NosillaCast Logo

NC #623 Podfeet Redesign, Apple Meets Us Halfway, Ring Floodlight Cam, Security Bits

Podfeet.com finally gets a makeover and I’ll tell you a bit of detail on how I did it (link to comical PDF instructions). I was on the SMR Podcast this week, Apple appear to have a new strategy in repair of their products called “We’ll meet you halfway”. We’ll have a full review of the new Ring Floodlight Cam from ring.com. Bart’s back with Security Bits where we talk about Shadow Broker’s latest data dump that could endanger Windows users, and more.


itunes
mp3 download


Hi this is Allison Sheridan of the NosillaCast Mac Podcast, hosted at Podfeet.com, a technology geek podcast with an EVER so slight Apple bias. Today is Sunday April 16, 2017 and this is show number 623.

I’m really excited to announce that the new and improved Podfeet.com is finally released! I know it’s been a long time coming and probably the biggest delay with me getting the nerve up to pull the trigger.

It might be interesting to you to understand the process I went through execute this maneuver. First of all I had three versions of the website. I had the production version of Podfeet.com, then there was the beta version that was at podfeet.com/beta2 that you saw before, and finally I had a local version on my Mac, which we’ll call that one localhost. I originally built the new version of the site on localhost, creating it by massive trial and error and using old data from last year. Then I pushed the localhost version up to beta2. I did a bunch more edits on beta2, including minor tweaks here and there to the CSS with help from awesome listener Helma.

When no one said they hated it, many people said they loved it and I really liked it. What would you do next if you were me? Procrastinate for two months, right?

When I finally sat down and decided to do it, I asked for Bart’s help story boarding how to go about doing the final installation. I know I’ve explained how WordPress and other content management systems work about a hundred times, but briefly so we’re on the same page I’ll do it one more time.

The stuff you write on a website/blog all goes into a database. So if I write a new blog post, the title I write goes into a table into a field called Title. The text of the post goes into that same table but in the content field. So the database holds everything you write.

Then the other parts of WordPress, especially the theme, create how that content is presented to you. Is there a left or right sidebar? How many things are in the menu? What color are links? What font are you seeing? All of these things are what makes a content management system work so you can change the look and feel without changing the content itself.

So here was my process:

  • Create a whole new database on localhost
  • Download the current database from podfeet.com. Bart helped me do this with a tool called Sequel Pro which was WAY easier than the way I’d done it before using phpMyAdmin.
  • Populate the localhost database with the most recent data
  • Install the then current theme from podfeet.com on localhost so it looks like the live site
  • Create a step by step, methodical procedure to update localhost to look like beta2
  • Find the path to change everything I can without flipping to the new theme. This is so there’s the least amount of disruption to the live site when I follow my own procedure.

These steps took me three full days to complete. I documented every step using Clarify of course. It took that long because I still had trial and error on how to make sure I didn’t make changes that would be visible until it was unavoidable. I also found a LOT of stuff that I couldn’t remember how I did it! I know that sounds dumb but that’s what happens when you figure things out over a long period of time using trial and error. I’m including a PDF of my migration document in the shownotes for your amusement. It’s not a pretty document, and no one else on earth could possibly learn how to migrate a site using it, but I thought you might like to how hard it was! It’s filled with weird little notes to myself, with tons of questions marks to grab my attention when reading, so just laugh at me and move along.

But when I finally had all the steps ready and documented, I followed my own procedure on the live site, and it only took a couple of hours to execute! I was so happy I’d written my procedure ahead of time!

Once I went live, I shot out a message to Twitter, Facebook and Google Plus asking for our early warning system to see if there was anything wrong. There were a few tweaks here and there, but the most interesting problem was something that Steve and Ian found independently.

On the home page with Safari, everything looked grand, but Steve checked with Chrome and some stuff looked wonky. By wonky I mean two giant black bars in the middle of the page! The only thing I could think of was maybe he had an ad blocker on Chrome that was acting weird, and that’s when he noticed the “insecure site” symbol was showing on Chrome. Well podfeet.com is https, but I checked and some of the hard links I’d put on the buttons weren’t typed as https. I changed those, and suddenly Chrome was happy.

But later that first day, Ian sent me a note including a screenshot of the exact same wonkiness, two black bars, and after a big black circle with an x in the middle, when he went to the Podfeet Press signup page.

Podfeet Press is a newsletter that goes out automatically whenever a new show goes out and includes the show notes, but it’s also how I let people know when something is wrong, like if I lose my voice or my website was to go down, that’s one of the ways I let people know. Anyway, the newsletter is managed by a service called Mailchimp, and I had grabbed the embed code for the signup form from Mailchimp a hundred years ago. I went and grabbed a new version, plopped it into the page, and boom, all the wonkiness went away.

I’d like to know why those particular failures on screen were chosen, I would have thought an alert saying something on the page was insecure would have been enough, but I was pretty happy that I was able to fix it myself!

I want to give another shout out, this time to Nik Lai. Ages ago he suggested I use the Featured Image thing in WordPress so that when I post a link to the site say on Facebook, Google Plus or Linked in, that image would be what you see Instead of that GIANT Patreon logo. I told him that my theme didn’t support featured images, but now my fancy new theme does support them! Now when you see the blog posts you’ll see a pretty little image to help you know where you are. So if you click on Programming By Stealth, on the home page, every post will have Bart’s cool PBS logo. Tap on a blog post you’ll see a little featured image from the post. I like it a lot!

A shout out to Steve, for going back through the last dozen or so of each kind of post and making sure there’s an appropriate logo or featured image showing. I hate doing that kind of work and he actually volunteered!

Ok, that’s probably enough inside baseball, but I think you’ll find the site much cleaner to read, it will be easier to find things like the tutorials and the separate kinds of episodes, and guess what else? The SEARCH actually works now!

Chit Chat Across the Pond

In Chit Chat Across the Pond this week we’re back with Programming By Stealth. Bart FINALLY lets us start learning Test Driven development, or TDD. He shows us how to use a free and open source tool called QUnit, made by the fine developers of jQuery, to analyze our test code. It’s something I’ve been itching to learn more about, ever since listener Jill tipped us off to the concept. It’s a really fun episode where everything kind of comes together. Hope you enjoy it as much as I did.

SMR Podcast

This week I was on the SMR Podcast and had a complete and total blast. It was me, Robb Dunnewood and Chris Ashley and we talked a lot about the United fiasco, a bit about Apple and a lot about the tech stuff we did on our trip to South America. That last bit sounds like a bit of a rerun for you guys but all stories are better told with Robb and Chris there! Check it out at SMRpodcast.com episode #337 “The Roller Coaster with Allison Sheridan.

Blog Posts

Apple’s New Strategy: We’ll Meet You Half Way

Watch Bad Guys (and Coyotes) with the Ring Floodlight Cam

Patreon and Amazon

On the new and improved version of podfeet.com, I’ve made it super easy to figure out how to support the show. There’s a big red button that says “Support the show” right on top. I you click that, the site will beautifully scroll down to show you the Patreon link, the Amazon Affiliate Links, a one time donation PayPal link, and a button to take you to a page to learn how to record your own review. All methods of helping the show are welcome!

Security Bits

Security Medium – Shadow Brokers Strike Again

This week Shadows Brokers released two more dumps of NSA hacking tools. The second of these dumps is by far the most significant of the two – in fact it’s being described by security researchers as the most significant of all the Shadow Brokers dumps to date.

The second dump contains tools for hacking most versions of Windows (server and desktop), and tools for hacking the SWIFT banking system which is used by many banks in the Middle East.

Because this is a big dump, and because it only came out the day before recording, things are still a bit murky at the moment. Security researchers say this dump contains some zero-day bugs, but Microsoft say that everyone using fully patched instances of supported versions of Windows are safe.

You’re definitely safer the more patched you are, and you’re definitely not safe if you’re running an unsupported version of Windows like XP or Vista. Basically, our standard advice should still serve you well here – don’t run unsupported software, and keep all the software you do run fully patched.

Links:

Important Security Updates

  • Patch Tuesday has been and gone, with critical updates from Adobe (Flash, Acrobat & Reader) and Microsoft (Windows, Office, IE, Edge, Silverlight & more) – krebsonsecurity.com/…
    • The Microsoft updates are particularly important as they fix two Zero-day vulnerabilities being actively exploited in the wild, one in Office, and one in IE. The update also disables some graphics filters in Office to protect from a third vulnerability they have not yet patched that is also being exploited in the wild – nakedsecurity.sophos.com/… & arstechnica.com/…
    • This is the last time Windows Vista will receive updates – it is now dead
    • Microsoft have also followed through with their previously announced plan, from now on, there will be no more security updates for Windows 7 and Windows 8 on new CPUs (Intel Kaby Lake and AMD Risen and later). If you run these processors, you now must upgrade to Windows 10 – arstechnica.com/…

Important Security News

  • As expected, recent Vault7 leaks have enabled security researchers to retro-actively attribute previously mysterious hacks to the CIA – arstechnica.com/…
  • When requested to hand over information on a user who was critical of President Trump by the US government, Twitter refused, and instead sued the US government. This tactic succeeded, and the US government rescinded its request – www.recode.net/…
    • A followup article from recode points out that Twitter have a long history of standing up for the rights of their users – www.recode.net/…
  • The Royal Canadian Mounted Police, better known as the Mounties, have admitted that while they now use Stingray devices to hoover up smartphone data indiscriminately with permission and appropriate authorisation from judges, in the past, they used them illegally. These devices capture all data travelling through them, not just the data pertaining to the target of any given investigation, hence the controversy over their use in the US – nakedsecurity.sophos.com/…
  • Spanish police arrested Pyotr Levashov, one of the most wanted spammers in the world, at the request of the US government – krebsonsecurity.com/…
    • After his arrest, the US DoJ moved in and killed the so-called Kelihos botnet which has been active since 2010, and was operated by Levashov – arstechnica.com/…
    • According to Brian Krebs, RT succeeded in distracting many American news outlets away from the story by pumping fake news claiming the arrest was related to the US elections – krebsonsecurity.com/…
  • Google has boosted its validation of business listings on Maps after a wave of fraud – nakedsecurity.sophos.com/…

Notable Breaches

  • Payday loan company Wonga has been breached. The breach affects approximately a quarter million users in the UK and Poland – nakedsecurity.sophos.com/…
  • A careless developer has accidentally leaked a database containing personal and medical information on almost a million diabetic Americans. The data came from an unsecured copy of a database collected by a now defunct telemarketing firm – nakedsecurity.sophos.com/…
  • There appears to be a credit card breach at Shoney’s restaurant chain (popular in the southern US apparently) – krebsonsecurity.com/…

Suggested Reading

Palette Cleansers

  • A great video explaining the science of Mercury entering Retrograde: www.vox.com/…
  • Spectacular video from NASA about the dramatic finale to the Cassini probe’s mission to Saturn:
  • What’s Your Address – Mr. Robot from Imgur

That’s going to wind this up for this week. I’ve made it way easier on the new version of podfeet.com to find the way to interact with me and the other NosillaCastaways now. There’s a big red button that says “Join the Conversation” and there you’ll find logos to tap for our Facebook group, our Google Plus community, my Twitter page and even an email logo if you want to write to me. And of course, a big nice new logo for NosillaCast Live where you can join in the fun of the live show on Sunday nights at 5pm Pacific Time and join the friendly and enthusiastic NosillaCastaways. Thanks for listening, and stay subscribed.

1 thought on “NC #623 Podfeet Redesign, Apple Meets Us Halfway, Ring Floodlight Cam, Security Bits

  1. Steve Sheridan - April 17, 2017

    I like the new podfeet.com layout.

Leave a Reply

Your email address will not be published.

Scroll to top