Tag Archives: blogging

Discover sex sites your visitors are visiting via MyBlogLog…

April 28, 2008

image

I logged into MyBlogLog account and noticed the "what my members clicked on other sites today", since I only have a little amount of members I was curious what they were looking at. I found the following:

- Lin Jing Shan 3P Feng Chia University Scandal, a 161mb sex tape of some Japanese girl and movies of imogen thomas having sex. All of these links came from http://thegutterpost.blogspot.com/.

Which makes me wonder:

a) are people using MyBlogLog aware that anyone can follow them around the Internet?
b) isn’t this private information MyBlogLog shouldn’t share?

Just suppose you join communities on MyBlogLog (you auto join after a couple of visits to a site) and you end up in someone’s new weblog community as the only member. It means that that person can see what you are surfing to.

How To: Instant secure connection to your webhost without typing passwords

April 27, 2008

I had to do this again since I reinstalled a couple of things, so I thought I’d make some screenshots along with the story. The complete instructions can be found here in the dreamhost knowledgebase but the general story is the same for all other webhosts who support SSH. I just made some screenshots along with it and some more descriptions. It works at most webhosts like Dreamhost or MediaTemple.

What are we going to do?  Well, as you know, connecting to your webhost via Telnet (for fiddling around there) and FTP (to copy files over) is very very insecure: you send over all your private stuff, including passwords pretty plain over the Internet so anyone can listen in.
To be more secure we should use a secure connection. Nowadays, we should setup a SSH-2 connection to your webhost to have a secure line. To open up a SSH-2 connection you can use (for instance) a little freeware tool called "Putty" (download it here). (Putty was made by Simon Tatham). Just fill in your username, password and hostname in Putty and you will be able to make a connection, you will be able to manage this copy and paste action. However…

We don’t want to fill in our username and password each time we connect! Because we are extremely lazy and furthermore don’t want to fill in our username and password each time we set up a connection we want to automate this, so that we simply click the connection and we are in! And since it is then simpler than setting up a non-secure connection you will have a. a secure line and b. it costs less effort, so you will go secure!

What do we need?:

Software! Download the three following (yeah, free) packages here (very very small).

1. Putty 
2. PuttyGen
3. PageAnt

Furthermore:

1. You need to have a webhost who supports SSH (most good webhosts do, if they do not, find another one), I’m hosting at Dreamhost and MediaTemple (among others).
2. You need to know you hostname, username and password (normally you get this information when you sign up with your webhosting company, sometimes the information is the same as the telnet/ftp account information)
3. About 15 minutes

Here we go:

 

image Download something that can generate your SSH-2 RSA keys e.g. PuttyGen here.

1. startup PuttyGen
2. click "SSH-2 RSA"
3. click "Generate"
4. move your mouse like an insane Cobol developer with RSI

image Now you have a generated key which you can see in the box above.

1. type in a key passphrase like "helloworld"
2. type it in again to make sure you made no typos
3. save your Public key to somewhere you can remember (anyone may have this one)
4. save your Private key to somewhere you can remember (only you may have this one)

note: ofcourse the screenshot to the left is a demo so it’s no use typing over the 1024 characters to see if they are any use…

image
image
Now we need a tool to make the actual auto-connection, so download e.g. Pageant.exe

1. Start up Pageant, it will sit in your system tray (next to your clock on the bottom right-hand side of your screen…)
2. Click "Add key"
3. And point to the Pirvate key you just saved ( you can see my "privatekey,ppk" on the left)
4. Enter the passphrase you entered above for security 

If all went well you should see your key under the "view Keys" option in PageAnt.

image
image
image
No we are going to actually connect…cool!

1. Rightclick the Pageant icon your system tray and press "New Session"

You can now fill in the data from your session in Putty:

main screen:
1. Type in the Host name or IP Address of your webhost (yeah I know you have to look this up somewhere,it was given to you once but you got no clue where it is, hint: check your e-mail box)
2. Choose SSH as protocol

connection > SSH > Auth:
3. click "Allow agent forwarding"

connection > Data:
4. fill in your username (you also got this from your hosting company "telnet" account) (most of the times the same as the master FTP account)

Now you can go back to the main screen (Session), fill in a name of your session and hit "save" to save it for later. E.g. name it "My Webhost" (not a real handy name if you have multiple webhosts…)

image

We are now ready to connect and save your key on the other end, at the webhosting company itself.

1. press "Open" in the screen you are sitting now
2. if you get a warning from your firewall on your first-time connection choose "allow"
3. you get a dialog box warning you about the keys that are not yet the same, just click ok, this is what we are going to do now.
4. the command box opens and it will fill in your username automatically, now fill in your password (yeah you have to look that up again…) (it’s your telnet password the hosting company gave you).

you should now have a command prompt blinking at you.

5. type "cd ~", this should bring you to your home directory, type "pwd" to check if you are in your home dir.
6. type "chmod g-w ." (don’t forget the dot) (means: must not be group/other writeable)
7. type "chmod g-o ."
8. type "mkdir .ssh"
9. type "chmod 0700 .ssh"
10. type "cd .ssh"

You are now in a fresh new .ssh directory on your server

image
image
Let’s now put our key in there!

11. open up your Putty keygenerator again and load your private key, then select all text at the top, rightclick it and click "copy"
12. go back to the command shell and type:

echo "
rightmouseclick (this copies your key)
" >  authorized_keys

do not forget the " " around the key!

13. now protect the file by typing "chmod 600 authorized_keys"

We should be done now, let’s test it, type "exit"

  right-click the Pageant icon in your system tray, choose "Saved Sessions" > "your saved session" and click it.

You should instantly be in a session with your webhosting company without having to type anything!

wow…cool!

 

If you are going to put pageant on your U3 or USB disk to carry it along, then make sure that you put your keys in a secure place on your stick. One good option is to create a TrueCrypt archive on your U3/USB disk and then hide your secret stuff in there. I made a U3 TrueCrypt 5.1a installer, which you can download here. (it has the dutch language pack installed by default but you can add any other language packs in the zip file).

I hope this saves you some time!

Raven versus Windows Live Writer

April 26, 2008

I just downloaded Raven, which is a blogtool just like Windows Live Writer.

Before I can write my complete comparison review, I first need to try get Raven working and investigate how it works…

One thing that was nice is that it has a portable version so I can run it off my U3 disk "officially" (since I’m using a not-official version for WLW).

When installing it, It detected that I already has installed Windows Live Writer and asked me to import the settings (even from my U3 disk), this look promising! And indeed, after installing, all the information is in there, even the FTP settings for auto-FTP-ing the images to my account. Only the passwords are left out.

The first thing I tried was downloading my past posts to see if I could build a library of past postings but uhm…

image

However, when I took out my U3 USB disk and put it in again, this problem seemed to be solved.

So now lets try to download the latest postings, I see that it can only download the latest 5000 postings, which is a shame, I hope there is a way I can enlarge this to 8500. When I then try to actually download 5000 postings I get:

image

Hmm…. I assume that somewhere one of the 5000 postings it tries to download has some not-really-well-formed code inside it and that this is the reason that it fails, of course this is my fault, however, it would be handy to know which specific post is wrong so I could correct it, let’s see if there is something in the details:

image

Hmmm… I don’t think this is a useful message. What I now need to do first is write my own tool that calls the xmlrpc interface and then try to get the postings one by one and see which one is not-well-formed. However, let me put this in the Zoundry Raven forum, maybe someone has written a tool like this before, could save me some time.

imagepostings in XML Format – I decided to check it somewhat more and found that in my profile dir it kept a complete list of my 100 postings (I could manage to retrieve 100 but not the 5000). Even more cool: these are in XML format!! So this allows me to edit them manually AND… version them! So I can now add them to my svn repository and I will always have the option to go back to previous versions. Pretty cool, this is something that I really wanted to be present in Windows Live Writer.

Posting – So… let’s see if we can post with it. I have typed this blogposting in Windows Live Writer, published it and changed it and republished it a couple of times. so let’s see if we can open it in Raven. I go to the dialog and see (of course) this blogposting (from my previous import) but the one before I made the changes to it. So I press "retrieve last posting" but somehow it does not make the changes in the posting locally. I still see the old one. There doesn’t seem to be kind of refresh. Now… what I assume that needs to be done (but I am not quite sure) is to delete the posting. BUT I then have to be very careful to not delete the version from my weblog but only to delete the local copy:

image

Let’s see if that works… if it does not then I have always the copy in my WLW.

 

 

 

 

 

image

Let’s try to publish a posting. Error: "One or more tag sites must be selected to create links to tagspaces for blog ". Uhm? I don’t use tag sites, I just use the default WordPress tags….

 

 

 

image

I realize that I can configure my posting using the configure box, strangely enough the tabs are beneath the configuration panel. When I look at the tab for "tags" I see tagging sites like Technorati. However, it is not clear to me how to add tags without using inline tags to these tagging sites. Lets search the forum…

 

 

 

I could not find the answer in the forum so I put a "request for help" here.

imageI noticed that the layout of my posting was not really like my own site, so I tried to download the template from my site however, it gives me the error message that "Caused By:[Cause: ‘NoneType’ object has no attribute ‘getDom’  TB: None", so it finds that something is wrong with my template. I’m pretty clueless here, since WLW loaded it without a problem.

So I also posted this question here.

 

update 1: Pidge send me the location of the beta download of zRaven-0.9.286.exe and some debugging instructions to check for the error which occurs first time. Forum Topic here. It only seems to occur the first time, and a simple restart works, so this is not really a problem.

update 2: Working with tags in WordPress is possible. Instead of importing my WLW account profile I should create a new profile, this will pick up my correct WordPress version number, Forum Topic is here and here.

update 3: The error when downloading my 5000 postings will be checked by Zoundry Pidge. Forum topic here.

update 4: The error which occurs when downloading my template, Im still looking into this, it occurs also after setting a new account. Forum Topic here.

Entrecard!

April 7, 2008

image I finally came to it to join entrecard, the web 2.0 blog banner exchange program.

I made a first “entrecard” for my weblog as you can see to the left. The new Xara version 4 came in handy.

The program works with points you can earn by dropping your card on the box on other people’s weblogs. With these points you can initiate campaigns  that will display your entrecard on other blogs for a longer period.

Let’s see what’s more behind this all.