Move to WordPress, and Why

wordpress on desk

I moved this site to official WordPress hosting (WP.com) about one year ago. I was using WordPress as my blog system since 2005 by moving away from Movable Type. My first site was setup on a LAMP server, then move to Media Temple Grid hosting, and then move to Linode VPS. After few problem and incident I decide move my site to managed WP with a paid plan.

Some times I receive message of asking comparing VPS hosted WordPress and WP.com, which is not an easy question to answer. I list reason why I move to WP.com and what I lost.

Why I move to WP.com

Security and Updates

Site security is important. And it was the main reason I move to a managed solution. I don’t mean how good the security in WordPress.com, but generally speaking they do security better than most VPS owner.

I work for a major IT company, and have client in Top 500 list. I know there will be risk of put my web server direct to internet. So when I deploy WordPress on my Linode VM, I put my Apache and database in an internal network behind a Haproxy.

Example of Haproxy with Let’s Encrypt

The software and proxy run on different VPS connect to private network with Firewalld on. I can only SSH to non-root account with ssh-key, not using password. And also have script for install Linux security update every 2 weeks.

Every thing looks great, but one day in 2017 I see my site was marked with security warning by Google. After check and file scan, several script has been found injected into WordPress plugin and program. The root cause was not found, the best guess was cause by security vulnerabilities in old WordPress version.

I have to complete rebuild those VM, and restore data from backup. But even update WordPress is not a difficult task, I did have experience of failed upgrade, and take me time to fix the problem. This is why I am looking for am managed service, and WP.com is the first option.

HTTPs and Let’s Encrypt ACME

I also using Haproxy for HTTPs offloading, and using Let’s Encrypt as my HTTPs certificate provider. But certificate provided by Let’s Encrypt have short expire date, so I setup auto renewal with ACME for update certificate every few weeks.

However, sometimes the auto renewal failed and causing Haproxy stop working. On the other hand WP.com helps me renew certificate without any problem.

Price

I currently using Premium Plan from WP.com costs me 8.00 USD per month. Compare to VPS plan, cost me 5.00+20.00=25.00 USD per month, save my 204.00 USD each year.

I also using premium theme included in my plan, so I do not need to spend extra cost to buy theme, or safe time for develop by my self. And I don’t need to spend time to maintain those VMs.

Cons

There are some limitation of using WP.com. Some of the limitation due to my 8.00 USD Premium Plan, and can be resolved by upgrade to more expensive plan. But other limitation can not work around easily.

Feature and Plugins

My Premium Plan don’t include plugin service. As a SaaS service, there is no more control other than WordPress dashboard panel, any extra feature not include in WordPress must require install a plugin. The cheapest plan with plugin support cost 25.00 USD per month.

Without plugin support some advance feature such as CDN, some show-box, google analytics are also limited.

Certificate

DNS and Domain Name

WP.com can providing one year free domain name for customer, but the best practice is register your domain name with major domain provider such as godaddy or name.com. I didn’t use free domain name provide by WP.com so I do not know how much I have to pay for next year, and I am not sure WP.com offer private Whois.

By default, WP.com require using their DNS, and WP.com DNS do support most of the DNS record type

But for user have large record list, or do not want to transfer DNS from HE.net or NS1.com, you can create a A record to WP.com ingress IP addresses. I using following IP address provided by WP.com support:

  • 192.0.78.24
  • 192.0.78.25

They can be different from your site, ask support for conformation.

SANS in HTTPs Certificate

Certificate issued by WP.com under common name *.wordpress.com. My domain name list as one DNS record in SANs, with other WP.com user’s domain name. I can not have a http certificate with only my domain name in SANs list.

China Problem

I living in China, and WP.com sometimes blocked in China. Currently I using a workaround for this issue. This only cause problem for people visit my site from China.

Log and Visiter Metadata

On WP.com, I can only see visitor information from Jetpack. If you have plugin support, other traffic analytics service such as Google can be support. But unlike VPS, I can access raw log from Haproxy or Apache web server can and send to ELK on my data platform for archive or analysis.

Summary

The only problem for me now is raw access log and no plugin support. I use CDN solve the certificate and access problem. I don’t know is any SaaS provider will provide those access log, but before I see better stable WP managed service, I will stay in WP.com, and perhaps buy the Business Plan.

ThinkPad X220 24小时电池续航能力测试

我前段时间拿到一个ThinkPad X220的底座电池,在使用中和原装的6芯电池能达到10多个小时的续航时间。不过X220还有一块9芯的电池可以配合电池底座使用,Microsoft的Ben Rudolph就用9芯的电池和底座电池做了一次真实使用状况下中的耐力测试

以下就是Ben的X220:

数周以前,我得到了一台崭新的 ThinkPad X220,一台配有第二代Core i5,8G内存,160GB Intel SSD的12.5寸的个人电脑。它还带有一块9芯电池和一块可以附加在在底部的6芯超薄底座电池(原文是9-cell “battery slice”,不过底座电池应该是6芯)。联想声称X220将会是一台可以运行24小时的笔记本电脑,不过这仅仅是理论,不过实际将会怎么样呢?

我的硬盘

前一段时间服役的一些硬盘。虽然其中的一些现在已经退役了,但也增加了一些新的硬盘。同时最近也翻出来一些老硬盘……

现在手头的硬盘也差不多有10TB了。

第一排 从左往右

Seagate Barracuda 7200.12 250GB ST3250318AS
Western Digital Caviar 320GB WD3200AAKS
Western Digital Caviar Green 1TB WD10EADS
SAMSUNG 500GB HD501LJ
Western Digital Caviar 500GB WD5000AAKS

第二排 从左往右

Western Digital RE3 1TB WD1002FBYS
Western Digital RE3 1TB WD1002FBYS
Western Digital Caviar Green 2.0TB WD20EARX
Western Digital Caviar Green 2.0TB WD20EARS
Seagate Barracuda XT 2TB ST32000641AS

DIY Apple USB 充电器

同时要给多个设备充电是一件非常麻烦的事情,而同时要给2个iPad,iPhone,HTC G14,iPod Touch,iPod Nano充电就是一件非常痛苦的事情了,特别是给2个iPad充电。和其他用电器不同,iPad需要2A的充电电流,这意味着2个iPad就要用掉20W的功率。每个设备使用自带的原装充电器自然是好,不过数个充电器不仅仅占用数个接线板插口和桌面空间,而且非常不美观,所以多接口充电器便是十分必要的。

可惜的是市场上销售的多口充电器仅仅只能供应10W的电力,而且多半只有2个USB接口(并且体积硕大),并不能令人满意。看来只能自己做了。

解决乱码,让Sublime Text 2支持GB2312和GBK

Sublime Text 2是一个非常不错的源代码及文本编辑器,但是不支持GB2312和GBK编码在很多情况下会非常麻烦。不过Sublime Package Control所以供的插件可以让Sublime Text 2几乎完美地支持CJK编码的文本。

安装Sublime Package Control非常简单,在Sublime Text 2上用Ctrl+~打开控制台并在里面输入以下代码,或者是官方提供的代码。Sublime Text 2就会自动安装Package Control。

import urllib2,os; pf='Package Control.sublime-package';
ipp=sublime.installed_packages_path();<br />os.makedirs(ipp) if not os.path.exists(ipp) else None;
urllib2.install_opener(urllib2.build_opener(urllib2.ProxyHandler()));
open(os.path.join(ipp,pf),'wb').write(urllib2.urlopen('http://sublime.wbond.net/'+pf.replace(' ','%20')).read());
print 'Please restart Sublime Text to finish installation'
[/sourcecode

如果该方法不能正确的安装,也可以通过复制文件的方法直接安装。如果Sublime Text 2被安装在有中文的路径下,或者系统路径的%username%包含中文字符的话,可能需要进行手动安装。

  1. 打开Preferences菜单,并选择 Browse Packages…
  2. 系统会打开Sublime Text 2的Packages文件夹,回到上一级菜单,然后打开Installed Packages文件夹
  3. 下载并将下载的Package Control.sublime-package拷贝到Installed Packages文件夹(注意此处是Installed Packages,不是Packages文件夹)
  4. 重启Sublime Text 2

然后使用Ctrl+Shift+P打开命令行模式,在里面输入Install Package即可搜索需要的Package。一般使用“ConvertToUTF8”和“GBK Encoding Support”即可正常读取和写入CJK格式的文件了。

同样如果Sublime Text 2被安装在有中文的路径下,或者系统路径的%username%包含中文字符的话,可能需要进行手动安装这些Package,并把它们拷贝到Package目录下。

Sublime Text 2,几近完美的文本编辑器

Sublime Text 2是一个非常不错的文本编辑器。其目的就是为Vi/Vim用户提供一款界面更加友好,功能更多的源代码编辑器。Sublime Text 2不仅仅支持语法加亮、基于正则表达式的查找与替换、自定义语法高亮、自动括号匹配、自动完成等功能,对Python的插件的支持也提供了更多“自定义”的空间。

如何通过CLI配置Cisco SG-300交换机

Cisco SG-300系列交换机和普通的2层交换机一样可以做到即插即用,但作为一台具有管理功能的交换机,许多功能需要经过配置才能发挥最大的性能。Cisco SG-300的定位是面向中小企业的交换机,所以提供了与多种不同的用户配置界面——包括了通用的命令行界面(CLI)和更直观和方便的Web图形界面(GUI)。这里我们将介绍如何通过CLI来配置Cisco SG-300交换机

为什么要用CLI

CLI和GUI有各自的优点。GUI界面提供了更友好的操作界面,并且让不熟悉CLI界面的管理人员能迅速熟悉他们的系统。而CLI提供了统一的操作界面,对于熟悉Cisco系列路由和交换机界面的管理人员,可以迅速高效地对路由器进行配置和调试。而且CLI界面的3种接入方式中,Console(需要物理连接)和SSH都是相对比较安全的,也是相对比较常用的接入方式,相比GUI的默认的接入方式http提供了更好的保障。在许多http不能涉及的场所,CLI可能是唯一的方式。

DHCP地址

另一个用CLI的原因可能会是DHCP。SG-300默认的IP是192.168.1.254,这同时也是Web管理界面的地址。当SG-300接入有DHCP网络的时候,交换机会尝试从DHCP服务器获取IP地址。此时使用默认IP192.168.1.254可能将无法进入Web管理界面。如果不能从DHCP服务器得知交换机获得的是哪一个地址,Console可能会是最佳(或者是唯一的)的方式去接入管理系统。

VxWorks和IOS的UI

很遗憾,SG-300没有使用Cisco的ISO操作系统,而是VxWorks。许多Cisco的SMB设备(也包括旗下的Linksys)并没有使用IOS系统。除去一些高级功能外不同外,许多SMB系列产品并没有提供和IOS统一的操作界面,这也是有许多人不喜欢SMB设备的原因之一

Console配置

首先不同于标准的Cisco设备,SG-300并没有用RJ-45接口作为设备的Console接口,所以