Windows Web Hosting, Web Technologies, etc
Web Technologies
The easy way to create your first WordPress Theme.
May 6th
Tired of trying to find just the right wordpress theme? There’s millions of them to choose from afterall. Would love to create your own but have less artistic talent now than you did in Kindergarten with a box of busted chunks of crayolas? (You know what I’m talking about. First week of school you had brand new Crayolas by the second week they were all bits and pieces and nubs)
Well No worries! Artisteer to the the rescue! If you can use word, if you can click a couple buttons you can create your own WordPress theme with ease.
Creating your first wordpress theme is as easy as 1, 2, 3
After you download and install Artisteer you’ll want to run (uh duh, tell me something I didn’t know Jess). You’ll be prompted to pick what kind of theme you want to create and it supports more than just WordPress. In fact today it supports WordPress, Joomla, Drupal, an HTML template, an ASP.NET Application and a CodeCharge Studio Template (CodeCharge is for wannabe programmers just like us wannabe artists, I’ll talk about it in the next series and yeah, I use it too and no real programmers use it too).
Here’s the startup screen:
You’ll select WordPress and then get a screen like this:
Now with absolutely ZERO artistic ability and effort. I could export that theme and have just created my first WordPress theme. Let me show you how.
First you’ll click on the Export Button on the top right. and it will prompt you with a screen:
You’ll give it a name and set a path to where you want it to export to as I did above and then click the OK button to let the magic happen. Open up that folder you had it export to and ta-dah! There it is:
That’s it upload that folder to your wwwroot/wp-content/themes folder and you’ve got your own theme installed and ready to go.
Here’s my blog right now (that uses an artisteer theme)
and Here’s my blog with that new theme we just created selected as the theme to use:
Just as easy as 1, 2, 3 I was able to completely change up my blog’s design.
Making the Artisteer theme, your theme.
Here’s the thing. I don’t really care for the yellow sunburst, the palm trees or general layout of this theme so let’s change it up. By clicking the “Suggest Design” a few times, artisteer will randomly create some suggested designs for me and every time it’s something completely different.
After three clicks I got this:
I like the design, but I don’t care for the colors. So I click the suggest colors button a few times and I get:
Those are colors I can live with but I don’t like the background so guess what, I click suggest background:
Now I can go through and get suggestions for every element of my theme and I can also go in and tweak the particular features of the theme as well. Let’s look at the header. I want to change it up. So at the top I click Header and get a new menu bar at the top:
Now I can change the background image, the text location, add a foreground photo, etc, etc, etc.
With a little playing around (and don’t worry if you goof it up just click the undo button at the very top to roll back) this is what I came up with:
Yeah, I know what’ you’re thinking. That’s one scary clown Jess.. But you get the idea, you can tweak every single element of your theme and if you actually have (unlike me) more artistic talent than you did in kindergarten with those broken bits of crayola, it will look pretty nice.
If you haven’t grabbed artisteer yet, definitely do head over and give it a whirl.
I speak your language thanks to the Microsoft Translator Widget
May 6th
While at MIX, I learned about the Microsoft Translator. It’s a website widget you add on your site and allows your visitors to select their preferred language and then translates the page into that language. I had a wordpress plugin at one time that did this but quit using it (I don’t recall why, I think it was because I had to manually add it each time I changed the theme).
Anyway, you can learn try the translator on my site by visiting the little box on the right side that looks like this:
And selecting your language and pressing the little play button. Then without leaving the site it starts to translate the page, IN PAGE. Very cool, gotta love that AJAX/Javascript goodness.
How do I get one too?
Want to get it? Here’s a little known secret. All Microsoft’s beta stuff is available on http://connect.microsoft.com signup for it there and you’ll receive a beta code as soon as it’s available. Some betas are open immediately and some take a few days. It took about a month for me to get this one.
All Obama Elected Newseum Frontpages Deep Zoomed
Nov 7th
Scott Hanselman and Scott Stanfield did a fantastic job of creating a deep zoom collage of all of the frontpages collected from 11/5/2008 by Newseum. You can see it here:
Playing with the new Deep Zoom Composer
Aug 6th
Microsoft released another update to Deep Zoom Composer on August 3rd. The latest build of Deep Zoom Composer includes a feature that generators the silverlight code for you and also support photo-stitching. Photo-stitching is where you take multiple pictures and stitch them together to create a panoramic photo. Deep Zoom is the seadragon technology from Microsoft that allows you to pan and zoom in an image and the browser downloads only those pieces of the image in detail that you’re looking.
Add an 8MP Point and shoot and Deep Zoom Composer and what do you get? The cool stuff ofcourse!
So recently I went to San Francisco and found a little time to took a few pictures. If you’re wondering what a Florida boy takes pictures of in California, it should be pretty easy to figure out… Bridges and Mountains ofcourse!
So here’s the good stuff: Deep Zoom from the top of Mount Diablo. Deep Zoom of the Golden Gate Bridge.
You can open those files and if you have the newest Silverlight 2 beta installed you’ll be able to pan and zoom all through the images by either using your mousewheel or doubleclicking on an area. Cool stuff.
So That’s Cool, But How’d I do it?
So here’s the coolest thing about this whole process. The pictures of the golden gate bridge aren’t actually in order and in fact they were taken with the camera at 90 degrees so I could get more landscape in. What’s cool about that? Well deep zoom composer (we’ll call it DZC) figured out the order of the pictures and did the best job I have found yet for photo stitching. I don’t use a tripod or any fancy fish eye lens so it’s got some work to do but it does it faster and with better accuracy than anything else I’ve used yet.
Here’s what the pics looked like in Picasa2 (you can see I went left to right and then back to the left to take two more pics of the fog rolling in)
Here’s another cool thing about these pictures. This effected is created using 770+ different smaller images and it only streams to you in detail the area you’re looking at. So instead of downloading 7 images that are all 3MB each you’re downloading bits and pieces needed for that area you’re viewing. Pretty cool stuff.
Well is that really? Yes it is.
Okay you’re probably thinking right now “big deal it’s just a photo stitching application with some flashy zoomy-zoomy stuff”. But here’s where it really shines. Look at the first Golden Gate Demo app I created. You’ll see this picture:
Yeah it’s a nice picture. But then start to zoom into that little light brown weed bush:
Yeah that’s a little more detail right? But Zoom in some more…
Oh look it’s got some other leaves… But zoom in some more..
Now the details really start to come out… Okay you want to zoom some more don’t you? I don’t know if it’s a good idea but go ahead, indulge yourself..
EEK!! You went too far! But now you get the idea of just what can be done..
What else?
Alright here’s a few more pics:
And one more Deep Zoom of the Golden Gate Bridge (taken from the other 5 images in the screen capture above and it’s 1500+ smaller images).
SQL Injection Help .. Microsoft to the rescue with URLScan 3.0.
Jun 26th
The number of SQL Injection attacks across the Internet continue to rise. I’m seeing regular posting on the SANS RSS feed related to SQL Injection and XSS these days and clients are finding that applications they thought were not vulnerable turn out to be vulnerable because of patches and custom mods they’ve had made to them. For most site owners this meant going back to the developers and getting updates and this is generally costly and time consuming. Fortunately, Microsoft has stepped up to the plate and brought us a little relief in the form of URLScan 3.0 beta/go-live release.
Here’s a few links to get you to good stuff and hopefully save the day:
Microsoft Security Bulletin: http://www.microsoft.com/technet/security/advisory/954462.mspx
Link to download HP’s custom SQL injection scanner and how to use it. They created this for Microsoft to help you identify possible vulnerabilities in your site.
A source code analysis application that can help identify vulnerable code in your application.
UrlScan 3.0 Beta. I’m generally opposed to installing beta software on a production webserver but I think if you’re getting hammered, it’s probably better to just bite the bullet and do it. As you probably know UrlScan was for the most part built into IIS 6 but it doesn’t have querystring filtering, this build does and it works with IIS5.1 and later including our beloved IIS 7.0. Kudos to the IIS Team!
Word of caution
Word of caution, I’ve installed this for a few people and a couple times it wouldn’t load after the initial install (Beta software). My fix for this was to install the ISAPI filter directly on the website in question. I used Filemon to watch for when it triggered and referenced the log files to tweak out false positives from there. Each site is unique so you’ll need to tweak your settings accordingly.
Another useful tool
LogParser is another great tool for reviewing your server logs and searching for information such as hack attempts. Steve Schofield has a nice write up about using LogParser and URLScan.
A few FAQ’s on this subject:
Q: Is it Microsoft’s fault and if not then who’s fault is it?
A: It’s yours and your developer’s fault. As hackers evolve so much our techniques to combat them. Coding methods and ways to access SQL server have changed over the years as a result of this and if you haven’t had your site updated, then it’s your fault.
Q: I just moved my website to a new server and I’m getting hacked now and I wasn’t before. It’s the new server right?
A: No. This is a new type of worm if you will that affecting websites the fact that you changed hosts, websites or applications probably doesn’t have anything to do with it at all. This really started to become a huge problem around late April of this year and we’ve watched it grow into a bigger problem since then.
Q: Is URLScan the answer to my prayers?
A: Consider it a stopgap you’ll be able to employ until you’ve had your web applications updated. You really need to get your application secured.
Q: I haven’t been attacked, how do I know if I’m vulnerable?
A: Use the two tools above and also you might want to hire a service to do website security scans. If you’re hosted with Applied Innovations you can you get free quarterly security scans from scanalert.com.
Q: What kinds of applications are vulnerable? Is it just shopping carts?
A: Every application that accesses a database server of any kind is potentially vulnerable.
Q: My website is written in XXXX language and it’s supposed to be very secure, am I vulnerable?
A: Potentially, YES! Any web application that uses a database can be vulnerable.
