I’m away for a two week break - no computers are going too be (ab)used by me during this time - consequently, my next post on this blog will be on January 3rd.
Until then, enjoy the break.
Tom.
Archive for December, 2004
Bruce Schneier, founder and CTO of Counterpane Internet Security, Inc., has written an update to his earlier article on securing home PCs.
The updated article is full of useful advice such as recommending that you don’t use Microsoft Windows (”Buy a Macintosh or use Linux”), Microsoft Office (”Look into one of the free office suites as an alternative”) or Internet Explorer (”Don’t use Microsoft Internet Explorer, period”).
The article has been criticised, though, mostly for being too technical. This is a fair criticism imho, because Bruce himself in the article says it is “to give home users concrete actions they could take to improve security”.
Now, I don’t know what kind of home users Bruce is exposed to but I have met users who deleted files from their hard disk because they received an error message saying they were running short of virtual memory! These are the average home users and you know they wouldn’t have the first clue what Bruce means when he says “Limit use of cookies and applets to those few sites that provide services you need. Set your browser to regularly delete cookies” for instance, and as for suggesting that people microwave their CDs, I won’t even comment on that.
The advice Bruce gives is generally sound, for people who know what they are doing, that is. Most home users don’t fall into this category, unfortunately. There is no easy way to help home users until there are popular, secure and easy to use operating systems and applications readily available. That day hasn’t arrived yet.
Google have released Google Suggest as a beta release and it looks good.
What is Google Suggest? In Google’s own words ” As you type into the search box, Google Suggest guesses what you’re typing and offers suggestions in real time”.
In practice, this works out to be pretty nifty. Google puts up a drop-down menu of popular previous searches on the letter combination as you type, updating as you continue to type. For instance, type F and a list comes up starting with Firefox!
Google Suggest also tells you how many results there are for its suggestions.
Very handy.
Renaming the wp-comments-post.php file had a drastic effect on the comment spam - it appears very many blog comment spammers go directly to this file to submit their spam.
After changing the name of this file, not only did the amount of spam fall off significantly but the number of 404’s for this file ballooned - mostly from ip addresses in Brazil or Bulgaria.
Still one or two were getting through. On the offchance that this would increase again, I installed Gudfly’s Authimage. This is a Wordpress plug-in which displays an image with some random text that the commenter has to enter in order for their comment to be submitted successfully.
I installed that plug-in this morning and with help on the design side from FrankP, I re-designed the comments page accordingly.
I am now looking forward to significantly reduced comment spam.
Unbelieveably, I am still getting comment spam through the various measures I have put in place.
Just this evening, I have re-named the wp-comments-post.php file - previously I had edited the contents of this file, changing comment variable names but this hasn’t deterred all the comment spammers!
Hopefully, renaming the file will further reduce the amount of comment spam this site is seeing.
AuthImage not displaying image
The initial AuthImage install didn’t go according to plan. When the plug-in was installed, no image appeared - therefore no comments could be left, genuine or otherwise.
After scratching my head for some time, I remembered that this blog is in a separate folder from my Wordpress installation. I checked back over the AuthImage code and sure enough, there was a line in my comments.php file:
“img src=”/wp-content/plugins/authimage.php”
When I changed it to:
“img src=”/wordpress/wp-content/plugins/authimage.php”
The image appeared, the code worked perfectly and comments can no longer be submitted without entering the randomly generated code.