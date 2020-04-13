Security Leftovers
We all know how important it is to keep WordPress sites updated. New updates provide the latest bug and security fixes against any nasties lurking on the web. But, more critically, an outdated site can also lead to poor performance, such as slow loading speed or an outdated look and feel.
Unfortunately, keeping your WordPress site up-to-date is not as easy as clicking a button. There are several components to consider, from theme to plugins to PHP. Even worse, updating too quickly can wreak another kind of havoc. Have you ever experienced the dreaded, "There has been a critical error on your website" warning after an innocent little update? I know I have, many times!
Here is a practical guide on what to look out for, as well as when and what to update, to ensure your WordPress site works well.
During lockdown I’ve been helping friends and neighbors get set up for remote work or just remote calls. If someone is in a bind they use what they have in front of them, or what they’ve been told to use, so it’s been an interesting step back into the world of disloyal devices and horrid software.
But even if your choices are limited, there is one basic step you can take to protect your privacy: create another account. Now is as good a time as any to say, “Oh yeah, I’ve got a new account now.”
Compartmentalization
Compartmentalization is a basic security technique. You make some boxes, say “Critical” and “Trivial”, you sort things into those boxes, and you treat the boxes with different degrees of care. You might already have a folder at home for financial statements or tax invoices. At the office, you might mark and store “Confidential” documents separately.
According to ESET, "The intent was to collect Windows credentials (username/NTLM hash) of visitors by exploiting an SMB feature and the file:// prefix....The targeted information was NOT the visitor's credentials to the compromised websites, but rather the visitor's own Windows credentials." ZDNet explains that "NTLM hashes can be cracked to obtain a cleartext version of a user's Windows password."
The second-largest hospital in the Czech Republic was hit by a massive cyberattack in the middle of the coronavirus outbreak. The incident happened on Friday night, which prompted the authorities to close down the entire IT network, majorly disrupting the operation in the facility – staff were told not to turn their computers back on. Patients who turned up at the hospital were diverted to other establishments while it is figured out how to make the systems running again.
The March 26 malware (malicious software) attack took down a number of functions at Meadville Medical Center from email to electronic medical records, the Meadville Tribune reported.
The Czech Republic warned international allies on Thursday of a imminent wave of disruptive cyberattacks against the country’s hospitals and other parts of its critical infrastructure.
The country’s NUKIB cybersecurity watchdog said the attacks, designed to damage or destroy victims’ computers, were expected in coming days. Two officials with knowledge of the matter said they could begin as soon as Friday.
The Czech advisory is the latest sign that, while the novel coronavirus has strained health care systems around the world, some malicious [attackers] are trying to exploit the additional vulnerability.
“This appears to be a serious and credible impending attack,” said Beau Woods, a cyber safety innovation fellow at the Atlantic Council. “Attacks against Central and Eastern European countries can be leading indicators of future attacks elsewhere. U.S. organizations would do well to take action now without waiting for adversaries to begin targeting them.”
Brno University Hospital is currently recovering capabilities, although it is not yet fully operational. For example, there are still no means of storing data, meaning that medics have to write and transfer their notes manually, which slows processes and potentially endangers lives.
According to the researchers, the campaign began with malicious emails sent from a spoofed address mimicking the World Health Organization (noreply@who[.]int) that were sent to a number of individuals associated with the healthcare organization that's actively involved in COVID-19 response efforts.
The email lures contained a rich text format (RTF) document named "20200323-sitrep-63-covid-19.doc," which, when opened, attempted to deliver EDA2 ransomware by exploiting a known buffer overflow vulnerability (CVE-2012-0158) in Microsoft's ListView / TreeView ActiveX controls in MSCOMCTL.OCX library.
All of this including various other security concerns that have been raised have made doubts creep into the minds of its users who are now scared of using the platform. Many have even shifted to using different apps like Skype, Hangouts and more. If you have shifted to using a different app and do not want to use Zoom anymore, here’s how you can remove it completely from your device.
Programming Leftovers
If you're new to the world of Linux administration and open source software, you've probably only just started scratching the surface of the power this new world offers. Eventually, however, you'll start mining deeper depths. When that fateful moment arrives, chances are you're going to need to use a regular expression or two.
[...]
What does that bit of cryptic nonsense mean? Well, it's actually not nonsense. The above regular expression searches for a string of characters (/^ marks the beginning of the string and $/ marks the end), between three and 16 characters, that includes lowercase letters, the numbers 0-9, or an underscore or hyphen.
Every regular expression has meaning and use. Although they might seem a bit complicated for new users, it's important to understand how they work.
Modern optimizing compilers are truly amazing. They have tons and tons of tricks to make even crappy code run incredibly fast. Faster than most people could write by hand. This has lead some people to claim that program optimization is something that can be left to compilers, as they seem to be a lot better at it. This usually sparks a reply from people on the other end of the spectrum that say that they can write faster code by hand than any compiler which makes compilers mostly worthless when performance actually matters.
In a way both of these viewpoints are correct. In another way they are both wrong. To see how, let's split this issue into two parts.
Once again I’m inventing terms for useful distinctions that programmers need to make and sometimes get confused about because they lack precise language.
The motivation today is some issues that came up while I was trying to refactor some data representations to reduce reposurgeon’s working set. I realized that there are no fewer than three different things we can mean by the “length” of a structure in a language like C, Go, or Rust – and no terms to distinguish these senses.
Before reading these definitions, you might to do a quick read through The Lost Art of Structure Packing.
The first definition is payload length. That is the sum of the lengths of all the data fields in the structure.
In Haskell (and many other functional languages) it's quite common for the implementation of a function to reference one less argument than the type signature declares:
g :: foo -> bar
g = length . reverse
Known as point-free style by proponents (and pointless style by opponents), the function definition is a list of other functions which are composed together to produce a composite requiring a single argument: the missing one.
Designing UI:s is hard and application software can't please everyone all the time!
This is true and, as a software developer of more than 20 years, I have a huge amount of respect for the complexity of UI design. I also happen to know that such complexity is not a valid excuse for willingly and knowingly breaking UI concepts that have been proven and working for, in some cases, more than four decades. In fact, a lot of the examples above introduce more complexity for the user to cope with. The intricacies of each application and window decoration must be learned separately and time and energy is spent by repeatedly parsing the differences.
lowdown is a Markdown translator producing HTML5, roff documents in the ms and man formats, and terminal output. The open source C source code has no dependencies.
The tools are documented in lowdown(1) and lowdown-diff(1), the language in lowdown(5), and the library interface in lowdown(3).
The survey data I’m referring to comes from a study conducted by the Eclipse Foundation about the adoption of commercial Internet of Things (IoT) technology. The aim of the study was to get a better understanding of the IoT industry landscape by identifying the requirements, priorities, and challenges faced by organizations deploying and using commercial IoT technologies. More than 350 respondents from multiple industries responded, with about a quarter of respondents coming from industrial production businesses.
"Social development environment" CodePen has unfurled support for Flutter, Google's open-source cross-platform framework for mobile and web.
CodePen is an online editor for HTML, CSS and JavaScript, intended for sharing design ideas, getting help with bugs, prototyping, or forming an online portfolio. A CodePen file is called a Pen, and is public by default. A Pen is limited to 1MB of code, but you can also create multi-file projects. Free users are limited to Pens, or one project with up to 10 files. Paying users get the option to mark their work as private, do collaborative editing, and eliminate ads. You can also use CodePen for deploying projects to production websites, though it is really optimised for demos and experiments.
Back in 2013, QNX might have been a good choice compared to Linux. Today, with Yocto and similar tools for developing embedded Linux systems, it feels like an odd choice to add a license cost to such a device. But no biggie. Back in the day this was not an unreasonable choice (and still isn’t for certain applications).
The Flash stuff. There were alternatives back in 2013, but sure, there were plenty of developers at hand and things like Qt QML was still probably a bit clunky (I can’t recall the state of it back then – it required OpenGL ES, which I guess was a big ask back then).
But the mix of techniques and tools. The on-board web servers. The complexity of a small system and the costs it brings to maintenance and testability. If this is the foundation for Harmony remotes and a platform that has been used for the better past of the past decade, I wonder if the added engineering costs for architecture the platform to be more optimized early on would not have paid off in lower maintenance costs, as well as lower hardware costs.
The Rust language focused Redox OS open-source operating system is now able to boot the AMD Ryzen Threadripper 3990X 64-core/128-thread processor and run with full multi-threading capabilities.
While one of the fundamentals of the Rust programming language is on offering safe concurrency, Redox OS itself had a multi-core issue until this week when it was sorted out by lead Redox OS developer (and System76 engineer) Jeremy Soller.
