Customer Servant Consultancy – Page 59 – Where we develop robust web sites with emphasis on accessibility

Malwarebytes has spotted an advertising campaign in the wild that tricks users into clicking on what looks like a notification alert that actually hides a legitimate advert, therefore abusing both the advertiser and the ad network hosting the ad (Google Ads Services).
The rogue actors behind this fraudulent activity are cleverly leveraging a European law on the use of cookies to seemingly prompt visitors to answer a question.

The law applies regardless of where the website is actually hosted. Any website that is using cookies for any purpose and is targeting European users, even if not solely, must ask consent from its users to store or retrieve information from their devices. (Source)

Malwarbytes has a complete breakdown of the attack and its implementation, with screenshots, on their blog.

From the Linode status blog:

A security investigation into the unauthorized login of three accounts has led us to the discovery of two Linode.com user credentials on an external machine. This implies user credentials could have been read from our database, either offline or on, at some point. The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds. The resetting of your password will invalidate the old credentials.

This may have contributed to the unauthorized access of the three Linode customer accounts mentioned above, which were logged into via manager.linode.com. The affected customers were notified immediately. We have found no other evidence of access to Linode infrastructure, including host machines and virtual machine data.

The entire Linode team has been working around the clock to address both this issue and the ongoing DDoS attacks. We’ve retained a well-known third-party security firm to aid in our investigation. Multiple Federal law enforcement authorities are also investigating and have cases open for both issues. When the thorough investigation is complete, we will share an update on the findings.

Now’s a good time to change all your passwords and audit your servers.

None of this means that Linode has been irresponsible, at least that we know of. Security is hard, and this kind of thing can and will happen to any and every clowd provider. It’s only a matter of time before Amazon gets hit.

Regular server audits and password changes are critical for anything that’s connected to the internet, which at this point is more and more of the things. It’s good practice to have some kind of security policy in place, regardless of the technology you’re using. Policy is just as much a part of security as the technical aspect.

The fireworks have already started here in Augusta, and I’ve been mulling over writing this for the last month, so it’s time to review 2015.

This year did not go anything like I planned in last year’s review, but I don’t see that as a bad thing.

There were several big goals I didn’t achieve, and will be transferring to 2016, but there were also a lot of things that happened unexpectedly which turned out to be great.

First, for the goals achieved.

I achieved my goal of co-hosting Office Hours, formerly Genesis Office Hours. This goes towards my goal of self-promotion generally and the goal of co-hosting that podcast in particular. I didn’t co-host the DradCast this year, but I’m transferring that one to this coming year. Goals achieved late are better than goals never achieved.

Slack accessibility hasn’t worked out so well, although there is a working solution for visually impaired people who want to contribute to WordPress and are using Instant Bird on Windows.

I haven’t contributed code to WordPress core yet, but still plan to do so, definitely in 2016. I did, however, contribute a little code to Utility Pro, the first premium accessible child theme for Genesis.

Now for the unexpected, as that’s what’s taken up most of this year.

In no particular order, I wrote a post for HeroPress, learned on a very personal level how generous the wordPress community can be, (for which I’m still deeply grateful and thankful), and I also learned, (thanks to the WPMorningCrew), that business and friends don’t necessarily have to be strictly separate. In other words, you can be friends with your colleagues, have fun with them, and still work with them. Those are lessons I’ll always take with me no matter where I end up.

I began working on a portfolio and listing projects, as well as collecting testimonials, and once I started on both those tasks, I found them easier to keep up with.

So what’s ahead for 2016? Firstly, over the last year, and with lots of thanks to the WordPress community, I’ve become a more confident person, which means I’m more comfortable sharing, whether that’s newly completed projects or code snippets or tutorials. I plan to continue working towards the goal of contributing code to wordPress itself, working on plugins and hopefully releasing some to the community for free, and of course, learning JavaScript deeply.

I’ve already been invited to speak at several WordPress events, so am planning to leave the shadows as it were and actually give talks instead of just being mentioned in other people’s talks. And of course writing more, both on and offline. I’d like to write some in-depth tutorials for this site, am participating in CopyBlogger’s cornerstone content challenge, and plan to be better at journaling, even if all of this comes down to writing ten minutes a day.

In regard to “passive” income sources like affiliate marketing, I plan to refocus on that. It’s tied to writing more content, and I didn’t give that as much attention as I wanted to this year, so I plan to do more towards incorporating affiliate marketing into my content this year.

I’ve picked up myself a copy of “Book Yourself Solid,” and one of my daily tasks will be working through the book and its associated workbook. I’m confident that putting in some work in the area of my business in general can only do good.

Finally, I plan to work on being less of a perfectionist, and being a lot less critical of myself. That doesn’t mean I’m settling for mediocre work, but it does mean that I don’t want to spend so much energy beating myself up whenever things go wrong. Failure when it occurs can be a learning opportunity along with successes.

So here’s to 2016, and I hope we all have a successful and prosperous one.

A few weeks ago, I put out an initial call for volunteers for 4.5. In the spirit of the much-commented @wonderboymusic 4.4 Wishlist post, I’d like to extend the call a bit more.

Source: WordPress › WordPress 4.5: What’s on your Wishlist? – Make WordPress Core

The first core chat for the WordPress 4.5 development cycle will be next Wednesday at 4PM Eastern. If there are things you’d like to see considered for 4.5, click the link above, log in with your WordPress.org username and password, and leave a comment. Everyone has a voice, and all of this is completely transparent, so if there’s something you’d like considered, speak up now.

10up, one of the bigger WordPress agencies, has released Flexbox support for IE8 and 9 that also happens to be GPL.

The support is included in flexbox.js, and can be used in any project regardless of whether or not it is built on top of WordPress. There’s a complete guide to Flexbox via CSS Tricks, and you can find the JavaScript on 10up’s GitHub.

If you’re forced to support older browsers, this script will allow you to create the same kind of layout you have for the newer, shinier ones.

Layout tables are probably one of the most hated web things within the accessibility community. They used to be all the rage before CSS became popular, and they were used inline among other HTML elements to control positioning.

As a result of their overuse, screen readers ignore them by default. Well, they mostly do.

VoiceOver, the built-in screen reader on the Mack, is apparently the exception. As long as a layout table has no borders, VoiceOver will ignore it as such and only give you the option to view data tables from its rotor. But if you add any kind of border, including transparent ones, that goes out the window and VoiceOver will report the existence of the table from the rotor. This is true regardless of whether or not the layout table has headers.

Layout tables are bad. Layout tables without headers are even worse. Layout tables with borders can have the added value of extra annoyance for VoiceOver users.

Friends don’t let friends use layout tables, so as a service to the WordPress community, here’s yet one more reason not to use them. See the link above for all kinds of CodePen goodness and screenshots.