Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Trust the World's Fastest VPN with Your Internet Security & Freedom - A Lifetime Subscription of PureVPN at 88% off. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. ×

Comment Finally, something to do (Score 3, Interesting) 39

Something for people watching American football to do in between the vast amounts of waiting to see people actually playing football.

Apparently the latest Superbowl had only 16 minutes of the ball being in play.

I used to enjoy watching the game - and I see this as an Australian who never grew up watching it. I am not sure if I just finally lost patience with the downtime or if it actually changed and they started ad-stuffing like crazy.

Comment Blame (Score 4, Insightful) 17

Article is a bit weird - he says "there are many different URLs attackers can use to carry out the same attack", like this somehow wasn't a direct result of them not updating WordPress to the latest version after the most recent exploit was announced.

WordPress is low hanging fruit for attackers because of its vast install base; if you use it for anything that you care about you need to be totally vigilant because the 0dayz will be in the hands of everyone immediately.

I also like how he tries to deflect blame from WordPress with a nice general statement, when the real blame should be on whoever was responsible for installing it and maintaining it in the first place :)

You almost have to go out of your way to stop WordPress from auto-updating itself these days; whoever configured it probably thought they were being clever or more secure by, say, setting the file system permissions to read only. That seems like a good idea (& is mentioned in WordPress hardening guides), but unfortunately it will generally block the auto-update from working.

I would say that you're definitely more at risk from an out-of-date WP install than you are with a writeable filesystem (subject to how many plugins you're running, themes, etc). (Requiring a web-process writeable filesystem for WordPress is arguably one of its scariest requirements even though it enables a large amount of functionality.)

Overall though, I'd say this is a fairly typical worst-case scenario for a lot of people running WP in this kind of capacity. Your blog gets hacked, you serve malware or spam or look stupid for a bit, but (as long as your blog isn't where your core data is, and of course it isn't because you're not crazy, right!) you just restore from backup, update, and you're back on track.

Comment Re:I almost believed in WordPress (Score 2) 119

I subcontract with marketing companies so I work with some aspect of WordPress development on a daily basis.

Doing agency work in the last few years I know my colleagues struggled with the process of managing WordPress within source control. If we built a website for someone based in WordPress we'd deploy it - but then if the customer upgraded it or installed a theme or something it would instantly be out of wack with what was in source control.

Managing the site in source control from there was a bit of a pain as you'd have to download the new version, add new files, commit differences, etc - every time there was a WordPress update.

I would not be surprised if a lot of the compromised sites were in this situation - deployed by agencies who said to their clients "don't worry, we'll keep it up-to-date for you" and deployed from source control without thinking about how to maintain it, and then giving up when they realised it meant regular updates to their dev copy - thus losing all the security advantages of WP's self-updating feature. Or giving up when their clients modified their own site extensively thus making it a real nightmare to merge.

I'm sure there are many good ways of managing this process. WordPress being the "cheap" alternative means a lot of people are getting what they pay for.

Comment WP auto-patching should have mitigated this better (Score 2) 119

So I have five separate personal WordPress sites for testing/hacking/tinkering and casually look after one for a friend. Every single one of mine updated on the day the patch for this problem was fixed.

I got email notifications from each of my sites notifying me they were updated before I heard about the problem. I read the WP blog post about it and thought "shit, that would have been a huge problem if my sites hadn't auto-updated!" and forgot about it completely.

(Incidentally, the next night I had a much, much higher than normal number of brute force login attempts. Not sure if related.)

I'd be very interested to find out why these 1.5m sites did not automatically update. I wonder if they're being manually updated or what the deal is. But if auto-patching worked as it was supposed to this vulnerability would have been mitigated much more quickly.

Comment Re:If you're going to deregulate, go all in (Score 1) 292

I am an Australia so don't quite get how this works. But what power does the FCC have to enforce commercial restrictions at a state level?

I understand states' rights are a Big Deal for Americans (I lived in Ohio for two years and learned that the USA is really more of a union of states, rather than one country - just like in the name!).

I know the FCC has broad federal powers but does it have the power to step into a state and break up a state-or-city-based commercial broadband monopoly? If you're a big believer in the right of your state to make its own decision, presumably you'd object to the FCC coming in and doing this.

But without it you're never going to get a fair playing field for broadband and - as I think we see already - consumers suffer while large corporations profit. How is that resolvable without granting the federal government more power over states? Or am I misunderstanding how the FCC can operate?

Comment Re:US degraded from full democracy in 2016 ?!?! (Score 1) 277

I was going to mod your down for "typical leftist" but instead I'll be optimistic.

I get most of my insight about American politics from Slashdot as it's one of the few places I read with comments that I can stand.

In most political posts this kind of expression is really common - something is "typically right" or "typically left". But the examples are always completely fucking identical! I've lost count of the number of times that I've read here comments like "typical Republican blah blah - you're complaining about Obama and forgetting that it's the result of Bush policies".

I don't disagree that blaming Trump for Obama stuff is wrong. Blaming him for basically anything except the last week of horrors is wrong. But when you guys sit around saying "typical leftist" and "typical right wing" it is completely fucking bemusing to those of us sitting on the wings seeing the exact same behaviour from both sides.

Comment Re:Or just do this. (Score 1) 152

Certification means jack shit in this day and age.

I don't know how true that is as a general statement - maybe more so in the US than elsewhere? But I've spent most of my life in Australia where the regulations seem to have kept most bad hardware out of the way of most consumers. We have pretty strong consumer protection laws so unless you're literally buying shit off ebay in China and importing it directly you can buy most stuff pretty safely.

I'm in the UK now and it seems reasonably similar here, but I spent two years in the midwest and also didn't have any problems.

One thing I'd note though - my time in the midwest I definitely came across more of the mindset that "oh we don't need them regulations, we should just have a free market and fuck those clowns in DC trying to tell us what we can and can't do".

That mindset I think lasts precisely up until the point that you destroy your thousand dollar smartphone with a $2 shitware charger, and then it switches to "there ought to be a law".

I guess my point is: it's dead easy for me to imagine that in the US certifications have been watered down as a result of this kind of thinking. But it's just another example of regulation that, in my mind, is incredibly beneficial to the citizens and completely worth it. It's nice to know that you can buy electrical equipment and it won't destroy your other stuff - or kill you.

Comment Re:In Trump America (Score 4, Informative) 115

Wow. I was curious to see if I could find a copy of this poster so did a quick search.

I couldn't find the poster searching for "western union nigeria poster", but this link - titled "Send money to Nigeria" - is totally lacking any kind of warning. Maybe Nigerian spam has petered out a bit recently but it still seems like there should be at least a warning in the footnotes!

Comment Re:USE THIS (Score 1) 145

I nearly didn't bother looking at this because you didn't include "open source" in its list of features (given how fucked so many PDF readers are in terms of security - and by that of course I mean Acrobat Reader - this is an important issue for me).

But, it turns out it is actually open source: https://github.com/sumatrapdfr... (GPLv3).

Slashdot Top Deals

You know you've been spending too much time on the computer when your friend misdates a check, and you suggest adding a "++" to fix it.

Working...