This too shall pass.
One of the coolest things about WordCamp is that they post videos of each talk and presentation on WordPress.tv for viewing afterwards. It give you the chance to see all the great presentations you may have missed, or to revisit the ones you attended.
With so many WordCamps happening all over the world, it is a great resource.
My presentation from WordCamp Asheville 2016, titled WordPress Security: Don’t Be a Target, is now live on WordPress.tv.
Thanks to everyone who came out to the Asheville Area WordPress Group meetup last night, and thanks for the great discussion! I learned a lot from you all, and I hope you came away with something you could use to make your own website more secure.
As promised, here are the slides from the presentation:
Tickets are on sale for WordCamp Asheville, and I hope many of you will come. This is my first opportunity to attend WordCamp, and I’ll actually be getting to speak at it. Come check it out if you are attending.
My presentation will be about WordPress security, how to make yourself less of a target, and how to harden your WordPress website against hackers using freely available tools.
Come say Hi if you attend!
I got a promotional email from Walgreens. I tried to unsubscribe, but this is what happens:
http://youtu.be/oX1uHHQxOzw
How on Earth am I supposed to unsubscribe? I think Walgreens needs to check the CAN-SPAM Act requirements.
Here’s a very interesting article and set of survey results from Pew Research about the feelings Americans have about privacy in the digital age of government spying and corporate data breaches. The results are better than I feared, but there is still much room for improvement.
And here is a great page that lets you keep an eye on your ISP to determine if they are violating the new Net Neutrality laws. Check it often.
More than you probably thought possible.
A recently released study shows that computer-based personality judgements are more accurate than those made by humans.
This study compares the accuracy of personality judgment—a ubiquitous and important social-cognitive activity—between computer models and humans. Using several criteria, we show that computers’ judgments of people’s personalities based on their digital footprints are more accurate and valid than judgments made by their close others or acquaintances (friends, family, spouse, colleagues, etc.). Our findings highlight that people’s personalities can be predicted automatically and without involving human social-cognitive skills.
By analyzing 150 of your “Likes” on Facebook, a computer can figure you out with more accuracy than your closest family members. Maybe it’s time to go back and see all the things you’ve chosen to “Like” on Facebook.
This is more important than it seems at first glance. You may think that it doesn’t matter what Facebook thinks about you. While that is debatable (and probably wrong), it’s what this data can be used against you for that is concerning.
Per a Newseek article about this study, one of the study’s authors talks about it:
…there are also dangers to having machines that can judge people’s personalities and emotional states, says Kosinski. “Like any other technology, this technology is morally neutral, but it can be used for a bad purpose,” he says. “For example, knowledge of psychological traits can help me exert influence over you.” The risk, he says, is that people will lose trust in cellphones and online environments, which is why he believes people should be given control over their own data and the authority to decide whether it will be shared with certain companies.
What you “Like” is only one aspect of the data that Facebook collects about you. It’s easy to overlook the fact that Facebook is watching and learning about you when you are not even using Facebook. Considering that millions of people don’t even know that Facebook is part of the Internet, this is quite profound.
Photo by JeepersMedia 
The old bait and switch: promise you one thing and sell you another. That’s what happened when I signed up for a year of VPN service through NordVPN. Their website said:
“Easiest VPN Ever. To get on NordVPN, just click and go. NordVPN’s secure VPN software takes care of all the hard stuff so you can focus on fun stuff. And work stuff, if you have to.”
Their imagery showed multiple devices running their software, including phones and laptops.
I had read about their service and took the plunge. After I had paid, I found out they do not have an app for Mac OS X or Android. Those apps are supposedly coming soon, but not yet. For now, you have to download a third-party app for each device, download a bunch of configuration files, install said configuration files, configure a bunch of things, remember your username and password for each configuration file, and then figure out what is going on and whether or not you are actually connected.
To be fair, they do have instructions on how to do all of this, but it is far from “Easiest VPN Ever.” Every other VPN app I have used is a simple app you download and click a button to get going with.
I chatted with NordVPN’s technical support guy, “Dave,” who informed me that of their refund policy, which states that unless their product did not work for a fault of their own, I could not get a refund for my money. All he could do was extend my subscription by 3 months.
(01:30:40) David: if the service does not work we will issue a refund.
(01:31:17) Visitor 34392357: that is my point – it doesn’t work as you advertise it. it only works through a lengthy process of installing other software.
I would argue that their product does not work as advertised and I am entitled to a refund. In fact, it’s not even their product I am using — I am using something called “Tunnelblick” on my Mac, and an app called OpenVPN on my Android phone to connect to the NordVPN servers.
In summary, the bait was the promise of an easy to use VPN app. The switch was not even having an app for me to use. And no matter what VPN you will choose, be sure to run a speed test so you can see if your VPN is slowing down your internet speed.
Get your updates going as soon as possible, as this looks pretty serious!
This is a bad bug, and Jetpack is one of the most widely used plugins in the WordPress world. We have been working closely with the WordPress security team, which has pushed updates to every version of the plugin since 1.9 through core’s auto-update system. We have also coordinated with a number of hosts and network providers to install network-wide blocks to mitigate the impact of this vulnerability, but the only sure fix is updating the plugin.
So not only is that an issue, but if you haven’t done your part in protecting yourself from this week’s HeartBleed bug, which has scared the bejeezus out of the entire Internet, get yourself fixed up ASAP!
If you are lucky enough to have been using LastPass to manage your passwords, log in there and do a Security Check to find out which websites you frequent may be vulnerable to that bug. LastPass will also help you quickly change passwords as needed.
Good luck, citizens!