Strict Standards: Redefining already defined constructor for class wpdb in /home/jzero/public_html/troy/wpblog/wp-includes/wp-db.php on line 56

Deprecated: Assigning the return value of new by reference is deprecated in /home/jzero/public_html/troy/wpblog/wp-includes/cache.php on line 36

Strict Standards: Redefining already defined constructor for class WP_Object_Cache in /home/jzero/public_html/troy/wpblog/wp-includes/cache.php on line 384

Strict Standards: Declaration of Walker_Page::start_lvl() should be compatible with Walker::start_lvl($output) in /home/jzero/public_html/troy/wpblog/wp-includes/classes.php on line 541

Strict Standards: Declaration of Walker_Page::end_lvl() should be compatible with Walker::end_lvl($output) in /home/jzero/public_html/troy/wpblog/wp-includes/classes.php on line 541

Strict Standards: Declaration of Walker_Page::start_el() should be compatible with Walker::start_el($output) in /home/jzero/public_html/troy/wpblog/wp-includes/classes.php on line 541

Strict Standards: Declaration of Walker_Page::end_el() should be compatible with Walker::end_el($output) in /home/jzero/public_html/troy/wpblog/wp-includes/classes.php on line 541

Strict Standards: Declaration of Walker_PageDropdown::start_el() should be compatible with Walker::start_el($output) in /home/jzero/public_html/troy/wpblog/wp-includes/classes.php on line 560

Strict Standards: Declaration of Walker_Category::start_lvl() should be compatible with Walker::start_lvl($output) in /home/jzero/public_html/troy/wpblog/wp-includes/classes.php on line 659

Strict Standards: Declaration of Walker_Category::end_lvl() should be compatible with Walker::end_lvl($output) in /home/jzero/public_html/troy/wpblog/wp-includes/classes.php on line 659

Strict Standards: Declaration of Walker_Category::start_el() should be compatible with Walker::start_el($output) in /home/jzero/public_html/troy/wpblog/wp-includes/classes.php on line 659

Strict Standards: Declaration of Walker_Category::end_el() should be compatible with Walker::end_el($output) in /home/jzero/public_html/troy/wpblog/wp-includes/classes.php on line 659

Strict Standards: Declaration of Walker_CategoryDropdown::start_el() should be compatible with Walker::start_el($output) in /home/jzero/public_html/troy/wpblog/wp-includes/classes.php on line 684

Deprecated: Assigning the return value of new by reference is deprecated in /home/jzero/public_html/troy/wpblog/wp-includes/query.php on line 21

Deprecated: Assigning the return value of new by reference is deprecated in /home/jzero/public_html/troy/wpblog/wp-includes/theme.php on line 540
The Hizzle of T-Fizzle » Blog Archive » Welcome back to The Hizzle

Welcome back to The Hizzle   


Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/jzero/public_html/troy/wpblog/wp-includes/formatting.php on line 82

After a lengthy hiatus following my website being hacked by a worm that advertises Brazillian leftists (you just can’t make this stuff), I have finally taken the time to get the site back in order.  One of the key reasons I felt like starting back up is that the technology seems to have finally matured enough to allow me to do the things I want to do (in particular, making photoblog posts from my Sidekick) without having to do a whole lot of coding myself.  My educational background as a Computer Scientist may lead you to believe that I would *love* to sit around coding all night, but the truth is that I like to program here and there, but not too much, especially when it’s something that I believe in my mind that enough people are interested in that it *should* already exist.

So here we are.  The photo gallery will return soon.  Since the PHP-Nuke Coppermine Gallery was the attack vector which allowed the site to be compromised previously, I simply scrapped the entire thing.  I have all of the pics saved, so all I’ve lost is the method for displaying them easily, and there are plenty of alternatives including the standalone Coppermine now that I am no longer tied to PHP-Nuke.  PHP-Nuke was a decent CMS and I enjoyed customizing it to my liking, however it was designed for far larger projects than a simple personal blog.  I briefly tangled with MovableType until I realized that while there is a way to use Flickr to make photoblog posts by e-mail, it does not natively support posting by e-mail!  Is this the 21st century?  Sure, the open source folks say “If you want that feature, add it yourself!”  See comment above about how much I like to program.

MovableType did, however, introduce me to OpenID, since I had to sign up for TypeKey in order to download MovableType.  OpenID is a bit hard to wrap your mind around at first, but it essentially allows me to tie troy.fisher-fam.org to an account registered with an OpenID server (in my case TypeKey) by adding two simple lines to my index.html.  This is my OpenID Identity.  I can then use troy.fisher-fam.org as a login on any site that supports OpenID, and after logging into TypeKey, my identity is established.  The most significant use for this right now is cross-functionality with LiveJournal.  Using OpenID, I can have an identity at LJ that ties back to my own non-LJ blog, and allows me to have friends and be friended instead of having to post anonymously and miss “friend-only” posts, which seem to be many posts these days.  Furthermore, once better OpenID functionality is available for WordPress (the software driving this blog), LJ users will be able to interact with this site using their LJ addresses as OpenID Identities.  It’s a very handy system, and I hope that it takes off.

Most OpenID pundits are careful to mention that OpenID does NOT cover trust.  I’ll repeat that same warning here.  Anyone can go to TypeKey or MyOpenID or any of a number of other free OpenID servers and register an account and claim to be someone else.  It is up to you to decide whether or not that person is who they say they are.  Linking your Identity to your own website helps (the OpenID term for this is “Delegation”).  Since I own fisher-fam.org, you have some assurance that it really does tie back to my OpenID; why would I tie it to someone else’s ID?  Another good option would be a server that includes a PGP-style “Web Of Trust” in which you can log in using your Identity and then assign a trust level to my Identity based on how certain you are that it’s really me.  Then when you come across a new OpenID Identity, you can gauge whether or not it can be trusted.

Onle last thing to mention.  Those of you who are aware of my career in Information Security are probably wondering just how I could allow MY OWN site to be hacked.  Truth is, I chose not to stop plug the hole.  In InfoSec, we often talk about risk analysis: what is the likelihood that a risk will actually be exploited, and if it is exploited, how much damage will be caused?  In the case of the flawed Coppermine for PHP-Nuke vulnerability, I was aware that the vulnerability existed, however by that time Coppermine had scrapped PHP-Nuke integration and recommended installing the standalone Coppermine as the fix for the issue.  It was a hassle to remove the PHP-Nuke for Coppermine, install the standalone version, hook it in to PHP-Nuke and then upload the pictures, especially since everything was chugging along quite nicely.  I felt that the likelihood of actually being hacked was fairly low (a correct assumption based on the fact that it took over a year to be exploited) and that the potential “damage” was pretty much nothing - I have local copies of all of the pics, and as far as posts are concerned, let’s face it - I’m not blogging the Magna Carta here.  They were actually safe in the database, but saving them was not a high priority, so I just wiped the whole thing clean.  I have more confidence in WordPress, but let’s face it - if another vulnerability is published that requires more than a simple patch to fix, I’ll probably follow the same “wait and see” course of action.

With that, welcome back.  Since WordPress supports e-mail posting right out of the box, I expect to be able to update more often than before.  Hoorah.

Leave a Reply