I’ve just moved my site from HTTP over to HTTPS. It’s not a huge deal for something like this, but it’s something which I’ve really needed to do for a while, and something which is becoming more and more popular. For most people this won’t mean much, and for this site it doesn’t amke much difference, but given that encrypting web pages is a simple process, there’s no real reason not to be doing it.
Joomla has announced the release of their open source CMS system, version v3.5.1. The latest version fixes the following issues which were found in v3.5:
- Fix root url sometimes returning empty in canonical URLs
- Fix having to log in twice when user session expires
- Some SMTP emails could no longer be sent due to a bug in the SMTP email server setup
- Session restarts caused PHP Errors
- Fix insertid() returning 0 for the PDO MySQL driver
- Fix the Empty trash and unarchive button not existing for com_banners
A little over a week ago, the Joomla! Project anounced the release of Joomla 3.5. The major advantage this has is that the widely used CMS has PHP7 support, allowing webmasters to upgrade their server installations and take advantage of the performance improvements that PHP7 brings.
The new version comes with an e-mail update plugin to allow site admins to know when there are patches and bug fixes; hopefully they will then patch their sites to the benefit of everyone.
A run down of the listed major changes are:
I’ve had the joys recently of being part of a code audit for a potential client for a change or re-build of a system. The code in itself was complete textbook…of how not to code a system. It looked like it had been built long long ago when OO principles didn’t exist, and when no-one knew about security unless they were in that field. Certainly developers knew nothing about security.
Open source and widely popular CMS Drupal released a maintenance fix to their 8.x branch a little under a week ago. This release fixes some bugs in the branch, but there’s no security fixes as part of it. The list of changes is available here. The change log also lists April 20th as the release date for Drupal 8.1.0 which should have further fixes and new features.
For those people running a CMS site, keeping up to date with the security and bug fix patches is good practice, and therefore you should look to update as soon as possible.
Earlier this week I was looking into RESTFUL web services and how to create them, so I set myself a small project. The idea was to do something very basic, but that could be useful for someone rather than just a proof of concept. i had no real direction. With the news recently being about Apple locked in a battle with the FBI about whether or not they should be breaking their security for the FBI to access data on a particular iPhone, I started thinking about how much bad security I have seen in software applications over the years. From this, I decided to build a web service which would take a hash string, and provide the original string for that hash where possible.
Firewalls are not fun. I’ve got to open with that statement as I’ve been doing a lot of work with firewalls in the past couple of weeks. It’s not been the most enjoyable of experiences, but I can see why it is needed.
I’m a huge advocate of taking backups of things. So much so, I’ve got my own home server backing up to “the cloud” with all of my files on it. It needs a bit of an organisational shuffle I think, but the idea is there.
I’ve recently been approached about a project for me to work on, part-time and on the side. This itself isn’t unusual, but it’s one of a very small minority which I think is a good idea and has some promise. I’ll not go into details about it, as I don’t know the full details of what role I would be involved in, and to what extent, but I had a look into it over the weekend and discovered something which probably affects many small businesses initially, and something which could be disastrous for them. Their SEO sucks.
I spend quite a lot of time on StackOverflow, both in terms of finding answers for something I need, and also for helping people out with their issues. One question I see quite a lot is around security permissions for creating files on the server. Usually these questions are for PHP, and as such I’m going to address this post as if PHP developers are sensible and deploy on a LAMP stack.
More often than not, I see the posts and they have something along the lines of the following:
I’ve set the permissions to 777 but it’s still not working
It makes me want to turn into the Hulk and smash things.