Coppermine 1.4.19 has been released to fix a MySQL injection flaw, again. This is how TimesToCome was hacked last April and why you now have all these shiny new security tools and information on this website.
I went to the Coppermine site only because there was a huge increase in cross site scripting attempts last night on the Coppermine albums.
Anyhow update if you have not.
→ No CommentsTags: coppermine · mysql · security
TimesToCome was once a bleeding edge website. The splash page had a black starry background with a javascript ufo flying around as any self respecting cool website did in the 1990s. Times changed, and animations fell from favor so it went static. Over time the designs changed but the splash page remained just a link list to various sections of the website. TimesToCome was late moving to a blog setup. It is even later in becoming a portal, but better late than never.
RSS feeds can be used to create portals or to being live, current information to your blogs. Magpierss is built into WordPress. So you can easily use it to bring your other blogs rss feeds into your main blog, or to bring breaking news in your subject area to your blog with a custom rss.
TimesToCome was broken up and spread across eight blogs when I modernized it. The portal grabs the rss feeds from all eight blogs using magpierss.
If you need to install magpierss download it and follow the directions in the “INSTALL” file. It was the simplest install of any web software I’ve look at yet.
Be very sure to follow the directions to set up the cache. If you do not then every time the page loads it will grab fresh copies of the feeds slowing it down as well as any sites it is pulling rss feeds from.
Included in magpie are a README file and a cookbook file. Both contain examples of how to use magpierss. You can just cut and paste the examples and change the names to protect the innocent.
If you are pulling a bunch of feeds and using more than the links, be sure to leave lots of white space in your layout. I’m not a design person. The design took me about four times as long to put together as did the code. But it is simple to remember to use large margins and lots and lots of white space to make things legible. I also used the Coppermine script I wrote as a WordPress plugin to bring in three feeds of latest photos to the portal. It breaks up all the text.
So in summery, if you want to build a portal or incorporate live rss into your site use magpierss. If you are using WordPress it is already installed you just need to read the directions.
TimesToCome portal splash page. I refer to it as ‘The Wonder of me page’. ;D
Herself’s Green Things carries just the garden and houseplant blog rss feeds and photos.
→ No CommentsTags: hack your template · how to · tools
Way back yonder when spam first started to appear on the internet, long before filter programs, the first thing everyone did was use a white list.
A white list let in all the email by people you knew and dumped everything else in the trash can. It totally kept out spam. It also kept out anyone whose email address had changed or that you hadn’t yet met since those addresses weren’t yet on your white list.
So white listing fell away and blacklisting came to be in the world of email. Now everything wound up in your in box except what you had told your email program not to let in. This too works but you have to get a bad email first to know what to block. So it took time to build up rules that kept most bad things out. And those rules lists could get awfully long.
Most security programs on your computer work the same way. Some things get white listed, some things get blacklisted. Too much white listing keeps good things out, too little blacklisting lets bad things in.
The security plugins I just wrote for WP work on black lists. You need to tell it what not to let in. As time goes on and new problems appear, the black list needs to be updated to reflect new threats. This is what your home anti-virus software is doing when it is updating daily.
Black listing has improved with centralized black listing. This allows us all to compare black lists, blacklisting is more accurate and much faster this way. [ Spamhaus, Stop Forum Spam, Emerging Threats, rules ]
White listing is slowly coming to the internet. I expect before too much time goes by you will have a master login that lets everyone know you are a good guy. We have fought for anonymity on the internet long and hard. but unless we can come up with something better than white and black lists it may not be a choice.
→ No CommentsTags: security