Sal Aguilar's Bilingual Adventures in IT

computers are easier to deal with than people

WordPress Administrado vs Alojamiento Compartido #WCSJO2018 — July 23, 2018

WordPress Administrado vs Alojamiento Compartido #WCSJO2018


El día de ayer, Domingo 22 de Julio del 2018, me uní a más de 700 personas para ser parte del tercer WordCamp de Costa Rica.  El evento estuvo super concurrido y con asistentes de Argentina, España, Estados Unidos, Guatemala, El Salvador y siempre miembros de la Comunidad WordPress de Nicaragua.

En esta última edición me tocó hablar sobre las diferencias entre el WordPress Administrado y el Alojamiento Compartido, abajo les dejo mi presentación

Advertisements
Introduction to WordPress Security by Sucuri — February 14, 2018

Introduction to WordPress Security by Sucuri


Security on websites and mostly on WordPress which is on more than 29% of the entire internet, its crucial, preventive security is 10 times cheaper than proactive security.

Below is an amazing and easy to follow infographic about WordPress Security by my favorite Website Security provider: Sucuri

See the full infographic here: https://sucuri.net/infographics/intro-to-wordpress-security

 

El Trabajo Remoto y yo — December 27, 2017

El Trabajo Remoto y yo


Ayer me decidí escribir algo corto que resulto crecer mucho más de lo que pensé. Quería escribir sobre trabajo remoto en Nicaragua pero terminé contando mi historia, mis obstáculos y mi motivación.

Decidí también probar escribir en LinkedIN Pulse para probar el reach del mismo. Fue una bonita experiencia y escribir es algo que ayuda a quitarme estress e ideas locas de la cabeza para poder andar más liviano por la vida.

Lean mi historia aquí: https://www.linkedin.com/pulse/el-trabajo-remoto-y-yo-salvador-aguilar-l-i-o-n-/

También está este video de un conversatorio que hicimos sobre trabajo remoto hace algunos meses:

 

En WPNicaragua estamos buscando como hacer más charlas al respecto, incluso para el WordCamp Managua 2018, es posible que metamos una al respecto. 

¿Qué les parece?

MacOS Improvements: Homebrew — November 13, 2017

MacOS Improvements: Homebrew


For those who have used any Linux distro like Debian or CentOS, you are pretty familiar with packet managers. But this is also for all those Mac newbies out there, basically a packet manager is:

… a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer programs for a computer‘s operating system in a consistent manner.

On Debian has APT and CentOS comes with YUM. Every IT Pro, SysAdmin or Dev knows how lovely packet managers are, and well since Apple never made one for MacOS, some one did and its amazing.

It’s called HOMEBREW and it brings the sweetness and ease of installing packages just like APT or YUM does on Linux.

How do you install HOMEBREW?

Open your favorite terminal app, either the one that comes with MacOS or my favorite iTerm2 and execute this command:

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
 And that’s it. YES, IT’S THAT SIMPLE!

Now What?

Now you should update Homebrew and you do it with this command:

brew update

And you can install any program/software. On this example I’m going to install Apache, PHP 7, MySQL:

brew install apache2 php70 mysql

This will proceed to install all the required dependencies for each of the software we are installing and that are NOT currently installed on the server.

After it is installed all software is saved the following directory:

/usr/local/Cellar

Below is a snapshot of how my HomeBrew directory is currently:

1. salvador@RipeR81-MBP: :usr:local:Cellar (zsh) 2017-11-09 21-27-20

So start experimenting with HomeBrew today, and let me know if you need a hand!

Tweet at me @RipeR81

Conversatorio sobre Trabajo Remoto (VIDEO) — July 15, 2017

Conversatorio sobre Trabajo Remoto (VIDEO)


Esta fue una sesión improvisada nacida de un post publicado en Facebook en el Grupo de Desarrolladores de Nicaragua

Le comparto la grabación de lo que hablamos!

4 cosas que NO me gustan de WordPress — January 20, 2017

4 cosas que NO me gustan de WordPress


WordPress esta en 1 de cada 4 sitios web en internet. Es el CMS más usado del mundo, tiene miles de integraciones y un sin numero de diferentes temas y plugins, pero, a como todo en esta vida, no es perfecto.

Mi experiencia en Sucuri y compartiendo comentarios con amigos de SiteGround, he creado esta breve lista sobre 5 cosas que no me gustan sobre este CMS.

1. Bitácoras o Logs?

WordPress Core no trae bitácoras o logs sobre lo que pasa detrás del sitio. No podés saber quien entró al sitio, cuando, que cambios hizo; no podés saber cuantas veces intento entrar o cuantas veces ha pedido la contraseña. Desde mi punto de vista de SysAdmin es como manejar con una venda en los ojos, y no puedo determinar problemas sino tengo datos que analizar. Y confiar en los logs de Apache o NGINX no es suficiente.

2. Indefenso ante ataques de fuerza bruta

WordPress te permite intentar logiarte y equivocarte de usuario y contraseña un sin número de veces. El ataque #1 que vemos en Sucuri son los ataques de fuerza bruta para intentar adivinar la contraseña de un usuario administrador del sitio. Y en mi limitada experiencia es una de las mayores razones de infección & inyección de SEO SPAM a las páginas administradas por WordPress.

3. Plugins & Plantillas (themes) Premium

La comunidad de WordPress hace un excelente trabajo revisando cada plugin & theme gratuito, debido a que son de código abierto y estos mismos tienen que apegarse a los standards de programación establecidos. Pero los plugins y themes premium no pasan por tal escrutinio y aunque se vean muy bien estéticamente, muchas veces son muy susceptibles a infecciones o inyecciones de código debido al descuido de sus autores.

4. No trae Cache incluído

Hasta Joomla y Magento traen un cache incluído en el core. Pero WordPress no, entonces cada petición, cada pageview son varias llamadas a la base de datos, desperdiciando CPU & Memoria.

¿Qué cosas no les gustan a ustedes de WordPress? 

Compartan sus comentarios en este artículo o en las redes sociales. Si les gustó por favor compartanlo y denle like en su red social favorita.

What I’ve learned about people from providing support to WordPress Users — August 16, 2016

What I’ve learned about people from providing support to WordPress Users


WARNING: This is a rant. Read at your own discretion!

For the past 5 years my work has been focusing on WordPress, started a web development agency, then worked for mexican integrator, then moved to the web hosting world and now, at I work at a website security company called Sucuri.net.

It’s been a great ride and have managed to see several aspects from WordPress users, I have seen the n00bs, I have helped developers, I’ve crashed my head against the wall while working with Marketers and I have shouted to my computer while working with website owners who don’t want to do anything, but have everything fixed at the point of a click.

I wanted to write a fun article about the frustrations of providing support to WordPress users and below are some of the things I’ve learned:

People don’t read

WordPress is pretty well documented, any bug, issue can easily be resolved by doing a search on any search engine. But no, WordPress users rather call (wait online on hold music), email (expecting a response within 5 seconds after sending it) or chat (expecting the rep to solve everything with a single click).

In any of my previous jobs, I would get the customer email/ticket/chat, and I would try go gather as much information from the issue before start troubleshooting. Then I would check what the problem is, try to replicate myself, then analyze what might be causing it. If I was not very familiar with the issue a quick search online would be enough to find the issue. I would try to apply the patch/change suggested and if it would work would give the article to the customer for them to read and understand what happened. I would also provide a link with my suggestions on how to avoid the issue from happening. But the customer would come back a few days/weeks/months with the exact same problem, claiming the last person he talked to said it was solved but is still happening. Facepalm.

People sometimes don’t read, even when you ask them to because it would save them time and it would avoid them being hacked. But they do not read and do not want to be told to read. It worries me because I am a self taught IT guy, I love learning and trying stuff; I’m the kind of guy who can learn programming from YouTube or reading a book and hacking his way into things. It is so sad that some website owners can read entire books of marketing, Improve your SEO on Google and Pay Per Click Advertising, but they neglect to read a single page that will help them on protecting their brand, reputation and website.

If you are one of those, please, I beg you, read the links that your web advisor, web developer, security analyst, web hosting provider sent. And if you do not understand ask questions. We are here to help you, but we can’t do everything for you. Please help me so I can help you.

People don’t care about security

You can see that by the amount of websites that get blacklisted on Google each week. People just have websites done, they only care about being flashy, nice and have information there. I have not seen a customer on my web developer experience to ask about having a website secure and protected by hackers. They just don’t. You installed WordPress 4 years ago, and is working but suddenly, you have VIAGRA ads on your website and you see that a new administrator user has been added. You then get a call from a provider saying that they get a warning when they try to access your website. You then panick! You open Chrome and try to visit the website, and you too get the warning. You don’t know what is going on. You try to login to your WordPress using admin and 12345 as password and you see lots of pages and blog posts that you have not added. It is until then when you start thinking about security.

That story happens very often, it even happened to a colleague of mine in Sucuri. And it is until we make the mistake that we realize how easy was to take us down, and how easy would have been to prevent this from happening. You do not have to be a web expert or a security ninja to be able to have security put in place. You can opt for services like Sucuri, that provide a managed security service to protect your website. That way you can focus on your business and we will manage security and let you know of any issue that we see that requires your attention.

Visit Sucuri.net for more info!

People don’t care about what is under the hood

Customers pretty much just needs something that works and does the job. They don’t care if its WordPress or Joomla or Drupal. They don’t. They will trust the web agency or web advisor doing the work. Plus they would probably do a search online. They do not know about security, so it is the responsibility of the person or company doing their website to provide the proper guidance. Most of the cases they would choose WordPress over Drupal merely due to cost. They want the most BANG for the buck. And we can all relate to this.

However after the website is done, the customer must be advised that he needs to do maintenance to his website, which is just like a car, that needs some tune up to keep it working well, having all security updates in place to correct any vulnerability and make sure that his SEO and brand reputation is not harmed.

People blame 3rd parties instead

While working at Site5, I faced many customers that were angry because we didn’t stop the hackers from defacing his website. Which is funny to me and the perfect analogy I gave them, is like complaining to your land lord who rented you that house, when burglars break in and steal your stuff. Web hosting providers are responsible for the security of the servers, not for the security of the applications. They protect their servers from being accessed on their core, not on user accounts. I remember when Site5 started blocking IPs of people trying to access several times with the wrong FTP passwords, we had tidal waves of complains and just 1% of people really appreciated the security measure imposed.

In Sucuri, is a different story, people come with actual problems, websites infected with malware, hacked, or blacklisted and we need to help them. I work with customers and the first thing I need to clean a site is access to the website files, but many people do not know what an FTP account is and we provide them an explanation, and offer them to possibility of reading a tutorial on how to get the FTP account, or to simple give over his web hosting account login details so we can figure out the rest. At least 80% of the times, they would give you their web hosting account details, with the same passwords, and they do not change it after we use it. Which is very dangerous.

Once I am in, I have problem because some scripts are really really old, and they have tons of vulnerabilities, but upgrading them it causes hell, because it breaks plugins and themes, leaving most of the times the websites with the dreaded white screen of death. So I have to be careful about removing the infection. Reinstalling the specific WordPress version to make sure that we have clean core files. And finally checking the plugins and themes to advise which really need an update.

From time to time, cleaning malware breaks the functionality of a plugin or a feature of the website that I honestly overlook, and people come back reporting that, as a precaution we always take backups of everything we modify, so we can always roll back. Although there are very very rate times when the site was so infected and corrupted that the only choice is to update everything and we suggest to work with a developer or rebuilding the site and provide several suggestions on how to avoid this from happening again.

I try to do my best always, but sometimes, that is not enough. People whose website I’ve cleaned, do not read the suggestions, and get reinfected, and I am the one to blame for not doing my job right. Its like going to a physician because you had a cold after jogging under the rain, and after getting cured, go jogging under the rain again and then complain and blame the physician. We helped you, we cleaned the site, we told you how to avoid this from happening again. You didn’t listen or didn’t care and now we are to blame. But not worry, we will AGAIN, clean your site and AGAIN provide the suggestions hoping this time you will follow them.

That’s all folks!

These are a few of the things I’ve learned from working with people who have WordPress website around the world. Some have made me laugh, some have annoyed me at first, but from both I’ve learned and adapted my feedback to them so they can be better protected.

If you want to talk more about this, invite me for a beer and let’s hangout!

From Managua to Miami, Orlando & Tampa — June 17, 2016

From Managua to Miami, Orlando & Tampa


Every once in a while you need some vacations right? Well this is the story of how I kept my cost low using internet deals and other websites.

Plane tickets

To buy a cheap plane ticket you have 2 options, you buy it online either on Kayak or CheapoAir (expedia.com is another good option)or you use your credit card points to buy it from local travel agencies like Aeromundo or Schuvar Tours.

Usually on websites, you can subscribe to your desired destination and you will get deals and even coupons with 15-30 USD discounts.

If you pick to use your credit card miles, they are usually exchanged at USD 0.016 per mile, so if you have 100 lines, then you have USD 1.6 to spend! To travel to Miami you usually need between 15,000 to 20,000 miles. Buying airplane tickets is the best way to cash out your miles, if you rather get stuff on stores or hard cold cash, then each mile is USD 0.008, which mean that if you have 100 miles, then you only have USD 0.80 (eighty cents) to spend.

Some tips:

  • Buy the airplane ticket at least 1 or 2 months ahead, the more the better.
  • Be sure to put flexible dates, that way  you check which one is cheaper.

Some feedback about flights from airlines departing from Managua (Aeropuerto Augusto Cesar Sandino – MGA):

United

 

  • Their route is Managua to Houston (MGA-IAH).
  • Flight duration is about 3 hours.
  • Snack included; breakfast, lunch or dinner available for purchase only.
  • Movies and TV available for purchase.

 

American Airlines

  • They have two routes: Managua to Miami (MGA-MIA) & Managua to Fort Worth (MGA-DFW).
  • MGA-MIA duration is 2:30 hours. MGA-DFW is 4 hours.
  • Snack included; breakfast, lunch or dinner available for purchase only.

Delta

  • Their route is Managua to Atlanta (MGA-ATL).
  • Flight duration is 4 hours.
  • Snack included; breakfast, lunch or dinner available for purchase only.

Avianca

  • Their route is also Managua to Miami (MGA-MIA) – but it can also be Managua to El Salvador to Miami (MGA – SAL – MIA).
  • MGA-MIA duration is 2:30 hours.
  • Includes breakfast, lunch or dinner depending on the time.
  • Movies and TV available for FREE with headsets.

Car Rentals

Once you got the tickets purchase, next step was to get a car. I searched on Yelp  for reviews, and I found a winner: Family Rent a Car – all the others Sixt, EZ Rent A car had awful reviews.

However we had to make sure that we had a car, so after some research on the big brand rent a cars like Budget, Dollar, Enterprise; I signed up with Alamo. They a membership program called Alamo Insiders. A few days after signing in, I received a coupon on my email for a FREE upgrade. Upon comparing with Family’s quote. I was saving USD 60 with the coupon, so I kept Alamo.

Upon arriving to the Miami Airport, you look for the Miami Mover (a train on the airport) that will take you to the Rental Car Center, which is a building outside the airport. Then you go to the counter and you can either go to the self serve station or talk to a clerk.

Some tips:

  • Pay full price with a credit card. The credit card includes an insurance so you can reject the rental car insurance and all the other charges that they ask.
  • They will put a USD 200 charge for deposit on your card. The amount gets reimbursed once you return the car back.
  • Tolls, tolls & SunPass. In Florida, you pay tolls everywhere!  So Alamo cars have a SunPass program where they charge the car and then they debit the total tolls charge to your credit card. That way you do not have to pay cash. Simply go thru any SunPass toll at the speed specified and you will be good to go.
  • Gas is cheaper in Florida than Nicaragua, enjoy that!
  • Nicaraguan credit cards are not accepted on most Gas Pumps on Gas Stations, so you will always need to go to the clerk and prepay your gas. Be sure to specify the pump number.
  • Miami to Orlando via the TurnPike highway is about 3 hours.
  • Orlando to Tampa is about 2.5 hours.
  • Tampa to Miami is about 5 hours.

Hotels

This was the most exhausting task of all the rest. We did the reservation 3 times and we used trivago.com, expedia.com and booking.com – we cancel with expedia and then moved to booking because of a lower rate and another FREE UPGRADE.

Be sure to pay directly on the website to get a lower rate instead of paying at the hotel to get the lowest rate possible.

Phone, GPS & Internet

Since I do not own an unlocked phone, I took my Movistar phone and made use of the Roaming Sin Fronteras program which charges you USD 5 per day for internet. So with Internet on my phone and Waze. I was all set. As soon as we got the car, I launched Waze and put the address where we were going and a couple of minutes later we where there. Simple. I drove over 700 miles using Waze in Florida and it went awesome!

It was very very cool. And cheap by the way. I hope some of my tips work for you and if you have any tips for me, be sure to let me know so I can use it on the future!

 

My Credomatic credit card was cloned — June 11, 2016

My Credomatic credit card was cloned


Yes, I went to California back in May for work, and a couple of days after I came back to Nicaragua, I received a call from BAC Credomatic, the guy who called me identified himself as part of their Security group. It was odd why was my credit card issuer’s security department calling me ?

He asked me if I was aware of some charges done to my card in Russia (I mentally shouted WHAAAT?????), I denied any charge and he informed be about  4 charges of which they only approved one for about USD 250 (ouch!). But that for security purposes they blocked the other 3 because I have never reported traveling to Russia, nor made any purchase there, EVER!

The representative informed me that the credit card was disabled and that they would issue a new one and send it to me in no more than 3 business days. It was Friday, so that meant that I would have the new card with me on Wednesday, which honestly was fine for me.

The very next dat, a Saturday, I went as requested to the nearest branch of BAC, and went to Customer Service and explained my case, the representative, filled out a form, printed it and then had me sign it. I was informed that in 45 days, I should have my money back (I mentally shouted YES!!!).

I honestly expected further bureaucracy, but was relieved that it wasn’t the case. I have another good reason why keep using BAC!

Please note that I do not have any special insurance, since as per VISA/MASTERCARD/AMEX you do have 90 days to put a claim about a purchase you have not performed and they investigate and usually credit the money back to you. Unfortunately the business where the purchase was made will get a charge back on his statement, which is basically their merchant removing that amount of money plus a penalty which varies depending on the merchant.

Thank you VISA & BAC Credomatic, you have a happy customer 🙂

Alternative to PayPal in Nicaragua: Costa Rica — March 10, 2016

Alternative to PayPal in Nicaragua: Costa Rica


After an overwhelming traffic to my previous post 2 Alternatives to Paypal in Nicaragua, I was asked to expand my comments on each case, so today I am bringing you more information about using Paypal in Nicaragua, and yes its thru our southern neighbor country, Costa Rica.

As many of you already know, we can receive payments but we can’t cash them out locally. So after research online and conversations with many friends, such as Hosmel Quintana, an awesome Nicaraguan Developer working on UpWork and making a living.

So let’s now get straight to the point. The how-to begins now.

How this works?

Simple, Paypal works in Costa Rica, for both making and receiving payments and cashing them out. But there is a trick, it ONLY works with Banco Nacional but you will be able to transfer your money from Paypal to your Savings Account, which is what we want access to our money!!!

What do you need?

  1. Go to Costa Rica with a valid passport.
  2. Go to any branch of Banco Nacional.
  3. Open a Savings account with your passport. Do not explicitly state that you only want it for Paypal.
  4. Be sure to get the token that they give you to access BN Internet Banking, you will need it afterwards when enabling Paypal.
  5. Once your account is activated. You would need to open a new Paypal account and provide address of Costa Rica. You can look online and even  use any address listed here. You can check out this guide for step by step guidance.
  6. Once your costa rican Paypal account is activated, you would need to link the bank account using the information of your Savings Account from Banco Nacional. Upon activation it will ask you for the token, which you will use to finish the setup.
  7. You are done!

Restrictions and warnings: its not that simple

  1. You can NOT transfer from Paypal to Banco Nacional USD999 or more. This will raise red flags and would probably be forced to legally open a business in Costa Rica pay all the according taxes.
  2. If you want to cash out USD1,000 or more you would have to legally open a company, and open a business account with them. You would have a limit of USD10,000 per transaction and USD50,000 per day. That is a LOT if you ask me. These are the requirements for the business account. 
  3. You need to use an email that was not previously activated on Paypal. Be sure to follow the proper instructions listed here.
  4. The commissions, the ugly part, are these:
    1. Banco Nacional will charge you 0.5% if its more than USD 2,200.
    2. Banco Nacional will charge you USD 11 if its less than USD 2,200.

Getting the cash: How to transfer from Paypal to Banco Nacional?

  1. Login to your BN Internet Banking with your username and password.
  2. Once inside, look for PAGOS and then select PAYPAL.
  3. On the left menu, you should see the following option: Retirar fondos de cuenta PayPal. Click there.
  4. You will then have to type the number that was generated on your Token.
  5. Banco Nacional will now list the terms and conditions, which you have to accept if you want to continue.
  6. You will then select the Paypal account to which you want to perform the transfer to.
  7. Next step is to define how much money you want to transfer.
  8. Then you will have to confirm the transaction. Be sure to review the amount.
  9. Once confirmed, the transfer takes up to 5 business days to hit your account.
  10. After 5 days you should have your money ready. Awesome!

Conclusion

Even though is not the best option, it’s an option if you want to be able to cash out your Paypal funds on any ATM. I am still not sure about the specific ATM withdrawals fee, but that is something I am working on currently. If any one has already done it, I would appreciate you share the fees so I can include them here, and give you the proper credits on this article as well.

Thanks for reading and feel free to contact me for questions or suggestions. Jokes are welcomed too!

%d bloggers like this: