While we like to focus on Open Source software, sometimes, there’s not much offered in a specific category. So far, we’ve not found a very good diagraming tool in the Open Source world. Open Office and its children have a fairly good tool, but these don’t have all of the features we really need to work in the business world. One key piece lacking in the OS world of diagraming tools is the ability to export to Visio format for cross platform compatibility.
OmniGraffle from the Omni Group is what we use extensively here. It’s made for Macintosh only, but covers more than we could ask for in terms of ease of use and it does export to Visio format for PC users to import and use, too. With OmniGraffle, one can build complex diagrams for infographics, network diagrams and process flows. The available objects are easily extended and one can add more “stencils” quite easily.
The United States is not known for its sprint canoe and kayak racing teams — far from it. While we have had a handful of Olympic medals, these have been very few and far between. The sport has only a small following here, despite there being SUP, marathon and outrigger paddling communities with incredible depth. Despite that, we perhaps have some of the best race software around. JRaceman written by Jim McBeath is an open source Java based tool that can be used with many different sporting events to provide reports, heats, race results and more.
Check out some of its features:
Standalone (single user) or client/server (multi user).
Checks data for errors and restrictions (such as max entries per person and age levels).
Choice of methods for initial lane draw, including random, seeded, and by category.
Automatic, Manual, and Custom Progressions (lane assignment).
Supports group events (such as relay races or team boats).
Calculates Individual and Team scores.
Supports multiple customized per-place point scoring systems.
Supports non-scoring competitors (such as Internationals in a National competition), including optional preferential progression for scoring competitors over non-scoring competitors.
Produces HTML reports: Schedule Reports, Entries Reports, Lane Reports, Results Reports, Progress Reports, Score Reports, Award Reports, Personal Results.
Supports alternate and custom style sheets for HTML reports.
Fast web reports to maintain a web site during a meet.
Prints labels for awards.
Export/Import capability to support distributed data entry.
Interfaces to FinishLynx and Omega automated finish-line systems.
Integrated on-line web registration.
On-line help with built-in browser.
Tutorial Wizard simplifies learning how to use JRaceman.
If you’re hosting an event or attending an event that needs help with management, JRaceman is something you should consider using. It’s an excellent example of open source software and great for anyone putting on a regatta, track meet or other racing event!
I had the need to create a link that would log in a person to a WordPress site automatically. That is, hitting the URL alone would log the user in and provide them with features on the site that were otherwise hidden from the general public. This sounds like a security nightmare to some perhaps, but the script I’ve written will only work for “subscribers” and nothing higher, can be hard coded to work with a specific user you create, or can be dynamic and pass the user’s login name as a parameter. There is never a need to pass or even show a password with this script.
Why might you want such a script?
For some sites, registration can be too big of a barrier to use and yet you want specific people to have access to your non-public content.
Leaving registration open can also be an invitation to spam registrations and bots.
You have a user base that only needs to access the content of your website on an irregular basis and thus has greater difficulty remembering and maintaining their username and password information.
Your site is used within an iFramed environment some of the time and you want all users to be logged in when viewing within this iFrame. (That was the case for me.)
Consider using more than one auto-login script — one dynamic, one hardcoded – to suit your needs.
For some users, you can go another step and obfuscate the location of the script, too, but giving it a randomized name and perhaps even adding a mod_rewrite rule to handle such requests. However, given it only logs in a user with a subscriber level of access, I see little need for such obfuscation. If you couple the use of this script with the following plugins, you can create a WordPress site that has more features for some users but is either completely hidden to the general public, or hidden altogether.
User Access Manager – Use this plugin to hide subscriber level navigation and pages from the general public
Password Protected – Using this plugin can allow you to block the general public from viewing your site and only the auto-login users can see what you want them to see. (You have to configure this plugin to permit logged in viewers to bypass the single password you create on the site as a whole in the preferences for this plugin.)
If you are an admin and use the auto-login script yourself you will need to log out to properly login again as an admin. There are several ways to do this, but it would depend on the site security setup you are using as well. (The iThemes Security plugin can create greater challenges to using this script as well.) If you are using the script in a dynamic fashion, passing a username parameter, using a link to your script that passes a bogus parameter will log you out properly. Something like yourdomain.com/auto-login.php?logmeout for example. Alternatively, you can bookmark a link to your login page (which may not be the standard location if you are using the iThemes Security plugin) and log yourself out that way.
Below is a link to a zip archive of the script I’ve created and you are free to use and customize as you see fit. Comments in the code are provided but feel free to ask questions of The Design Mission, too.
UPDATE and clarification: This script is a unique PHP page that sits beside, or in front of, your WordPress site. It is not a WordPress plugin.
UPDATE August 17, 2017: A new feature was requested for the script. Version 2 is linked below and with it, you can pass a variable “reDir”. to redirect the user to a page on your site after auto-logging them in. Here’s an example using the new format: “www.YourWordpressSite.com/auto-login-v2.php?u=Usename&reDir=/path/to/your-new/page” Please note that you can also exclude the “&reDir=/path/to/your-new/page” section and the script will take users to the home page.
Writing documentation and specifications for developers is a big part of my day job. Writing clear, concise documents is very challenging. It’s one thing to write notes for yourself, quite another to explain complex systems and the desired outcome to others. Not only is determining a format or standard way of writing things important for clarity, but so too, are the tools one uses to communicate. This post will focus on the tools for sharing documentation and specifications.
The standard documentation and specification writing tool of most businesses is Microsoft Word, Visio for diagrams, and Excel for spreadsheets — or other similar tools such as Open Office, Apple’s Pages, Numbers and the Omni Group’s Omnigraffle. I have used all of these, but found each lacking in one fundamental way; they make ongoing “knowledge transfer” difficult, if not down right impossible.
When I say “knowledge transfer”, I mean the ongoing care and feeding of systems, troubleshooting a problem or implementing an enhancement to an existing system, or set of systems. Unless the developer, project manager or end user knows where to find the original documentation, be it a specification or write up of a process, it is much more likely that these individuals will seek out any human specialist thought to know about this program or system first and ask for a verbal “download” and knowledge transfer meeting. Not really something that is efficient in the long run as it relies on the ongoing staffing of these so-called specialists. I for one don’t want to be the first stop for questions about systems and programs I have documented in the past — I want my documentation to be the first thing end users turn to for help and guidance. Document management tools such as SharePoint, LiveLink and others help by providing a search function, but I have yet to see anything beat a simple wiki for knowledge transfer. (My favorite wiki being DokuWiki.) Hands down, they win out.
Let’s compare using SharePoint and Word/Visio/Excel to using a wiki to better clarify this comparison. When using SharePoint, an end user can search the contents of the SharePoint site and get a really excellent search results set showing screen previews of Office documents, filters for last updates and more. (Truly, the search results in SharePoint are great.) However, if all of the information is stored in a file, the file must be downloaded, or at best viewed online and edited with browser plugins. A large dataset of Office files also becomes something that must be indexed regularly and is processor intensive. What’s more, there’s ample opportunity for the document to be shared with others outside of the document management tool which may be seen as beneficial to some people, but for me is tantamount to storing the same data in several places with things quickly getting out of sync.
If all of the documentation is done directly in an easy to read, highly searchable wiki page, then even the questions the end user may have can be added directly in the document with updates and improvements to the documentation being done by the community of users. Every wiki I’ve ever seen tracks changes well and is extremely searchable – this is exactly what wikis were created to do. There is no additional application needed, you just use a web browser.
So why not use a wiki for both your documentation, specifications and runbooks all in one fell swoop? If even somewhat organized into separate namespaces, a single wiki can provide an organization with a very powerful knowledge transfer tool that doesn’t require any desktop application or special licenses. Diagrams are really the only tool one needs an application for to create outside of the wiki. (I would also argue for using a diagraming tool such as Open Office’s drawing tool, Visio or Omnigraffle – a future post on diagraming seems like a good idea.) A single reference point for all documentation helps prevent fragmentation of the process documents and helps facilitate a culture where knowledge transfer is done routinely, and information hoarding is no longer the norm.
[I’ll be updating this post shortly with some tips for how better to construct a wiki page, too.]
I’ve been giving LastPassa try for about a month now as a replacement forKeePass, and so far it’s a keeper. It does more of what I need it to do, and does it better. For those of you that may not know what either tool does, these are password safes that keep an encrypted version of all of your passwords. You just need your master password to gain access to a file that holds all of your important passwords. Keeping complex passwords that are unique to each site or usage is a vital way of protecting your finances and identity. These tools make that difficult task manageable and simpler.
So what does LastPass do that KeePass does not? Let’s start by talking about that. LastPass works as a browser plugin that interacts with an encrypted file that is stored on your computer, and syncs the encrypted file with the LastPass servers for use on all of your devices. Only encrypted data is shared via the Internet. In a sense, LastPass does what I do with KeePass using DropBox natively.
LastPass does more though. With LastPass, you can save a profile for auto completion of forms, monitor your credit, hold secure notes, and share safely your data with other LastPass users (like your spouse or family). Both tools will generate complex passwords for you, but LastPass does it within your browser and in a simpler fashion.
Using LastPass is easier for me. With the credit monitoring feature, and with the very reasonable annual fee, I can also have an app on my iPhone and iPad that syncs all of my passwords, too. But perhaps the most important thing that LastPass does that KeePass does not, is multi factor authentication. With even the free version of LastPass, you can use Google’s free application for multi-factor authentication with your phone. This vastly improves your security and it’s easy to use.
The bottom line, I’m sold on LastPass. So much so, I bought a three year subscription even though the free version really does all I need it to do.
But what about the physical files and content directories? Those usually require an FTP account or more. I was recently shown BackWPup, which backups not only database files, but also your entire content directory. It does it extremely well, and with many important options in the free version. (The paid version offers more options and controls, but for most people, the free version alone will work just fine.)
For the non-techie crowd out there, it’s interface may seem a bit daunting at first perhaps, but it’s worth learning to use. I’ll try to outline some settings we suggest you use, too.
Let’s Go Step By Step
Go to the “Add New” link under plugins.
Do a search for “BackWPup” and you should easily find the plug for safe installation via the WordPress admin.
Install and activate the plugin.
Once you’ve got it activated, you’ll have a couple of new menu options – one at the top of your admin page, the other in the admin below your “Settings” options. (There may be other items in between depending on what else you’ve added — we have iTheme’s Security in our left navigation panel.) Click the Settings option under BackWPup.
You’ll now have a screen with tabs for General, Jobs, Logs, Network, API Keys, Information.
Let’s start with General. The default setup is probably fine for everyone with checks next to “Show BackWPup links in admin bar” and “Protect BackWPup folders with .htaccess and index.php”.
Jobs – Again, the default setup is probably fine, but I would recommend a couple of changes. First, click the checkbox for “No translation.” Next, given you are most likely on a shared server for your hosting, it’s more than polite to select one of the options for “Reduce server load.” I set mine to “medium.”
Logs – If you have the ability of creating a directory above the root web level, it makes sense to put the logs there and not within the web accessible levels of your site. If you can do this, change the path to the log file folder to this “upper” level. I also only keep 3 to 5 log files in my folders. I also recommend selecting the checkbox for “Compression.”
Network and API Keys are not likely items you’ll need to touch.
The Information tab can provide you with some details if you are having any problems with this plugin out of the box. (I’ve never needed it.)That covers the “Settings” option. Let’s move to creating a “Job” now.
Click the “Add new job” option in the left nav. This is where you’ll be doing the most amount of setup. We have five tabs showing by default, but we will soon have a sixth. I’ll explain as we go. Let’s take this tab by tab, too.
General – First off, let’s give the job a name. I also check the “Check database tables” checkbox but leave unchecked the “WordPress XML export.” You’ll see another tab at the top now for “DB Check.”Under the Backup File Creation section, prepend the archive name with your site’s name perhaps. If you are like me, you may have multiple sites backed up to the same backup directory above the web level.Now it is important to pick the right Job Destination. I don’t want large files emailed to me, nor put to DropBox, FTP, etc. Just store this bugger in a folder that is above the root level for the web server if possible. Click the checkbox for “Backup to Folder” and when you do, yet another tab will be visible at the top of the section.Valdate the email addresses in the Log Files section are correct and click Save Changes.
Schedule – I prefer to have the backup run nightly. I select the option “with WordPress cron.” When selected, you can edit the default 3am time if you desire.
DB Backup – Leave things as they are here, but you may also want to select Gzip under “Backup file compression.” I do.
Files – By default, the program doesn’t backup its own plugin folder. If you are backing things up to a directory above the web root, you can deselect the checkbox for “backwpup” in the “Backup plugins” section. I also select the option of excluding thumbnails and .tmp, .DS_Store files etc. Leave selected the “Include special files” checkbox.
Plugins – I compress mine with Gzip. There’s no use leaving the backup large in my view.
DB Check– I check the checkbox for “Try to repair defect table” as this is a safe thing to do and may save you some pain.
To: Folder – Because we are saving things to a folder, it’s important to select the destination and the number of backups to save. Again, I put my backups above the web root level. If you can do that, it’s more secure. If not, the plugin does a good job of randomizing and providing a security through obscurity model. I don’t keep 15 copies of my site though – only 3 to 5 depending on the size.Now to move on to running our first backup.
Click “Jobs” under the Dashboard tab. You should see a screen with the job you just created listed on it.
Mouse over the name of the job and you’ll see options including a link to “Run Now” – click that!
If you’ve configured things correctly, you’re backup will run and show you the progress along the way. The Gzip process may take some time depending on the size of your site and files. Note also that if you did as I suggested above and minimized the impact to the server resources, it will take longer to run, too. My backups tend to take a minute to as much as 4 minutes to run for a very large site with many files.
That’s all you should need to do to safely backup your database andyour content for your WordPress site. Hat’s off to the developers at BackWPup for their excellent work!
In a future post, I’ll show how to take a backup file and either restore a site, or use it to move to a new host.
Earlier I wrote about a plugin for WordPress I found to be extremely valuable – Better WP Security. Specifically, its ability to block brute force attacks against simpler passwords and username combinations. This was a major threat to all WordPress sites almost a year ago.
Since then, there have been many updates to the Better WP Security plugin, and the developer has also been hired by iThemes to continue his development (and monetize the plugin’s advanced features). This is great news really as the free version of the plugin is excellent and there are now a wider range of paid advanced features many web developers and site administrators should consider using, now. The plugin is more robust than it was even; no small task for a developer starting with what already seemed to me to be a full featured security plugin.
If you are still on the older Better WP Security plugin, before you update, deactivate the older version of the plugin. Failing to do this can make your site inaccessible as there are conflicts in the features and the plugin’s ability to update them when active. Once you’ve updated to the iTheme’s version, you simply need to reactivate the plugin and check to see what new options are available that you should consider including in your site’s security features.
If you failed to deactivate the plugin, you’ll need to move the plugin directory for Better WP Security out of your site’s plugin folder and perhaps remove any updates the plugin did to your htaccess file. Once you do that, you should be able to complete the update or reinstall the plugin.