Apologies for the random recent newsletter

An upgrade to WordPress changed how my newsletter delivery method works, resulting in all recent blog entries being mailed out. My apologies for this unintended mailing, but it does give me the opportunity to encourage you to keep an eye out for updates in the coming weeks. We’ll have a big announcement Soon™ that you won’t want to miss!

Upgrade WordPress–Don’t let strangers root through your trash

Version 2.9 of WordPress introduced the Trash, a wonderful little feature that most of us became acquainted with when Windows 95 launched. When you delete a post, page, or comment, it goes to the trash where you can review or restore it if you so desire. Apparently there was a vulnerability in it, though, where logged in users could see get in and see anything that was in the trash, even if they wouldn’t have been able to see it previously.

Version 2.9.2 was just released to fix this exploit, so be sure to grab it and update.

Upgrading to Confluence 3.1 was rougher than I expected

I went in early to work today to upgrade our Confluence server. I had been running the latest version on a test server with great success, and we had a lot of really exciting changes to roll out. Ever since I first set up our wiki around 2.5+ years ago, no one from our West Plains campus could log in (their accounts are in a separate Active Directory), and only a select number of AD groups could be used for permissions sets. What was worse, the operating system it was running on (the first iteration of Ubuntu JeOS) was pretty much broken and couldn’t be updated.

So we were moving to Windows Server 2008 (at my boss’s request–migrating from Ubuntu about broke my heart), and we also transitioned from a locally hosted PostgreSQL database to a remotely hosted Microsoft SQL Server. Lots and lots of changes, all to the good.

Instead of the hour I had an anticipated (moving virtual machines on our VM server, swapping MAC addresses, renaming the machines, voila), it ended up taking eight hours and forty-five minutes. Random issue after random issue got in my way, bugs that could neither be reproduced nor explained cropped up, and I strained against my torment without a break and with great intensity. First it was database errors, so I had the web DB guy drop all the tables and started anew. Then it was a Java error, then an unlabeled error, then backup restoration errors, with each error taking 30-60 minutes each to overcome. Once everything was OK, we discovered that all the attachments were broken, and after a frantic hour or so including some frenzied communications with Atlassian, it dawned on me to just copy the attachments over from the old server. If you knew how complicated attachments are in Confluence, you’d understand why I didn’t do that to begin with.

About fifteen minutes before I was going to leave, I started getting emails that people couldn’t see the content they needed. Permissions were broken, and that took another hour to figure out. A helpful person who runs our Active Directory was on the phone with me the whole time, and between us we were able to narrow down the issue: From within Confluence, I could see the permissions groups, but none of the members of those groups. AD groups can be created as Local Domain or as Universal, and Confluence 3.1 requires the latter. The former is the default, though, and most every group created before he started (about 2 years ago) was set to the default. Unfortunately, this included all of the permissions groups we needed. A quick fix on his end, but it took us a while to figure out what was going on.

I got no confused, frustrated, or angry emails on the way home, and five hours later I’ve had nothing but a few Thank You notes for the upgrade, so I’m feeling pretty good about it. Unfortunately, I was also exhausted and ended up having to take a 3-4 hour nap, and my throat’s sore, and my sinuses are all stuffed up. Hopefully sleep will cure what ails me.

Carrington 1.3 has been released

If you pay attention to your WordPress Dashboard (I notice mine every 2-3 days), you might have seen that version 1.3 of Carrington has been released. Carrington is the theme I use for SilverPen Publishing, but it’s more than a theme: Carrington is a unique shift in theme framework development and finds itself in a significantly more advanced category than your standard WordPress theme.

Simply put, it’s all kinds of wonderful, and I’ve really enjoyed having its style represent SilverPen Publishing. However, I have had to make a few tweaks to the theme, and when faced with an upgrade, I was hesitant to recommit myself to that task. All of those changes would have to be made once again, and I didn’t take notes on what I had edited because I didn’t think I’d have to do it again any time soon, let alone with this theme.

Most theme publishers write a theme, put it out for public consumption, and leave it. I never expect upgrades of a theme unless a major change in WordPress outright breaks the theme, and even then it doesn’t get upgraded most of the time. Alex King‘s a champ, though, and stands by his work. If I could laud him any more highly I would, but for now my praise and recommendation will have to be sufficient. Such dedication caught me by surprise though, hence the lack of notes.

Because there were some important security upgrades in this version, I went ahead and upgraded after backing up my current theme, and then spent some time going through and changing what I needed to. In addition, I actually took notes this time as I went, and I’m going to go ahead and post them here. As I read in someone else’s blog recently, notes for me, notes for you.

Reasons to upgrade:

From Alex King’s blog:

Version 1.3 of Carrington Blog is now available for download.

Upgrading is strongly recommended due to a security patch in this release.

This version has a couple of changes – both bug fixes and new features:

  • Added an image.php file for displaying media. This is not yet abstracted into the framework, but will be in the future.
  • Added a field to the settings page for adding in analytics code.
  • Fixed a problem with IE7 and the dropdown menus.
  • Explicitly send headers with AJAX responses, hopefully fixes some issues reported by Safari users.
  • Added a Log In link to the header.
  • Added code to load in translations.
  • Updated documentation.

Continue reading