Categories
WordCamps

WordCamp Pune 2013: ‘The best WordCamp so far in India’

If I’m asked to choose one word to describe the recently concluded WordCamp Pune 2013, I’d pick ‘enriching’.

It was the second time I’d been to a WordCamp, the first one being Cuttack last year, where I spoke about my blogging journey.

A couple of key speakers at the event aptly dubbed this the ‘best ever so far’ in India. Majority of the speeches had more substance than platitudes.

In this article, I’m going to try and capture the most significant happenings of the 2-day event.

Day 1

The first day’s sessions were aimed at developers. It began with King Sidharth talking about the need for responsive designs.

This is his slideshow:
Savita Soni talked about the power of WP_Query. Below is the complete slideshow: I found Saurabh Shukla’s talk the most inspiring. He described his journey towards building plugins for WordPress. Saurabh later pointed out that there are few WordPress plugin developers in India, and that he hoped to motivate his listeners to take up the practice. Here’s the complete slideshow titled Developing open source WordPress plugins: The art, science and Zen (fonts are bit messed up):   Gaurav Singh spoke about WordPress security, a subject which was dealt with again the next day by Rohit Srivastwa. This is his slideshow:   Aniket Pant talked about Metaboxes:

Thinking of getting your theme into the WordPress theme respository? Take a look at Nisha Singh’s presentation:

Vireendra Tikhe presented his views with a presentation titled “Responsive and Responsible Themes” :

Day 2:

The second day was aimed at bloggers and marketers.

It began with Arun Prabhudesai, owner of Trak.in showering praise on WordPress, while presenting key use cases for the platform. One of the top highlights was the advice that one can “start selling within 24 hours of installing an e-commerce plugin”. Arun, by the way, is a person I respect as one of my top blogging mentors.

The next session by Ronak Thakkar had a similar theme, with the title ‘Leveraging Your Business with WordPress’. Ronak did a fine job by getting the audience to participate early on.

His own accounts of the session and day are a must-read.

Further in the day, cyber security expert Rohit Srivastwa of ClubHack presented vital tips on securing a WordPress site.

These were the highlights of his talk:

  1. It is better to use shared hosting with features to handle security.
  2. Most security tips and plugins related to WordPress deal with automated attackers.
  3. Make a list of bad user agents from hacking tools or bots and block them using your site’s .htaccess file.
  4. Consider using service providers that stop bad traffic, that includes botnets.
  5. Keep an eye on the log files on your server to alert yourself when there’s an attack.
  6. Use free scanning tools like the one provided by sucuri.net. There’s a WordPress plugin based on the scan provided by sitecheck.sucuri.net
  7. The free service of CloudFare is excellent in blocking malicious traffic, even though some users claim that it blocks legitimate traffic as well.
  8. A tool called websitedefender helps monitor changes in the front page.
  9. In the event of an attack, rename the old infected WordPress installation and freshly re-install everything.
  10. Use is.gd/cleanup to fix your site after it has been attacked.
  11. Never look for free versions of premium themes. They may have a catch; they could be infected, which means you’ve hacked yourself!
  12. A string of characters known as a password won’t be enough to keep you secure. Even the simplest of passwords is enough, if you use a plugin for 2 factor authentication.
  13. It is important to use SSL to prevent an attacker from breaking in with the use of sniffers.

On the subject of content marketing, I found Adarsh Thampy’s talk very interesting. Here’s the complete slideshow:

In Conclusion….

The biggest benefit derived from conferences such as WordCamp Pune 2013 is the real life networking.

I was fortunate to interact with Saurabh Shukla, Gaurav Singh, Ronak Thakkar, Arun Prabhudesai, Rohit Srivastwa, Nikhil Narkhede and Saket Jajodia.

Some of the proceedings have been captured on Twitter with the hashtag #WCPune2013. Keep an eye on tweets by @saurabhyapapaya for more substance.

And if you want to know the recipe for a successful WordCamp, don’t forget to contact Amit Kumar Singh of AmiWorks!

Categories
Uncategorized

Unlist Your Number from TrueCaller today!

UPDATE July 18, 2013: Approximately 7 months after this article was published, there’s been news that the TrueCaller database has been hacked into by the so-called Syrian Electronic Army. Again, this highlights the need for users to be careful in the choosing the companies with whom they entrust their private data.

TrueCaller is a mobile app and online service that serves as a very large phonebook for reverse phone number lookups. It can be used to augment your own phone’s contact list in your iOS, Android, Windows Phone, Symbian, or BlackBerry device, helping you let know the names of unknown callers. You can test to see which of your or your friends’ numbers are available in their database at www.truecaller.com.

How does it work?

TrueCaller claims to source the caller information present in their database partly from public directories, and partly from “crowdsourced” data.

However, when I checked, their data didn’t seem to come from public directories. I began searching for my friends’ landline and mobile numbers and those of my own as well, and noted a few interesting things:

  1. Sometimes somebody else’s name would prop up. This would probably be a previous owner, or the former name of the person in case of a name change.
  2. Sometimes the company name would be suffixed or prefixed to the name.

This definitely seems to be populated from contact lists of users.

TrueCaller seems to stop here – it doesn’t, for example, seem to retrieve or store users’ locations. Also, it doesn’t support searching by name – you can only search by number. However, what TrueCaller does reveal is still bad enough, and has actually made many users unhappy, as you can see in a Quora thread on this subject.

Removing your Number

Luckily, fixing this privacy issue turns out to be easy. Head over to Unlist your Phone Number to request an automatic unlisting of your number. It took a few hours for my numbers to get unlisted, and I heaved a sigh of relief after that.

Categories
Opinion

SiliconIndia Stealing Content from Lighthouse Insights: Livebloggers Battle the Scourge of Plagiarism

Just under a day ago, I found an appalling phenomenon in my Facebook timeline – A leading online technology magazine focussing on the Indian domain, SiliconIndia, was caught stealing portions of a recent interview published by rising social media blog Lighthouse Insights.

Lighthouse Insights was started in late 2010 by Prasant and Vinaya Naidu with the aim of bonding the community of social media users. I first met Prasant at a meet-up in Pune, and instantly liked the knowledge he had built on the social media scene in India.

You can read the complete account of the theft in one of their posts.

Do News Sites Have the Liberty to Steal?

When the founders of Lighthouse Insights confronted SiliconIndia on Twitter, an incredibly shocking explanation appeared: Plagiarism            

Only the most juvenile of writers could possibly put up such an explanation; I had to remind myself that this was emerging from a well-established media organization that has been around since 1997. The tweet was subsequently deleted, but it was too late as it was retweeted several times and its screenshot began to float around on Facebook.

The founders of Lighthouse Insights decided to battle it out on Twitter to expose the high-profile content thieves after appeals to their CEO and content managers fell on deaf ears. The complete blow-by-blow description of the fight has now appeared in a new blog post on their site.

The battle-cry hashtag #OccupySiliconIndia began to pick up momentum during the early part of the 14th of August, and hit the list of top ten trending hashtags in India by evening. That forced SiliconIndia to sit up and take notice, offering Lighthouse Insights either of two options, of providing due credit, or removing the copied post completely.

The result? The offending post vanished while supporters of the campaign continued discussing possible outcomes. The fight isn’t over; after receiving a bloody nose, SiliconIndia have simply disappeared from the scene instead of announcing an unconditional public apology for the theft and the subsequent distress caused to ardent followers of an insightful new social media blog.

The Scourge of Plagiarism and the Hope from Social Media

Plagiarism has been a perpetual enemy for writers and publishers ever since the introduction of the printing press in the Middle Ages. The matter has become much worse with the arrival of the Information Age, now that just a few keystrokes and mouse-clicks are all that one needs to lift thoroughly-researched material and claim its ownership.

Many web publishers conscious of the lurking thieves invest a significant amount of their time in filing Digital Millenium Copyright Act (DMCA) reports to get Google to de-index plagiarised content, but the cat-and-mouse game continues. Even when such reports are not filed or delayed, search engines are sophisticated enough to ascertain the real thieves. Unfortunately, webmasters may end up on the losing side when their sites are restructured or migrated to new domains, since such changes can confuse search engines.

The Wrath of the Connected World

Will social media come to our rescue? The signs are positive, with the victory of #OccupySiliconIndia – even after SiliconIndia decides to undertake major damage-control exercises, Lighthouse Insights is likely to present this story as one of the most potent case studies showcasing the vast power of social media. Publishers, no matter how big or small, must now realize the importance of original content and think twice before facing the wrath of the masses in a connected world.

What are your thoughts about the battle against plagiarism? Please feel free to use the comment form below and speak your mind!

Categories
Uncategorized

6 Ways to Defend Yourself Against Viruses and Malware

Which virus protection is the best?

Well, to protect yourself against malicious software, the six defensive ways detailed below can work better than the best anti-virus software left to act alone.

1) Be aware of virus symptoms, and attack vectors

This piece of advice might sound something beyond the realm of non-techies. However, non-techies had to learn how to use computers anyway, and learning a little about the basics of viruses won’t hurt. The information contained in this article is a good start.

(i) Be wary of suspicious, new process names in the list of running processes

Sometimes these processes have the same names as legitimate ones to disguise themselves (svchost.exe is an example). Sometimes they have similar names, like svvchost.exe and _services.exe (the legitimate ones have the names svchost.exe and services.exe). The username that’s running the process sometimes gives an indication of whether it’s a legitimate system process or not – a virus usually runs under the currently logged-in user’s name. If you’re a power user, you’d want to use Process Explorer, which will allow you to dive in more deeply when inspecting processes, such as figuring out which exact executable on the file system is responsible for the running process.

(ii) Emails from your friend may not have been actually sent by them

Be wary of opening email attachments, unless you were expecting them – even seemingly innocuous video files could cause your data to disappear. Take your precautions even when the attachment is expected – the anti-virus scanners embedded with the popular email providers provide a good defense.

On a similar note, be careful when downloading files randomly from the Internet. Executable (.exe or .com on Windows) files are the ones that can cause most harm.

(iii) Do not leave the Windows’ auto-run option enabled for portable drives

Auto-run has long been one of the most popular ways in which viruses spread – ensure that you keep it disabled. Never, ever, trust a portable drive that had been previously inserted into a machine that you don’t own, even if it has an anti-virus. Use your anti-virus to scan data that has arrived from external sources. Viruses won’t usually spread through text editors, so you can use these if you’re just inspecting simple files and don’t have an anti-virus at hand.

(iv) Watch out for typical virus symptoms, and gear up to protect yourself

These include:

  1. Access disabled to Task Manager, the Registry Editor1, or msconfig2.
  2. Spikes in CPU or GPU usage – these can be observed either through monitoring tools, such as the Task Manager for the CPU, or GPU-Z for the GPU, or by noticing the hardware fans spinning faster when there is no processor intensive program running.

A good tactic is to run anti-virus scans, preferably from outside your OS, such a Live CD, whenever you detect suspicious activity. Live CDs allow you to boot into them without having to load your OS, which might end up running the virus before any anti-virus can take effect (assuming that the anti-virus failed to detect the malware when it loaded itself onto the machine). Bitdefender Rescue CD is one such option. In addition to regular viruses, Bitdefender scans for rootkits – malware that reside deep within the core of the OS, evading detection while carrying out malicious activity.

(v) Safe online banking

Most Linux distributions, including Ubuntu, support booting from a Live CD and are great for providing added protection when banking online, since viruses cannot write to these disks permanently. Live CDs offer no compromise when it comes to your online browsing experience. These Linux distributions can also be installed on bootable USB sticks.

2) Choose to manually enable the running of plugins in your browser

Chrome and Firefox have the option of enabling “Click to Play” for plugins (i.e. either Flash or Java) within websites so that they run each time only with your permission which you provide by clicking on the area of the page in which . This will help prevent drive-by attacks from malicious code embedded in such plugins, which are almost always hidden from view, or use some sort of social engineering to trick users into downloading malware.

In Chrome, copy and paste chrome://chrome/settings/content into your address bar, and choose “Click to play” under “Plugins”.

Chrome Plugin Settings

In Firefox, go to about:plugins, and turn on the plugins.click_to_play option.

3) Update your OS, focusing on the security updates

They are called “security” for a reason. This is especially important for the Windows OS. Because of Windows’ popularity, hackers have been known to target security holes in Windows on unpatched machines by studying the fixes Microsoft sends out. This is becoming true even for Mac’s OS X; the recent Java malware is an example –though Apple actually released the update and fix after the Trojan was out in the wild. A Windows example: If you updated before Sasser arrived, you’d be 100% secure.

4) Use a firewall

This doesn’t offer much more protection from Internet worms than a NAT, but will be useful if you connect your laptop to a public network. It will also protect yourself from infected machines on your own network. A firewall would protect you from Sasser even if you didn’t install security updates at the time, and would offer partial protection against MSBlast.

While the built-in Windows Firewall provides decent protection, you could try out third-party solutions like ZoneAlarm for better control over what moves in and out of your computer.

5) Use an Anti-virus

This is important, but you must know where it stands – it cannot protect you against everything. In fact, most people skip it on the Mac and Linux, though it’s always recommended for Windows. Remember, you are worse off if you use an anti-virus but don’t know how viruses work.

I bet if you brush up your knowledge of viruses and run Windows without an anti-virus, you’d be infected fewer times than a noob running an anti-virus on a Windows and not knowing a thing about viruses. Anti-virus software are perfect if you realize that they work best for protecting against viruses that the software already knows about, and not so good at protecting new ones.

6) Backups

Whatever precautions you take, you might still lose the fight. Always ensure that you have important data backed-up, so that you can easily restore it in the case of an infection.

Even if there was no danger of infection, backups come in handy in the case of hardware failure, for which you should be prepared for anytime.

Footnotes

  1. ^The Registry is a database of configuration settings and options related to the Microsoft Windows operating systems. It can be accessed by pressing Ctrl+R, typing regedit.exe and pressing Enter
  2. ^MSConfig is a Microsoft Windows utility you can use to troubleshoot issues related to processes that are loaded on startup. Viruses often register themselves to start up automatically – you can remove the easier ones using msconfig or by editing the registry.