P2 or Not P2

Today has been an odd silly day. It started out with an odd fanciful notion to investigate WordPress.org and possibly host it on a Mac Mini. My design was to create a workplace blog, theme it with P2 and whip it out on my coworkers and see how it worked for them. It’s not really a Wiki, we have that, and the Wiki software we use is Apple’s own that comes with their Server OSes, but the blogging component leaves something to be desired.

I saw WordPress.com pushing P2, a theme that fits into WordPress.com or WordPress.org and enables Automattic, the company behind WordPress to communicate more efficiently. My interest was piqued.

So I started with that original idea, then my assistant reminded me that I have a huge monster HP 1U server that I never use and it has Ubuntu on it. I had a little Eureka moment and decided I could work with that. I downloaded the WordPress.org software and went over the installation manual. I got everything edited and in-place and looking nice in the terminal window but couldn’t get the wp-admin/install.php screen to appear so I could finish the WordPress.org installation. I futzed and putzed and figured out I was missing some things, like a different kind of PHP, as well as PHPmyadmin. Once I added all of those various bits I tried it again. No dice. I finally figured out that when I created the “wordpress” MySQL database and user that I botched up the name and host information and didn’t see it until I blundered my way into PHPmyadmin. With that tool I fixed the problem and then everything was fine. I installed JetPack Plug-in, which promptly exploded in my face. JetPack needs to chat back and forth between WordPress.com and whatever machine you are installing WordPress.org on. This server here is firewalled on the wire and can’t be seen by any outside-to-WMU system, so that put the kibosh on JetPack. I still wanted to try P2, so I installed it and it worked like a charm. Then I ran into the same headache I always run into with these systems: SMTP. Here at WMU there is a huge barrier to access any network services, especially SMTP. So how could a WordPress.org P2 blog ever really work right if the server it’s running on can’t ever send out email properly? Oh, I tried to be clever and I failed. I tried to forge a CA, I tried lots of hints to try to masquerade into smtp.gmail.com using TLS, and I tried sendmail and postfix. Bloody hell. I would rather eat glass than have to see sendmail.cf again. I’d rather massage the tongue of a rabid wolverine than futz with postfixes main.cf file again! I mashed my head up against that brick wall until I took a step back and asked myself why the hell I was going to these lengths for something so tangential.

So then it struck me, if we’re using WordPress.com for the heavy lifting for most of our content management, why couldn’t I just create a new blog for our workgroup, slap P2 on it and carry on? That had its own problems. In the beginning I set everything up with Western Express and set my “Gravatar” to be associated with my work email address of andy.mchugh@wmich.edu. All fine and good until you try to use that address anywhere else! WordPress is picky. So I logged into WordPress.com thinking I could change my accounts email address in WordPress, as it turns out, you can’t. You have to go to Gravatar and change it there. It’s not so much change as put in a new address, switch it to primary, then rip out the old address. A lot of work for something that was supposed to be easy. Blargh!

So I got everything switched around and freed my work email address then re-approached WordPress as if I was a new user. I logged in using my work address (which is the most appropriate address for this pursuit) and created an account. I got the automated email verification message and clicked on it. WordPress refused with the error: “Could not create user” and so I emailed support at WordPress for help. Still waiting to get some TLC from the support people as of the writing of this blog-post.

Along with all of this I’m wondering if P2 will be well received? Will my coworkers see this as one more silly thing that I’m making them all use? I’ve pounded Wiki use into their heads, I’ve done a lot of things behind the scenes that none of them see now but will that will also radically change their working lives (for the better I assure you) and then I sit and wonder. I wonder if P2 is a solution that could work for us? If it works for Automattic, shouldn’t it work for us as well? I’m on the fence on this. I’ve whipped out so much new technology on these people, will they accept another massive change to how they communicate or will I be facing open revolt? I see this idea of mine shaped this way:

A private group blog that everyone can log into anywhere they are in the world, obviating the need to use any kind of VPN system as WordPress.com is available ubiquitously. It would enable people to hold online communications, post instantly like Twitter, post without limit to text (unlike Twitter), include rich content such as YouTube embeds and such all the while managing the conversations and using categories and tags to track different sections of our communication infrastructure. I imagine using P2 as I would have maybe used Google Wave if it was matured properly and supported by Google and not killed in its infancy. That we’d use several big tags such as “Donors” and “Help Desk” along with a constellation of other tags and not have to struggle with email distribution lists and missing information and delayed communications, all of that could be eliminated. On the flip side of that argument is “This is one more thing that you are forcing on us and making us learn.” I’m struggling with how P2 could fit in with our lives and whether this is a valid pursuit or just so much “chasing after the shiny”.

There are several of my coworkers that I’m nearly certain would go stark raving mad if I whipped just one more thing out on them. I just can’t deny the allure of all of these services, WordPress, DropBox, 1Password, Evernote… that their ubiquity online and their omnipresence in the mobile computing sphere is terribly attractive to me. That a workforce that I deeply suspect will be forced to become more mobile and nimble almost demands that I continue this breathless rush towards the bleeding edge.

So what I really would like is to find anyone other than Automattic who found P2 to be useful. It would gratify me immensely to know that P2 was a ‘game-changer’ and serve also as confirmation that I am on the right path and that this whole charge towards shiny actually serves a true and honest business purpose beyond my wanderlust for novelty.

As always, I would really love people to comment, I’m looking for evaluations, opinions, you name it, every bit helps. I thank you all in advance. 🙂

Robin Hood's Barn

Yesterday I attended a meeting with other like-minded individuals and this merry band of people got to discussing password management. There are a lot of different (and all equally valid) ways of managing your passwords and as I listened to some of these people describe their solutions it struck me, again, just how good I really do have it. I have to admit that once I switched over to 1Password and integrated it with Dropbox I’ve been spoiled rotten. The solution is such a perfect match that I stopped thinking about password management altogether, freeing me to concentrate on other things.

Then I heard about some of the things that my work peers have elected to do. One of them manages it with a password-protected Excel Spreadsheet and then uses Sysinternal’s SDELETE program to securely delete the file after he’s done using it. I sat there, stunned as I followed his description of the procedure that he has to follow and grinning-on-the-inside as others around the table brought up a series of criticisms of his procedure and pointing out pitfalls and the like. I sat back marvelling at 1Password, how I didn’t have to worry about any of this, and I discovered in that moment a hidden value to 1Password that just reinforces the perception of value that product has for me – I don’t have to think about this stuff anymore! It saves me time, brainpower, and attention-span. Just for that I couldn’t imagine not having 1Password in my digital life.

All along this meeting I heard comments peppered throughout that all had to do with a paranoid fear of security loss by taking advantage of cloud services. This isn’t the first time I’ve come across this, it was the central axis that featured prominently in my Webmail Plus v. Google argument that I so spectacularly lost so many moons ago. People fear the cloud. They fear what these companies will do with the data once it’s entrusted to their care. This has always mystified me and left me speechless. Now, don’t get me wrong here, I’m not saying that it’s wise to simply put 50,000 Social Security Numbers in a plaintext file and send them right up to Dropbox, hell, I wouldn’t do that with Amazon S3 service or any other provider for that matter. But what I would do, and perhaps this is what boggles my mind, that people don’t already do this, is encrypt the data using AES. With the data in this format, even if the file security is compromised, without the password, what they have is just as good as noise.

This is where 1Password is great, the central database file is encrypted using AES, so I can put it up on Dropbox and then access it from every device I use that can reach the Dropbox service! This has saved me innumerable hours and a world full of worry. Even if one site is compromised I don’t have to worry because each site has its own unique 16 character random password assigned to it and managed through 1Password. I don’t even care if a site forces me to regularly change my password, because every new password will be a random 16 character entry from the password generator that is already in 1Password. I can’t express how much time, energy, and attention-span I’ve been able to save with using this product. When something like 1Password is built, and built well, I can’t help but rave about it. Everyone should be using this software, it would make everyone so much more secure.

eBooks & Public Libraries

In earlier blog entries I went on at length about how eBooks were going to change the book business and I puzzled over the role of Libraries providing their users with a pseudo-socialized way to “steal” books, mostly under the comic jab that Barnes & Noble should seek to shut down libraries because they eat into sales.

I also still think that downloading an eBook is virtually indistinguishable from going to the Library and borrowing a book. The destination I reached was a new principle called the Preservation of Inconvenience. That publishers need to maintain a certain basic level of “Being a Pain In The Ass”. To which, the link below points. It appears as though HarperCollins, in an effort to retain their basic level of “Being a Pain In The Ass” will count how many times a library lends out an eBook, and if it goes beyond 26 times, they’ll sell the eBook to the library AGAIN. Over and over.

So once again the old battle is joined. Consumers versus Producers, and the weapon of choice for the producers is Digital Rights Management. The best way to de-fang DRM is to only consume content in open formats. Accept nothing else.

eBooks In the Public Library Under Fire! | Gear Diary.

Comic Tent Flapping

I’ve signed up for The Weather Channel’s “Notify” service. This is supposed to alert me when there is a meteorological emergency and I use it mostly for thunderstorms as power outages can cause havoc with my systems at work.

Mostly the service runs great, and always alerts me when there is some sort of emergency. The problem is that it alerts me too well. In alert management I believe it’s called tent flapping. The alert spawns a thick group of alerting emails and phone calls. Each alert throws off two calls, and about four emails. It’s always comic when there is an alert as every device I own beeps, vibrates, or rings.

At least I can’t say that I wasn’t alerted. 🙂

The difference between iPods and iPhones

Now that I have my new iPhone, I’m thrilled to have it and using it is wonderful. While I’ve been working with it I’ve run into a strange oddity and a workaround for it. The oddity came when I tried to create my own iPhone-compatible ringtones. The creation of iPhone custom ringtones are in themselves needlessly fussy procedure. First you find the music you want, trim it to 40 seconds, then convert it to AAC format. Then you tear it out of iTunes, change the extension from m4a to m4r and then insert that back into the device for assignment.

What gets me about the ringtone creation is how involved and outrageously fussy it is. It wasn’t meant to be this way, the design clearly points to strict control. When Apple makes something easy, it’s ridiculously easy. This is something different. This is capitalism. Apple went a long way to make this obfuscation stick and the proof is in the obnoxious lengths that you have to go through if you don’t want to buy a ringtone from the iTunes store.

I ran into another issue with my new iPhone. I plugged it into my MacBook and tried to add the newly manufactured ringtone to the device. Then I discovered a rather new and odd limitation. An iPhone apparently fixates on the iTunes library that it first sees, it is with this library that you can turn on “Manage Manually” mode with an iPhone. Any other library locks the phone out but offers you the option of continuing by wiping your device and re-fixating on a new iTunes library. I quickly came up with a great way to beat Apple at this oddity, I created a new iTunes library from scratch (just the directory structure and some key files) and placed it on my Dropbox. Then using the option-key goaded iTunes to start from a different library, pointed it to my Dropbox-iTunes folder and now I have a work-on-any-machine-Manual-Manage iTunes skeleton that allows me to insert homemade ringtones into my new iPhone.

What a long way around for something that should be simple. Apple, if you are listening, the solution is only lengthy and annoying. It’s been paved by your own software and the only piece missing is either a USB memory stick or Dropbox. How easy would it have been to design this with the same vigor that you designed everything else? Eventually your customers find ways around this sort of thing, doesn’t that inevitability mean it’s not worth pursuing in the first place?

Humph.

1Password Bug

I ran into this little nasty earlier today. First to set the scene:

  • Mac OSX 10.6.6
  • 1Password Version 3.5.3 (build 30812)

I got an email from Trapster.com informing me that my account may have been compromised. Since I started using 1Password I’ve been making unique 16-character passwords for each individual site, so if a hacker gets my password for one site, he may own that, but nothing else. So I opened up 1Password and my highlight was on another entry related to another item. I went to the search field, typed in “trap” and found the entry for Trapster. I edited it, clicked on the password generator and made a new 16 character password. I clicked the “copy” button in the Password Generator dialog box and 1Password decided to replace the password for the previous highlighted item with the generated password that I meant to go into Trapsters entry. I did this three times just to make sure I wasn’t losing my marbles.

The way around this is to not use the search feature at all. If you browse and highlight the Trapster entry and put in a new password that way, everything is fine.

I just thought I would blog about this to help anyone who might have run into this bug on their own, it isn’t your mind, it’s the program. I’ve forwarded the bug report to the people who write 1Password, we’ll see what response we get.