How Do You Get Started with WordPress?

Branding and Blogging with WordPress | Promoting Your Personal Brand on the InterWebsI build WordPress websites, both “regular” sites and blogs. Are you ready for a web site? Before you invest money in a blog or site, take a minute to set up a free site over at

Use your new site to sketch out the content you want on your site. Then, write your content. So far, easy. Now we come to the hard part — creating new content  on a regular basis. Make the effort and get over the hump. Revise, reconsider, and restart if necessary. Once you and your blog are getting along and enjoying each other, call me to discuss things like design and functionality.

Getting started is always the hardest part. In the words of Pigpen, “Get your hands out of your pockets and turn on your web site.” Or something like that.

Hint: Use to profile your site. What you’re talking about and what you think you’re talking about may be two different things.

WordPress Themes: Underscores AKA _S

Selection_003_0Here we go again.  I’m feeling comfortable with creating child themes for WordPress’ TwentyTwelve theme, using it on several sites* including my own WordPress site.  Last night, at the Northside WordPress MeetupBecky Davis reminded me of a few of the problems with the TwentyTwelve approach and suggested — for the second time — that I try the Underscores theme.

So…  You’re either on the bus or off the bus.  My WordPress site may be an interesting place over the next few days on its way to brilliance or disaster.

* Recent TwentyTwelve based sites are,,, and a couple in development.

Dynamic sidebar height and responsive themes

1 Comment

In another post, I listed the javascript to be used in a WordPress text widget to ensure that a sidebar had the same height as a page’s content. This is a nice feature if the sidebar has a background color. When the theme is responsive, the sidebar drops to the bottom, below the main content, so it should be sized to fit its own content, not that of the main content area. All it takes is a bit of javascript that checks the current page width.

Note: This snippet uses element names based on the TwentyTwelve theme layout. If you’re using different theme, you may need to pick different elements.

<!-- this must be the last widget. It dynamically sizes the sidebar -->
<script type="text/javascript">
var divh = document.getElementById('primary').clientHeight;
var sb1 = document.getElementById('secondary').clientHeight;
document.write(" ");
if ((sb1 < divh) && (document.getElementById('page').clientWidth > 600)) {

Is it about service or money?

1 Comment

Why I moved from ThrustVPS to Linode for cloud hosting: An open letter

I’ve just moved the hosting for this system and all of the other web services from ThrustVPS to Linode, even though Linode is more than twice the price of ThrustVPS. When I first set up my virtual private server (VPS), I searched on price and settled on ThrustVPS for $15.99/month.  I got my systems up and running fairly easily and the folks at ThrustVPS were reasonably easy to deal with. Until today.

The first sign that something was wrong was a note in my email that the server had rebooted.  I didn’t reboot it, so I knew something was wrong.  I jumped into the site’s control panel and… and… and… it timed out.  Now, the site was completely unavailable.  I put in a “critical” trouble ticket on ThrustVPS’ site that the system was down. About an hour later, I got an email from a customer service rep saying “Please hold.”  That was over 12 hours ago. I’m still holding — whatever that means when it comes in an email — and the physical host server for my virtual machine is still down. There’s been no further communication from ThrustVPS.

I understand that bad things happen

I’ve run servers and system. I understand that bad things happen and you can’t always answer the question, “When will my system be back up?”  Heck, it takes time just to figure out what might have gone wrong. I can live with some downtime, especially because I made the choice not to purchase a service with any real guaranteed uptime, nor did I invest in any fault tolerant configurations.  

Don’t leave me hanging

The reason I’m dumping ThrustVPS is not that Something Bad Happened.  Rather, they left me hanging.   They completely failed to communicate.  They could have saved the business with a few simple sentences:

Our system,, failed early this morning.  While we are still investigating the situation, we believe it was caused by xxxxxx.  Our engineers are attempting to xxxxxx.  We wil contact you again in one hour and apprise you of our progress. We apologize for the interruption in your service and thank you for your patience.

Had I received an hourly status update, I’d know that (1) someone cared and (2) someone was doing something. I’d have been rooting for the guys who had to come in to work on the Sunday before Christmas to put me back online.  Instead, they stayed silent.  Do they care? I couldn’t tell you.

So I said goodbye ThrustVPS, hello Linode

I’m doing a review of one of the sites on this server with a client tomorrow morning. I need to have a functional site.  The guys in the Chicago Drupal Meetup Group are big fans of Linode. It’s been on my radar since the initial search for a virtual private server.  The technology is good. I’ve had no problems with strange routing like I did with ThrustVPS. 

Yeah, it’s $39.99 per month. I’m hoping that the difference is in the support. The reviews are positive and I’m hopeful.

The moral is

The moral is that service keeps customers and communication, backed by execution, is a critical component of service.  When Bad Things Happen, don’t hide them. Tell your customers what’s going on. Be as honest as possible.  If they know you’re working hard, you’re making progress, and you’re keeping them informed, they’ll stay with you. If you tell them to “please hold,” they’re gone.

How Do You Enable Better Security? Two Factor Authentication


What is two factor identification?

Typically, we login someplace with an ID and a password. That combination is good everywhere, everyplace, everytime and is often saved on the device. It’s convenient but if someone knows your ID and password, they can login anywhere and get to all your stuff controlled by that account. If it’s something like a Google account, that might include your email, files, calendar, and sites that let you login using your Google credentials.

With two factor identification, logging in on a new  or untrusted device requires that ID and password, plus a code delivered to an independent device.  Even if someone knows your ID and password, they won’t have access to your device.

2-step verification drastically reduces the chances of having the personal information in your Google account stolen by someone else. Why? Because hackers would have to not only get your password and your username, they’d have to get a hold of your phone.

Here’s what I had to do to enable two step authentication on my Google apps account

  • logged in at and went to the account security page at
  • installed the “Google Authenticator App” on my iPhone to receive verification codes
  • set the computer I’m setting this up on as trusted (the default setting). It’s my home desktop and it’s reasonably secure.
  • turned on 2 step verification
  • added backup phones (home phone, wife’s mobile)
  • clicked the button to go forward with creating application specific passwords and to review aplications with access to my Google account — WOW, there are sure a lot of them.
  • at this point, all sorts of unable to login boxes are popping up on things
  • generated and entered app specific passwords for
    • iphone mail
    • ipad mail
    • desktop mail
    • mac mail (had to also enter the password for the calendar app)
    • chrome synch
  • Enabled browser logins to Google services on each device and checked the “good for 30 days” box.

On my account management page,, I can disable all of those verification codes. It would be nice if I could see what codes had been used an deactivate individual devices, but in an emergency situation, I suppose its best to disable any device not marked as trusted.

The total setup time, including taking notes and typing really difficult strings was about 20 minutes. I like to think that my 9th grade touch typing teacher, who didn’t see much promise in me or my attitude, would be very proud of me as I typed those 16 character passwords.

The Google Authenticator is interesting – it works like those RSA keys that present a new code every 30 seconds or so.

Current Version of the Application on iPhone
Current Version of the Application on iPhone

Why aren’t the big tech firms innovators?

Roger McNamee, my favorite venture capitalist rhythm guitar player, was on Bloomberg TV talking about how a lot of the big tech firms are completely missing the picture and no longer innovating.

Some of his talking points are:

  • Profit share vs. market share; Apple vs. Samsung
  • Android’s core market
  • Samsung could be Apple, but they don’t do what’s necessary to enhance the value of their products
  • There’s no brand loyalty when Android is the selection criterion
  • The best days are not behind Apple or its stock
  • What’s the point of Yahoo?

Watch it at Bloomberg TV


Responsive Theme, New Design

The time came to bite the bullet, to ford the stream, to jump the shark, to mangle the metaphor.  The time came to make my website look like something you’d expect from a professionally designed website.  I’d been puttting that off for a long time, but now it’s done.

The site’s theme is based on a free, fully responsive Drupal theme, Professional Theme.  The base theme was very close to my target. I made a few changes to the typography, substituting Open Sans for Droid Sans, modified some of the colors, and not much more.   This is an example of the efficiency that comes from leveraging the Drupal community.

What do you think? Seriously, I’d like to know.  Is the message clear? Is ithe site easy to read and navigate?  Do you sense any call to action?  Please use the comments feature to give me the good and bad.


Building a Website for a Chicago Public School

 These are the slides for my presentation at Drupal Camp Chicago 2012.  In this non-technical session, I talked about developing the site requirements, identifying the content creators and audience, and how we built a successful website.  I also touched on the difficulties in handing off a site when there’s no one to handle the technical administrative side of things like updating modules, managing users, etc. And, I gave a big shout out to views.



Views: Drupal’s Killer App

Like the Great Man theory of history, there’s a Killer App theory of software success. Dan Bricklin came up with VisiCalc and Apple II computers began to show up on corporate desktops. Lotus 1-2-3 did the same thing for the IBM PC.

In my web development practice, I work with two content management systems, WordPress and Drupal. I’ve written about them before. An experience the other day helped me define the killer app when deciding between WordPress and Drupal. It’s Drupal’s Views module.

The Views module is a point and click, no coding required, content generator for Drupal. Maybe a simple example will help explain it. The Prussing Elementary School website is a Drupal site. Most of the site’s content is maintained by a traditional webmaster. Each teach is responsible for maintaining a classroom page and updating it weekly. Each teacher has a login and each login has an associated email address.

Given that their teacher information is already in Drupal’s database, how does one build a page for the contact menu that lists teachers and has clickable email addresses? It’s done via a view.

Views Module The steps are fairly simple:

  1. Create a new view on content type “user”
  2. Establish a relationship between “user” and “profile” to pick up first and last names.
  3. Select the fields to be used: first name, last name, and email.
  4. Check the box to output email as a mailto link.
  5. Select the grid format and choose a two column layout.
  6. Set the sort fields to be last name, then first name, ascending.
  7. Set the filter criteria for role and choose only the role “teacher”.

The final step is to hook the resulting page on to the contact menu.

Does an iPad need a firewall?

1 Comment

2012-08-18 13.36.50We got into a discussion last night about using an iPad on an unsecured WiFi network, like in a Starbucks or in a hotel.  What does the iPad expose to the network?

I’ve run a pretty intense scan against my iPad using Zenmap and found that the following ports are open:

  • 62078 – This is used for synching over WiFI to iTunes.  Disabling WiFi synch closes the port.  There seems to be some security and authentication protocols involved here.
  • 5353 – MDNS. The iPad is listening for devices advertising via the Bonjour (Avahi) protocol.

So, the question is whether the data sent for synching is encrypted and whether the authentication protocol is reasonably strong.  Unfortunately, I have yet to discover anything definitive about this on an Apple site. This whitepaper from Apple indicates that there’s lots of encryption taking place.   (If you can find a link, please add a comment!)

Here’s a link to someone else who’s looked into this.

Here are the raw scan results

Nmap scan report for
Host is up (0.0047s latency).
Not shown: 1945 closed ports, 53 filtered ports
62078/tcp open  iphone-sync?
5353/udp  open  mdns         DNS-based service discovery
62078/tcp apple-mobdev
Address= fe80:0:0:0:2a6a:baff:fe07:abc
MAC Address: 28:6A:BA:07:0A:BC (Ieee-sa)
Device type: media device|phone
Running: Apple iOS 4.X|5.X
OS CPE: cpe:/o:apple:iphone_os:4 cpe:/o:apple:iphone_os:5
OS details: Apple iOS 4.4.2 – 5.0.1 (Darwin 11.0.0)
Uptime guess: 25.552 days (since Tue Jul 24 00:07:00 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=252 (Good luck!)
IP ID Sequence Generation: Randomized