Microsoft rushed out an out-of-band patch, MS15-078, to deal with active exploits in their font driver yesterday. Since pushing out patches takes time, my boss asked me what we could do to mitigate the issue in the meantime.
The biggest threat, by far, is exploit-bearing fonts being downloaded from web sites. Ideally you only install trusted fonts from trusted sources locally on your workstations, right? If not, I suggest you start that practice as well.
You have a couple of options when it comes to blocking fonts in browsers.
Continue reading How to mitigate MS15-078 or future Microsoft font driver vulnerabilities
The Register has a nice writeup on performance SSDs. The only problem is that performance is really a matter of diminishing returns, and The Reg didn’t report on random I/O.
Continue reading What to look for in a performance SSD
I found a story earlier this year about Vox’s decision to dust off, slightly update, and re-run old content as new.
The practice happens a lot more often than anyone realizes in the print world, especially magazines, and as Gigaom says, there are implications when doing this. The questions got me thinking, and in the case of blogging, I think there’s something to learn but the practice is probably unnecessary. Continue reading Vox dusts off old content, should the rest of us?
I’ve read a few things here and there about Waze, a crowdsourced GPS that runs on smartphones, including those that run Android, Apple, and Windows. Its premise is simple: Based on how traffic is moving, it figures out the fastest way to get where you want to go. It adds intelligence to the GPS.
The trade-off, of course, is that it’s tracking you too. The data is anonymized, they promise, but it’s up to you to decide whether it’s a showstopper.
Continue reading Meet Waze, the crowdsourced GPS
I wasn’t surprised people were trying to hack my blog. What surprised me were how many people were trying to hack my blog–there was a time when I probably had more hacking-related traffic than I had reader-related traffic.
If you have a WordPress blog, you’re probably in a similar situation.
Continue reading Why someone would hack a WordPress account
In many security job interviews, the interviewer will ask about cross-site scripting, also known as XSS. Most descriptions of it are overly complex, however. The best description of it that I’ve ever heard is just five words long: Code execution in the browser.
That succinctly sums up the problem: You don’t want someone to be able to inject their code into your site.
Continue reading What cross-site scripting is and how to recognize it
I got the white screen again last week, but it was odd—it only happened if I tried to edit posts that were in draft or scheduled status. Already-published content would edit fine.
Clearing my cache helped temporarily, but the problem would come back as soon as I saved a post. I ended up doing two other things as well, and then the problem went away. I emptied my spam, which also greatly sped up the site, and I also deleted a mobile plugin that I was no longer using but was disabled. Disabled plugins can still affect behavior sometimes. Continue reading Fixing white screens when editing posts in draft in WordPress
Guy Wright’s piece titled Internet Security: We were worried about the wrong things is a bit old but it’s an important point. Security is a moving target. It’s always a moving target.
I disagree, however, with the assertion that SSL (and its successor, TLS) were a waste of time.
Continue reading Worried about the wrong things? It’s always the wrong thing.
I took some steps this weekend to make the site more mobile-friendly. I get a lot of traffic from tablets and phones, so I figure the better their experience, the more likely they are to stay around.
First, I switched to a 2-column format. On small screens, two columns display better than three.
Next I installed a plugin called definitely-allow-mobile-zooming. This forces your page to allow zooming on mobile devices, since some CSS disallows it. On some devices my page worked fine without it, but Google’s tools flagged me as mobile-unfriendly until I installed it.
Google is going to start tweaking search results based on whether the searcher is on a desktop or a mobile device and favor sites that render well under the searcher’s conditions, so these adjustments are worth making if you value search engine traffic.
The new owners of what’s left of Radio Shack want to specialize in batteries. Although this isn’t a guaranteed survival plan, it makes sense to me.
Last week, I went to one of the few remaining Radio Shack locations to get some overpriced diodes and D-sub connectors for a project. My oldest son tagged along. He asked about the store. I tried to describe it, and finally I said, “It’s kind of like Batteries Plus would be if it sold electronic parts too. And phones.”
Continue reading Fare thee well, Radio Shack. Hello, Battery Shack!