Thursday, September 17, 2009

Duel in translation

Because of blogging on geek feminism, BlogHer, and Hack Ability, and doing a bunch of things at work, I haven't said much here. It's been weeks of verbal, verbal verbal, blogging and coding and talking. The feeling of too much looking at code is a lot like the feeling of having my head in poetry. It's hard to come out of it and be articulate like a conversational human being again. It's divine madness hanging out with the muses.

Have some poems with my translations!

From Cortejo y Epinicio
David Rosenmann-Taub (b. 1927)

El Combate

"¿Hacer?", me retorcía el Poderosos:
"autodefé de trámites lacayos,
amolando cilicios,
acuso la nostalgia del bozal."

"¡Hacer!", blandí, de pie. Larvas... Rivales
nieblas — andamios — en los yermos: una
luz rededora decisivamente
nutría y desmigaba.

Rosenman-Taub compacts these poems with precision - but with precise attention to ambiguities and broad meanings. I interpret this poem as an internal and external battle, a response to power, a battle about action. To make, to act, to do. Action? or Action! All came to mind to translate "Hacer!" In one mood, the poem comes out like this:


"To do?" Power wrung from me:
"Auto de fé of bootlicking bureacracy,
itching prickle of hair shirts;
I blame nostalgia for the leash."

"To do!" I blare, standing tall.
Mists - scaffoldings - in the wastelands, one
encompassing light critically
nurtured and eroded.

If you grant that is a possible interpretation of the poem, what would you say it means? What is its feeling? What is opposed to what? What relationship do those two verses, those two stances, have to each other? Are they either/or? Are they one in response to another?

Rosenman-Taub's poems are puzzles, cryptograms, circular ruins. They itch at me. The language sticks into itself, words interfacing uncomfortably with each other, like burrs. The language of a mad philosopher-poet. It's a How to Think manual, but not for Dummies. As some difficult novels function to teach the reader how to read (suspiciously, and circularly) these difficult short poems teach the poet all that difficulty in an alchemical crucible. Playfully - but dead serious.

Here are two more translations of a single poem by him, "Jerarquía". They're fun!

It is a mistake when translators translate an obscure word in one language to make it easier to understand in a new. I try to go with my judgement of how awkward, hard, stuck up, dusty, a word is. caliginous for example. I let it stand in this bullfight poem.


En el poniente de pardos vallados,
de sobaquillo y verónica de oro,
juegan el hombre y la parca: embrocados,
derivan: cuadran faena. El tesoro,

caliginoso cabestre, se oculta
de la destreza de tules solares:
risco de fauces de jade: sepulta
los quioscos gilvos. La parca ¡No pares!

hace ondular sobre los inmolados
novillos. Cómplice de acantilados
cuernos, ¡No pares! se trasvina, sigue

y sigue... El hombre a las landas del cielo
ha escudriñado con garfio gemelo.
Ya no se sabe quién es quien persigue.

Like I said, a metaphysical bullfight. What a poem, interrupting itself!


In the west wind of corralled dun bulls,
of cape-sweep and stylish lance-stab, golden,
man and fate are playing: horn-tangled,
they shift meaning: dance formal faena. The best,

caliginous maverick, half-hidden
from the dexterity of sunlight lace:
rock-crag jade jaws: he entombs
the gilted grandstands. Fate - Don't stop! -

ripples waving over the sacrificial
yearling bulls. Conspirator of cliff-edge
horns - Don't stop! - transcending, on

and on... The man come to heaven's prairies
has skewered all with twinned horn;
Now who knows who's chasing who?

It's impossible to translate a poem like this literally and not screw it up. You have to know that it means something, settle on a meaning, on meanings battling, and hover over those meanings. "Don't stop!" set off from the action and repeated I think here is perfectly timed, an abruption of what the poem means and who is speaking or thinking. Who is saying don't stop? to who? We feel the audience - we are the audience of the bullfight and the dance, the fight is between the poet and the text, or the poet and the poem. Or the author exhorts us, familiarly - go on! Don't stop! Or any number of any other beautiful air-castles of meaning. The poem turns midway through from a poem about a bullfight to a poem about ways of thinking and reasoning.

Digg this

Monday, September 07, 2009

WordPress security checkup

If you aren't using the latest version of WordPress, your blog might have been hacked. There's an attack going on right now that creates and then hides administrator accounts.

You can see if this has happened on your blog by going to the Dashboard and then the Users panel. The number listed in parentheses after Administrators should match the number of actual admins that you have for the blog!

WP users panel

If that number is higher than the amount of admins for the blog, you probably have hidden users. You could try turning Javascript off in your browser to see those hidden users.

Then, delete them (if you can) from the panel. I didn't try this myself, but I think it will work.

Or, you can use mysql or phpmyadmin to delete those users from your database. If you don't remember how to connect to your database, look at the files in your wordpress folder and read the contents of wp-config.php. That will have the username and password and database host name. You might also need to look at the help or FAQ files for your web host.

In phpMyAdmin, you can find and delete the hidden users by connecting to your database, then browsing the users table. Check the boxes by the wp_users and the email fields (or just check all of them) and then click Browse again. This should show you a list of all the users on your blog.

This is what a row of user data should look like in phpMyAdmin:


This is what a "hidden user" account will look like. It'll be a name that doesn't show up in your WordPress Dashboard, and it won't have an email address in that 5th field. Might be a good idea to delete these users right away.


I followed Lorelle's instructions for how to recover from my WordPress blog being hacked. That worked fine:

* I did an xml export from the Dashboard and made sure I knew what that file was named and where I saved it.
* I did an sql dump of the whole blog (from the mysql command line, but you could do one from phpMyAdmin too) Just to make sure I would have everything, and so that I could do some forensics later on the contaminated db.
* Then I deleted that db, made a new db, and saved the information on how to log into it. You could also drop all the tables in the old one, I guess, and keep using it. While you could leave the old db there, it seems unwise.
* I deleted all the stuff in my wordpress folder on my server. If I'd thought, I would have saved a few custom banners and images first.
* I downloaded WordPress latest version, 2.8.4 and unzipped it, along with some themes and plugins.
* I then went to the url for my blog and told the install screen a blog name and my email address, and got a new admin password. Voila, new empty blog.
* Then, from the WordPress Dashboard, went to Manage and then Import. I imported the xml file as a WordPress import, with its attachments. This brought me all my pages, posts, comments, and so on.

A little tweaking and my blog was as good as new.

Total Crisis Panic Street Sign (While Danger is Eminent sometimes, I don't think that's what the signmaker meant!)

I think for your average user, who finds upgrading and installing a bit scary, this will seem even more scary. But it's not bad at all. It just requires you to follow the steps, write down or cut and paste all the information you will need to keep track of:

- one set of info for your web host account
- one set for your sql database account and phpmyadmin
- the information for your blog itself, for the WordPress install
- where you're saving the export file with your blog posts and comments!

In a pinch, if you really mess up in this process, you can get a backup and restore from your web host.

Now, even though I went through this process, I think that someone might potentially write a plugin or script to reveal and delete those hidden users. It might not catch all the modified data touched by those users, though. Spam may already have been inserted into your old posts, or some other havoc wreaked, which you could catch with Exploit Scanner or some other useful tool. The problem with this approach might be that there are multiple versions or exploits based on this security flaw and no one is sure yet if it's modified core WordPress code or created some other exploitable security hole. So at this point, I think it's best to do a clean install if you think you can manage it.

If you're not sure, turn off Javascript in the browser, go to the Users panel, and delete the people who shouldn't be admins -- at least. And maybe there will be an easier fix in a few days -- keep checking the WordPress development blog to see if it says something more useful than "OMG, you dumbass, why didn't you upgrade right away, never, never, never do that again!" (Thanks... I know... thanks for the lecture, grumpy sysadmin...)

When I did this -- and I had to, because "upgrade WordPress to latest version" was not #1 on my to do list, and a blog of mine got messed with -- I had to re-install my plugins and go through the steps to re-create my blog. This goes to show that it's a good idea to keep a worklog of all the things you've done to a blog, or a wiki or any sort of installation, so that you can recreate it from scratch! You can do this on your blog itself, by creating a section in your About page or somewhere else, listing the plugins you use, and when you've upgraded, and so on. It is especially useful to share this information a group blog where you might have more than one administrator. If you haven't done this you could just be sure to do it next time and then write a really cranky blog post about how you don't understand how anyone in the world could be so clueless. HA.

Good luck and here's some more links on the subject!

WordPress Codex FAQ: My site was hacked
Old WordPress Version attack warning: please upgrade
Checking your WordPress security

Digg this