Spark, one of our favorite email apps for iPhoneand iPad, has made the jump to Mac. Now you can use all of your custom filters, gestures, smart notifications on your laptop or desktop—and it’s still free.
Readdle, Spark’s developers, have finally fulfilled their longtime promise of bringing the easy-to-personalize email client to Macs. And all the features that made it a “Best of the App Store 2015” selection and one of our essential iPhone apps are present. You can still integrate your email with Dropbox, Box, Evernote, and Pocket, create custom alerts for when important emails arrive, customize trackpad gestures for performing certain tasks, and search your inbox with natural language. Also, Spark supports the new Macbook Pro’s Touch Bar. You can download it for free in the Mac App Store at the link below.
Most people think that their WordPress website was safe just because it doesn’t have any content worth hacking. Unfortunately, that is not true. Websites are often hacked to distribute spam emails, for example. Or the core and theme files are filled with malicious code to infect and hack your website visitor’s computers. It’s possible that you only notice the damage when Google has already removed you from the index. Don’t let this happen, and consider my tips for the perfect wp-config.php.
There are many ways to protect your WordPress-based website from getting hacked. The optimization of the wp-config.php can be considered to be an important part of a proper security strategy. Of course, the site won’t turn into the Bank of England, but you’ve made it a little harder for the hackers.
To optimize the wp-config.php, so-called constants are used. WordPress has a lot of constants that can be employed. But what is a constant? PHP.net describes constants the following way:
A constant is an identifier (name) for a simple value. As the name suggests, that value cannot change during the execution of the script (except for magic constants, which aren’t actually constants). A constant is case-sensitive by default. By convention, constant identifiers are always uppercase.
Constants are embedded in the define() function, and look like this: define('NAME_OF_THE_CONSTANT', value);
The wp-config.php is the control file for WordPress. It is loaded before all other files because WordPress needs to set up a database connection. The required information is located in the config-file. When changing the value of a constant, or adding a constant, you also change the behavior of WordPress.
Before the Work: Please Create a Backup
Before, editing the wp-config.php, create a backup of this file. Your website won’t work with wrong or missing entries.
Important: Always Update WordPress and Plugins Immediately
You’ve probably heard this a couple of times already. But this aspect is so important that I can’t repeat it often enough. Tons of websites got hacked because WordPress or the plugins weren’t up to date. Updates are the best insurance against hacking!
If you happen to be using my “optimal .htaccess” file, you are not in danger. There, the great 6G firewall, which can fend off this type of attacks.
The Preparation:
For all the following work, you’ll need an FTP program, as well as an HTML editor. The wp-config.php is downloaded to the desktop, edited within the HTML editor, and uploaded back to the server afterward.
1 – Use the Security Keys
Security keys in WordPress are critical, as the encrypt things like the login information in cookies, for example. Even when your wp-config.php already has security keys, changing them can’t hurt. When the keys are changed, all still outstanding logins of your users are signed out. Subsequently, you’ll be able to log in regularly, using your username and password.
However, if you’ve been hacked already, you should first remove the malicious code from your website. A guide on that can be found in the additional information on this aspect. Afterward, visit the WordPress Generator for security keys, and copy a new set. Replace the old part with the new ones – view screenshot:
The Security Keys in the wp-config.php.
If you haven’t implemented security keys yet, this is the right time to do so.
An SSL certificate encrypts the connection between your website and the visitor’s browsers. HTTPS makes it impossible for hackers to trap and steal personal data. If you already have an SSL certificate for your website, you can force the use of HTTPS instead of HTTP. This increases your site’s security significantly. If you don’t have an SSL certificate yet, you should strongly consider using one.
You don’t have to be afraid of major costs, as SSL is also available for free.
The following entries should be used when your website already uses SSL. The uppermost entry is meant for the secured login, while the lowest one forces the browser to make the admin area of WordPress usable with SSL only.
The database prefix is also known under the label “table prefix.” This prefix is used as an extension of every database table generated by WordPress. Here, the standard is wp_. This standard should be changed to something else. The more cryptic, the better. Don’t worry; you don’t need to remember what you enter here. This value is only placed once.
Thinking about it, the possibility of an SQL injection is not very likely. But it is possible. Thus, alter the value before installing WordPress. Use something like hdr7rf_, for example.
Attention: If you change the value of an already existing WordPress installation, the website is not accessible anymore!
If you want to change the table prefix of an existing WordPress website, the plugin Acunetix WP Security could help you. It lets you change the value easily, and all you have to do afterward is log back in. Nonetheless, you should still create a backup in beforehand.
4 – Turn Off the Plugin and Theme Editor
In every WordPress installation, it is possible to edit theme and plugin files directly within the admin area. Under the menu items “Design” and “Plugin,” you’ll find the respective editor for each file. This editor is very dangerous if it happens to get into the hands of a hacker. Data can be destroyed, and viruses, trojans, spam, and other malware can be added. But the editor is also important for a website’s admin. A single mistake, a single missing semicolon is all it takes for the infamous white pages to show up, and nothing will work anymore.
Changes to theme or plugin files are generally made via (S)FTP, as it is much safer. Thus, the editors need to be deactivated. A single line in the wp-config.php is enough to safely turn off both editors:
The wp-config.php is the heart of your website. All relevant data, including the database passwords, are entered there. That’s why it is imperative to keep this file as safe as possible. There are two approaches for this. The first one is an access block via .htaccess-file. The second approach moves the file to a different spot, where a hacker would not expect it to be.
Moving it may be problematic if the website is in a sub-index, and you are using a cheap shared hosting.
It can also become tough if you have a lot of websites in custom directories. If neither of the constellations applies to you, you can move the file.
If you have adjusted the path to the wp-config.php correctly, your website should work afterward.
6 – Force the Use of FTPS
If your web host has activated the File Transfer Protocol Secure (FTPS), you can force the use of FTPS for the transfer of files. This will encrypt the connection between the visitor and your server. Now, it is impossible to access the data on the server with the unsafe FTP protocol. FTP is unsafe, as the access information is transferred to your server unencrypted. Thus, if possible, only use the safe connection via FTPS. Your web host can tell you if an FTPS connection is possible.
Instead of the FTPS protocol, some hosters have activated the SFTP protocol for data transfer. Here, the connection between the user’s FTP program and the server is encrypted as well. The following line of code lets you force the use of SFTP:
If you have activated the WordPress debug mode for development purposes, it is vital to turn it back off. In some circumstances, an activated debug mode may pass on sensitive data that could help hackers do their thing. That’s why an activated debug mode is extremely dangerous on a live system. I have made this small, dumb mistake already; humans quickly forget things. That’s why you should take a quick look, just to check. This is how to deactivate the debug mode:
If for some reason, you need the debug mode to be activated, I recommend turning off the public display of error messages. The relevant error messages can also be written into a log that is not accessible to the public. This is the much safer, and more elegant option. This constant is required to leave the WordPress error mode on, and to suppress the public error display:
As I have already mentioned earlier, immediately updating the WordPress core, and all plugins is crucial for the security of the system. With every release of a new WordPress version, the security gaps of its predecessors are made public. This gives a hacker a solid foundation to be able to hack your website. Thus, these weaknesses should be removed as fast as possible.
Since WordPress version 3.7, smaller security updates are conducted automatically. However, this is not the case for primary versions of core upgrades. Main versions still need to be updated manually. However, activating automatic updates for all WP versions is very easy:
By the way, it is also possible to make plugins update automatically. However, that’s connected to a bit of work. It requires the creation of a plugin:
This plugin has to be moved into the folder /wp-content/mu-plugins/. If the folder doesn’t exist, just create it. The folder /mu-plugins/ contains the “must use” plugins. Its content is loaded by all other plugins.
Automatic theme updates can be done the same way. For that, the plugin needs to be extended by the following line:
Please inform yourself about these automatic plugins in advance, and only use the code if you know exactly what it does. Of course, the two filters are only able to keep plugins and themes up to date that originate from the official WordPress index. Themes and plugins from a different source won’t be updated.
All of these aspects together will already increase the safety of your WordPress by a lot and should be part of a good security strategy. The fact that WordPress is the world’s most popular Content Management System attracts many hackers. The situation could be compared to the computer OS Windows. On Windows, you install an anti-virus software, and WordPress takes a bit of manual work. But the safety gain definitely makes up for the small work effort.
“During family pictures my bouncy 5-year-old was a little sluggish but I was thrilled that he wasn’t hyper. When my photographer said “Ummm he just threw up,” I thought she meant the baby, so I checked him for spit up, saw none, and said, “No he’s good.” Then I saw the puddle at my feet. We rushed to the car and as we were driving away the photographer flagged us down to show us the picture she had captured. We laughed so hard we cried.
That was the only time he threw up that day, and he was totally fine and hour later, so we were puzzled. The next day, as my husband and I kept discussing that he must have eaten something that upset his stomach, he finally came clean. While we had been upstairs getting dressed, he snuck into the kitchen and ate a whole tub of ice cream. Then he cleaned up the mess and thought he got away with it. Apparently, he didn’t understand how that much ice cream would make him so sick. He learned the hard way! And it made for a great Christmas card!”
“During family pictures my bouncy 5-year-old was a little sluggish but I was thrilled that he wasn’t hyper. When my photographer said “Ummm he just threw up,” I thought she meant the baby, so I checked him for spit up, saw none, and said, “No he’s good.” Then I saw the puddle at my feet. We rushed to the car and as we were driving away the photographer flagged us down to show us the picture she had captured. We laughed so hard we cried.
That was the only time he threw up that day, and he was totally fine and hour later, so we were puzzled. The next day, as my husband and I kept discussing that he must have eaten something that upset his stomach, he finally came clean. While we had been upstairs getting dressed, he snuck into the kitchen and ate a whole tub of ice cream. Then he cleaned up the mess and thought he got away with it. Apparently, he didn’t understand how that much ice cream would make him so sick. He learned the hard way! And it made for a great Christmas card!”
1. Incarnations: A History of India in Fifty Lives, by Sunil Khilnani. A highly readable introduction to Indian history, structured around the lives of some of its major figures. I passed along my copy to Alex.
2. Haruki Murakami, Absolutely on Music: Conversations with Seiji Ozawa. More for classical music and Ojawa fans than Murakami readers, this is nonetheless an easy to read and stimulating set of interviews for any serious classical music listener. They are most interesting on Mahler.
3. Elsa Morante, History. In America, this is one of the least frequently read and discussed great European novels of the 20th century.
4. Miriam J. Laugesen, Fixing Medical Prices: How Physicians are Paid. Will people still care about these issues for the next four years? I hope so, because this is the best book I know of on Medicare pricing and its influence on pricing throughout the broader U.S. health care system.
My copy of Joel Mokyr, A Culture of Growth: The Origins of the Modern Economy has arrived. It is a very good statement of how political fragmentation and intensified intellectual competition drove modernity and the Industrial Revolution.
An Islamic terrorist attack at Ohio State this morning injured 10 before an armed officer confronted and shot the Somali refugee terrorist dead.
An Ohio State University student plowed into a campus crowd with a car, then jumped out and started stabbing people with a butcher knife before being shot dead by police Monday morning, officials said.
Ten people were taken to hospitals after the ambush, and one was in critical condition. The incident was initially reported as an “active shooter” situation, but the suspect did not shoot anyone.
A police officer was on the scene within a minute and killed the assailant. “He engaged the suspect and eliminated the threat,” OSU Police Chief Craig Stone said.
The suspect’s name was not released, but law enforcement officials told NBC News he was an 18-year-old Ohio State student, a Somali refugee who was a legal permanent resident of the United States.
The motive was unknown, but officials said the attack was clearly deliberate and may have been planned in advance.
“This was done on purpose,” Stone said.
Authorities have not named the suspect, but as they’re already alluding, a probable motive seems clear. Islamic terrorist groups, most notably ISIS, have called upon Muslims in the West to carry out terrorist attacks against soft targets using knives and vehicles. School and college campuses are among the easiest targets available, as they contain high concentrations of people made unarmed and defenseless because of short-sighted state laws that have made most campuses “gun free zones.”
As horrific as today’s attack was, it could have been much worse if the terrorist had rudimentary targeting skills and technique with a knife or access to other weapons that he clearly lacked. Even though he was largely incompetent he still managed to injured ten people, one of them critically, before a police officer was able to confront and kill him with his department-issued handgun.
Put bluntly, we are very lucky that dozens of Ohio State University students aren’t dead right now.
Do you think I’m exaggerating?
A “lone wolf” terrorist in France managed to kill 86 and wounded 434 in a Bastille Day truck attack by merely driving a truck through the packed crowd. Ohio State had a football game just two days ago that drew a record 110,045 fans.
Announced attendance is 110,045 – a new Ohio Stadium record.
Had the terrorist rented or stolen a truck and carried out his attack outside the exits Saturday as the dejected crowd left the stadium, we could be looking at many hundreds of casualties instead of less than a dozen.
Of course, we also know that the next attack may not come from someone ineptly using “just” a butcher knife and a vehicle.
Navy SEAL veteran Dom Raso is among many counterterrorism experts you who have warned us that a major Islamic terrorist attack on students is going to happen. It’s just a matter of when. I highly recommend you watch this sobering video five-minute all the way through.
The softest, easiest targets in the United States are unarmed schools.
We will suffer a coordinated attack by multiple attackers. We will see them use firearms.
We will see our children murdered by the hundreds if we pull our heads out of the sand and listen to the experts, and listen now.
Purdue University’s Homeland Security Institute has done the research, and came up with the best defensive solution to active shooter attacks.
They advocate a combination of armed campus security (armed school resource officers or armed university police) along with concealed carriers in the classroom.
Dr. Eric Dietz, director of Purdue University’s Homeland Security Institute, says that their research indicates that a combination of armed officers on campus with concealed carriers in the classroom will reduce casualties in an “active shooter” attack on campus by two-thirds.
Two-thirds.
Implementing armed resource officers in all of our schools is expensive. Campus carry at schools and universities costs nothing but a small amount of political capital in defeating irrational anti-safety radicals in the gun control movement. These zealots are more afraid of law abiding citizens being self-reliant than they are of our students being mowed down by terrorists and the criminally insane.
We must implement campus carry across the country, and we need to do so now.
We got very lucky today at Ohio State today. It was a wake-up call.
Call your legislators now and DEMAND campus carry give our faculty, staff, and students a fighting chance.
Over the past few weeks—and particularly over the retail adventure widely referred to as "Black Friday"—many Apple device owners experienced a new form of unsolicited and unwanted messages: a swarm of calendar alerts for online "deals" from spammers. The messages took advantage of the default settings in Apple’s iCloud calendar service, allowing senders to automatically push calendar alerts to Apple iOS and macOS users and bypass e-mail entirely.
Getting rid of these calendar "invites" is a problem in itself, as declining them sends a message back to the spammer—confirming that someone actually is monitoring the iCloud account they targeted and encouraging them to send more messages. Getting rid of the unwanted alerts requires a multi-step workaround. But blocking them entirely only requires a single change to iCloud settings.
To get rid of the invites without sending a response to the spammer, you’ll need to do the following:
Create a new iCloud calendar. Go to the Calendar app, tap "Calendars," then "Edit," then "Add Calendar…" in your iCloud calendars list.
I used "Delete Me" as the calendar name.
Change the category of spam calendar invites to the new calendar. Open the event, tap the ">" on the Calendar bar for the event…
…and select the spam calendar.
Once the calendar for the event is changed…
Go back to the Calendars list, tap "Edit" again, and then tap on the ">" next to the spam calendar you created. Scroll to the bottom of the Edit Calendar screen, and tap "Delete Calendar."
The spam invites will now be gone without sending a response back to the spammer.
Blocking future calendar spam is less involved but requires a visit to your iCloud account via a Web browser. Log in to iCloud and go to the Calendar Web app, click on the Settings gear icon in the bottom left corner of the Calendar view, and click Preferences.
The pop-up menu on the iCloud Calendar Web view, Pick "Preferences."
Click the "Advanced" button in the Preferences pop-up window. At the bottom of the window, change the Invitations setting for "Receive event invitations as:" from "In-app notifications" to "Email to [your iCloud account address]."
This will turn off the automatic integration of iCloud Calendar with your Calendar app and allow your spam filters to block unwanted invitations.
I love Raw Dog Tactical’s holsters. After seeing their ads on Facebook, I reached out and they sent me a few to test; one in black for a Ruger LCP9, one in hot pink for my Smith & Wesson M&P 9MM Shield and one in Tiffany blue for the Walther CCP. Great clip, comfortable backing, trigger protection, adjustable retention and cant, lifetime warranty, made in the USA and available in 12 really great colors. What’s not to like?
Over the weekend, I also happened to catch a call-to-action video they posted on their website as well as their Facebook page with a message to gun owners: stop investing in firearms and start investing in firearm training.
The video, from YouTuber Jarhead6, was posted with the following message:
Sometimes, we can become addicted to firearms and forget one of the most important aspects of owning a gun. That is knowing how to use it in a safe manner. Therefore, formal training and practice is extremely critical to our survival. We need to ensure we prioritize our money in order to meet this critical requirement.
Please join me in the comment section below. Thanks for watching and God Bless!
So what do you think: Do you agree with the message? Why or why not?
All too often we hear the question “Why not just shoot them in the leg?” This graphic video of a fatal officer-involved shooting of a bank robber is the answer.
An Iranian bank robber armed with a knife is boxed in by a crowd that won’t let him leave, but leery of getting stabbed with his hunting knife, they won’t tackle him, either. A plainclothes police officer shows up armed with a pistol and tries to take the man into custody, but the robber runs around a car. He finally turns towards the officer with a dirt median strip behind him. The officer sees an opportunity to fire a debilitating shot that will impact with relatively safety in the soil of the median instead of of ricocheting off the pavement into the crowd.
He takes the shot at 1:40 into the video.
The round penetrates the man’s leg, striking the femoral artery and either tears or severs it completely. The man takes several steps, then collapses to the ground from blood loss within 15 seconds, woozy but still upright and conscious. A 2:19, approximately 40 seconds after being shot in the leg, the man has lost so much blood that he falls over unconscious.
No one in the crowd—including the Iranian police officer—has any idea what to do. One man finally steps forward and pulls off his belt to make an improvised tourniquet, but it is far too little, far too late.
The bank robber is dead just as fast from a shot to the leg as he would have been from a shot to the heart, and for the same reason; when a major artery or the heart itself is shot, blood doesn’t get pumped to the brain. When the brain can’t get oxygenated blood because either the pump (the heart) or the delivery system (major arteries) are destroyed, a person will quickly die.
So, shoot him in the arm/shoulder instead?
The same thing might have occurred if the officer had fired a bullet into the robber’s upper arm or shoulder, striking the subclavian, axillary, or brachial arteries. The only real difference is that it might have taken a few seconds longer for the robber to lose consciousness and die if those arteries were struck.
Would it have made any difference if the man in the crowd had pulled off his belt and tried to make a tourniquet sooner? Unlikely. A belt alone is unlikely to exert enough pressure on the femoral artery to close it, and it’s unlikely that they (or you) know how to improvise a windlass out of nearby objects in time.
Improvised tourniquets fail far more often than they are successful.
There is a reason I consider a SOFTT-W tourniquet in a PHLSter Flatpack carrier as the most critical part of my everyday carrier gear, every bit as important as my handgun. Despite the conventional wisdom of internet “experts,” you’re not likely to be able to improvise a tourniquet in time to save lives in the event of a shooting, an accident at home or at a job site, or on the road after a collision. As this graphic video makes abundantly clear, you have just seconds to get a tourniquet in place and stop the bleed.
Please consider getting a quality, combat-proven tourniquet (either the SOFTT-W preferred by my Green Beret Medic and trauma management instructor Mike Voytko, or the CAT tourniquet from North American Rescue) and make it part of your every-day-carry.
IEEE Spectrum reports on a "radical new weapon" against brain tumors — only available since 2015. They profile a typical patient who "wears electrodes on her head all day and night to send an electric field through her brain, trying to prevent any leftover tumor cells from multiplying [and] goes about her business with a shaved head plastered with electrodes, which are connected by wires to a bulky generator she carries in a shoulder bag."
the_newsbeagle writes:
The Optune system, which bathes the brain tumor in an AC electric field, is the first new treatment to come along that seems to extend some patients’ lives. New data on survival rates from a major clinical trial showed that 43% of patients who used Optune were still alive at the 2-year mark, compared to 30% of patients on the standard treatment regimen. At the 4-year mark, the survival rates were 17% for Optune patients and 10% for the others. Patients have to re-shave their heads every few days and re-apply all the electrodes, but that’s never been a problem, according to one patient. "If you have a condition which has no cure, it’s a great motivator."