Category Archives: geekery

Geobiking Philly to DC

Download PDF

The excitement of visiting colleges with my daughter, her applying to the short list, and waiting on the results has is over and I’m seriously craving a week unplugged from work.   I’ll be taking an organized ride in October from Philadelphia to Washington, DC.  Since these trips are as much about seeing different things as the Zen of cycling, I’ll also be stopping for geocaches (and other site seeing) along the way.   And maybe butterscotch Tastycakes, Cheeseteaks and those legendary tomatoes I’ve heard about.

I spent a good evening wondering if there was an efficient way to generate a “Find caches along a bike route.”   Having plotted the estimated route with Google Maps, using its delightful Bicycle Routing option, I had a rough idea where I’d be visiting:

Google Map version
Google Map version

I was hoping to use this to guide me with Geocaching.com’s “Find Caches Along A Route” tool.  For trips in the west (like this), the tool plus clever battle-shipping of pocket queries has been good enough.  On the east coast, the tool’s auto-routing via turnpike or Interstate (but not, say, the C+O Towpath) makes it cumbersome.  Even trying to force it (the two circles) is futile:

The Geocaching.com tool really, really wants to stick to turnpikes and interstates.
The Geocaching.com tool really, really wants to stick to turnpikes and interstates.

It’s really bad on the leg from Harper’s Ferry to Washington, DC — I could not get it to recognize the C+O Towpath because, look, there’s a huge interstate!

A coworker reminded me of the Map My Ride tool, which is really well-engineered for generating bike routes.  What it offers above that, though, is the option of exporting said route to a KML (used in Google Earth) or GPX (used in Garmin GPS) file.  I built this:

Map My Ride works supremely well. It's built for this sort of endeavor.
Map My Ride works supremely well. It’s built for this sort of endeavor.

Trying to generate a set of geocaches from this was pretty involved.  Google Earth’s user interface confounds me.  (I find I’m shouting at it: stop. moving.)  Garmin Basecamp is a promising candidate, but didn’t seem to work with so many points.  Project-GC, which has completely upped the bar on geocaching stats, only does a point-to-point route with no fiddling.  I’d have to generate eight separate groups.

Project-GC is sooooo close to what I want.
Project-GC is sooooo close to what I want.  It just lacks multiple points, and the option to reroute.

I settled on this GSAK macro.  When fed an al dente KML file, it merrily generates bounding rectangles within ~1 mile (changeable) of the route. Next, I let GSAK fire off a bunch (120!) API calls of caches within each little box. It finished before I brought the takeout home.

Polygon-ized routing
Polygon-ized routing

Next steps are to whittle down the list of 1600+ caches to a reasonable number – focusing on the non-traditional or well-favorited.  I have already started solving a crap-ton of puzzles at each endpoint, Just In Case I’ll be riding over one.  Of course, since geocaching is also about numbers, I’m trying to figure out a scheme to make a side trip into Delaware (via train ride back?) or New Jersey (perhaps simply crossing the bridge from Philly) so I can say I have cached in both of those states.

Downtown Philadelphia
Downtown Philadelphia: Visiting in October.

Just skimming through the route, the two parts I’m most eagerly anticipating are the ride through Gettysburg — I last visited in 2008, astounded by the enormity of the place — and the ride along the Potomac from Harper’s Ferry to Washington, DC.

Fitbit Charge HR review

Download PDF

Since my Fitbit Force was recalled earlier this year, I’d been pining for a simple motivational aid.  Microsoft’s Band looks awesome, but it’s sold out as soon as they get another batch of units.  The Garmin VivoSmart had some interesting features, but lacks stair climbs (important to me because I do so much of that in a given day) and was at the upper end of my price range.  (They weren’t discounting it for CyberThanksGivingBlackShoppingHolidayWeek, either.)  Fitbit, meanwhile, has been such a tease, but finally wanted to take my money in exchange for Fitbit Charge HR.  I’ve used it for two weeks.

I was a little nervous about the heart rate sensor needing to be super snug against my arm.  I’m happy to say that it doesn’t need to be.  If you’re used to wearing a watch, you won’t notice the difference.  If you don’t wear a watch, like me, you’ll fiddle with it a few times a day.

Fitbit Charge HR on my very hairy arm.
Clearly, my day job as a data scientist doesn’t involve a lot of physical exertion.

The heart rate sensor uses two green LEDs that need to be “close enough” to the skin to do their thing. When you take it off for charging, or if there is some kind of malfunction, the LEDs will power down.  If you bump it at night, you may get an eyeful of blinking green LED.  Reason: the Fitbit is designed to record your heart rate all day.   The pretty HR graph is available on the Fitbit web site, but not the phone application.

stairway
The web page shows the full day’s heart rate. My peak represents powering up Pike Place Market, on the way to the bus stop.

I’ve found the HR sensor works best if the watchband is two to three finger-widths from the end of my wrist. The heart rate reading seems believable. The “resting heart rate” setting should record after one wakes up, but is still lying in bed. Unfortunately, it seems to wait until I’m up and out, reading a little higher than expected. I’m sure they’ll get this kink worked out.

The Fitbit web site sorta kinda integrates with other apps and products. For example, I use MyFitnessPal to record my dietary intake because its food list is very good and EveryMove for additional motivation.  The “sorta kinda” is FitBit records my caloric intake, but not the things I ate.

Fitbit Dashboard.  Jes continues to kick my ass.
Fitbit Dashboard. Goals complete, yet Jes continues to kick my ass.

A huge plus over the Force and the Charge (non-HR) is the band has a real clasp. The little nub on the prior model was prone to coming undone when anything tugged against the band or if the nub wasn’t thoroughly pushed through.  In my first week of The Force, I nearly lost it twice.

Another really nice improvement is the sleep recording is automatic. Previously with the Force, I’d have to remember to set the timer before going to bed and unset it when I get up. Needless to say, I often didn’t. Now, it’s more of a wear and forget device, which is precisely what I wanted.

Nightly sleep measurement.
Nightly sleep measurement.  Is 92% efficient good?

Battery life seems to be on the order of 5-6 days of normal use, where normal use is “Use the vibrate to wake up Monday-Friday” (it is really nice you can set multiple alarms on different days) plus walking and occasionally hitting 10k steps. Because the cord is proprietary and apparently incompatible with every other model of Fitbit, I have been charging it roughly every fourth day.

No wonder I was feeling really awful at work Monday
No wonder I was feeling really awful at work Monday

So, overall, I’m pleased with the device. It’s also had the desired effect of getting me to the indirect route through Seattle’s stair district in an effort to boost my stats for the day.

Garage Door Automation

Download PDF

A few times a year, the last person coming into the house via the garage will forget to shut the door, leaving its contents vulnerable to critters or the unruly, post-apocalyptic mobs speeding through our quiet suburban streets at night.  The obvious solution is to check it each night before I go to bed.   But that’s a lot of diligent peeking into the garage (where there are known spiders) for an event that occurs a few times a year. Invariably, after two weeks of “no change,” I completely lose interest until it happens again a few months later.

Kids these days
What I imagine at night. But really, it’s just teenagers.

The most recent incident coincided with my finishing the stack of old Make magazines in the reading room, thinking I really ought to do some kind of project with the Arduino Uno on the bookshelf besides making the LED blink.  Some sleuthing online found the GarageMote, a nifty little project where two Moteinos (tiny Arduino-compatible boards with on-board transmitters) are combined with a Raspberry Pi serving as a gateway.  How could I resist the opportunity to completely over-engineer a solution to an infrequent (but bothersome) problem?  But could I complete it before the raccoons gained unfettered access to the power tools in my garage?

It's really tiny.
Spoiler: yeah.

The Moteino is about the size of an SD card:

Moteino comparison - source lowpowerlab.com
Moteino comparison – source lowpowerlab.com

I went with the higher-powered transmitter because I didn’t want to deal with any interference from the load-bearing walls between the garage and the Carson Household Backbone Network.  (It sometimes floors me that I have >20 devices on my home network).  Power would not be a constraint.

915MHz, high-output transmitter
915MHz, high-output transmitter

The first step was to solder all the little header pins onto each Moteino.  Because my soldering skills had atrophied in the two years since my last significant project, it was necessary to do a thorough inspection on the first unit before I powered it up and found myself up a Creeque Alley without a paddle.  Two egregious solder blobules were exorcised.  Before starting the second unit, I picked up some do-over aids like a tip cleaner, solder wick and solder sucker.

In retrospect, I should have started with the GarageMote unit because it’s only four components (two resistors, a diode and a relay) and not all pins needed to be soldered.

To keep the package small, I opted for a Moteino without an on-board USB jack.  Initial powering and programming is done via an FTDI connector.  This was really, really easy to use.  Soon: LED on.  LED off.  Yay!

Programming the sensing unit
Programming the sensing unit

Felix’s sample code snippets included the logic for the GarageMote plus the library for the transmitter, making the entire endeavor pretty simple. I added a few more debugging routines to let me test the serial port communication (each Moteino can emit a haiku) and pin inputs (snarky comments).  And because I was now a pro at making the LED blink, that’s a diagnostic in case the serial port is not connected (which in most cases, it wouldn’t be).

I tested the components by waving magnets in front of the sensors and gleefully watching the changes in the state machine.  Yes, I am easily amused.

The Raspberry Pi linux gateway is the human interface to all of this.  In concept, I could check and change the status of the garage door by hitting a web server.  Given how many *nix machines and web servers I’ve set up in my lifetime, I assumed the procedure would be equivalent to my looking at it for a few seconds before the operating system self-configured.  But no, this was the most challenging aspect because the components were fussy.

Raspberry Pi connected to the receiver.
Raspberry Pi connected to the receiver.

Configuring the Raspberry Pi was very straightforward.  I plugged the video out into my TV, booted Ubuntu, and then set up the WiFi card so I could do everything remotely from the comfort of the man couch.   The individual components to the gateway — Node, a SerialIO driver, a custom-compiled version of NGiNX, self-signed certificate — individually installed without a hitch.  I even chose the correct pins to wire up from the GPIO pins on the Pi to the Moteino and … spent time over the next couple of weeks debugging why the NGiNX server wasn’t proxying requests to Node and reviewed Felix’s guide.  I believe there may have been issues with the lack of a real-time clock on the Pi and the self-signed certificate.  Or maybe it was just a Transient Subspace Anomaly.

No, really, this is exciting.
Door goes up.  Door goes down.  I. Am. Easily. Amused.

After verifying everything was working, I installed it onto the garage door.  During the first attempt, I bent a sensor wire too much, breaking a solder joint and one of the leads at the most inconvenient place ever.  A part was ordered and much longer wires used, reinforced by electrical tape.  It was solid!

Assembled, just some clean-up to do.
Assembled, just some clean-up to do.

In testing the installation, I realized the door vibrates a lot as it’s in motion.  This wrought havoc with sensor alignment until I installed a horizontal guide (a piece of leftover base board from my kitchen remodeling project) on which the sensors are zip tied.  Power comes from an old cell phone charger rescued from a recycling bin.

The complete overkill and renewal of my Geek Cred was a lot of fun.  After cleaning up the assembly, I’m going to add some automation rules to the server side to warn if the door is left open and, if no response is made, shut it automatically.  Next project may involve controlling the thermostat in the house.

Nutrition Course External References

Download PDF
Roasted brussel sprout salad with a portabella panini.
Roasted brussel sprout salad with a portabella panini.

… speaking of great Coursera offerings, I just finished Katie Ferraro’s excellent Nutrition for Health Promotion and Disease Prevention course.  Its focus on evidence-based medicine was refreshing and helped clear up a lot of confusion I’ve had from contradictory sources over the years.  Since Coursera content is prone to being archived, I wanted to preserve the extensive set of external references provided so I can consult them later.  The hard work of identifying and assembling this into a logical grouping all of this was Katie’s.  I’ve tried to clean up the list, expand abbreviations, and add my own commentary.  Thus, if there are mistakes, they’re mine.

—-

Week 1: Introduction to Nutrition Science

Why Study Nutrition?

CarbohydratesMedlinePlus, Center for Disease Control (CDC) Nutrition for Everyone: Carbohydrates, Food and Agriculture Organization of the United Nations (FAO) Carbohydrates in human nutrition, University of California at San Francisco (UCSF) Patient Education, Carbohydrates

Lipids (aka “fats.”): MedlinePlus, CDC Nutrition for Everyoen: Dietary Fat, FAO Fats and oils in human nutrition, UCSF Patient Education, FatFats Domino (I was just seeing if anyone was paying attention.)

ProteinMedlinePlusCDC Nutrition for Everyone: Protein, FAO Energy and Protein Requirements, UCSF Patient Education Healthy Ways to Increase Calories & Protein

VitaminsMedline Plus, Harvard School of Public Health (HSPH) VitaminsFAO Human Vitamin and Mineral Requirements, WHO Vitamin A Deficiency

MineralsMedline Plus, Harvard Health Vitamins & Minerals: Understanding Their Role, FAO Human Vitamin & Mineral Requirements, US National Institutes of Health (NIH) Office of Dietary Supplements (ODS) Calcium

Meal Planning Guides 

The new diagram gives a more understandable representation of proportions recommended than the Food Pyramid did.

 

Dietary Supplements

Week 2: Heart Disease

Therapeutic Lifestyle Change (TLC) [This advocates diet, physical activity and weight management as a first step.]

Dietary Fat and Heart Disease

Essential Fatty Acids [Fatty acids you need but your body cannot synthesize on its own.  There is an older study on PubMed asserting that the ratio of Omega 6 to Omega 3 fatty acids is out of whack.  I’ve seen some viral youtube videos suggesting the ratio can lead to “inflammation” of the arteries, suggesting eventual problems.  I see more reputable sources saying “there is no evidence” than I see evidence.]

Dietary Fiber and Heart Disease

The Mediterranean Diet and Heart Health [Its focus is reducing cardiovascular risk factors through a diet low in saturated fats and cholesterols.  It is not low-fat, but considers type of fat.  A recent review in the New England Journal of Medicine suggests there is credibility.]

The DASH Diet [Its focus is reducing hypertension through decreased fat, salt and cholesterol intake while trying to increase potassium.  Not surprisingly, most of the salt comes from my favorite foods: breads, pizza, cheese, pasta, potato chips, pretzels, and bacon.]

Dietary Management of Hypertriglyceridemia: American Heart AssociationMedlinePlus

Plant Stanols and Sterols [These are used to reduce cholesterol; They’re pretty expensive and only effective with a decent diet.  In other words, you’re still going to have to cut back on the bacon and egg lardshakes.] — Cleveland ClinicUniversity of Southern California, Keck Medical Center

The Cholesterol Nuclear Option.  Source: http://imgur.com/gallery/V2dtI

Week 3: Diabetes

Defining and Diagnosing Diabetes

Physical Activity and Weight in Diabetes

Meal Planning for Diabetes

Carbohydrate Counting and Exchange Lists For Meal Planning

Dietary Fiber and Blood Sugar Control

Non-Nutritive Sweeteners

Gestational Diabetes: PubMed HealthAmerican Diabetes Association, UCSF Patient Education – Diabetes in Pregnancy

Week 4: Cancer

Cancer Prevention

Diet and Cancer

Debunking Cancer and Diet Myths [Executive summary: eat sensibly.  There’s no silver bullet, but there’s a big pile of bullshit out there.]

Nutrition Needs in Cancer

 

Week 5: Obesity and Weight Management

Defining Obesity: World Health OrganizationHSPH Measuring Obesity

Energy Balance: NIH/NHLBINational Cancer Institute

Metabolic Syndrome [These are risk factors that, when occur together, imply a significantly higher risk of cardiovascular problems.]: Medline PlusPubMed Health

Pediatric Obesity [Children who are obese are more likely to be obese adults.]

Guest Lecturers [These were the two folks I remember as they offered different viewpoints.]

  • Robert Lustig: Sugar – The Bitter Truth [This was interesting; I now understand the concerns about high-fructose corn syrup in diets.]

 

Week 6: Disorders of the GI Tract 

Nutrient Digestion and Absorption: National Digestive Diseases Information Clearinghouse – Your Digestive System and How it Works

FODMAPS [fermentable oligo-, di-, and monosaccharides and polyols — groups of foods containing short-chained carbohydrates that cause problems] Approach to IBS [Irritable Bowel Syndrome] Management: Today’s Dietition – Successful Low-FODMAP LivingShepherd Works – Low FODMAPs Diet

Celiac Disease [Your immune system gets drunk on gluten, goes medieval on your small intestine.]

Diets for Diverticular Disease [This sounds awful.]: UCSF Patient Education – Diverticular Disease DietNDDIC – Diverticulosis and Diverticulitis

Other:

  • World Health Organization, Diarrhea
  • MedlinePlus – Diet, Constipation
  • NDDIC Intestinal Gas
  • MedlinePlus – GERD (Gastroesophageal reflux disease – food leaks back up.  Among other problems, this can cause your teeth to weaken.)
  • Nobel Prize, H. pylori [The cause of peptic ulcers is bacteria]

Food Allergies [Key learn: allergy == can kill you; sensitivity == makes you feel bad, but doesn’t kill you]  The Food Allergy and Anaphylaxis Network, National Institute of Allergy and Infectious Diseases, Food Allergy

Dysphagia

Probiotics and Prebiotics

 

 

Pimping out the geomobiles

Download PDF

A few days before we were going to leave on a week-long roadtrip, my spouse suggested we swap out her original radio for something that would play MP3s and, ideally, had an USB port.  I did some quick research and found a JVC unit that work fine.  The other requirement was maintaining compatibility with the steering wheel controls.  For most current radios, this involves buying an interface computer that’s patched between. Crutchfield set me up with the PAC unit.  (Spoiler alert: I have not been this frustrated with a product in quite a while.)

The order arrived (as expected) the day before we were going to leave for our trip.  While she was running some additional bonus last minute errands, I was soldering the vehicle-specific harness in anticipation of this being a quick job.  After she got home, I popped off the dashboard using Crutchfield’s excellent diagram and discovered … I’d been sent the wrong harness.  Merde.  Put the old radio back in and we vacationed.

When I returned, I had Crutchfield sent out the correct harness and I soldered its interface on.   Took the dash apart and popped the radio in.   Worked great.  Next, I was going to add the steering wheel control interface.  From there, I descended into madness.  Among the problems:

  1. The package includes a plastic bag with six resistors and a capacitor.   There is a vague reference to possibly needing the capacitor if the controls are intermittent.  I had several WTF moments until finally just assuming none of it was needed.
  2. Instructions are printed in a four point font.  The sheet lacked my vehicle, so I had to go to the web site where its computer generated configuration had confusing messages like:

    Connect pin 9 to ground if available.

    Jim’s thought: ‘If available?’  Does that mean optional?

    and

    “Step A: The purple loop wire does not need to be cut. (unless stated different previously)”

    Jim’s thought: You mean you don’t know?!

    and

    Note #9: No other notes needed, skip to the next STEP

    Jim’s thought: disregard this thought.  Do not pass Go.

  3. It requires splicing wires from the original harness.  The pin diagram is tiny and oriented from the pin side (versus the wire side, where you’re actually splicing).  They make no attempt to tell you what color wire you’ll need to splice.  There’s not a lot of room in the dash to be looking at wires.
  4. The unit requires Every.  Fracking.  Button.   Individually.   Programmed.   blink, LED, blink!

Installation attempt #1: unit wouldn’t program.  Reason (20/20 hindsight): I misread the “if available” instruction as being optional.  It isn’t.  The steering wheel buttons work by varying resistance.  If pin 9 isn’t grounded, it’s not going to send any voltage, as my voltmeter verified.

Installation attempt #2: Got to experience the joys of programming Every.  Individual.  Button.  The switch on the side of the box requires a different setting for the radio (JVC = #2) than programming the car buttons (#3).   The instruction sheet omitted mentioning this transition.   When I re-read the sheet, the unit got confused and wouldn’t respond at all.

Installation attempt #3: Got everything connected correctly and working.  Bolted the dash up, and… volume up was intermittent, volume down didn’t work.  In retrospect, this may have been indicative of needing to solder that capacitor across the spliced pins.  I took the whole thing apart and ran a voltmeter on every connection.  Just to be sure, I resoldered them all and reprogrammed the box from scratch.  Only this time, it wouldn’t respond at all.  I was really busy with work the next week and hoped my spouse would forget about it.  She didn’t.

Installation attempt #4: I threw the PAC device away and installed Metra Axxess ASWC unit.  This was nearly opposite in experience: the had instructions for my vehicle, showed what color wires to splice (which I’d already done), and no programming: the box just figured out what it needed and everything worked fine.

Total time spent on this whole endeavor: 6 hours.  I can now take my minivan dash apart with my eyes closed.   (Seriously, that’s what I did on #4 – a useful life skill if I ever want to go into the business of removing Mazda MPV radios.)  I can now swear in at least two languages.

 

When not cursing the steering wheel interface box, I taking an interest in upgrading my car’s radio (to have bluetooth for playing Pandora and audio books) and speakers.  My car’s only ten years old — and lacks steering wheel controls — so this would be a fun little project.   I used the model my spouse’s radio replaced as it had the same basic functionality, but was $50 less.  For speakers, Crutchfield’s configuration tool offered only one choice for front-door speakers (because there is not much depth between the frame and window).  Worse, the speakers they recommended were equivalent to what I spent on everything else.

Professor Bing found a Subaru enthusiast forum whose members have documented similar work to their vehicles.   The most useful takeaway was a link to an aftermarket flange that would let me use cheaper, better, cheaper, standard, cheaper speakers.  The flange is a delightfully simple.  The three original speaker screws are used to attach the flange to the door.  The new speakers come with new screws and bolt onto this.  The gap is enough to separate the (deeper) speaker from the glass.

Oh my, was this easy to use.

The speakers lacked plugs.  No problem, I just snipped off the one from door, soldered wires, and used wire screws just in case I got the polarity wrong.

I really felt I should fill the door with styrofoam shipping peanuts.  Poor man’s soundproofing?

After a quick test, I put the speaker and the door back together.   This speaker is twice as deep as the factory version.

Party Rock Anthem in … 3… 2…

Total time to replace the radio and speakers, including soldering, was under two hours.   The really cool part is it’s a lot more convenient to listen to audio books on the way to work.  I’m currently 2/3 the way through The Emperor of All Maladies.

The next project is to do some holiday lighting.  (Okay, not really… )

WPEngine experiment

Download PDF

Executive summary: Dissatisfied with my blog’s response time, I looked into a variety of options.  For about a month, I tried a wpengine experiment whereby I moved everything to them.  It didn’t work out, but I learned a lot along the way.  I’ve been dissatisfied about the page load times of my blog for a long time. After some pent-up annoyance, I’d futz with things like swapping out the theme or not running fifty-seven plugins (especially the one that translates prose to the binary language of load lifters). Like a thump on the side of a recalcitrant TV, this would confer sufficient and unsubstantiated improvement that I could focus other things.

Then, in November, someone pinned one of my posts on Pinterest. Traffic shot up 5x for a couple of days before returning to normal.  The same post has been repinned every three weeks. While I am thrilled that something I wrote is being referenced by the erudite, mannered and comely pinhabitants, the pinstorms were pincreasing my page load times to a ghastly 15 seconds.

I needed to figure out why it was so slow.   Some DuckDuckGoing yielded a set of blogs by Steve Souders, formerly of Yahoo (now of Google) with best practices for improving performance.  Many of these were codified into YSlow.   Nearly everything they test for, I was doing wrong.

This was also the same conclusion of Webpagetest, which also lets you examine your site from different locations around the world.  It gave me a better appreciation for the benefits of content delivery networks.  I remain flummoxed about how to address the “cookie-free domain” of images recommendation it always dings me on.

Zoomph - saving me 2.5% bandwidth

ZOMG, 13.6363% savings by going aggressive!

Zoompf offers a free performance scan as a lead-in to their enterprise reporting service targeted at large sites who won’t flinch at the $100-200/month price tag.  (Me: flinch)  The sample report covers many of the same concepts as YSlow, but in an effort to impress, it just lists pages and pages of stuff sprinkled with up sell.   Frankly, I found this presentation unactionable and of dubious value.   For example, at the top of the performance list, under the “critical and high impact” category, was a page full of suggestions that I replace every PNG with a JPG.  An example reduction of 1294 to 777 bytes would yield “39.954% improvement.”

Um, riiiiiiight.  I have this rule of thumb that the more digits of precision someone (or some company) lists, the less likely it is they know what they’re talking about.  This image: Add media icon is fine as a PNG file.  And let’s be realistic, the 517 byte savings is not going to amount too much improvement.  It would be more effective to make the image part of a CSS sprite and save the extra connection.

An option I hadn’t considered before came via a HackerNews story where some A-list blogger was absolutely gushing about the principals of WPEngine. The premise is they are the WordPress equivalent of SuperFriends who have banded together to defeat Giganta offer managed WordPress installations.

When stated as a function of the opportunity cost of “things I can do if I don’t have to coax acceptable performance out of my blog,” the $29/month, entry-level plan  seemed worth looking into.  Though I host a vanity blog in an anonymous cookie-cutter neighborhood somewhere far east of town, past the phone pole with the red shoes dangling from the wires, I was concerned about exceeding the limits of their entry-level plan, especially if I kept being repinned.  The price difference between their entry-level ($29/month) and middle tier ($99/month) is steep.

They assured me they were most concerned about bandwidth and general resource allocation (issues partially mitigated through using CloudFlare). I viewed this as a good sign because instead of adopting the shared service provider promise of “infinite bandwidth” and overselling it (which is not unreasonable since everyone overestimates what they’ll use), they were keeping an eye on metering resources to provide quality service for everyone.  They also have a reasonable approach to counting visitors.

Migrating my blog to WPEngine was very easy:

  1. Export a backup of posts from my DreamHost-hosted blog.
  2. While I was migrating… used my vim-fu to modify the backup so the images pointed to a second domain.  This would let me decouple the images from the blog content.  (Doing this was an opportunity to clean out all of the non-content cruft that I’ve accumulated since 2002, when I was on Movable Type (before switching to WordPress, back to MT, and again, finally, to WordPress).
  3. Install my Pagelines theme and plugins.
  4. Tell CloudFlare to use the new server.

The switchover took about two hours, plus a few hours spread out over the next few nights to reconfiguring Pagelines and plugins to look acceptable.  I really appreciated their site backup/staging feature – it let me try plugins without taking down the original.  It’s speedy and seamless.

They install, but do not activate, a handful of curated plugins.  Being so separated from WP-cool, it was interesting to browse through what’s new and available.  My head almost exploded trying to ponder the search engine optimization one.  (Too many options.)

Using the WebPageTest, I went from FABF✓ to CAAF✓.  Page load time decreased to about 6 seconds.   Shortly after my trial started, DreamHost sent me this:

During a recent security scan we have identified that one or more of your hosted sites have been compromised and may have an open security flaw which allowed malicious parties to abuse your site for unscrupulous purposes. Further details regarding what security concerns we found can be found listed below:

wp-content/themes/wonderflux
wp-content/themes/wonderflux/groups
[...]
wp-content/themes/wonderflux/registration

After nearly shitting my pants, I determined there was no real damage because the web site was inactive.  What appears to have happened is another user on DreamHost was infected.  This infection, run via shell, surfed user directories to look for WordPress and specifically subdirectories that were world-writable.  It managed to traverse my directory structure, find the opensource theme (WonderFlux) had world-writable directory permission, and deposited a kiddie script in each.  The scripts were a relatively old hack that fetches a set of directives from a hard-coded IP address. In essence, it installs a shim to turn the site into a botnet. Pass the Canadian-grown V1@gr@!

To be safe, I blew away everything and restored from the known good backup taken when I moved the site over to WPEngine.  I also contacted WonderFlux’s proprietor suggesting that the file permissions might be reigned in a notch, changed passwords using my handy-dandy password manager, and used my scripting fu to audit file permissions.

I have a few simple takeaways from this experience:

  1. Always have a backup no older than the amount of data loss you’re willing to incur.
  2. Don’t expect help from your web hosting provider.  DreamHost deals with hundreds of these things a day.  Their support people are happy to run their scanner again, but that’s about all.  The “site restore” option buried deep within their control panel is ornamental.
  3. Even though WordPress components may be inactive or unused, they still represent potential security problems. I’d checked WonderFlux for php shenanigans, but didn’t think to validate its file permissions.  (This was clearly my bad.)  I should have also deleted it when I was done.

So up to this point, I was feeling a lot of love for giving WPEngine a try.

The first two weeks on WPEngine were great.  The three technical questions I had were answered promptly and with great information – Christopher and Donovan had WP-fu.  Even with the biggest pinstorm I’d seen yet, page load times were still hovering around the 6 second range.

Performance on WPEngine, late March 2012

Performance oN WPEngine, late March 2012

Then on March 21st, I tried logging into my console to write:

Because I ain’t going to tell you why.  That’s why.

There was nothing in the error logs, so I reported this to support.  One of their technicians gave me a “try it now,” and chalked it up to a timeout. I’d later find out this was part of some broader issues.  No specific root cause was noted.

A week later, it happened again.  It just hit me on the wrong day, and I was amped up on frustration in my support request.  Their junior support person responded within 20 minutes saying she couldn’t reproduce it and suggested it might be a “browser issue.”  (Browser Issue is becoming the new “Update Windows.”)  Since they had a similar site problem earlier that day, I had my doubts, but just in case, I tested it with Chrome, Firefox and Safari.   I also logged in from work using IE.  Same result.

The following evening, I was still unable to login and heard nary a peep from them.  I started moving all of my stuff back to Dreamhost.  Reloading the blog database on DreamHost took freaking forever, but I was back online.   One more check that they hadn’t responded, so I requested they cancel my account and that they refund the first month per their 60-day guarantee.   A few days later, their blog showed more of these 50x problems.  And again.

Clearly, they are having some growing pains.  I hope they can work past these because the value proposition of not spending evenings farting around with WordPress/Apache/Caching plugins or dealing with the ongoing security issues with PHP and WordPress make their offering interesting.

Performance on Dreamhost, post-move. April 2012

In the meantime, I’ve been spending my evenings farting around with WordPress/Apache/Caching plugins, coaxing out an improvement over what it was doing before.  Now if I can just get back to writing again…