Rough day for the internet. A vulnerability was found in the OpenSSL cryptographic library, commonly used to secure Apache and nginx servers. This affects roughly 70% – 80% of servers currently in use. From the Heartbleed Bug site:
The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).
The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
You can test if your server is vulnerable at Qualys® SSL Labs.
A list of potentially affected sites (that you may consider changing your password on) can be viewed at Digital Trends.
Additional list of potentially affected sites can be viewed on Mashable.
After migrating my site earlier this year I scanned through the old files to verify that everything made it across. During this verification I kept seeing dot files that weren’t a part of WordPress, and that set off some alarms. Turns out that the old site had been piggy backed for some nefarious (or at least unintended) purposes.
I’ve run into several IE quirks in my time, but this is the first stumper I’ve had since IE8. The symptom was content not appearing below the header, but styles and content above that were loading fine. In addition this error did not show up on local test environments, even when emulating the same version of IE (9). On top of that some computers the client was using worked fine, while others did not.
This all began after working on some functionality that (for once) I could not find a suitable plugin for. Figuring it was a good opportunity to finally write a small jQuery plugin I did some quick research into the process for creating and publishing one. It has been quite awhile since I looked into the process of creating a plugin. In that time the jQuery Plugin Registry has greatly improved, along with the support and documentation for creating them.
The first of the year is the generally accepted time of rebooting. Whether it’s evaluating the current situation, creating goals for the new cycle, or comparing it to earlier cycles, it’s hard to avoid reflecting at least a little during this time. Though I typically prefer rolling in changes kaizen style into the cinnamon swirl of my life, plopping a line in the sand for some things I’ve slacked on may do me some good. Hopefully around this time next year I’ll be able to look back and this post and say “hey, I did some of those things.” That or I’ll realize my cinnamon swirl has become a bit lumpy, and I probably need to focus.
- Publish a mobile app
- Poke around with backbone.js, ember.js, whateverlooksmostinteresting.js
- Publish either a Python or Ruby project
- Read at least 2 books per month (one tech, one fun)
- Stand up more often
Now that the easy part’s done time to get to work.