How to set up Xubuntu

Install Whisker Menu

The default application menu is fine with the mouse, but hard to use with the keyboard.

The Windows 7 start menu works well with both. On the keyboard you just press WIN, type to filter programs, files, settings, whatever, and select the one you want. Easy!

You can get close to that that level of simplicity by installing Whisker Menu.

Whikser Menu will probably ship with Xubuntu 14, but until then you have to install it yourself.

Use these commands to install Whikser Menu.

sudo add-apt-repository ppa:gottcode/gcppa
sudo apt-get update
sudo apt-get install xfce4-whiskermenu-plugin

Follow these steps to replace the old Application Menu.

  • Right click on the top menu and choose Panel, Add New Items.
  • Find Whisker Menu in the list of items.
  • Drag and drop Whisker Menu next to the application menu.
  • Right click on the Application Menu and choose remove. Click Remove again in the dialog to confirm.

Now create a keyboard shortcut so you can access the menu from the keyboard. You can use Whisker Menu to bootstrap this!

  • Click the Whisker Menu.
  • Type ‘set’ and enter to open Settings.
  • Go to Keyboard, Application Shortcuts, Add.
  • Put xfce4-popup-whiskermenu as the command.
  • Set WIN + space as the shortcut.

You could set just WIN as the shortcut, but then the Whisker Menu would pop up whenever you use any other shortcuts that combine WIN and another key.

Xfce is a bit too simple here to emulte Windows exactly.

MRU tab switching in Firefox

You can flick through tabs in Firefox just like you flick through applications on the desktop. The shortcut is ALT + TAB.

By default, Firefox cycles through the tabs from left to right. I generally only care about the current tab and the MRU (most recently used) tab.

Browse to about:config and acknowledge the warning that here dragons be.

Set browser.ctrlTab.previews to true.

Easy Window Tiling

Enable Windows-style tiling by assigning keybaord and mouse shortcuts to the tiling functions.

Go to Applications, Settings Manager, Window Manager.

In the Advanced tab, uncheck ‘Wrap workspaces when dragging a window off the screen’.

Go to the keyboard tab.

Double click on ‘Tile window to the left’ and press SUPER + left.

Double click on ‘Tile window to the right’ and press SUPER + right.

In Linux, WIN is called SUPER.

Start menu

whistker menu

Version /etc

Use etckeeper to keep an audit trail of /etc (system configuration) changes.

sudo apt-get install mercurial

Install etckeeper.

sudo apt-get install etckeeper

Edit the etckeeper config.

sudoedit /etc/etckeeper/etckeeper.conf

Set the VCS to mercurial (hg).

# The VCS to use.

Make the inital commit.

sudo etckeeper init
sudo etckeeper commit "Initial commit."

etckeeper automatically commits after apt activity and on a daily cycle.

Set multi monitor layout

Use arandr to get a tool very similar to Windows 7’s built-in multi monitor layout editor.

Install arandr.

sudo apt-get install arandr

Arrange the layout visually, just like on Windows 7.


Thanks to Jeremy L Gaddis and Alin Andrei for the tips.


WordPress Security Notes

David Wilemski: An introduction to WordPress security

Zero Day Vulnerability in many WordPress Themes

Distributed WordPress admin account cracking

Change “wp_” table prefix to avoid automatic SQL injection

Delete admin user

Use SSL in wp-admin

Linux file permissions – 755 folders, 644 files

Change wp-config.php secrets

Stealth login

Restrict access to wp-admin by IP address

Limit login attempts

Duo two factor authentication

Backups: WP-DB-backup (email) or PressBackup (S3)

Backup infected site for analysis

Restore from known good backup

Check wordress logs (Codex recommends OSSEC)

Don’t assume plugins are safe – check reviews and downloads

Ottopress – How to cope with a hacked site “here’s what the website guy will be doing, if he knows his business…”

FAQ: My site was hacked

Vaultpress backup service


Bad Behavior anti spam plugin

Fix “token_http_request_failed”, “name lookup timed out” error in Jetpack

Jetpack is a convenient wordpress plugin that restore’s stats view to your self-hosted workpress site. It’s my most-missed feature, so I really wanted to get it back.

When you install Jetpack, it asks you to authorize at to enable stats collection.

“name lookup timed out” is a frustrating error that means authorization isn’t working. The full error looks like this:

Jetpack could not contact token_http_request_failed. This usually means something is incorrectly configured on your web host.

name lookup timed out

To fix it, use the Core Control plugin to disable cURL as an HTTP transport.

Install Core Control in the usual way.

Go to Tools, Core Control, tick HTTP Access Module 1.0 and click Save Module Choices.


You’ll see a new “External HTTP Access” link at the top of the page. Click it to go to an HTTP debugging page.

Click “Disable Transport” next to cURL. The cURL row should turn orange.


Try again to authorize Jetpack. It should work now!

Thanks to Jeremy Herve, Carlton Bale, and Dion Hulse for documenting the fix on the WordPress forums.

OKFN Edinburgh March 2014

The MSP Tag Cloud was demoed at the OKFN's Edinburgh meetup in March.

The Open Knowledge Foundation‘s Edinburgh meetup group gathered together at Napier University’s Merchiston Campus on Thursday to discuss Scotland’s open census, hack days, data protection, integrating datasets, data journalism, and interactive accountability.

After hearing about these guys at FOSS4G, I’m very glad to finally meet the community. The group was friendly and the talks were fascinating. Eagerly awaiting the next one!

Here are my highlights from an enlightening evening.

Lamine Lachhab, Ed Turnbull, and Sandy Taylor from National Records Scotland discussed the products and processes of the 2011 Scottish census.

About 25% of responses came through the new online form. The estimated response rate was about 94%. They imputed the data to make that up to 100% for analysis. I learned that ‘imputation‘ is a fancy word statisticians use to mean ‘making up missing data’.

All census products are available under the Open Government License. Some tables are still to be published so watch for updates throughout 2014.

If you want to compare regions visually, check out the area profiles map. The speaker demoed a neat lasso tool for selecting multiple regions, but I can’t find it yet.

Visit the data warehouse if you want to grab the data in bulk for your own analyses.

Sally Kerr from Edinburgh Council talked about the council’s continuing efforts to find and free our tax-funded digital assets.

Lots of useful data is still buried in an Excel spreadsheet somewhere!

Edinburgh Apps, launched in Leith late last year, was the council’s first ‘public data hackathon’, an attempt to rally the Edinburgh tech community to solving civic problems.

Volunteers exchanged ideas and prototypes for the modest prize of local fame and business advice. The event was so enthusiastically received that the council plans at least one repeat this year, with even greater incentives.

Glasgow Council is hosting four of these events. We’re not at all bitter!

Tim Musson, now self-employed after a long lecturing career at Napier, talked about his role in advising companies and lawmakers on computers, data, and privacy.

There are many social and legal challenges in implementing effective rules at government and company level. ‘Trusted’ third parties might pose a threat to vulnerable people when handling their valuable data.

For example, Ed Davey, the Energy Secretary, proposes that energy companies encode energy consumption on bills as a QR code. How many people even know what a QR code is, never mind how to read it? What stops a third party from capturing this?

Wilbert Kraan of CETIS talked about linking open educational data sets. His slides are available under a CC-BY license.

Wilbert wanted to join disparate data sets on educational institutions and courses to create a richer set of data for analysis.

He discussed the challenges of dirty data and resolving different keying conventions, and practical ways to concord each data set with all the others.

His most practical option is to key everything against Freebase, the most stable and comprehensive set of reference IDs for his topic.

Unusually for a Google product, the data in Freebase is under an open CC-BY license.

Wilbert prefers Freebase to Wikipedia-derived DBpedia because Freebase uses stable numbers as keys, whereas DBpedia uses names which can change over time.

Without getting bogged down in technical jargon, Wilbert was basically singing the praises of surrogate keys, an important part of an effective data warehouse.

Hey, Wilbert, have you ever considered a career in Business Intelligence? πŸ™‚

Ally Tibbitt works at STV and is a budding data journalist.

He calls for contributors to help him build Placemakr, a website to make available the results of FOI requests in Scotland and analyses using such data.

Sounds like his long term plan is to build a more socially-minded ScraperWiki, to help those who can’t afford such services. Watch this space for more on that πŸ™‚

What’s the gayest neighborhood in Edinburgh? How long will you have to wait for an allotment? What is the most car-clogged section of the city? What’s the noisiest town in Midlothian? It’s all on Placemakr.

Bruce Ryan demoed an in-progress interactive map of Scottish community council information sourced from various government APIs.

The map was implemented using GeoJSON for data interchange and leaflet.js for presentation, with the markercluster plugin to neatly split and group nearby councils at different zoom levels. Looking forward to the first public release!

Finally we heard from Daniel Duma, a PhD at Edinburgh Uni, after his team’s sleepless three-day toil to win Smart Data Hack 2014. I would call the result an experiment in “interactive accountability”.

The MSP Involvement Map is the result of a small team’s three day sprint to win a hack day competition. The app periodically parses the Holyrood transcripts to generate a tag cloud for what each MSP discusses in parliament.

Does your electee represent your interests? Is average word count and intervention count really an effective measure? Could the “MSP tag cloud” become another metric for politicians to game?

Questions like these generate a lot of excitement among parliamentarians, with Duma’s team meeting members this week. Where will it go?

The code’s on Github, so you can take it anywhere you want! πŸ™‚