Akismet 3.0 is now available!

The latest and greatest version of Akismet is no longer just a release candidate and is now available for download!  Version 3.0 includes a bunch of new features and overall improvements, you can read the official release post here.

A few of the changes:

  • Move Akismet to Settings menu
  • Drop Akismet Stats menu
  • Add stats snapshot to Akismet settings
  • Add Akismet subscription details and status to Akismet settings
  • Add contextual help for each page
  • Improve Akismet setup to use Jetpack to automate plugin setup
  • Fix Update Check for Spam to use ajax to avoid page timing out
  • Fix Akismet settings page to be responsive
  • Drop legacy code
  • Tidy up CSS and Javascript
  • Replace the old discard setting with a new “discard pervasive spam” feature.

One thing you may notice is that there is no longer two separate areas to look in for stats and configuration changes – they’re both in the same place.  If you’re a Jetpack user, the Akismet link will appear under the Jetpack menu.  If not, the link will show in Settings, oh and of course on the plugins page.

And if you’re looking to drill into your stats, use the ‘Summaries’ link located on the top right of the page to see the same great graphs and stats you’re used to seeing.

Happy blogging!

More on Heartbleed, and a site check tool

heartbleedOooh, the scary Heartbleed Bug.  Actually, if you’ve been keeping up with the news, you may have heard of this and should know that it’s a pretty serious security issue impacting sites using OpenSSL. Right now, Google is returning almost two million search results for the term – so it’s being talked about. A lot.

So above I mentioned OpenSSL, what’s that? Simply put, it’s a cryptographic library that many websites and businesses leverage to secure communications between you and them, preventing outsiders from seeing the exchange.  Think of it as being in a whispering gallery … where you don’t expect others would be able to overhear your conversation, but they can, should they choose to.

Enter Heartbleed, a nasty bug that’s been running undiscovered in the wild for over two years. So wait, what the heck is Heartbleed? Glad you asked, this is the technical description from http://heartbleed.com:

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

So in english please?

Basically, this bug has existed for the last two years, completely undetected. During that time, websites using a vulnerable version of OpenSSL could have exposed user data without even knowing it.

  • Worst case scenario: sensitive information such as credit cards, bank statements, email passwords, etc. could have been stolen.
  • Best case scenario: this bug wasn’t discovered or exploited. Don’t count on this.

How can I tell if a site I use has been exploited?

No way to know at this time, if you have concerns then you should contact the site in question.

What sites should I worry about?

Mashable has been compiling a list of popular sites, if they were vulnerable, what fixes have been applied and if you should need to take action:

http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/

It should be noted that this is not a completely comprehensive list, smaller sites may or may not have been impacted. You should contact those sites directly if you have concerns.

What about self-hosted sites, how can I check?

You can test any site for CVE-2014-0160 (Heartbleed) here:

http://filippo.io/Heartbleed/

Are you some sort of expert on this, can I contact you?

Nope, I’m not an expert on this particular security issue. Just a concerned netizen who felt compelled to post about it.  There’s a vast wealth of information on the Heartbleed site: http://heartbleed.com/, I encourage you to review it. And of course if you have questions about a specific entity, you can always contact them directly.

Scored a scotch cask today

Empty unfortunately.

A local retailer had this old scotch cask on display. I happened to mention it would make a interesting addition to my office, perhaps as an end table.  Much to my surprise, they told me that since the promotion was over I could have it as long as I could move it myself. Challenge Accepted.  Admittedly it did have a little weight to it- the shape and size posed a bit of a challenge while trying to get it in the house without destroying the hardwood floors.

It needs a little cleanup and is missing the two lower hoops, but overall it’s in decent shape.  Not sure exactly what I’m going to do with it, perhaps with my Roost it might make a good standing desk.

Starting to wonder about the SD card in the Pi..

This afternoon I decided to start fiddling with one of my Raspberry Pi’s, I’ve been collecting bits of hardware here and there for a small scale home automation project using some X10 gear. Small problem though, the thing won’t boot now, the SD card seems to be corrupt and won’t take a new image.  Not just one card but two out of three.

The cards are a year or so old, purchased them all at the same time from a reseller on Amazon. Turns out, this may not have been a wise idea.  After spending some time searching online for similar issues, I’ve found that counterfeit SD cards is a pretty big thing.  Not sure if that’s the case here, they all have different serial numbers, but I’ll be reaching out to the Kingston folks later on to see if the cards can be verified.

Using a smaller capacity card seems to work fine, so no issues with the reader on my laptop or the Pi.  SD card corruption has happened to me in the past when the Pi abruptly lost power without shutting down first but imaging it again was never a problem.

I think from here forward that purchasing direct from the manufacturer or a trusted reseller is the best way to go, google ‘fake sd card’ and check the results for yourself. In the meantime, card number three has an image and I’m going to try and start working on randomly blinking lights on and off in the house.  Eventually I may try to hack my coffee maker.

Oh, and fun fact: raspberrypi.org is powered by WordPress. :)