We'd like to help you with your project.

We're based in St. Louis, MO, and we specialize in Drupal/web development (website, module and theme development) and mobile app development.

We also provide some awesome, inexpensive web services like Hosted Apache Solr Search and Server/Website Uptime Monitoring.

Like us on Facebook or follow us on Twitter.

Midwestern Mac, LLC

Below, you can read through the latest blog posts from Midwestern Mac, LLC. We blog about Macs, Drupal, web development, app development for the Mac and the iPhone, and whatever else suits our fancy!

Preventing Security Holes

Submitted by Jeff Geerling on November 6, 2012 - 3:18pm

I was recently browsing a very popular review website, when I noticed the following warnings popping up:

Angie's List website errors

From simply loading their web page and seeing these error messages, I could conclude:

  1. The website is using Drupal.
  2. The website is using memcached.
  3. The website is running on Acquia's managed hosting cloud.
  4. The website has error reporting set to print all errors to the screen.

If I were trying to break into this review site, or cause them a bad day, the information presented in this simple error message would help me quickly tailor my attacks to become much more potent than if I started from a blank slate.

Security through obscurity

I will quickly point out that security through obscurity—thinking you're more secure simply because certain information about your website is kept secret—is no security at all. However, that doesn't mean that obscurity is not an important part of your site's security.

Simply because the site above doesn't have the 'display no error messages' setting enabled on the live website, I was able to learn quite a bit about the site. I could've probably found more 'helpful' error messages had I spent a little more time investigating.

Trouble sending emails from localhost or MAMP? Check your SPF

Submitted by Jeff Geerling on October 9, 2012 - 12:50pm

Email is hard. In fact, it's so hard that I probably have five or so blog posts half-written on this blog that I've abandoned simply because I don't think I could distill them down into something worthy of posting (I like being able to explain things understandably or not at all!).

I don't think there's anyone involved in administering a domain name and email who hasn't gotten burned by SPF (TXT) records at least once. Here's a good overview of how to build a proper SPF record for your domain. SPF records are used by many (if not most) ISPs these days to evaluate whether an email is coming from a particular domain or not.

Email providers like Google, Apple, Hotmail, etc. will evaluate every email they receive against your domain name's (example.com) SPF record, and if the email didn't originate from the IP address specified, or doesn't match up to any other SPF parameters, the email will be silently deleted. And this will cause you to pull your hair out.

I noticed recently that test emails I have set up through my local development machine (running MAMP) were not being delivered to my email inbox. I checked the log file in /var/logs/mail.log (using the Console app), and was seeing the emails delivered successfully:

Force SSL (https://) for only one virtual host with .htaccess

Submitted by Jeff Geerling on October 3, 2012 - 4:43pm

Many servers I help administer host many websites; and every now and then, someone wants me to set up a secure (SSL) certificate for one of the websites on the server. Once the certificate is working in Apache, and users can access the site at https://example.com/, they also request that all traffic that was originally destined for either http://www.example.com/ or http://example.com/ be routed to the secure site.

This can be slightly tricky if you're using multiple VirtualHosts on the same server/multisite installation with something like WordPress or Drupal, because if you just add in something like below with multiple sites routed through the same .htaccess file, ALL sites will be routed to the https version (which is not what's desired):

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]

The above rewrite will tell ANY requests coming into ANY virtual host with http:// to redirect to https://example.com/. Instead, you need to add in a little bit more logic to make sure that only the SSL-enabled virtual host gets SSL traffic rerouted:

Line breaks instead of Paragraphs in TinyMCE (by default)

Submitted by Jeff Geerling on October 1, 2012 - 11:43am

Most people who have grown up on the web, and have used Wysiwyg utilities online, or newer text editors/word processing applications are used to having a simple 'return' create a new paragraph, with (on average) one extra line of empty space between the new paragraph and the one before it.

However, a lot of people like having the 'return' key just go down one line. There are a few ways this is possible in most Wysiwygs:

  • You can change the block style from 'Paragraph' (which creates <p> tags around new lines of text) to 'div' (which creates <div> tags around new lines of text).
  • You can press Shift + Return when you want to just go down one line (using a <br /> tag instead of a <p> tag).

I use the second method when I'm using a Wysiwyg, as I like using paragraphs (which are semantic for text, and which allow for better CSS styling than a monolithic block of text with linebreaks). I also rarely use a Wysiwyg editor, so it's not really an issue for me anyways ;-)

But, some people ask me if they can set up TinyMCE to use line breaks instead of paragraph returns by default, so they don't have to hit Shift + Return all the time (instead, they hit 'Enter Enter'... more keystrokes, but whatever floats their boat!).

Questions about Wordpress

Submitted by Jeff Geerling on September 27, 2012 - 10:54pm

Having been away from the WordPress scene since version 2.x days (I think the last time I launched a WordPress website was around 2009), I recently had reason to develop some WordPress plugins, and I wanted to ask some questions about the WordPress coding standards and API that I hope will help enlighten me (and, maybe, other PHP developers coming from other frameworks/platforms to WordPress).

Here are some questions I've had while working on my first WordPress plugin (coming purely from the development side—I'm deliberately ignoring any mention of WordPress's UI, as I don't want to inspire any trolling along the lines of 'WordPress vs. [Another CMS]'):

Pages

Subscribe to Midwestern Mac, LLC