So I saw two talks at LCA about security: Joh Clarke’s Hackers, Crackers and Security Basics, and Mark Piper’s Web application security, OPEN style. I still remember seeing Joh’s So you want to be a sysadmin talk in Melbourne 2 years ago, and mainly just my jaw dropping open for the whole talk at how she casually just knew this amazing amount of stuff that I had barely even grazed against. It was equally scary and awesome, and both talks this year were the same way.

Anyway, I had good reason this week to think that is more than time that I started to pay more than the bare minimum attention to security. And I thought about all my installed web things (mainly Textpattern and Wordpress), and how I don’t have any way to keep them systematically updated, unlike my desktop. Thanks to Ubuntu’s Update Manager, I get annoying red warning icons until I bother to update my system packages. So I actually do it within like a day of them being released.

So I was thinking how can I get these notifications… maybe I need to write some Update Manager-like little program to give me a taskbar icon when a new release comes out. So I need to know something about daemons and some basic GUI thing…and how do I detect when a new release comes out? The Textpattern blog doesn’t have a category just for release announcements. So how about the code? Google Code has a bunch of project feeds, but none of them seem to be “new release”. Oh well, maybe I can pray the trunk is stable?

Hmm. Then I was thinking, hey, I can solve this at a higher-level… just make the code update itself. As long as my webhost has the same VCS as the project, and I checkout the code from the dev branch, and the projects have a commitment to a stable trunk, I should be fine. Just make a script that does an “svn up” and put it in cron. In fact Werdna set this up for the Wikimedia Australia MediaWiki installs with his Wikimedia sync script, although there it updates to the version that is live on Wikipedia, rather than the utter-most bleeding edge.

But sadly, en.blog.wordpress.com is not as revealing as MediaWiki. In fact I can’t find any easy indication about which version it is running. So maybe that won’t work. OTOH, Wordpress has email & RSS notifications for new releases, and in the admin side a nice notification, which works well if you are updating it regularly, not so much for abandoned/finished sites.

Hm, Wordpress does have instructions for Updating WordPress with Subversion, including “Tracking stable versions”, but they don’t have an automatic method of telling when a new release is available. So close!

But wait… I just checked the Dreamhost panel and under one-click installs, they have an option for “Upgrade everything, now” and then “Automatically upgrade everything to the latest version”. Too good! That covers MediaWiki and Wordpress, but I guess I have to roll my own somethingorother for Textpattern.

Updating a-go-go…

Another day, another blog. Well — I’m not quite that bad. I have a livejournal, but I use that more for incoherent rants and Seekrits. I have All The Modern Things, my Wikimedia/wiki blog, but it has a very specific remit. I have a micro-blog, but, well, I don’t even need to explain the limitations of that. And I’m finding more and more that I would like to write up my explorations into programming and tech, so that’s what this is. Unashamedly geek central.

It’s not too surprising that I just returned from LCA. There’s nothing like a week of seriously geeking out to inspire you to finally get projects happening.

Setting up a new blog requires 4 initial decisions:

1. Domain
2. Name
3. Platform
4. Design.

(Oh and Purpose. But see above for that.)

Domain was easy since I had bought laugher.id.au a while ago and not yet used it for much beyond my parents’ travel blog. The name is a (hopefully recognisable) play on the word taciturn. Already it has the ideas of technology and linguistics, so that’s a good start.

The platform was also pretty easy. Like All The Modern Things I used Textpattern. It’s easy to install, but not easy to install themes, but I know from experience that once the design is set up everything after that is easy. I could probably use Wordpress, but I am used to using markup instead of WYSIWYG etc.

Since design is not my forte, I spent some time scouting out FreeCSSTemplates and Open Source Web Design (FCT is better about having an explicit license than OSWD is, despite OSWD’s superior name). I went for one that is somehow “content centred”, that is there is very little to distract you from reading the main stuff. Although it is fixed-width rather than fluid/liquid which is a little disappointing, but sure makes a consistent look easier. Spent a while fiddling with the colour scheme, and voila. I do all this knowing that probably 99% of readers will never look at the site more than once, thanks to the wonders of RSS, but I will look at it, so I may as well make it something I can stand.

I still have a few things to set up, such as tags and an archive, but I can write stuff and it doesn’t look ridiculous, so yay.

Thus is born Techiturn. Coming soon… LCA reports.