Forgot your password?
typodupeerror

Comment: Re:Saw what he wanted to see. (Score 1) 1110

by dgrotto (#42359611) Attached to: 30 Days Is Too Long: Animated Rant About Windows 8

Small offtopic nit to pick: it's the IT department's job to teach you how to use a computer? Is computer use not a standard job requirement for most posts?

Coming from a very broken organization that had this very attitude ("Excel training is IT's job!"), I pity the poor schleps in IT. I'm very glad I moved to dev.

That isn't to say that there's no middle ground here. The IT department should be able to force this usage video to run once after the imaging, unless M$ has disallowed this. Beyond that, if training is needed, it should be rolled into the project plan for rolling out a new OS and be handled by a training department or outsourced training program.

Comment: Tools for Saving Do Not Equate to Saving (Score 2) 320

by dgrotto (#39749381) Attached to: Technology Makes It Harder To Save Money

I also view tech saving tools as a hindrance to saving. I've tried a lot: Quicken, Money, Mint, the venerable Pear Budget, etc. All tools that allow you to grok where your money is going, but provide little incentive or mechanisms to curb spending. We collect all this great data and then say "huh..." and shrug our shoulders.

My parents always had a drawer in the clothes dresser that had the "house money" in it for the month. Once that cash was depleted, there was no more money for the house, period. This was real incentive to spend wisely and to see how much money was left. If there is a technology that can easily enable this "cash envelope" system, I am not aware of it.

Comment: For Newbs: Steps to Fix (Score 5, Informative) 104

by dgrotto (#39276675) Attached to: 30K WordPress Blogs Infected With the Latest Malware Scam

Most of my WP installs were infected because I am a slack ass. Here are the high level steps I took to solve the problem:

  • 1) Backup sites.
  • 2) Fix all world-writable directories in your WP install (what the hell WP?!). This seems to be the primary vector for getting in.
  • 3) Clean up infected PHP files with this script from php-beginners.com. Thank you Paolo.
  • 4) Inspect all .htaccess configs for errant redirects and fix.
  • 5) Install and run the timthumb vulnerability scanner. Possible secondary vector. Thank you Peter Butler!
  • 6) Update your WP install to latest and greatest.
  • 7) Remove any unused plugins and themes.
  • 8) Backup sites.

I may be missing something - again, I'm a slackass. Anyone else have other advice for our admin-challenged friends besides "get a real software package"?

By the way, I was trying to lock down one of my WP installs to only allow authed users access to posts. However, WP does not put the assets for post - usually in wp-content/uploads - behind the auth wall. It's just out there for the whole world to see. It was a simple fix to rewrite the .htaccess config for this directory to redirect to an auth script, but still it still shocks me how insecure this app is.

+ - Major Outage at DreamHost-> 1

Submitted by dgrotto
dgrotto (2588895) writes "Following the trend from last year, DreamHost is suffering from what they describe as "connectivity issues to some of our datacenters". What I find interesting is that all of my WordPress installations on DH are compromised (BASE64 encoded binary in all PHP files). Is this a symptom of the "connectivity issues" or a result?"
Link to Original Source

The more cordial the buyer's secretary, the greater the odds that the competition already has the order.

Working...