Switching OpenID providers through delegation

one comment

Back in the days, when I decided to join StackOverflow, I was forced to create an OpenID – because this is the way to login on StackOverflow.

I decided to use an independent OpenID provider, called myOpenID. I also set up OpenID delegation. This way I could use my own domain name as my OpenID. (OpenID uses URLs as user names, like http://manski.net.)

Now, myOpenID is shutting down on Feburary 1, 2014. Thus, I had to switch my OpenID provider.

Fortunately, OpenID delegation makes this easy – you just replace the two delegation <link> tags and you’re done.

Unfortunately, not all OpenID providers seem to support this. I tried Google (which should work according to this), but StackOverflow always wanted to create a new account for me. (May also be StackOverflow’s fault, I don’t know.)

Fortunately, StackOverflow provides its own OpenID service:

https://openid.stackexchange.com/

So I created a new OpenID there, replaced the <link> tags (details), done. Works like a charm.

Sort posts by modification date in WordPress

11 comments

By default, WordPress sorts blog posts by creation date. However, if you update your blog posts from time to time, you may want to sort them by modification date rather than creation date.

To achieve this, use this snippet: 

function order_posts_by_mod_date($orderby) {
  if  (is_home() || is_archive() || is_feed()) {
    $orderby = "post_modified_gmt DESC";
  }

  return $orderby;
}

add_filter('posts_orderby', 'order_posts_by_mod_date', 999);

In your theme, just dump this snippet into functions.php. (You may need to create this file in your theme’s directory.)

Upload arbitrary files to WordPress (new plugin)

no comments

WordPress is very restrictive when it comes to file uploads. It’s for security reasons, mainly to prevent bad-behaving users to upload PHP scripts and the like to the blog.

However, if you’re the only one writing posts for your blog, this restriction sometimes is annoying. For example, I do a lot coding in C#. So, when I try to upload a .cs file (C# source code file) to my blog, the upload is rejected.

Wordpress rejected upload with "Sorry, this file type is not permitted for security reasons."

Files are approved or rejected based on their file extension, i.e. the few characters after the dot in the file name, like cs in ArrayClearTest.cs.

WordPress maintains an internal list of which file extensions are allowed. Fortunately, WordPress also allows for this list to be extended.

And that’s what my new WordPress plugin does. It’s called Upload File Type Settings Plugin and allows you to extend that list with an easy-to-use user interface. Go, give it a try.

The plugin's settings page.

Fight spam with disposable email addresses

no comments

Interlude

There’s spam on the Internet, alright. Lots of it. You receive spam when spammers get hold of your email address. How do they do this?

  1. A friend of yours got himself infected with a virus/worm/trojan horse. This virus reads your friend’s address book and sends all email addresses in it to a spam server.
  2. Spammers try to guess common email addresses, like sales@mydomain.com or mail@mydomain.com.

  3. A lot of websites require you to give them your email address.

    • These websites can (potentially) be hacked and the hackers can download your email address (among all others) from the website.

    • The website puts your email address in plain text somewhere where it can (easily) be found by email harvesting programs.

You can’t really do anything about point 1. You can kick your friend’s butt for not having an anti-virus program running on his computer or for surfing on suspicious websites. But then (in most cases) it may not be his fault altogether.

You can avoid the problems of point 2 by not using so commonly used email addresses (but this may not be possible for everyone).

What this article is about is point 3.

Before we get started, here’s some good advice (not really related to what’s following):

If you have a website of your own don’t ever put your email address in plain text on your website. Use a contact form, JavaScript obfuscation, or even an image but don’t put it there in plain text.

The Concept

How do you cope with point 3? Easy:

You provide a different email address for each website that requires an email address.

Doing this has several advantages:

  • If you receive spam over such a special email address, you immediately know which website is the culprit.

  • If you receive spam, you simply delete the email address. No more spam. You can’t do this if you provided the website with your main email address (obviously).

Although this concept is nice, there’s one big requirement for it:

Creating and deleting email addresses must be extremely easy/fast. Otherwise you won’t do it, trust me.

Implementation

So, how do we do this? We use a so called catch-all email address.

Email flow chart

This requires that you have the ability to create such an email address. Your best chance is if you have your own domain and your domain provider allows it.

Then:

  1. Create a sub domain for these email addresses. (Don’t use your TLD if you can because a sub domain is not that easy to guess.) For example, create spam.mydomain.com.
  2. Create a catch-all email address for this sub domain. This can either be a mailbox or a forwarding.

That’s it.

Now, when register at a website called “my-fancy-shop”, use my-fancy-shop@spam.mydomain.com as email address. “Creating” a new email address couldn’t be easier, could it?

If you want to delete/block an email address, simply create a forwarding to a non-existing email address (like reject@mydomain.com). Then this email address won’t be caught by the catch-all email address but instead use its forwarding address.