PHP7 Showing 3x Performance Gains Over PHP5 In Computational Tests

I’ve been upgrading my development systems from Fedora 24 to 25, getting PHP 7.0 in the process, replacing PHP 5.6. Much to my delight, the first tests with a specific computationally-oriented workload that I run are showing impressive performance improvements. Read more ›

Posted in Linux, Performance

Download MVPS HOSTS File Converted to Unix EOLs

Periodically I’ll be doing an ad-hoc deploy of MVPS HOSTS file on a Mac or Android system, and have to improvise a means to accomplish the required conversion from DOS to Unix line termination from the shell prompt. Read more ›

Posted in Android, Linux, Mobile Security, Privacy

Leaving Windows for Linux on my Primary System


Few outside the technology business may be fully aware that Windows 10 arrives in the context of a major strategy shift at Microsoft. Feeling the heat from Google, Apple, and others, Microsoft needs to mutate and evolve its business models to compete in the end user computing marketplace. Selling Windows and Office licenses for whatever number of cents OEMs pay them for the right to ship these products on newly purchased machines is no longer cutting it in an age of falling PC sales. There’s new business out there, a pie they’re hungry for a big piece of. Read more ›

Posted in Linux, Privacy, Windows

One More Check In on WordPress XML-RPC Fail2ban Traps

XML-RPC Attack Traffic

Just putting out an updated chart showing how this has performed through several additional months of operation. I’ve previously covered what’s happening here in detail when I began to sustain a high volume of attacks, when I implemented the fail2ban based countermeasures, and when I checked in on how the traps were performing four months ago. Read more ›

Posted in Network Security, Web Security, WordPress

How To Deploy MVPS HOSTS File on an Android Phone

Confirming superuser

I have replaced the default HOSTS file on my Android device with the MVPS HOSTS file, a blacklist for blocking advertising, tracking and malware-distributing server names. Installing this blacklist confers the same browsing security, privacy, and performance benefits on my phone as I have long enjoyed on conventional workstations: ad blocking, faster web page loads and decreased bandwidth usage, mitigation of browsing behavior profiling and contextual ad targeting, and reduced exposure to malware infection by malicious web sites. Allow me to demonstrate the specific procedure that I used and hopefully save others some time. Read more ›

Posted in Android, Mobile Security, Privacy

Checking in on the Performance of WordPress XML-RPC Attack Countermeasures

XML-RPC Attack Traffic

Following up on my deployment of WordPress XML-RPC attack countermeasures a few months ago, let’s have a look at how effectively the traps have performed in live operation in the intervening time. Read more ›

Posted in Network Security, Web Security, WordPress

Countering WordPress XML-RPC Attacks with fail2ban

In my last post I began inquiring into the WordPress XML-RPC attacks I’ve been sustaining here on the site. Since then I’ve been further studying the threat and experimenting with responses, and I have now developed working countermeasures and cast them into live operation. These countermeasures involve forwarding telemetry out of WordPress for pickup by the fail2ban facility, allowing for the detection and banning of attackers trying to exploit xmlrpc.php. Where other recommendations call for disabling affected methods or the whole XML-RPC subsystem, my more refined techniques control attacks while maintaining the full service set in operation for valid procedure calls. Read more ›

Posted in Network Security, Web Security, WordPress

Sustaining WordPress XML-RPC Attack Traffic

XML-RPC Attack Traffic

I’ve been experiencing the same increased frequency of attacks against WordPress’ integrated XML-RPC service in recent months as reported by many other site operators. The attacks have been covered well elsewhere, but I wanted to chronicle what I’m seeing and share some remarks. Read more ›

Posted in Network Security, Web Security, WordPress

Android Device Manager Does Not Work in Internet Explorer

[Edit: As of July 11th it looks like this has been fixed. Android Device Manager is working in Internet Explorer 11 again in my testing. Original discussion follows.]

Last night I flashed my phone up to CyanogenMod 11 M8, and since then I’ve been putting things back the way they were and testing everything out. A few bugs were fixed from the M6 build I was running previously, and a few nice enhancements dropped too, everything was copacetic. But this afternoon I got around to testing Android Device Manager, Google’s integrated “find my phone” application, looking to reconfirm that I could locate my phone if it ever got lost, only to receive an unpleasant surprise. I’d log in to Google’s web application and have it persistently fail to locate my device. The map did not move, the “locate device” and “ring” controls did nothing, basically the tool was useless. This was very frustrating since (a) I knew it worked fine the last time I tested it, and (b) it’s a critical function that I wasn’t about to hazard living without. Read more ›

Posted in Android, Mobile Security

TrueCrypt: What Happened, What It Means, and What Happens Now

Based on the sum of the evidence that’s now filtered in, and in the consensus view of experts, the primary cause of the TrueCrypt crisis of the last few days was developer fatigue. After 10 years of thankless work developing the open source disk encryption tool, faced with the need to do major extending and refactoring of the codebase to support new technical requirements and demands from security auditors, the anonymous author or authors decided to throw in the towel. The way they did it tells of more complex motives, and has supplied ample fuel to the conspiracy theorists of the world. But importantly, there is no evidence that these events were motivated by any known security flaw or trust deficiency in TrueCrypt or in its build or distribution process, or by any act of coercion. And in spite of the apparently deliberate reputational damage committed by the developers, unless and until demonstrated otherwise, TrueCrypt is in fact still secure, and this story is far from over. Read more ›

Posted in Encryption