Tiny Deathstars of Foulness

Database won’t start? InnoDB errors are a pain. Where was krypted for a month? Did everything finally get to me and I gave up blogging? No, the site ended up having some problems with corruption in some rows of the InnoDB tables. But, I was able to get the site back up by putting the database into recovery mode. How did I do this? It’s pretty straight forward. Open my.cnf and paste these lines in there:


Once the corruption is resolved, bring up empty databases and import your mysqldump into the new databases and link your site back up. But, the InnoDB force recovery puts the database into recovery mode, which is read only. So I wasn’t actually able to use the site, just look at it. At least the content was available, right? When MySQL isn’t writeable, you can’t log in as an admin, etc. The rest is one of the bigger pains I’ve encountered that didn’t result in an all nighter at a customer. I’ll write that up when I have time some day. In the meantime, next time someone changes my root password and breaks my backup scripts so I can’t just bring in a mysqldump, I’m breaking their arms. You’ve been warned.

May 15th, 2015

Posted In: Mac OS X, Ubuntu, Unix, WordPress

Tags: , , , , , , ,

Pow is a Rack server for OS X. It’s quick and easy to use and lets you skip that whole update an Apache file, then edit /etc/hosts, ethane move a file, then run an app type of process. To get started with Pow, curl it down and pipe it to a shell, then provide the password when prompted to do so:

odr:~ charlesedge$ curl | sh
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 9039 100 9039 0 0 10995 0 --:--:-- --:--:-- --:--:-- 10996
*** Installing Pow 0.5.0...
*** Installing local configuration files...
*** Installing system configuration files as root...
*** Starting the Pow server...
*** Performing self-test...
*** Installed

For troubleshooting instructions, please see the Pow wiki:

To uninstall Pow, `curl | sh`

To install an app into Pow, create a symlink to it using ln (assuming ~/.pow is your current working directory):

ln -s /path/to/myapp

Then just open the url, assuming my app is


Pow can also use ~/Library/LaunchAgents/cx.pow.powd.plist to port proxy. This allows you to redirect different apps to different ports. When pow boots, it runs .powconfig, so there’s a lot you can do there, like export, etc. Once you’re done testing out pow, if you don’t decide it’s awesome, remove it with the following command:

curl | sh

February 2nd, 2015

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Ubuntu, Unix, WordPress

Tags: , , , , , , , ,

Yesterday, I wrote an article on technical writing. Today, I’m laying out a few basic rules with regards to when to capitalize things. This is pretty straight forward but I find it can help to remember the rules to lay them out in a basic way. These things should have their first character capitalized:

  1. The first letter of a sentence. This includes a quoted sentence inside a sentence but not a phrase within a sentence. This also includes the first letter of a terminal command when a sentence starts with a command, although I try to restructure those sentences when they come up as it’s not a hard thing to do.
  2. The letter I.
  3. Titles. Each letter in the title of books, movies, poems, songs, articles, newspaper/magazine articles and works of art should be capitalized. This includes when these objects start with a word such as Of, A, The, And, etc but not when those words are in the middle of a title. Titles can also include specific course titles (such as when there’s a number attached). When using a compound title each otherwise capitalized word should be capitalized and each word not otherwise capitalized should not be.
  4. The names of people. Each word in a persons name should always be capitalized. Also their honorary titles/high ranking officials when preceding a name, such as President, Doctor, etc as well as an abbreviated title, such as Mr and Mrs. However, when those titles are used without a specific person attached they don’t need capitalization (although keep in mind if addressing someone with their title that should be capitalized). Titles that occur after a name do not require capitalization. Additionally the name of a relative when used as a proper noun should be capitalized.
  5. Gods, religious figures and holy works should be capitalized, although when describing a group of gods you need only capitalize the region or name of the pantheon and not the non-specific use of the word gods.
  6. The names of schools. This includes any educational institution, not just a college and university. Also, the name of a degree.
  7. Places. This includes bodies of water. A River, Lake, etc. As with the names of people, if you don’t put the name of the specific lake, but use the word you don’t need to capitalize that. A place can also be a mountain or building. Specific buildings, monuments, mountains, hills, volcanoes, etc. should have their first letters capitalized. Specific street names also have the first letter of each word capitalized. Also note that planets always start with the first letter capitalized.
  8. Specific flags.
  9. Regions. When discussing the Midwest, Sun Belt or South as a noun those should be capitalized. However, when using those words as an adjective they don’t need to be. A country, county, city or other region should also have the first character capitalized. I’ve always felt though, that the region unless a specific place, should have to earn the capitalization and it’s worth noting that Big 10/midwestern football just isn’t what it used to be… Also note that you should capitalize directions that are names but not directions when referring to a compass heading. Capitalize countries, languages and nationalities.
  10. Times. Days of the week, months and holidays. Seasons when used in a title, but not when used generally.
  11. Periods and events, except century numbers that are spelled out.
  12. Trademarked names. One thing I try to avoid here is using a trademarked name in writing as a verb, even if that word has become commonplace. For example, while you frequently hear people say to Xerox something I would change that to make a copy of something.
  13. Groups and organized bodies. Athletic, civic, national, political, and racial groups should be capitalized. This includes the name of a court and some other government terms, including Administration when describing a presidents administration, Cabinet when describing that of a president or prime minister and Federal when referring to the government of a country.
  14. Lists. If the first word of any bullet or item in a numbered list is capitalized then all should be, including directions. If two or more sentences follow a colon (not one sentence) then the first word of each should be capitalized; however, if there are items after a colon that are not sentences they do not require capitalization unless another rule requires it.
  15. The first word of salutations and complementary closings.
  16. Words derived from proper nouns.
  17. Initials, initialisms, initials with names and acronyms (unless in commands where the acronym is the command as you’re actually writing the name of the command). Acronyms include the call letters of television and radio stations.
  18. Any character in text that you quote should be capitalized exactly as it appears (although if all words begin with a capitalized character then you don’t need to quote the string).
  19. The first word of each line of poetry, unless not quoted in the poem.
  20. When shouting using the written word one can capitalize each letter of the word to add inflection; however, this is not necessarily proper nor a rule, simply commonplace.

Finally, it’s worth mentioning that writing such as this is a blog. While I don’t like that word, I find that such writing typically frequently allows the writer a certain amount of flexibility with regards to grammatical rules (for better or worse). This could be due to the fact that much of what’s written is done in the middle of the night. While this isn’t an excuse to use poor grammar it does tend to mean a less stringent editorial process over the grammar used. In other words, read/use the content at your own risk. 🙂

Note: At the request of my readers I’d be happy to write a follow-up article on when to capitalize assets, but I might have to bust out some of my books from Accounting 101 in college to do so!

August 25th, 2013

Posted In: Articles and Books, WordPress

Tags: , , ,

When doing updates in WordPress, upgrading the WordPress version or the Plug-Ins causes the site to enter into Maintenance Mode. While in Maintenance Mode, a message appears that says “Briefly unavailable for scheduled maintenance. Check back in a minute.” rather than the actual site. Sometimes, especially if you’re using the automatic updating functions, an update might fail and the site may be stuck in Maintenance Mode.

WordPress looks at the root level of a directory for some hidden files that can tell a site to operate in a different manner. If there’s a file called “.maintenance” then the site will display the message above. When an update of a Plug-in fails, the .maintenance file is never deleted and the site is stuck in Maintenance Mode. To correct the error, simply ftp into the root of the site and delete the file. It’s hidden, so make sure your ftp software isn’t suppressing the ability to see a hidden file.

Whatever Plug-in or update failed likely also broke something. Usually, if it’s a Plug-in then you’ll need to re-install that plug-in, as the update process removes the old Plug-in and then adds it back. If it’s a Theme, you might need to re-install the Theme.

Programmatically, you can also enable Maintenance Mode by creating this file and then disabling Maintenance Mode by deleting (or renaming) the file again.

December 27th, 2012

Posted In: Mac OS X Server, Ubuntu, Unix, WordPress

Tags: , , , , , , , ,

I’ve had a pretty easy time using Nikto over the years. Nikto is a security scanner specific to web servers. I did a post on Nessus recently, but Nessus is a tool for looking at any service running on a system and trying to find available vulnerabilities. Nikto is can do many of the same things, but is specific and therefore more in depth for web servers. This involves looking at things like CGI directories and robots.txt files as well.

Nikto is written in Perl. In order to do everything Nikto can do there are a few perl mules that need to be installed. But let’s look at one of the easiest implementations available for Nikto, which is Yang (short for Yet Another Nikto GUI), available on the OS X App Store. Yang is so easy, you can literally install the app, type a domain name and hit Start to get started. Yang also runs the latest release of Nikto. Let’s look at what a basic scanning process looks like. To get started, open the App Store and search for Nikto. Yang appears, so click on Install by the name of the app.

Once installed, click on Yang in LaunchPad to fire up the scanner (or open from /Applications). When Yang opens, click on the Preferences in the toolbar. Go through each of the options and choose the ones that make the most sense for each scan you run. Keep in mind that each box can increase or decrease the amount of time scans require or the output of the scan drastically. The author of the app was kind enough to include tool tips for the options, very helpful.

Click back on the Scan icon in the toolbar and enter the name of the site to scan in the “Website to analyze” field. Then click on Launch.

The scan then begins. This might take some time. And not “go get some coffee time” but more like, “go take a nap time.” While the scan is running, click on Logs in the toolbar. Here, you can see the exact command run against Nikto.

If you download Nikto from you can use these exact commands, although there will be a little work getting the app up and running, defining config files, etc. If you want to do anything (such as writing output to metasploit) then you might end up needing to go ahead and install manually. But if you’re just interested in running some quick scans as sanity checks for deployed configurations, etc then this is a nice little tool that is a bit too nice to be free. Especially given that the author went ahead and built out Nikto with LibWhiskers, SSL support and a few other goodies that aren’t required for a basic deployment. It’s also (IMHO) a really good example of putting a GUI wrapper around command line tools. I’ve played with a few other GUI overlays for Nikto and this one is by far the best one I’ve seen for OS X. Well worth the time to check it out!

July 5th, 2012

Posted In: Mac OS X, Mac OS X Server, Mac Security, sites, WordPress

Tags: , , , , , , , , , ,

Comments on this site have been a pain since I enabled them about 2 1/2 years ago. I believe I enabled them due to something some judgmental person said when they couldn’t comment on an article I had written. During the first year, there was a lot of fine tuning the spam blocking to try and keep out the spammy crap. That continues to be a work in progress, but it seems to be in pretty good shape.

During those couple of years I ended up racking up a queue of about 7,000 in the spam category and another 2,000+ in the pending category (which meant I need to deal with them). I was dealing with comments every day, but I’d miss a few and it built up over the course of a couple of years. Tonight, I either addressed or cleared out all but 17. My database is much happier. The 17 remaining are thoughtful questions and require thoughtful answers, so I’ll get to them when I have time to provide such an answer.

In the meantime, note that now that it’s all cleaned up, if there are any comments, feel free to post and I should actually respond at this point… Sorry for being latent on those up ’till now.

June 26th, 2012

Posted In: sites, WordPress

Tags: ,

I wasn’t very happy with how images were handled on Which is why I added a new plugin, to provide more of a lightbox feel when you click on my images.

Many of my images are pretty large, so I make them a little smaller on the site so they fit well on the page. Now, when you click on images on the site, it greys the rest of the page and zooms in on the image. I’ve tinkered with a lot of lightbox plugins, but this one makes me happy. You just install and activate and viola, you’re done. It doesn’t get a lot easier than this and it’s a much better way than the default method for handling images in WordPress.

April 17th, 2012

Posted In: WordPress

Setting up and installing WordPress is pretty straight forward. That’s not to say it’s not going to take a little work to go from 0 to 60 on a base Linux installation. But I’ll lay the work out for you so as not to be that tricky. Everything we’ll be doing will require elevated privileges, so sudo in front of each command or sudo bash before you get going.

First up, install Apache, as you’ll need a web server. I think the base apache2 config is pretty straight forward out-of-the-box:

apt-get install apache2

During installation you will be asked to type y to continue. Do that and it will finish with no major issues. Next up, install MySQL, php5, php5-mysql and phpmyadmin. We can use apt-get to knock all this out at once:

apt-get install mysql-server-5.1 php5 php5-mysql phpmyadmin

Again, you will be asked to choose whether to proceed, type y and hit enter. The next few steps will change according to versions, but for now, you’ll then be asked for a password for the MySQL root user. Provide that password and then tab to the OK button. You’ll then be asked to select which web server you are using. Assuming you did the apache2 install previously, choose Apache and then tab to the OK dialog. Then you will be asked to provide the MySQL password. This will be the password you typed earlier.

You’ll then be prompted for a phpmyadmin password, which will be a password to access phpmyadmin’s web interface. Once the installation is done, you should have a fully functional LAMP environment. I like to reboot and check syslog afterwards just to make sure that everything is in working order and not reporting any major malfunctions.

Next up, we will need to create the MySQL user and database that WordPress will use. To do so, log into phpmyadmin using a URL that begins with http:// followed by the address of your server and finally the /phpmyadmin. For example, if your server is at then the address would be You will be asked to authenticate, and here you will want to use the password you provided during the phpmyadmin package installation. Once you have authenticated, click on the Privileges tab and then click on the Add a new user button.

You will then be asked to provide a username and password for the user you are creating, define what addresses that user can log in from (if you have multiple front-end servers you probably aren’t using this post to install WordPress so you might as well limit it to localhost) and most importantly you have a radio button for “Create database with same name and grant all privileges”. If you use this option then both the user and the database will be created in one step, making life pretty easy. I used wordpress as my username in the example.

Once you have all the services installed and the MySQL user and database setup, then you’re ready to install WordPress. I like to cd into /var/www and then wget the, which always has the latest version of WordPress:


Then you want to unzip that (the unzip command is built into Ubuntu 10):


This will extract the wordpress folder into /var/www. Then make sure your admin user has permission (mine is oddly enough called cedge):

chown -R cedge:users wordpress

Now cd into the wordpress directory:

cd wordpress

Make a copy of the main configuration template called wp-config.php:

cp wp-config-sample.php wp-config.php

And then let’s edit that new file (vi, nano, tapping directly into the Matrix, or whatever you like), looking for DB_NAME, DB_USER, DB_PASSWORD and DB_HOST. In these respective fields, put the name of the database (wordpress in this example), the username for administrative rights to the database (wordpress again in this example), the password for the database (whatever you provided in phpmyadmin’s web interface for your new user and the IP or hostname of the database server (let’s assume if the database and web servers are the same).

Scroll down a little further until you see the Authentication Unique Keys: AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY and NONCE_KEY. You’ll want to visit the WordPress secret key generator at to get your keys. Then simply cut/copy/paste the whole section, commenting out the existing lines or paste the contents of each line over the line it is replacing. Once that is done save your changes to the file and exit your text editor. Now visit the address of the site followed by WordPress (ie – You’ll then be able to setup WordPress for the first time.

At the first login, you will see a screen prompting you to define a title for the site (Your domain name is a pretty traditional title to use), the username you want to use to administer the site (ie – admin), the password (ie – according to the movie Hackers, god) and and administrative email address. Here, you can also choose whether you want the site to be crawled by search engines. Once you’re happy with your settings, click on the Install WordPress button down at the bottom of the page.

Now you should be able to see your first post, create posts and use WordPress. That should have been pretty painless. If it were any more painless, then I fear the dribble that people would post… Anyway, if you want the webroot ( instead of to be WordPress, then you will also want to change the DocumentRoot setting in /var/www to point to the /var/www/wordpress folder in the /etc/apache2/sites-enabled/000-default file (or whichever site it is if you have multiple ones).

November 30th, 2010

Posted In: Mac OS X Server, Ubuntu, Unix, WordPress


There are a number of ways that you can protect your WordPress site from spam bots. The first is to only allow authenticated users to post comments. Doing so can still be a bit unwieldy, but this feature is built into WordPress and so pretty straight forward to use. Some, who deal with large amounts of spam bots then choose to completely disable the commenting feature outright (Settings -> Discussion -> Uncheck Allow people to post comments on new articles), but comments can still be made on existing articles and commentary is one of the best features of WordPress for many. To stop comments on older articles, also disable commenting on older articles (same page but also choose the Automatically close comments on articles older than option as well).

No site should have to disable comments or bend to the will of a spam bot. You can also then choose (same page again) to email the administrator when a comment is made and then choose to not publish comments until the administrator approves them. But spam bots will still attack, and now you’ll just get a ton of junk email. So many will turn to plug-ins for WordPress. There are a few of those that I like a lot. One is called Invisible Defender. Invisible Defender adds a couple of fields that are suppressed using the style sheets. These invisible comment fields, because they’re not displayed to a browser should then never be filled out. Therefore, if a field is filled out, it had to have been done by a bot. Those comments are then automatically blocked.

Then there’s the ability to force captcha (shows you funny garbled letters and you type them into a verify field). Captcha for account creation means that all but the most sophisticated bots will fail. This form of forcing an additional form of verification that a visitor is a real human can then be circumvented by users of OpenID, FaceBook and other services, using plug-ins that allow those users to be authenticated through the third party (typically requires a little theme customization).

Then there are the antispambee and akismet plug-ins, which look at the actual comments and attempt to determine which ones are spam. These make a good layer of defense but should not be the only layer used. Regrettably, any time you have user generated content on a web site you are going to have automated bots attempting to do a number of things, most likely sell black market pharmaceuticals and other items of questionable origin.

There are also bots that attempt to exploit the login page of the WordPress admin (<DOMAIN>/wp-admin.php or /wp-login.php. These are defeated an entirely different way. One of the best strategies is to lock out those who have attempted a number of invalid attempts that exceeds a threshold that you define.  Amongst those is Login Lockdown WordPress Security. Another layer for protecting the administrative side of the site is to add an .htaccess file to provide an additional layer of security on top of WordPress. You can also change the URLs of your login page, which I usually use a plug-in called Stealth Login for.

Finally, I like to back up WordPress in an automated fashion. There are a lot of plug-ins to do this, but I’ve always used WordPress Database Backup. Why? Because it works every time I tested it. I haven’t even bothered to test a good backup and restore for another software package because WordPress Database Backup always works, backs up data to another server I have, and it hasn’t failed me yet. I always test the restores of data that I’m backing up and I recommend that you test this (mileage may vary) if you choose to put it into production as well (false senses of security are in many cases worse than no security).

September 28th, 2010

Posted In: WordPress

Tags: , , , , , ,

I just can’t help myself. Every now and then I get a bug up my butt to go messing around with In this case, I was tired of looking at some broken elements from the page and the front end of the site in general (just felt like something I might have built in college). I also needed to upgrade the site to the latest and greatest WordPress and some of the plug-ins that I was using were broken in 3. And thus, the lightest version of the site that I think has ever gone up. The posts are all still there, so no change to the content, but a lot of stuff was removed and the site in general (I think) looks and navigates much better.

Hope you like, and thank you for continuing to come to the site and read my random meanderings!

August 24th, 2010

Posted In: sites, WordPress

Next Page »