If you’re thinking of building a website, then a content management system is probably one of the best tools for the task. Simply install it on your server, and you’ll have access to a formidable array of features, all designed to make your users, content, and website easier to run. Truth be told, the most difficult task you’re probably going to face is figuring out which CMS is the best choice for your site.
See…you aren’t exactly facing a dearth of choices. There are countless scores of platforms on the web, all designed with different use cases in mind. It’s all too easy to become overwhelmed – after all, how do you know which one is the best option for your organization? Continue reading
The biggest news since our last roundup was the discovery of the Shellshock Bash vulnerability. In this month’s post we’ve included a couple of articles on that subject including an interesting profile of the man who found the bug. In more recent security news, SSL has run into some trouble. But it’s not all bad news. CSS recently celebrated a twentieth birthday and Drupal 8 is on the horizon. So without further ado, here are the most interesting and engaging web design/development, CMS, and security articles from September and October to get you caught up. Enjoy and don’t forget to follow us on Twitter, Facebook, and Google + for the same great content the rest of the year.
Web Design and Development
Pitfalls and Prizes of Ensuring Quality Mobile Apps – The Guardian’s QA team has worked extensively with native mobile apps for several years, so when we began working on the next generation of the Guardian’s app we were aware of the difficulties that we were going to face when testing and ensuring the quality of the app.
It’s been a long time coming, but beta releases for the newest version of the Drupal content management system and web framework have begun to be made available for download, so it’s a good time to take a look at what we can expect to see in the next version of one of the world’s most popular enterprise-grade CMSs. Drupal 8 has been gestating for a long time, and there are hundreds of new features, enhancements, and fixes to look forward to. Continue reading
So, you’ve finally determined that it’s high time your business sprang for a dedicated server. There’s just one problem – you’ve no idea whether your business should choose managed hosting or unmanaged. Truth be told, you aren’t even entirely certain what the difference is between the two.
Don’t worry, we can help. In today’s piece, we’re going to be taking a look at exactly what each term means. In so doing, we’ll help you determine which one your business should go with – and which one they should avoid. Continue reading
Storing usernames and passwords in plain text is a bad idea. If the reason isn’t obvious, the reaction the iThemes plugin and WordPress services company received to its recent revelation that it was storing users’ passwords without any form of hashing should be instructive.
In the ancient prehistory of the internet, passwords were frequently stored in databases just as they were entered by users. The internet has changed. Identity theft is big business and online service providers have a responsibility to ensure that they make it as difficult as possible for hackers to steal password databases. It’s not all that difficult to do. Every commonly used programing language includes functions for cryptographic hashing of strings of text. Continue reading
If you’ve spent even a little bit of time in the world of content creation, then you likely already know about WordPress. It’s currently the undisputed king of blogging and content management, and with good reason. Not only is it incredibly powerful in the right hands, it’s also extremely easy to use – anyone can set up their own WordPress blog in a matter of minutes.
I’d wager that a large percentage of my readers are hosting their own sites using the platform – perhaps even the majority of you. Continue reading
UPDATE: A fix for CVE-2014-7169 was released on 09/25/2014 at 10PM CDT and we proactively pushed this update out to all customers which should address the outstanding Bash vulnerabilities.
Yesterday, it was discovered that Bash on CentOS 5 and 6 contains a critical security vulnerability; CVE-2014-6271. Due to “a flaw in the way Bash evaluates certain specially-crafted environment variables,” a savvy attacker could use the packages to inject malicious shell commands into a server, bypassing environment restrictions in the process. Immediately after discovering the bug – which has been christened “Shellshocked – Red Hat and CentOS sprang into action, releasing a new set of Bash packages in an attempt to address the vulnerability. Continue reading
High-traffic sites must maintain consistent performance with low latency under the heaviest loads. They must also be resilient enough that, even if a hardware fault prevents a server from performing properly, the site does not go down.
Performance and availability are the goal of every webmaster — revenue and reputation depend on them. For the busiest sites, a single server may not be enough to guarantee consistent performance and availability. Load balancing across multiple servers helps solve both problems. Continue reading
Although the last week’s news cycle has been dominated by the Apple event and their gadget announcements, there has been quite a bit of news since our last roundup. WordPress 4.0, named in honor of musician Benny Goodman, was released, iCloud ran into some security issues, and Google announced that HTTPS is now a ranking factor. And that’s just to start. So without further ado, here are the most interesting and engaging web design/development, CMS, and security articles from August and September to read at your convenience. Enjoy and don’t forget to follow us on Twitter, Facebook, and Google + for the same great content the rest of the year.
Web Design and Development
In theory, passwords are a reasonably good idea. A sufficiently long and complex password, hashed and stored in a secure database is an effective method of verifying identity. There’s a single point of failure in the system; the password may become known to a third party, in which case nothing lies between them and bogus authentication, but otherwise, passwords have the potential to do a decent job.
With a long and complex password — a password with enough entropy — there’s no way a hacker could brute force it in anything like a practical timeframe. Continue reading