Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Comment: Re:Already patched (Score 2) 89

by _merlin (#49567189) Attached to: New Zero Day Disclosed In WordPress Core Engine

It only applies security updates automatically if the user the PHP scripts run as has write access to the WordPress directory. I never allow that. I'd rather have the security of knowing a WordPress exploit can't modify the WordPress installation than the convenience of updates through the web UI.

This latest exploit also depends on a logged in administrator viewing the malicious comments to do the really nasty stuff. This is another very good reason to only ever log in as an administrator when you absolutely must. Use a non-admin user for writing content and moderating comments.

Comment: Really crappy article (Score 5, Informative) 28

by _merlin (#49525769) Attached to: How False Color Astronomy Works

I know I should've expected it given it's on medium, and it's been submitted to /. by its own author, but that's a really bad article. It's full of irrelevant details, stupid comparisons and misleading crap. I understand the concept of "science evangelism" but could you please do it without acting like a total buffoon?

Comment: Re:Poor Design... (Score 1) 73

by _merlin (#49525739) Attached to: Networking Library Bug Breaks HTTPS In ~1,500 iOS Apps

This is where the world is going with per-application library installations on Windows, things like Docker on Linux and application bundles containing libraries/frameworks on OSX. It guarantees that you don't get unexpected application breakage on a library update, but in means a library update requires work for every application using it.

Comment: Re:How about basic security? (Score 1) 390

by _merlin (#49515989) Attached to: Why the Journey To IPv6 Is Still the Road Less Traveled

Yeah, my ISP gives me a static /56 and a dynamic /64, so that's a lot of space to scan. My Windows boxes randomise addresses for outgoing connections, so you can't trivially get addresses to scan by sniffing egress traffic. And on top of that my router acts as a firewall and only allows incoming connections on whitelisted address/port combinations.

Comment: Re:NameCheap (Score 1) 295

by _merlin (#49281415) Attached to: Ask Slashdot: Advice For Domain Name Registration?

Haha very funny. Just one problem: none of my spam actually has anything to do with that. Most of it has something to do with HARP, energy independence, diabetes, saving on mortgages and losing weight. I assume these are things Americans worry about.

Seriously though, I will be doing business in China and need Chinese domain names. I honestly don't know who a reputable .cn registrar is. Hosting isn't a problem.

If God had a beard, he'd be a UNIX programmer.

Working...