Flock 1.0 have been out for a while now, and I’ve been using it as my primary browser, both on the laptop and on my workstation, for a few days now. These are my impressions.

The Social Web Browser

First of all, Flock markets itself as a social web browser, and integrates with a number of social services, such as Facebook, Twitter, del.icio.us, YouTube, Flickr, Blogger, TypePad, WordPress.com, and so on. The list is extensive, but far from complete. Where’s Jaiku, MySpace, Digg, and so on? Maybe that’ll arrive later on.

The social stuff works in a few different ways. For instance, your media browser opens between your tabs and the toolbars, while the People sidebar handles text-based social services, such as Facebook or Twitter. This means that you can check out what your Facebook friends are doing, or post tweets, right in the sidebar in Flock. Nothing particularly new for people used to pimping their Firefox installs with wicked extensions, but still cool and nifty.

Get Blogging

There’s support for publishing to both blogging services such as Blogger and WordPress.com, but also self-hosted blogs. The blog writing tool is easily configured and pretty accessible, just a button in the small social toolbar (configured in my screenshots) to the top left. It looks nice enough, with a wysiwyg editor, and the opportunity to edit the code. I’ve done a few posts with it, and it does the job, but this one’s not for me. Sure, it’s very handy to have a blog editor in your browser, when reading something that pisses you off and makes you want to rant, but at the same time I can see a lot of weird things happening, especially if you have multiple blogs. A post could be published on the wrong blog, for instance, and I doubt the Devlounge readers would like to get the recent big black latino asses I’ve scavenged from the web. Not that I’m into that sort of thing, of course…

Seriously, I can see the blog posting tool working out for a lot of users. It’s not for me though, but it’s there and that’s fine.

Web Clips and Bookmarks

The web clips, however, could be something I got around using. It’s another sidebar, to which you can drag text, links or images, for latter use. Just mark the text, or drag the image, and drop it in that little box, and it’s stored in the sidebar, easy to access. I haven’t gotten used to doing this yet, but I’ll definitely give it a go and see if this is something that works in the long run.

Bookmarks’ got support for del.icio.us of course. At first I looked around after that nifty little tagging button that the del.icio.us plugin gives you for Firefox (and others), but couldn’t find it. Well, turns out that all I had to do was bookmark a page, and I got a nice little dialog asking me how I wanted to store my bookmark. Very nice, and great for someone like me as well, who use both del.icio.us, and the bookmark bar, as you can see from the screenshots.

Not 100% Bug Free

Speaking of the bookmarks bar, among the few bugs I’ve encountered, there’s this cute little thing. “Pownce” is a bookmark added to the bar, but as you can see there’s spacing before the first letter (it’s hovered in the screenshot). This occurs every now and then when you create or drag a bookmark to the bookmarks bar, but there’s nothing visual to remove when editing it. Delete and redo. An annoying, but not very dangerous, little bug.

Worse is the URL bug. Sometimes the URL field just isn’t updated, so I can surf Twitter, and suddenly realize that I’m over at some unknown person’s Twitter page, but the URL still says twitter.com/rethord. If I mark this and press enter, it loads twitter.com/rethord as well, so it’s not just a visual thing. Surfing via links or bookmarks while this occurs works as usual, but it’s really annoying. Hopefully this is something they’ll come to terms with pretty soon.

Can You Browse The Web With It?

So how’s the browsing then? Well, Flock is built on the same engine as Firefox (Gecko) and seems to render everything the same way. The browser is responsive and fast, and it doesn’t seem to leak memory in the same crazy manner that Firefox does (or used to do, it’s gotten better, although it still hogs those valuable megabytes). I’ve yet to experience a crash as well, which is very positive.

However, despite Flock being based on the same engine as Firefox, your old extensions for the latter won’t work. That means no Firebug, which means that Flock still have a way to go before it really can push Firefox out of the way for web developers out there. Likewise, extensions available for Flock is a mere nothing compared to what’s out there for Firefox, which tweakers are sure to dislike.

For now, Flock is my default browser – a great verdict by itself. At least when just browsing the web, sending e-mails, doing social stuff, and for blogging research. When it comes to development, I need my Firebug extension and then I’ll boot up Firefox again.

Check it out over at flock.com, and make sure you take the tour if you want to learn more.

It appears that Devlounge suffered for some downtime earlier today. The culprit has been zapped by the server people. Hopefully, it won’t happen again. Nonetheless, we apologize for the inconvenience.

Today while at work I was browsing my feeds when I stumbled across a very odd headline: You got h4ck3d!

I thought it was a joke. So I went to the website.

As you can see from the image, the hack is legit. The author promptly removed the post within a few hours and it was like nothing ever had happened.

The way the hacker got in was through the “wp-config.php” when it was readable as plain text. From that, the hacker can get your database name, and your database username and password. This could’ve have easily been prevented, even if the hacker could read the “wp-config” file.

Protect it the .htaccess Way

Josiah Cole wrote a nice htaccess tutorial on modifying your .htaccess to protect the wp-config.

Here’s the code he used:

# protect wpconfig.php
<files wp-config.php>
order allow,deny
deny from all
</files>

Protect the WP-Config by Moving the File

Now one can move the wp-config to an unpredictable location and change the code in the source, but that would be a pain to do with every WordPress upgrade.

How about creating a separate PHP file in a non-WWW accessible location and use the WP-Config to include that file.

Say for example that your web include path for your server was /home/yourname/public_html/. You can actually save a file in the /home/yourname/ area and it won’t be web accessible. Meaning that even if somebody were able to read your wp-config, they wouldn’t get anything valuable.

Here are the steps that I took.

Create a “config.php”

Within this config.php file I included the following:

<?php
define('DB_NAME', 'your_db_name');    // The name of the database
define('DB_USER', 'your_db_username');     // Your MySQL username
define('DB_PASSWORD', 'your_db_pass'); // ...and password
define('DB_HOST', 'localhost');    // 99% chance you won't need to change this value

// You can have multiple installations in one database if you give each a unique prefix
$table_prefix  = 'yourdbprefix_';   // Only numbers, letters, and underscores please!
?>

I uploaded this file to a non-WWW readable location. Normally this should be the directory before “public_html” or “www”.

Modify the WP-Config

I then modified the “wp-config.php” file to include the file. If somebody were to somehow read the contents of my WP-Config, all they would see is this:

<?php
include('/home/yourname/config.php');

// Change this to localize WordPress.  A corresponding MO file for the
// chosen language must be installed to wp-includes/languages.
// For example, install de.mo to wp-includes/languages and set WPLANG to 'de'
// to enable German language support.
define ('WPLANG', '');

/* That's all, stop editing! Happy blogging. */

define('ABSPATH', dirname(__FILE__).'/');
require_once(ABSPATH.'wp-settings.php');
?>

Please note that the include paths change from server to server, but hopefully you get the idea. Save your sensitive information in a non-WWW location, and have the WP-Config file read it in. This way you won’t have to change anything if you have to upgrade WordPress.

Conclusion

If a person with malicious intent finds your WP-Config file and can actually read the contents, your website is exposed. Devlounge wrote an article earlier today that revealed how easy it is for a hacker to change your password (and get admin access to your blog) using phpMyAdmin.

You can never be too careful about these things, so protect your WP-Config and make sure you have a recent database backup.

If there are any more ways to protect the WP-Config that I didn’t already mention, please feel free to add them in the comments.

If you are managing a WordPress installation and for some reason, maybe a hacker, you no longer have access to your Administration panel using your user name and password, then it might be time to change that information using WordPress’ database.

Even if you don’t have CPanel, you should have access to phpMyAdmin. It is a simple, but powerful, application that allows you control over your databases, and can be easily used to change all kinds of information stored in the MySQL databases it manages.

Step 1: Do You Know Which Database WordPress Uses?

Before we do anything else, we have to assertain which database WordPress is using. If you only have one WordPress publishing system installed, this isn’t a problem. If you have used an automated means of installing WordPress, you probably don’t remember what database you have used.

Even worse, if you are like me and have over a dozen WordPress installations spread on a few different databases, with some using the same database, figuring out which one you need to change can be a nightmare.

The easiest way to figure out which database you are using is to FTP into your hosting, and open the wp-config.php file with a text editor. It will give you the database name, which we will use later in this tutorial.

Step 2: Getting to phpMyAdmin

In a CPanel environment, you will most likely have a button called MySQL Databases. It may or may not look like the image over to the right, but none the less, it should be there somewhere.

Clicking on it will list all of your current databases, as well as other information. Don’t concern yourself with all this right now. Move to the bottom of the page, where there should be a link that says, phpMyAdmin.

Step 3: Finding Your Users

A new window will most likely have opened. It will have two panes. On the left hand side you will have a list of databases. Click on the one related to the WordPress installation we are going to work with.

Look for a table called wp_users in the left hand pane. It is usually the last item in the list.

*Note: If your WordPress table prefix is not wp_ then you will be of course looking for your custom prefix user table. You can find your prefix in the wp-config.php file.

Click on the user table link, and in the right hand pane, the information will change. At the top there should be a few links. Click Browse.

It should then look something like the following image.

Step 4: Editing the Password

You will notice there is a field called user_pass. This is where the password is stored in WordPress. Find the user you want to edit, and click the pencil image next to the red X. This will allow us to edit the entry.

You will notice the password is strange, and not plain text. This is because for security reasons, WordPress stores the passwords as an MD5 hash.

We can’t just enter a normal text password, and should replace the MD5 hash of the password we don’t know with the MD5 hash of a password we do know.

To create an MD5 hash, I usually just search for “online MD5 hash” on Google, and come up with some great online tools for creating the result I need.

Example: Javacript MD5

In such tools, I enter what I want the password to be, click a button to process it, and it spits out the MD5 hash that I want to enter in the user_pass field.

Click Go to save the change, and then log in to WordPress using your new password.

Sidenote

If a hacker was able to change your password, or other information in WordPress, upgrading should also be one of the first things on your mind once you change your password.

Picking the right colors for a project can be hard. Sometimes you end up doing the same scale over and over again, overusing those easy blue and white with a touch of gray designs. So what do you do when you need inspiration for new color schemes? You could hunt the CSS galleries of course, looking at designs, but there are better ways.

Enter the huge amount of color schemers available online!

The First Stops

A great first stop when looking for new inspiration when it comes to colors, is COLOURlovers. It’s basically a blog about colors, with trends and votable palettes, and so on. This is where I would go first, if inspiration failed me. I just might for an upcoming project, actually…

Almost as cool is Adobe’s online service Kuler. It sports a way better design, tag clouds, and 24 508 color palettes to work from. There’s also a desktop application, using the AIR framework, if you want Kuler easily available. This is so much more than just a place to hunt for colors, developers can use the Kuler API and do a bunch of stuff, but for me and for now, it’s just a great place to scan for interesting color patterns.

Online Apps to the Rescue

Color Inspirator and ColorToy are two nice services. Both offer random color combinations, if you’re really thirsty for something new this might be the way to go. More fun than practical, perhaps, since you usually have an idea of what you’re after, but still. Fun stuff, and could be useful. It would be interesting to create a design, basing all the color choices on the randomness of online apps like these.

There are some other services as well. Color Palette Generator lets you upload an image, and it’ll generate a color palette based on it for you. Pretty cool, and could even be handy if you’ve got a header image you really want to use, but aren’t sure what colors the site you’re doing should have. Color Combinations lets you pull other websites colors, as well as offers lots of palettes arranged in color tags. Finally, GrayBit is a really cool service that lets you test the contrast of your chosen colors. Put in http://www.devlounge.net in their little form, press the Make it Gray button and BAM! There it is, acceptable contrast I’d say.

Closing the Coloring Book

There’s ton more, of course, but hopefully this little article will help you out the next time your creative mind draws a blank when you need to choose the right colors. It sure reminded me, just by browsing these sites again, of how many cool color combinations there is out there.

Happy coloring!

What is RSS?

RSS is a type of XML file which includes content from a variety of websites and web services. It allows people to easily track new content being added on sites. RSS stands for Really Simple Syndication (RSS 2.0), RDF Site Summary (RSS 1.0 and RSS 0.9), as well as Rich Site Summary (RSS 0.91).

Many people have said that RSS is what has really made the web better and more useful, as we can subscribe to data, content and information from just about any website.

My grandmother didn’t understand the usefulness of RSS until I told her that it is like subscribing to the favorite sections of newspapers around the world and having them all delivered to you as new stories are written.

WordPress and RSS

WordPress has many RSS options built into it, but some theme authors have forgotten to add the proper code to the header to make it easy for RSS feed discovery services, like Bloglines, to find.

To insert the feed into the head of your themes, make sure you use the following code:

<link rel="alternate" type="application/rss+xml" title="<?php bloginfo('name'); ?> RSS Feed" href="<?php bloginfo('rss2_url'); ?>" />

To learn more about the feed options that WordPress comes with, check out the RSS Page on the WordPress Codex.

The Tips

Feature Your RSS – If you want to get people to subscribe to your RSS feed, the best way is to feature it the best you can, and as often as you can. If you don’t, people won’t notice it and thus they won’t subscribe.

Write About RSS – I know it seems a bit comical that I am writing a post about RSS and one of my tips to increase RSS subscribers is to write about it, but writing about RSS, or your current subscriber growth is a great way to increase your subscriber base. It is a reminder to those that read the site, but don’t subscribe, that maybe they should.

Give Options – With Feedburner offering both regular subscription options and e-mail subscription options, giving your readers many options can help increase the number of people that subsribe. This also includes giving them multiple feeds. WordPress comes with support for multiple feed formats, and allows users to subscribe to single categories if they so choose.

Hold a Contest – There are many ways to insert information into the RSS feed and you could hold a contest where people had to subscribe in order to find the keyword of the day. Usually, unless you are producing amazing content, most subscribers will quickly disappear once the contest ends.

Consistently Write Great Content – This is by far the most simple tip on the list, but for some people, it is also the most difficult. The reality is that sites that break news, have strong opinions, or teach get more subscribers than other sites.

While great content can be subjective, consistency isn’t. If you publish one original article every day, your RSS subscribers will slowly climb. If you stop posting, they will most likely fall.

Conclusion

As adoption of RSS feed reading continues to pick up steam, you will want to optimize your blog to promote the options people have to subscribe to your site. There is nothing better than having regular readers, and subscribers are more likely to be regular readers than anyone else.

What are your best tips for increasing subscribers?

A new “version” of the popular ShareThis tool has been released. You will probably recognize the icon as it has been used on thousands of blogs the world over, due to the simplicity it adds to allowing visitors to bookmark, email or otherwise share articles they are reading.

If you run a WordPress blog, it is easy to integrate ShareThis as it comes in plugin form. With the new update though, non-WordPress blogs are now supported, making it easier than ever to use ShareThis. You can also add ShareThis to Internet Explorer or Firefox to make it that much easier to share the great content you find online.

Some other new features in the new version include being able to configure how the button works, which web sites and web services you want to include, and what colors you would like it to use. Another big addition includes the ability to not only e-mail articles like in previous version, but also share the content via IM and mobile chat protocols like SMS.

The last major new addition is a tracking system which reports how many people are sharing your content and which content they are sharing. Data will be delayed during the first month of data collecting, but I am not sure after that if it will be updated more often.

I can see this becoming more useful to bloggers and websites in general as they continue to make the product more useful and easier to use.

Some drawbacks I have noticed include a slower loading time on the new widget, and some slight user interface quirks, but I still think it is worth adding to your array of on-site promotional tools.

For more details on what is going on with the ShareThis product, check out their blog, and download the new WordPress plugin.

It is with great pleasure that I start the second year of Friday Focus, the weekly run down of cool things worth checking out before you kick back and relax for the weekend. There is no better way to start your weekend then to be reading the focus every Friday. Enjoy the weekend everyone.

Sites of the Week

Another extremely simple yet functional and super-clean portfolio site kicks off this weeks focus. Poccuo is a design collaborative that has done some pretty nice work ranging from websites to logo designs.

Infinise Design finds itself at number two this week, with its clean and compact portfolio design. A ton of truly excellent icons and other designs can be found in the showcase, plus a sweet collection of downloads too.

Wrapping up this week is Kareo. I discovered this site on CSSGalleries, which I usually do not use when I’m pulling my weekly three sites. This site just happened to catch my eye, and I thought it deserved to make the list. I guess you could classify this one under the “smooth” category.

Digg Weekly

Design -50 Ways to Become a Better Designer
Devlounge is on this list, so what the hell, I figured I should mention it.

Programming – Graceful E-Mail Obfuscation
From Digg description: Posting a naked e-mail link anywhere on the web, in a newsgroup, chatroom, or weblog comments page is generally the kiss of death for your once-healthy address. Now you can protect your addresses in a fully automated way while at the same time being gracious to all users, so you can focus on what’s really important: getting your content out.

Underdog – Webunload: A web marketplace
Yes, I have done a whole lot promoting on Devlounge already about my new project, but there were some issues that needed to be tended to the first few days, and now that everything is settled, I figured why not one more time. The official Digg post really did horrible (1 damn digg), so even if you do not care about the site, please help support my new project by digging it so I can hopefully get the traffic up there quickly. Thanks in advance!

I’m very interested to hear from you, the Dear Reader, on this one. How can a site, be it blog, forum or whatever, benefit from publishing a podcast?

Let’s start with traditional podcast, the ones that consists of a mp3 file, or similar sound file. They are really hard to monetize, there are no Google Adsense for podcasts (yet), and although you could sell commercial spots on your own I doubt it is very easy. I mean, you’ll have to have your advertiser record their spot, or offer that service. Possible, but hard.

So ruling out making actual ad money on your podcast, what benefits are there?

• It’s an extra feature that could attract more readers.
• A downloadable podcast can reach an audience outside of the computer, on an iPod for instance.
• Offering content in other forms than just text adds another dimension to the site.
• Adding a strong jingle will further strengthen your brand by giving it its own soundtrack.
• You can reach new audiences via iTunes and podcast services, people that you might not have reached otherwise.
• Maybe you could land a radio show? Who knows…

Video podcasts add even more possibilities, besides the one above:

• You can put a living moving face on your site, which further strengthens it.
• There are advertising programs (Adsense and YouTube are friends) and services (like Metacafé or Revver) for online video, although they are pretty limited still.
• You can get your site on YouTube (and similar) and gain new audiences.
• Maybe you can land a TV contract, or get bought by a network, like Wallstrip was?

Are there any more benefits in having a podcast? What are your thoughts?

It appears that the RSS online reader Bloglines is gearing up to release a top 1000 list on feed subscribers. The service is in beta at the moment, with Slashdot at the top spot. Check it out. Hopefully they’ll add a search function to see where a blog is on the list. Via Problogger.

You would think that over the long period since everyone used static pages for their websites, we wouldn’t have to come full circle, but with the ever increasing audience of web savvy users, database calls can bring a website to its knees.

Do huge waves of traffic have to bring your WordPress powered site down? Not if you are properly prepared.

What is Caching?

Basically, caching takes a duplicate of a page, and creates a static file from it. This means that as each new user comes to view the page, they don’t make the software, in this case WordPress, poll the database again. This reduced the strain on the server hosting your site, and makes it able to handle larger waves of traffic.

Wikipedia breaks it down really nicely:
In computer science, a cache (IPA:/kæʃ/, like “cash” [1]) is a collection of data duplicating original values stored elsewhere or computed earlier, where the original data is expensive to fetch (due to longer access time) or to compute, compared to the cost of reading the cache. In other words, a cache is a temporary storage area where frequently accessed data can be stored for rapid access. Once the data is stored in the cache, future use can be made by accessing the cached copy rather than re-fetching or recomputing the original data, so that the average access time is shorter. Cache, therefore, helps expedite data access that the CPU would otherwise need to fetch from main memory.

Why is it important?

They blame their hosts for this because they believe it to be their fault, when instead the hosts are really just looking out for their own business

I have seen so many people complain about how their web host shut down their site just as they got on the front page of Digg, or that the site crashed. They blame their hosts for this because they believe it to be their fault, when instead the hosts are really just looking out for their own business, and the other websites on the server that your site is on.

Most people have shared hosting, and what this means is that there are numerous websites, files, and other blogs all being run from one server, and while bandwidth and hosting is super cheap, adding additional processors (CPU’s) to the server can be very expensive and so CPU time must be limited on each account to keep the stability of all the sites as perfect as possible.

When your WordPress powered site gets a great deal of traffic in a short period of time, the processor is put under a fair deal of strain, and if you have ever opened so many applications that you have slowed or even frozen your computer, the same can happen to the server. Now imagine if there were a dozen people all working from your computer. Wouldn’t you be frustrated if it froze out everyone every time a large spreadsheet was opened?

So web hosts put in measures to stop any one site from disrupting all the sites on the single server. Really though, part of the responsibility is the owner of the site, and if you don’t plan accordingly, then you deserve any disruption of service that you get.

Are there any downsides?

Pretty much any caching plugin is going to have its limitations. A cached page may not show certain “live” details correctly, like how many people viewing a page, and this is because the page being served is not pre-processed every time by the server. This is a small consequence in comparison to keeping your site live during large waves of traffic.

WordPress Caching Plugins

There are a few WordPress plugins that will help you create cached pages of your blog, its feed, and any externally linked images you may be using. The most popular one to date has been WP-Cache 2.0. It has a great deal of respect in the WordPress community, and has been tested and proven to be beneficial during high traffic times.

Some details from the site:
WP-Cache is an extremely efficient WordPress page caching system to make your site much faster and responsive. It works by caching Worpress pages and storing them in a static file for serving future requests directly from the file rather than loading and compiling the whole PHP code and then building the page from the database. WP-Cache allows to serve hundred of times more pages per second, and to reduce the response time from several tenths of seconds to less than a millisecond.

WP-Cache started from the “Staticize Reloaded” by matt and billzeller. Most of their recommendations also apply to WP-Cache. Current version, WP-Cache2, is a huge improvement over previous versions of WP-Cache.

There are other options though, as Donncha has built Super Cache, a series of modifications to WP-Cache 2. It continues to add new features, as well as fixing some things that weren’t necessarily perfect in the last version of WP-Cache 2, and has already had a 0.2 release put out which many WordPress fans are enjoying.

One feature that stood out to me was that Super Cache will only create a new cache file for a post, if a comment is not marked as spam by Akismet. I think this is brilliant and makes complete sense, and will only serve to help continue to make WordPress blogs as efficient as possible in their performance.

Super Cache, on release, did make it to the Digg front page, but unfortunately, it didn’t attract the full on “Digg-effect”, and as such didn’t give Super Cache the initial test we were all hoping for, but Donncha’s results are still very impressive. Check it out on his blog, Ocaoimh.ie.

As for other caching tools, there is FeedCache, which will cache your RSS feeds, Cache Images, which takes images you have linked to that are not on your site and copies them to your own content folder, and there are many others depending on the task you want to compete.

Other measures you can take

Using a WordPress plugin isn’t the only thing you can do to reduce the server strain that your site creates. You can also remove some of the graphics you are currently using, to make the page’s file size smaller. One of my favorite ways to do this would be to change the print stylesheet into the default stylesheet during high traffic times. This will allow you to continue to feature your content, and images relevant to the post, but remove most other elements.

If the choice is between having a fancy design or keeping your site up, I am sure you would rather keep your site up. To accomplish this, you can create your own print stylesheet, or use a plugin like WP Print and change the header.php to use the stylesheet that comes with the plugin during high traffic loads.

Donncha also recommends a server application called Xcache.
For maximum performance, download Xcache and install it. The Xcache WordPress plugin uses Xcache to cache data structures and makes WordPress much faster, even if you don’t use any other caching tool.

To use Xcache though, you would have to have the ability to install things on your hosting server, or if you politely ask your host, maybe they will install it for you, but this is not something that most places will allow you to use. I still wanted to include it though as an option though, as I continually hear how great it is at reducing server load.

Conclusion

Getting to the front page of any popular website can mean huge amounts of traffic, but if you are not prepared, it will all be wasted as people are brought to an error page. I highly recommend that those using WordPress, or any software that doesn’t used static files to display content, research caching options for your sites, as you never know when you will need it.

And try to remember that it is not just your hosts fault when your site goes down due to a huge burst of traffic.

Big name blogs are teaming up for an award called the Crunchies, after industry leader TechCrunch of course. Other blogs participating includes GigaOM, Venturebeat, and Read/WriteWeb.

The 2007 Crunchies is our first annual competition and award ceremony for the most compelling startups of the year.

Look for nominations and voting here in the near future, followed by a real-world award ceremony and party.

This is without a doubt an award that startups will want to win, given the massive coverage and industry recognition that surely will follow.