Everybody's at it...

So here I am, jumping on the bandwagon and manga-ing my face at faceyourmanga.com. Anything to take my mind off of last week’s drama is good.

Some of you may remember that a while back I was having issues with my employer trying to move me to a different shop, which I fought against and stayed in the shop I want to work in. Well last Wednesday I got offered a move again. To yet another shop I wasn’t comforable working in. Or hours I’d be able to work (but that’s a different blog post altogether). Anyway, they accepted my decision to stay put but not without stressing me out, again. A thousand and one niggly questions at the back of my head - do I actually want to further my career? I keep putting barriers up for myself. Do I actually have what it takes? What am I so afraid of?

Thankfully I’m on holiday for a week or else I’d really be stressed. One whole week to concentrate on me, the boyfriend and my hobbies that have fallen way-side to work over the past month or two. Day one and I’m bored!

A complete overhaul of the way in which people navigate the internet has been given the go-ahead in Paris.

The net’s regulator, Icann, voted unanimously to relax the strict rules on so-called “top-level” domain names, such as .com or .uk.

The decision means that companies could turn brands into web addresses, while individuals could use their names.

A second proposal, to introduce domain names written in Asian, Arabic or other scripts, was also approved.

“We are opening up a new world and I think this cannot be underestimated,” said Roberto Gaetano, a member of the Internet Corporation for Assigned Names and Numbers (Icann)

The organisation said it had already been contacted about setting up domains in the Cyrillic script - used in many Eastern European countries.

“This is a huge step forward in the development of the internet - it will unblock something that has prevented a lot of people getting online,” said Emily Taylor, director of legal and policy at Nominet, the national registry for .uk domain names.

“At the moment, there are one-and-a-half billion people online and four-and-a-half billion people for whom the Roman script just means nothing.”

Dr Paul Twomey, chief executive of Icann, described passing the resolution as a “historic moment”.

Continue reading at BBC News website…

So, finally the internet will be filled with witty .xxx and .blog domains, as well as ‘funky’ domains such as firstname.surname/ Something which I’m not looking forward to. As far as I’m aware TLD’s such as .biz and .me.uk never really took off. I personally wouldn’t want one, rather sticking to .com and .co.uk - and the latter only because of the uk part.

The only thing that I can see myself doing would be having a .scot just because I’m so proud of my nationality - but it doesn’t make for a sexy looking domain name - ashesfromstars.scot, anyone? google.rocks? msn.sucks? Novelty, that’s all. It (hopefully) will get old quickly.

But out of interest, what would you want to register and why?

I’m fed up reading about other blogger’s going on holiday or planning holidays, I’m so jealous! In the past few weeks I’ve read about Rhys’s American dream, Han going first class to Florida, Jenn & family hitting the beach, Starlet being attacked by evil seagulls in Wales, to name but a few. Lucky, lucky people - you really are. The last time I was on holiday was in 2003 and that was a weekend in Dublin with the boyfriend. Before that I think the last time I was abroad for a proper 2 weeks in the sun holiday was America when my little brother was 4 - he’s now 15!

There’s only one real place that I want to go in the whole entire world - Las Vegas, baby! I’m been fascinated by the glitz, glamour, lights and gambling of Las Vegas for a very long time which was made a hella lot more intense with by my obsession of CSI: Crime Scene Investigation.

It’s my dream to stay in either Circus Circus or the Luxor before I’m 30. The boyfriend agrees, he’d love to go to Vegas too. And I kind of have it on a promise that if we ever went to Vegas it’d be acceptable to get married - and that’s never, ever going to happen in Scotland!

As always, the problem with going to Vegas is the money. We’re both terrible at saving money even for nice things like holidays and things. Plus we’d need gambling money so we’d have to stay in one of the many other hotels in las vegas that aren’t as famous or expensive as the Stratosphere or the Four Queens hotel just to fund our fun!

Anybody else been to Vegas? Is it really as magical as it’s made out to be?

I’m so geeky, I really am. When I heard about WordPress 2.6 beta being released I actually said ‘Yes’ outloud rather loudly.

I’ve updated both my blogs to WordPress 2.6 Beta and have run into no problems whatsoever. The function for previewing past versions of entries and posts is great as sometimes I do edit them a bit too much and have to remember what I’ve taken out when I didn’t mean to.

The word count function on the Write page is excellent too, because some of my paid-to-post entries require a minimum word count, so I’ve been able to delete the plugin that I usually used for this function.

If you aren’t too keen on upgrading your WordPress installation until the release is out of beta testing stage, never fear. WordPress 2.6 should be out around July.

Every single year I swear I’m not watching Big Brother - after all, it’s pretty sad sitting in your house watching people sitting in a house. But I’ve somehow managed to watch the catch up episodes for the last 3 days.

I must say that I’m so very glad that Alexandria was removed from the House, she was a bully with a capital B. I’m not one for confrontation but I could see myself arguing with that girl. Who made her the food god anyway?

Hopefully I won’t get too hooked on this series, but I’m all for Luke winning. He’s such an old man even though he’s younger than me, it’s so funny. And I can see where people think that he looks like Justin Timberlake, albeit a very nerdy not-so-hot J.T.

At the moment, the boy is driving (that’s a lie, his grandfather is driving) to Edinburgh to pick up the pool table I bought him for his 24th birthday. You have no idea how excited I am, I’ve wanted to buy him a pool table for so long, and in a few hours it’ll be all set up in his garage.

It took a long time to find one to buy, we ended up going with one off eBay that was slightly damaged. There’s nothing wrong with the actual playing surface, just the little window at the side where you see the potted balls is missing, which is easy to fix. We got it for 10% of the retail price, which is £3,100. There’s one other problem, the cloth is lilac but I’ve been reading up on recovering / refelting pool tables and actually it doesn’t look that hard. Plus our friend’s dad is an absolute pool shark and should be able to give us a hand doing it as he’s done it before.

At this moment the boy plus the 5 students we’ve bought it off of will be carrying the slate bed down 2 flights of stairs, don’t envy them one bit! Funnily enough they failed to mention that they lived in a flat when we bid for it.

Anyways, I’m going to read my new book that I got in the RBL last night for 50p, Number 10 by Sue Townsend. Looks excellent, so I’m going to sit for a while with a huge cup of coffee and an Easter egg (yes, we still have Easter eggs left!) reading it.

Oh, random.. The Fratelli’s new song is excellent. Just heard it on E4 music. New album soon please, boys.

Last night I found out the hard way why WordPress security is so important. My site got hacked/hijacked and the result was that every single internal link autoforwarded to a pornsite that tried to install toolbars, trojans..the lot.

I know that this has happened to at least one other blog that I visit, and probably lots more. The reasoning is probably down to unsecure file permissions within the wordpress files on my server. (Possibly something to do with the fact that WordPress have released version 2.5.1 with ultra important security fixes?)

So after deleting everything from the server and installing WordPress afresh (which of course came with it’s own problems of trying to remember all the plugins that I had installed etc) and importing a backup I took control of my blog again.

But it got me thinking. I’ve been online for half my life. I’ve had a website of some description for a decade. I should know about and implement security features. I shouldn’t have had to find out the hard way how important it is to keep my files safe from attack.

I’ve compiled a list of all the steps that you should take to protect your WordPress installation from malicious hijacking, after all I’ve been researching it for the past couple of hours to make sure that it never happens again.

File Permissions

Probably the biggest one on the list, and the one that can cause the most problems if you’re used to editing themes and plugins through the WordPress dashboard.

None of your files should be set to 777 (all users read, write and execute). By using the WP Security Scan plugin you can automatically see which folder do not have the correct permissions and fix them with a click. The plugin also points out any other security issues on your site. It’s an essential plugin for your site, and if you ask me it should be included with WordPress rather than Hello Dolly.

User - Admin

Your default user in WordPress is more than likely ‘Admin’. The same goes for the thousands of other WordPress blogs out there. So it’s not that difficult to guess, is it? So the obvious answer is to delete the user ‘Admin’. But WordPress won’t let you delete the default user, so what can you do about it?

This is where phpMyAdmin comes in to play. Don’t worry too much if you’ve never used it before, it’s quite simple as long as you follow these steps.

1. Log into your phpMyAdmin through your cPanel.
2. On the left hand side of the window you’ll see a list of tables like wp_options, wp_users. (the wp_prefix may be different if you’ve set this up as a different value when you installed WordPress).
3. Click on wp_users.
4. A table will load in the right hand frame, select the checkbox shown next to user_login.
5. Select ‘Browse’ from the tabs at the top of the page.
6. This then shows the table with all of your registered users details. You want to select the little pencil next to the name Admin to change this to a name of your choice.
7. Once you’ve changed the name to something else, press Go at the bottom of the screen.
8. That’s it - you’re done. The user ‘Admin’ no longer exists.

robots.txt

The robots.txt file on your server gives instructions to search engine robots (like GoogleBot). Remember that however not all search engine robots are good ones that play by the book, some will completly ignore your robots.txt file. But you can still add the following code to yours to stop all of your wp- folders being indexed by search engines.
Disallow: /wp-*

Passwords

Ok, this one’s a giver. We all know that passwords should be long and contain numbers, letters and symbols. But that’s hard to remember. But the amount of people who use the word ‘password’ as their password is incredible, and again it’s not that hard to guess, is it? Remember the MySpace password exploit? It threw up some interesting data on how people pick passwords, including the word ‘password’.

The easiest thing to remember is that you should keep your FTP and WordPress login password completely different and try and choose a password which is really hard to work out, but means something to you - like an acronym of you and your partners names plus your anniversary date. You could use a random password generator online to create a password, although you’ll probably have to get your browser to remember it for you!

WordPress version

Ok, so the geeks among us get excited when a new version of WordPress is in the pipeline and upgrade straight away, but some people wait a few weeks to ensure that any problems are ironed out amongst other reasons. It may be personal choice, but upgrading to the newest version of WordPress straight
away also protects your blog as there’s always security updates included in the upgrade. Try installing the WordPress Automatic Update Plugin to make upgrading your installation easy as pie.

Similarly, publishing what version of WordPress you are running is a danger in itself. You won’t realise that you’re letting the whole world know which version of WordPress you are running until you yourself check your page source. If there’s a Meta tag showing which version of WordPress you’re running from, remove it from your header.

Login Lockout

Login LockDown records the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts are detected within a short period of time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. Currently the plugin defaults to a 1 hour lock out of an IP block after 3 failed login attempts within 5 minutes. This can be modified via the Options panel. Admisitrators can release locked out IP ranges manually from the panel.
Login Lockdown plugin

That says it all really, doesn’t it?

Directory Listings

By default anybody can access your plugins by going to www.yourblog.com/wp-content/plugins/ and viewing every plugin that you currently have installed. By either including a blank html file in your /plugins/ directory or switching off directory listings via your cPanel users will not be able to view these folders and files, and possibly any security risks that they have.

Don’t use FTP

Use SSH/Shell Access instead. It’s possibly not the easiest thing to do in the world but it’s one of the best moves you can make. If you can, disable FTP completely.

If you’ve got anything else to add, please feel free to leave a comment.

So it appears that my friends are idiotic, pathetic non-friends.

Last night we all went 10 pin bowling and had a complete blast, it was the typical story of we all go bowling and play amazingly bad in the first game (I got 90 points in 10 frames, that is cringe-worthy. Although I did manage to throw a size 8 ball at 16.2mph), get drunk and play brilliantly in the second game. About half way through the second game I gave up playing, I’d been trying to perfect spinning the ball down the lane instead of it just rolling and hurt my wrist. I ended up putting about £10 into a driving arcade game and winning 4 games of that while the boys took my go at bowling. Suited me just fine, as I don’t go in for the whole getting-so-drunk-you-can’t-stand-up thing that they were doing.

Midnight rolled around and the bowling was closing so I called the taxi company to order a cab but they didn’t have any hackney cars on, so I just ordered two cabs to take us back to the boyfriends - there were 5 of us and Scottish taxis are only licensed to carry 4 persons unless they have more than 4 seats (three in the back, one in the front). Boyfriend & I jumped in the first one while the our friends waited on the second car. Everything was going fine until they showed up at the boy’s house about 20 minutes after us - since they had to wait longer on the second car they’d been caught in the snow and were cold and moody. Understandable, but we had to take the first car since we had to let them into the house!

Throughout the night more drinking is done by them and tempers are fraying over the silliest little things. They want the windows open, I don’t since I’m sitting right under them and it’s snowing outside, so obviously it’s rather cold. Around 2.30am I start hinting to the boyfriend that I’d like to go to bed soon…I’m never nasty or evil about doing this, usually just whispering in his ear that it’s nearly bedtime and he’ll get lucky if we go soon! Anyways, one friend hears me saying this to my boyfriend and starts saying that all I ever do is try to throw them out of a house that I don’t even live in. I ignored him, but he says something rather evil and nasty to me about 10 minutes later and my boyfriend tells him not to talk to me that way. Cue shouting and fighting between the boys, and boyfriend’s mum shouting through the wall since she’s up for work in a few hours. Understandable, right?

Then at about 3am one of the boys, who I consider to be my closest friends, says something and then says “Oops, shouldn’t tell Mel that” while the boyfriend face goes sheet white. This gets my heart racing and I calmly asked “Don’t tell Mel what?” about 12 times before I’m told that a few weeks before Christmas my boyfriend was at said mate’s house and his girlfriend invited one of her friends over. The boyfriend fell asleep (he’s prone to do this on work days) and all my so-called-friends thought it would be funny to try and get this girl to try and kiss, fondle and whatever with my boyfriend stating “it’s ok, his girlfriend will never know”. I don’t think I’ve ever felt such anger towards my friends. I wasn’t angry at the boy, after all he was asleep and nothing happened, but I am furious at my friends. The reason that my boyfriend hadn’t told me was because he knew I’d fly off the handle. Which is exactly what I did. I called a taxi, gathered my things together and got ready to leave. In the end I canceled the taxi and sat downstairs crying, listening to my boyfriend and friends arguing until he threw them out his house 10 minutes later and came and hugged me for an eternity.

So now? I’m not talking to any of my friends. It appears that the boy isn’t talking to them either and I can’t believe that they would go behind my back for their amusement. Am I over-reacting? Possibly. But it’s made me realise that finally, I trust the boy 100%. And that I cannot trust my immature friends.

Damnit, why is life always so screwed up?

So, I’ve spent the day in bed feeling a little hung-over and browsing the internet - well, clicking Stumble on my toolbar every few minutes and laughing. Don’t get me wrong, I’ve been using StumbleUpon for a while but today it just seems a lot funnier. Here’s my picks of today’s Stumble-athon.

1. How To Make Pancakes Like a Crack Head - a new use for your junk paraphernalia!
2. LP Sleeve Faces - why have I not thought of this before? Classic use for LP sleeves.
3. Google having a laugh, surely not?
4. Google Earth has some interesting images, including massive Ford and Mozilla logos
5. Glaswegians tell Bono like it is
6. And this is why young girls have no self-esteem, a before and after look at a magazine cover photograph.
7. Corporate logos Web2.0-ified

What’s the best finds you’ve found on StubmleUpon??