David Xia

Category Archives: Technology

15 Ways to Increase Your WordPress’ Security

2012-02-19T18:51:10+00:00 | By

1. Don’t Display Error Messages on Failed Login

WordPress’ admin screen displays “ERROR: Invalid username.” if you enter an invalid username. But if you enter a valid username and an incorrect password, it’ll say “ERROR: Incorrect password.” This basic security flaw tells intruders which usernames to target. I don’t understand why the WordPress team designed it this way.

You can disable the error message by putting this in your theme’s functions.php:

add_filter(‘login_errors’,create_function(‘$a’, “return null;”));

2. Publish Posts as a Non-Admin User

Create a WordPress user that has admin privileges and publish all posts… more...

Leave a comment

Hear TV Show Characters Say a Quote – Playing With Twilio

2012-02-15T16:59:11+00:00 | By

I was inspired by Rob Spectre’s Laugh-o-tron and made a telephony extension to my Twitter Bots.

Try it out. Call 646-480-6046 to talk to various TV show characters. Right now the vast majority of the quotes are spoken by a text-to-speech program because I have to find, crop, and upload audio files for each one. But McNulty from The Wire (choice #1) has a few real audio clips. Let me know how I can improve it… more...

Leave a comment

8 Ways to Defend Against Brute Force SSH Attacks

2012-02-19T04:06:22+00:00 | By

I looked at my server’s auth logs today and was unsettled to find thousands of lines like these:

Feb 12 06:49:52 localhost sshd[25416]: Invalid user photo from xxx.xxx.xxx.xxx
Feb 12 06:49:52 localhost sshd[25416]: pam_unix(sshd:auth): check pass; user unknown
Feb 12 06:49:52 localhost sshd[25416]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=some.random.domain
Feb 12 06:49:54 localhost sshd[25416]: Failed password for invalid user photo from xxx.xxx.xxx.xxx port 49608 ssh2

I was looking at someone running a brute force attack on my server trying to gain SSH access. Looking further back in the logs, I found crackers (not… more...

Leave a comment

How to Send Email with Postfix on Ubuntu via Gmail SMTP

2012-02-16T17:40:04+00:00 | By

I just setup email sending on my server by following this clear tutorial.

The tutorial walked me through setting up Postfix on an Ubuntu server and sending email via Gmail’s SMTP. I had to create a certificate, sign it, have my server communicate via some secure transport layer with Gmail using another certificate signed by some country in South Africa. I don’t understand all of it, but it works.

If you have WordPress installed like me, you can test Postfix is working by asking for a… more...

Leave a comment

The Origin of the World Wide Web

2012-02-04T19:35:20+00:00 | By

I’m reading Tim Berners-Lee’s book Weaving the Web about how he conceived of and designed the world wide web.

For a long time I never really got the distinction between the “Internet” and the “world wide web.” To me they were the same thing, and they might be for many other folks too. But in hindsight this is just a testament to how successful Berners-Lee’s creation is.

Most people’s perceptible interaction with the Internet is through a browser where they visit a website. The Internet is simply a… more...

Leave a comment

How the Internet’s Domain Name System Works

2012-02-12T22:45:24+00:00 | By

So what exactly happens when you type “davidxia.com” into your browser’s address field and hit “Enter”?

A website is simply a collection of online content ranging from text documents to images to video. All this content lives in physical machines called servers. Servers listen for incoming calls or requests from web browsers or applications and respond with the appropriate content.

Think of the Internet as having a giant Yellowpages phone book

So how does this content get from a machine that could be halfway around the world to your computer? Every machine that’s connected to the Internet… more...

Leave a comment

Why an Aesthetically-pleasing Internet is Important

2012-01-04T16:34:28+00:00 | By

I prefer to write code for backend. The plumbing, infrastructure, functionality of a product. Backend developers want the computer to spit out all the relevant data for a page as fast as possible. Their primary concern isn’t how it looks, just that it gets there efficiently.

But I’ve learned that functionality is necessary but not sufficient. Form that only fits function fails to attract users. A well-crafted web app must also have good design. This is why UX and UI are increasingly more important. In the early days of the Internet when only hardcore hackers and geeks were online… more...

Leave a comment

How to Work Happily with Developers

2012-02-12T22:45:52+00:00 | By

Since I didn’t know how to program last year, it’s better to write my thoughts down now before I become a tech elitist who can’t relate to people who don’t know and don’t care about the difference between interpreted and compiled languages.

1. Don’t treat developers as commodities.
Why would you treat anybody in your organization as commodities? If your team hired the right people, you should value each of them.

2. Simple things can often be complex (and complex things can be simple).
So don’t expect seemingly small changes to be done in the blink of an… more...

Leave a comment

Why You Should Read Steve Jobs’ Biography

2012-01-07T19:09:01+00:00 | By

I’ve got 140 pages left to go in Steve Jobs’ biography, and I’ve laughed, shuddered, but most of all, felt inspired by all the pages so far. I can’t believe I didn’t know more about Jobs’ personal background; the creation, near death, and triumphant rise of Apple; or the myriad other people in the tech world that were related to Jobs’ life.

Isaacson writes with clarity and detail. The anecdotes are numerous and often funny. The portrait Isaacson paints of Jobs has inspired, scared, and taught me a lot. I… more...

2 Comments

What I Learned From Chris Dixon’s Skillshare Class

2012-02-09T16:48:18+00:00 | By

I attended Chris Dixon’s Skillshare class “How to Raise Your First Round” earlier this week. It was my first time meeting the entrepreneur and investor. I learned a lot from his class. Here’s a summary.

Whether to Raise Money

Avoid taking money if you can. Some businesses are not suitable for VC funding. This includes mom and pop stores and companies that can’t scale up to have revenue in at least the hundreds of millions.

I asked whether our current culture of celebrating fundraising as a mark of success is a recent… more...

Leave a comment
davidxia.com and all contents copyright 2009-2012 by David Xia, unless otherwise noted. Contents under Creative Commons License.