new site I’ve launched, Maria Chain, uses a blogging software, WordPress, to act as a sort of photos gallery. This is the first time I set up such a Web site, presenting an artistic portfolio using WordPress.

NE of my clients, SH Property, recently had the site redesigned. As I do architecture and programming for a living in a field which is very competitive, I often have to depend on tools that lower down the costs. The means by which I rebranded the site at the domain level only required Apache redirects, which sure saves a lot of money. It is worth noting that Libre/Open Source software was used almost exclusively to build the site and the previous logo/header/banner (when it was called SJ Property Investment), for instance, was created using the GIMP. It was temporary. Here it is:

While Libre/Open Source software usually costs nothing to acquire, it’s far from impossible to make a living with it; services and skills — requiring manpower — are the real scarcity.

s a bit of a dinosaur in technology (I still use a Palm PDA and single- or dual-core AMD), backward compatibility and long-term support are important to me. I am not a fan of PHP even though many programs that I like (the latest being Roundcube) use it almost exclusively.

Many problems seem to occur for those who use old versions of Gallery with the latest PHP, which has become notorious for its backward compatibility deficiencies. One bit of software that I use which is not compatible with PHP 5.3 is Gallery 1.x. It’s a version that I hacked a bit to suit my purposes, so upgrading would flush all my customisations away. Whether a sandboxed compatibility mode is available (such that, e.g., PHP 5.2 is run for specified paths) I do not know yet, but based on what people are saying suppressing the warnings and errors should be possible. It’s not a real solution but a cosmetic hack. If your Web host undergoes a PHP upgrade to 5.3 it can lead to lots of issues associated with out-of-date software. “A short time ago,” wrote my host (with which I host about 10 domains), “we emailed you to let you know that we were upgrading all our servers to the latest version of PHP. This is now complete. We therefore recommend you have a quick check of your site and ensure everything is working as it should.”

The bottom line is, from my personal point of view, is that PHP yet again proves that backward compatibility is too much for it to handle and, as such, one oughtn’t rely on long-term usage of programs written in PHP. Other authors pointed this out before. It’s quite the blunder. In Web-based environments in particular, a case of “lose compatibility or get cracked” may become more common if we become dependent on PHP.

ne of the problems that’s leading to the cracking of many Web sites is that software is not kept up to date. It is not an easy task unless the process is made simple and at times automatic because people are adverse to change and to risk (associated with updating software, never mind the risk of getting cracked). Keeping abreast of security fixes and new upgrades for Web-based software is not easy unless one uses an operating system like Debian, which can be updated regularly and has strict requirements for inclusion. There are several points worth making here:

1. Some CMSs are better equipped for this type of scenario. In my ~15 domains I have a dozen of so different CMSs and some are antiquated, e.g. php-nuke, and depend upon updates coming upstream, e.g. php-bb with the infamous uploader hole (~2008). Other software, such as WordPress (it’s my favourite as I was also part of the devs community for many years), alerts all users about the need to update the software. They keep up appearance by reducing the number of reports of cracked sites.

2. In recent years people have been using scripts like Fantastico-packaged set to install the software. Softaculous is another one. 3 days ago WordPress issued a security fix (local privilege escalation and XSS for the most part, not too critical for some site setups), which automatically sent me several E-mails like the following (from domains where I used Softaculous to set things up):

 

"The following script updates are available:

WordPress 3.3.2:
[omitted]

To upgrade these scripts go to your Control Panel -> Softaculous -> Installations.
There you will be able to update the scripts.

>From Softaculous Cron Jobs  ([IP removed])"

Each bit of software typically keeps administrators abreast of security holes, but some software does not do this. WordPress alerts even writers, urging them to contact their admin for updates. Other bits of software require that one subscribes to a mailing list or regularly checks for updates. Back in the old days, and the way MediaWiki still works for the time being, people are advised to subscribe to a mailing list (or blog) with announcements about security fixes. If many customers have Joomla sites, then it’s useful to be subscribed to such fora and then update everything for everyone in batch mode (for WordPress I need to update 8 sites each time a fix comes out, and for some I need to do this manually from the shell due to different server settings).

It helps to have a database of installed software, recording which server is running which piece of software. It would be surprising if no such listed had already been compiled by those who operate many servers. It helps know what can be updated at the same time by the same person with the same files.

Some updates are merely about new features and might not even be backward compatible. Some software, like WordPress 2.0, is LTS (for inclusion in Debian stable), so it’s unlikely to require much updating. So, one can just look at what has changed and only update if the update is security related or has a data-jeopardising bug (in WordPress 3.2, for instance, people who rushed to update not for security reasons merely suffered from bugs and then had to update again to 3.2.1).

Up and down all day long

EVERAL months ago I joined Diaspora and enjoyed the good uptime of the service. The community was thriving, everyone was friendly, and the site reacted to input as one would expect. But then, just like Identi.ca, the site began having performance and uptime issues. At one point the site was down for a week. People soon lost those withdrawal symptoms and perhaps just moved on; some returned only to see sporadic operation of the site, which fairly enough is still in alpha (the software it runs is). But the bottom line is, in the early days people reviewed the site harshly for technical shortcomings. Now it’s just the really terrible uptime and low reliability. Unless this gets fixed the site is likely to lose its most ardent supporters and participants.

When Diaspora becomes “stable” it may all be resolved, but by that point, how many people will be on the JoinDiaspora pod?

IKE most people on that site, I joined LinkedIn several years ago after a friend had invited me. For many years I did nothing with the account, but in more recent years the site grew rapidly in terms of popularity and is now a status symbol by some people’s imagination. It’s a bit like Facebook for professionals. But what really is that point of it all? It’s all rather superficial and the process of connecting to peers and friends (or ex-colleagues) is very time-consuming. When one considers what can be gained from having one’s name in a database associated with many other names, then the reality of the matter becomes clearer. Have we come to a point in the lifecycle of the Internet where we score people’s popularity based on the hours they dedicate to clicking to modify some proprietary database of some private company? Frankly, I stopped spending time in LinkedIn and my profile there is very much outdated (last updated properly in 2006). Can there finally be consensus on the irrelevance of public profiles that are merely the entry in someone else’s Web site? It’s just a MySpace for adults and the function is tracking other people’s careers is often overstated as crucial. It’s more like gossip or stalking.

HE more we move forward, the more we stay the same and sometimes step back. The Internet was created to facilitate the use of one’s space and one’s own material, but in this age of mashups and ‘free’ hosting by so many companies, a lot of people simply subscribe to be a guest at someone else’s platform, thus conceding of the main features of the World Wide Web.

It is saddening to see the number of people who willingly (or due to peer pressure) choose to upload ‘public’ photos that will only be visible to those who give away their personal details to creepy Mark Zuckerberg. It is scary to see how many people still manage their E-mail (professional and personal) on servers in other countries — servers that can be snooped without even informing those affected. Those two problems are not the same, but they illustrate how much different today’s Web is. Once we go there, there’s no going back.

This whole thing boils down to a culture of renting. People purchase machines that are only rented in the sense that they are not general-purpose machines; they are controlled and thus owned by just one company. People also subscribe to other sites where they rent space and sometimes a mail box. People rent a ticket to some database which determines who their “friends” are. When life is “rented” from big corporations rather than bought to be owned, self-determination is assured a destruction. The whole “cloud” media hype makes this worse.