Update WP 2.1.1 to 2.1.2 – code compromised!

Posted by

That’s right. All you WP 2.1.1 users who went to all the trouble to upgrade just a short time ago now need to upgrade urgently. Notification (Courtesy of John Chow) included the following warning:

Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

Longer explanation: This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.

I didn’t upgrade to 2.1.1 as I’m still on the old branch of WP! I had just upgraded to the latest version of that when 2.1 was released to my surprise! I was just too lazy then. Now, I’m wondering: with 2.1.2 out already, upgrading should be soon. It’s just so much trouble upgrading, that I’ll think I’ll just upgrade the necessary files, file by file. I have so many plugins, downloads, a theme that is tweaked beyond easy redoing… I hate upgrading… Anyway, that is no excuse: I have to bite the bullet.

Credit Cards: Give yourself some credit?

Posted by

2

There are many blogs, books, seminars, and reports out in the blogosphere that proclaim the credit card as the Devil’s tool, pure evil. They are reviled as pure usury with interest rates above 20% or even 30%. They are described as creating credit card ‘slaves’ – people who can only afford to pay the monthly interest minimum, if anything… Credit cards are having an increasingly bad reputation.

However, I find credit cards, if used properly, really have a surprising number of benefits that outweigh cash purchases:

* interest free period on purchases (until your bill due date) – very useful;

* points for purchasing rewards: gifts or airmiles;

* cashback credit cards where every time you spend you earn a little ‘cash’ back;
* 0% balance transfer deals where you pay 0% interest for a period;

* they can help build your credit history;

* many cards also have additional benefits: including free parking, product and travel insurance, … many of these benefits depend on the affiliations of the companies that are providing the credit card services or sponsoring them.

Before you choose, you will need to compare credit cards carefully and think long and hard about the kind of rewards you would like most. You will also need to examine the interest rates and the APR’s. And you most definitely should read the terms of service.

Sponsored by Credit Card Store.

Segmentation on PPP: For better or worse?

Posted by

Well, segmentation has really taken ahold on Payperpost’s posting boards. Some posters with good Alexa ratings, PR ranks, and a good track record are doing well:

Though the recent segmentation has left me a little urked. I do think that PayPerPost offers the best to advertisers and bloggers. Since the segmentation they have had a number of high paying offers. When I say high paying I mean high paying. They have had offers as high as $1000. Of course for someone to be able to take that opp you have to have a page rank of 8 or higher and an Alex score of 10,000. The $1000 opp is offered by PayPerPost and as of yet I have not seen any other offers from other advertisers. I am sure PayPerPost is hoping the high paying opps will catch on.

Others are finding the going much tougher, as general opps become fewer and requirements much higher than before: higher PR, higher Alexa ratings, a certain demand for quality.

On the up: this segmentation has worked quite well for me:

Wow! As a member for six months already, I decided to look at the stats of my work for PPP. I was quite surprised at how segmentation has changed my blogging.
Month Posts Income Average per post
Sept 12 $88.50 $7.38
Oct 5 $40.00 $8.00
Nov 14 $116.55 $8.33
Dec 27 $212.17 $7.86
Jan 25 $195.25 $7.81
Feb 15 $161.50 $10.77

The numbers tell an interesting story by themselves (apart from Sept.). The more I blog, the less money I got per post. In Dec, I did 27 posts, but in Feb. I only did about 55% of that number, yet I achieved a markedly higher return per post, although the total dipped.

It seems with PPP segmentation, plus my own, I'm becoming more careful in which posts I take, preferring to take higher paid postings when possible, not worrying about taking $5 opps much now. Result: a more efficient return on the time spent.

I don't know if that was PPP's intention or not. But it has clarified my own intentions regarding the program: to cut the number of times I post, to cut my dependency on PPP somewhat, but to try to take the better paying opps. Perhaps PPP's intention is to help bloggers who would post sporadically rather than bloggers who post opps 2 or 3 times a day on the same blog (I'm guessing).

However, PPP's success is solely dependent on the bloggers' goodwill who make up the ranks. For most bloggers, it is NOT a full-time job posting opps for PPP. Therefore their requirements can't be too onerous as it will drive away the contractors and/or it will drive up the price (see above).

I can't quite see yet where this is going... perhaps someone can take this thread further...

For conscientious bloggers, PPP’s segmentation could be a good thing indeed. It provides a steady income for opportunities. The increased income will help bloggers upgrade blog services, provide a financial reward and encourage bloggers to do better postings.

For bloggers looking for a ‘splog’ to make money, PPP’s segmentation could drastically reduce their incomes from blogging. A typical blog in this category would alternate ‘filler’ postings with advertisements. In fact, most of us PPPers have found blogs that are just as bad as that, or in some cases even worse. I suspect one of the intention’s behind segmentation was, in fact, to reward better bloggers and reduce the ‘splogs’ that we are all aware of. But, perversely, some advertisers may prefer ‘splogs’ for the links they produce. They might help increase their PR ranks, but on the other hand, other advertisers really want their products and services to appear on quality blogs, blogs with content.

What are your thoughts on segmentation? Do some reading via the links I included and get back to me with some ideas.