Press "Enter" to skip to content

Posts published in “Web Apps”

WordPress Upgraded to Fix Security Holes

By Christine Hall on May 7, 2015 |

News, Security and Web Apps

WordPress Upgraded to Fix Security HolesWordPress logo

Website publishers using the popular free and open source WordPress content management system (CMS) woke up this morning to find that their sites had been upgraded to version 4.2.2. Users who’s sites somehow missed being automatically upgraded are urged to update immediately, as this update addresses several important security issues. According to Wordfence, maintainers of a popular WordPress security plugin, this release fixes one recently discovered vulnerability and further hardens a security issue that was addressed in version 4.2.1.

Continue readingWordPress Upgraded to Fix Security Holes

WordPress Plugin ‘Simple Ads Manager’ Exploit

By Christine Hall on April 13, 2015 |

Internet, Software and Web Apps

Anyone who runs sites using the WordPress platform and the plugin Simple Ads Manager will want to read this and learn from our mistake. Even those not using this particular plugin, but who have deactivated plugins not being used but still residing on their servers might find this useful. Luckily, in our case no harm was done, but that’s only because the incident occurred on a test site, so we were able to just take the site down. Lucky for us, it wasn’t FOSS Force or one of our other active sites.

Early Saturday evening we began receiving numerous email notices with two worrisome subject lines from our server. One subject was “LOCALRELAY Alert for sitename,” being sent to us at the rate of about every five minutes, with each showing info on the “first ten of 101 emails” that had been sent by the server since the last email notification. The other subject, “Script Alert for /path/to/script” was coming with the same frequency. To make a long story short, someone had hacked into a site we use to evaluate and test WordPress plugins before possibly deploying them on active sites, and was using it to send spam. Our test site had been turned into a spambot in other words.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingWordPress Plugin ‘Simple Ads Manager’ Exploit
Old News Anew: Fixing Zen Cart for SSL v3 VulnerabilityZen Cart Logo

Old News Anew: Fixing Zen Cart for SSL v3 Vulnerability

By Christine Hall on January 15, 2015 |

Internet and Web Apps

PayPal was supposed to have made the change on December 3, the date it announced as the target for no longer accepting secure connections from sites using SSL v3 instead of TLS. As I manage a Zen Cart site which uses PayPal’s express checkout as it’s only payment option, I checked with the server’s technical support staff to make sure we were covered. Yup. We got you set up with that, they said. I was good to go.

When December 3 came and went with the site continuing to take orders, I figured I had weathered the storm quite handily, although this seemed a little too easy to me.

Then came Monday night.

While I was away from home and office, sitting at a borrowed computer, I received a series of emails from PayPal, notifying me that a customer was making repeated unsuccessful attempts to place an order — unsuccessful because PayPal was refusing the handshake from the server. I easily recreated the problem by logging on to the site using a dummy customer account and attempting to make a purchase. At the point where the order was sent to PayPal, the process failed with a red letter warning saying something like “(35) error:14094410:SSL routines:func(148):reason(1040).” Not cool.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingOld News Anew: Fixing Zen Cart for SSL v3 Vulnerability
Netflix, Chrome, DRM & Other NastiesNetflix logo

Netflix, Chrome, DRM & Other Nasties

By Christine Hall on October 15, 2014 |

Business, Community, Operating Systems and Web Apps

Monday’s article on easy Netflix coming at last to Linux garnered a few polite responses, taking me to task for my enthusiasm for a “non-free” solution. The problems are that Netflix uses DRM and that currently its use on GNU/Linux requires the use of the proprietary Chrome browser. One commenter even questioned FOSS Force’s commitment to software freedom with the remark: “Your logo “Keeping Tech Free” I take it that means free beer and not freedom.”

Netflix logoNope. I’m an advocate of free “as in speech” software — which includes the freedom to choose. If there’s a FOSS solution for something I need or want to do, I’ll take that every time, and encourage my friends to do so as well. However, if there’s something I need or want to do with no FOSS solution available, I might use a proprietary solution, depending on the depth of my need or want and on how draconian the terms of the proprietary EULA.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingNetflix, Chrome, DRM & Other Nasties
Don’t Fret Linus, Desktop Linux Will Slowly Gain TractionLinux Torvalds

Don’t Fret Linus, Desktop Linux Will Slowly Gain Traction

By Christine Hall on August 25, 2014 |

Operating Systems, Software and Web Apps

When Linus Torvalds was asked last week at LinuxCon where he’d like to see Linux excel next, he replied, “I still want the desktop.”

I nearly stood up an cheered when I read this, here in my house nearly 700 miles from the conference. That is until I became confused by what he said next.

“The challenge on the desktop is not a kernel problem. It’s a whole infrastructure problem. I think we’ll get there one day.”

Linux Torvalds
Linus Torvalds at LinuxCon 2011 in São Paulo, Brazil
Photo by Beraldo Leal from Natal / RN, Brazil.
What? What challenge?

Of course there’s not a kernel problem. From where I sit, there’s not a GNU problem either. I’ve been using Mint with Xfce for a while now and I find it better than any version of Windows I’ve ever used, many times over. Other than needing a little polishing with some distros, there’s no problem whatsoever with the penguin. Desktop Linux is only the best there is.

However, if by “infrastructure problem” he means that consumers can’t rush down to the local Best Buy store and pick a new computer off the shelf that’s already been loaded with a carefully configured Linux distro, I agree. That is a problem. Right now, it’s the only thing keeping Linux from having decent user share. But I’m pretty darn sure that’s getting ready to change.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingDon’t Fret Linus, Desktop Linux Will Slowly Gain Traction
ATMs Might Go Linux, MS DOS Source Released & More…Brendan Eich Mozilla CEO

ATMs Might Go Linux, MS DOS Source Released & More…

By FOSS Force on March 28, 2014 |

Browsers, Business, Copyright, Hardware, Internet, News, Operating Systems, Politics and Web Apps

FOSS Week in Review

Is Microsoft reading your Hotmail?

Last week we learned of the arrest of Alex Kibkalo, a Microsoft employee who’s charged with leaking an unreleased version of Windows 8 to a French blogger. According to Wired, during the course of an internal investigation in Redmond, an unidentified source approached Steven Sinofsky, who was then president of Microsoft’s Windows Division.

“The source gave Sinofsky a Hotmail address that belonged to the French blogger (also not named) and said that the blogger was the person who had received the leaked software. Microsoft had already been interested in the blogger, but apparently, after the tip-off, the company’s security team did something that raised alarm bells with privacy advocates. Instead of taking their evidence to law enforcement, they decided to search through the blogger’s private messages themselves. Four days after Sinofsky’s tip-off, Microsoft lawyers ‘approved content pulls of the blogger’s Hotmail account,’ the court filings state.

“By trolling through the Hotmail email messages and MSN Messenger instant message logs, Microsoft learnt how Kibkalo and the blogger pulled off the leak, says Federal Bureau of Investigation special agent Armando Ramirez III, in an affidavit filed in connection with the case. Microsoft handed over the results of its investigation to the FBI in 2013, and Kibkalo was arrested on Wednesday.”

This, of course, created quite a stir among privacy advocates. So much so that the folks in Redmond on Thrusday announced a change of policy when it comes to riffling through people’s Hotmail accounts. They’re still going to do it, but in the future the company will publish stats regarding its breaking into people’s free Hotmail accounts. In other words, we’ll know just how much they do it.

Continue readingATMs Might Go Linux, MS DOS Source Released & More…
Time Warner’s Live Chat Doesn’t Speak LinuxTime Warner Cable logo

Time Warner’s Live Chat Doesn’t Speak Linux

By Ken Starks on March 17, 2014 |

Internet, Operating Systems and Web Apps

Monopolies are like porn. I can’t describe one to you but I know one when I see it. OK, so maybe the term monopoly is technically incorrect in this instance…but not by much. In my area of service it’s Time Warner Roadrunner, AT&T DSL or nothing. While there is competition, there isn’t anyone that can deliver the same speeds as Time Warner, making the price difference between the two services make sense.

The idealist would say that this is a good situation. There are products to serve almost everyone, regardless of income. You get what you pay for and when you pay less you should expect to receive less.

Ken Starks

Ken Starks is the founder of the Helios Project and Reglue, which for 20 years provided refurbished older computers running Linux to disadvantaged school kids, as well as providing digital help for senior citizens, in the Austin, Texas area. He was a columnist for FOSS Force from 2013-2016, and remains part of our family. Follow him on Twitter: @Reglue

linuxlock.blogspot.com/
Continue readingTime Warner’s Live Chat Doesn’t Speak Linux
Rollapp’s Online LibreOffice Nearly Ready for Prime Time – But Not YetRollapp - Scribus

Rollapp’s Online LibreOffice Nearly Ready for Prime Time – But Not Yet

By Christine Hall on January 7, 2014 |

Browsers, Internet and Web Apps

I wanted to be able to tell you that despite rollApp being in beta it’s pretty much ready to go. Unfortunately, I can’t, because it isn’t. There are some limitations that make using the site a deal breaker for most users. When the developers get those worked out, however, rollApp will be ready to be a major player in the world of online apps.

For those who don’t know, rollApp is a startup that intends to offer in-the-browser online versions of many favorite applications. Already they have an impressive roster of apps up and running–such as the entire LibreOffice suite, Gedit, Scribus, Inkscape and Darktable. Except for some limitations, they work great–you’d hardly know you weren’t using an application that’s sitting on your own hard drive.

However, the limitations, until fixed, render the online apps unusable for most real-life purposes.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingRollapp’s Online LibreOffice Nearly Ready for Prime Time – But Not Yet
Cloud Based LibreOffice, Facebook Reads PMs & More…Linus Torvalds

Cloud Based LibreOffice, Facebook Reads PMs & More…

By FOSS Force on January 3, 2014 |

Business, Hardware, Internet, News, Politics, Security, Site News and Web Apps

FOSS Week in Review

In 2013, Linux hits grand slam

Now that companies are closing-out their books on the old year, it’s becoming evident that Linux devices were a big hit in 2013.

On Friday, CNET’s Brooke Crothers reported that Chromebooks, those nifty laptops running Google’s Chrome OS that let the cloud do the heavy lifting, accounted for 21% of all laptop sales last year. As impressive as that may be, the numbers get even better when Android tablets are added to the mix. According to market research company NPD Group, January to November saw 1.76 million Chromebooks and Android tablets sold, up from only 400,000 during all of 2012.

The OEMs, of course, are paying attention and are readying new Linux devices for the market.

Continue readingCloud Based LibreOffice, Facebook Reads PMs & More…
WordPress – Too Fast For ComfortWordPress logo

WordPress – Too Fast For Comfort

By Christine Hall on December 18, 2013 |

Internet, Software and Web Apps

Something’s got to give with the WordPress cycle.

Just three months ago, back in September, WordPress issued version 3.6.1 of their content management and blogging platform. Last week they issued 3.8. In between there was 3.7 and 3.7.1, the later release raising eyebrows when it included an automatic “minor point” upgrade feature that can’t be easily disabled.

That’s an average of one release per month, a burden for someone trying to keep sites safe from exploitation by the black hats. By quickening the pace of releases, WordPress may be inadvertently forcing webmasters into remaining with older versions, a potential security risk. Just as the enterprise balked at too much “release often” pressure from their vendors, folks who administer WordPress sites would be justified in complaining and pushing for a solution to this aspect of the WordPress development process.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingWordPress – Too Fast For Comfort

The Importance of Free Websites

By Christine Hall on November 15, 2013 |

Internet, and Web Apps

On October 26th, ten year old Charlie Thompson went to a Halloween party at a friends house in rural New York state. The weather was reasonably mild, so much of the party took place outside. At some point the children began playing a game of hide and seek. Charlie and another boy found a wooden board that Charlie thought would be a perfect place to hide. He lifted the board and knelt on another board that was underneath.

The board on which he knelt was old and rotten. Unbeknownst to Charlie and his friend, it was also covering an old abandoned well. Under his weight it immediately broke, hitting him on the forehead and knocking him unconscious. He fell straight down into the well, which was eighteen feet deep. His friend immediately ran to get help.

Christine Hall

Christine Hall has been a journalist since 1971. In 2001, she began writing a weekly consumer computer column and started covering Linux and FOSS in 2002 after making the switch to GNU/Linux. Follow her on Twitter: @BrideOfLinux

FOSSForce.com
Continue readingThe Importance of Free Websites
Latest Articles