frank liked World Party – Is It Like Today (Live on KEXP). | |
frank shared Thanks for reminding me about AdBlock Plus Google!. |
Month: March 2013
Thanks for reminding me about AdBlock Plus Google!
So Google removed AdBlock Plus from the Google Play Android store. That is their prerogative, off course, but it does confirm they’re not the cool technology-centric search engine everyone once thought they were. It’s kind of ironic that in December 2011 AdBlock Plus by default enabled the display of “acceptable” ads, a move that seemed to be an attempt to appease (or please) Google.
But whatever way you look at this, Google’s core business (as is Facebook’s) is displaying ads. Sure they try to do that in an intelligent manner. And sure, they have some cool technologies (App Engine, Android, Chrome, …). But at the end of the day they want us to see and click on ads. That makes Google a media company. But whereas traditional media have -at least the notion- of a wall between their editorial and advertising departments, editorial independence does not seem to exist over at Google.
I don’t like particularly like ads, I don’t like widgets snooping on my web-whereabouts and I definitively don’t like Google’s advertising department dictating what applications the editorial team in charge of Google Play should remove. So today I installed AdBlock Plus on all my devices. Maybe you should too?
On WordPress GET floods, plugin fingerprinting & keeping safe
Infosec consultant and blogger Xavier Mertens suffered from a GET flood last week. The would-be DDOS originated from WordPress blogs that seemed non-related both geographically and content-wise, were using different versions of WordPress and seemed not to be compromised.
So what gives? WordPress blogs autonomously trying to DDOS other WordPress blogs? My best guess; a WordPress plugin gone rogue. The great WordPress HTTP API makes It easy enough to create a plugin that fetches targets from a control server and issues requests to those targets at a given time. It’s only a matter of hiding that behavior inside a plugin that seems useful and getting people to install that. The easiest way; finding an older plugin with an existing userbase and taking over development from the original developer (as i did with Autoptimize) is the easiest route to create your own little DDOS-ing botnet.
But all of this is pure speculation (although the UA matches the one used by WordPress HTTP API) off course. The only way to know for sure is to, for at least a sample of the flooding blogs, check what plugins they have in common. Doing so is frightfully easy using the NMAP HTTP WordPress Pugins script and if I am not mistaking Xavier is indeed looking into this.
But given the ease with which the NMAP-script can scan for WordPress plugins (there are similar scripts for e.g. Drupal modules), you might want to stop this from happening? I for one added this line in my WordPress .htaccess:
RedirectMatch 404 ^/wp-content/plugins/[^\/]*/$
Maybe you would even want to return a 404 for plugin readme.txt and index.html files as well, but I’ll consider that an assignment for you guys to chew over 😉
My YouTube is Lyter then YourTube!
The latest WP YouTube Lyte version came with support for responsive themes and added microdata for better search-engine discovery of your embedded video’s. But there were also some important improvements from a performance point of view;
- The title of the video (and the description, length, …) is now requested and cached server-side (the data is stored in the WordPress database, as post_meta, to be precise) and included in the HTML instead of getting that data client-side using JavaScript
- The LYTE player chrome (the play button -with 2 states- and the bottom control) is now fetched with one request for a CSS sprite (lytesprite.png) instead of 2 separate images
- And finally a lot of the player properties are now defined in CSS instead of being dynamically set in JavaScript, resulting a a significantly smaller JavaScript-file
But what are words worth, you only want to know if WP YouTube Lyte still out-performs normal YouTube embeds, right? Well, there’s nothing like a nice old-fashioned comparative webpagetest;org test to see where we stand!
document complete | fully loaded | video only | ||||||
time (s) | requests | size (KB) | time (s) | requests | size (KB) | requests | size (KB) | |
Standard YouTube (page | result) | 1.757 | 10 | 167 | 4.718 | 13 | 483 | 8 | 429.8 |
WP YouTube Lyte (page | result) | 1.021 | 6 | 79 | 1.353 | 8 | 100 | 3 | 22.9 |
So yeah, WP YouTube Lyte is more efficient then normal YouTube embeds, by a very large margin! Now go and preach to the unfaithful, because after all, doesn’t the world deserve Lyter YouTube embeds?
How to have normal YouTube-links handled by WP YouTube Lyte
Although by default WP YouTube Lyte only works with httpv or httpa links and hence does not act on normal YouTube links (which are instead auto-handled by oEmbed in WordPress core), you can easily change this behavior by adding the following code-snippet to your theme’s function.php or to a separate “helper”-plugin:
/** force wp youtube lyte on http://www.youtube.com url's as well */ add_filter('the_content', 'force_lyte_parse', 1); function force_lyte_parse($content) { $content=str_replace('http://www.youtube.com/watch?v=','httpv://www.youtube.com/watch?v=',$content); return $content; }
Now that wasn’t too hard, now was it?
As found on the web (March 4th)
frank shared Mozilla Wants to Put Your Phone Inside Firefox. | |
frank shared The best WP YouTube Lyte to date!. | |
frank shared Atoms For Peace komt naar Lotto Arena. |
The best WP YouTube Lyte to date!
Today WP YouTube Lyte 1.2.0 got finally pushed out the gates! This new version is beyond any doubt the best version to date, with the following new features:
- LYTE embeds are now fully responsive
- automatic inclusion of scheme.org microdata (VideoObject) (also known as “rich snippets”)
- even better performance (less requests; was 5, now 3)
- updated to the current YouTube look & feel, see this YouTube video about microdata:
Although I did go through a small beta-cycle, with feedback from 5 users (thanks guys), I am pretty sure there still are bugs that will rear their ugly head in the following days (some strings haven’t been translated yet, for example). Do contact me, add a comment here or create a post on the wordpress.org forum in case you encounter unexpected behavior!