Latest Posts

Adobe Reverses Course on Photoshop Security Patches

May 12, 2012 0

I use Photoshop, literally, every single day. I have used it since version 3 when we installed it in the new media lab at Duquesne and it came out on eight 3.14″ floppy disks, before it had layers. I have purchased it, beta’d version 6, and even received a copy of 5.5 last year from Adobe. Like I said, big fan.

So I was disheartened this past week when Adobe announced they had found a security issue in Photoshop CS5.5. The good news: they let everyone know about. The bad news: they wanted people to pay to upgrade at CS6 in order to fix the flaw, which is basically unheard of. From the security bulletin:

Adobe has released Adobe Photoshop CS6 (paid upgrade), which addresses these vulnerabilities. We are in the process of resolving these vulnerabilities in Adobe Photoshop CS5.x, and will update this Security Bulletin once the patch is available.

I could understand if this was a $0.99 app. Photoshop and the Creative Suite is an expensive piece of software. It’s worth every penny, but it’s an expensive upgrade, especially considering that CS5 came out in April, 2011.

The web, unsurprisingly, lost its collective mind about Adobe not issuing a patch for CS5, a product it still claims to support. I saw many tweets, posts and tumbles about it last night and this morning.

Now comes word that Adobe is changing its position and will update CS5 with a patch at an undetermined time. From their blog:

We are in the process of resolving the vulnerabilities addressed in these Security Bulletins in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x (12.x) and Adobe Flash Professional CS5.x, and will update the respective Security Bulletins once the patches are available.

The good news is that Adobe has seen the error of its ways and will issue a patch. What I wonder is how such a decision was made in the first place. If there has been a security patch for any type of software, operating system or not, it’s always been patched. Heck, even Microsoft says it will issue security patches and other fixes for Windows XP until 2014, and it came out in 2001.

How far up the chain of command did this idea go, and why didn’t someone along the way say “hey, people are going to freak out about this”? Now that we’re firmly in the social age, a company such as Adobe must realize that the word of something like this can spread around the globe in literally seconds.

tl/dr; Adobe will patch Photoshop, but at what cost to its image and reputation?

WordPress Inception, or: Adding a user to WordPress the hard way

May 7, 2012 0

I recently was helping a friend with their friend’s WordPress installation that they were having problems logging into. No problem, I thought, this should be easy. Unfortunately, all I had been given was the FTP login for the account. I lacked was a login to the actual WordPress system.

The challenge: un-hack their WordPress then login and make sure everything is cool. The FTP part was easy – I just re-installed WordPress’ core files. I could go on here about why its important to keep your WordPress up to date, but I’ve done that before.

Since the person whose blog this is was out of the country, I couldn’t contact them to get a login, and since they were having login troubles anyway due to the hack, we were kind of stuck.

One of the things I like about WordPress is that it’s user-friendly for end-users, but underneath the hood is a pretty serious framework. I’m constantly finding new features, functions and calls to do things I want WordPress to do that it might not ordinarily by default.

In my case, I needed to get a user into WordPress. After some poking around and reading documentation, I found a WordPress function, wp_insert_user, which will put a user into the system. I found you couldn’t just call this from a post or a page, but I found wrapping it in a function, putting it in the functions.php file of the theme and calling it on page_init worked pretty well. Here’s the code:

function ft_insert_user(){
	$newUserData = array (
	   'ID' => '',
	   'user_pass' => wp_generate_password(),
	   'user_login' => 'mike',
	   'user_nicename' => 'mike',
	   'user_url' => '',
	   'user_email' => 'mike@highedwebtech.com',
	   'display_name' => 'Mike',
	   'nickname' => 'Mike',
	   'first_name' => 'Mike',
	   'user_registered' => '2011-10-16 08:54:47',
	   'role' => 'Administrator'
	);

	$newUserId = wp_insert_user( $newUserData );
}
add_action( 'wp_head', 'ft_insert_user' );

The trick with this is I let WordPress generate me a password. I didn’t get a password in my email, but it was easily reset and I was able to login. However, I wasn’t an admin (I’m sure my code about could be better.) After some Googling, I found this PHP script which can be run outside of WordPress (but in your web root) that will assign a specific role to a specific user. This script assumes you know your user ID.

<?php
/*
 * Updates user role using WordPress function wp_update_user.
 *
 * Simple script to be run at webroot. Update user_id and new_role to taste
 * and run as regular PHP file on command line.
 *
 * @package WordPress
 */

require( './wp-load.php' );

// id of user to update
$user_id = 2;

/*
 * Basic list of user roles
 *
 * administrator
 * editor
 * author
 * contributor
 * subscriber
 *
 */

// user role to update to
$new_role = 'administrator';

// update user role using wordpress function
wp_update_user( array ('ID' => $user_id, 'role' => $new_role ) ) ;

?>

Now, I was an admin user and could check the theme and all other settings that are available to administrators, including installing plugins, starting with Better WP Security, developed by higher ed’s own Chris Wiegman.

The thing to remember is that with method, you need to have FTP or shell access to the area that contains the theme or web root. You can’t just use these functions on any WordPress site.

A Wild Google Drive Appears

April 25, 2012 0

Yesterday, Google finally announced its very long rumored Google Drive, basically a big pile of cloud storage. If you have a Gmail account, you can get 5GB of storage for free, which you can sync across devices, computers and the web.

Pretty much like Dropbox.  Except Google-ified.

I’ve been a faithful Dropbox user for a few years now, and it really has become an indispensible part of my workflow. All my things are synced and working on files from home or the office is brain-dead simple. Thanks to Dropbox referrals, I’m currently rocking 20GB of free storage, and depending on what project I’m working on, I am using only a little or a pretty decent part of that allotment.

Google Drive ScreenshotEnter Google Drive. I applied for my account yesteday afternoon and come late evening, I had an email saying it was ready for me. I downloaded the Mac app, which looks and behaves just like Dropbox’s app. After syncing up with the mothership, it downloaded everything that was in my Google Docs folder. Which is OK, I guess, though I didn’t really need it. I use those in Google Docs.

Google Drive works just like Dropbox in that it puts a folder on your computer where you can drag files/folders to and they automatically sync up to your account. I found the uploads to be fast and unobtrusive. I found a way to un-sync my Google Docs, which freed up a little bit of space (I have a lot of Google docs.)

Here a few thoughts…

I like Dropbox’s public folder, where I can put things, right click on them and get a URL that I can share easily with people. That’s been handy for uploading ZIP files, large photos, you name it, it’s been super easy. Just this week, Dropbox added a feature to allow you to create a link to any file in your Dropbox. This is interesting, as it’s not a direct download but a link to Dropbox’s site and users can download your file from there. I saw a comment yesterday on Reddit I believe that said “isn’t this what got Megaupload in trouble?”

That basic functionality is missing, at least right off the bat, in Google Drive. There’s no public folder. To make a document shareable, I have to go to the browser-based version of Drive and select sharing, and much like Google Docs, I can pick people who can see my document or open it up to the whole world. I wish it was a little easier.

My other thoughts were about pricing. With Dropbox, new users get 2GB for free. With Google Drive, users get 5GB for free. Obviously, 5 > 2. But I’ve referred enough people that I’ve got 20GB from Dropbox. 20 > 5. But, Google allows people to buy more space. Isn’t that nice of them.

Buy More Space!

For $2.49 a month, I can get 25GB of storage, and as a bonus, I’ll get 25GB in Gmail as well. That’s a pretty interesting price point. What really caught my eye was for $4.99 a month, I could get 100GB of storage and syncing. That’s a crazy prize. 100GB at Dropbox will run you $19.99 a month. It will be interesting to see if Dropbox lowers their prices in response.

The thing here to remember is that Google has the biggest storage and data network in the world. Dropbox uses Amazon’s S3 service, so there is fixed costs it has when it comes to storage. That 100GB of storage from Amazon will run the average person $10, but at how much data they store, I’m sure they get a huge price break. Still – $4.99. Wow.

And then there’s privacy.

Both Google and Dropbox have had their share of privacy issues recently, and may people are freaked out with Google having access to all kinds of data now that they can use to index and ultimately sell ads against. This tweet from Merlin Mann was interesting.

Merlin Mann Tweet

Yes, if you store your data in Google Drive, they will have access to it. In fact, if you read their TOS, they’ll do more than access it:

Google Drive TOS

That’s kind of scary. Dropbox’s terms are a bit less scary (H/T Jesse Lavery.) Are you willing to trade your info for the convienence of having your files anywhere and everywhere? Something to think about.

TL/DR; Google has free cloud storage, you can pay for more, privacy is something to pay attention to.