Tom Hickey

April 1, 2016

Buzzword: the Internet Of Things

When we moved into our house years ago I discovered that, while the garage door opener worked, there was no remote for it. Replacement remotes are easy to come by these days but my first thought was: why clutter up my life with one more remote that I have to keep track of?  Can I do this with my phone?

At the time I wasn’t familiar with the “Internet of Things” but I WAS feeling the sort of desire for convenience, simplicity and order that led to its emergence.  I’ve seen “Internet of Things” (IOT) has been showing up on a lot of 2016 buzzword lists and it gets my vote as one of the only buzzwords that deserves the attention it’s getting.

The Internet of Things (or “Internet of Everything” as some are calling it) means, simply, that many of the common appliances, machines and devices in our lives, which have always operated in isolation, can now communicate with other devices, generate useful information and operate automatically.  This concept is already driving many products that you’re already (almost) used to seeing:

  • thermostats that can not only be adjusted while you’re out of the house but can learn what your preferred settings are for time of day/day of week and time of year and adjust automatically (Nest and Ecobee)
  • “smart plugs” that can turn your old dumb appliances/lights on and off remotely, schedule them and monitor their energy usage (WeMo and ThinkEco)
  • enhancements to existing garage door openers that lets you know, wherever you are, whether there’s someone in the garage, whether the doors are open, closed or locked (Garageio and MyQ Garage)

There are also lot’s of applications of the idea that seems a bit more… let’s say “luxurious” including coffee makers, pet feeders and, yes, toothbrushes.  It reminds me a bit of the 1980’s when the technology to make tiny LCD clocks became so cheap they started showing up in pens, coffee cups, paperweights, etc.

The technology that allows these devices to communicate to the world is very specialized but, underneath, most of it is simply an extension of TCP/IP, the same protocol that keeps everything on the existing Internet talking to each other.  Since every device on the Internet must have a unique identifier in order for communications to be routed to it the old IPV4 addressing system would have been instantly overwhelmed.  But with IPV6 we’re in no danger of running out of addresses any time soon.

A lot of these products tend to be expensive but, the beauty of having a system that can collect data, analyze it and make adjustments to itself, is that they can become highly efficient.  The Nest thermostat system, for instance, tends to save users significant amounts of money and generally pays for itself by the second year of use.  That’s something that even those who are technophobic can get excited about.

Tom Hickey

November 3, 2015

Anniversaries: September 1995 – JavaScript

Well, I meant to post about this a couple months ago but better late than never.

September was the 20th anniversary of the release of Netscape Navigator 2.0 beta 1. For those who don’t remember, Navigator was the big dog of browsers in the 90’s until Internet Explorer steadily edged it out at the end of the decade. In 1995 Navigator had, roughly, 85% of the browser share on the Web. It was the browser to beat, and introduced a lot of new features and capabilities to web pages. Many give it credit for popularizing the internet. Back in 2007 PC World named it #1 on a list of 50 Best Tech Products of All Time.

One interesting feature that appeared in the first beta of Navigator 2.0 was an integrated scripting language called LiveScript. By the time beta 3 was released in December of 1995 Netscape had decided to capitalize on the rising popularity of Sun Microsystems Java platform by renaming LiveScript to (the wildly misleading) JavaScript. Within two years it had become an official standard and most web browsers had their own implementation.

javascript-with-cool-lens-flareI remarked to somebody recently that javascript is like the guy who gets hired to be janitor but winds up becoming president of the company. When I started web developing in 2000 most JavaScript (or JScript as the Internet Explorer flavor is known) appeared in very small amounts on websites to provide simple form validation, on the fly computation (“take the number in the QUANTITY text box, multiply it by the number in the PRICE text box and place the product in the TOTAL text box”) and swapping one image with another when the mouse rolled over it. It got the reputation as a needless embellishment to web pages that also introduced security problems. A lot of web developers advised everyone: “turn JavaScript off.”

These days a serious web application like Gmail can use hundreds of thousands of lines of JavaScript code, and most of the really advanced features of the web would be impossible without it.

It also used to be the case that web developers (like myself) came out of other areas of computer science or software development and had programming experience with languages like C, which JavaScript directly borrows the syntax of. These days a lot of people are diving into web development without previous coding experience and JavaScript is their their first exposure to a programming language.

Tom Hickey

September 2, 2015

A WordPress Security Primer

Over the last few years we’ve helped several companies clean up compromised WordPress sites.  Nothing strikes fear into heart like seeing “This site may be hacked” appear next to your site name in Google search results. There are a handful of common best practices for securing a WordPress site.

Limit Access

Sometimes a WP site is compromised by hackers getting getting ahold of an administrator username and password.  More dangerous is a hacker who has full FTP access. We’ve seen cases where a number of people (usually developers) were given individual FTP accounts to access a site.  Once this was done everyone promptly forgot that these accounts existed, even when the person they were issued to stopped working on the site. Make sure that old FTP accounts are deleted – usually through your web hosting company’s control panel or with the help of tech support – or at least change the passwords frequently.

Unique Usernames

After cleaning up one hacked site recently we installed the WordFence plugin (extremely useful – more info below) to monitor login activity.  We were alerted to A LOT of failed login attempts which likely means that the site was still on some hacker’s list as a vulnerable site.  Repeated login attempts are usually all about trying to guess a common username and password to get access.

90% of the failed attempts were using the username “admin.” So, first things first, DON’T use the default WordPress administrator username of “admin” because it’s just saving someone who wants to break into your site a critical first step.  Make it something memorable but make it different.

One behavior of WordPress that isn’t strictly secure is that it will tell you if you’ve entered a correct username when logging in.  This can theoretically be exploited by an attacker to guess their way to a valid username.  WordFence (and some other plugins) has an option that sets one ambiguous error message: “The username or password you entered is incorrect.”

Strong Passwords

We hear it all the time: a strong password is usually pretty long.  Short ones are much easier to guess/crack.  Here’s the obligatory XKCD strip explaining the realities of password strength:

Remembering a lot of passwords is one of the banes of modern life but there are now password managing plugins for most major browsers or services like Passpack.

Keep Your Site Updated

A WordPress site is made up (broadly speaking) of three components: the Core Files which provide all of WP’s general functionality, the Theme which uniquely customizes the look and behavior of the site, and Plugins which provide special features for the site.

The WordPress team updates the Core Files pretty frequently, often to address security issues and, ever since version 3.7, WordPress will automatically install these files as critical updates become available. Most popular and well-maintained Themes and Plugins are also updated periodically.  If they were downloaded from WordPress’s repository then you should also get alerts for new versions while in the backend.

However, if you’re maintaining a lot of site and/or you tend not to log into the dashboard of your sites very often then it’s trickier to stay up to date.

A simple way, via Plugin, to manage automatic updates for your WP site.

WordPress article on manually configuring all types of automatic updates (requires PHP knowledge).

Updating a component of a WP site always carries a small risk that it will break something that was already working.  The main way to avoid this is by taking the usual precautions: never modify the WordPress’s Core Files directly.  If you need to modify WP’s default behavior you can usually find a plugin that does what you want or, with PHP knowledge, write your own code using the Plugin API.  If you want to make changes to a Theme then use a Child Theme.

Even with those precautions it’s always possible something unexpected will happen, so, always…

Backup Regularly

Depending on who your site is hosted with, you may have access to some sophisticated backup options through a CPanel or similar backend.  Your hosting company is also most likely making periodic backups of your site but to have real control over your data, and be able to respond quickly to attacks or site problems, you’ll want to do your own backups.

One of the most popular backup plugins is Updraft Plus.  The free version is very a full-featured and easy to configure tool that allows you to backup your entire WP installation: database, themes, plugins, uploads, and (if you choose) the Core Files as well. Backups can be saved to a cloud storage location like Google Drive or Dropbox (more options available with the Premium version).  Restoring any backup can be accomplished with just a few clicks.

Security Plugins

There are a handful of popular WP security plugins out there but the one that I’ve found most useful is WordFence.  There is a premium version available that provides a number of additional features, but for most people’s needs the free version will give you solid coverage and is highly configurable –

  • alert you when one of of the Core or Theme files on your site has been changed
  • search for known malware on the site and, often, automatically repair the problem
  • alert you to all kinds of site activity including successful and failed logins, post creation and updates
  • block any IP address that fails a particular number of login attempts for a defined length of time

 

 

Tom Hickey

June 29, 2015

Anniversaries: June 29, 1975 – Apple I – the beginning of a era

102660089-03-01

Today is the 40th anniversary of the day Steve Wozniak sat down with his friend Steve Jobs and showed him a little project he was working on: A 1MHz computer with 4K of memory assembled out of $20 worth of parts. Wozniak had some thought of selling the designs at $40 a pop which is how most hobbyist computers were sold but Jobs saw an opportunity to make even more money by selling an assembled product.

The Apple Computer 1 (later known simply as the Apple I) debuted in 1976, distributed by the Byte Shop, one of the country’s first personal computer retailers. The Apple I was still very much a hobbyist product. IT HAD NO CASE! Essentially, what you were buying was this:

1020-apple-lead-970

Only 200 units were created and very few still exist, in part because Apple encouraged people to trade them in for the Apple II when it went on sale in 1977, and promptly destroyed all of the boards.

The original manual is available online.

Tom Hickey

October 17, 2013

Perspective

Chicago is where I wake up in the morning.  It’s where I feed the baby his breakfast, and ride my bike to the office, and do my job, and eat my lunch, and go shopping for groceries, and drop off bags of empty cans at the recycling center, and have a beer with a friend, and go on home and kiss my wife and fall asleep and then do it all over again.

When Astek went off to Union Pier, Michigan for our first-ever retreat, we walked down to the shore of Lake Michigan in the evening.  The EASTERN shore.  I did not take this photo, but this is what we saw.

Chicago from Indiana

Occasionally it’s nice to get a little perspective.

Tom Hickey

August 19, 2013

The Browser that Wouldn’t Die: Internet Explorer 6

Rocky-Browser-Internet-Explorer-6

If you enjoy celebrating dubious anniversaries (and who doesn’t?), make sure to mark August 27th on your calendar. It’s the day that Internet Explorer 6 turns twelve.

It’s hard to remember now what the browser market was like back in 2001.  The main players were Microsoft, Netscape, Opera and Safari.  It would be a few years before Firefox mutated into existence from Netscape’s code base. Chrome wasn’t even a glimmer in anyone’s eye yet and its parent Google was only the twelfth most popular site on the web.