Tag Archives: Web Services

Using WordPress XML-RPC With PHP: Introduction

Part 1 in a series on working with the WordPress XML-RPC API with PHP.

Lately I’ve had cause to work with WordPress’s implementation of XML-RPC, which is basically a kind of SOAP service that lets you view, add, edit and remove content from outside of your WordPress install.

XML-RPC has been part of WordPress since its initial public release some 11 years ago, but is usually scorned as little more than an efficient attack vector. Which is a fair assessment; few end users need the ability to remotely publish content.

But over the years — especially the last two — as WordPress has melded into a turnkey content management solution, XML-RPC has been improved, both in terms of its base security and its functionality.

Today, it’s perfectly positioned to be a great way to manage content from outside of WordPress itself; that is, to bring in content from third-party systems (which is how I am doing it) to automating virtually any task you have that involves the actual content of your blog.

Except …
Continue reading

FAQ Released For Microsoft ASP.NET CryptographicException Attack

Scott Guthrie, Microsoft’s corporate vice president for the .NET platform, posted on his blog late Monday a FAQ about the ASP.NET CryptographicException vulnerability.

Highlights:

  • All versions of ASP.NET are affected. That includes WebForms and MVC versions 1 and 2.
  • Sharepoint is affected, too. A workaround on how to employ a new generic error document for Sharepoint is detailed at that team’s blog.
  • Everyone should employ the recommended workarounds.
  • You have to route all HTTP errors to the workaround’s generic error page. Otherwise, the hack still works.
  • A patch will be released as a Windows Update hotfix, but no release date has been set yet.
  • Check your logs for CryptographicException errors. If you see them, it’s possible you are being probed.

I take this very seriously. There’s a tool and video tutorial out there detailing how to run this exploit, so every script kiddie in the world is looking for sites to exploit, I am sure.

All links in this post on delicious: http://www.delicious.com/dougvdotcom/faq-released-for-microsoft-asp-net-cryptographicexception-attack

New England GiveCamp 2010: What A Great Experience

New England GiveCamp 2010The first New England GiveCamp was this weekend at Microsoft’s Northeast Research and Development building in Cambridge, MA, and it was, by far, one of the most rewarding experiences I’ve had in the 15 years I have been professionally coding.

About 100 technical and non-technical volunteers spent the weekend of June 11-13 writing code for charities. Most projects were Web site upgrades — either installing a content management system, or extending that system to do something it didn’t do before, such as collecting very specific data, integrating with a customer relationship management tool, etc.

Other projects were more complex. For example, my project was data normalization and version control.

I was assigned to the Goshen Land Trust, a charity that protects open and green space in Goshen, CT. My team members were Kriss Aho and Pat Tormey, both from the Boston area; and Chris Craig, the president of GLT.

Prior to last weekend, GLT tracked all its customer relationships in Excel spreadsheets. They do their accounting in Quickbooks.

If someone was a volunteer, his name went into the volunteer spreadsheet. If he owned land, his name was in the landowner spreadsheet. If he was a land or money donor, his name went into another spreadsheet. And so on, and so on; this story has been told a thousand times before, we all know it by heart.

And, of course, there were several versions of each of these spreadsheets out there: They were exchanged back and forth via e-mail, meaning no two copies of the same spreadsheet were alike. Again, stop me if you’ve heard this one before.

Finally, donor payments are managed entirely separate from the spreadsheets, via entries into Quickbooks. So there’s a completely different store of around 800 mostly duplicate names in Quickbooks, too, which isn’t easily compared to a spreadsheet of about 2,000 names.

So we had to figure out a way to impose some version control on these sheets; we had to create a master data store, so we could have an authoritative source of customer relationship information; and we had to sync customer information in Quickbooks to match the master data store.

Sounds like fun, I know. It actually was, after it stopped being awful.
Continue reading

Visual Studio 2010 / .NET 4 Events For Maine-Based Developers

On Monday, Microsoft set its Internet volume knob to 11, announcing the official release of Visual Studio 2010 and the .NET 4 framework. If you haven’t seen it, take a look at Scott Hanselman’s comprehensive rundown of where to get the tools (including free Express editions) and what those new tools have waiting for you. (Oh, and some guy named Scott Guthrie mentioned it in passing, too. {lulz})

Of course, no major Microsoft product release is complete without scads of in-person events to show them off, a trade show / seminar / reception for Partners to upsell you goods or services, and a little swag. In the case of Maine, we get two bites of the apple, as it were — that is, if you consider a day trip to Boston something that’s local to Maine (and trust me, you should.)

These events are free but do require registration.

On April 29, Microsoft conducts a day-long launch event at the Westin Copley Place hotel in Boston. (As of this writing, registration was still open for the Boston event. However, I would recommend acting yesterday if you want to attend; once word spreads, these events fill up quickly).

Labeled “Launch 2010 Technical Readiness Series,” the developer track of this event (there are IT professional and manager tracks, too) is actually more an overview of the new technologies. SharePoint / Office programming; Windows; ASP.NET (Web); Azure (cloud); and Windows 7 Phone (mobile) platforms development each get a one-hour overview, and Microsoft kicks in a free continental breakfast and box lunch.

While Microsoft is coy about the “giveaways” being offered at the end of the event, when I went to the Visual Studio 2008 / Windows Vista launch back in 2007, I received free, fully functional copies of VS 2008 Standard and Vista Ultimate, plus copies of the developer editions of Windows Server 2008 and and SQL Server 2008. I can’t be sure that such high-class swag will be offered this time around, but even if Microsoft sends me home empty-handed, I can’t miss this opportunity to shake hands and kiss babies.

Continue reading