Managing WordPress Updates

With roughly 22% of new (and a total of over 46 million) sites built on WordPress, it has become a popular target of scripted hacks – programs that troll the internet in search of out-of-date versions of WordPress and its plugins. It has become increasingly important to keep your plugins and WordPress’ core files up-to-date.

But keeping things up-to-date can be tedious. And it’s easy to forget to check to see if updates are available for your sites. Let me keep track of your WordPress updates for you. For a small monthly fee, I will monitor your site and apply updates to WordPress and its plugins as needed – usually within 24 hours of updates becoming available (but often quicker than that). I’ll also perform daily incremental backups of your site and save them off-site (to Amazon’s S3 service), providing you with a route to restore your site should something happen.

In a nutshell, I’m doing something that you could be doing for yourself, but using tools to make the process much more efficient.

Some things that this service does not cover:

  • Sites that break when a new version of WordPress or a plugin are released. I very rarely have this happen and it’s something I don’t really have control over. Sometimes, a bit of extra work is involved to support new versions.
  • Fixing sites that *are* infected. I’ll be able to help you recover from a backup of your site (at my normal hourly rate), but I can’t guarantee that your site won’t be hacked. I *can* say that keeping code up-to-date is the best way to prevent problems. Keeping the code up-to-date is something you’d need to be doing anyway, I’m just doing it for you.
  • Updating premium plugins that don’t use WordPress’ default updater. Some plugins require a manual update. I can help you with these, too, but it would be at an increased price.

Interested? Questions? Contact me by form or phone.

It’s time we talked about your password problem

A password for your bank. A password for Facebook. A password for your Gmail account, your Twitter account, your Yelp account… It’s likely that you’ve got too many passwords to keep track of. And if you *are* trying to keep track of them, then you’re doing it wrong. If you’re using the same password for more than one site, you’re really doing it wrong.

You Need a Password Manager

Password managers keep track of your many passwords, encrypt them, and secure them with a single master password. That way you only have to keep track of a single password to access all of your others. A password manager will integrate with your web browser and automatically fill in your login credentials as-needed. Most password managers will also have an app that’ll run on your phone to help you access your saved passwords on-the-go.

I use LastPass

I’ve been using LastPass as my password manager since 2011. I’ve been very satisfied with it. I pay $1/month to have a “premium” account, which is what you need if you want to access LastPass from a mobile device. I have one long password (pass phrase) that I remember that will let me log in to LastPass to retrieve all of my other passwords.

Pick a Pass Phrase

For a password manager to work, you need one good secure password. It needs to be cryptographically strong. That means that you need to come up with something that’s easy for you to remember, but hard for a computer to guess. I find that it’s easiest to pick a sentence or a song lyric and replace some of the letters with punctuation. Easy options are substituting a 3 for an E or a 5 for an S. But the more creative you get, the stronger your pass phrase. You might end up with something like: sc0tt%5pa55w0rdLo0k5w3ird

Let LastPass Generate New Passwords

People are notoriously bad at picking strong passwords. Once you’ve got LastPass set up, let it pick your passwords for you. Let LastPass generate passwords like jsT%43iaUf&eJvS!YNkq. There’s no reason it should be something you can remember. And if you feel weird about not knowing your password, most sites will have an “I forgot my password” link to allow you to reset it.

But is it safe?

This is the question that I get asked the most when I start talking about password managers. What happens if LastPass gets hacked? LastPass (and their like) are security-focused companies. The chances of them being hacked are low. There are password managers that allow you to store your passwords locally on your own machine if that’s a concern for you. LastPass even includes a tool to automate selecting new, strong passwords for the sites you frequent. If you ever have a concern, it’s very easy to generate new, long, random passwords.

Something that’ll greatly increase your security is multi-factor authentication. I’ll cover this in a separate post, but, in a nutshell, this method requires more than one method to prove your identity. You may, for instance, have a fingerprint scanner on your laptop. If you’re using multi-factor authentication secured by your fingerprint, someone would have to know your password *and* have your fingerprint.


Public Records & The Public Record

This is cool: On Friday, June 1st, during the Government Perspective panel at CityCamp Raleigh 2012, Charles Duncan Pardo at the Raleigh Public Record mentioned to Gail Roper, Raleigh’s CIO, that it’s difficult for the average person to figure out how to file a public records request.  A couple days later, was updated with instructions for making such a request.

CityCamp Raleigh 2012 Recap

CityCamp Raleigh 2012 was a success due to the work of our awesome volunteer staff and the smart people that showed up, shared ideas and formed teams to help improve our city.

What Happened?

On Friday, we heard some great conversations about how opening up code, processes and data can improve life for all of us. Thought leaders spoke about these issues from the public/government perspective as well as from a business perspective. It was awesome to be in the room to hear these great conversations and the moderators did a great job of guiding the discussion. We even got to hear the beginnings of some interesting sharing of ideas between the cities of Raleigh and Cary.

Saturday kicked-off with one-minute presentations pitching ideas for workshops throughout the day. Attendees voted on their favorites and the most-supported topics were assigned to rooms throughout the day. We had 5 sessions with 5 workshops per session. Some of these were educational (What is Open Source?) some were the first meetings of groups that would form around a project in hopes of winning the $5000 prize on Sunday afternoon.

Sunday was for planning and coding. Groups started their work slowly at first, then at a frantic pace as we neared the 3pm presentation deadline. Ten distinct teams with 10 distinct ideas prepared marketing presentations and prototype applications.

At 3pm on Sunday, we gathered to hear 5-minute presentations from the teams followed by a short Q&A, after which the judges sequestered to vote for their favorite idea/project. We graded based on feasibility of the solution, creativity and presentation, and technological execution.

We Have a Winner!

The winning team was made up of CityCamp veterans, and students from a mobile development curriculum at NCSU. Their idea? A Raleigh greenway app called “RGreenway” that uses open data from the city to help you plan a visit to a greenway. The team’s vision for the app includes social features (Which greenway is great for new cyclists? Which one is swamped with strollers?) , integration with SeeClickFix to report issues, and features that’ll alert you to impending weather conditions.

Bury the Lead

My favorite story from the weekend is that CityCamp Raleigh was attended by Mayor Nancy McFarlane and all eight city councillors! Bonner Gaylord was an active part of the planning team, and Councillors Mary-Ann Baldwin and Russ Stevenson and the Mayor joined teams to develop ideas for Sunday’s presentations. Other councillors attended sessions and workshops throughout the weekend. I love how hands-on and committed Raleigh’s leadership is to the cause.

The Event and The Movement

Throughout the year, you’ll be hearing more from CityCamp Raleigh. Amazing things have happened in the past year and we’re continuing to pursue ideas to improve the live of Raleigh citizens through the use of technology. The best way to participate or to keep up with the discussion is to join our Facebook group.

Quickly deploy QR codes to link from real-world to web.

QR codes are two-dimensional bar codes. They’ve become popular recently as a way to link to web sites from real-world items like product packaging, magazine ads and “home for sale” signs. Scan a QR with your phone and you can instantly be linked to a web site. QR codes can store lots of other kinds of text info, too.

Several years ago at SXSW, I met Dustin Haisler, who at the time was CIO for the town of Manor, Texas. Dustin used QR codes to mark items around town to link visitors to additional information online. He had great success at opening up the actions of the local government without spending a lot of money.

Since meeting Dustin, I’ve had ideas rattling around in my head about doing something cool with QR codes. At last month’s CityCamp Raleigh, ideas and inspiration clicked together and it occurred to me that it’d be interesting to use QR codes as temporary advertisements/info markers. Short term, I’ve got two ideas I’m experimenting with:

  1. Helping a group called Five Points CSA, a community-supported agriculture (CSA) group based in the Five Points area of Raleigh. There was a group at CityCamp Raleigh that helped organized a social media plan for the CSA.
  2. Helping get the word out about citizen advisory council (CAC) meetings. CACs are Raleigh’s link between communities and our government.

The Basic Idea

The idea I came up with was to build a rig to allow me to quickly tag QR codes on walls or sidewalks. I did some research and found that someone did something along these lines at TED, but I couldn’t find any instructions or guidelines for creating tools. I ended up making a rig that can be used to spray QR codes on a flat surface. I use spray chalk to make the codes temporary. My prototype creates a QR that links to the Five Points CSA Facebook page. I used a URL redirect on the CityCamp Raleigh server so that I could point the link somewhere else if needed (say a Flickr group or another web page). Then I shortened the URL via I shortened it for two reasons: 1) records usage statistics 2) shorter URLs make simpler QR codes.

Building the Rig

My QR rig is built from card stock. Card stock is relatively durable and easy to cut with an exacto knife. I’m working with someone to create a vinyl version that should be a bit more durable and allow me to spray the template clean. The magic sauce, I’ve found, is fiberglass screen. It’s just like the screen on the windows of your home. You can buy a roll of it from your local builder-supply shop for about five bucks. The screen gives you a base that you can attach the card stock to. This is important because it’s likely that your QR will have bits that aren’t attached to the main shape once you’ve cut them out.

I reversed the image of the QR before I cut it out. This is optional, but since I was cutting the image from black card stock, this just seemed to make my brain hurt less. I’d recommend using white card stock, though. That way, after you do your exacto-work, you can put a piece of black paper behind the cutout and check to make sure that it scans with your phone.

Next Steps

I’m and Android user. Google Goggles on my Nexus One scans my spray-chalked codes really quickly. I still don’t have a good test of scanability on iPhones, since I don’t have access to one. I’ve emailed photos of the code and the photos scan on an iPhone, but I still need to do some more real-world testing. It looks like the camera on iPhone 3’s and earlier is pretty crummy. But in this case, the iPhone is my Internet Explorer, so I’ll keep working on increasing the scanability for iPhones.

Lessons Learned So Far

  • QR codes are pretty forgiving. There’s a lot of error correction built into the code. This makes it work fairly well for my needs, but flat pavement or concrete works best.
  • The white border around the code is significant. It’s part of the code. I use a cardboard cut-out to put down a white section before I spray the code.
  • When you’re spraying – even if it’s chalk – you look like you’re up to no good.

Fixing GMail Sync Issues on the Android Platform

GMail on my G1 recently stopped syncing. The little sync indicator does its spinny-thing, but I don’t get new email from the server. Searches for “G1 sync fail gmail” and similar combinations didn’t turn up any good prospects initially. I eventually found the simple solution on the Google mobile support foums. Hope this helps someone out there!

Personalize Your Comments

If you’ve ever posted or read comments on a blog, you’ve probably noticed the little icons associated with each post. If you’re a new commenter, you may wonder why you get some sort of boring nondescript icon instead of something that reveals your True Character.

While some sites’ comment systems have their own proprietary way to manage commenter icons, many sites use Gravatar to display these. Gravatar (Globally Recognized Avatar) allows you to set up an icon that’s associated with your email address. That way, wherever you post a comment (if that site makes use of Gravatars), you’ll have the same icon next to your comment. Just make sure you set up your Gravatar with the email address you plan to use while posting (you can add additional email addresses to a single Gravatar account).

Gravatar is made by the folks responsible for the blogging/CMS platform WordPress. Here’s a video that explains how Gravatars work:

Presentation Tips: More from Lawrence Lessig

I posted back in March about Lawrence Lessig’s “Keynote Ballet.” Lessig gives beautiful presentations. He uses simple slides in a way that illustrates his points without boring his audience. I occasionally find myself counseling clients to skip bullet-heavy PowerPoint decks in favor of an approach similar to Lessig. Please take a moment to watch this presentation – even if it’s just the first minute or two. You’ll get the idea.

#SXSW2009 – Tony Hsieh,

photo by Roustem Karimov

Zappos CEO Tony Hsieh (pronounced “shay”) is a smart, friendly guy. In 1994 he started a business selling pizzas. Today, Zappos sells upwards of a billion dollars worth of shoes per year. Tony attributes much of Zappos success to one core element: company culture. Every Zappos employee, from the stock-room to the board-room, understands the company culture and it’s primary tennant: awesome customer service.

The slides from Tony’s SXSW presentation are here.

Some nuggets from Tony:

  • People may not remember what you did or said, but they’ll remember how you made them feel.
  • It doesn’t matter what your core values are, but that you commit to them. Alignment is key.
  • Perceived control and perceived progress make people happier. An example: Zappos has a 3-year process in place for employees to reach a certain job position. They broke the process into 3 smaller segments. The only difference being that the interstitial steps have names. Employee satisfaction improves.
  • During the hiring process, prospective employees are asked “How lucky are you?” The answer to this question gives insight into how that person perceives the world and their life.
  • After completing initial training, new Zappos employees are offered $2000 to quit. Very few take the cash-out. The folks that remain have given more thought to “Do I want to be here?” and Zappos avoids losing hiring/training costs of people that don’t stick around. Tony says “Not enough people are taking the money. We may have to increase the amount.”

#SXSW2009 – Lawrence Lessig, Change v2.0

photo by Joel Housman

photo by Joel Housman

Lawrence Lessig is known for his focus on technology and law, especially as it applies to copyrights. A couple of years ago, he announced his intention to change his focus from copyright matters to political corruption. Earlier this year, he helped launch Change Congress, a web based project aimed at educating people about the influence of money in the political system.

Consider any public office where it’s known that a politician has accepted donations from a special interest group. We immediately assume that there is a money-for-influence scheme at work here,  regardless of how “good” we perceive this politician to be. We assume that this politician abandons personal convictions when presented with a check. Sure, this isn’t a groundbreaking observation, but it’s time we fixed things and removed this taint from the system. Money corrupts democracy.

Change Congress’ immediate concern is H.R. 801, sponsored by John Conyers. This proposal forbids the government from requiring scientists who receive taxpayer funds for medical research to publish their findings openly on the Internet. Government-funded (our tax dollars) research would be available solely via for-profit journals inaccessible by the general public. reports that Conyers is receiving disproportionate donations from the benefiting publishing interests.

In a semi-related note, Lessig really knows how to deliver a presentation. I’ve been referring to it as “Keynote ballet”. His timing is excellent, his slides are interesting and there’s not a bullet point in sight. Beautiful.

About the title: using # symbols is a trend that’s recently caught on in Twitter. It allows people to tag the context of their discussion. Use of these “hash tags” is hotly debated, but apppears to be here to stay. This post is inspired by panels I attended at SXSW Interactive 2009.