Keys Corner » Computing

Wrong file permissions cause WordPress to ignore CSS

John — Wed, 08 Jun 2011 16:09:16 +0000

I was modifying the styles for this web site recently, and after testing the change locally I uploaded the style sheet to the production server.

Afterwards I cast an eye on the site to check everything was updated, and was horrified to see the styling had completely disappeared:

Where's my CSS styling, dude?

Very strange. I copied the CSS file back to the development server – everything worked fine on my local development site. Panic. After several minutes of frantically editing everything back that I had recently changed – to no effect – I noticed the file permissions on the production server were set to octal 700:

This file ownership may cause your styling to be ignored

In other words, only the owner has read access to the file. I realised that the owner of the file was probably not the same as the owner under which WordPress was running, so the file effectively didn’t exist for WordPress. I changed the file permissions to octal 755, which gives everyone the ability to read the file, and everything worked again as it should have done. Obviously on my development system, the owner of the file and of the WordPress process that was using the style sheet were the same, and on the production server they weren’t. It’s the first time in several years of using WordPress that I have run across the problem, so I obviously did something differently this time when I modified the stylesheet – I’ve no idea what, however.

This is how the permissions should be

Rich Snippets – Google recipe search

John — Sun, 06 Mar 2011 08:38:04 +0000

Recipe Search on Google

I just noticed – Google has added a recipe search item to their home page. You can filter the results by ingredients, cooking time or by calories.

To get included in the results, sites need to tag their recipes using rich snippets.

Rich snippets can also be used to add information (e.g. geo-location, address, phone number) that Google uses in its search results for other types of data about (for example) events, product reviews, or businesses. It looks like it would be a good idea for businesses to add the necessary code to their sites and then tell Google that they have done so.

Microsoft: Friends don’t let friends use Internet Explorer 6

John — Sat, 05 Mar 2011 08:18:00 +0000

Microsoft: Encourage Internet Explorer 6 users to upgrade

Aggressive “dissing” of your own product. Microsoft has set a goal of getting the proportion of Internet Explorer 6 users reduced to 1% and is actively advising people to stop using it.

Currently, around 12% of internet users, mostly in Asia, are still using MSIE6, which was incredibly buggy and caused headaches for web developers who had to add extra code to web sites to work around the bugs.

WebDAV access to a Synology DiskStation via an AVM FRITZ!Box

John — Sun, 27 Feb 2011 11:21:35 +0000

When our house in Xàtiva is finished, Ruth intends to carry on working for a time in Frankfurt. Which means we will be living partly in Germany and partly in Spain for a quite a time to come. Indeed, we expect to keep a foot in Germany for the foreseeable future. What I want to do is to ensure that our data – scanned documents, music, photos, spreadsheets, text documents etc. are equally available and up to date in both locations. Ruth will be using a Mac in Frankfurt, and in the house in Spain we plan to install most of the remaining computer equipment that we have here.

Today all our data resides on a Synology DiskStation DS210+ and can accessed from any of the Macs in the household. We don’t store data on the individual Mac local hard drives.

What I would like to do while we have two households is to be able to replicate data between two data servers – probably installing a DiskStation at each location and synchronising them regularly. Let’s say the main storage location is in Spain. My idea is to access the Frankfurt data server from Spain using WebDAV, mount the Frankfurt server as disk drive on my Mac’s desktop in the house in Spain and use a program such as Synchronize!Pro or Goodsync regularly to keep the contents of both servers identical. I think there is little chance of Ruth and I happening to edit the same file independently of each other between sync’s, so I expect the main sync activity to be adding or deleting files on two data stores.

I decided to set up WebDAV access via the internet for the existing DiskStation we have in Frankfurt and check whether the idea is feasible. To do this, I needed to set up an account with a dynamic DNS (or “DynDNS”) provider so that I can always access our systems in Frankfurt (Our ISP assigns us a dynamic IP address which changes every 24 hours). I needed to set up our FRITZ!Box 7270 to route traffic securely from the DynDNS provider to our DiskStation.

Here’s what I did:

1. The DynDNS Account

I originally set up a free account with DynDNS.com, however, I found it didn’t play well with the FRITZ!Box. The account was blocked within 24 hours because the FRITZ!Box was apparently sending too many update “pings” to the DynDNS server. Reading internet forums showed that this seemed to be a common problem and difficult to overcome. The suggested solution is to install software on a PC in the local network to send the update messages, but I wanted a solution that didn’t need a PC running to trigger the address updates at DynDNS.com for our IP address.

Recommendations led me to No-IP.com, which also provides a free DynDNS service, and which apparently did not suffer from compatibility problems when working with a FRITZ!Box. Here’s the basic set-up that I used (with my domain name blurred out):

no-ip.com settings (click to see a larger image)

2. FRITZ!Box set-up

I want to be able to access the DiskStation using secure WebDAV, which requires port 5006 is open. I have also specified the no-ip.com user and password that I am using. (I have German firmware on the FRITZ!Box, however, the screen layout is identical for the English version, so it should be quite easy to work out what is filled in where. You need to look for the port sharing settings in the menu)

FRITZ!Box settings for Secure WebDAV access - port 5006 open

FRITZ!Box settings for DynDNS access

(N.B. the DynDNS service is set up using no-ip.com, but there are a number of different domains available for the dynamic DNs service, I reserved one with the address ending “… .no-ip.org”).

Depending on the router you are using, you may need to forward the ports used by WebDAV to the NAS server (usually port 5005 for http access or 5006 for https access).

I tested whether or not my IP address was being reported by the FRITZ!Box to no-ip.com by rebooting the FRITZ!Box and waiting a couple of minutes before pinging the domain that I had reserved at no-ip.org.

The ping showed that my domain could be reached, even though the reboot would have resulted in a new numerical IP address being allocated by my ISP.

3. Setting up the DiskStation

I needed a user with WebDAV access rights on the DiskStation. Normally these are not needed and the other users don’t have them. Of course, the user in these screen shots was only used for the tests and the deleted afterwards!

First, I opened the ports used for WebDAV communication (In fact, I think it would have been enough to only open the HTTPS port, 5006):

The standard WebDAV ports were opened

Then I set up the test user, gave them a password which is reasonably secure (at least 8 characters long, containing upper and lower case characters, digits and special characters such as $ % & * etc. and which is not the same as one I am already using for another account) and allocated the WebDAV access rights:

The test user definition

The test user's access rights - they must have WebDAV, plus rights to access the services you want to access remotely.

I also assigned the user to the “authorized users” group to give it the same access rights as the local users to the data on the DiskStation.

4. Accessing the DiskStation using WebDAV

I have Captain FTP and Panic’s Transmit. Both programs (which are only available for Apple Macs – you’ll need to find an equivalent program if you are using Windows or Linux) should allow WebDAV to be used. I could not however get Captain FTP to work with WebDAV via https – that could easily be my stupidity; however I had no problems setting up Transmit. Transmit also allows you to mount the remote DiskStation as a disk, which is exactly what I want to do. Here are the settings in Transmit:

The settings necessary to set up a test connection in Transmit

5. Does it work?

The final step was to test the set up. First I re-booted the FRITZ!Box, to be sure I got a different IP address from my ISP – I wanted to check no-ip.com was going to pick up the new address. If no-ip.com didn’t get updated, the test would fail.

Then I right-clicked on the icon in Transmit for the test connection I had defined and selected “mount as disk”:

"Mount as Disk"

… and voila – the DiskStation mounted via the internet on my desktop – it’s a few steps to set up, but very easy. Now I can access our data at home from any PC connected to the internet and sync our data between two locations. No spells or incantations were required:

The WebDAV-Disk mounted on my desktop

Finally, I have set the DiskStation to mail me if anyone tries to guess the password for the DiskStation when trying to access it remotely – I get a mail after 5 wrong attempts to log in, and the offending IP address is blocked for a day:

DiskStation Auto-Block settings

Nifty way of miniaturizing bar codes

John — Mon, 17 Jan 2011 17:51:37 +0000

The Camera Culture Group at the MIT Media Lab has come up with a way of marking objects with a 3mm wide bar code that a normal digital SLR camera can read at a distance of over 4 meters (a cell phone camera needs to be closer) :

Comparision of the new bokode and a conventional barcode
(Image from MIT Camera Culture Club's Paper about bokodes)

The experimenters at MIT call the new bar code a bokode, to distinguish it from its larger counterparts. The bokode uses an effect known as bokeh which is a characteristic of all camera lenses and often causes the highlights of out of focus objects to appear as groups of circles on the photograph.

The advantages of the bokode are its small size, which means that it can offer very inconspicuous identification of objects, and that it can be read from several meters away, thus allowing new applications for bar codes.

One possible use could be to add information to shops and other buildings which could be read and stored by Google Streetview cars, allowing more information to be displayed on on-line maps. The researchers have several other ideas, and are looking for commercial partners to develop the bokode further.

See a video about bokodes here; read more about bokodes here.

(Via Cool Hunting)

How to opt out of on-line advertising

John — Sat, 04 Dec 2010 14:07:52 +0000

If you don’t like being tracked (i.e. having advertisers being informed about which sites you have visited) when you are visiting websites, you can block some 20 or so ad-serving companies doing this (including some big ones, like Google, Yahoo and Akamai). You will still see on-line ads but at least you won’t get targeted with car advertisements because happened to visit VW’s website last week!

Visit aboutads.info to restrict advertisers tracking you. You need to fill out the form in each web broswer you use, as the request mechanism sets cookies in the browser.

The situation might improve more, if the US government gets its way – the Federal Trade Commission (FTC) is supporting an initiative called Do Not Track.

Online security

John — Sat, 10 Jul 2010 11:41:09 +0000

There have been a number of reports in the last days of iTunes app developers apparently accessing other iTunes users’ accounts to buy their applications, to increase their rating on iTunes. People have had bills of $100 or more generated for apps and books that they didn’t order.

It is not clear at the moment how the accounts have been hacked – whether Apple has a problem at their end or whether the users affected had weak passwords which have been hacked. However, there a couple of things I have done to reduce the risk of being “stung”:

Changed my passwords to be stronger, by following these suggestions:
- Use more characters than the minimum required by Apple
- Make sure the passwords consist of a mixture of upper and lower case characters, one or more digits and special characters such as “§ $ % & / ( = ?”
- Don’t use a password which is a single word found in dictionary, but where some characters have been substituted with similar digits (i.e. containing Leets, e.g. “pa55w0rd” for “password”). Leet passwords can be cracked with a dictionary attack almost as easily as words in “clear” text.
Deleted all my credit cards and bank details defined as payment methods and replaced them with a pre-paid Mastercard which I recently ordered to pay Ryanair with. This card never has more than a few hundred Euro pre-loaded, often much less. It limits my financial risk and means if I have to have the card cancelled, it don’t affect the rest of my life.

Note that potentially, any credit card or bank account details you have permanently stored in an internet account for a supplier are similarly at risk. Other suppliers where I have updated my password and credit card details are Amazon and Google Checkout. The risk is same in both cases – a crooked employee could copy the credit card details or their server could be hacked from outside. I think although Amazon and Google are both security conscious, it doesn’t hurt to take these relatively simple precautions.

Resetting Software Update to use Apple’s servers

John — Sun, 02 May 2010 11:31:20 +0000

Using a Snow Leopard Server, (OS X 10.6.x) it seems that administrators have a problem if they have used Apple’s Managed Client for OS X (MCX) to provide software updates to their clients from their local server and then want to switch back to having the clients get the updates from Apple’s servers. The problem seems to lie with Apple’s Managed Preferences, which is part of MCX.

Here is what I understand happens, and a solution:

Apple allows system administrators to restrict which preferences and system settings a user on a local client may manage themselves. The restricted services are managed centrally by the system administrator. He does this by setting up one or more groups of clients or users which are managed by the server and the changing of these services by users on these computers may then be locked out by the administrator using the Workgroup Manager from the server.

If the administrator removes members from the group, the restrictions should cease to apply. At least that is what I and other users expect. That does not seem to be the case. This means that once the software update source has been changed to the local server, people have problems to reset the software update source to Apple’s own servers.

There are various solutions described in the Apple support forums, but you need to pay close attention – the way that the software update in MCX is managed changed for each recent version of OS X and none of the solutions I found works permanently for Snow Leopard.

Here is what I have found to work. The solution allows you to switch back to sourcing from the Apple servers, but seems to reset itself periodically, so that it wants to use the local server.

In the Workgroup Manager Set the preference for the Software Update for the group being managed to have an update frequency of “Never” and clear the field specifying the location of the software updates on the local server.
If you don’t have any other need to manage the clients using MCX, you need to delete the complete Managed Preferences directory at /Library/Managed Preferences/

I used a user with administrator rights to do this, and was asked for my password before the files could be moved to the trash can.
I also removed the clients from the group defining which clients should be managed for the software update, managed in the Workgroup Manager.

If you have other managed preferences which you wish to keep, you will need to look for the specific files – identifiable by their names containing “system update” – which are associated with the System Update function.

Various forums recommend deleting the client cache ~/Library/Caches/com.apple.softwareupdate and ~/Library/Preferences/com.apple.SoftwareUpdate.plist but deleting these alone didn’t help in my case under Snow Leopard.

If I find out what needs deleting to stop the source reverting periodically to the local server, I will update this note.

Additional Notes:
Finding information about MCX is not easy – it is not covered in the Apple Technical Documentation for OS X Server.
There is an introduction to MCX in Mac Tech here. It was written for OS X 10.5 (Leopard), so is reasonably up to date.
There is an older article introducing MCX also in MacTech here.

Help fill in the blanks on waze.com

John — Sat, 24 Apr 2010 10:57:33 +0000

Using the waze desktop maps

There is a new social mobile application on the block – waze.com.

You can download the application onto your smartphone (Apple, Android, Windows Mobile, Symbian at the moment, Blackberry is coming shortly) and use the free software as an on-board turn-by-turn navigation system.

The maps are produced and updated by the waze community – it simply involves driving around with waze running on your mobile phone – and the more people doing that, the better the quality of the maps becomes.

The waze turn-by-turn navigation screen on an iPhone

You can add information such as where the speed traps in your area are. See the user manual here for more information. You can even show temporary blockages, such as accidents. These and the location of other waze users who are driving around are shown on the navigation screen.

Waze started in Israel and only arrived in Germany and France via the USA on 11th March 2010, so there is still quite a bit to do. Waze has set up an initial country-wide map of Germany based on data from Intermap, and at the moment users are confirming the Intermap street data by driving over the roads. There are not many waze users in Germany so you can help by joining in, confirming and correcting roads (there is one error on the little area of Schmitten shown in the top screen shot above that I need to correct) and also adding PIOs and house numbers to make the maps more useful. there is a small German language waze user-forum active here.

If you are the first to confirm a piece of road, the symbol for your vehicle changes to become a little pac-man gobbling up the virgin road!

(If you see a user called “sqeze” moving on the maps, that’s me – see you on waze soon?)

Careful what you tweet…

John — Wed, 14 Apr 2010 19:32:08 +0000

I can’t see the point in some of the more modern internet trends – I tried FaceBook and gave up after a couple of weeks, and have never felt the slightest urge to share my life using Twitter. However I know quite a few people who do use Twitter. They may want to consider that their tweets are being recorded for posterity.

The US Library of Congress has just announced that they are going to archive every public tweet ever made since Twitter started it’s service in 2006.

Appropriately, the news was announced by the Library of Congress on Twitter:

Using Snow Leopard instead of Snow Leopard Server?

John — Sat, 27 Mar 2010 16:58:07 +0000

I have seen several articles over the years indicating that there are no problems in using a standard / client version of OS X as a server instead of using the OS X Server version, which is a darn sight more expensive. And indeed I have used a Mac mini with a client version of OS X for several years as a file and music server. It needs very little power, is small and just sits there unobtrusively doing it’s job 24×7.

However since I migrated all our Macs, including the server, to Snow Leopard (OS X V10.6), the Mac that I use as my work station has been driving me crazy. Any time I connect it to a network drive, it hangs itself up. Not straight away, but often after it has gone to sleep for a while. After that, as soon as I access a network drive again, the Finder hangs with a spinning beach ball and all the other processes become unresponsive. Usually the only solution is to reboot. Very frustrating, and bad enough to make me think seriously whether I wouldn’t be better migrating to Linux, since Apple has in the mean time issued two updates to Snow Leopard and the problem is as bad as ever. Ruth has had similar problems, but not so bad.

Three weeks ago I saw someone offering a new copy of Snow Leopard Server on EBay and I decided to bid for it. I ended up getting it for 177 Euro instead of the list price of 499 Euro. I installed it on the Mac mini server and to my surprise, all our Macs are now running rock solid again. The problems accessing network drives that Ruth and I had have vanished completely.

So, although many experts confidently insist that you can use the OS X client version as a home server (I don’t think anyone would propose to run it in a production environment), that doesn’t seem to be true in the case of Snow Leopard, although I have previously had no problems whatsoever for several years using the Tiger and Leopard clients as servers. I thought I would post this, as I haven’t seen anyone report this experience previously – maybe it will help someone else having similar problems. (I suspect a cheaper alternative might be to migrate a problematic Snow Leopard home server back to a Leopard client, but haven’t tried that.)

A paper-based password system

John — Wed, 10 Mar 2010 21:25:04 +0000

Digital Inspiration has an interesting idea for people who have to log on to multiple web sites from public computers, or just for people who want secure passwords even if they don’t spend a lot of time in internet cafes. It uses paper.

If you use the same password for multiple sites, you have a problem if one of the sites is compromised – your ID these days is often your email address and if the password is also the same, there is a real chance that the bad guys could use the compromised information to impersonate you on other sites.

The suggestion is quite neat and worth thinking about if you don’t currently use different passwords on each site.