Category Archives: internet

what drains your battery faster? 3G or WIFI?

So what drains your smartphone’s battery more you think? Using a local WIFI network or the 3G cell network to download stuff from the internet? I Googled it but I didn’t find any solid hardcore scientifically based evidence. Time for a small home-grown scientific experiment then!

So here it is *drumroll*, the WIFI vs 3G battery drainage challenge!

I fired up the Grooveshark html5 app (which is quite nice actually) to non-stop stream music for 20 minutes and checked the battery usage when repeating this for both types of networks. In the meanwhile I was keeping anything else down to a minimum (like activating the screen which is also a juice sucker). Checking the battery usage means simply writing down the percentage displayed in the top Android menu bar before and after the test, so it’s not that precise, but it’ll do.

The results after 20 minutes of non-stop music streaming where:

  • WIFI battery usage : 2% drained
  • 3G battery usage : 5% drained

WIFI beats 3G with more than half of the battery usage in this (not so inaccurate) test. But still, it gives a pretty clear idea of the winner here. So roughly speaking, on 3G you have about 6 hours of music to go and a whopping 16 hours on WIFI before your battery is dead, if you have a Sony Xperia. Taking mobile data costs into account, WIFI certainly seems to be the preferred option to stream anything over.

Heck, I’ll even trow in some pixelarty kinda infographic, to make all the numbers just look a bit more pleasing.

wifi vs 3g battery usage duke-out infographic (sort of)

time to change some passwords

Untitled

So you’ve probably heard of that nasty heartbleed bug this week. If you’re still using the same password all over the place you can now see why that’s a bad idea. If you don’t want to get your accounts hacked, now is a good time to start using KeePass and have random hard to hack passwords for your non-essential accounts, and hard to crack ones for the ones you need access to without any additional software.

Also, two factor authentication baby. Use it.

Picture by Baie, cc-licensed.

how to secure your wordpress blog

carcassonne

WordPress is popular and as it goes with all kinds of popular software, it becomes a target for hackers trying to take over and use your site to send spam into the world, or just cause some other kind of mayhem.

To protect yourself from this kind of trouble, there are a few things you can do to prevent bad things from happening to your precious WordPress site.

  1. First of all, keep your WP software up-to-date. There are usually some security fixes in there and you do want to have those live on your public facing site. Hackers know what the vulnerabilities are in old WP versions and scan the internet automatically for unpatched sites. Don’t become an easy target by not having the latest version of WP installed. The latest version of WP (v3.7.1) is able to do security updates itself which is awesome. Be sure to check if your site supports this and activate it if it does.
  2. Keep your plugins up-to-date as well for the very same reason. Old plugins can offer a way in for hackers and we don’t want that to happen.
  3. Delete (old) plugins you don’t use anymore, or replace them with newer ones. JetPack has a lot on board out of the box now so you can probably ditch a few old plugins. The less plugins you have, the less possible vulnerabilities your site has.
  4. Take regular backups. In case something goes wrong, you can at least restore a version you know isn’t compromised.
  5. Harden your WP site by configuring your .htaccess file if your site runs on an Apache web server. It’s explained nicely how to do that in the link. It can prevent hackers that do get access through a bad plugin to do any more damage to the rest of your site.
  6. Use a long, hard to guess and preferably random password for your admin account. Using a different admin user is also a good idea. Brute force login attempts are made against the default “admin” user, so if that one has a long random password you’re pretty safe there. You can use something easier to remember for an alternative admin account if you want, but I recommend you to use something like KeePass to manage long & unguessable passwords anyway.

Here are some plugins that can help with these tips:

  • WordFence scans your site for possible vulnerabilities by checking your installed WP and plugin files with the ones from the official releases. It also helps with the first 2 tips by warning you by email if a plugin or WP itself needs an update. Quite handy.
  • All In One WordPress security & Firewall plugin scans your site settings for security vulnerabilities and helps you get rid of them. It also has a firewall built in.
  • WP security audit log won’t prevent anything, but it keeps track of logins, updates of plugins etc, so that if something weird happens, you can use it to figure out the “when” and “what”.
  • A backup plugin. There are plenty and you should pick one that fits your needs. I’ve used BackUpWordPress for a DB backup only, but it can also backup the files. It sends you an email with either the zipped backup or a link to download it if it’s too big to stuff in the email. Another good option is UpdraftPlus which can backup your files & DB to remote storage like Google Drive or Dropbox a.o. Your hoster might also have a full backup feature, which is usually the best option anyway as it will backup more than just your WP site.
  • BruteProtect protects (as it says) against brute force login attempts, a problem a lot of WP blogs had to deal with lately. Next to that you should of course make sure you have a complex password for your admin account.
  • Bad Behavior is mainly a tool to combat spam, but since it scans for incoming malicious requests it can also block the occasional bot looking for vulnerable sites.

For a more extensive guide to securing your WordPress site, also check out this Bloggers Guide to WordPress Security. It’s long and full of great tips and guides covering a wide rang of security practices like how to combat spam, CAPTCHA’s and setting up HTTPS.

 

guess who got hacked

Night Work

Let me tell you about that time my site got hacked.

Once upon a time I received this email from Google. Now when Google emails you, you usually pay attention, even it it’s a bot. Those guys know their stuff.
The email told me that my site was possibly hacked because it was suddenly feeding spam when the Google bot was passing by.
The reason why I got this email is because I use the free web master tools from the G btw. That way they know my site has behaved nicely over the years, and when it suddenly started spewing spam, they knew something bad was up.

The scary part is that this only happened when Googlebot was munching my pages. Not when I or any other human passed by with a browser. So in other words, I didn’t have a clue.
Because it was quite the mystery, I checked my web folder and found a few suspicious files and folders in there. Suspicious, because I never put them there.

I found a folder named “coockies“, an unknown common.php, session.php and coockies.txt file. My .htaccess file was also changed. All php files and the .htaccess had the same timestamp. I compared my complete WP installation with the original installation files to be sure no other files were modified, which turned out to be the case.

The folder seemed to contain files with file names resembling URIs of my blog posts. The content was unreadable and appeared garbage. I’m guessing it was an encoded version of the spam my site was feeding Google.

At first I thought my WP blog was hacked, but the entry point was simply the modified .htaccess file. It contained a few new rewrite rules which checked the user agent of the incoming request, and if that matched any of the major crawlers, it would redirect to the new php files, which would feed the spammy content.

Cleaning up turned out to be rather easy.
I deleted all the new files, restored my old .htaccess file (hurrah for backups) and changed my site passwords just to be sure.

The fishy thing about all this is that I’m still not sure how these files got on my system (hence the password changes). The timestamp on the files seemed to point to the moment I last ran a WP and plugin update on my site. Maybe it was pulled in with a compromised plugin, but there is no way to tell which one it could have been. Another option is a compromised FTP account, but that password was already random before I changed it so that seems unlikely. I still changed it to a random and longer one to be sure.

I also took some extra defensive measures to try to avoid this kind of hack in the future, but that’s for another post.

Photo by Thomas Heylen, cc-licensed.

why I’m getting more hits since I updated my wordpress theme

Getting more hits in case of my blog means getting more Google love (90% of my traffic comes from the G), which means I get a higher ranking and end up higher in the search results.
So why could this be?

I don’t know really. I mean, it’s not like I A/B tested this and have raw hardcore scientific data or something like that, but that doesn’t stop us from guessing and coming up with the following list!

1. Google loves my new layout and gives me a better rating cause it’s pretty. Not likely.
2. Google loves HTML5. The previous theme was ugly HTML4.
3. Displaying full posts instead of a digest on the front page gives Google more content to index and it likes that.
4. The Twenty Twelve WordPress theme is a marvel of SEO goodness and Google fell for it.
5. Google likes a minimal layout linking to very few external sources better than something that links to plenty of external sites. Maybe it thought my blog was a bit spammy before. Who knows?

I’m thinking it’s probably 2, 3 and 5 that are doing the trick, but still I can’t be sure.
But apparently your site layout really matters judging from the stats.

The update went live in week 28. Below you can see that in the weeks before the update, I was maxing out around 150 hits a week. Afterwards, It started reached over 200.

Weekly stats after theme update

The monthly stats show the same thing.

Monthly stats after theme update
Interesting isn’t it? All of that is without actually publishing a lot of new content in that period. I wonder how long this effect will last.

how to protect your privacy online

Who Are You Looking At?

With the whole NSA PRISM storm blowing over the internet I thought it would be nice to compile a list of free and open source software I know that can help in safeguarding your privacy as an alternative to proprietary software or online cloud services which are not to be trusted with your personal data.

Hosting everything yourself is one way to go like the folks at unhosted.org suggest, but it isn’t free as it will a) cost you some money and b) usually quite some time to set everything up. Not everyone has the technical knowledge to do this either, so a list of open source software and trustworthy services for the masses would be great.

Turns out prism-break.org is just that kind of list, so that saves me the trouble of compiling it myself. Nice. Here’s another one with mostly the same items on it. Mostly.

Photo by Caneles, cc-licensed.