November Project – WordPress Security Plugin

Last month I mentioned that to help me develop further as a programmer and to be motivated that I would be working on a new project every month.

In October I decided to create a Crossword creation script that has now been completed (with some bugs still so still stuff to do). I have posted the outcome on a public BitBucket Repository. Feel free to download and play with the script. I have created some bugs and feature enhancement requests myself so there is stuff to work on.

Now for the plans for November. Continue reading “November Project – WordPress Security Plugin”

Developing And Monthly Projects.

As many people know it can be very easy to make plans however harder to action them. I seem to be very good at procrastination and less so of removing things from my to do list.

To help me focus and get into the swing of programming I have decided that I need to set myself proper tasks with a set time for completion. To make sure that I carry through I am also going to be posting updates on my blog.

The plan is to start a new project on the 1st of every month, once the end of the month arrives I should have a project that I can then release. This does not necessarily mean the product will be perfect but in a state that I am happy to show others and essentially gives me something to build upon in future. Some of these may remain proof of concepts therefore will never be in a finalised state.

I have now set myself a bucket list, over time I will mark off those that are completed and add new tasks and projects to the list.

For my first month I am working on a simple Crossword Maker. This will not necessarily be something that will result in a finalised project but aims at getting me back into the swing of programming again.

The requirements of this are quite simple. For creating the crossword we have:

  1. User decides on the grid size for the crossword and this is output to the browser
  2. User can select which boxes are blank.
  3. User enters the answers into the crossword
  4. Script automatically creates numbered clue placeholders
  5. User can specify the question
  6. javascript submits the structure of the crossword to a PHP script
  7. Potential to have a script automatically generate the crossword with specified answers so that the creator doesn’t have to crate the layout.

For allowing people to complete the crossword:

  1. Script fetches the structure from the server and outputs this
  2. User manually enters the answers into the crossword grid
  3. If a user clicks on a clue when the user starts to enter the answer it automatically puts the letters into the correct locations.
  4. User can click on a button to check the solutions, the javascript submits the answers to the server and this specifies either correct or incorrect.
  5. Another potential would be to have a cheat option that fills in a letter for a chosen clue.

 

What do you guys think? How do you keep yourself motivated and staying on task? How about suggestions for projects?

Cancelling Apple Music

Like many as soon as the Apple music service started I immediately jumped on to the trial.

If you did the same please remember that the trial will end on the 30th of September. I have not utilised the service so it would be a waste to actually continue the service. Continue reading “Cancelling Apple Music”

Usability Over Security And Reliability

As developers we can face some difficult choices. Do we make life easier for the user or do we err on the side of security which can detract from the usability of our applications?

Make Use Of recently ran an article that highlights issues caused when usability is given too high a priority over reliability and security.

The article explains that the twitter account of Roger Ebert recently started to post after a long period of quiet. The problem? Roger Ebert died 2 years ago.

Clearly Roger Ebert had not been posting himself. It was thought that his wife had started to post as she retweets using the account at times (why???) but this soon became clear that this was not the case. Make Use Of appears to have come to a good conclusion  as to the cause. Roger Elbert appears to have posted Twitter updates using SMS. As Roger no longer has an active phone the number had been recycled and given to another customer in the meantime. As the phone number had been registered for Twitter this remains in place. The new owner can now post as Roger.

Now is this an issue for Twitter or the cellular network. In an ideal world there would be no need to recycle numbers but of course there are a limited number available and inevitably these do have to get reused. Therefore such issues fall upon us as developers (in this case Twitter) to make sure that we consider the failure points of our features and how we can overcome issues.

In Twitters case it would seem that once validated a mobile number can be used with impunity to post with no consideration of this being passed onto someone else. This could easily be overcome. For example for the end-user to have to verify the number on a periodic basis, if an app on the mobile device is also used maybe the app could do this on behalf of the user if they are logged in. This may not stop all occurrences of such issues but will help reduce this greatly. Not only this, but it would give the new owner of the number an easy way to opt out and stop receiving nuisance communications etc.

This issue is not restricted to mobile numbers. 2 years ago Yahoo announced that they would be freeing up dormant email accounts. An account was considered dormant if the user had not logged in to Yahoo for over a set time period. I do not disagree with Yahoo’s decision in doing so however this poses a problem for service providers. Consider the things we do over email. For example if you reset a password on most services you simply require access to the email account in question. This might be easy to use but how secure is it? Also consider some of the private information that we may send over email. Would we or the user be happy if such information was given to other people?

Any thoughts? Let me know.

Opening A Dos Prompt In Windows

Opening a dos prompt in Windows is a fairly trivial task however the process has changed over the years.

Windows 98

  1. Click on the circular start menu icon.
  2. Click on run.
  3. Enter ‘cmd’ into the new window that appears.
  4. Press enter.

Windows XP

  1. Click on the circular start menu icon.
  2. Click on run.
  3. Enter ‘cmd’ into the new window that appears.
  4. Press enter.

Windows Vista

  1. Click on the circular start menu icon.
  2. Type ‘cmd’ into the start search box in the menu that appears.
  3. Press enter.

Windows 7

  1. Click on the circular start menu icon.
  2. Type ‘cmd’ into the start search box in the menu that appears.
  3. Press enter.

Windows 8.1

  1. Press the start menu icon (shows as a white Microsoft Windows flag.
  2. Type ‘cmd’. This will automatically open the search dialogue with results showing on the right.
  3. Press enter or click on the result that shows ‘cmd.exe’.

Windows 10

  1. Type ‘cmd’ into the search box at the bottom of the screen.
  2. Press enter.

If All Else Fails

If you have been unable to use any of the above methods to open the dos prompt the following steps usually work:

  1. Press ‘r’ while holding down the windows button (the button with the windows flag on the keyboard).
  2. In the new box that should appear type ‘cmd’.
  3. Press enter.

By following the instructions above you will be presented with a screen that looks like:

DOS Prompt
DOS Prompt

Grub not showing O/S

Recently I setup an old PC to act as a test server to mimic a server I have for production. I decided I would like it to dual boot into Kali as well.

The installation went well however after the install finished on CentOS 7 would show in Grub. The Kali installation did not show any problems at all.

For anyone having similar issues after some research I was able to resolve the issue by completing the following command within CentOS:

grub2-mkconfig -o /boot/grub2/grub2.cfg

After running the command it should be clear immediately if this has worked as it will list the operating systems that it finds.

Hopefully this should save someone some time if they come across the same issue.

Games To Swap (Steam and Origin)

Over the last year or 2 I have bought a few Humble Bundles. This has resulted in me having a fair few keys for games I already own.

If there are any games that interest you I am open to swap offers.

Steam

  • A Golden Wake
  • Aura: Fate of the Ages
  • Broken Sword 1: Shadow of the Templars – The Director’s Cut
  • Broken Sword 2: The Smoking Mirror
  • Cities in Motion 2
  • Cognition: An Erica Reed Thriller: GOTY
  • Deus Ex: Human Revolution – Director’s Cut
  • Hitman 2: Silent Assassin
  • Hitman: Absolution
  • Hitman: Blood Money
  • Hitman: Codename 47
  • Lara Croft and the Guardian of Light
  • Lunar Flight
  • Sid Meier’s Civilization V
  • The Detail Episode 1 – Where the Dead Lie
  • The Whispered World Special Edition

Origin

  • The Sims 3 High End Loft Stuff Key
  • The Sims 3 Key
  • The Sims 3 Late Night Key

The 2 Faces Of Google

Google has recently joined a consortium of companies and individuals in calling for reform with the Patriot Act over in the US. Google argues that the mass collection of data should be limited. I whole heartedly agree with this however what does stick in the throat somewhat is the fact that Google seem to believe that they are entitled to carry out their own surveillance on people through nefarious means.

Recently Google had appealed a decision against the right for European people to have the right to sue them over the fact that they had collected data bypassing the security settings within the Safari browser (commonly used on Macs, iPhones and iPads). According to the article on the BBC Google’s 2 principal arguments against the right to sue were as follows.

  1. No financial loss caused by the privacy breach can be proven by any affected people.
  2. Google is a US company and should not be sued in the UK.

I find it quite ironic that Google would like to be seen as a company championing the rights of the people however flagrantly disregarding the rights of the consumer.

This is not the first time that Google has been embroiled in privacy breaches. In 2010 Google had been found collecting data from unsecured wi-fi while capturing street view images. It was also found that they had also not deleted the data once found as they had promised to do so. In this case not only did Google “accidentally” capture the data but they also “accidentally” kept some of the data. Appears Google are quite clumsy.

As things stand at present we are the product Google sells, be it to webmaster’s or advertisers the data about what we do, the pages we visit and what we buy is invaluable to them. While this model continues Google will have little regard for privacy.

This of course is not an issue limited to Google. Many other companies such as Facebook have a similar disregard to privacy.

Interested In Security And Running WordPress?

WordPress is currently (and has been for a long time) 1 of the most popular tools for creating blogs and web sites on the internet. Due to the level of popularity that WordPress has gained it has been a target for hackers looking to deface the website, send spam or make the site a part of a bot net (and of course many other things).

The attackers use vulnerabilities that are found in the core code, plugins and yes even themes.

There are many plugins that try to help mitigate the risks but they are fighting a lost cause and really cannot combat all vulnerabilities. Continue reading “Interested In Security And Running WordPress?”

Java Revocated SSL Certificate?

Recently there have been many SSL certificates revocated due to the heartbleed issue. Yesterday, for the first time, I came across a warning advising the information for a certificate was not available. Once reading and accepting the revocation I continued on my merry way.

Today however I received another revocation notice when using the java updater.

Revocated Java Certificate

Has Java forgotten to remove a revocated certificate from their servers?

Interestingly I had carried out a search simply for sjremetrics.java.com (the certificate was created for this URL) and lo and behold the very first response was for a post on the Oracle Forum which detailed Java having exactly the same issue back in 2010.

Side note. On looking at the details of the SSL certificate I see that it was issues on 17th September 2013 and was due to expire on the 17th November 2014. A 14 month certificate? I did not know that was possible. Or was it revoked in 2013 as well?

P.S.

I have tried to submit a bug for this issue however Oracle’s bug reporting process is atrocious.

I have received an email stating that the report “will be evaluated”.  Don’t think I will bother next time.