The evolution of the World of Warcraft main title songs

in Music, World of Warcraft

Mists of Pandaria Soundtrack (Cover Art)I’m not sure I’ve ever really blogged about my love of music (or the fact that for a very long time during my youth it was my plan to become a musician professionally), but I just had a bit of a music nerd/World of Warcraft nerd moment and I wanted to share it.

I just finished listening to the Main Title (theme) to Vanilla, Burning Crusade, Wrath of the Lich King, Cataclysm, and Mists of Pandaria.

Some Observations:

  1. You can really hear the progression of musical maturity and instrumentation through the years. The Vanilla and BC themes weren’t as booming and instrumental as LK and Cata were.
  2. Cata & MoP had fantastic instrumentation, and I think they really acknowledged the previous expansions well through the themes. You can really tell in the Cataclysm theme when they call back to Illidan’s downfall, and Arthas’ downfall with little bits and pieces of the music from the death cutscenes of both villains.
  3. MoP has amazing instrumentation. Russell Brower put together an amazing orchestra, and had great “guest composers” (listen to “Serpent Riders” from the MoP soundtrack and specifically Jeremy Soule for his work on that track).

All of the soundtracks are great, but it’s pretty cool to listen to the main titles in chronological order to hear the progression and call backs.

Technorati Tags: , , , ,

In Soviet Russia, comments are done with you!

in The Fourth Wall

It’s been a long, strange trip, but I’m disabling comments on my blog. I’m going to continue writing in it, that’s for sure, but given the sheer volume of spam I’ve been getting (that has thankfully been stopped by Akismet!), I’ll be disabling comments temporarily.

Heck, if it works for Kottke and Gruber, it might work for me as well.

Technorati Tags:

No, I don’t think they do…

in Funny

Really, I don’t think so.

Do they really? I doubt it.

Do they really? I doubt it.

Update 4/17: And then there’s this ad today…

Not exactly the best spokesperson for a "National Defense Degree"...

Not exactly the best spokesperson for a “National Defense Degree”…

 

Technorati Tags: , ,

Tips to survive the latest WordPress brute force attack

in Hosting, Scripting, Security, Technical Issues, Website

In case you haven’t heard by now, WordPress sites around the world are under attack by a botnet that’s attempting to brute force it’s way into installations that have an active “admin” user. To say the least, it’s been causing me all kinds of grief for the last four days or so. It’s slowed down my web host to a crawl, and has caused a significant amount of downtime.

Being the diligent, persistent, obcessive guy that I am, I’ve done a ton of research, and come up with a few ways that you can protect your website if it’s being run on the WordPress platform.

Part 1 – Create a new WordPress admin user, and delete the original admin user.

Since most of the attacks that have occurred on WordPress sites are aimed at either exploiting a bug or hole in one of the files under the /wp-admin/ directory or by brute forcing a login on wp-login.php, the #1 easiest thing you can do to prevent being a victim is to create a new user in your WordPress control panel (Users -> Add New) and making that new user an Administrator. When creating that new user, be sure to do the folllowing:

  • Make the new user’s name something that isn’t, well, obvious or standard. Don’t call it “newadmin” or “admin2″. Give it a unique name.
  • Pick a really good password. At least 10 characters, use upper and lower case letters, use numbers, use symbols such as ! @ # $ % ^ & *. Make it hard to guess, impossible to pull out of a dictionary, but something you can remember.

When you’ve finished creating your new user and given it full admin rights, log out of WordPress and login with you new user. Make sure all of your access and settings are as they should be. Then, the most important step, delete the original admin user.

Part 2 – Plugins are your friends

There’s two plugins that I’ve found to be invaluable during this brute force attack: ThreeWP Activity Monitor, and Limit Login Attempts. The first plugin, ThreeWP Activity Monitor does exactly what its name suggests – it monitors the login activity of your WordPress site. It creates a new area on your Dashboard that lets you see information about login attempts on your site, including the username entered, password attempted, IP address, and user agent of the potential attackers. It’s pretty amazing to see how many attempts occur, and what passwords they’re trying.

The other plugin, Limit Login Attempts, does exactly that: It gives you the ability to configure limitations on how many login attempts can occur in a certain period of time, and then ban people (based on IP) when they violate those limits.

Part 3 – CloudFlare to the rescue

CloudFlare is a very cool service that started up a year or two ago (I believe) that provides both protection and acceleration to any website, hosted anywhere. They’ve got a free plan with good features, and a paid plan with better features (obviously). I used them on this site for a while, and for some reason I can’t remember I disabled their service initially. Today, though, I came across this great post on their blog about how they’re helping people to deal with the current WordPress brute force attacks. An excerpt:

We just pushed a rule out through CloudFlare’s WAF that detects the signature of the attack and stops it. Rather than limiting this to only paying customers, CloudFlare is rolling it out the fix to all our customers automatically, including customers on our free plan. If you are a WordPress user and you are using CloudFlare, you are now protected from this latest brute force attack.

Because CloudFlare sits in front of a significant portion of web requests we have the opportunity to, literally, patch Internet vulnerabilities in realtime. We will be providing information about the attack back to partners who are interested in hardening their internal defenses for customers who are not yet on CloudFlare.

Some web hosts, like my current host Dreamhost, actually have CloudFlare integration on their control panels, so you can quickly enable this to protect your site. I highly recommend using CloudFlare for a number of reasons, but for protection from this attack I cannot stress enough that you should sign up for a free account and get your sites protected immediately!

Part 4 – Not for the weak of heart: using .htaccess and .htpasswd to protect wp-login.php

Alright, this part is not for the newbs. This is a little higher on the technical skill level, because when working with .htaccess files you can do all kinds of terrible things like lock yourself out of your website entirely, or accidentally prevent images from showing up. If you know what a .htaccess file is and what it does, read on. If you don’t, you’re done with this post and get to protecting your WordPress sites with the rest of the stuff already listed.

Did you know you can protect a single file – not just directory – with .htaccess and .htpasswd? Yup, you can. Instead of typing what’s already been typed several times, head on over to this awesome post from HostGator on how to password protect your wp-login.php file for a second level of security, so the brute force attack can’t even touch your wp-login.php.

That’s it. Good luck, be safe, and keep fighting the good fight!

Technorati Tags: , , ,

Bruce & Mitt – Separated at Birth?

in Friends, Funny

Something I made today after seeing a picture of my friend recently getting a photo taken with Bruce Campbell.

Bruce Campbell and Mitt Romney - separated at birth?

Bruce Campbell and Mitt Romney – separated at birth?

Frightening!

Technorati Tags: , ,

From Contractor to Startups: My 2012

in Thoughts & Wonderings, Work-related

What a long, strange trip it’s been. Two years ago today, I still worked at SAIC with all of my friends at SAMHSA – a place I spent seven and a half years of my career at. A year ago today, I was at Monster. Today, I’m now at Motorize. It’s been an interesting progression, personally.

My work at SAMHSA was as a contractor for SAIC. I stayed in one place (for the most part – I did work on a few other contracts during my time there, but SAMHSA was always in the foreground) for a very long time, and learned just about everything there is to know about being a federal contractor. Not to mention, of course, all of the valuable knowledge I picked up about accessibility and Section 508.

Three years ago, however, I felt the pull of wanting more. I wanted back into the private sector – to have the chains of federal UX / Web Design torn away so I could have full creative freedom. Alas, not a lot of companies in the DC area were interested in hiring someone who “has fantastic skills and experience” but “has been federalized too long”. Basically an excuse in the web design world to say, “We like you and you’ve done good things, but federal design isn’t cutting-edge enough.” Still, I pushed on.

Then Monster came around – specifically the Government Solutions division, but it was a private company none-the-less. I had an in – a friend who worked there in Operations who discovered a role on the Product Team was opening – one for a Sr. User Experience Designer. I jumped at it. I interviewed three times, and got in. I was ecstatic! Finally, design freedom!

Well, not quite. Monster was a great experience – a wonderful transition. I was doing good UX and IA work, but it was for federal clients in a system that was 10+ years old and hadn’t had a real design overhaul, well, ever. It was rewarding, though, working with a Product team and learning the ropes of designing SaaS products, working within an Agile framework, and understanding how a product goes to market and sells. Not to mention, Monster sent me to Prague – my first trip out of the US, ever – and that was an amazing experience in and of itself.

Then, in late June 2012, my friend Brian approached me about moving from doing freelance here and there for Motorize, a wonderful startup in Baltimore that he’d bee working at since 2008, to becoming a full-time, plank owner on their small team. It was everything I’d wanted in my career – complete and total freedom to design, and to be there to build a product from the ground up.

I’m now five months in at Motorize, and I’m loving every day of it. I’ve learned so much, and have been able to offer a great deal to the company and my cohorts here. There have been, and will continue to be, challenges in getting a new product in a somewhat niche market out there. We still haven’t started making any revenue, in fact. But we’re close. We’re at the final stages of launch prep, and we’ve got several pilot clients lined up.

My resolution for 2013 is to get back to posting here, and on my twitter account (@scottasavage). Also, keep an eye out for a redesign of Motorize.com – it should be one of my finest sites yet.

Technorati Tags: , , , ,

iPhone Battery Life Tip: Disable “Push” for Exchange accounts

in Apple, iPad, iPhone, iPod

(Updated Jan 2, 2013 – See Below!)

As I’ve been enjoying my new iPhone 5, I’ve noticed it’s suffering from shorter battery life than I’d hoped. I thought it might be the LTE, but after spending most of my day out of LTE range on Kent Island in the Chesapeake Bay, I was curious if it was something else. Tonight I ran some tests on a theory, and was proven quite right.

That said, here’s a quick battery life tip for all iPhone/iPad/iPod Touch users, no matter which device you have:

If you’ve got a Microsoft Exchange e-mail account on your phone (well, really any e-mail account, but Exchange is the worst offender), you can save a lot of battery power by changing from “Push” to “Fetch” retrieval.

By default, Exchange accounts are set to Push, which means they are constantly pinging the Exchange server for new e-mail. The upside is that when a new message is received on your Exchange account, you get that message delivered to your inboxes immediately. The downside is, obviously, that your phone is trying to get those messages constantly.

Fetch sets your e-mail to retrieve messages on one of four schedules: Every 15 minutes, every 30 minutes, every 1 hour, and manually (every time you open up the Mail app).

I did a little test this evening to see if this really improved my battery life, and it did. I put the phone down for four hours – turned off iMessage and all notifications, so that the phone would just idle and not have usage vary by the apps that produce uncontrollable notifications (mostly Facebook, iMessage, and Google+ for me).

  • During hours 1 & 2, my Exchange account was still set to “Push”. My battery started the hour at 83%, and ended the first two hours at 77%. A 6% loss.
  • During hours 3 & 4, my Exchange account was changed to “Fetch” (at 30 minute intervals). My battery started at 77%, and after two hours was at 76%. Only a 1% loss!

After doing a little reading on the topic, I found similar results for others. Exchange/Push accounts are definitely a battery hog, so unless you absolutely positively need to have your e-mails immediately when they come in, disabling Push accounts (especially Exchange accounts) can help save some battery life.

To check your current settings and change them based on your own preferences:

  1. Open the “Settings” app on your iPhone.
  2. Select “Mail, Contacts, Calendars”
  3. Scroll down a bit (past your current accounts) to “Fetch New Data”. It will likely say “Push >”. Select that.
  4. Leave “Push” at the top on – you need that for iCloud and app notification syncing in general. Scroll down a bit.
  5. Check the “Fetch” settings. The longer the period between Fetches, the more battery life you get. I have mine set to 30 minutes.
  6. Scroll down again, and tap on “Advanced”.
  7. On this screen, you’ll see the Push/Fetch setting for every account on your phone. This is the screen where you can make the biggest difference.
  8. To maximize your battery life, switch everything EXCEPT iCloud to “Fetch”. iCloud should stay Push so that your iCloud backups occur regularly and without the need to manually do it.

Now enjoy better battery life!

Update: January 2, 2013 – Since switching from Push to Fetch for Exchange accounts several months ago, I can now confirm that disabling exchange does indeed result in better battery life. I’ve gone from having less than 20% at the end of a work day to having over 60% battery life in the same 10 hour span of time. Much, much better.

Technorati Tags: , , , ,

iPhone 5 – Fanboy Pre-Event FAQ

in Apple, iPhone

Tomorrow is the big Apple iPhone 5 event. Here’s a quick FAQ from your friendly neighborhood Apply Fanboy:

  1. Will the new iPhone 5 be on sale tomorrow? — Chances are, no. They’ll likely announce that pre-orders will open up midnight PST this Friday or soon after, and the phones will ship 2-4 weeks later. That follows the Apple pattern.
  2. Is a new iPad Nano or iPad Mini coming tomorrow? — It’s possible, but not likely. The invitations to the event specifically had the number “5″ on them, signifying that it’s an iPhone 5 event. Also, based on the typical Apple hardware release cycle, iPads don’t come out in the fall, they come out in the spring.
  3. What’s so special about the iPhone 5? — Nothing is officially confirmed yet, but if the credible leaks are to be believed, it looks like the phone will be the same width, but longer and slimmer. There will be a new dock connector at the bottom (smaller but still an Apple proprietary thing – don’t expect USB micro or mini…), and the headphone jack will be relocated from the top of the phone to the bottom of the phone. That’s all that seems credible right now.
  4. When is it being announced tomorrow? — In typical Apple fashion, the event begins at 1pm eastern. Expect the first 10 minutes to be news about Apple’s revenues, how many devices sold in the last quarter, etc. 10-20 minutes in, you’ll start to see the new stuff.
  5. Are there live blogs where I can follow the event? — Oh yes. Yes there are. Several:

    There’s more than that, but those are my faves.

  6. How much is the new iPhone 5 going to cost? — Likely the same price as the current line up – ranging from $199 subsidized through carriers up to $899 if you’re not up for an upgrade yet.
  7. Can I have your old iPhone 4S? — Make me an offer. Sexual favors only valid if you’re a female. ;)

Guns

in Glock, Gun Laws, Guns, Issues, Politics, World Events

I’m a gun owner. I own several handguns, rifles, and a shotgun. I believe we, as Americans, have a right to own firearms.

To a certain point.

What I don’t believe in is clips that have a high capacity for rounds. Automatic weapons. The ability to order thousands and thousands of rounds of ammunition at a time. The complete lack of being able to trace who is buying those thousands of rounds at a time. The ability to buy multiple semi-automatic weapons per month.

I believe in waiting periods to buy weapons, thorough background checks, and stronger laws to prevent people with mental illnesses to obtain firearms.

The asshat that shot up the movie theater over the weekend had a clip that held 100 rounds. 100 bullets. There’s no reason anyone outside of an actual warzone needs that. Hell, US soldiers don’t carry standard-issue clips that hold that many bullets.

High capacity clips fall way beyond self-defense. The only reason to have something like that is if you plan on killing people. A lot of people. If you need 100 rounds in a clip to “hunt game”, you must be the worst shot in the world.

Let’s talk about the weapons that the shooter used. According to reports, he legally obtained two .40mm Glock handguns, a 12 gauge shotgun, and an AR-15 Semi-Automatic rifle. The 100 round clip, the tactical vest, pants, helmet, etc. That was all legally obtained. He bought it in a state that has fairly lax rules and regulations about purchasing weapons. Here’s a link to Colorado’s laws, if you’re interested, and here’s a link to Maryland’s gun laws as well to give you an interesting contrast on the laws in my home state.

So, to all of my “friends” who keep posting idiotic things on their Facebook walls about how “guns don’t kill people” and “protect our guns from the democrats”, up yours. You’re militant idiots who have no place in civilized society. You’re delusional. Sure, there are more gun crimes in the US carried out by people with illegally obtained firearms, but it seems like most, if not all, of the mass shootings in the last 15 years have been carried out by legal gun owners.

And, by the way, if you think that the events of this weekends shooting could’ve been prevented if people had been armed, there’s no way to know. Just because you’re carrying a weapon doesn’t mean that you have the ability to react clearly to a situation like that. If you’re trained for it – and I mean REALLY trained for it – maybe you could hold your own. But do YOU really think you wouldn’t panic? Do you think you’d have been able to stop a guy wearing full tactical gear who was better armed than you? I doubt it.

Technorati Tags: , , , ,

Here’s to the crazy ones

in Apple, iPhone, Thoughts & Wonderings

While driving to and from work over the last two weeks I’ve been listening to the unabridged audiobook of the Steve Jobs biography (by Walter Isaacson) and it’s reinvigorated my spirit a bit. I haven’t finished it yet, but I’ve seen some interesting behaviors – both good and bad – that I share with Steve Jobs. It’s helped to point out some of the less appealing behaviors I sometimes engage in, but also served to reinforce my belief that the best user experiences are derived from end-to-end design.

A great example of this belief can be found in the design and functionality of the iPhone. The iPhone isn’t great just because the hardware looks good and the software works well. It’s a compilation of a multitude of factors – everything from the materials used, the shape of the hardware, the arrangement of sensors and buttons, the way the homescreen is rendered with iconographic buttons that aren’t too big for small fingers or too small for big fingers. It’s the whole package that makes the device so sexy, usable, and amazing.

As I work every day at Monster to try and make our software products better, more intuitive, and better looking, I find myself looking back to the first thing I remember about Apple as an adult – the “Think Different” campaign. Until I’d heard the text of it again tonight, I had forgotten how inspirational the words were to me, and still are:

Here’s to the crazy ones. The misfits. The rebels. The troublemakers. The round pegs in the square holes. The ones who see things differently. They’re not fond of rules. And they have no respect for the status quo. You can quote them, disagree with them, glorify or vilify them. About the only thing you can’t do is ignore them. Because they change things. They push the human race forward. While some may see them as the crazy ones, we see genius. Because the people who are crazy enough to think they can change the world, are the ones who do.

I intend to print this out tomorrow and keep it in my field of vision at my desk at work. It’s something I need to read and remember and keep in mind every day. It is a mantra to those who care about making great things, and I intend to make great things.

Here’s to the crazy ones.

Technorati Tags: , ,