Tag Archives: CoPress

Apache mod_security, WordPress, and randomly truncated posts

Occasionally, a managed Apache web server will come with odd mod_security rules that result in WordPress posts being truncated, seemingly randomly. I suspect it is also specific to servers using cPanel/Web Host Manager. This happened a couple times in the CoPress days and started happening again recently for Jonathan Morgan, a PhD student at MSU. While I haven’t confirmed this solves the problem for Jonathan, this approach did solve the problem for us. I’m posting it here for future reference because it was a beast to track down.

To figure out which rule ID is being triggered, run the following command:

tail /usr/local/apache/logs/modsec_audit.log

This will return something like:

--97a7c73b-H-- Message: Access denied with code 500 (phase 2).Pattern match"(insert[[:space:]]+into.+values|select.*from.+[a-z|A-Z|0-9]|select.+from|bulk[[:space:]]+insert|union.+select|convert.+(.*from)"at ARGS:content. [file "/usr/local/apache/conf/modsec2.user.conf"] [line"355"] [id "300016"] [rev "2"] [msg "Generic SQL injection protection"][severity "CRITICAL"] Action: Intercepted (phase 2) Stopwatch:1233185129379248 482649 (109716* 122107 -) Producer: ModSecurity forApache/2.5.7 (http://www.modsecurity.org/). Server: Apache/2.0.63 (Unix)mod_ssl/2.0.63 OpenSSL/0.9.8b mod_auth_passthrough/2.1 mod_bwlimited/1.4FrontPage/5.0.2.2635 PHP/5.2.6

[id “300016”] is what you need and refers to the rule to disable. Create a .conf file at the following location to be complaint with cPanel (note the directories past “conf” did not previously exist):

/usr/local/apache/conf/userdata/std/<user>/<domain>.com/<whatevernameyouwant>.conf

Inside this file place the following:

<LocationMatch "/">
SecRuleRemoveById 300016 
</LocationMatch>

Add whatever cPanel scripts you need to make sure that it will accept the custom vhost entry and that the new entry will be persistent through various apache reconfigurations/recompiles.

Restart Apache:

/etc/init.d/httpd restart

Thanks to the fabulous folks at LiquidWeb who originally helped us with the solution.

Equity research from the CoPress-era

For a friend, these are links I pulled together when researching CoPress’ equity split Fall 2009.

Startup Equity Distribution

Notice that I used the word allocation above. Allocated means not vested. In my mind all founders stock should have either a milestone or time based (or some mixture of the two) vesting schedule. If you want to know why find someone to tell you a story about a cofounder who walked away from the company and is still holding a 25% ownership stake. Trust me. It creates problems. Personally I prefer 25% one year cliff vesting with 6.25% quarterly vesting thereafter combined with individual milestones.

It’s all about K.I.S.S. Lance argues against equal equity distribution and for dividing it based on contributions of time and expertise. One approach is to determine the valuation of the company, and then use a function of proposed wages and time contributed to divide up ownership.

Equity distribution amongst startup co-founders?

Technically, equity distribution is proportional to the “value contribution” by each stake holder. In general, tangible contributions (investment, land, resources) are considered much more important than intangible contributions like experience/expertise.

The options seem to be 50/50 or distribution as a function of contributed value. People answering the question lean more towards the latter and offer some suggestions as to how to do it best.

Calculating Partnership Equity Splits

Potential formula for equity distribution: break down money to be invested, time to be invested, and experience of partner into percentages, and then determine percentage contributions of each partner. This breakdown then determines overall split of shares.

How do I survive when starting a business without a paycheck?

There are very creative ways to live cheaply if you’re dedicated. The best response in my opinion is to live out of your car and buy a gym membership for exercise and showering.

Equity-Split Results, Part 1: When Do Teams Split Equally?

Interesting chart comparing different situations. An equal split is more likely amongst smaller teams coming from similar backgrounds that divide equity at the start of the project or company.

Dividing equity between founders

One thing I’ve also noticed is people tend to overvalue past contributions (coming up with the idea, spending time developing it, building a prototype, etc) and undervalue future contributions. Remember that an equity grant is typically for the next 4 years of work (hence 4 years of vesting). Imagine yourself 2 years from now after working day and night, and ask yourself in that situation if the split still seems fair. Another consideration is if one founder has had greater career success and will therefore significantly improve the odds of getting financed at an attractive valuation. One way to figure out how much this is worth is to estimate how much having that founder increases your valuation at the next financing and then, say, split the difference. So if having her means you can raise $2M by giving away 30% of your company instead of 40% of your company, let that founder have an extra 5%.

Variables to potentially consider include: past and future contributions, career success, and who had the big ideas (and whether those ideas have any technology or intellectual property associated with them).

What ever happened to the Populous Project?

The Populous Project is (was?) an open source, student news content management system which received $275,000 from the Knight Foundation’s 2008 News Challenge. It was supposed to be the panacea for college media, solve all of our College Publisher woes, and offered everything but the kitchen sink. CoPress talked to Anthony and Dharmishta a few times in October 2008, was promised an alpha to play with later that fall, but the project shortly dropped completely off the radar.

What ever happened to the Populous Project, and the Knight Foundation’s smooth $275,000?

Why this is an important story to be told: The Knight Foundation espouses “informed and engaged communities [that] lead to transformational change” except, apparently, when it’s inconvenient. A significant portion of college media is locked to a proprietary publishing platform that takes most, if not all, of their online advertising revenue. In order to build financially viable businesses online, these publications need to take control of their technology. Stories like the Populous Project don’t inspire the trust required for organizations to collaborate on their technology and benefit from the effects of a network of innovation.

Leave specific questions you want answered in the comments.

College Publisher to WordPress conversion script is now open source

Alternate title for this post: Let the exodus continue. The Python conversion script CoPress used to migrate over 50 student publications to the glorious free and open source WordPress is now itself licensed under GPL version 2. It’s optimized for College Publisher 4 and College Publisher 5 databases, but will also work with most any database you can turn into a flat CSV file. You can fork it on Github or download the brand new 1.0 release.

Right off the bat, I’d like to say that the most awesome bit about the conversion script is its ease of use. Granted, you do have to run it on the command line and it does often throw mythical, unintelligible errors if your data is screwy, but it’s about 100 to 1,000 times easier than what Sean Blanda or Brian Schlansky had to go through. Furthermore, it spits out WordPress eXtended RSS files that WordPress imports natively. Depending on the size of your archives, you could even do the entire migration in less than a half hour.

There are detailed instructions in the README I encourage you to read thoroughly but, in screenshots, here’s how you’d migrate your site.

Backup your database using Sequel Pro. This is a critically important step, as you’ll definitely want a clean version to revert to if the import goes awry.

Place the conversion script and your archives in a folder you can access from the command line. Both College Publisher 4 and College Publisher 5 migrants should receive an articles file that will need to be renamed “stories.csv.” Publications migrating from the former will have all of their image references stored in a file that will need to be renamed “media.csv.” Navigate to that directory from your terminal prompt and run “python CoPress-Convert.py.”

Once the script is running, you’ll be asked a series of questions to configure the conversion process. Most options are self-explanatory, and all are explained fully in the README file packaged with the script. The most important thing I’d like to note in this post is that, unless you have less than 500 authors in your archives, I’d highly, highly recommend importing your authors as custom fields instead of users. WordPress is not optimized to add a large number of new users through its import process. We learned this the hard way migrating CM Life‘s database last summer.

When the script is done, you’ll have a series of WordPress eXtended RSS files you can easily upload into WordPress.

Mad props go to Miles Skorpen for the long hours he spent on the conversion script, and to Albert Sun, Will Davis, and Max Cutler for their later contributions.

Feel free to send along any suggestions for improvement, bugs, fixes or general comments. I intend to maintain it for the indefinite future, it’s good Python practice when everything else I’m working on is PHP, but code contributions are always welcome. There is a short list of upgrades under consideration in the top of the script.

What aren’t we going to build?

maxcutler: 3 journo devs and 6 hours to work. Please give us project ideas! Tomorrow with @danielbachhuber and @davidestes

The question isn’t what are we going to build, but really what aren’t we going to build?

Open Assignment Desk

The Open Assignment Desk (formerly known as the Virtual Assignment Desk) is a tool for leveraging openness in the story creation process. Hat tip to Jay Rosen and Dave Winer for talking about the left side of the same idea in episode #12 and episode #18 of Rebooting the News.

It brings the funk in stages.

Continue reading “What aren’t we going to build?”

Campus directories done right

Not to throw too many tomatoes, but the Daily Emerald made a very “newspaper” mistake today with their website. I’d like start a discussion about “the better way to do it.”

Case in point: The Daily Emerald, I believe as a part of their magazine edition for IntroDUCKtion, created a campus directory. The directory includes dozens upon dozens of email addresses, URLs, and phone numbers for student organizations and sports at the University of Oregon. In the print magazine, which I don’t have access to because I’m in Portland, I’m sure this list of contact information is beautifully presented in an approachable, useful format. Unfortunately, this same list made its way into the website as a long, ugly, flat text file:

Daily Emerald Campus Directory - July 13, 2009

In my humble opinion, there’s a lot of room for improvement.

What if, instead, we approached this directory as the database that it really should be? This web-native directory would have profiles for every student organization much like students can have profiles on Facebook. I’d be able to search for organizations based on the name, the location on campus, people currently involved, the mission of the organization, tags, etc. If I found a organization I was interested in, I’d click through to their profile. The profile would then give me access to all of the contact information I might need in addition to the most recent or popular articles, images, videos, updates from the campus’ microblog, etc. There’d be a small wiki section for the organization or sport where I could read up on its history and know that the information I was getting was true because it had been curated by the beat reporter.

I see at least two advantages to this approach, in addition to making all of the information much more accessible (versus the flat text file). One, you’d only have to build this once. Two, you’d save the reporter or designer a lot of time having to search for the most up to date contact information because they could just pull the information from the database as they’re creating the print product.

Think of role of the student news organization less as a newspaper and more as a platform for impartial, accurate community information to be shared.