It'll be interesting to see if the release of the Nintendo Switch recovers some of this loss. I'm not into Nintendo stuff but a bunch of friends have spoken very highly of it so far (or at least the new Zelda game). I can imagine if they get a bunch of sales in the next couple weeks, they can make a song and dance about it and it might have a strong upward effect on the price.
I watch all my media either a) on my desktop PC if it's something I don't care too much about, usually in a small Netflix window while I mess around elsewhere on the Internet or b) on my phone or laptop in bed/on the couch.
I sometimes miss having a nice big TV in the lounge room on the few occasions my partner & I want to watch something together. But it's also nice not having a TV being the centrepiece of our living room.
I kind of miss the ability to watch sport but it's a good excuse to go to a pub. A lot of sport I want to watch I'd need a subscription service for anyway, and fuck that noise.
Is there literally ANYONE using Slack that is under any impression that their conversations are private or secure? It's a web-based service that epitomises the phrase "the cloud is someone else's computer".
If you want private and/or secure conversations, use Signal, or Wire. Or shit, even Whatsapp is probably more secure.
No, not really. As long as it gets security updates and still works, why bother upgrading? I just replaced the battery in my iPhone and expect to get at least a couple more years out of it.
Anecdata: with every new iPhone release, a little less than half of my friends upgrade. The next release, the other almost half upgrade.
Most people I know are on a every-second-phone cycle that seems to suit them pretty well. There's a very small percentage (maybe 2-3 people) who always upgrade to have the latest one, and a slightly bigger group who stick with their phone until it dies.
Is it though? I'm not American but share the rest of the world's fascination with the crazy shit Trump says, but I don't follow him on Twitter or read everything he says - but even/I/ know he regularly refers to the NYTimes as "the failing NYTimes".
As he's the President of the United States, whether or not he's using the 140 character limit of Twitter to say things that are trivially provably false I think is extremely important. If the NYTimes is failing then Trump is saying a true thing.
If it's not failing, then he's making a statement as if it's a fact that is at best just completely unsubstantiated, and at worst a complete lie to push some other agenda. Given his position in the world, it's important to try to establish a baseline for how useful his word is.
Yeh, Aussie Rules and rugby are much more interesting!
I spent a year in the US when I was a kid - I lived in SF the year the 49ers won the Superbowl. So I had exposure to it at an early age and got caught up in the excitement of our American-living family & friends, which lasted for several years.
I stopped watching it for a while - mostly because of time differences and difficulty getting access to games. I moved to the US for two years recently and was looking forward to keeping up with it, especially while in a big college football town (Columbus OH). I went to one game and left at 3/4 time because I couldn't stand it any long; we were there for like 3 hours, it was something like 40-0, and just unwatchable. Atmosphere was amazing through with so many people.
In any case, as I said, I'm Australian and we have a totally different kind of football - Australian Rules - that we [of course] feel is superior in terms of action, physical ability and strategy.
But then we'll happily kick back for five days to watch cricket so YMMV.
Something for people watching American football to do in between the vast amounts of waiting to see people actually playing football.
Apparently the latest Superbowl had only 16 minutes of the ball being in play.
I used to enjoy watching the game - and I see this as an Australian who never grew up watching it. I am not sure if I just finally lost patience with the downtime or if it actually changed and they started ad-stuffing like crazy.
Article is a bit weird - he says "there are many different URLs attackers can use to carry out the same attack", like this somehow wasn't a direct result of them not updating WordPress to the latest version after the most recent exploit was announced.
WordPress is low hanging fruit for attackers because of its vast install base; if you use it for anything that you care about you need to be totally vigilant because the 0dayz will be in the hands of everyone immediately.
I also like how he tries to deflect blame from WordPress with a nice general statement, when the real blame should be on whoever was responsible for installing it and maintaining it in the first place:)
You almost have to go out of your way to stop WordPress from auto-updating itself these days; whoever configured it probably thought they were being clever or more secure by, say, setting the file system permissions to read only. That seems like a good idea (& is mentioned in WordPress hardening guides), but unfortunately it will generally block the auto-update from working.
I would say that you're definitely more at risk from an out-of-date WP install than you are with a writeable filesystem (subject to how many plugins you're running, themes, etc). (Requiring a web-process writeable filesystem for WordPress is arguably one of its scariest requirements even though it enables a large amount of functionality.)
Overall though, I'd say this is a fairly typical worst-case scenario for a lot of people running WP in this kind of capacity. Your blog gets hacked, you serve malware or spam or look stupid for a bit, but (as long as your blog isn't where your core data is, and of course it isn't because you're not crazy, right!) you just restore from backup, update, and you're back on track.
I subcontract with marketing companies so I work with some aspect of WordPress development on a daily basis.
Doing agency work in the last few years I know my colleagues struggled with the process of managing WordPress within source control. If we built a website for someone based in WordPress we'd deploy it - but then if the customer upgraded it or installed a theme or something it would instantly be out of wack with what was in source control.
Managing the site in source control from there was a bit of a pain as you'd have to download the new version, add new files, commit differences, etc - every time there was a WordPress update.
I would not be surprised if a lot of the compromised sites were in this situation - deployed by agencies who said to their clients "don't worry, we'll keep it up-to-date for you" and deployed from source control without thinking about how to maintain it, and then giving up when they realised it meant regular updates to their dev copy - thus losing all the security advantages of WP's self-updating feature. Or giving up when their clients modified their own site extensively thus making it a real nightmare to merge.
I'm sure there are many good ways of managing this process. WordPress being the "cheap" alternative means a lot of people are getting what they pay for.
So I have five separate personal WordPress sites for testing/hacking/tinkering and casually look after one for a friend. Every single one of mine updated on the day the patch for this problem was fixed.
I got email notifications from each of my sites notifying me they were updated before I heard about the problem. I read the WP blog post about it and thought "shit, that would have been a huge problem if my sites hadn't auto-updated!" and forgot about it completely.
(Incidentally, the next night I had a much, much higher than normal number of brute force login attempts. Not sure if related.)
I'd be very interested to find out why these 1.5m sites did not automatically update. I wonder if they're being manually updated or what the deal is. But if auto-patching worked as it was supposed to this vulnerability would have been mitigated much more quickly.
When Classic Theme Restorer stops working, I'm off to PaleMoon or something else. I've stuck with Firefox through thick and thin but I don't like the new interface, and losing access to it as well as a bunch of other plugins will be the last straw.
I am an Australia so don't quite get how this works. But what power does the FCC have to enforce commercial restrictions at a state level?
I understand states' rights are a Big Deal for Americans (I lived in Ohio for two years and learned that the USA is really more of a union of states, rather than one country - just like in the name!).
I know the FCC has broad federal powers but does it have the power to step into a state and break up a state-or-city-based commercial broadband monopoly? If you're a big believer in the right of your state to make its own decision, presumably you'd object to the FCC coming in and doing this.
But without it you're never going to get a fair playing field for broadband and - as I think we see already - consumers suffer while large corporations profit. How is that resolvable without granting the federal government more power over states? Or am I misunderstanding how the FCC can operate?
I was going to mod your down for "typical leftist" but instead I'll be optimistic.
I get most of my insight about American politics from Slashdot as it's one of the few places I read with comments that I can stand.
In most political posts this kind of expression is really common - something is "typically right" or "typically left". But the examples are always completely fucking identical! I've lost count of the number of times that I've read here comments like "typical Republican blah blah - you're complaining about Obama and forgetting that it's the result of Bush policies".
I don't disagree that blaming Trump for Obama stuff is wrong. Blaming him for basically anything except the last week of horrors is wrong. But when you guys sit around saying "typical leftist" and "typical right wing" it is completely fucking bemusing to those of us sitting on the wings seeing the exact same behaviour from both sides.
Certification means jack shit in this day and age.
I don't know how true that is as a general statement - maybe more so in the US than elsewhere? But I've spent most of my life in Australia where the regulations seem to have kept most bad hardware out of the way of most consumers. We have pretty strong consumer protection laws so unless you're literally buying shit off ebay in China and importing it directly you can buy most stuff pretty safely.
I'm in the UK now and it seems reasonably similar here, but I spent two years in the midwest and also didn't have any problems.
One thing I'd note though - my time in the midwest I definitely came across more of the mindset that "oh we don't need them regulations, we should just have a free market and fuck those clowns in DC trying to tell us what we can and can't do".
That mindset I think lasts precisely up until the point that you destroy your thousand dollar smartphone with a $2 shitware charger, and then it switches to "there ought to be a law".
I guess my point is: it's dead easy for me to imagine that in the US certifications have been watered down as a result of this kind of thinking. But it's just another example of regulation that, in my mind, is incredibly beneficial to the citizens and completely worth it. It's nice to know that you can buy electrical equipment and it won't destroy your other stuff - or kill you.
Wow. I was curious to see if I could find a copy of this poster so did a quick search.
I couldn't find the poster searching for "western union nigeria poster", but this link - titled "Send money to Nigeria" - is totally lacking any kind of warning. Maybe Nigerian spam has petered out a bit recently but it still seems like there should be at least a warning in the footnotes!
I nearly didn't bother looking at this because you didn't include "open source" in its list of features (given how fucked so many PDF readers are in terms of security - and by that of course I mean Acrobat Reader - this is an important issue for me).
My girlfriend (Android) and one of my flatemates (iPhone 6) both have bought bluetooth headphones in the last ~2 months. I think the kerfuffle about the iPhone 7 brought modern bluetooth headsets to their attention. They both (independently) bought the same brand, too.
Slashdot Mirror
My local car association in Australia also does this. I paid some trivial amount like $80 a year, for this service.
My grandfather worked for one of these associations for most of his life.
How can a startup disrupt this? By putting it in an app?
It'll be interesting to see if the release of the Nintendo Switch recovers some of this loss. I'm not into Nintendo stuff but a bunch of friends have spoken very highly of it so far (or at least the new Zelda game). I can imagine if they get a bunch of sales in the next couple weeks, they can make a song and dance about it and it might have a strong upward effect on the price.
My anecdata: I went down to zero TVs!
I watch all my media either a) on my desktop PC if it's something I don't care too much about, usually in a small Netflix window while I mess around elsewhere on the Internet or b) on my phone or laptop in bed/on the couch.
I sometimes miss having a nice big TV in the lounge room on the few occasions my partner & I want to watch something together. But it's also nice not having a TV being the centrepiece of our living room.
I kind of miss the ability to watch sport but it's a good excuse to go to a pub. A lot of sport I want to watch I'd need a subscription service for anyway, and fuck that noise.
Is there literally ANYONE using Slack that is under any impression that their conversations are private or secure? It's a web-based service that epitomises the phrase "the cloud is someone else's computer".
If you want private and/or secure conversations, use Signal, or Wire. Or shit, even Whatsapp is probably more secure.
No, not really. As long as it gets security updates and still works, why bother upgrading? I just replaced the battery in my iPhone and expect to get at least a couple more years out of it.
Anecdata: with every new iPhone release, a little less than half of my friends upgrade. The next release, the other almost half upgrade.
Most people I know are on a every-second-phone cycle that seems to suit them pretty well. There's a very small percentage (maybe 2-3 people) who always upgrade to have the latest one, and a slightly bigger group who stick with their phone until it dies.
It is entirely possible to have a completely contrary position to someone and express it without being toxic.
Is it though? I'm not American but share the rest of the world's fascination with the crazy shit Trump says, but I don't follow him on Twitter or read everything he says - but even /I/ know he regularly refers to the NYTimes as "the failing NYTimes".
As he's the President of the United States, whether or not he's using the 140 character limit of Twitter to say things that are trivially provably false I think is extremely important. If the NYTimes is failing then Trump is saying a true thing.
If it's not failing, then he's making a statement as if it's a fact that is at best just completely unsubstantiated, and at worst a complete lie to push some other agenda. Given his position in the world, it's important to try to establish a baseline for how useful his word is.
So far it doesn't seem to be very useful.
Yeh, Aussie Rules and rugby are much more interesting!
I spent a year in the US when I was a kid - I lived in SF the year the 49ers won the Superbowl. So I had exposure to it at an early age and got caught up in the excitement of our American-living family & friends, which lasted for several years.
I stopped watching it for a while - mostly because of time differences and difficulty getting access to games. I moved to the US for two years recently and was looking forward to keeping up with it, especially while in a big college football town (Columbus OH). I went to one game and left at 3/4 time because I couldn't stand it any long; we were there for like 3 hours, it was something like 40-0, and just unwatchable. Atmosphere was amazing through with so many people.
Is it though?
In any case, as I said, I'm Australian and we have a totally different kind of football - Australian Rules - that we [of course] feel is superior in terms of action, physical ability and strategy.
But then we'll happily kick back for five days to watch cricket so YMMV.
Something for people watching American football to do in between the vast amounts of waiting to see people actually playing football.
Apparently the latest Superbowl had only 16 minutes of the ball being in play.
I used to enjoy watching the game - and I see this as an Australian who never grew up watching it. I am not sure if I just finally lost patience with the downtime or if it actually changed and they started ad-stuffing like crazy.
Article is a bit weird - he says "there are many different URLs attackers can use to carry out the same attack", like this somehow wasn't a direct result of them not updating WordPress to the latest version after the most recent exploit was announced.
WordPress is low hanging fruit for attackers because of its vast install base; if you use it for anything that you care about you need to be totally vigilant because the 0dayz will be in the hands of everyone immediately.
I also like how he tries to deflect blame from WordPress with a nice general statement, when the real blame should be on whoever was responsible for installing it and maintaining it in the first place :)
You almost have to go out of your way to stop WordPress from auto-updating itself these days; whoever configured it probably thought they were being clever or more secure by, say, setting the file system permissions to read only. That seems like a good idea (& is mentioned in WordPress hardening guides), but unfortunately it will generally block the auto-update from working.
I would say that you're definitely more at risk from an out-of-date WP install than you are with a writeable filesystem (subject to how many plugins you're running, themes, etc). (Requiring a web-process writeable filesystem for WordPress is arguably one of its scariest requirements even though it enables a large amount of functionality.)
Overall though, I'd say this is a fairly typical worst-case scenario for a lot of people running WP in this kind of capacity. Your blog gets hacked, you serve malware or spam or look stupid for a bit, but (as long as your blog isn't where your core data is, and of course it isn't because you're not crazy, right!) you just restore from backup, update, and you're back on track.
Don't half-ass two things. Whole-ass one thing.
I subcontract with marketing companies so I work with some aspect of WordPress development on a daily basis.
Doing agency work in the last few years I know my colleagues struggled with the process of managing WordPress within source control. If we built a website for someone based in WordPress we'd deploy it - but then if the customer upgraded it or installed a theme or something it would instantly be out of wack with what was in source control.
Managing the site in source control from there was a bit of a pain as you'd have to download the new version, add new files, commit differences, etc - every time there was a WordPress update.
I would not be surprised if a lot of the compromised sites were in this situation - deployed by agencies who said to their clients "don't worry, we'll keep it up-to-date for you" and deployed from source control without thinking about how to maintain it, and then giving up when they realised it meant regular updates to their dev copy - thus losing all the security advantages of WP's self-updating feature. Or giving up when their clients modified their own site extensively thus making it a real nightmare to merge.
I'm sure there are many good ways of managing this process. WordPress being the "cheap" alternative means a lot of people are getting what they pay for.
So I have five separate personal WordPress sites for testing/hacking/tinkering and casually look after one for a friend. Every single one of mine updated on the day the patch for this problem was fixed.
I got email notifications from each of my sites notifying me they were updated before I heard about the problem. I read the WP blog post about it and thought "shit, that would have been a huge problem if my sites hadn't auto-updated!" and forgot about it completely.
(Incidentally, the next night I had a much, much higher than normal number of brute force login attempts. Not sure if related.)
I'd be very interested to find out why these 1.5m sites did not automatically update. I wonder if they're being manually updated or what the deal is. But if auto-patching worked as it was supposed to this vulnerability would have been mitigated much more quickly.
Boo, really? I haven't tried it for years but I understood it to be a fairly standard derivative of mainline Firefox.
When Classic Theme Restorer stops working, I'm off to PaleMoon or something else. I've stuck with Firefox through thick and thin but I don't like the new interface, and losing access to it as well as a bunch of other plugins will be the last straw.
I am an Australia so don't quite get how this works. But what power does the FCC have to enforce commercial restrictions at a state level?
I understand states' rights are a Big Deal for Americans (I lived in Ohio for two years and learned that the USA is really more of a union of states, rather than one country - just like in the name!).
I know the FCC has broad federal powers but does it have the power to step into a state and break up a state-or-city-based commercial broadband monopoly? If you're a big believer in the right of your state to make its own decision, presumably you'd object to the FCC coming in and doing this.
But without it you're never going to get a fair playing field for broadband and - as I think we see already - consumers suffer while large corporations profit. How is that resolvable without granting the federal government more power over states? Or am I misunderstanding how the FCC can operate?
I was going to mod your down for "typical leftist" but instead I'll be optimistic.
I get most of my insight about American politics from Slashdot as it's one of the few places I read with comments that I can stand.
In most political posts this kind of expression is really common - something is "typically right" or "typically left". But the examples are always completely fucking identical! I've lost count of the number of times that I've read here comments like "typical Republican blah blah - you're complaining about Obama and forgetting that it's the result of Bush policies".
I don't disagree that blaming Trump for Obama stuff is wrong. Blaming him for basically anything except the last week of horrors is wrong. But when you guys sit around saying "typical leftist" and "typical right wing" it is completely fucking bemusing to those of us sitting on the wings seeing the exact same behaviour from both sides.
Certification means jack shit in this day and age.
I don't know how true that is as a general statement - maybe more so in the US than elsewhere? But I've spent most of my life in Australia where the regulations seem to have kept most bad hardware out of the way of most consumers. We have pretty strong consumer protection laws so unless you're literally buying shit off ebay in China and importing it directly you can buy most stuff pretty safely.
I'm in the UK now and it seems reasonably similar here, but I spent two years in the midwest and also didn't have any problems.
One thing I'd note though - my time in the midwest I definitely came across more of the mindset that "oh we don't need them regulations, we should just have a free market and fuck those clowns in DC trying to tell us what we can and can't do".
That mindset I think lasts precisely up until the point that you destroy your thousand dollar smartphone with a $2 shitware charger, and then it switches to "there ought to be a law".
I guess my point is: it's dead easy for me to imagine that in the US certifications have been watered down as a result of this kind of thinking. But it's just another example of regulation that, in my mind, is incredibly beneficial to the citizens and completely worth it. It's nice to know that you can buy electrical equipment and it won't destroy your other stuff - or kill you.
Wow. I was curious to see if I could find a copy of this poster so did a quick search.
I couldn't find the poster searching for "western union nigeria poster", but this link - titled "Send money to Nigeria" - is totally lacking any kind of warning. Maybe Nigerian spam has petered out a bit recently but it still seems like there should be at least a warning in the footnotes!
Get away from the "us versus them" mentality. All the bad shit we have right now is the result of bi-partisan cooperation among politicians.
you guys need a third side, something fierce
Great post. I've been in a similar position for a similar amount of time. "Owning a job" is a really excellent summary.
On Slashdot a few days ago there was a story about a hardware company that imploded after raising $35 million, trying to build some little drones.
I'm no rocket scientist but I feel like getting to the moon might be a little more challenging?
I nearly didn't bother looking at this because you didn't include "open source" in its list of features (given how fucked so many PDF readers are in terms of security - and by that of course I mean Acrobat Reader - this is an important issue for me).
But, it turns out it is actually open source: https://github.com/sumatrapdfr... (GPLv3).
My girlfriend (Android) and one of my flatemates (iPhone 6) both have bought bluetooth headphones in the last ~2 months. I think the kerfuffle about the iPhone 7 brought modern bluetooth headsets to their attention. They both (independently) bought the same brand, too.