WordPress in a subdirectory

For many years now I’ve had WordPress installed as a subdirectory to my site but appearing to at the domain level, i.e. /wordpress/index.php is transparently presented as the homepage. This is done by setting the “WordPress Address” and “Site Address” settings and then mapping requests which do not match an existing file or directory through…

Clean builds for the win

I’ve just spent a little time squashing several bugs on the trot, all the same: insufficient build-dependencies when built in a clean environment. Typically this means that the package was uploaded after being built on a developer’s normal machine, which already has everything required installed. It’s long been the case that we have several ways…

X-RaceProtection: yes

From time to time it occurs that two people answer a mail in the same way where one would do – closing an unblock request, for example. When this almost happened on debian-release the other day I amused myself by dreaming up an SMTP header that would prevent such embarrassment. I wasn’t being serious in…

StartSSL: finally, a trustworthy certifier*

Matt Brown writes about StartCom, the Israeli issuer providing basic SSL certificates for nothing. In fact I’ve been using StartSSL certificates for about three years now, but I get them issued to Level 2 verification which incurs a fee. (It’s more expensive now than when I was first validated, but still good value.) StartCom are…

Response from ALLOW Ltd.

I’ve had a very courteous email from one of the founders of ALLOW, following my analysis of their password reset procedure. “Thank you for your feedback regarding the security of our platform. We are constantly reviewing these processes and regard our members security as paramount, whilst ensuring our processes are navigable to the majority of…

Privacy specialists should hire security specialists

I was interested to hear about a company here in the UK called ALLOW Ltd., offering marketing database management under a “we’ll get you off lists, then pay you to go back on at your pleasure” basis. That sounds a fair deal to me, so I decided to sign up for it. “Our technology is built…

Dovecot, Lighttpd and SSL certificate renewals

This is a mental note really, since my certificates last two years and I’ve always forgotten what to do about it. Generate a new request:openssl req -new -key <keyfile> -out <csrfile>StartSSL throw away all properties of the request except the key, so any answers will do. Re-use the request you sent last time (thanks Noel)….

“Shibboleet”

Boy, I wish that word worked. Today I had cause to email O2, the local Telefonica outpost, to have them disassociate my phone from the Cloud hotspot network, to which I get a subscription with my contract. This is so that I can associate my new Desire Z instead. I explained that I can connect…

Facebook groups: a gift to framers

I didn’t quite believe what I was seeing until I searched and found several other people noticing the same behaviour. For background, Facebook recently introduced the concept of groups – not in the sense we’ve been used to, but more like lists. Groups are supposed to be to lists what databases are to bits of…

Dear CSI and other hi-tech television producers

Please stop perpetuating the myth that any old grainy image can be enhanced beyond all recognition. It’s not possible to read a newspaper at a thousand paces any more than it is to see around corners, even with a Really Big Computer. Every time one of my users brings me a photo and asks, “can…