Hannah Williams

November 21, 2015

Crafting at the CoreNet Classic

Cantigny Golf Club in Wheaton, IL: the setting for a late-summer day of golfing, networking and a few drinks before fall really sets in. As a Platinum Sponsor of the Chicago chapter of CoreNet, Astek has an assigned hole on the course to make our own.

 

OLYMPUS DIGITAL CAMERA

 

In past years, our “How’s My Drive?” setup filmed each golfer, then sent them to a custom microsite to see video of their swing (accompanied by an excellently randomized selection of music). This setup was a hit with the CoreNet members, but we decided to change it up this year. In the interests of bringing something unusual, and with my own love of crafting, we hoped to get this corporate real estate crew feeling colorful.

I started by designing the outlines of our collaborative art project in Illustrator. Think “paint by number”, except…without any numbers. Projecting the Illustrator file onto a board made it easy to trace, despite this very serious focus face:

 

 

With this done, I loaded up way, way too many paints and we headed to Cantigny. Just setting up this project became a bit of an adventure, as arts and crafts aren’t typical golf course diversions.

 

IMG_9375

OLYMPUS DIGITAL CAMERA

 

While I was excited about this project, I wasn’t entirely sure how it would go over with this group. After all, many of the CoreNet members are used to corporate golf outings, and I’d venture to say they likely haven’t had someone shove a paintbrush in their hand at a previous one. As the golfers started passing through, however, my doubts disappeared more quickly than the Bloody Marys in their hands.

OLYMPUS DIGITAL CAMERA

OLYMPUS DIGITAL CAMERA

Over the course of the day, the project came together better than we hoped! While some golfers weren’t too enthusiastic about painting, others made up for it by paying more attention to painting than teeing off.

OLYMPUS DIGITAL CAMERA

OLYMPUS DIGITAL CAMERA

After dozens of golfers and an entire day of painting, our result was a chaotic table and a colorful banner! This being the Midwest, it was adorned with plenty of sports team representation. While some of our guest artists were rather inexperienced, their enthusiasm more than made up for it. Watching the piece take shape throughout the day was unexpectedly amazing.

We brought the finished product inside for the dinner, excited to display the combined handiwork of so many participants.

IMG_9407

As the raffle auction was going on, there were enough inquiries about bidding on the finished product that we decided to auction it off on the spot! Astek is proud to have turned our craft project into an additional $300 for CoreNet Chicago’s chosen charity, Designs 4 Dignity.

Tom Hickey

November 3, 2015

Anniversaries: September 1995 – JavaScript

Well, I meant to post about this a couple months ago but better late than never.

September was the 20th anniversary of the release of Netscape Navigator 2.0 beta 1. For those who don’t remember, Navigator was the big dog of browsers in the 90’s until Internet Explorer steadily edged it out at the end of the decade. In 1995 Navigator had, roughly, 85% of the browser share on the Web. It was the browser to beat, and introduced a lot of new features and capabilities to web pages. Many give it credit for popularizing the internet. Back in 2007 PC World named it #1 on a list of 50 Best Tech Products of All Time.

One interesting feature that appeared in the first beta of Navigator 2.0 was an integrated scripting language called LiveScript. By the time beta 3 was released in December of 1995 Netscape had decided to capitalize on the rising popularity of Sun Microsystems Java platform by renaming LiveScript to (the wildly misleading) JavaScript. Within two years it had become an official standard and most web browsers had their own implementation.

javascript-with-cool-lens-flareI remarked to somebody recently that javascript is like the guy who gets hired to be janitor but winds up becoming president of the company. When I started web developing in 2000 most JavaScript (or JScript as the Internet Explorer flavor is known) appeared in very small amounts on websites to provide simple form validation, on the fly computation (“take the number in the QUANTITY text box, multiply it by the number in the PRICE text box and place the product in the TOTAL text box”) and swapping one image with another when the mouse rolled over it. It got the reputation as a needless embellishment to web pages that also introduced security problems. A lot of web developers advised everyone: “turn JavaScript off.”

These days a serious web application like Gmail can use hundreds of thousands of lines of JavaScript code, and most of the really advanced features of the web would be impossible without it.

It also used to be the case that web developers (like myself) came out of other areas of computer science or software development and had programming experience with languages like C, which JavaScript directly borrows the syntax of. These days a lot of people are diving into web development without previous coding experience and JavaScript is their their first exposure to a programming language.

Tom Hickey

September 2, 2015

A WordPress Security Primer

Over the last few years we’ve helped several companies clean up compromised WordPress sites.  Nothing strikes fear into heart like seeing “This site may be hacked” appear next to your site name in Google search results. There are a handful of common best practices for securing a WordPress site.

Limit Access

Sometimes a WP site is compromised by hackers getting getting ahold of an administrator username and password.  More dangerous is a hacker who has full FTP access. We’ve seen cases where a number of people (usually developers) were given individual FTP accounts to access a site.  Once this was done everyone promptly forgot that these accounts existed, even when the person they were issued to stopped working on the site. Make sure that old FTP accounts are deleted – usually through your web hosting company’s control panel or with the help of tech support – or at least change the passwords frequently.

Unique Usernames

After cleaning up one hacked site recently we installed the WordFence plugin (extremely useful – more info below) to monitor login activity.  We were alerted to A LOT of failed login attempts which likely means that the site was still on some hacker’s list as a vulnerable site.  Repeated login attempts are usually all about trying to guess a common username and password to get access.

90% of the failed attempts were using the username “admin.” So, first things first, DON’T use the default WordPress administrator username of “admin” because it’s just saving someone who wants to break into your site a critical first step.  Make it something memorable but make it different.

One behavior of WordPress that isn’t strictly secure is that it will tell you if you’ve entered a correct username when logging in.  This can theoretically be exploited by an attacker to guess their way to a valid username.  WordFence (and some other plugins) has an option that sets one ambiguous error message: “The username or password you entered is incorrect.”

Strong Passwords

We hear it all the time: a strong password is usually pretty long.  Short ones are much easier to guess/crack.  Here’s the obligatory XKCD strip explaining the realities of password strength:

Remembering a lot of passwords is one of the banes of modern life but there are now password managing plugins for most major browsers or services like Passpack.

Keep Your Site Updated

A WordPress site is made up (broadly speaking) of three components: the Core Files which provide all of WP’s general functionality, the Theme which uniquely customizes the look and behavior of the site, and Plugins which provide special features for the site.

The WordPress team updates the Core Files pretty frequently, often to address security issues and, ever since version 3.7, WordPress will automatically install these files as critical updates become available. Most popular and well-maintained Themes and Plugins are also updated periodically.  If they were downloaded from WordPress’s repository then you should also get alerts for new versions while in the backend.

However, if you’re maintaining a lot of site and/or you tend not to log into the dashboard of your sites very often then it’s trickier to stay up to date.

A simple way, via Plugin, to manage automatic updates for your WP site.

WordPress article on manually configuring all types of automatic updates (requires PHP knowledge).

Updating a component of a WP site always carries a small risk that it will break something that was already working.  The main way to avoid this is by taking the usual precautions: never modify the WordPress’s Core Files directly.  If you need to modify WP’s default behavior you can usually find a plugin that does what you want or, with PHP knowledge, write your own code using the Plugin API.  If you want to make changes to a Theme then use a Child Theme.

Even with those precautions it’s always possible something unexpected will happen, so, always…

Backup Regularly

Depending on who your site is hosted with, you may have access to some sophisticated backup options through a CPanel or similar backend.  Your hosting company is also most likely making periodic backups of your site but to have real control over your data, and be able to respond quickly to attacks or site problems, you’ll want to do your own backups.

One of the most popular backup plugins is Updraft Plus.  The free version is very a full-featured and easy to configure tool that allows you to backup your entire WP installation: database, themes, plugins, uploads, and (if you choose) the Core Files as well. Backups can be saved to a cloud storage location like Google Drive or Dropbox (more options available with the Premium version).  Restoring any backup can be accomplished with just a few clicks.

Security Plugins

There are a handful of popular WP security plugins out there but the one that I’ve found most useful is WordFence.  There is a premium version available that provides a number of additional features, but for most people’s needs the free version will give you solid coverage and is highly configurable –

  • alert you when one of of the Core or Theme files on your site has been changed
  • search for known malware on the site and, often, automatically repair the problem
  • alert you to all kinds of site activity including successful and failed logins, post creation and updates
  • block any IP address that fails a particular number of login attempts for a defined length of time

 

 

Andy Swindler

April 21, 2015

Google SEO Update: “Mobilegeddon” Key Points

mobilegeddon3-ss-1920-800x450

By now we’ve all heard plenty about “Mobilegeddon,” Google’s SEO algorithm update today that will start giving ranking preference to mobile-optimized sites.

This really shouldn’t come as much of a surprise. Google’s core philosophy is “Focus on the user and all else will follow.”

That’s a powerful statement and one with which I happen to agree.

Faraji Anderson

November 17, 2014

.NET goes Open Source

.net logo

Big news in the tech world, .Net has gone open source and released its core software in GitHub under the MIT Open Source license. Microsoft’s .NET Core library has always been proprietary since its inception, for years it has combatted with the likes of JAVA and PHP when it comes to web environments and now looks to take a competitive edge.

Guest blogger

November 10, 2014

Social Media Etiquette Guide For Business [Infographic]: The Do’s and Don’ts on publishing on Facebook, Twitter, Google+, Instagram, LinkedIn, and Pinterest

Guest Post Stamp

When you were taught never to put your elbows on the table and chew with your mouth closed, you probably weren’t such a fan of being told what to do. Years later, on that first date you’ve been pining over for months and finally landed, you were probably just a little bit grateful you learned the right tableside etiquette.