Anthony Ferrara discovered a significant security vulnerability and an even more fundamental security flaw in WordPress. The correct fix is to ditch this whole prepare mechanism (which returns a string SQL query). Do what basically everyone else does and return a statement/query object or execute the query directly. That way you can’t double-prepare a string. … Continue reading Huge Vulnerability in WordPress 4.8
The Loop posted a great summary of Apple's Face ID security whitepaper. Two points about how the timeout works really baffled me. Face ID is disabled when: The device hasn’t been unlocked for more than 48 hours. The passcode hasn’t been used to unlock the device in the last 156 hours (six and a half … Continue reading What’s up with Face ID timeouts?
Great piece on Ev Williams and the open web. Yet his run near the top has been remarkably consistent. While other CEOs in his early-web cohort have left the industry, or have become writers or consultants, Williams has stuck around, leading companies. His startups have nearly all specialized in the same abstract medium: text boxes. … Continue reading Ev Williams and the future of online publishing
Marco Arment just published a post on The ethics of modern web ad-blocking. His opening position is pretty similar to my own, I've been a long time advocate of not blocking ads. In the past, I have also put food on the table via ad revenue. Until today, I have been morally opposed to blocking ads has until … Continue reading Today I Block Ads
(This is not a political post. I don't really do politics.) The vast majority of people I follow on the social medias are having a very predictable knee-jerk reaction against Donald Trumps presidential campaign. My knee-jerk reaction to predictable, like-button-induced, knee-jerk reactions is to immediately take a contrarian view. If I actually did politics, I'd continue this … Continue reading Trump