You pay a lot of money for a lawn like this.

Crop Circles

Image via HowStuffWorks.com

This morning I finished mowing the lawn.

I’d started it last Friday. I got it half done when I hit something buried in the grass. A rock? Who knows. It bent one of the mower blades so badly it started digging up the lawn.

Yesterday, Don came down and looked at it. He took the old blades off. They were pretty much disintegrated.

“How’d you cut any grass with those?” he asked.

He put new blades on.

The mower worked alright. It cut the grass. But the left blade cuts a half inch shorter than the right blade.

So the lawn looks like I’ve cut crop circles in it.

I sent Don a picture of crop circles with a note:

“Thanks! The lawn looks better than ever now.”

When You Need a Doctor

Or a lawyer, or plumber or electrician, you can sometimes get away with doing it yourself.

But not always.

That’s why the Dr. Phil show always runs a line in the closing credits that says this show “is for informational and entertainment purposes only and is not intended to replace or substitute for any professional financial, medical, legal, or other advice.”

There’s nothing wrong with doing it yourself when the task doesn’t require any special knowledge beyond common sense. Get a scraped knee. Put a bandaid on it. Sometimes you can pour a little Drain-O down the sink and get by. (Better yet, fill the drain with a box of baking soda and then pour a bottle of vinegar in. But that’s a story for another post.)

A scraped knee is one thing. A broken knee is another. A clogged sink drain is one thing. A burst pipe is another.

Here’s the thing. When you have a totally buggered knee, you don’t go to a website looking for instructions for how to do knee surgery at home. It seems ludicrous to leave a message on a surgeon’s website asking them to “please give me step by step instructions for operating on my own knee.” Or, “Please teach me everything I need to know in order to set up shop as a knee surgeon, and by the way, I’m on a very restricted budget, so I’m not going to pay you, but please help me because my knee hurts so bad I can hardly walk.”

I suppose it happens. It probably happens more often to plumbers than doctors. I’m not a doctor or a plumber, so I don’t really know.

I do know it happens frequently with web sites.

Take this request I got earlier this week, for example:

I would like to clean up the source code on a Responsive Design website that exists and get rid of any unnecessary CSS or JS. Would also require you to teach me why you would strip something and I would do it myself. No FTP access would be permitted and would strictly be hired for me to be trained on this one design to utilize over and over again for more clients, if I ever get any.

Let’s hope, for her prospective clients’ sake, she never gets any. In the same request:

Extensive CSS needs to be EASY not extensive. As you will see, mine are too extensive and a lot of styles are not needed, but I delete them and the website breaks….hence, needing someone experienced at this. 

I know nothing about PHP coding, so this is all HTML; however, I am converting a php client to responsive design which includes a database, so would like you to be experienced with such things as a go-to person for my every need in the future when I start back on finishing up their pages. It is a non-profit ministry that I do not charge any fees, so it can’t be one of these high dollar programmers.

(Hint: if you delete something and the website breaks, you probably did need it, even if you don’t understand why.)

Even when you’re a non-profit ministry, you’re not exempt from “you get what you pay for.” God help the “php client” she’s “converting to responsive design.”

You can launch a website yourself without knowing anything about code. It’s like buying a car without knowing anything about how it works.  You can buy it, and you can drive it, and most of the time it’ll work fine for what it was designed to do.

Just don’t put up a Ford Pinto website and then want to “customize” it to drive like a Cadillac Seville, and to make all the modifications yourself when you don’t even know how to change the oil.

If you know any “low-dollar” mechanics who do Pinto-to-Cadillac upgrades you should probably keep your Pinto away from them if you still want to be able to drive it when they’re done working on it.

“Is It Plugged In?”

… is a valid question even when the technology is almost an extension of your self.

Earlier this evening, I came back to my desktop computer to find that the keyboard and mouse were simply not working.

Nothing seemed to be working. I tried turning it off and then on again. It didn’t work.

I got out an old (backup) keyboard and mouse, just to get up and running.

I ran diagnostics. Nothing. No recognition of my usual keyboard and mouse.

Until I finally realized that “someone” had unplugged my USB hub.

Someone “unauthorized” had pulled it out of the socket to make room to plug in an iPad to play a game of My Singing Monsters while I was downstairs watching TV with my lovely and talented wife.

I’ve got no idea who might have done it.

Lesson learned, nevertheless:

Is it plugged in?

Ironman 2014

Today is Ironman day.

Not the movie Ironman. The Lake Placid Ironman race Ironman. Swim across Mirror Lake a few times. Bicycle 106 miles. Then run a full marathon.

The bicycle course goes past our house. The roads are closed to traffic. So we’re stuck here all day. Last year, the Ironman people left a bag of cookies on our door to say “Thank you with putting up with being under house arrest for the day.”

We make the most of it. Race fans blow air horns and ring cowbells all along the route. We don’t have air horns or cowbells, so we get the pots and pans and wooden spoons out and bang those as the racers go by.

After 9 hours of sitting on the front lawn banging pans, our ears ring. The pots hold up ok, but the wooden spoons are pretty much shot. This is how I get a brand-new set of wooden spoons every year.

In past years, Silas has loved to dress up in costumes to cheer them as they go past. He’s been Santa, various power rangers, ninja turtles. Last year he put on his Ironman (the movie Ironman) costume, which was a big hit. Then he got tired of that, and put on his Tin Man (Wizard of Oz Tin Man). That was also a big hit. Someone must have told someone, because they sent a camera crew out to get some footage of the kid in the costume.

That camera crew came as a surprise. He was a little “creeped out” about it. This year he says he might not dress up. We’ll see.

Because the roads are closed, there’s no church on Ironman Sunday.

The year we got here, Brooke started having church and a picnic on Saturday evening. “You can’t just not have church because they tell you,” she said. And she’s right. You can’t just capitulate to the arbitrary whims of authority.

One of the Ironman racers, down from Quebec, is a regular for the service. He comes with his family. This year his mother brought a blueberry pie.

It’s 8:15 as I write this. The first 5 racers have gone by. A thunderstorm is rolling in, and it’s starting to rain pretty hard. I’m sure there are still people in Lake Placid swimming in the thunderstorm. It’s forecast for scattered thunderstorms all day. They race anyway. Thunder, lightning, hail. Whatever.

You have to be a little crazy to do this race in the first place. I guess the threat of getting struck by lightning just makes you go faster.

WordPress StackExchange: My New Facebook

I’ve found myself scanning WordPress StackExchange the way most people scan Facebook.

After a couple weeks at it, I’ve even got some “cred.” You can see my stats (they call it “flair”) in the sidebar.

One of the most fascinating aspects of the site is getting to the root of “what is a good question?”

There are a lot of questions that are from people looking for free help: “How do I make WordPress do such-and-such.”

These are, generally, not such good questions. You can type the question into Google and find out.

Other questions that prompt more interesting answers. They tend to be What and Why questions. Once you have an idea what and why, the how becomes, if not trivial, just a matter of working through the specifics in whatever situation comes up.

Good questions or bad, the whole thing is a little addictive, in a Facebook way.

Fire in the Hole

This evening we lit a fire in the fire pit for the first time this summer.

That led to s’mores.

After s’mores everyone went inside and left the dad to watch the fire until it burned out.

Someone has to keep the house from burning down.

I’m going to bed smelling like smoke tonight.

Fighting the Hackers

I spent most of yesterday fighting with the hackers.

One of the websites I take care of was getting hammered with brute force password attacks. It’s a WordPress site. This is nothing out of the ordinary. But the scale of it was something I hadn’t seen before. Not on my little sites.

In the course of less than 24 hours, they attempted to guess a not-existent user’s password over 4600 times.

On the one hand, it’s kind of nice knowing that overall the site handled it pretty well. On the other hand, having the site email me with notices every minute or so to tell me that yet another IP (internet address) had been blocked was getting pretty annoying.

My first attempt to cut these password cracking attempts was to block access to the site’s login script for all IPs except mine. It’s pretty easy to do, and you can find the following code on lots of sites. Just add this to the beginning of your .htaccess file in WordPress root directory if you’re on an Apache server:

<FilesMatch wp-login.php>
    order deny, allow
    deny from all
    #Add list of IPs that you want to be able to log in
    allow xxx.xxx.xxx.xxx
    allow yyy.yyy.yyy.yyy
</FilesMatch>

But to no avail. The attacks kept coming.

At the end of the day, I got on the line with the hosting company (it’s a shared hosting situation where I don’t have direct access to the server logs) and asked if they could tell me anything about what they were seeing on their end. That’s when they told me that there had been 4600+ hits on the site’s xmlrpc.php script.

WordPress uses xmlrpc to allow connections from mobile devices to upload posts among other things. Turns out, there’s been a lot of hacking activity around it lately.

One of the hacks is to send an authenticated request by xmlrpc in order to get into the system’s routers (presumably to then be able to route spam and other nefarious stuff through your serve). So it was the xmlrpc that was the gateway the hackers were trying to break down, not the login screen.

The solution was just as simple as the first bit of code. After the code above, just add this to disable the xmlrpc (if you never connect to update your site via mobile anyway):

<Files xmlrpc.php>
    order deny, allow
    deny from all
</Files>

If you need a less drastic approach (say you need to be able to enable mobile update access while you’re on a trip) there’s also a handy plug-in by Mark Kaplun that gives you the option to enable or disable xmlrpc from your WordPress dashboard. You can find it here.

Nivo Slider vs Cycle 2

I just replaced a Nivo Slider with a Cycle 2 slider.

Why?

A client wanted the slider on her website to show different slides for different times. Nivo Slider can’t do that. Not without a lot of hacking.

There are some suggestions here, and here. I tried them both. They didn’t work. The workarounds at those links are probably for a previous version. I don’t know, and I didn’t have a couple days to look into it on my client’s time.

It turned out to be easier to just replace the slider with Cycle 2.

Cycle 2 is incredibly easy to install. Within 15 minutes I had the new slider in place and ready to go, custom slide timing and all.

Cycle 2 is also tremendously flexible. There’s hardly anything about it you can’t customize.

Cycle 2’s downside is that there are only four transition effects available out of the box: fade, flip, shuffle and tile. (You can program your own if you’re feeling ambitious.) There’s also a carousel option. And you have to be minimally able to manipulate html to get your slide show going. If you’re starting from zero, it’ll take longer than 15 minutes. (But it’s not so complex that if you’re serious about it you can’t learn.)

Nivo Slider’s strength is that you can get it as a plug-in for WordPress, and the plug-in does all the work for you. You don’t have to know anything about html at all. Just buy the plug in and use the button in your WordPress Dashboard to upload and install it. In that sense, it’s more user-friendly. (If you’re not using WordPress, you can still use Nivo as a jQuery plug-in, but it’ll take a little extra coding.

With Nivo, what you lose in flexibility you make up for in ease of use. And you get a lot more transition effects built in. For a lot of people, it’s a trade-off worth taking. Even without the range of customizations, the Nivo Slider is still a fine product.

In a nutshell:

  • If you want a Plug-and-Play slider for WordPress, get Nivo.
  • If you need a slider with a lot of flexibility, get Cycle 2.

Designing for Small First

Last week I mentioned that I’m working on a couple new websites.

This time around, I’m doing the builds “mobile first.” That’s to say I’m building them starting with a small (iPhone size) screen, then adding onto the designs for bigger screens all the way up to desktops.

A couple quick initial observations about this:

  • When you’re starting with a small screen, it makes you think about “what is really essential on this page?” Then you strip out what’s not, or provide a way to make it secondary. A big menu at the top of the page, for example, gets replaced by a “toggle menu” button to get it out of the way of the page content until the user is ready to browse for another page.
  • How things ought to wrap around one another as screens get wider becomes more clear when you’re starting small. It’s easier to add layout into a larger area when it becomes available than to cram things together when screen space shrinks.

Bonus discovery:

  • Thoughtful use of media queries (detecting what kind of screen the user is using) is much less a pain-in-the-butt than I thought they’d be.