trisweb.com

Zenphoto 1.0.7 has been released tonight with one small change—an important security fix for a problem with upwards directory traversal using “..” as the album name. I’ve simply filtered it out (in two places) and it shouldn’t be a problem again. Thanks to nicosomb for reporting this on the forums.

Everyone using any previous version should upgrade as soon as possible, though no need to worry—there’s not much risk from this bug, only the possibility of seeing folder names (and nothing else) in your web site’s directories that are accessible to your user. No files can be opened, nor any applications exploited. But upgrade anyway

More on zenphoto to come.

During my server setup I discovered an interesting new way to solve the age-old http://domain.com http://<em>www.</em>domain.com problem, one that I think is less resource intensive and more logical.

The problem, for those unfamiliar, is that Google sees those two sites as separate, assigns two PageRanks, and can even duplicate content. That’s not good! To try to combat this, in their webmaster tools page, you can select which address you prefer, but that’s been unreliable for me. Zenphoto.org still has split PageRanks even though I told Google to always use the www subdomain. For that reason (and others, like consistency of the URL users see) I think it’s best taken care of server-side.

Yep, that’s right, trisweb.com, zenphoto.org, and the rest of my sites have been moved to another new web server.

The previous moves were all opportunistic. Back in the day, I hosted on I was hosted on Berkeley’s Open Computing Facility, which was cool until I ran out of space. I moved and stuck with wha.websensei.com for a long time, who had a great deal going with a hosting “alliance” (same webmaster as caedes.net, highly recommended if you have some kind of artistic site).

Then I got in on a “startup,” and moved all my sites to their new dedicated server we got for “development.” I say “development” because no “development” actually happened, and in fact nothing ever happened. Great. They notified me that they were taking the server down in three hours, and that I should probably back it up if I wanted to keep anything. Bye guys!

From there I scrambled to find a host. I searched reviews and forums and settled on PolurNET, mostly because they had a 30-day money-back guarantee. Turns out these guys were great! I super-highly recommend them if you need any kind of general hosting, they really are a great company with reasonably-priced and feature-complete service. I spoke to the president, Anand, personally in a support chat, and he was surprisingly open and responsive to my problem.

But then I found slicehost a month later. Because, of course, you can never find what you’re looking for when you look for it—it has to be discovered when you least expect it.

Slicehost is awesome. Period. It’s a developer’s dream come true. Brand new servers with highly featured VPS plans designed for developers by developers. As soon as I saw the site, read the description, got the overall feel of it, I signed up. That’s marketing at its best, my friends. And no one was lying—they get it. My VPS server (“slice”) has been great from day one, except for a series of hardware-related crashes that I’m ignoring entirely for two reasons: one: they were on top of it immediately and kept everyone updated, and two: they refunded my payment for that entire month. I’ve had no problems since and only great experiences. Jason and Matt (owners/developers) really get it and it shows in their company. Thanks guys!

So I’ve been setting up my slice for the last month or so, off and on. It’s been fun and educational… it’s the first Linux server I’ve ever set up from scratch. I’ll post a couple of articles in the next couple days about the server configuration problems and solutions I encountered.

Also, now that I have my own server, Zenphoto will get Trac this week. It’s not JIRA or Confluence in usability, but it will work (and it won’t eat gigabytes of memory in the process… stupid Java… when will you learn…). SVN will move yet again so Trac can have access.

The bottom line: this should be solid for a long, long time. I’ve got full control over this server and my hosting now, no longer at the mercy of shared servers or bad sysadmins—except myself, of course ;-).

I’m leaving for a ski trip in a couple hours, going to Tahoe for a long weekend. Should be good, there’s a little snow coming in tonight, then clear, cold, and sunny. There’s a high of 28 degrees all weekend, and it’s supposed to get down to -2 degrees on Friday night. If you’re from Montana, that’s pretty darn WARM.

I also got a new toy for the trip, having recently returned my dad’s Olympus DSLR to him “before it’s ancient technology” as promised. I got a smaller point-and-shoot to carry around with me, which I’d need anyway even if I did have a larger better camera. Sometimes you just have to have something in your pocket. Anyway, it’s a Panasonic Lumix FX01. Major deciding features were a 28mm-equivalent wide angle, and Optical Image Stabilization. Also, it’s small, uses SD cards, takes good movies, and it’s all around very useful. I haven’t used it much yet, we’ll see how it does while skiing.

Alright, back to packing. More pictures and news later.