Archiv für die Kategorie "Maschinenraum"

WordPress 4.7.2 Security Release

WordPress versions 4.7.1 and earlier are affected (…):
The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. (…)
WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. (…)
A cross-site scripting (XSS) vulnerability was discovered in the posts list table. (…)
An unauthenticated privilege escalation vulnerability was discovered in a REST API endpoint (…)
An additional serious vulnerability was fixed in this release and



git pull tooligans

Jake Archibald ponders on Twitter about the state of web development

(make sure to read the whole thread)

— it seems that many developers are more obsessed about controlling the onslaught of complexity by creating and maintaining a plethora of tools, for pre- and post-compiling, minifying, deploying, testing, and automating every possible aspect of 'the workflow'.

Being a web developer seems to be more and more about mastering tools, not creating solutions that benefit the users. And how easy it is to get lost in this tool driven jungle, to ...

Beziehungsstatus: Es ist kompliziert

Spoiler alert: Es geht um meine Beziehung mit meinem Hosting Anbieter. Just sayin'.

Ich bin ein sehr treuer Mensch. Ich bin auch ein Gewohnheitstier. Und oft auch Libero im Team "never change a running system". Aber natürlich niemand, der "das haben wir schon immer so gemacht" vor sich her trägt, bewahre. Will sagen, es dauert bei mir eine sehr lange Zeit, bis ich mich durch das Pro und Kontra, für und wider, hü oder hott durchgearbeitet habe und eine Entscheidung treffe.

So kam es, dass ich irgendwann gegen Ende der 90er Jahre dann doch endlich mal weg vom damals wirklich ziemlich grottigen Strato hin zur DomainFactory wechselte. Und es gab in den fast 15 Jahren auch selten Grund für Beziehungsstress, im Gegenteil -- die Technik war schnell, der Support immer kompetent, freundlich sowieso, und ich hatte wirklich das Gefühl, da in guten Händen zu sein.
In meiner romantischen Vorstellung hatte ich es bei der DomainFactory mit Menschen zu tun, die abends, bevor sie heim gehen, nochmal durch den gut riechenden Serverraum schlendern, hier und da ein paar Patschkabel zurecht zupfen, Gehäuse steicheln und sich freuen, wenn die Maschine schnurrt. Das war "meine" DomainFactory.

Jeremy Keith - Choice

We’ve made the mistake in the past of framing problems as “either/or”, when in fact, the correct solution was “both!”:

you can either have a desktop site or a mobile site,
you can either have rich interactivity or accessibility,
you can either have a single page app or progressive enhancement.

We don’t have to choose. It might take more work, but we can have our web cake and eat it.

WordPress 4.6 "Pepper" ist da

Vor drei Tagen ist die neue WordPress Version erschienen.

New features in 4.6 help you to focus on the important things while feeling more at home.

Hm, na dann… :-)
In den paar Installationen, die ich schon aktualisiert habe, lief alles glatt und ohne Auffälligkeiten, daher drücke ich nun auch hier in der Bloghütte den Update Button.


A Front End Developer is Aware - Chris Coyier

In a general sense, the front end developer is positioned in the middle of lots of other jobs. Everybody involved in a web team ends up talking with the front end developers. That makes sense. The front end developers create the actual thing people interact with. Everything comes together with the front end developer. Perhaps that's why it's such a fun job!

Backdoor Service Workers - Jeremy Keith

(…) Just don’t tell the advertising industry about this. (…)

Ouch. Good find, Jeremy.

WordPress 4.5.3 Security Release

Gestern abend ist eine neue Version mit Sicherheits- und Wartungsfixes erschienen. Bei den diversen Installationen, in die ich involviert bin, hat sich das automatisch aktualisiert, auch bei älteren Versionen als 4.5.2, wie gehabt gibt es die Source aber auch zum Download auf

WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnönen and Divyesh Prajapati; revision history information disclosure, reported independently by John Blackbourn from the WordPress security


Revisiting the Service Worker / Offline cache

Motivated by the sudden appearance of the "Add to home screen" prompt, I spent the last couple of hours to tune my Service Worker / caching behaviour:

- I can now exclude parts of my site from the service worker. This was an important feature for me, since the WordPress backend didn't sit too well with stubborn cached items.

- I established a number of caches for different items:
-- a "static" cache that has the base css and the page that gets displayed when the network is offline.
-- a "content" cache, that stores up to 25 URLs a visitor has, well, visited, while being online.
-- an "image" cache, that stores up to 45 image files, and finally
-- an "asset" cache for up to 35 files (everything that is not HTML and not an image).

The limits are rather random, but I think each cache has an build-in maximum of 50 entries (?), so to see if it works, I choosed numbers smaller than that.

The design, the code, 1909 texts, the illustrations, and some photos are made by me.

Motorisiert durch WordPress