I’ve never seen a better way to describe what UX is than this picture. Click on it to enlarge.
UX is not UI!
Credit to http://www.uxisnotui.com/ for this awesomeness.
I’m not sure I’ve ever really blogged about my love of music (or the fact that for a very long time during my youth it was my plan to become a musician professionally), but I just had a bit of a music nerd/World of Warcraft nerd moment and I wanted to share it.
I just finished listening to the Main Title (theme) to Vanilla, Burning Crusade, Wrath of the Lich King, Cataclysm, and Mists of Pandaria.
Some Observations:
- You can really hear the progression of musical maturity and instrumentation through the years. The Vanilla and BC themes weren’t as booming and instrumental as LK and Cata were.
- Cata & MoP had fantastic instrumentation, and I think they really acknowledged the previous expansions well through the themes. You can really tell in the Cataclysm theme when they call back to Illidan’s downfall, and Arthas’ downfall with little bits and pieces of the music from the death cutscenes of both villains.
- MoP has amazing instrumentation. Russell Brower put together an amazing orchestra, and had great “guest composers” (listen to “Serpent Riders” from the MoP soundtrack and specifically Jeremy Soule for his work on that track).
All of the soundtracks are great, but it’s pretty cool to listen to the main titles in chronological order to hear the progression and call backs.
Really, I don’t think so.
Do they really? I doubt it.
Update 4/17: And then there’s this ad today…
Not exactly the best spokesperson for a “National Defense Degree”…
Tips to survive the latest WordPress brute force attack
12 Apr, 2013 in Hosting, Scripting, Security, Technical Issues, WebsiteIn case you haven’t heard by now, WordPress sites around the world are under attack by a botnet that’s attempting to brute force it’s way into installations that have an active “admin” user. To say the least, it’s been causing me all kinds of grief for the last four days or so. It’s slowed down my web host to a crawl, and has caused a significant amount of downtime.
Being the diligent, persistent, obcessive guy that I am, I’ve done a ton of research, and come up with a few ways that you can protect your website if it’s being run on the WordPress platform.
Part 1 – Create a new WordPress admin user, and delete the original admin user.
Since most of the attacks that have occurred on WordPress sites are aimed at either exploiting a bug or hole in one of the files under the /wp-admin/ directory or by brute forcing a login on wp-login.php, the #1 easiest thing you can do to prevent being a victim is to create a new user in your WordPress control panel (Users -> Add New) and making that new user an Administrator. When creating that new user, be sure to do the folllowing:
- Make the new user’s name something that isn’t, well, obvious or standard. Don’t call it “newadmin” or “admin2″. Give it a unique name.
- Pick a really good password. At least 10 characters, use upper and lower case letters, use numbers, use symbols such as ! @ # $ % ^ & *. Make it hard to guess, impossible to pull out of a dictionary, but something you can remember.
When you’ve finished creating your new user and given it full admin rights, log out of WordPress and login with you new user. Make sure all of your access and settings are as they should be. Then, the most important step, delete the original admin user.
Part 2 – Plugins are your friends
There’s two plugins that I’ve found to be invaluable during this brute force attack: ThreeWP Activity Monitor, and Limit Login Attempts. The first plugin, ThreeWP Activity Monitor does exactly what its name suggests – it monitors the login activity of your WordPress site. It creates a new area on your Dashboard that lets you see information about login attempts on your site, including the username entered, password attempted, IP address, and user agent of the potential attackers. It’s pretty amazing to see how many attempts occur, and what passwords they’re trying.
The other plugin, Limit Login Attempts, does exactly that: It gives you the ability to configure limitations on how many login attempts can occur in a certain period of time, and then ban people (based on IP) when they violate those limits.
Part 3 – CloudFlare to the rescue
CloudFlare is a very cool service that started up a year or two ago (I believe) that provides both protection and acceleration to any website, hosted anywhere. They’ve got a free plan with good features, and a paid plan with better features (obviously). I used them on this site for a while, and for some reason I can’t remember I disabled their service initially. Today, though, I came across this great post on their blog about how they’re helping people to deal with the current WordPress brute force attacks. An excerpt:
We just pushed a rule out through CloudFlare’s WAF that detects the signature of the attack and stops it. Rather than limiting this to only paying customers, CloudFlare is rolling it out the fix to all our customers automatically, including customers on our free plan. If you are a WordPress user and you are using CloudFlare, you are now protected from this latest brute force attack.
Because CloudFlare sits in front of a significant portion of web requests we have the opportunity to, literally, patch Internet vulnerabilities in realtime. We will be providing information about the attack back to partners who are interested in hardening their internal defenses for customers who are not yet on CloudFlare.
Some web hosts, like my current host Dreamhost, actually have CloudFlare integration on their control panels, so you can quickly enable this to protect your site. I highly recommend using CloudFlare for a number of reasons, but for protection from this attack I cannot stress enough that you should sign up for a free account and get your sites protected immediately!
Part 4 – Not for the weak of heart: using .htaccess and .htpasswd to protect wp-login.php
Alright, this part is not for the newbs. This is a little higher on the technical skill level, because when working with .htaccess files you can do all kinds of terrible things like lock yourself out of your website entirely, or accidentally prevent images from showing up. If you know what a .htaccess file is and what it does, read on. If you don’t, you’re done with this post and get to protecting your WordPress sites with the rest of the stuff already listed.
Did you know you can protect a single file – not just directory – with .htaccess and .htpasswd? Yup, you can. Instead of typing what’s already been typed several times, head on over to this awesome post from HostGator on how to password protect your wp-login.php file for a second level of security, so the brute force attack can’t even touch your wp-login.php.
That’s it. Good luck, be safe, and keep fighting the good fight!
Something I made today after seeing a picture of my friend recently getting a photo taken with Bruce Campbell.
Bruce Campbell and Mitt Romney – separated at birth?
Frightening!
iPhone Battery Life Tip: Disable “Push” for Exchange accounts
23 Sep, 2012 in Apple, iPad, iPhone, iPod(Updated Jan 2, 2013 – See Below!)
As I’ve been enjoying my new iPhone 5, I’ve noticed it’s suffering from shorter battery life than I’d hoped. I thought it might be the LTE, but after spending most of my day out of LTE range on Kent Island in the Chesapeake Bay, I was curious if it was something else. Tonight I ran some tests on a theory, and was proven quite right.
That said, here’s a quick battery life tip for all iPhone/iPad/iPod Touch users, no matter which device you have:
If you’ve got a Microsoft Exchange e-mail account on your phone (well, really any e-mail account, but Exchange is the worst offender), you can save a lot of battery power by changing from “Push” to “Fetch” retrieval.
By default, Exchange accounts are set to Push, which means they are constantly pinging the Exchange server for new e-mail. The upside is that when a new message is received on your Exchange account, you get that message delivered to your inboxes immediately. The downside is, obviously, that your phone is trying to get those messages constantly.
Fetch sets your e-mail to retrieve messages on one of four schedules: Every 15 minutes, every 30 minutes, every 1 hour, and manually (every time you open up the Mail app).
I did a little test this evening to see if this really improved my battery life, and it did. I put the phone down for four hours – turned off iMessage and all notifications, so that the phone would just idle and not have usage vary by the apps that produce uncontrollable notifications (mostly Facebook, iMessage, and Google+ for me).
- During hours 1 & 2, my Exchange account was still set to “Push”. My battery started the hour at 83%, and ended the first two hours at 77%. A 6% loss.
- During hours 3 & 4, my Exchange account was changed to “Fetch” (at 30 minute intervals). My battery started at 77%, and after two hours was at 76%. Only a 1% loss!
After doing a little reading on the topic, I found similar results for others. Exchange/Push accounts are definitely a battery hog, so unless you absolutely positively need to have your e-mails immediately when they come in, disabling Push accounts (especially Exchange accounts) can help save some battery life.
To check your current settings and change them based on your own preferences:
- Open the “Settings” app on your iPhone.
- Select “Mail, Contacts, Calendars”
- Scroll down a bit (past your current accounts) to “Fetch New Data”. It will likely say “Push >”. Select that.
- Leave “Push” at the top on – you need that for iCloud and app notification syncing in general. Scroll down a bit.
- Check the “Fetch” settings. The longer the period between Fetches, the more battery life you get. I have mine set to 30 minutes.
- Scroll down again, and tap on “Advanced”.
- On this screen, you’ll see the Push/Fetch setting for every account on your phone. This is the screen where you can make the biggest difference.
- To maximize your battery life, switch everything EXCEPT iCloud to “Fetch”. iCloud should stay Push so that your iCloud backups occur regularly and without the need to manually do it.
Now enjoy better battery life!
Update: January 2, 2013 – Since switching from Push to Fetch for Exchange accounts several months ago, I can now confirm that disabling exchange does indeed result in better battery life. I’ve gone from having less than 20% at the end of a work day to having over 60% battery life in the same 10 hour span of time. Much, much better.
Tomorrow is the big Apple iPhone 5 event. Here’s a quick FAQ from your friendly neighborhood Apply Fanboy:
- Will the new iPhone 5 be on sale tomorrow? — Chances are, no. They’ll likely announce that pre-orders will open up midnight PST this Friday or soon after, and the phones will ship 2-4 weeks later. That follows the Apple pattern.
- Is a new iPad Nano or iPad Mini coming tomorrow? — It’s possible, but not likely. The invitations to the event specifically had the number “5″ on them, signifying that it’s an iPhone 5 event. Also, based on the typical Apple hardware release cycle, iPads don’t come out in the fall, they come out in the spring.
- What’s so special about the iPhone 5? — Nothing is officially confirmed yet, but if the credible leaks are to be believed, it looks like the phone will be the same width, but longer and slimmer. There will be a new dock connector at the bottom (smaller but still an Apple proprietary thing – don’t expect USB micro or mini…), and the headphone jack will be relocated from the top of the phone to the bottom of the phone. That’s all that seems credible right now.
- When is it being announced tomorrow? — In typical Apple fashion, the event begins at 1pm eastern. Expect the first 10 minutes to be news about Apple’s revenues, how many devices sold in the last quarter, etc. 10-20 minutes in, you’ll start to see the new stuff.
- Are there live blogs where I can follow the event? — Oh yes. Yes there are. Several:
There’s more than that, but those are my faves.
- How much is the new iPhone 5 going to cost? — Likely the same price as the current line up – ranging from $199 subsidized through carriers up to $899 if you’re not up for an upgrade yet.
- Can I have your old iPhone 4S? — Make me an offer. Sexual favors only valid if you’re a female.
I’m a gun owner. I own several handguns, rifles, and a shotgun. I believe we, as Americans, have a right to own firearms.
To a certain point.
What I don’t believe in is clips that have a high capacity for rounds. Automatic weapons. The ability to order thousands and thousands of rounds of ammunition at a time. The complete lack of being able to trace who is buying those thousands of rounds at a time. The ability to buy multiple semi-automatic weapons per month.
I believe in waiting periods to buy weapons, thorough background checks, and stronger laws to prevent people with mental illnesses to obtain firearms.
The asshat that shot up the movie theater over the weekend had a clip that held 100 rounds. 100 bullets. There’s no reason anyone outside of an actual warzone needs that. Hell, US soldiers don’t carry standard-issue clips that hold that many bullets.
High capacity clips fall way beyond self-defense. The only reason to have something like that is if you plan on killing people. A lot of people. If you need 100 rounds in a clip to “hunt game”, you must be the worst shot in the world.
Let’s talk about the weapons that the shooter used. According to reports, he legally obtained two .40mm Glock handguns, a 12 gauge shotgun, and an AR-15 Semi-Automatic rifle. The 100 round clip, the tactical vest, pants, helmet, etc. That was all legally obtained. He bought it in a state that has fairly lax rules and regulations about purchasing weapons. Here’s a link to Colorado’s laws, if you’re interested, and here’s a link to Maryland’s gun laws as well to give you an interesting contrast on the laws in my home state.
So, to all of my “friends” who keep posting idiotic things on their Facebook walls about how “guns don’t kill people” and “protect our guns from the democrats”, up yours. You’re militant idiots who have no place in civilized society. You’re delusional. Sure, there are more gun crimes in the US carried out by people with illegally obtained firearms, but it seems like most, if not all, of the mass shootings in the last 15 years have been carried out by legal gun owners.
And, by the way, if you think that the events of this weekends shooting could’ve been prevented if people had been armed, there’s no way to know. Just because you’re carrying a weapon doesn’t mean that you have the ability to react clearly to a situation like that. If you’re trained for it – and I mean REALLY trained for it – maybe you could hold your own. But do YOU really think you wouldn’t panic? Do you think you’d have been able to stop a guy wearing full tactical gear who was better armed than you? I doubt it.
In Soviet Russia, comments are done with you!
24 Apr, 2013 in The Fourth Wall by ScottIt’s been a long, strange trip, but I’m disabling comments on my blog. I’m going to continue writing in it, that’s for sure, but given the sheer volume of spam I’ve been getting (that has thankfully been stopped by Akismet!), I’ll be disabling comments temporarily.
Heck, if it works for Kottke and Gruber, it might work for me as well.
Technorati Tags: comments disabled