Disable mouse wakeup

So you are trying to be a good steward of power, and just want your computer to go to sleep — and stay asleep — until you explicitly ask it to awaken.  Is that too much to ask?

Well, no, it isn’t!  And here’s the easy solution.

1. Find your mouse driver

First thing is to find your mouse driver.  As is common in Windows, there are many ways to find the driver.  One way in Windows 7 for example, is to go here:

Start > Control panel > Mouse

2. Find Power Management tab

Go to Hardware > Properties > Change Settings > Power Management

3. Disable wake

Uncheck “Allow this device to wake the computer”

That’s it!  You are done!  Well, almost.

4. If you happen to have a unifying receiver (like a Logitech) or bluetooth receiver, the receiver likely adds both a Mouse and a Keyboard, maybe even more.  If that is the case, you’ll also need to find the corresponding keyboard driver entry using the same technique as above.  Then you’ll be done.

I’ve avoided adding specific images because each installation will be different.

 

WordPress: Redirect site to subdirectory

So you’ve decided on WordPress as your Content Management System.  Yay for you!  Wordpress is a great choice.  This article will help you organize your directories & files, and help you help your users navigate your site from the root domain URL.

Install WordPress in Sub-directory

First this first.  As you complete your first installation, be sure to create a sub-directory for the WordPress installation.  There is no need to litter your home directory with a bunch of WordPress files.  After all, that was the whole idea behind hierarchical file systems.

Let’s say you choose “wp” as your WordPress installation directory.  Once you’ve completed your installation, users who visit your main page url will likely wind up with a directory listing, something like the Index Of image below.

Index Of directory listing after WordPress installation
Index Of directory listing after WordPress installation

Of course, that isn’t what you are looking for.  You want your users to land on your WordPress instance.  Let’s take care of that.

Modify .htaccess

Next, we’ll update your home directory to point to WordPress installation

  1. WordPress is already installed in it’s own private directory (wp in this example).
  2. Edit the .htaccess file (don’t forget the leading period) in your root domain directory (/) by adding the following:
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    # END WordPress

Create index.php

Next thing, create the /index.php file in the root URL directory

<?php
/**
 * Front to the WordPress application. This file doesn't do anything, but loads
 * wp-blog-header.php which does and tells WordPress to load the theme.
 *
 * @package WordPress
 */
/**
* Tells WordPress to load the WordPress theme and output it.
*
* @var bool
*/
define('WP_USE_THEMES', true);
/** Loads the WordPress Environment and Template */
require( dirname( __FILE__ ) . '/wp/wp-blog-header.php' );

Clean up Wordpress

Before we take this step, go to your URL.  You should notice the WordPress instance, but if you look at the URL it has been modified to include the sub-directory in the URL itself.  Not likely what you wanted.  The last step is to clean up your URL.

Log into your WordPress instance, go to the following
Wordpress >> Settings >> General

You will notice two URLs,

  1. WordPress Address (URL).
  2. Site Address (URL).

Change the Site Address to http://www.yourdomain.com (that is, remove any sub-directory information listed).

Congratulations!

You are all done!

Happy pressing!

Reference documents

  1. http://codex.wordpress.org/Giving_WordPress_Its_Own_Directory#Pointing_your_home_site.27s_URL_to_a_subdirectory
  2. http://codex.wordpress.org/Changing_The_Site_URL

A few thoughts as you start or continue your business

Business continuity

How does your company deal with Business Continuity? Business continuity planning is almost always a difficult endeavor, but it doesn’t have to be expensive. Business continuity planning for small businesses sometimes feels even more difficult.  Before discounting the idea of planning for disaster, realize that sometimes changing small practices can make significant impacts on continuing your business during adverse situations. In the case of one of our Home Health Agency customers, the strategy is to put as much computing power “in the cloud” as quickly as possible, reducing our Recovery Time Objective to near zero.

Physical security

Physical security is more than just a lock on the door or a guard at the gate.  Many times the first consideration is cameras — the thought is that if we deploy a large network of cameras, then our site will be physically secure.  But truly, when it comes to security solutions deployment, cameras (or at least cameras alone) are simply not the best practice.

Cameras and photo evidence

Cameras are great for forensic analysis, that is, to catch a thief. But as many law enforcement agents will advise, cameras don’t do much to stop a thief.

What is better?  In the case of a Time Share Community customer, the community was being hit by midnight bandits stealing items off of boats.  In this community, a two fold solution was employed:  (1) Motion (passive Infrared) lighting throughout the community and (2) reducing the access and availability to the protected area through easily designed terraine chokepoints.

In this case, the protected area was specifically a boat trailer lot, adjoining ramp, and marina slip area. Reducing access involved creating a single entry point with natural artifacts like large rocks surrounding the area. Restricting access with a keyed gate was considered but decided against because of aesthetic appeal.

Are lights high tech? Nope. Are lights a trending practice in the industry? Some will advise yes.

But most importantly, did the combination of lights and pleasingly aesthetic chokepoints solve the problem at the community?

Yes, it did solve the problem.  Two years running, and there have been no recurring incidences of theft.

Wireless access deployment

There is a current trend in the business community to provide free WiFi Internet access for customers.  You see it at McDonald’s, at Starbucks, at Home Depot, and at your local grocery store.  But why?

Will deploying WiFi cost money and impact your revenue?  You bet.  Your company will incur a capital expense in buying the equipment, as well as a recurring expense of both maintaining the equipment and the cost of the internet.  Then why do it?  Because it may impact your revenue in a positive way and keep your customers around.

Free coffee

Deploying WiFi is the modern way of providing free coffee to your customers.   It creates a hospitable environment for your customers, an environment that may appeal to them in a very homelike, friendly way.  Not everyone will be drinking the coffee, and not everyone will even care.  In the same way, most customers who have a WiFi enabled device are likely to already have data capabilities from their phone provider.  So why do it?  Because everyone will see the sign that says “Free Coffee”, and everyone will see the sign that says “Free Wireless Internet”.

The return on investment for “free guest WiFi access” is difficult to establish for a cost conscious executive.  Free anything is marketing.  It is just a way to reduce the “salesman vs customer” feelings, and create an environment where your customers are, well, at home.  It helps to keep them around.

 

 

Neiman Marcus Chocolate Chip Cookie

For those of you who know me, you know that I lead my life the way President Reagan was taught by the Russians — trust, but verify.

In the late 1900s (gosh that sounds like a long time ago!), about thirty years after Al Gore created the Internet, I received an email about a Neiman Marcus Chocolate Chip Cookie.  The email was a rant, someone claimed to have paid $250 for the recipe and wanted to “stick it to the big man” by sending everyone and their cousin the recipe.Neiman-Cookies

But receiving this email coincided with my first job as a Professional Pastry Chef!  Okay, well, it wasn’t a job exactly, and I wasn’t a professional.  But I did have my first Kitchenaid Stand Mixer.  At least that part is true… 🙂

Anyway, as I looked over the recipe that baked somewhere like a hundred dozen cookies, the ingredient mix just didn’t look right.  For example, it seemed there was just a bit too much baking power, and too much baking soda, which would have resulted in what I believed to be a bitter cookie.

So, in true form to doveryai no proveryai (Russian proverb Trust but Verify), I called Neiman Marcus.  The conversation went something like this:

Nice Neiman Marcus lady:  Hello, this is Neiman Marcus, how may I help you?

Mark:  Hi Mrs. Neiman Marcus!  I received an email today about a Neiman Marcus cookie recipe that cost $250, can you give me some idea of what all this is about?

NM: Well, thank you for calling us!  That is a nice chain letter that as far as we can tell started sometime in the 1970s, before Neiman Marcus even had a bakery or any baked goods.

Mark:  Haha, well, I thought it might be a hoax.

NM:  It actually is better than a hoax.  We had so much free publicity that we decided to create a cookie.

Neiman Marcus wound up sending me a gift wrapped box of cookies along with the recipe.  I was quite impressed — not only with their response, but with the cookie itself!

So what is the take away from this experience?  Never trust an email.  Never trust gossip.  Always verify sources and information.  And most importantly, bake these cookies!  They rock!


NM Cookie Recipe

 An urban myth is a modern folk tale, its origins unknown, its believability enhanced simply by the frequency with which it is repeated. Our signature chocolate chip cookie is the subject of one such myth. If you haven’t heard the story, we won’t perpetuate it here. If you have, the recipe below should serve to refute it. Copy it, print it out, pass it along to friends and family. It’s a terrific recipe. And it’s absolutely free.

Ingredients

  • 1/2 cup (1 stick) butter, softened
  • 1 cup light brown sugar
  • 3 tablespoons granulated sugar
  • 1 large egg
  • 2 teaspoons vanilla extract
  • 1-3/4 cups all purpose flour
  • 1/2 teaspoon baking powder
  • 1/2 teaspoon baking soda
  • 1/2 teaspoon salt
  • 1-1/2 teaspoons instant espresso coffee powder
  • 1-1/2 cups semi-sweet chocolate chips

Directions

  • Preheat oven to 300 degrees. Cream the butter with the sugars using an electric mixer on medium speed until fluffy (approximately 30 seconds).
  • Beat in the egg and the vanilla extract for another 30 seconds.
  • In a mixing bowl, sift together the dry ingredients and beat into the butter mixture at low speed for about 15 seconds. Stir in the espresso coffee powder and chocolate chips.
  • Using a 1-ounce scoop or a 2-tablespoon measure, drop cookie dough onto a greased cookie sheet about 3 inches apart. Gently press down on the dough with the back of a spoon to spread out into a 2 inch circle. Bake for about 20 minutes or until nicely browned around the edges. Bake a little longer for a crispier cookie.

Yield: 2 dozen cookies

Reference documents

  1. Neiman Marcus Chocolate Chip Cookie Recipe.
    http://www.neimanmarcus.com/assistance/assistance.jsp?itemId=cat33940741#cookierecipe&navid=redirectNMcookierecipe&eVar6=chocolate+chip+cookie+recipe
  2. Al Gore never actually said he created the Internet, that’s just a funny story for those of us who remember it.  Read here for more.
    http://www.snopes.com/quotes/internet.asp
  3. Even Snopes talks about the famous Neiman Marcus Cookie!
    http://www.snopes.com/business/consumer/cookie.asp
  4. Trust, but verify.
    http://en.wikipedia.org/wiki/Trust,_but_verify

Safeguarding your computer – computer security

Computer Security thermometer
Computer Security thermometer

Computer Security.  Kind of scary, actually.  With the likes of Target going down to hackers in late 2013, and a large attack on Home Depot in 2014, what can the rest of us do?  If Home Depot can be compromised, how can I protect myself?

The bad news — you are a target.  Why though?  Well, let’s consider:

  • Do you have any financial data on your computer?  You are a target.
  • Does your company operate a health care agency with HIPAA/HITECH protected data?  You are a target.
  • Do you have a point of sale system where you perform credit card transactions?  You are a target.
  • Are you attached to the Internet?  You are a target.  What?  That is crazy sounding.  Why am I a target? Because a hacker can use your computer as a relay or in a Distributed Denial of Service attack.

I know at this point you are likely thinking, oh great, thanks for making my day.  But remember, we are trying to make your computers safer.  Before we get into that though, let’s take a look at how malware gets on your computer in the first place.

How malware infection happens

You may think, hey, the only way a stitch of malware can get on my system is through the network.  A firewall is sufficient to protect against those blasted attacks.

Hacker!
Hacker!

Unfortunately, not all malware infects systems the same way.  Certainly, network attacks are one attack vector, but there are others.

There are email attack vectors, mp3 attack vectors, html attacks, mpeg attacks, apk attacks, over privilege attacks, Excel attacks, Word attacks, PDF attacks, and in fact the list never ends.  An attack is possible anytime there is an interface to a computer.  Sure an mp3 attack may come through a network or USB, but it isn’t a network attack.  It is an attack on the software that is rendering the mp3.  Exploring attack surfaces is well beyond the purpose of this paper, and will not be fully discovered in this paper.

One thing to note though.  You might think hey, I don’t really care if someone exploits my mpeg player.  That is a risk I’m willing to take!  What are they going to get?  A movie?  The laugh’s on them.

Well… not exactly.  The way system exploitation works is, exploit a low hanging fruit and get a shell on that system.  Once an attacker has a root shell?  Game over.  He owns you.  Even worse, he may own your network, depending on perimeter defenses that are in place.  Think: defense in depth.

Alright already, we’ve covered enough.  You may be thinking, this is way too much to pick up. You are right, it is!  The short question is, what can you do to make your computer more safe?  Let’s explore a few ways to help protect you from an attack.

Update your operating system software

The first thing you should do is to make sure you are using a modern operating system if at all possible.  Sure, sometimes this isn’t possible — for example, some programs, especially embedded programs, are still operating on XP.  If that is the case for you, you’ll have to make other concessions to safeguard your systems, your networks, and your data.

The first thing you may be thinking is, why in the world should I update my operating system?  I paid for a version, it is working fine, so why should I update?  Because hackers know that there is a delay between the time a patch comes out and the time it is fully adopted in the community.  What happens when a patch comes out, especially a security patch, is that hackers are going to reverse engineer those updates to determine how an existing installation can be compromised.  And compromise they will.

Again, if at all possible, upgrade your operating system to a modern x64 bit solution and keep that operating system patched.  Are you using an outdated version of Windows and don’t wish to pay for an operating system?  Then use a free operating system such as Ubuntu or one of the other Linux platforms.  If that is not possible, then realize you are providing a fluid and rich attack surface and do what you can to protect perimeter systems.

Update your application software

Are you still using a x16 or x32 bit application?  Do what you can to upgrade that application.

In the same way as outdated operating system software present security vulnerabilities, outdated user applications present security vulnerabilities in a very bad way.  Each time an application is updated, hackers are very likely to review the updates to identify vulnerabilities in the existing installed user base.

Do you use an outdated version of Firefox?  Or an outdated Adobe reader?  My suggestion is:  Don’t.  But how about if our company forces you to use an outdated version of one of these applications?  Yes, that can be an issue.  You can only do so much especially if these decisions are above your pay grade.  If you are forced to use outdated software, realize that those are reasonable attack vectors.  Being aware is the first step to security.

But what about paid applications, you might ask?  You paid nearly $5000 for your AutoCAD solution and more than a thousand for Adobe, is paying for an updated version really necessary?  The answer is yes.  You happen to be using a coveted piece of software.  If you spent thousands for AutoCAD, it is likely that you have drawings and blueprints that are worth thousands more.  Someone could use those drawings, especially if they can freely exfiltrate them from your computer.

How about layered applications like Internet Information Services, or IIS, used to serve web pages to the world?  Well, you picked up on an easy target!  IIS is a common attack vector, in part because it is easy to thumbprint the version that is being used on a network.  Once an attacker identifies that an old version of IIS is being used, the attacker only needs to find a known vulnerability with that particular version of IIS to compromise the server.

Keeping your application software updated will go far in protecting your systems.  Will it cost money?  Yes, it likely will cost.  I am a big proponent for open source software and the Free Software Foundation,  so I’m not supporting the idea of having to spend money on new software.  If you can find an equivalent open source software package that can do an equally good job for you, I’d suggest migrating to that open source software.  Otherwise, yes, you’ll have to pay for that update.

If an application cannot be updated, do what you can to find a different and more recent application to use in its place.

Use a two way firewall

This might not at first sound reasonable.  Why would I need a two way firewall?  Because if a Trojan or other rogue executable finds its way on your computer, a bidirectional firewall will be able to alert you that the software is trying to communicate.

A great free solution is ZoneAlarm Free Firewall.

Use a virus protector

A lot of people are going to discount this part of the solution.  Why?  Because virus protectors provide a false sense of security.  Virus protectors only protect against “known” viruses.

This is true, virus protectors do often provide a false sense of security.  That said, virus protectors do provide protection against known viruses, so why not use one?

There are several free solutions, one of which is Microsoft Security Essentials.

Download only from known good sites

This is a really important artifact.  Download only from known good sites.

For example, are you looking for an HP printer driver?   Then go to the HP web site for the download.  Do what you can to avoid “third party” driver sites.

Are you looking for a game or a program?  Download from downloads.com / cnet.com, or from another known good source.  There are web sites that are devoted to providing you excellent software — with associated trojan or other form of malware attached.

Are you looking for a free Hollywood movie or free APK sideload of the latest Android software through The Pirate Bay? Then be aware that the free download may also have a free Trojan attached.  How will you know whether that illegal download is malware?  You likely won’t know, even if you run it through the Cuckoo Sandbox automated malware analysis software.

Behavior modification

Wait a second, behavior modification?  I’m not looking for a psychologist!  I don’t want to be Pavlov’s Dog!  Well, that is not exactly what I mean by behavior modification.

  • If you are downloading something that you are not sure about, be careful about downloading it to your primary computer, especially if you use that computer for financial transactions.  Set up a second computer where you can run any questionable programs, and where if those programs perform unexpected actions, your financial records will not be compromised.
  • You know those sweet popups that promise the first thousand who click on the banner will win a free iPad?  Yeah, you aren’t going to get a free iPad.  What you will get is infected.  Don’t click that ad.  Sadly, that the ad even popped up may be very bad news, you may already be infected.

Periodic scans

Another great safeguard is to run periodic full scans of your system.  Run MSE full scans, but also run other scans such as the free Trend Micro Housecall.

Use reasonable passwords

It might be better said as:  Don’t use unreasonable passwords.

What does this warning mean anyway?  One of the ways a hacker attempts to gain access to a system is through password cracking.  Password cracking is a method to gain access to a system by way of basically “guessing” the password.  A trained hacker will use one of the many password cracking software suites.

Is it reasonable to use abc123 or 1234 for a password?  Probably not.  Is it reasonable to use a single dictionary word?  Probably not.  Once a hacker has identified a username these types of passwords are very quickly guessed.

So what are more reasonable passwords?  Throw in a few upper case letters and maybe symbols.  For example, AbC123* is going to be a much less likely guess compared to abc123.

The four word solution!

So what is the solution to keep me and my data safe from attackers?  The answer is:  There Is No Answer.  There are things you can do to make yourself more protected, and there are things to avoid that would make you less protected.  Some of them have been covered in this paper.

The best advice available is:  Be aware.  Your data and your systems are costly, and compromises to your systems can be even more costly.

If you need personal advice on how to protect your data and your systems, feel free to contact me.

As always, let’s be careful out there!

Checklist

  1. Update your operating system
  2. Update your software
  3. Use a two way firewall
  4. Use a Virus Protector
  5. Download only from known good sites
  6. Change your behavior
  7. Periodic scans
  8. Avoid unreasonable passwords

Reference documents

  1. HHS reference document for HIPAA/HITECH protected information, http://www.hhs.gov/news/press/2014pres/05/20140507b.html
  2. The Free Software Foundation, http://www.fsf.org/
  3. Password Cracking Software, http://resources.infosecinstitute.com/10-popular-password-cracking-tools/
  4. Trend Micro’s Housecall online virus scanner, http://housecall.trendmicro.com/
  5. Cuckoo Sandbox, http://www.cuckoosandbox.org/
  6. Microsoft Security Essentials, http://windows.microsoft.com/en-us/windows/security-essentials-download
  7. ZoneAlarm Free Firewall, http://download.cnet.com/ZoneAlarm-Free-Firewall/3000-10435_4-10039884.html

<Article last updated 25/September/2014>

Websites – time to make a web presence!

Wait, make a what?  Web presence.

Web Presence
Web Presence

What does that even mean?  Well to be totally straight, it is more than just a website, but a website is a good starting point.

So first things first.  I think I’ve heard of HTML and stuff related to websites somewhere. I suppose I better learn about it.  Let’s read up about HTML (the language that powers the web), and CSS (the format scripts that help your site look homogeneous), and WWW, oh wait, HTML5 is new let’s look into that, oh and URL, which is of course much different than UML   And PHP!  Yes, we better learn PHP Hypertext Preprocessor, and MySQL, and PostgreSQL, and, and, and … wait, where is my Ritalin.  I’m exhausted already.  Isn’t there a better way?

Well, I’m glad you asked.  In fact, there is a better way.

Web design in the wild west days

Early screen capture of Alta Vista web search engine, circa 1997
Early screen capture of Alta Vista web search engine, circa 1997

Way back at the turn of the century and even ten years ago, when it was time to start a web site, a web developer needed to learn all this and more.  Web sites were coded, Dreamweaver was king.  Back then a content editor would create the perfect prose and package it up for the web developer.  The content editor would then tell the web developer where to put the important stuff and where to put… well, you get the idea.

But today it is different.  That was the Old Covenant of the World Wide Web.  Today, we are under a New Covenant. It is totally different!

Well kind of different.  And kind of the same.  The content editor’s job is very close to the same.  But it is true, the web developer portion has changed a lot.  There is still a web developer, but the developer’s job has changed.

Today, most web sites are not home brewed, new framework sites.   Today when we think of web sites, we think (or should think) Content.  As such, we will have the web developer look for a Content Management System (or CMS) to handle most of our back end work.

Foundry
Foundry

Think of it this way.  If you were going to build a home, what would you change?  Right, you’d change the doors, and the windows.  Oh, and the color of the house, and the size of the rooms.  But would you use custom sized doors that required a custom builder?  Would you hire a metal worker and forge your own water faucets, or buy them ready made off the shelf at Home Depot or a supply shop?  Would you hire a light company and create custom light bulbs, or use standard Fluorescent T8 and Edison screw light sockets? [ Bet you didn’t know they were called Edison screws… 🙂 ]

Edison Screw
Edison Screw

In most situations — scratch that, almost all situations — creating a brand new from scratch anything is just way more expensive, and also causes a lot of issues with the customers and users.  I mean, who wants to go to a special light bulb manufacturer and pay that extra special price when they need to replace a light bulb?  Not many people.  It creates a hard to build, hard to manage, and hard to maintain solution.

Same goes for web sites.  People have become used to seeing a certain format on web sites, and the easier we can make our site to use, the more likely we’ll have customers that stay around.  So for web development, keep it, well, normal.  Unless you have a very special need, there is no need to home brew a web site.

Get me started!

So now that we’ve decided we really don’t want to learn all this stuff, we just want to get on the web.

Person blogging
Person blogging

We want folks to be able to see news articles we find important, or rants about our children, or ideas that we’d like to share — like this page you are looking at right now.  We don’t want to be web developers, we want to be content editors.  We won’t be creating a brand new web development platform, so what do we want?  We want a content management system all our own.

Great!  Let’s go read about that.  What is the CMS paradigm?  What is a CMS engine?  Searching for Content Management Systems leads to WordPress, and Joomla, and Drupal,  and…. wait, gosh darn it!  Where is that Ritalin again?

Let’s look at this from a different perspective.  Is it really the case that these CMS solutions are appropriate for what I want to do?  Okay, I’m glad you asked that too.

  • WordPress is likely the most popular web imprint for blogging.  It is known for its easy management and thousands of free themes.  It powers the likes of The New York Times, eBay, and Samsung.
  • Joomla is a powerful and highly configurable CMS.  Joomla powers the likes of MTV, Barnes & Noble, and General Electric.
  • Drupal is the beast of CMS.  It is a very highly configurable and extensible framework that powers the likes of Warner Bros Recordings, NASA, and The White House.

So what is our take away from all this?  The shortest of answers is:  It just doesn’t matter.  What does matter is that we get out there and publish.  Sure, the CMS engine does matter some, but remember, content is king!  If we make a big mistake on using the wrong content management engine?  We can transfer the data later.

Choosing your CMS

Okay, time for a little candidness.  I’m new to this blogging stuff as well.  The last time I built a web site was ten years ago.  Guess what I used?  I built it using Dreamweaver, HTML, and CSS.  But like we’ve already discussed, times have changed, and it was time to learn a more modern approach at web sites and blogging.

When I started this article, I was going to approach it from the technical side — after all, I am an engineer.  I was going to get into the grit of how to install whatever engine on any given host, blah blah blah.  But you know what I’ve learned?  Everyone has a site like that.

This article is the essence of what I’m trying to convey — content matters.  As I’m new to this as well, I had to select one of the CMS engines.  I chose WordPress.  Why?  Because:

  • It had the largest number of free themes available.  I didn’t want to spend any money during the learning process, so free was desirable.  Since everything on this site itself is free, I didn’t want to impose any fees on the reader to get started.  My first impression of Joomla and Drupal was highly configurable, but with fewer free gadgets.
  • It was “configurable enough”.  I wasn’t looking for The Configurable King, I was looking for something to get content, like this article, out to you … oh, and the world, of course. 🙂

I did install Joomla after the fact.  My first impression was it is just like WordPress, just the menu system is different.  It looks as though it might be more highly configurable than WordPress, but again, I only installed it.  I didn’t work on it.

Is that enough?

But is this really enough?  Well, maybe.

  • If I wanted to develop a web imprint for general use?  I would develop a WordPress theme.  Why?  Because of market share.  Of course, the market is highly competitive as well, so keep that in mind.
  • If I wanted to develop a highly scalable web imprint, like that might power a Facebook or dating web site, I would likely develop a Drupal theme.

Well gosh though, with this in mind, you might ask why use a CMS engine at all?  I mean, if you are going to develop a large part of the engine and theme manually, why not just start from Java or .NET?  Three things come to mind.

  • Security.  If the Drupal or WordPress engine is compromised, rest assured the world will know about it, and a patch will be forthcoming.  If a site is home brewed, the site designers have to be particularly aware of security issues.
  • Speed of initial development.  Since the engine is off the shelf, a web site can be fully operational in weeks instead of months leaving the developers to concentrate on content.
  • Less expensive to maintain.  Since a large part of the management is handled by the engine itself, the content designers can focus more on the content and presentation instead of focusing on how that presentation might be coded.

WordPress pros and cons

I am already a big proponent of WordPress — can you tell?  There are great things, and there are a few things that I’ve noticed are difficulties.  The difficulties might be my fault, and these might be issues with all CMS engines, but just to note a few things…

  • It isn’t very easy to edit great content.  What I mean by this is the actual editing process.  For example, this page.  It doesn’t autosave (might be a plugin for that), and it just isn’t as natural as say using Open Office or Libre Office (haha, can you tell I support free software?)  Realize I’m new at this, so it might just be a learning curve.  I’ll edit this note if I figure out a better way.
  • It seems as though the site is going to become a little difficult to manage as the amount of content (especially pages) grows.  Managing WordPress is likely a learning curve issue, and I’ll post a note when I get this figured out.  I expect if The New York Times can manage tens of thousands of pages, it must just be a learning curve fear of the unknown.
  • There’s an app for that.  By itself, WordPress is really just a security engine.  What makes the magic happen are the plugins and themes and widgets.  Just remember, there is an app for almost anything you wish to do.  Sometimes it might be difficult to find, and sometimes especially difficult to find a free one, but someone somewhere has likely developed a widget or plugin that perfectly fit your needs.
  • Pages and post and plugins and themes and comments and administrators and editors and… Well, what I’m getting at here is, there is still a learning curve.  Once you pick the CMS engine of your choice, give yourself a few weeks to just poke and prod.  Create a page or even a site, and then start modifying it.  Add an image, change an image, add a page, just poke around.  Do it in a non production environment — like, create a wp2 instance for your eyes only, and break it.  Then see if it is easy enough to fix.

The WordPress platform

WordPress
WordPress

Out of the box, WordPress is a great platform, but what makes it a great engine is its extensibility.  This happens in part through plugins.  For example,  have you seen those CAPTCHA requests that are annoying to you as a user, but do a great deal to help reduce the amount of SPAM and spammy links to sites?  Well, there’s a plugin for that.  And for contact forms, so you don’t have to create your own, and for many other extensions you will likely use during your life as a web blogger.  We have an article on notable plugins that will help you learn to search for plugins, and help you get started in using them.

“…Let’s get this party started!”

Great, you’ve told me all this stuff, but how do I do it?  The easiest way is to open a WordPress account, and let WordPress handle the chores for you.  You can do that here, and learn about how to get started too.  Once you get an idea of how blogging works, you can install your own WordPress on your own site.  That task is host specific though, so you’ll have to find out how to do that through your domain host, or you can ask me individually and I’ll help you out.

As always, let’s be careful out there!  Happy blogging!

 References

  1. Elements of a successful business web presence, http://mashable.com/2010/02/10/business-web-presence/.
  2. WordPress Blogging introductory article, http://codex.wordpress.org/Introduction_to_Blogging
  3. Drupal Famous Sites, http://www.tributemedia.com/blog/erika-meissner/famous-drupal-sites
  4. Joomla Famous Sites, http://community.joomla.org/labels/joomla-portfolio.html
  5. WordPress Famous Sites, http://en.wordpress.com/notable-users/
  6. Get Started with WordPress, http://codex.wordpress.org/Getting_Started_with_WordPress
  7. Install your own WordPress, https://wordpress.org/

WordPress Plugins

WordPress off the shelf is just a platform.  What is great is that it is extensible!  I am not a plugin expert … at least yet.  So how do I select plugins?  First I figure out what I’m trying to solve.  Then I look for plugins that:

  • have been around for awhile,
  • have recent updates (they appear actively maintained), and
  • have at least reasonable ratings from a reasonably large number of respondents (say 3.5+/5 stars, and a few hundred respondents).

That said, here are a list of things I needed to solve, and the plugin I chose.

  • Have you noticed drive by spam?  The first day I installed WordPress, I received a dozen spam, likely from bots.  So, how to fix it?  CAPTCHA is one solution, and the one I chose was Blue Captcha.
  • It was important for me to have people be able to respond to me through a contact form.
  • I use Google Analytics, and I wanted to continue to use it with WordPress.  But the most flavorful requires having a piece of Google code on every page.  Is there a way to do that through a plug in instead of managing the code itself?  I mean, the whole reason we moved to CMS is to reduce our set of managed code, right?  Right, and you bet there is a plug in for Google Analytics for WordPress !
  • I remember how difficult it was to get on Google Page 1 back in the day.  It took forever, and to remain on Google Page 1?  Even longer still!  So how about a little SEO help?  Righteo, there’s an app for WordPress SEO (or at least a plugin!).
  • As I was trying to maintain my site, it became apparent that there were some issues with SMTP, at least for my site.  It turns out SMTP is handled by WordPress without authentication.  But wait, isn’t that just not a best practice?  Yes, you are right, it is not a best practice.  Here’s a WP SMTP plugin to help mitigate the issue.

Take ownership of a file in Windows

Have you ever had an issue deleting or otherwise owning a file in Windows? Well, I have.

Here are some ideas on how to own a file.  Take each step by step.  If #1 doesn’t work, move on to #2.

  1. Try to delete the file in windows explorer. Of course, this is the “easy” way. No can do? How about…
  2. Try to change permissions on the file first, using the right click/properties/security tab.
  3. Still no love? How about trying to delete this file from the command prompt.
  4. Next, try deleting the file from the command prompt that is running as administrator (start-cmd then right click, run as administrator)
  5. Will safe mode work out? Try to reboot into safe mode. This will remove all file handles that are attached to the file, any programs that are using the file will be closed. This will work if the file is opened for use by another user or program.
  6. Finally, this should absolutely work.
    * Boot into safe mode (which removes the dependency of other programs using the file)
    * Log in as Administrator
    * Open a command prompt
    For files:
    C:\> takeown /f file_name /d yicacls file_name /grant administrators:F
    For directories and recursively, all nested files/directories:
    C:\> takeown /f directory_name /r /d y
    C:\> icacls directory_name /grant administrators:F /t

 

<Originally posted 25/October/2011 on blogspot>
( External reference: http://www.mydigitallife.info/delete-undeletable-files-in-windows-vista/comment-page-1/#comment-938578 )