Four Film Plots Explained Badly


A falcon statue changes hands in the fast-paced antiquities market.

A Vietnam-era Huck Finn travels up the Nung river in search of adventure.

Batman battles Wolverine while Black Widow and Alfred the Butler are forced to choose sides.

The actor who will become Han Solo wrecks the car that will become the Millennium Falcon.

Quote of the Day – Aziz Asnari

“I read too much Internet. We all do. Imagine printing out all of your Internet reading from the last year and putting it into a leather hardcover. Would you go to your best friend and say ‘This is a great book, you need to read this’? No, it would be the world’s shittiest book.”
– Aziz Asnari

Tam’s Blog Has Left the Conversation

Tam has checked out of blogging due to a creepy stalker. I hate that she’s in that situation. I can’t blame her calling it quits, but I’ll definitely miss her blogging.

I started this blog in February, 2003. At one time I averaged five thousand visitors a day. I used to post every weekday, sometimes half a dozen posts daily. If I couldn’t post something in the morning I’d put up an apology about not having any free ice ream that day.

Since starting the blog I got married and had a kid, then another kid, then another kid, and the blog posts have gotten farther apart. Lately I’m happy if I post once a week to whoever still has me in their feed reader – the days are long past that anyone would check the front page for new posts every week, much less every day. Like lots of other bloggers, I post more material on Facebook than I do on my own blog. The daily visitor count is down below 200.

Tam was one of only five bloggers that I still read every day. And I go to them straight from my bookmarks toolbar. RSS? Forget it. There are dozens of blogs still in my RSS feed reader, but I only fire it up once or twice a month if I’m bored out of my mind. I have to use Feedly now because Google discontinued Google Reader, which wasn’t exactly a show of support for the future of blogging.

There are still great bloggers out there, but the fire is gone from the first generation. Jeff Jarvis said that blogging is a conversation. As the number of people talking drops, the conversation gets a lot less interesting.

iThemes Security WordPress plugin has a great new feature

WordPress installations often get broken into by brute force guessing of the password for the “admin” account. Changing the administrator account to something other than “admin” is the single best thing you can do to improve WordPress security.

My favorite WordPress security plugin is iThemes Security (formerly WP Security). It has every security feature you can think of in one plugin, and is available as a free plugin or a paid version with more features. I just noticed that it has a new feature. It can automatically blacklist IP addresses that try to log in using the admin username.

  1. Install iThemes Security plugin. In the WordPress administration panel, click on Security. It will be on the left side near the bottom.
  2. Before making changes, make a backup of your database on the off change something goes wrong. Click the Backup tab. Click the Create Database Backup button. While you’re in the tab, it’s a good idea to schedule automatic database backups.
  3. Click the Advanced tab. Change the administrator name to something other than admin.
  4. Click the Settings tab. Under Brute Force Protection, check the box for “Immediately ban a host that attempts to login using the “admin” username.”
  5. Click the Save All Changes button.

That will stop 99% of bogus login attempts.

Immediately ban a host that attempts to login using the "admin" username.

Another WordPress plugin I like is Captcha (free and paid versions available). It protects the login page and comments from bots by asking the user to answer a simple math problem.

Run PHP code in a WordPress widget

I had an advertiser who wanted his link to appear in the right sidebar of the site, but only on the home page of site. Sidebar widgets usually appear throughout the site, so I had to figure out how to make it work.

I knew WordPress supported an is_home() conditional statement, but PHP code can only be executed in themes and plugins, not in free text/HTML. I tried inserting the code into the functions.php code, but never got it to work exactly right.

It turns out there’s a WordPress plugin called PHP Code Widget that lets you execute PHP code inside a widget. Just type it in along with your text and HTML and it works. Here’s the code:

<?php if( is_home() ) : ?>
Text and HTML go here and will appear only on the home page.
<?php endif;?>

11 Year Blogiversary

My first blog post was 11 years ago tomorrow.

In the past 11 years sometimes I’ve blogged more and sometimes less. It’s been almost two months since my last post, which is a personal record.

There are lots of reasons for the lack of blogging, all of them good. I started a new job in July and I still have consulting work coming in from the time I was unemployed last year and turned to consulting. Having three kids keeps me busy and I’m trying some new hobbies, like learning the ukulele with the kids.

So I’m still around and thanks to everyone who emailed to make sure everything was OK. I’ll still blog from time to time, so keep me in your RSS reader.

Go Visit, and a Different Theory About Easter Island

Too busy to blog much right now, so go visit Lots of good seminars there on a variety of topics. The videos are subscriber-only, but the summaries are good and you can listen to the MP3 version under the Downloads tab.

I found it by way of an article about Richard Feynman’s involvement in Thinking Machines Corporation. (If you don’t know who Richard Feynman is, eat 10 packs of Ramen without the flavor clod, then find a copy or Surely You’re Joking, Mr. Feynman or What Do You Care What Other People Think? He’s turning out to be one of the more relevant figures in 20th century science culture.

I liked the seminar on Easter Island. The traditional Easter Island narrative is an ecological morality play:

  • The stupid Maori people spent all their time building statues in a fit of vanity.
  • The stupid Maori cut down their forests for the logs needed to move the statues.
  • The stupid Maori spent the rest of their time and resources in intra-island warfare.
  • Stupid Maori were stupid.

Anthropologists Terry Hunt and Carl Lipo’s talk presents a different view:

  • There’s no archaeological evidence of inter-Maori warfare prior to European exploration. No fortifications. No battle-related injuries on skeletal remains. Their primitive stone implements had the blunt tips of tools instead of the pointed tips you would expect of weapons.
  • The Maori moved the statues with ropes, not logs, so deforestation had nothing to do with the statues. Their experiments seem to support this. Besides, how many freakin’ logs do you need to move some statues? Not enough to deforest an island. (Wikipedia notes that some suggest the Little Ice Age of 1650 to 1850 contributed to the decline of native trees.)
  • Based on carbon dating, Hunt and Lipo propose that Easter Island was colonized around 1200 AD, rather than other estimates which put the date as early as 300 AD.
  • They posit that the deforestation was caused by the introduction of rats from European ships – the rats ate the trees’ nuts. From a study quoted on Wikipedia: “Rat teeth marks can be observed in 99% of the nuts found preserved in caves or excavated in different sites, indicating that the Polynesian rat impeded the palm’s reproduction.”
  • The depopulation was largely a result of the resulting deforestation combined with diseases introduced by European explorers such as tuberculosis and smallpox, combined with later slaving raids from Peru on the island’s reduced population.
  • The apocryphal overpopulation to 30,000 inhabitants never happened. That makes sense – indigenous populations are unlikely to exceed their historical resources. It isn’t like they can ask their central bank to print money to buy food from another country.

True or fales, since Easter Island makes such a pat simple ecological ghost story I expect the old narrative to be defended to the last man standing.

About Craigslist Free Stuff

I love Craigslist. Good place to buy and sell locally. But I decided to shy away from ever giving anything away anything on Craigslist after reading this:

Family Loses Everything After Craigslist Post Gone Terribly, Horribly Wrong

Facing foreclosure on their home of 20 years, Pam Hobbs and her son lost even more when a yard sale posting on Craigslist gave people the impression that it wasn’t just the furniture in the driveway they were giving away for free. Folks were welcome to come into their home and take anything — and everything — they could get their hands on. Total. Chaos.

Terrible story. Even short of that, free stuff attracts people who can’t even afford the five dollar cover charge. A safer bet is to drop the stuff off at the nearest Goodwill or Habitat for Humanity.

Something to work into my writing

“She was atwitter before there was a Twitter.”

Turn Your WordPress/Blogger/LiveJournal Blog Into a Book or PDF

Someone asked me about exporting their entire blog into something readable and printable. Here ya go.

Study: Real Photos Better Than Stock Photos

Marketing Experiments BlogThis Just Tested: Stock images or real people?

So what were the results? Well, Mrs. Generic finally met her match. It appears that an attractive smile is not a match for a good name. Overall, the familiarity hypothesis held some water. When the recognizable image of the founder was used, visitors were 35 % more likely to sign up for a free consultation. Remember, this is a 35% lift on top of many other previous gains in the testing-optimization cycle.

I was having a conversation with a friend who also works on websites just yesterday about how much we hate sites with generic, stock photos of people in offices. Nothing says “cheap, generic website like a photo of people in business clothes working on computers.

My friend told a funny story about his friend in the web design business who goes one step further. He takes a stock photo of an office building and Photoshops the business’s name on the side, even if they only have a couple of employees. Like no one will ever notice when they actually visit the business.

Stock photos are okay. Places like make it easy to customize the look of a site with quality photographs for a few dollars. I have a client right now who does business locally rather than nationally, so I’m using stock photos of local landmarks so that visitors instantly know he’s local to them. It’s just the generic photos of smiling people that make a website look generic and insincere.

90,000 Strong Botnet Trying to Break in to WordPress Sites

wordpress-logo-notext-rgbArs TechnicaHuge attack on WordPress sites could spawn never-before-seen super botnet:

Security analysts have detected an ongoing attack that uses a huge number of computers from across the Internet to commandeer servers that run the WordPress blogging application.

The unknown people behind the highly distributed attack are using more than 90,000 IP addresses to brute-force crack administrative credentials of vulnerable WordPress systems, researchers from at least three Web hosting services reported. At least one company warned that the attackers may be in the process of building a “botnet” of infected computers that’s vastly stronger and more destructive than those available today. That’s because the servers have bandwidth connections that are typically tens, hundreds, or even thousands of times faster than botnets made of infected machines in homes and small businesses.

The attacks currently target the “admin” username and 1,000 common passwords. If you’ve got a simple or obvious password, now’s the time to change it.

If your WordPress admin account is admin you need to change that, too, and not just because of this bot network. I monitor failed login attempts, and 99% are using “admin” for the username.

I recommend the Better WP Security WordPress plugin for changing the admin username, monitoring failed logins and excessive 404s, and a whole lot more:

  • Change the database prefix from the default of “wp_”.
  • Disable admin logins during times when you never login.
  • Hide WordPress information in source code and files such as readme.html. That makes it less likely that Google searches and script tools can discover WordPress installations or WordPress versions with specific vulnerabilities.
  • Monitor file changes. I exclude directories that are supposed to have frequent file changes, like cache and backup directories:
    • wp-content/backup-db
    • wp-content/cache
    • wp-content/updraft
  • Temporarily or permanently ban access from IP addresses with excessive failed logins or 404s. Be careful with this setting. A search engine might hit the 404 limit when trying to access old URLs.
  • Optionally enable SSL for logins, admin area, or even the front end.

Backup WordPress First

Before making the security changes, backup your WordPress install. You should be doing automated backups anyway in case of successful hacks, server problems, or human error. Better WP Security has a backup feature, but I’ve tried it on two separate WordPress installations and couldn’t get the scheduled backup feature to work.

Instead I’m using the UpdraftPlus WordPress plugin for backups. It can backup the database and files separately. You should backup the database more often than the files. The database changes every time you create or modify a page or blog post, or receive a comment. The database is relatively tiny – even with thousands of blog posts and comments mine is only 437 MB – so backing it up doesn’t take much processor time or disk space.

Updraft Plus can email you the files, FTP or SSH them to another server, or upload them to cloud storage. Amazon S3, Dropbox, and Google Drive cloud storage are currently supported. You can choose to receive an email report every time the backup runs.

My Latest Invention – The Facebook Clip Show

You know how, when The Simpsons needs some material post haste, they piece together a clip show from pieces of previous Simpsons episodes? So what do the same thing, but with Facebook posts? And if you aren’t following me on Facebook it’s all new to you.

The Status Updates

I don’t understand the point of roller skating rinks. I could stay at home and hold on to a wall.

Wife is out with a friend for a performance of The Vagina Monologues. I wonder if she’ll buy me a t-shirt?

If I ever open a bookstore I’m going to call it Books on Paper.

The Image Macros

From the “Obama said ‘Jedi mind meld” hilarity a few weeks ago:



I made one myself.


The Video

I usually only listen to lame white boy rappers with three nipples who go on to have sucessful acting careers, but this is pretty good.

The Photos

It seems like I never post my photographs on the blog anymore, so here’s a series from Facebook:




Using WordPress? Install Better WP Security to See How Many People are Trying to Break Into Your Site

I’m writing an article for work about WordPress security. Part of the process is trying different WordPress security plugins. One of the plugins I tried it Better WP Security, a Swiss army knife of security tools. One of its features is to log failed attempts to log into the WordPress backend.

Better WP Security Failed Logins Log

50 failed logins to the administrator account in 6 hours – Click to Enlarge

It turns out I’m getting hundreds of login attempts every day from people trying to guess the administrator password. That’s a bad thing.

A couple of things you can do if people are trying to log into your site:

  • Make sure you’re using a strong password.
  • Change the administrator account to something other than the default of “admin.” It’s under the User tab in Better WP Security. All of the failed logins for my site are for the “admin” username.
  • Turn off verbose login error messages (Remove WordPress Login Error Messages under Tweaks tab). By default, WordPress tells people whether their login failed because the username was bad or the password was bad. With this option off they won’t know which part of the login was incorrect. Let them think they should keep trying to get in with “admin.”
  • Enable login limits (Log tab). Users who give bad login credentials x number of times in y time period will be locked out of the site for z minutes. Optionally you can block IP addresses after a certain number of lockouts. You can opt to be notified by email when lockouts occur. The emails include the person’s IP address, which the log screen doesn’t. On my site about 50% of bad logins are from China, 30% are from Russia, and 20% are scattered all over the world.

Ice Storm Here in Knoxville. What Would Bear Grylls Do?

What Would Bear Grylls Do?

But hey, at least we got a cool name for our ice storm: KHHAAAAANN!