Category: How To

Stop SOPA And Change Your Registrar

If you have no idea what’s wrong with SOPA, just Google it.

GoDaddy, a pretty well known domain registrar, not only supports SOPA but helped write it. While in recent days they’d stepped back, it got me thinking. I left GoDaddy years ago, when one of my domains was almost up for renewal. I switched it to NetworkSolutions, which was where my other two domains were.

History. When I first purchased ipstenu.org (08-Sep-1999 00:09:50 UTC) we got domains by filling out a web form, getting an email with a PDF, printing it up, singing it, photocopying our drivers license and faxing that back in. Then, if you didn’t actually have a drivers license, you got a phone call and a fun chat with a woman about what was going on, yes, the state ID was fine, the domain will be set up in five days. A year later I bought another domain, and since I had an account with NetSol, it was as simple as ‘I want that one,’ and I was done.

When I got my third domain, I used GoDaddy since it was cheap, easy and fast. Click, click done. In 2008 or so, all the news about GoDaddy’s rampant sexism and general asshattery ended up with me transferring off GoDaddy and onto NetworkSolutions. Except I didn’t. I had a friend do it, since he and I were trading favors. So up until December 27th, 2011, I’d never actually transferred a domain name!

It’s still weird, and reminds me of the fax days, but it’s pretty easy.

It’s not that I was having any issues with NetworkSolutions. But their statement on SOPA, while anti-SOPA, still sat in my craw a little. Basically they were chickening out, and while I was pretty sure my domains were fine (and my relationship with NetSol), it was one of those days when I felt like I needed to make a change.

Namecheap has been on my radar for years. I’ve had an account with them, and no domains, for most of 2011, since the last time GoDaddy got stupid. See, I raise a lot of money for charity, and one of the things I raise money for is elephants. I want them out of zoos and I want them out of circuses. So when I saw GoDaddy’s founder hunted elephants, I had no choice. I couldn’t be a hypocrite and I had to turn my back on GoDaddy. When I decided I should move from NetSol to someone a little friendlier, whom I felt I trusted as people (that’s a huge deciding factor for me) and who had a good rep, I decided to turn to the people taking ruthless advantage of GoDaddy.

Like Namecheap.

See, they hate SOPA. A lot. Enough that between the $20 credit I had from them (for playing Internet games) and the $7 SOPASucks discount they were offering, it would cost me a grand total of $1.01 to move my domains over. The only time I’d ever worry about moving my domain names is if my DNS (i.e. the nameservers) were run by them. They’re not, they’re run by me, which means a transfer like this is all paperwork. No downtime, nothing to fuss about except the waiting.

All the politics aside, if you have no problems with where you registered your domain, and can do everything you want, then there’s no reason to move. I mean that sincerely. I feel that way about webhosts, and all things computer related. If there’s no compelling case for you to move, stay. If there is, though, moving your domain registrar is actually a lot less scary than moving hosts!

There are a few rules about moving domains. Like you can’t make a bunch of edits to your registry info and then move (it looks ‘suspicious’), and there are date ‘blocks’ on certain things that make you wait 45 days. But assuming, like me, you’ve had the same registrar since the dawn of dinosaurs…

Step 1) Turn off domain protection from your existing host.

Makes sense, you’re now setting it up for people to ask if they can have your domain. In the case of NetworkSolutions, you have to check a box to get an EPP Key (Authorization Key). Save that Key, you’ll need it in a minute.

Step 2) Turn off any WHOIS protection you have.

If the transfer company can’t see who you are, they can’t add you.

Step 3) Go and request the domains be transferred over at your new registrar.

Dead simple. You add the domains, the new guys send an email. You read the email, visit the webpage and click “Yes, please. I want you to be my boss.” This is ‘Fax Number 1’ in the old day.

Then you get another email, this time it’s the old domain register. “Oh noez! Why you leave me?” they wail. Or rather ‘Are you sure?’ Click yes again. This is Fax Number 2.

Step 4) Wait up to 5 days.

And write a blog post.

My move isn’t done yet, but it’s ‘in transfer.’ While I understand why we have the back and forth’s of the emails (faxes) to make sure I’m really me and I really requested this (remember, I work at a bank in my day job), it’s still odd that after the approval is done, it’s a 5-day wait.

But there you are. That’s how (and why) you should switch your registrar.

29 December, 2011
Plugin Banners

WordPress now lets you add banners to your plugin pages.

Naturally, I added one to Impostercide that reflected my own brand of humor:

Which is now Nacin approved:

https://twitter.com/#!/nacin/status/149884924990734336

Add your own by creating an assets folder in your SVN repo (same level as tags and trunk) and add a file called banner-772x250.jpg (or .png). Make the image 772×250 px, check in your change, wait 15 minutes, and you’re done!

22 December, 2011
WordPress, DSO and Permissions
I run my server with PHP DSO.(For the differences between DSO and SuPHP, read DSO (mod_php) vs. CGI vs. suPHP vs. FastCGI) It lets me run APC, and I’ve always liked it. It does have some weird problems, mind you, like a tendency to upload files as nobody:nobody, and more importantly it means that you have to set your wp-content/uploads folder permissions to 777. Thankfully there’s a fix!

If you’re not good with command line, scared by shell, and terrified of chmod, you’ll need to find your friendly neighborhood sysadmin to help you out. It’s okay to not feel up to doing this, and it should go without saying that you should make a backup first!

To step back, someone’s going to ask “Why is 777 bad?” Unix permissions are complicated. Every file in UNIX has an owner user and an owner group, and most of the time they’re the same. Mine are ipstenu:ipstenu (which means owner ipstenu, group ipstenu). Now another account on this server, conrel, has conrel:conrel. The groups ipstenu and conrel are both in the same webmaster group, which gives them special permissions. It’s confusing to a lot of people that most webhosts use the same name for the user and the group, but it’s just what we do.

Now for every file, there are three types of ‘ownership’:
1. User ownership – i.e. the user ipstenu
2. Group ownership – i.e. the group ipstenu
3. No ownership – i.e. you who are reading my site
There are also three types of permission levels”
- read (r)
- modify/edit/write (w)
- execute/run (x)
This all works out so when you go in via unix shell and look at your files you see soemthing like this:
-rw-r--r-- 1 ipstenu ipstenu 203789 Oct 5 19:30 stevejobs.png

This means the owner (ipstenu) has rw permissions (which are read-write). The group (ipstenu) has r (read-only), and the world (i.e. everyone else) also has r (read-only). This is an image, no one needs to execute it (which would be an x).(The “1” before ipstenu is for the number of files. “203789” is the size of the file. “Oct 5 19:30” is the day/time I uploaded the file, and “stevejobs.png” is the name of the file.) These rwx letters correspond to numbers. r = 4, w = 2 and x = 1. So when you see ‘rwx’ that equals 7.(There are also options o (other), u (user), g (group) and a (all)… and s … but I’ll spare you that right now. Suffice to say, you can use what you’re comfortable with. I use the numbers most of the time.)

So why is 777 dangerous? 777 means ‘everyone has full access to this file.’ Yeah, that sounds dangerous! I don’t want that! The only person who should have full access is you! But DSO doesn’t like to upload files without 777 permissions. In part, this is WordPress’s fault, but really it’s an unholy combination of things. Alex King explains why it happens, and as of WordPress 2.8, you can fix this yourself.

Just override the default file permissions. It’s genius! I tossed this into my wp-config.php file and I was good to go!
```
define('FS_CHMOD_DIR', (0755 & ~ umask()));
define('FS_CHMOD_FILE', (0644 & ~ umask()));
```
No, the 0 in front is not a typo. 0755 is an octal value. Octal values must be prefixed with a 0 and are not delineated with single quotes (‘). It’s just how it works.

There is a catch, though. My uploads folder had been set to 777, which meant /wp-content/uploads/2011/10 (this month’s folder) was also 777, which totally invalidated my test. That’s easy enough to go back and fix permissions on your folders. I did it this way because I have some caching plugins that I do not want to screw around with:
```
find /home/foobar/public_html/wp-content/uploads -type d -perm 777 -print -exec chmod 755 {} \;

find /home/foobar/public_html/wp-content/themes -type d -perm 777 -print -exec chmod 755 {} \;

find /home/foobar/public_html/wp-content/plugins -type d -perm 777 -print -exec chmod 755 {} \;
```
That code says “Find all folders (-type d) and if they have permissions of 777, change them to 755.” There are more variations on that.(I got the code from NixCraft – Linux / UNIX: Change File Permissions Recursively ( conditional )) If you want to change files, it’s -type f and you’d want something like this:
```
find /home/foobar/public_html/wp-content/uploads -type f -perm 777 -print -exec chmod 644 {} \;
```
That will turn all your images back into permissions 644, presuming they were 777 to begin with. Mine were 755.

The last step I had was chowning the folder for uploads and 2011 to nobody:nobody. That was so on month end, I would be able to create folders (like uploads/2011/11 today) without any issues. The other folders, as they already existed, didn’t need the permissions changed. Honestly, I’m not sure if I needed to set the uploads folder to that. I didn’t set blogs.dir for my MultiSite install, and just did the files folder within, since it had created other folders correctly. It’s a hassle, unraveling years of ‘Did it wrong!’ and when you add in that we’re using different tool sets to upload files versus upgrade and all that … well. It works now.

I also kept the upgrade folder with permissions 777, since that just did not want to work any other way. It flat out refused to upgrade any plugins. I’ve yet to try upgrading WordPress itself with this setup, but I suppose I’ll find out soon.

And that’s it! It’s not 100% painless, and it’s much easier if you start out ‘doin’ it right’, but even after you’ve been doing it wrong for over 5 years, you can fix it.
7 November, 2011
Supporting Open Sourced Clients

You’re hired to build a website and you decide that the best tool for the job is an open source application. So you install it, configure it, add in plugins, tweak the design, and make it a perfect site for your client. You explain how the CMS works, how they add pages, media, etc, and hand over the keys. Everyone’s happy.

Then a month or so later, the CMS releases an upgrade. Your client clicks the upgrade button (because most CMS tools have made that easy) and it installed, but now the site is broken. They contact you, complaining, and you end up spending hours of your time trying to calm them down, complaining to the CMS folks, and being grumpy.

And for a lot of you, this is your own damn fault.

I know a lot of website-building consultants, and I’m not saying this lightly. As a website builder, it’s incumbent on you, the person who installed the CMS, to make sure your clients understand the implications of that CMS, how upgrades work, and to arrange for support, just like you would for any vended product. Basically, if you don’t communicate and educate, you’ve done this to yourself.

Know This Is Not Different

Installing an Open Source product for a client is absolutely the same as installing a traditional, closed source, vended product. It certainly feels different, since there is a far more casual approach to a lot of things, but at the end of the day, your relationship with your client, and theirs with the software you install, is exactly the same, regardless of where the software came from and who wrote it.

A lot of companies worry about Open Source since it’s complicated and nigh impossible to sort out who you can sue if things go wrong. What happens if they vanish? What happens if it breaks? Really it’s not that different. If Microsoft went bankrupt today and closed all their doors, you’d still have everything you bought, but they’d be gone and you wouldn’t get any more help from them. Ditto Apple, and everyone else. In fact, it’s just as likely that a major Open Source app will vanish as it is a Closed Source, or bought out, or no longer supported. And at least with Open Source (and anything GPL’d), the code is mine to maintain as I see fit.

But really, installing a product is installing a product, and the work you do and the support you provide is the same.

Know Your Product

Never install a product you don’t know how to use. Personally, I never install a product I don’t use regularly (which is why I generally only install WordPress, and turn to Andrea if I need help with domain mapping plugins). My reason is that if you use a product, you know what you’re getting into, how it works, and preferably how to tweak it. Some of what you need to know about the product depends on how you plan to support it, but a good rule of thumb is that if you’re installing it for someone else, you either better be an advanced user of it, or know how to get answers, fast, without restoring to forum posts like “Help me ASAP! My client is down!” You’re a professional, you’re expected to learn to use your tools and act that way.

This doesn’t mean you have to know everything, but remember that your clients can use Google, and if they know your handle is ‘Ipstenu’ and they’re using WordPress, they just might search for “Ipstenu WordPress” to see what kind of person you are. So if they search for you and see you being snotty, or using l33t/IM speak in the forums, they might question your professionalism. But if they see you asking the questions they’ve asked of you, they may doubt you. A good idea is to be honest “I don’t know how to do that off the top of my head, so I’m going to research it and ask around.” Network. Ask your friends (you do have friends in your product’s community, right?) and keep in mind your visibility.

Know the Future

We can’t predict the future with any long-term accuracy, but we can prepare for it. If you choose to use a product, you need to know where it’s going. The day to find out about new features is not the release day, nor is it even the pre-release candidates or the betas! You need to be proactive, and keep in touch with the project, where it’s going, and how that impacts you. Every open source product allows for ‘nightly’ builds. These are the things you generally don’t want to run on production versions of websites, but that doesn’t mean you shouldn’t run them on your site. Install the nightly release on a server, set it up so it auto-upgrades every night (or if you use subversion, set up a pull every day or every x hours). Include some sample data, include all the plugins you use on your client sites, and test it at least every week.

Doing all that is a lot of why, which is why some people don’t offer ongoing support (more about that in a minute). Even so, the only way to know your product is to know it. If a product is important to your bottom line, then it’s imperative you know it well. Pay attention to what will and won’t be changing in the next version, and if possible, know why that’s happening, so if your client asks “But why?” you can answer.

This is where I feel Open Source has a clear advantage to closed source applications. Getting on the Microsoft Beta test list is harder than finding parking at the mall the weekend before Christmas. Getting on an Open Source beta test is about as easy as blinking. You can download and test all you want, every day, without asking special permissions.

Know What They Need

Before you go anywhere with a client, you need to ask them what kind of support they want. Are they going to pay you just to build the site, and then you walk away? Do they want to pay you a smaller fee per annum for support, a set fee for upgrades, or hire you at your normal rates to bail them out? Don’t let them drive your decision, though. You’re the one doing the work, and if you have zero interest in ongoing support, be upfront, tell them you’re just going to install it and they need to find other resources for help.

Don’t be a dick about it either, of course. Give them a list of people you know are good for help, some resources for the product, and maybe you can work out a deal with your friends. You get a small percentage of any client referred, for example, to your friend Bob who loves helping people dig themselves out of a hole.

Know What They Know

Any time you install software for someone else, you need to teach them. At the very basic level, they have to know how to use the product, otherwise you’ll get them emailing you new content to post for them. If you want to support that, great, but most people would rather not, so you explain how it’s used. Write up a very basic document for it, save it as a PDF, and include it in your deliverable. Update it when new versions come out and mail it to any client still on your list (i.e. the people who’re still paying you) or post it on your website for anyone to download.

Once your client knows how to do the basics on the site, go back to what level of support you’ve settled on. If they’re going to maintain the site themselves, you need to make sure they know the basics for that too! How to install a plugin, how to upgrade, and so on and so forth. This will make them appreciate you, and hopefully recommend your services to the next guy. Treat people well, it’ll come back to you.

For a product like Drupal, which doesn’t have a full-version upgrade as a one-click option, I usually tell people “Hire someone. It’s a pain.” Beyond that, however, you need to make sure they understand what new versions entail. A lot of people don’t know that WordPress considers a point release to be a major upgrade (i.e. going from 3.1 to 3.2 is a full new version of WP, but 3.2 to 3.2.1 is not). They need to understand that, so when they do upgrade, they know what they’re getting into and aren’t surprised by, say, a new admin menu.

This goes for plugins and themes as well as the basic product. Teach them how to edit themes the ‘right’ way. Explain that they may want to make a duplicate of their site to test upgrades on because, while most work just fine, you should CYA and so should they.

Know How To Communicate, Damnit!

Everything is built off of good relationships with your clients and the product. As we all know, the key to a good relationship is communication. If it’s not painfully obvious, you need to communicate clearly with both of them. Learn how to help non-techs, and learn how to report possible bugs to techs. Bridge the gap between the two, and learn how to translate, because sometimes that wild bug is from your client doing something no one predicted (it happens). You cannot exist in a vacuum, after all and no one’s a mind reader.

When you finish a project with a client, they should know exactly what to do to use the product, have directions on how to upgrade (or how to contact you), how to get help, and what to expect from you in the future. Clearly communicating these things will result in a happier experience for everyone. Or at least an opportunity to do the “I told you so” dance.

What Don’t You Know?

What are some of your tips and tricks for supporting your clients with open source products?

2 November, 2011
SVN up your install on Lion
Cron isn’t reliable, since Apple uses launchd. I’m not the only person who grumbles about this. I know cron. I don’t know launchd, having never had a reason to learn it, so this took some doing. And no, I’m not using a GUI app to write this stuff for me, like LingonApp, since ti feel if I do that I won’t learn how it works.

My goal was simple: Update my local copy of an app (WordPress) when I logged into my computer. Obviously this won’t work if I have no access to the Internet, but that’s okay.

I made a file called wordpress.svn.updater.plist and put it in ~/Library/LaunchAgents/

The content of the file is as follows:
```
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>wordpress.svn.updater</string>
<key>ProgramArguments</key>
<array>
<string>svn</string>
<string>update</string>
<string>/Applications/MAMP/htdocs/</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
```
So basically every time I log in, SVN updates my install of WordPress, which is in /Applications/MAMP/htdocs/ as I’m using MAMP. I tried it with ~/Sites/localhost/ which is an ln link back to the MAMP folder, but according to Console (where I read my error messages), that didn’t work. If I hard coded the path, though, it was fine.
30 October, 2011
Request: Multiple Domains, One IP SSL Certificates

This is actually a request. The server that runs Ipstenu.org hosts three other domains. I set up my self signed certificate just fine for *.ipstenu.org, but I want to add on the other domains. For some reason I seem to be failing.

I somehow managed to get it half-baked. If you go to https://otherdomain.com it kicks you to https://ipstenu.org/wp-signup.php?new=otherdomain.com which isn’t what I want at all.

I’m using WHM on CentOS 5.6 and I’m a total newbie when it comes to all this! Links to tutorials with pretty pictures, advice, or directions are all welcome!

18 October, 2011