Why I’ve been M.I.A.

This site has been quiet as I burned the midnight oil, along with new colleague Kiel McLaughlin to launch the new Johns Hopkins University web site.

I think it looks pretty good, but then, I’m biased.

Six weeks from start to finish, so there are still (many) rough edges to polish, but we wanted to get this live in time for the Inauguration of our new university president this past weekend.

WordPress blowed up real good


I think I now understand how Windows partisans feel when people like me get all smug about how viruses just seem to like that particular operating system.

Because I’m in a similar sitch at the moment with WordPress. As you may have heard, all hell broke loose this weekend as a worm had its way with WordPress installations that were neither updated to the latest version nor hardened. All of my sites fared well, but not everyone was so lucky, from uber-blogger Robert Scoble to countless tiny sites scattered across the net.

Andy Inhatko has an informative and, well, entertaining wrap-up of what it took for him to get back to normal.

John Gruber casts a much more gimlety-eye at the whole mess, saying, finally, that WP is not for absentee-admins. I’m with him on that.

As with OS X updates, I’m very bullish on WP updates, especially of the security-enhancement variety, as 2.8.3 and 2.8.4 were. I also believe that, if you really, really care about the sites you build (or, especially, build for people who hand you a paycheck on a regular basis), you should go even further in ensuring security by:

  • Nuking the “admin” named account as your second order of business, after creating a new admin-level account with a non-obvious name.
  • Requiring long, difficult passwords from all users above “contributor” level.
  • Renaming your database tables from the standard wp_
  • Putting server-level access rules in front of your admin dashboard.
  • Backing up your databases regularly. There’s even a simple plugin that will do that for you at a set interval.

Is all of this worth what you get from a self-hosted WordPress site? I still say yes, but if you’re not willing to take the minimal steps to guarantee the security of your site, then you will probably be happier in the long run with a hosted wordpress.com site or any of the many alternatives out there.

Is wonderful to have your web!

Apologies to the few legitimate commenters, but I had to turn on moderation. It seems this site has picked up a few new friends who really, really want to introduce you to the inexpensive pharmaceutical products they have to offer.

For some reason, Akismet is not working here in the same way it works beautifully on other WP sites I manage. Must investigate when I have the time. Until then, it’s moderation for the lot of you!

There is no mobile web

Steve Yelvington has seven points you should consider about what we’ve been calling the “mobile web,” the most interesting one of which is the first:

  • There is no Mobile Web. There is only one Web, and it is the real Web. All the pseudo-Webs and WAP-services and walled-garden fakery are dead.

Good stuff. It’s all here.

Apple in my eye

I see these a lot while driving around:

Apple sticker on a Honda Element

Now, maybe it’s because I drive a Honda Element with an Apple sticker on the back that I notice everyone else that goes by me in a Honda Element with an Apple sticker, but I think that somewhere at Apple or Honda there’s a Venn Diagram on the wall showing a high overlap of Element and Apple customers. Because Element drivers sure seem to over-index for Apple sticker use.

Then again, I could just be seeing patterns where there are none.

Brit makes Baltimore reporters look like gits

Healthy skepticism — in blogging and in Big Iron reporting for a metro daily — is a necessary tool to have at all times.

Take yesterday’s YouTube embed, allegedly from Baltimore’s tourism office, suggesting that Baltimore, the city, is safer than you’d think from watching The Wire on television.

My initial reaction was shock at the thought that someone in Visit Baltimore could make such a colossal mistake in judgment to sell the city on the stacked-up backs of the dead. But after a few minutes, and a second watching, my BS meter pegged. Nobody could possibly be that clueless, even in Baltimore.

fakemayorApparently, this makes me more skeptical than several reporters in town. The City Paper took the bait. And so did Peter Hermann of The Sun, who got snared by another piece of the same hoax, a fake Mayor’s site.

It was all a hoax by british blogger Alex Hilton. Peter Hermann, to his everlasting credit, corrected his original and wrote at length about what happened.

I hate to say it but this all happened simply because of a Reporting 101 failure: neither reporter bothered to verify it.

When I saw the YouTube video yesterday morning, my second action (after sputtering an some unprintables) was to DM both the Visit Baltimore office and the person who manages their Twitter account and ask whether they had actually created the video. I asked at 8:06 a.m. and had my emphatic answers — No! — a half-hour later.

I was able then to change my blog entry ¬†from “this can’t possibly be real, right?” to a note that it was, in fact, a hoax.

The old newsroom saying was “If your mother says she loves you, check it out.”

If she says it on YouTube or elsewhere on the internet, that goes double.