (so glad I did!). I also got a hug from Halcyon, which was awesome — more dudes should be down with hugs.

Meeting Alex Payne was another highlight of SXSW for me. What a great guy; I wish we’d had more time to hang and talk. And there were so many others, like Derek Allard, Jonathan Snook, Ken Fisher (thanks again for dinner Monday night), Thomas Myer, C. Eric Smith, Obie Fernandez (I wish he’d written Rails), Stephanie Booth, and many others whom I’m too forgetful to remember at the moment.

Frank Warren’s keynote on his PostSecret project was the highlight of SXSW for me. It was funny, tragic, inspiring, and compelling. One could not help but be inspired, as exemplified by the man who asked his love to marry him in front of the entire audience. Technology empowering us to express ourselves, communicate, and aid one another is so much of what the last few years in web dev has been about, and we would do well to follow the example set by Frank Warren.

Oh hell yes I’m coming back next year

ExpressionEngine 2.0 will be powered by CodeIgniter

• CI gains abstracted querying
• New CI libs like the DBForge built to support EE 2.0
• EE Session library more powerful
• EE Form gen and HTML gen

• jQuery built into EE now

• Basically, if EE needs something, CI gets new feature

• Performance and simplicity still top priority

Changes coming in EE 2.0

• new CP theme designed from scratch
• CP uses MVC pattern (CP has always been decoupled from EE’s frontend stuff)
• CP has nice DHTML stuff driven by jquery - sortable tables, dynamic search results/filtering, ajax paging (retains sorting settings), pretty animations
• New CP is very task-oriented: Create, Modify, View are primary sections, all available from opening
• Top Bar: Content, Design, Add-Ons, Members, Admin, Tools
• Nice little footer tabs called Accessories. Default are Learning EE stuff, EE News and site stats
  • Accessories can be added much like modules or plugins
  • Accessory creation doesn’t require PHP knowledge (but it helps to do more awesome stuff)
• Admin area no longer has Utilities
  • Content Admin and System Admin
• Members have own section
• Edit form shows nice dhtml tabs;
  • can create custom tabs from edit form
  • can add/edit custom fields from edit form
  • fields are resortable by dragging
  • full-page write mode for any field

Just a quick note that I wrote an article for the new C7Y PHP community site on Inspekt:

• Step Away From the SuperGlobals! An Introduction to Inspekt

If you’re interested in Inspekt and have questions or would like to contribute, please check out the Inspekt user group.