Wordpress Logo; source: enWPUh, version 2.1.1 of the popular Wordpress blog software was compromised by a hacker who introduced malicious code into the version that was downloaded and installed by quite a few people across the globe.

While I wasn't directly affected (I hadn't upgraded to 2.1.1 yet), I upgraded another instance of WP on my server immediately because it did have the malicious code, as a quick grep for "ix" in the wp-includes directory showed.

When I decided to upgrade my own blogs to 2.1.2 as well today (skipping the bad release ;) ) I realized again how painful upgrading Wordpress is. While, once the code is in place, it's a one-click upgrade, getting the new code where it belongs is a pain in the arm. Code backup, database backup, disabling plugins, deleting code files (yet not deleting the user files that are heavily mixed up with actual application files), running the upgrade script, re-enabling the plugins.

Upgrading Wordpress should be easier than that. After all, it's an open source project. RERO is what makes it strong, and therefore even weekly updates should be desirable, but easy to do. So far, the Wordpress people haven't done much to solve this: And that is even more surprising considering how many releases they've pushed out since their 2.0 milestone.

I could imagine an options page in the admin interface automatically downloading a diff for the most recent version, trying to apply the patch (incl. merging) and failing gracefully if a conflict occurs (for extra credit, give advanced users an interface to resolve the conflicts). It should also do the DB backup and code backup itself: After all, it has at least read access to both its database and code directory.

This is a similar idea to what the Mozilla project calls AUS: The Application Update Service. It applies binary diffs to Firefox and friends in order to make staying up to date easier for people and save their precious time.

For now, I switched my wordpress instances to an SVN checkout of the latest tagged version, making the download process easier, but not solving the whole backup-disable-update-enable issue.

I like Wordpress -- and I don't seem to be alone: Wordpress is probably one of the most popular blog engines in the world. Now if they made updating as easy as installing it, they could show that their popularity has a good reason.

Read more…

MozillaZine zeppelinThe mozillaZine knowledge base uses a Google Custom Search Engine so people find what they are looking for.

And as you can see on Google CSE's "most popular" list, it's currently the number 3 most popular custom search engine there is (provided, of course, their list is actually sorted).

Not bad, mozillaZine people, not bad! :)

Read more…

So, this week Windows Vista Business became available on MSDNAA (the MS student program) and because I unfortunately still have a handful of programs that require Windows only, I downloaded it and installed it in a virtual machine this weekend.

While installing, I took screenshots (hint to Parallels programmers: This function needs a keyboard shortcut) and published them as a flickr photoset.

Windows Vista Installation

Click here to see a Vista installation in its full "beauty" ;)

So far, it doesn't feel very special yet, but I will click around a little more, and after I played with it in the VM long enough, I might consider updating my XP instance in Boot Camp. Allegedly, installing Vista with Boot Camp works flawlessly, but I am not sure about updating an existing copy of XP. If anyone has experience with that, let me know!

Read more…

If you ever wanted to know how hard we are actually working here at Mozilla, just take a look at the MozillaWiki Statistics page.

At the time of writing, it says there are 18,446,744,073,709,551,054 pages that are "probably legitimate content pages":

Mozillawiki Statistics on 1-19-07

That's roughly 18 and a half quintillion pages. Happy reading! ;)

PS: It's obviously extremely unlikely that this is a mistake. The internet doesn't lie, after all.

Update: This was filed as a bug and fixed now, which reduced the number to a boring 260... That still sounds wrong (there have to be more than that) but it's slightly closer to reality, for sure :)

(via dailywtf)

Read more…

Since a little while I was checking out Zooomr, a young photo sharing site that happened to hand out "pro" accounts to bloggers when they blogged articles with zooomr pictures in them.

Zooomr ScreenshotAfter using it for a while, I had stumbled across quite a few things that I didn't like, were missing, or simply too hard to do. While zooomr is still beta (and the reason to give away the accounts as mentioned above is clearly because it is not in its final development stage), I felt inclined to try out its "big brother" flickr as well, because up until now, the Yahoo company is, after all, setting the standards which zooomr tries to compete with.

So I bought myself a one-year pro account for flickr in order to be able to compare the two.

Let's look at some of their features side by side: <!--more-->

General appearance

A word about the general appearance and features of the sites: Both of the sites are quick, pretty simple to navigate and offer similar things to their pro account owners. They come with quite a few RSS feeds in different places and allow you to tag your photos and publish them under a Creative Commons License, if you want. They also look pretty similar. I don't see many qualities here that would make one significantly better than the other.

Smart sets vs. sets

Zooomr has a very nice set feature called "smart sets" that creates photo sets based on distinctive criteria such as tags, date taken or owner. These sets are theoretically able to update themselves, so if I want to keep all my "fun" photos in one ever-growing set or all pictures which happen to show me, I can easily do so.

Flickr instead only knows static sets which -- while they can be filled with well-filtered image results -- won't grow on their owns. Also, flickr sets can't contain other people's photos as well (which smart sets will, unless I filter for myself as the owner).

The better set feature is in my opinion almost clearly zooomr's smart sets. Unfortunately at the moment, the feature has a few implementation problems: I frequently encountered empty sets when I filtered for, apparently, too "popular" tags (like "fun"), and sometimes not all pictures I was expecting to show up actually appeared in the set. Also, I am unable to group, say, 3 seemingly unrelated pictures in a picture set, if they don't have distinctive features I can select them with, since Zooomr doesn't support manually created/refined sets yet. But once that is cleaned up and fine tuned, the smart sets will be a really nice and powerful feature.

Sorting, organizing and batch editing

Flickr ScreenshotThis point almost immediately goes to flickr: While Zooomr simply has no possibilty to sort pictures in sets, bulk edit them, or even delete several of them at once (at least none I could find), Flickr comes with a fabulous tool called "Organizr" which contains an armada of options to sort, edit, tag, or even delete batches of pictures and also to edit their access permissions and picture licenses. On zooomr, I even searched in vain for a preference setting to choose your default picture license, let alone chanigng it for a bunch of pictures after they were uploaded: You had to do it one by one.

The Bottom Line

Flickr, after their Yahoo buyout admittedly with many more resources than any startup could possibly have on their owns, has, for the most part, understood what users need to conveniently organize and share their private pictures online. They make juggling with sets of dozens of pictures easy, quick, and through their intensive, yet unobtrusive, use of DHTML, making your pictures appear on the internet the way you want has become as intuitive as never before.

Zooomr, however, still looks quite promising and they are on the right track: With much less resources they managed to make a tool that is almost able to compete with what flickr has today, and if they keep on fixing the bugs and improving their beta software, they can become a serious competitor. However, they need to make sure that they stress features that distinguish them from every other photo sharing website out there, with cool features like their smart sets or similar. Just doing the same everybody else does will not keep them over water in the long run. And while being cheaper than flickr (which currently sell their services for 25 dollars a year) can be an additional argument, it is unlikely that saving 2 to 5 dollars or so a year will by itself convince new customers to decide for them, let alone convince existing flickr users to switch.

After all, don't underestimate the "but all of my friends have flickr!" and "but I have all my pictures there already!" effects (in economics, we speak of network effects and, after you dump a few hundred pictures at one site, a form of lock-in).

Read more…

Hello again and greetings from MacWorld 2007 in San Francisco!

Macworld 2007

To be exact, from the Microsoft Blogger Lounge. That sounds strange, but it's true ;) And while the upcoming (?) Microsoft Office 2008 ranks pretty high on my (ever-growing) list of things I could not care less about, the whole blogger lounge thing is a pretty nice move. But then again, it seems kind of lame that they just offer wired Internet: That's about as lame (or 1992, or web 1.0, you name it) as it gets. Here are some pics:

Macworld 2007
Macworld 2007
Macworld 2007

Macworld is an interesting type of expo. Almost every single booth offers something you can attach to your iPod, or software you can run on your Mac, or more or less useful things you probably never really need, but people buy anyway. <!--more--> By the way: While Steve Jobs deliberately ignored the whole "software" topic in his keynote on Monday, he leaves this job to his employees, presenting key features of Mac OS X 10.5 on one of the two gigantic screens that form the center of the whole expo floor. On the other one, by the way, some nameless Apple person also played with an iPhone, with lots of curious Mac users listening.

Macworld 2007

However the actual star of this year, in my opinion is the Apple TV which -- and I am not sure why -- gets quite a bit less attention from the visitors than the iPhone (even though the latter is hidden behind glass). But judging from what I see on the neat HDTV screens they are showing off...

Macworld 2007

... the Apple TV could really be an enhancement for my living room. Also, it doesn't seem to be as ridiculously overpriced as the iPhone.

Feel free to browse through my other Macworld pictures as well.

Read more…

As "Washington Post" blogger Brian Krebs calculated, MS Internet Explorer was "unsafe" for 284 days in 2006. (And by "unsafe", he means "with known, yet unpatched, security holes"). That's more than 75% of the year.

In comparison, Mozilla Firefox experienced a single such period of 9 days total in the same time frame.

I really had no idea that the difference was so significant: I am stoked. (And I'm proud of the many hard-working Firefox contributors who do their best every day to make your browsing experience a safer). Good job!

(via BoingBoing)

Read more…

Ajax 13, a very young startup from San Diego, has developed an impressive collection of very, very sweet AJAX Office applications:

the Ajax 13 office tools applications

There are a write app as well as a spreadsheet tool which, if they want it to be successful, will surely have to try hard competing with Google's recently "hyped" Docs & Spreadsheets.

However in addition to that they also have a presentation tool (ajaxPresents) that -- judging from my first impression -- looks and feels pretty much like the big standalone applications, Powerpoint and OpenOffice. It can also export and import these two file formats, which makes it a brilliant tool to edit presentation slides on a computer where you happen not to have an office suite installed.

But there are even two more on the list: A drawing tool called ajaxSketch (conveniently exportable to SVG) and an online MP3 player called ajaxTunes (if I see it right, it's Flash, not AJAX, but ah well).

Writely logoAll in all this seems to be a very interesting company to keep an eye on; and I would not be surprised if they made it on the list of Google acquisitions some time soon -- just like Upstartle, the company which produced the tool Writely, now part of the aforementioned Google Docs & Spreadsheets.

Link (via Glazblog)

Read more…

The new options on google code

Yesterday the Google Code project hosting was updated for the first time (as far as I can tell) after its release in July 2006. Two of the major "flaws" in Google's simplistic approach to Open Source project hosting have been fixed:

  • We were unable to provide downloads of binary releases and similar
  • Projects could not have a documentation webpage or similar

These two issues made Google Code hosting -- while being a nice, new thing -- overall inferior to the well-established services of sourceforge. And while Google made clear they didn't "want to hurt SourceForge", an important decision a young Open Source project faces when it starts is where to put the code and what is best for the project.

Not having any website or possibility to download a precompiled package is not one of the best things for projects, for sure.

With the new features, Google Code has become a real alternative to SourceForge and I imagine in the time to come, Google's code hosting will steadily grow and get more projects that did not go there before for lack of these features.

A nice thing to mention about the Google Code hosting Wiki is that it apparently keeps its version history in SVN. So going back in time when checking out the source tree will also give you the Wiki status at that point in time. Very neat, if you ask me.

Adding downloads, however, sounds to me like a no-brainer and I am confused why they didn't have this feature from the beginning. Allegedly, project owners helped themselves by just uploading the release files to the SVN source tree and pointing their download links directly to the HTTP interface of the SVN server. Not too surprising -- and that can put quite some load on a repository server. This "feature" is therefore not so much a new invention as it is closing a hole that shouldn't have been there in the first place.

In any case I am eager to see how the open source community (and sourceforge) react.

Read more…

Yesterday I read about an "involuntary web service" by google that lets you create rounded corners on the fly, such as this one:

Google-generated rounded corner

A very neat and nice way to create rounded corners without spending too much time with the Gimp or so. (That's probably why Google did it in the first place).

Another neat web service came to my mind later that day. It does not exist yet but I would love to find that somewhere:

Apple iTunes mirror effect

A mirror effect like this one used by Apple in iTunes (underneath the actual photo). As far as I know for Mac OSX programmers there is an API that does that and therefore this effect is extensively used in some OSX applications.

That would indeed come in quite handy at times and I imagine it would look quite nice in people's blogs. Another idea would be the auto-generation of drop shadows for images.

Does anyone volunteer to write a script? :)

Read more…