Unfortunately Wordpress bundles this library within its core product. So yes, it looks like all Wordpress sites have vulnerable code. However, I'm not sure how much the core mailer is used within wordpress, or if its just a feature that is turned on for some sites.
Most sites needing extended mailing functionality probably use the SMTP contrib module, fortunately they too are not affected by this.
However, if you are one of the 11,000 (or so) sites reported to be using phpmailer module (and the associated library), you should make sure the library is updated. You can see if you're vulnerable by looking in the sites/all/libraries or sites/default/libraries folders to see if you're using the phpmailer 3rd party library.
One of the core reasons why this issue hasn't really been prioritized is because you really shouldn't be live updating your site. Not just Drupal, but I'd argue the same for Wordpress, Joomla, whatever -- its a bad practice. Why?
Websites are very different from desktop or other normal applications. Most of these apps are tuned to your specific needs, and updates can cause issues. Serious Drupal shops and clients -never- live update their sites. Best practices suggest local or dev updates, which is then tracked by git. Site deployments should go through manual testing at a minimum. Many Drupal hosts don't even allow write access to htdocs -- only the files directory.
For those who aren't involved in the ecosystem, this article can seem alarming. But as someone who works with Drupal, and its large clients, this is a non-issue. This issue was vetted by the security team, whom are pretty risk adverse; even they didn't believe this met the criteria to be a security issue.
Should the Drupal update process be improved? Certainly. Is it a 'sky is falling Drupal sites are going to get hijacked?' nope. And for those who DO live update their drupal site, not maintain a git repo for their code, etc, etc.. Good luck. Like an default Linux install (also known to not be secure), Drupal cannot full-proof poor administrator practices.
Must be why the Whitehouse, Weather.com, CARD.com, the New York Stock Exchange, NFL, MLS, and NBA use Drupal. they all certainly don't care for security. *rolls eyes*
But in the Chevy Volt, for the 2nd gen (2016), the knobs and buttons have made a comeback. The space-age tactile feedback flat buttons were pretty well shunned by the community. And for good reason, they were clunky, and not usable in cold months with gloves on. I've owned the car for 3 years and for even simple buttons like seek takes an extra few seconds compared to other vehicles.
Except have you looked at the price of slightly used Volts? You can get a 2012 or 2013 between $16,000 and $21,000 with under 20k miles!
New ones have an MSRP of $35, but most are actually leaving the lots at 30k. Add a $7500 rebate, and you're talking low-mid 20s new.
And a volt is not really comparable to the cruze it was built from. I own a Volt, and drove a Cruze for 2 weeks as a rental. Its sluggish, loud, unrefined, everything you'd expect from a $15,000 new car. The volt on the otherhand is quite zippy, advanced, quite, comfortable, etc.
The topping on the cake is the fact that in the NW you'll pay only $30/mo in electricity, assuming you recharge fully every night. Since I don't drive every day, its closer to $12-18/mo on 120v.
I'm pretty annoyed at people trying to compare the ELR or the Volt to a Tesla, or Leaf, or any other pure electric. The biggest reason why I wouldn't buy a Tesla is because total electrics are still impractical. If you look on the Tesla website, you'll see that I'm basically limited to a 300mile radius to where I live. This is because at 300 miles, it'll take 4:43 to charge my 85kw battery with the supercharger. Bump that down to a 240v outlet, and its a 9:26 charge. And thats after spending nearly 95k for the car, because the 70k version only goes about 200miles. There are some tricks to get 80% 'fairly quick', but you're still adding hours onto each segment of a roadtrip.
Which is where the volt comes in. For -most- people, they only need 30-50miles a day in their car. BUT, if you want to take a road-trip just 5 hours away, you're going to want a way to get there without spending 4 hours charging. And at $299/mo lease, its cost isn't much different than some nicer compacts of its class, and for everyday driving you spend nothing on fuel.
I'm -my- use case, and driving style (where I go) -- I think given the choice of a Tesla or ELR, I probably would go with the ELR. At least then I wouldn't have to buy another car so I could goto the beach, out camping where there is no power, or any of the other places the 'supercharger' grid hasn't made it yet. But in reality, the volt is nice on its own, I don't have any desire to pay another 35k to have a neat badge and a blocky-looking car. Don't get me wrong, I think the Tesla is a nice car, but without the gas generator, its a non-starter for me. Now put a little Diesel TDI generator in there, and I'd buy a Tesla in a heartbeat!
Huh? The volt is directly connected via two electric motors, one on each front wheel. The engine has no direct connection to the wheels, only to the motors. When the battery runs below a certain threshold (out of electricity but not really), the gas engine pops on. Whenever the generator pushes the batteries back over the threshold, it turns off. This happens when you roll to a stop, go down a steep hill, etc. But the gas engine will come on whenever its below that threshold, even if you're going 10mph (if you're going up hill)
A new feature in 2013 is the hold button, so you can hold the battery at a certain level by turning on the engine. This is really useful when you want to go distances and save your battery power for less efficient times (like going slow through town)
Source - Volt owners manual, also I'm a owner of a volt. Best car ever owned (leased).
The point of Earth Hour is public awareness, to get people talking, thinking, discussing solutions.
But it doesn't even do that! At best, a few 'regular people' -might- think about the environment for a few days (or hours), akin to the hype around St. Patty's day this year. But come the day after, those people will forget all about it. And at worst, it just gives environmentalists more to be smug about, sniffing their own asses thinking they are making a difference, when in fact they aren't. We're on hydro-electric here. Our CO2 doesn't change a lick if we turn out our lights in the PNW.
No, Earth Hour is simply a fundraising opportunity for the WWF and other environmental organizations. Its mainly about money, and has little to do about making real change. Similar to politicians and political parties, environmental organizations need to look like they're fixing problems, otherwise they won't make money, or a living. I'd go as far as to say many environmental organizations are also anti-technology (nuclear, GMOs, etc), shooting themselves in the environmental foot they want to fix.
As soon as I received my MBPr I started testing to see if it had ghosting issues and if it was an LG screen. Sure enough, both were true. I returned it, and referenced the specific part number 661-7171 (that was the samsung screen) to replace it with. My local apple rep obliged and I had a nice new Samsung screen. Re-ran the stress test and it cleared.
That was 6 months ago, haven't seen a ghosting issue since.
Definition of Motor vehicle (Per TFA):
“Motor vehicle”, any motor driven vehicle or house trailer required to be registered under chapter 90 regardless of curb weight or required to be registered under sections 20 to 35, inclusive, of chapter 90B having a curb weight of not more than 1,000 pounds, or a truck camper.
Sure sounds like Tesla falls under that model to me!
I use old phones over wifi to control my XBMC media boxes. When I build my new house in a few years, I'll probably incorporate them into home automation since I'll have around 10 lying around. Most phones in airplane mode with wifi will last at least a week, and it lets me have chargers around the house to keep them (or my current phone) plugged in most of the time.
No, in the interview he talked about some of the issues regarding digital, and that it basically sucks right now (for IMAX quality at least). He likes the current film, and it doesn't look like they will be changing anytime soon.
I have the HTC Thunderbolt, unlocked running BAMF. According to the verizon rep, the bootloader lockdown was at the request of HTC. Additionally, the warranty is handled by the manufacturer, and would be void by them, not verizon. He told me that I could return the phone, and verizon only does some cursory testing to see if it turns on, functions, etc. The fact it was rooted wouldn't be detected until handed to HTC.
Now this is all assuming Verizon isn't lying to me. It could very well be all false. But it seems like they're trying to pin the fault on locked down phones to the manufacturer, NOT themselves. Aren't there some Android phones, made by Verizon that are unlocked?
I was one of those lucky high school tech nerds that attended Teen Tech Fest 2000 sponsored by AcePlanet and Microsoft. It was its first and last year, since AcePlanet went belly up like many other startups of the time. AcePlanet was going to do annual computer-themed summer camps for kids, but I guess there wasn't enough money in it.
Already being already an F/OSS person, it was a very fun camp. Despite being Microsoft sponsored (and getting a free copy of VS6 and tour of the MS campus), many of the kids there were very open source users and programmers. Many to this day I still talk to and are in tech related industries, including a few working at Google and Intel.
Actually I find this potentially quite cool. Not as much for the power source, but the size. Since most mATX boards don't come with mini PCIe slots, if you want to use an SSD drive you need a 2.5" drive or a PCIe card with a mini-slot on it. Both are much larger than a DIMM option.
And with 50gb, this would be very useful in a media box streaming from a server. Now only if the price could come down.
My 4x4 group (hot4x4.ca) uses VHF almost exclusively due to its reach above and beyond CB. Cell phones usually don't work where we travel either. Depending on the terrain, we can reach over 75kms from each other on just the 2m band w/o a repeater. This only requires a technician (basic) license as well.
Add in the APRS + Garmin GPS, and your rig turns into a mobile GPS transmitter. We then can track each other, which makes it really easy to find each other. APRS also allows us to send text messages via a p2p network of Ham Radios. Example: we had guys in Reno who we needed to contact because we broke a part on the Rubicon. Couldn't reach them via radio, but with APRS, our txt msgs could be relayed.
None of this requires anything but the first class license. Its an awesome hobby and there is a lot you can do with it, in addition to Geek cred and ecomm or search/rescue.
the ONLY time I'd recommend someone spending money to develop their own ecommerce system is if they have something extremely customized--$million+ sites... NewEgg for example... and even then, the amount of money and time to make a 'custom' cart system could be cut by spending that time on extending the drupal and ubercart frameworks.
A big piece missing from Magento is the content management portion. There has been talk about integrating Magento as a third party add-on to drupal, but its so different in how it handles content, that it doesn't really work.
A decent alternative is Ubercart and Drupal. Ubercart, while not the best example of -good- drupal code, it is getting better, and d7uc is planning on bringing much of the code to drupal standards. One big plus about ubercart is its extensibility. Despite it being a bloated shopping system (built for a mom-and-pop shop, similar to magento), it is easy to override functions and get it to do what you want. Ubercart is also used extensively on major websites, almost everything that uses drupal 6 and ecommerce.
In the dark days of ubercart, or when I'm banging my head on a problem that cannot be easily solved with it, I've looked to magento, but then came running back.
Slashdot Mirror
Here is the correct link to Dries' blog post on the subject: http://buytaert.net/living-our-values
Irony is that the 'living our values' blog post is anything but living our values in the Drupal community.
Unfortunately Wordpress bundles this library within its core product. So yes, it looks like all Wordpress sites have vulnerable code. However, I'm not sure how much the core mailer is used within wordpress, or if its just a feature that is turned on for some sites.
If you are using Drupal, please read this PSA: https://www.drupal.org/psa-2016-004
Most sites needing extended mailing functionality probably use the SMTP contrib module, fortunately they too are not affected by this.
However, if you are one of the 11,000 (or so) sites reported to be using phpmailer module (and the associated library), you should make sure the library is updated. You can see if you're vulnerable by looking in the sites/all/libraries or sites/default/libraries folders to see if you're using the phpmailer 3rd party library.
Which, for most of them, requires a 3.5mm headphone jack!
One of the core reasons why this issue hasn't really been prioritized is because you really shouldn't be live updating your site. Not just Drupal, but I'd argue the same for Wordpress, Joomla, whatever -- its a bad practice. Why?
Websites are very different from desktop or other normal applications. Most of these apps are tuned to your specific needs, and updates can cause issues. Serious Drupal shops and clients -never- live update their sites. Best practices suggest local or dev updates, which is then tracked by git. Site deployments should go through manual testing at a minimum. Many Drupal hosts don't even allow write access to htdocs -- only the files directory.
For those who aren't involved in the ecosystem, this article can seem alarming. But as someone who works with Drupal, and its large clients, this is a non-issue. This issue was vetted by the security team, whom are pretty risk adverse; even they didn't believe this met the criteria to be a security issue.
Should the Drupal update process be improved? Certainly. Is it a 'sky is falling Drupal sites are going to get hijacked?' nope. And for those who DO live update their drupal site, not maintain a git repo for their code, etc, etc.. Good luck. Like an default Linux install (also known to not be secure), Drupal cannot full-proof poor administrator practices.
Must be why the Whitehouse, Weather.com, CARD.com, the New York Stock Exchange, NFL, MLS, and NBA use Drupal. they all certainly don't care for security. *rolls eyes*
But in the Chevy Volt, for the 2nd gen (2016), the knobs and buttons have made a comeback. The space-age tactile feedback flat buttons were pretty well shunned by the community. And for good reason, they were clunky, and not usable in cold months with gloves on. I've owned the car for 3 years and for even simple buttons like seek takes an extra few seconds compared to other vehicles.
Except have you looked at the price of slightly used Volts? You can get a 2012 or 2013 between $16,000 and $21,000 with under 20k miles!
New ones have an MSRP of $35, but most are actually leaving the lots at 30k. Add a $7500 rebate, and you're talking low-mid 20s new.
And a volt is not really comparable to the cruze it was built from. I own a Volt, and drove a Cruze for 2 weeks as a rental. Its sluggish, loud, unrefined, everything you'd expect from a $15,000 new car. The volt on the otherhand is quite zippy, advanced, quite, comfortable, etc.
The topping on the cake is the fact that in the NW you'll pay only $30/mo in electricity, assuming you recharge fully every night. Since I don't drive every day, its closer to $12-18/mo on 120v.
I'm pretty annoyed at people trying to compare the ELR or the Volt to a Tesla, or Leaf, or any other pure electric. The biggest reason why I wouldn't buy a Tesla is because total electrics are still impractical. If you look on the Tesla website, you'll see that I'm basically limited to a 300mile radius to where I live. This is because at 300 miles, it'll take 4:43 to charge my 85kw battery with the supercharger. Bump that down to a 240v outlet, and its a 9:26 charge. And thats after spending nearly 95k for the car, because the 70k version only goes about 200miles. There are some tricks to get 80% 'fairly quick', but you're still adding hours onto each segment of a roadtrip.
Which is where the volt comes in. For -most- people, they only need 30-50miles a day in their car. BUT, if you want to take a road-trip just 5 hours away, you're going to want a way to get there without spending 4 hours charging. And at $299/mo lease, its cost isn't much different than some nicer compacts of its class, and for everyday driving you spend nothing on fuel.
I'm -my- use case, and driving style (where I go) -- I think given the choice of a Tesla or ELR, I probably would go with the ELR. At least then I wouldn't have to buy another car so I could goto the beach, out camping where there is no power, or any of the other places the 'supercharger' grid hasn't made it yet. But in reality, the volt is nice on its own, I don't have any desire to pay another 35k to have a neat badge and a blocky-looking car. Don't get me wrong, I think the Tesla is a nice car, but without the gas generator, its a non-starter for me. Now put a little Diesel TDI generator in there, and I'd buy a Tesla in a heartbeat!
Huh? The volt is directly connected via two electric motors, one on each front wheel. The engine has no direct connection to the wheels, only to the motors. When the battery runs below a certain threshold (out of electricity but not really), the gas engine pops on. Whenever the generator pushes the batteries back over the threshold, it turns off. This happens when you roll to a stop, go down a steep hill, etc. But the gas engine will come on whenever its below that threshold, even if you're going 10mph (if you're going up hill)
A new feature in 2013 is the hold button, so you can hold the battery at a certain level by turning on the engine. This is really useful when you want to go distances and save your battery power for less efficient times (like going slow through town)
Source - Volt owners manual, also I'm a owner of a volt. Best car ever owned (leased).
The point of Earth Hour is public awareness, to get people talking, thinking, discussing solutions.
But it doesn't even do that! At best, a few 'regular people' -might- think about the environment for a few days (or hours), akin to the hype around St. Patty's day this year. But come the day after, those people will forget all about it. And at worst, it just gives environmentalists more to be smug about, sniffing their own asses thinking they are making a difference, when in fact they aren't. We're on hydro-electric here. Our CO2 doesn't change a lick if we turn out our lights in the PNW.
No, Earth Hour is simply a fundraising opportunity for the WWF and other environmental organizations. Its mainly about money, and has little to do about making real change. Similar to politicians and political parties, environmental organizations need to look like they're fixing problems, otherwise they won't make money, or a living. I'd go as far as to say many environmental organizations are also anti-technology (nuclear, GMOs, etc), shooting themselves in the environmental foot they want to fix.
As soon as I received my MBPr I started testing to see if it had ghosting issues and if it was an LG screen. Sure enough, both were true. I returned it, and referenced the specific part number 661-7171 (that was the samsung screen) to replace it with. My local apple rep obliged and I had a nice new Samsung screen. Re-ran the stress test and it cleared.
That was 6 months ago, haven't seen a ghosting issue since.
Definition of Motor vehicle (Per TFA): “Motor vehicle”, any motor driven vehicle or house trailer required to be registered under chapter 90 regardless of curb weight or required to be registered under sections 20 to 35, inclusive, of chapter 90B having a curb weight of not more than 1,000 pounds, or a truck camper. Sure sounds like Tesla falls under that model to me!
turntable.fm is also down -- I guess the NYC tech startup community is going crazy right now. Time to diversify!
I use old phones over wifi to control my XBMC media boxes. When I build my new house in a few years, I'll probably incorporate them into home automation since I'll have around 10 lying around. Most phones in airplane mode with wifi will last at least a week, and it lets me have chargers around the house to keep them (or my current phone) plugged in most of the time.
Its also how Blizzard distributes its games. Its nothing new, and quite effective.
No, in the interview he talked about some of the issues regarding digital, and that it basically sucks right now (for IMAX quality at least). He likes the current film, and it doesn't look like they will be changing anytime soon.
I have the HTC Thunderbolt, unlocked running BAMF. According to the verizon rep, the bootloader lockdown was at the request of HTC. Additionally, the warranty is handled by the manufacturer, and would be void by them, not verizon. He told me that I could return the phone, and verizon only does some cursory testing to see if it turns on, functions, etc. The fact it was rooted wouldn't be detected until handed to HTC.
Now this is all assuming Verizon isn't lying to me. It could very well be all false. But it seems like they're trying to pin the fault on locked down phones to the manufacturer, NOT themselves. Aren't there some Android phones, made by Verizon that are unlocked?
I was one of those lucky high school tech nerds that attended Teen Tech Fest 2000 sponsored by AcePlanet and Microsoft. It was its first and last year, since AcePlanet went belly up like many other startups of the time. AcePlanet was going to do annual computer-themed summer camps for kids, but I guess there wasn't enough money in it.
Already being already an F/OSS person, it was a very fun camp. Despite being Microsoft sponsored (and getting a free copy of VS6 and tour of the MS campus), many of the kids there were very open source users and programmers. Many to this day I still talk to and are in tech related industries, including a few working at Google and Intel.
geeks, the group who will argue for logic and facts instead of warm fuzzy articles to make them feel better
Actually I find this potentially quite cool. Not as much for the power source, but the size. Since most mATX boards don't come with mini PCIe slots, if you want to use an SSD drive you need a 2.5" drive or a PCIe card with a mini-slot on it. Both are much larger than a DIMM option.
And with 50gb, this would be very useful in a media box streaming from a server. Now only if the price could come down.
My 4x4 group (hot4x4.ca) uses VHF almost exclusively due to its reach above and beyond CB. Cell phones usually don't work where we travel either. Depending on the terrain, we can reach over 75kms from each other on just the 2m band w/o a repeater. This only requires a technician (basic) license as well.
Add in the APRS + Garmin GPS, and your rig turns into a mobile GPS transmitter. We then can track each other, which makes it really easy to find each other. APRS also allows us to send text messages via a p2p network of Ham Radios. Example: we had guys in Reno who we needed to contact because we broke a part on the Rubicon. Couldn't reach them via radio, but with APRS, our txt msgs could be relayed.
None of this requires anything but the first class license. Its an awesome hobby and there is a lot you can do with it, in addition to Geek cred and ecomm or search/rescue.
Oh its no joke. You really haven't been to an Amateur Radio meetup before... ;-)
Hams make the Slashdot community look normal!
73
-KF7FJM
Thats just false.
If you're a small company selling some products, ubercart and drupal is for you. You can see a good list of sites using it now.
the ONLY time I'd recommend someone spending money to develop their own ecommerce system is if they have something extremely customized--$million+ sites... NewEgg for example... and even then, the amount of money and time to make a 'custom' cart system could be cut by spending that time on extending the drupal and ubercart frameworks.
A big piece missing from Magento is the content management portion. There has been talk about integrating Magento as a third party add-on to drupal, but its so different in how it handles content, that it doesn't really work.
A decent alternative is Ubercart and Drupal. Ubercart, while not the best example of -good- drupal code, it is getting better, and d7uc is planning on bringing much of the code to drupal standards. One big plus about ubercart is its extensibility. Despite it being a bloated shopping system (built for a mom-and-pop shop, similar to magento), it is easy to override functions and get it to do what you want. Ubercart is also used extensively on major websites, almost everything that uses drupal 6 and ecommerce.
In the dark days of ubercart, or when I'm banging my head on a problem that cannot be easily solved with it, I've looked to magento, but then came running back.