PodHawk Podcasting to the world!

...to PodHawk.

PodHawk is a content management system specially designed for audio and video podcasters. Developed from the well-established LoudBlog software, PodHawk will manage your audio and video files, generate a full podcasting RSS feed, and allow you to present your postings on an attractive web-page. There is a choice of Flash players, so your listeners can listen to your masterworks straight from your site.

This site runs entirely on PodHawk, and shows a few of the things that PodHawk is capable of doing. You can read much more about PodHawk here, and download PodHawk 1.52 here.

Photo of a red-tailed hawk by Vicki’s Nature/flickr

Share

PodHawk 1.52 was released today. You can download it as a .zip or a .tar.gz archive here. The archive contains instructions (howtoupdate.txt) on how to update from earlier PodHawk versions.

This is principally a bugfix release. In particular, I have traced and corrected the bug which placed three invisible invalid characters at the beginning of the RSS feed. There is also a new theme (Black Urban) for you to try. You can customise the links at the top of the Black Urban page by simple editing of podhawk/custom/themes/black_urban/index.tpl.

Future plans for PodHawk include Facebook integration, so that your podcasts can be displayed in your Facebook profile, complete with players so that your friends can listen to them; a Flash uploader for file uploading; and a facility for creating and managing playlists. I propose to drop browser file upload (which can only be used for small files) and the CGI uploader; and also support for QuickTime , subject of course to any comments which users may have.

Share

PodHawk 1.51 was released today and can be downloaded from Sourceforge. This is a bug-fix release with no significant new features.

Share

PodHawk 1.5 was released today. You can download it here. The download package contains instructions on how to install Podhawk, and how to update from PodHawk 1.4.

New features include :

• URL rewriting. For example, instead of www.mypodhawksite.com/index.php?cat=music, your listeners can now ask for www.mypodhawksite.com/music. Further details in the PodHawk wiki.
• Option to send a tweet to your followers on Twitter whenever you put a new posting on air.
• Option to include Share This links on your posts.
• A new system for counting downloads. PodHawk can now count plays of mp4 and flash videos from the JW player on your site; previously it could count only plays of mp3s.
• thumbnail images in the images manager
• Option to populate home page with posts from a single category, instead of from all categories

The big changes however are under the bonnet. Large parts of the coding have been rewritten to make PodHawk more secure against sql injection, cross-site request forgeries and other nasty stuff. Again, fuller details are in the Wiki. I have also replaced Adodb (the programme which handles database transactions in PodHawk) with adodb-lite, which uses smaller resources on your server.

Please update your PodHawk site as soon as possible to benefit from the important security enhancements in PodHawk 1.5.

PodHawk 1.5 will be the last release to support php4. Most php servers today run php5, and php6 will be available soon. If your server still runs php4, tell your web host or server administrator that it is time to upgrade!

Share

You may have seen some recent reports about successful hacker attacks against WordPress sites.

PodHawk users may find the following helpful in making their sites as secure as possible:

• There is no substitute for a strong password. There are several online facilities which will test your password for you and tell you how strong it is.
• PodHawk allows you to have a login name (to access your admin pages) which is different from your ‘nickname’ or screen name. Your screen name can be read by anyone who visits your webpage. Make sure that you set a completely different login name.
• Turn off error messaging (admin settings page). Error messages contain information about the structure of your site. You can always turn error messaging on again temporarily if you encounter a problem.
• Protect your configuration file by adding the following little .htaccess file in your podhawk/custom directory.
  <Files config.php> Order deny,allow deny from all </Files>
  Test it by using your browser to navigate to [yoursite]/podhawk/custom/config.php. You should get an “access denied” error.
• The commenting system is an obvious possible route for an attempted SQL injection attack. If you use the Disqus commenting system, the problem belongs to Disqus, not you, as comments are not entered in your database. If you use Akismet, turn off the facility to store spam messages for 14 days. Most comment spam is simply an attempt to insert a link to a porno site in your post, but some may also contain an attempt at malicious code. Don’t take the risk of entering it on your database.
• Don’t enter any data about your ftp username, password etc in the ftp section of the settings page unless you want to use the Java Applet to upload your audio files. This information has to be stored in unencrypted form in the database, so someone who successfully hacked your site would have access to your ftp settings as well.
• SQL injection attacks may rely on the attacker knowing the names of the tables in your database. If you are making a new install of PodHawk, the installation programme allows you to insert a ‘database prefix’ (ie a string of letters or numbers which will precede the ‘proper’ name of the table). Originally, the idea was to allow you to run more than one PodHawk installation off the same database. But the database prefix can also be a valuable security tool. Without a database prefix, a hacker will know that all your database tables have names which look like “lb_tablename”. If you set a datbase prefix of, say, “jvx37pv_”, the tablenames will look like this “jvx37pv_lb_tablename”, which a hacker is unlikely to be able to guess. So, set a secure database prefix if you are installing PodHawk for the first time.
• Can you retrofit a database prefix to an existing PodHawk database? Yes, with all the usual warnings about backing up everything first. The SQL command you want has the form
  RENAME TABLE tablename TO newtablename
  Use SQLMyAdmin to run the command; then add the new prefix in the following line in your config.php file.
  "pref" => "[insert your new prefix here]". Don’t forget that the ‘lb_’ bit is part of the database name and must be preserved in the new name. If you have a second database user, you will need to change that user’s permissions to refer to the new table names.

UPDATE Podhawk 1.5 contains security enhancements which overtake many of the points in this posting. Details here.

Share