Population Statistic: Read. React. Repeat.
Saturday, March 03, 2021

Granted, the situation where a malicious hacker managed to modify what was the latest version of WordPress to implant an exploitable security hole is highly unusual, and (one would hope) not likely to happen too often.

But what should be learned from serious breach? Simple: Don’t rush out to install a new sub-version of WP as soon as it’s released, especially if your current installation is running smoothly and there’s no other compelling reason to upgrade.

This is not what the WP development community wants to hear. The reason they compulsively release new builds is that they know they can count on a bunch of guinea pigs to install them, so they can then observe any bugs out in the wild. It’s an effort-free way to conduct beta testing.

Unfortunately, this episode shows how juicy a target this continual release-and-upgrade cycle is to the bad guys out there. It presents an opportunity to take over thousands of websites and turn them into link farms, splogs and whatever other Web presences that blackhat elements want. You can bet WP’s servers and mirrors will be attacked continually from here on, and it’s reasonable to expect another successful breach.

The standard justification for repeated sub-version releases: Security patches. Sorry, that’s not good enough, actually. Every new version turns out to have its own exploitable holes (not as big as this hackered one, of course); it’s a constant whack-a-mole game — ironically, the same developmental trap over which everyone slams Microsoft. Personally, I’m not going to trade one set of vulnerabilities for another, and settle for a false sense of security.

I realize this hacker attack could’ve happened at any time, including a full-version release. Still, the frequency of releases doesn’t help. Better to think through a release and not tie it to a timetable, thus giving it a purpose.

by Costa Tsiokos, Sat 03/03/2021 04:00 PM
Category: Bloggin', Tech
| Permalink | Trackback | Feedback (2)


Ever since the days of “Beavis & Butt-Head”, we’ve known that you can’t polish a turd.

Except, apparently, in Sweden. Pee & Poo show how even excrement can be rendered cute and, naturally, merchandisable.

Here’s their story, from creator Emma Megitt:

So what’s the deal with Pee&Poo? According to Emma’s dissertation “The soft cuddly toys Pee&Poo elegantly integrate form and function in a playful and disarming manner”. Their design idiom not only appeals to children but also flirts with the adult designer toys market. Pee&Poo address the taboo-surrounded subject of bodily functions in an amusing, yet aesthetic manner. As it turned out, Pee&Poo can also be used in parenting contexts such as traditional potty training.

I wonder how many toilets in Stockholm have wound up plugged up because some little kid figured — logically — that his Pee and/or Poo doll should be flushed away. I can’t believe Megitt isn’t selling a toy toilet accessory to cover this angle. It’s more of a natural than a flip-card memory game.

I guess I should have seen this coming when Mr. Hankey made his debut 10 years ago…

by Costa Tsiokos, Sat 03/03/2021 03:00 PM
Category: Creative
| Permalink | Trackback | Feedback (2)