» ExpressionEngine



ExpressionEngine – Display Flickr stream with FeedParser
Posted by Stephen B. on July 3rd, 2014

Recently, a Flickr-powered photo gallery stopped working on a site that we developed. Investigating the problem a bit further, it appears that the add-on we were using (Brett Dewoody’s “Flickr” plugin for ExpressionEngine) had stopped working – apparently due to recent changes to the Flickr API. As the developer of the plugin has announced that he is no longer updating it, so we needed to find another way to do the same thing.

Fortunately, it turns out that the (excellent) FeedParser plugin can do the same thing – read on for the details. We’ll also cover how to display more than 20 images from Flickr via RSS, working around a limitation of their default RSS feeds.


» Post a Comment – Google’s link-shortening feature – used to spread malware
Posted by GeorgeB on June 26th, 2014

Spam watchers are noting a new trend: using Google’s link shortening tool to hide the real location of links to malicious software.

The links are in a variety of spam attacks, including supposed access to Dropbox files, tax refunds, voice mails and faxes. This replaces the usual bait-and-switch links that, as anyone familiar with even basic html will know, claim to point to one web site address while the underlying, hidden link actually goes somewhere else. It’s a bait-and-switch trick that’s simple to expose: hover your cursor over the visible link and, if the actual link that pops up is different, then you’re being phished.

In this case, however, the visible link and the underlying link are the same:

Hover over the link, and you get the same web address. But when you actually click on the link, you go first to the Google link shortening tool which then redirects you to the link containing the malicious software that will now infect your computer. Thanks, Google.

So there are two solutions: Google needs to put a stop to this, or Internet users need to stop clicking on any links using Google’s link shortener.

Since we have no control over Google – and don’t know how or when they’ll deal with this problem – our solution is to block any email that contains and warn the crew here never to click on that type of link in any emails that slip through our filters.


» Post a Comment


Firefox – Stop Pages from Hijacking the “Tab” Key
Posted by Stephen B. on February 16th, 2014

This one has been a personal pet-peeve of mine for a while now: text fields that hijack the “Tab” key, breaking the Ctrl-Tab & Ctrl-Shift-Tab keyboard shortcuts (to switch between browser tabs) in Mozilla Firefox. Many text editing components do this, particularly ones meant for editing code of some kind, so that pressing the tab key indents instead of switching to the next form field – inadvertently breaking a common, useful keyboard shortcut.

A Google search turns up numerous bug reports, feature requests, and support forum posts complaining about the issue – going as far back as Firefox 3.6 (2010), so it doesn’t seem to be a big priority for Firefox’s developers (evidently they’re too busy creating a poor imitation of Chrome’s user interface). But, as is often the case with Firefox issues, it is possible to fix with some 3rd-party add-ons – read on for the details.


» Post a Comment


Rogers “Extreme Text Messaging”: Useful Features, Silly Name, and Glaring Security/Privacy Risks
Posted by Stephen B. on December 28th, 2013

There’s a set of options that Rogers Wireless bundles under the heading “Extreme Text Messaging” – while it’s not heavily publicized (apparently it’s been around since 2010), it does include some very useful options. It also illustrates one of the more annoyingly-lazy product/service-naming trends (at least they didn’t call it “Xtreme”), and opens Rogers customers up to some fairly serious security/privacy risks – but more on that aspect later. (more…)

» Post a Comment


A Beginner’s Guide to WordPress Security
Posted by Stephen B. on April 8th, 2013

WordPress is one of the most popular blogging/CMS (Content Management System) applications in existence; according to some statistics, WordPress accounts for more than 50 per cent of all CMS-powered websites totaling more than 60 million websites worldwide. This popularity has a flip-side though: there are probably more compromised (hacked) sites running WordPress than any other CMS. But this does not mean that WordPress is inherently insecure – or that it cannot be made secure.

In this post, we’ll take a look at some of the common issues that can lead to compromised WordPress sites – and some of the basic strategies that web developers can use to help ensure the security of WordPress-based sites.




Exporting User List From
Posted by Stephen B. on March 5th, 2013

One of the main problems with the web-based application “” is the absence of many basic features – this includes the lack of any built-in functionality for exporting a list of EMail addresses for the site’s users. The only instructions I could find appear to assume that you’re already familiar with Python development in general, and Zope/Plone in particular (in which case you probably wouldn’t need the instructions in the first place). Faced with a need to export a list of user EMail addresses from a install, and not being familiar with its underlying technologies, I had to find a different method – preferably one that didn’t involve hours of manual copy-pasting.

Read on for the instructions.


» Post a Comment


Updating Expression Engine – The Fast Way
Posted by Stephen B. on February 15th, 2013

Ellis Labs’ ExpressionEngine is one of the best CMS packages available; if you’ve done development work with it, then you’re probably already familiar with its advantages over other CMS software, including free/open source options like Drupal or WordPress. And you also probably know that the process of installing updates is definitely NOT one of ExpressionEngine’s advantages. The upgrade process involves numerous manual steps, you can’t simply overwrite the old files & folders with the new ones (problems will often occur if you don’t remove old files first), and the process involves taking your site offline for at least 10-15 minutes – if you follow the upgrade instructions provided by Ellis Labs, that is.

Fortunately, there are a few simple tricks that can speed up the upgrade process considerably, while also making it more straightforward and removing the need to take your site offline for more than a few seconds. Read on for the details.




Revealing Glimpse Under the Hood of a Broken Comment Spam Bot
Posted by Stephen B. on January 18th, 2013

Earlier today, the Smartypants blog received yet another “faux-praise” spam comment – one of those comments that attempt to look legit, but are still obvious spam because of how generic and semi-literate they are (“Thanks you for all the wonderful infos!!!”). Run of the mill stuff for anyone who runs a blog, or any other type of site that allows commenting, right? This one was a bit more interesting, though.

One of the oldest methods of identifying spam is to look for multiple, identical messages (old-timers are probably thinking “Briedbart Index” right about now) – so spammers will often add random variations to each message in order circumvent filters. And that’s what makes this particular comment spam interesting – for some reason (probably misconfiguration), the comment contains some sort of template markup, which show all of the possible variations of the message. Most of them are minor, such as slight changes in wording:

I {couldn’t|could not} {resist|refrain from} commenting. {Very well|Perfectly|Well|Exceptionally well} written!

In simple terms, this spammer has accidentally posted his entire script/template for generating seemingly-unique comments. Read on for the full script.


» One Comment


Google Plays “Hide the Free Version” with Apps for Domains
Posted by Stephen B. on August 28th, 2012

A few years back, Google introduced a free service called “GMail for Domains” – in a nutshell, it allowed domain name owners to use the GMail service for their domain’s EMail accounts. Later, this was renamed to “Google Apps for Domains” when it was expanded to included other Google apps like Docs & Calendar, around the same time that Google started offering a paid version for businesses. Unfortunately, this was also right around the time that they started making the free version progressively more & more difficult to find (just a coincidence, no doubt).

For example, this post from 2008 describes how the only way to signup for the free version was to start the signup process for a trial of the paid version, and then click a “Compare to Standard Edition” link on the second page. Four years later, and even that option is no longer available – in fact, Google’s main page for the service doesn’t contain even a single reference to the free version (and refers to the service only as “Google Apps for Business“).

Fortunately, there is still a way to sign up for the free version – as of this writing (August 28th, 2012), the only signup link for “Standard” (free) version is on the Google Apps Pricing page (you can also go directly to the signup link for the free version).

» Post a Comment


A Fix for HTML Issues with the WordPress Visual Editor
Posted by Stephen B. on August 6th, 2012

If you’ve done web development work with WordPress, you’ve probably run into this situation: you create a form or some other type of complex content in an external editor, test it as a static page, and it works fine. Then you create a new page in WordPress, paste the code into the HTML tab, and publish the page – but when you check the page, you see that WordPress has added <p> and <br /> everywhere there was a line break in the HTML code itself.

Fortunately, there is a fix – read on for the details. (more…)




this isn't the link you're looking for (REALLY, we mean it)