Code of the day: The Captcha!

Why?

Well for the upgrade process I deactivated the plug-ins for WordPress (including the Captcha! Plugin) because they recommend it in the upgrade docs. All in all the site was back up about 10 minutes until I reactivated the plug-ins, so basically it had it’s trousers down for a short period of time. and what happened?

See for yourself, part of an email in my Inbox:

A new comment on the post #108 “WordPress – Captcha! Plugin and Line Breaks” is waiting for your approval:
Author : George (IP: x.y.z , undefined.x.y.z)
E-mail : Joshua@mail.com
URI : http:///images/_vti_cnf/casino-gambling/
Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=x.y.z
I got a spam comment! In exactly ten minutes where the site was “vulnerable”. How ridiculous is that? How often are they trying to spam comment blog sites? I wonder how much traffic they are generating just by trying to hit the comment-post page? Well anyway, I’m very happy that I have my Captcha! Plugin for WP (see here for details). Even though development on it is not being continued, but hey it works!

Ping! and a WordPress Update

As usual it’s bin a bit quiet over here. I increase my posting frequency at large events – as you may have noticed – but I try to post some bits now and then. Actually I’m currently writing (or better preparing to write = researching) for my master thesis’s, without telling you too much yet, it’s about proactive service invocation. It’s part context-awareness (my favorite), a lot of statistics, prediction and information theory and last but not least of course the prototype will of course be implented somewhere in the .net world. Stay tuned for more (probably when I finish some of the subcomponents I’ll blog about them)…

But nevertheless I just heard about some security issues in WordPress 2.0.3, so I’m in the process of updating… So in case something goes wrong, you might neven know about it, because the update is going to happen just about 5 minutes after this post, but if you are reading this then everything went well. (I know it doesn’t make much sense…)

Virtual Windows Servers

About a year ago I bought two different Windows Server “Root” packages from two different companies. Actually I started off with the vServer Medium package from Server4you.de. But it took them over two months to give me access to the server after ordering it, they certainly have some of the worst support staff I’ve ever seen and I really needed a server fast, so I additionally decided to buy a Virtual Server Windows L package from 1&1. They supplied the server in less than a week, the support was great from the beginning (but I’ve been a happy customer for ages, so I wasn’t really expecting anything else).

After Server4you finally delivered and sent me access details to the server, I made a mistake. I logged-in to the server to check what I was in for. Why a mistake? Well there is a bit of german law that allows you to test a product you order on the internet for two weeks and if you don’t like it you can send it back and cancel the contract. If you break it, or create additional costs then the case changes, you can’t give it back. Now if you ask me, logging in to a server and looking what’s on the system qualifies for me as “testing the system”, but the fact it you are actually causing costs by using the internet traffic. Which of course was what I heard from Server4you, after I requested to give back my server after a few days. Personally I think that’s not the way the law should be interpreted in this case and even if it seems they are right, any normal customer service would have accepted my request for termination for the sake of good customer relationships, but not this one. So basically I kept the server for now and won’t ever buy anything again from them or actually recommend them to anyone.

Nevertheless I now had two virtual windows servers. Interesting enough both ran on SWSoft’s Virtuozzo. A virtualization software I hadn’t come accross before, so I had no experience. (All servers we run in our company and any I run personally either use Virtual Server, Virtual PC or a VMWare variation.) Anyway after cleaning and securing the installation (the 1&1 was quite secure, the Server4you a little less, but the latter also had a lot of the fancy gui administration tools PleskDesk if I remember right installed, which took a while to get rid off. 1&1 actually let me select what I wanted to have installed.)

So what is my resume about 1 year of Virtual Windows Servers. Hmm… let me find the right word… Dissapointed. Let me explain why…

The servers are Standard Editions of Windows Server 2003 (64-bit) and you had almost full administrator access. You couldn’t connect to the console session, which seems to be a limitation of the Virtuozzo software and the configuration was ok.

But the system ist almost unusable. I have tested a number of different installations (each starting from scratch) and on most of them on both the 1&1 and Server4You servers. Let me talk about three of these:

1. SVN Server nothing else. This is the only configuration that worked most of the time. There was no IIS, there was no ASP.net nothing, just the SVN Server, one SVN administration tool and an FTP backup software. Apart from maybe running out of space I can recommend these servers for this use case. But you might actually take a linux server if you are only using SVN.

2. Mail server (hMailServer) and MySQL. I am very happy with the mail server. I have a number of installatins running at different places and even though there are some little bugs that are hard to reproduce, they are continually improving the software. After installing MySQL (5) and hMailServer and the PHP based administration toolkit everything looked quite ok. I had it running a few weeks until I noticed that I wasn’t recieving any mails any more. After logging in to the server I saw that the MySQL server had restarted but couldn’t start up again, but I didn’t know why. So I rebooted the server and then it worked again. See below why…

3. ASP.net Website + SQL 2005 Express. A very simple requirement but as soon as I had it running it very soon didn’t work as expected. During Configuration I also kept running into memory problems. IIS Manager or any mmc snap-in just didn’t start and gave me an Out-of-Memory of Memory violation error. If you are carefull and close all apps after using them, then it’s ok, you can live with it. But you cannot live with this happening in production. The SQL Server instances died now and again, the IIS killed the worker processes and sometimes when they tried restarting they got out-of-memory exceptions as well. So I kept logging onto my websites noticing that either the IIS straight away gave me an “oops error” or it couldn’t connect to the database. After rebooting the server everything worked again and sometimes it even worked after just doing an iisreste or restarting the sql express service. That’s unacceptable for any website (and the one I am running on that server does not have a lot of load).

It seems the memory management has some flaws or is just wrongly configured. To be honest I don’t know, but interestingly enough it happens on BOTH servers. So I’m heavily pointing at Virtuozzo. I’ve heard similar things from colleagues using Virtuozzo Windows Servers so I’m not alone.

To be honest I’m thinking about switching to a full windows server (no virtualization, not managed) which costs a fortune compared to linux root servers but I have more and more things that require a running windows server so it’s probably worth the money. The virtual versions were not the solution I looked for, they are cheap but if you can’t even run Community Server and a SQL Express…

Let’s see what my planning for 2007 and Q1 have to offer… and what the Windows Server prices are doing in a few months…

(BTW: there was a problem with the tcp connections to Virtuozzo clients which resulted in port 80 traffic not getting through, which sometimes wasn’t even resolved by restarting the server, but I haven’t had that problem for more than 3 months, so I guess Virtuozzo might have corrected that.)

StatTraq is dead…

 

Nooooooo…

or should I say Doaaah….

Well it happens to the best. I’m using StatTraq on a lot of my WordPress Installations and I’ll keep on using it as long as it works… It worked nicely, but I’ll have to keep my eyes open for an alternative.

WordPress – Captcha! Plugin and Line Breaks

(Ausnahmsweise in English)

On my WordPress Sites I’m using the wonderfully simple Captch! Plugin from here. It’s a pity it isn’t supported anymore, so when I found a little bug today I had to have a look at it myself.

It occured to me on one the sites maintained by me (shameless plug: www.blueeyesontour.com about a friend of mine staying in Costa Rica for the next few months ) that when you posted a comment with a lot of text and accidentally entered the wrong Captcha! that you would lose your complete text. Not quite user-friendly.

The problem was that the captcha.php was rendering JavaScript like this:

document.forms[i].comment.value = 'foo long text
continued long text
and even more long text';

This of course caused an unended string literal in JS causing the comment text never to be replaced with the last value.

It’s caused in captcha.php on line 1003:

if (isset($_POST['comment1'])) {
printf("\t\tdocument.forms[i].comment.value = '%s';\n", $_POST['comment1']);
}

which need to be replaced by

if (isset($_POST['comment1'])) {
printf("\t\tdocument.forms[i].comment.value = '%s';\n",
str_replace("\r\n", "' + \r\n '\\n", $_POST['comment1']));
}

After that comments are rendered as follows and displayed as required:

document.forms[i].comment.value = 'foo long text' +
+ '\ncontinued long text'
+ '\nand even more long text';

Nochmal Bilder

Das Willkommenskommitee. Meine erste Befürchtung, dass es keine Rucksäcke gibt, hat sich gott-sei-dank nicht bewahrheitet. Auch T-Shirts und Polos gab es wieder.

Etwas verzweifelt am ersten Abend noch Bugs am killen. (Ich rede nicht von den toten Heuschrecken im Bad.)

Ein paar Eindrücke vom Essen, über die Köche, die Spezialwünsche erfüllt haben, bis zu Corinas Freude über das Essen.

Bilder

Wie versprochen ein paar Bilder von meiner Kamera. Ab jetzt gibt es ja sicher mehr. Ich versuche sogar ein paar Filmchen zu posten, wenn ich herausfinde wie ich YouTube bedienen muss *G*

Die verzweifelte Suche nach WLAN am ersten oder zweiten Tag. Genau in diesem Punkt gab es eine Verbindung.

Unser Andi ist begeisterter CAPS Spieler

Ratet mal wer gerade begeistert durch die Präsentationshalle läuft…

(und bitte nicht über “Mary” wundern…)

CAPS with Charles from Channel 9!

This post is going out in english, since it will probably most interest our english readers. Guess who was just here interviewing us for Channel 9 (by the way it is the left photo – the right one is the maskot of our dear australian colleagues)

We are currently standing at the booth (photos will follow) presenting our project to press and media. We already had the Times here and a lot of others aswell. Demos so far have worked well.

We just had a wonderfull guest from (I hope I get it right) the New India Times?

The morning has been so motivating so far. Everybody is really interested, giving you ideas and tipps. AMAAAAAZING!

Nachtrag zu the art of blogging

ich möchte noch kurz die Gelegenheit nutzen um den Bildupload meines Offlinebloggers (google://BlogDesk) zu testen, das ist das Pressezentrum: