Posted on

About the Barcelona Internet Startups Meetup Group

This is a suggestion I posted on 2012-02-27, and I’m still waiting any feedback.

I’ve been to both Speed Dating meetups as a tech guy. The last time I had the chance to listen to more interesting projects. That’s good.

At the last meetup, I think we were like 20 techies and 60 entrepreneurs. This is 20 x 60 x 3 minutes each = 3600 minutes of 2 people chats. Those 60 hours could be run with a parallelism of 20 at a time, so they could boil down to a 3 hours meetup at least. In reality, it lasted less than two hours, still enough to meet (theoretically) around 40 different entrepreneurs, but I only met 7 ! (it’s 10%)

This is not a complain, just a surprise. I know how difficult it is to have people come, so if this group was not successful, there wouldn’t be such an issue. However it looks like there is space for improvement.

If I went to a speed dating to find a partner to ask out (http://www.youtube.com/watch?v=pYBo5eS5pW8),
1: men and women are the same number
2: age is a big factor which is taken care of beforehand
3: before actually speaking to anyone, I can see how they look like
4: when we meet at last, we have limited time to understand if we match

In our meetups,

1: parallelism. We should be the same number for each role; if we are not, either (a) move extra people to the next meetup or (b) make them play another role.

2: age. IMO, this is the size of the idea (and maturity of the business, if any). It’s not the same to meet someone who needs a web presence to brand themselves; someone who wants to reach millions of people around the globe; someone who got an idea while having a shower; and someone who is growing the proven business they are expert in.
NOTE that we do not have to filter out members based on this factor, but we should know beforehand the size of their startup effort.

3: likability. This is mostly some details about the idea/team. Who is the leader, who are the other members, what do they do, what are they expert in, what is the idea about, is it selling a product, a service, a software, is there a website to look at, … And finally, it’s not the same to be looking for an associate or an employee.

4: matching. If we get here after knowing all of the above, it’s clear that a lot of time is already saved. This step is not for pitching ! Here we just need to say hello, get a gut feeling about the other and fix any misunderstandings.

Posted on

How to make the WordPress login for your personal use only

Limit Login Attempts is a very good WordPress plugin that limits how many login retries an IP can perform (and fail) before being locked out some time. I cannot recommend it enough: it works like a charm and can be tweaked at will. It also notifies you about lockouts, so that you know if someone is trying to gain access to your site. Of course you still need a strong password.

 

Let’s see how a login would work in the real world. If the blog was a house, the login page would be the door and the login button the doorbell. A guest comes to the door, slides their business card below, and rings the doorbell. The gatekeeper wakes up, collects the business card, checks guest’s credentials against the list of people allowed to get in. If there is a match, the gatekeeper opens the door, otherwise goes back to sleep.

In a brute force attack, a guest is trying to get in by submitting ever changing business cards to the gatekeeper, hoping to find a match by mere chance. When such an attack takes place, the gatekeeper is doing a lot of “useless” work, and soon they’ll ask for a raise.

To prevent that, the master provides the gatekeeper with a scanner for business cards that reveals the factory (IP) that made them. Automatically, the scanner rejects any guest whose credentials are written on a business card made by the same factory of the business card of a guest whose credentials were not on the list. This is Limit Login Attempts.

It’s a nice mechanism that in general will work very well because many guests make their business cards themselves. Additionally there are so many commercial factories around that the risk of a rightful guest to be using the same factory of a gatecrasher is very small.

 

Limit Login Attempts has been doing quite a nice job since I installed it, but lately non desirable people have started sliding below the door business cards made by many different factories, thus reducing a bit the effectiveness of the scanner. Along time, I went through all these levels of annoyance.

  1. Just ignore them.
  2. Write a sarcastic post about them.
  3. Tweak the scanner to block more and faster.
  4. Destroy the doorbell.
I never have guests on my list: it’s always just me at the door. So I do not need a doorbell because I can call the gatekeeper and trust them to recognize their master’s voice. Of course, I still present my credentials.

Step 1 of 2 – Edit the wp-login.php file

In your WordPress blog directory there is a file called wp-login.php. It’s the file that shows the login page. At the very beginning, after the statement that reads {[ .wp-login-start | 1.hilite(=php=) ]} insert the following lines of PHP code {[ .my-login-server | 1.hilite(=php=) ]}

What these lines do is to check if the user has submitted a login form with a given challenge/answer pair. In this example they are doit/now. If the pair is there, then the login form is processed as usual, otherwise the user is redirected to the home page.

Of course you MUST NOT use doit/now, but feel free to choose any other pair of words that you can easily remember, possibly unrelated, like spoon/pig. (sorry, now you cannot use that pair either) Use only letters a through z. (this is not a password !)

That pair is your secret. Do not tell anyone, unless you want them to be able to get through the login page.

Step 2 of 2 – Add a bookmarklet to your browser

Edit the following code such that the challenge/answer pair matches the one used in Step1. Then make a bookmarklet out of it, copy the result in a new bookmark and call it My login. {[ .my-login-client-safer | 1.hilite(=javascript=) ]}

What these lines do is to add a challenge/answer pair to the login form and submit it.

When you want to login, go to the login form and enter your username and password as usual, but remember to hit the bookmarklet instead of the standard button. (If you used the standard button you’d be redirected to the home page, without logging in.)

A Login Dongle Plugin

I’ve already made a Login Dongle plugin for WordPress with all that code. I’m going to upload it this week. Stay tuned.

EDIT (2012-02-09): http://wordpress.org/extend/plugins/login-dongle/

 

Posted on

How to recover an old installation with Softaculous

Yesterday I had some time and will to update my TikiWiki installation, that I created in 2008, with version 2 something. When I checked it yesterday, I discovered that the current version is 8.3 !! So I thought: OK, let’s do it!

Unfortunately, a lot of time converts to a lot of changes, so it’s been probably more trouble than needed if I had been keeping TikiWiki up to date along time. Not only the version of the application had changed, but also other basic setups of my hosting provider, including cpanel version and softaculous version. I tried it anyway, using Softaculous updater, but it failed. So I went for my backup.

Fortunately, I made a backup before proceeding, and I’ve been able to restore it by now. Really I made two, for good measure, and that was “lucky” because I needed both. So I’m going to suggest you the same. Do both a database backup (I used cpanel, but anything that can export SQL does the job) and an installation backup (with Softactulous).

 

Softaculous backs up an installation, but the zip does not appear in the backups page.

This is something I was worried about since I got it. Soon after backing up something, Softaculous shows a progress bar and finally a success page that informs you that you will find that backup in the backups page. You navigate there and the zip does not appear !! I made a brand new backup, but I got the same: no zip in the backups page, just the message “You do not have any backups”.

The workaround is to

  1. remove the old installation completely if it’s still there
  2. create a fresh one at the old directory and with the old database name (dummy installation) BUT input your current email address for receiving the installation details
  3. get the number that appears at the end of the backup URL: let’s say it’s 5
  4. access your site with a file manager
  5. enter the softaculous_backups folder
  6. locate the zip file of the backup: you’ll discover it was properly created, with a name like “tiki.0.2012-02-04_19-50-44.zip”
  7. rename it to “tiki.5.2012-02-04_19-50-44.zip”
  8. refresh the backups page
Now you’ll see the zip in the backups page, and you will be able to restore it from there.

Softaculous restores an installation, but the database is empty.

So you restore it, go to the application page and you get a connection error. You check with the file manager and see the application file structure in the old directory, then you check with phpMyAdmin and see the database, but it’s completely empty !! The problem here was that the dummy installation created a database with the old name and the old user name BUT with a new user password.

The workaround is to

  1. import the database backup with phpMyAdmin
  2. edit the database configuration file in the application folder, such that the password is the one sent to your email address

Now you’ll see the application page as it was at backup time, and you’ll be able to go on from there.

 

I’m now going to find a way to export my old wiki content from the old installation and import it back into a new one. Wish me luck.