Anyone who logs into their WordPress account from public WiFi should take note that the user authentication cookies used for logging in are not encrypted and are easily hijacked by anyone looking to steal information. More importantly, this method of hijacking cookies manages to circumvent two-stage authentication. A technologist at the Electronic Frontier Foundation, Yan Zhu, noticed the ‘wordpress_logged_in’ cookie being sent over regular HTTP while looking for a bug report. She then grabbed the cookie to examine it and discovered that WordPress does not encrypt cookies as required for good security practices. The cookie can then be copied and pasted to any other browser to gain access to the victim’s WordPress account. Fortunately the security flaw does not allow hijackers to change passwords; as that information is stored within a different – and more secure – cookie. It, however, does allow others to read private messages, post new blog entries, view blog stats, and comment on other posts as the original user. The WordPress cookie does not even expire after the user logs out, instead lasting for what Zhu notes is three years. Although, she admits that she has no idea how long it takes for the cookie to expire on the server side. WordPress admits that it is aware of the issue, and will fix it with the next release. Until then, users should be extra careful to avoid logging in over public WiFi. Although, it has been pointed out that the issue does not affect WordPress sites using HTTPS.
Category Archives: Web Social
Originally introduced to the world earlier this year in conjunction with TV3’s Anugerah Juara Lagu 28, Media Prima Berhad today has launched its music streaming service called TontonMusic to the public once again. It is essentially a spin-off to the immensely popular Tonton Online video streaming service and the current iteration of TontonMusic allows users to stream music for free via its website. In general, the interface for TontonMusic is rather straight forward with each major section of its website are clearly labelled. There are plenty of ways users able to listen to music through the site: by genre, artists, or albums. Users are also able to search for individual songs on TontonMusic. Among things that made TontonMusic different from other streaming services out there is that it also features elements from Media Prima’s radio station such as FlyFM, HotFM, and one FM . These elements includes playlist based on each station’s charts and DJ talkset but make no mistake: there’s actually no live radio on TontonMusic. There’s also custom music function called Magic Radio where you can create your own custom playlist using your choice of DJ talk set, music genres, and artists. However, there is no option to select the playback quality on TontonMusic. In terms of music catalogue, I feel that TontonMusic is still far behind from music streaming services that already available in our market such as Deezer, Spotify, or even Nokia MixRadio for Lumia smartphones. This goes for both international and local artists; more so for older or much more obscure artists although users in general would have not much problem in finding current chart topping songs on the service. That being said, TontonMusic does offer soundtrack from a selection of local movies and drama series which are not commonly available out there and. Soundtrack album for certain Bollywood and Hollywood movies are also available through the service. If there is one significant flaw about TontonMusic that I noticed during our test run with it today, it would be its queue list. I found that the list is rather gimped since users are not able to individually add songs to it. You also not able to arrange or delete songs from the queue although you still able to switch from one songs to another easily. There’s no shuffle function too. As far as a free music streaming service goes, Media Prima Digital has certainly built a solid foundation for TontonMusic. Even though its music catalogue might not be as extensive (yet) as other established streaming services out there, TontonMusic does slightly stand out from other services thanks to its catalogue of sountrack from local movies and dramas in addition to the DJ talk set from Media Prima’s radio station. Now, let’s see if TontonMusic is able to replicate the success of the original Tonton Online streaming service. In my opinion, it is certainly achievable as long as Media Prima Digital continues to improve TontonMusic over time with better features and more contents. TontonMusic music streaming service can be accessed for free through http://www.tontonmusic.com.my.
Pembangun WordPress hari ini telah memperkenalkan versi terbaru sistem penulisan blog dan pembangunan web mereka, iaitu WordPress 3.9. Pelbagai peningkatan disertakan dan memudahkan pengurusan media pada platform tersebut. WordPress 3.9 kali ini dikenali dengan nama kod “Smith” dan menyertakan beberapa pembaharuan bersama dengannya. Pada bahagian media sahaja, pihak pembangun WordPress telah menambah-baik pelbagai perkara, dimana pengguna boleh membuat penyuntingan ringkas dengan pantas ketika menulis sesuatu artikel. Selain daripada itu, WordPress kini menyokong drag-and-drop gambar dan imej dari desktop terus ke bahagian editor. Selain daripada pengurusan gambar, pengurusan klip audio dan video juga ditambah-baik dengan sokongan playlist. Selain itu, WordPress ini turut memberikan perhatian pada bahagian tema, dimana pengguna boleh memilih tema dan rekaan web mereka, disamping memaparkan perubahan masa-nyata untuk penggunaan widget dan juga header. Anda boleh mengemaskini pemasangan secara automatik, ataupun memuat-turun fail sumbernya bersaiz sekitar 6MB.
Di Malaysia kita ada Bantuan Rakyat 1 Malaysia dan Kedai Rakyat 1 Malaysia bagi membantu meringankan bebanan perbelanjaan rakyat yang berpendapatan rendah. Ini adalah inisiatif yang bagus walaupun ada pelbagai pihak yang merasakan ianya membazir dan ada juga yang berkata jumlah bantuan terlalu sedikit. Nilai bantuan itu mungkin kecil dan tidak signifikan kepada sesetengah orang tetapi kepada penerima yang mempunyai kesesakan hidup ianya jumlah yang sangat besar. Di Amerika Syarikat tidak ada BR1M ataupun KR1M. Yang ada ialah sistem setem makanan Social Welfare dan pasaraya Wallmart yang menjual barangan pada harga runtuh. Mereka juga mempunyai Internet Essential, perkhidmatan internet yang di subsidi dengan harga langganan internet sepantas 5 Megabit sesaat serendah $9.99 (RM 32) sebulan. Bayaran tanpa subsidi perkhidmatan yang sama ialah $50 (RM164) sebulan. Ianya sebuah inisiatif khidmat masyarakat yang diberikan oleh syarikat Comcast. Untuk layak menerima perkhidmatan Internet Essential anda harus mempunyai isi rumah sebanyak 4 orang dengan pendapatan terkumpul kurang dari $43 568 setahun. Perkhidmatan ini kini telah dilanggan lebih dari 300 000 keluarga di seluruh Amerika Syarikat. Ini menunjukkan Amerika Syarikat menyedari internet berkelajuan tinggi adalah salah satu kepentingan hidup. Adakah anda merasakan perlukah syarikat pembekal perkhidmatan internet Malaysia menawarkan perkhidmatan seumpama itu kepada rakyat Malaysia dan ia juga boleh menjadi salah satu tanggungjawab sosial mereka ? Keperluan ini adalah lebih baik dari melihat kanak-kanak melepak di kedai semata-mata mahukan WiFi percuma. Sumber Oregonian.
As owners of Facebook Pages, we’ve been seeing a trend for many months now. Despite having continued growth in terms of Page likes on Lowyat.NET’s Facebook page, our post reach (The number of people who actually see individual posts from our Facebook Page on their timelines) not only did not increase, but instead dramatically declined. We aren’t the only ones either: other Facebook Page owners we know are facing the same issue, and it isn’t uncommon to hear one post reaching less than 5% of their total Page likes. What gives ? Its latest video, titled “Facebook Fraud”, explains just how the company is making billions of dollars from sponsored posts by a combination of its filtering algorithms and by being a victim of third-party “likes purchasing”. It’s a vicious cycle that ultimately ends up with Facebook Page owners being charged twice over, resulting in billions in revenue for Facebook – which has had issues monetizing its user base in the past. The cycle starts with this: Facebook would occasionally offer Facebook Page owners the option of a “free ad” to increase visibility of the new Page on Facebook, specifically to users who would be interested in the Page. Gradually, the likes would then come in – giving the impression of organic growth.
The problem is, a strange pattern appears later on: the likes would still be pouring in (Regardless of whether you’re still promoting your Page), but from users who are likely not interested in the Page and mostly from “click farms”. On the other hand, Facebook’s algorithms initially distribute Page posts to a small portion of your total fans, and if the engagement rate (Post likes, comments and shares all contribute to engagement rates) is high, the post will then appear on more timelines (To other fans and friends of fans). But if there is a significant portion of Page likes from irrelevant fans, the initial distribution of posts will reach less “real” fans, resulting in lower engagement rates, ultimately leading to minimal reach. So how does Facebook help Page owners to circumvent this issue ? Well, they don’t. Instead, Facebook would again encourage Page owners to promote individual posts to increase reach. And these don’t come cheap either: post promotion rates are scaled to the total amount of likes your Page has, so the higher amount of fans you have, the more expensive it gets to promote a single post. This puts Facebook Page owners in quite a quandary. Want more visibility for your Page ? Pay up for advertising.
Want your posts to reach every single one of your fans because your post reach dropped as your fans increased ? Pay up for advertising. Facebook Page owners are being pushed to a corner, and there’s nothing we can do about it. Well, actually there is. Facebook tested a “Subscribe” feature for Pages some time back, before settling on “Follow”. This feature allows all updates from the Page will appear on the user’s timeline. It also means that unless you click on “Follow” on a Page, liking the Page itself would not guarantee you’ll receive all posts from the Page. Another alternative is embedded deep in the confines of drop-down menus. At the top of the Page, next to the Page name is a little-known drop-down menu located on the “Like/Unlike” box. Click on the little arrow on that box, and you’ll see the option to “Get Notifications“. Click on that, and you’ll receive a notification every time the Page posts an update on their Page – but it also means that the post itself would not appear on your timeline. If this sounds like a lot of effort on the user’s part just to be able to see status updates, it’s because it probably is designed to be that way. After all, Facebook is making billions of dollars from ad revenue from this flaw (Which only affect Page owners), so why would the company admit to the world they’ve made a mistake – and are actively profiting from it ?
Being a mother can be a tough job, especially if it’s your first child and your family is either too far or too old to lend a helping hand. Sure, you’ve read countless parenting magazines since you saw a positive on the pregnancy test kit, your friends and family have been giving you all kinds of advice, and your parents and in-laws have been nagging you about superstitious stuffs on what you should and shouldn’t do. Then when the baby arrives, you realize that parenthood isn’t that simple, it’s a lot easier to talk the talk than to walk the walk – you’re overwhelmed by the new responsibility of a newborn who won’t seem to stop screaming, everything’s in a mess, you’re constantly told you’re not allowed to walk and all the other midwife tales, and before you know it, you’re suffering from postnatal blues. My experience with my first child wasn’t a sweet one; I had absolutely no help at all that doesn’t involve some ridiculously unhygienic midwife tales. So I turned to the next best thing – the Internet. Yes I’m aware that not everything on the Internet can be trusted (Google has been a great help, actually), so I discovered the next, next best thing – Facebook Groups. Say all the bad things you want about Facebook (I agree by the way), but the social network has got the best support groups for mothers and best of all, they have localized content with Malaysian (and even Singaporean) mothers sharing their experience with one another. It’s beautiful. There are plenty of support groups for mothers on Facebook from tips on pregnancy to parenting advice to breastfeeding guide, and there are even multiple groups you can join to buy or sell new and used item. After all, being new parents can be taxing to your income and using preloved items isn’t as bad as it sounds. So, if you have children, are expecting your first child, know of a friend who is a first time mum or even if your wife is expecting your first child, hit the break to see some of the recommended Facebook support groups for mothers – some are daddy-friendly too !
Melalui kemaskini JetPack 2.8, pihak pembangun WordPress membawakan sokongan tersebut kepada semua pengguna CMS WordPress. Markdown merupakan salah satu cara mudah untuk menambah pemformatan pada teks tanpa menulis sebarang kod HTML dan sebagainya. Perkara ini merupakan salah satu sokongan yang diminati ramai penulis, memandangkan ia memudahkan dan mempercepatkan urusan penulisan mereka di web. Tatacara penggunaan disediakan di Laman Worpress. Jetpack 2.8 turut membawakan beberapa kemaskini lain, termasuk penambah-baikkan pada fungsi JetPack Monitor. Bagi yang berminat, boleh memuat-turun atau mengemaskini JetPack terus dari wordpress anda. Bacaan lanjut mengenai Markdown di JetPack dan Muat-Turun Jetpack 2.8 untuk WordPress.