The family and I are taking a much-needed trip to southwestern Colorado to visit Mesa Verde National Park, the San Juan Mountains, and Ouray. We’ll be making a few other stops along the way, but those locations are foremost in our minds as we pack the back of the FJ Cruiser with our stuff and head out to Moab, Utah.
I find myself utilizing Twitter less often these days. There is so much noise, no matter how relentlessly I curate my timeline, that it has become unmanageable. There are occasional nuggets found within the torrent of tweets but it is such a chore to sift through the dross to find those nuggets that I find I simply skip to the top of my timeline. Am I alone in doing that?
I still derive great value from the blogs I follow via RSS. Yes, I know it’s supposed to be an antiquated way to “socialize” on the Internet, but it works. I’ve noticed that, along with the rise of social media platforms, the quantity of bloggers has declined while the quality of posts seems to have increased. I think the ease with which people can share via social media platforms has turned us into consumers and creators of digital junk food - Cheetos-like bits and bytes we consume with our smartphones. To be sure, blogs used to be somewhat the same, where people recorded the mundane details of life, but that action has largely migrated to Facebook, Instragram, and Twitter.
It takes more effort to blog and write long-form material. As a result, these days, the quality has improved. Twitter’s quality has definitely declined since I joined years ago and I find I rarely read my timeline anymore. Add to that the recent timeline changes Twitter announced and I wonder if my days on the platform aren’t numbered.
I recently worked on a portrait project where, in the course of discussions with the subject, it was decided that I would shoot on both film and digital formats. I will never agree to that again.
I have been itching to get out west of Salt Lake now that the weather is warming up. I love the west desert in the late winter and spring. Life is springing up again, there is green grass, and the weather is perfect.
My daughter and I went to Antelope Island to hike around. We ended up on an overlook of White Rock Bay on the west side of the island. We found a nice rock outcrop shaped like a huge chair and settled in for a snack while we waited for the sun to set and provide some nice lighting. This image was taken near that spot, looking out across White Rock Bay toward Elephant Rock in the distance.
I’m not being paid to make this recommendation at all (I just happen to know Adam Baldwin), but if you build Node apps at all, you really should consider the new secure development training for Node offered by ^lift. Even if you can’t make one of the training sessions they offer, it is well worth your time to chat with them about the security of your Node app. If security is baked into the app and is part of the development process, the chances of avoiding an embarrassing security vulnerability are drastically reduced.
These guys know their stuff and work with organizations such as GitHub and npm, Inc.
Check it out: ^lift Node Security Training
As a follow up to my previous post about the Windows Scripting Host (WSH), I should mention that I have seen a bunch of fake antivirus website pop-ups attempt to load a file called
setup.exe.vbe by downloading the file via the browser and attempting to get
wscript.exe to execute the malicious script. I have noticed that not all of these attempts have been caught by antivirus and virtually none of them by vendor-supplied network-based IPS signatures.
If you monitor change activity on your hosts, look for attempts by
wscript.exe to execute a file called
setup.exe.vbe and ensure that it was not successful.
Mandiant has a great post on their blog discussing some attempts by malware to maintain persistence on a host through utilization of the Windows Scripting Host (WSH) and startup folder:
Great stuff, including some indicators of compromise (IOC) and Snort rules to attempt to detect these situations, though the IOCs will be far more effective at this than the Snort rule.
I have completed the photo gallery, which consists of my favorite images I’ve taken over the years.
I hope you like it.
I just returned from a short backpacking and snowshoeing trip with a friend into a yurt nestled on the north slope of the Uinta mountains in Utah. The yurt is run by BRORA and a permit is required to stay there, but it is well worth the trip. BRORA stocks the yurt with propane and wood (though visitors are encouraged to cut wood and restock what they use in the wood-burning stove within the yurt), and it has propane lamps, cooking utensils, a wood-burning stove that is completely amazing, and various sundry goods required for a comfortable overnight stay in the backcountry during winter.
Once again I have made some significant website changes, now moving to a static website generated by Wintersmith and Node.js. Theme templates were created using Jade and should be responsive (adjusts the page to fit the screen on which the site is viewed, while maintaining consistent navigation).
In order to do this I first built a structure in HTML, utilized the wonderful HTML2Jade tool, made further adjustments to the output Jade template to match what I needed, and then did a lot of CSS hacking. I cannot stress how absolutely wonderful Safari’s web inspector is for getting CSS just right.
So, you may ask, “Why move away from Ghost and to a statically generated site?” First off, Ghost is a great platform and very slick blogging tool. As I’ve been using it I’ve bumped my head against its complex code several times, which is frustrating. I like simple, lightweight code.
Ghost is also very immature and lacks many key features for me, such as theme loops, an API, and a good static page implementation (admittedly, this is subjective). My biggest gripe is that, due to a bug in how the editor handles Safari in iOS 7, editing or creating posts on a mobile device doesn’t work at all. This issue has been around since iOS 7 came out, and there is still no fix in sight.
Bottom line on Ghost: It’s great, absolutely beautiful technology, but ultimately not for me.
Anyway, I hope I’ve moved everything over properly. If you see anything out-of-sorts, please let me know. I also plan to implement a photo gallery in the near future.