Inkless Paper Developed

Purple glow within a shade containing an ultraviolet (UV) light bulb.

Phys.org reports on a breakthrough in printing: paper that uses ultraviolet light to print on coated paper. The paper can be heated to 250°F to erase what was printed and re-written to it up to 80 times (re-writable paper).  The researchers believe that this paper, which uses ultraviolet light to speed up chemical reactions between titanium dioxide and Prussian Blue [Bob Ross, anyone?] pigment, can be produced cheaply on a commercial scale. Given that all the required materials – paper, titanium dioxide (already heavily used in beauty products/makeup, sunscreen, and as pigments for medicines, toothpaste, lipstick, creams, etc.), Prussian Blue pigment/dye, and ultraviolet bulbs – are all inexpensive means the materials are likely to be affordable. However, there are a few drawbacks:

Continue reading “Inkless Paper Developed”

WordPress 4.7.2: Hidden Exploit Fix

The WordPress logo. A "W" cut out of a dark gray circle with an outline of the same color. "WordPress" is written below the logo. "Word" is a dulled blue and "Press" is the same gray color as the logo.

The recently released version 4.7.2 of WordPress had an additional security fix which was not disclosed in the changelog when it was released. The issue? A privilege escalation / content injection bug in the REST API that allowed for the potential that anyone could edit any post.

How?

Part of the REST API had an improper check for a valid post. If it was not a valid post ID but still contained a valid ID within a string such as “134A” it would be converted to an integer (the A gets stripped away making it just “134”) which gives any user access to update the post via shortcodes (and possibly other routes).

This issue was fixed in 4.7.2 so make sure your WordPress install is updated!

Disclosure of Additional Security Fix in WordPress 4.7.2

Release: Elasticsearch 5.2

Elasticsearch logo: A circular "e" split into 3 horizontal sections. The top is yellow, the middle is purple and blue, and the bottom is aqua/light blue. Below the logo is the word "elasticsearch" in black.

elastic has released version 5.2 of their search software, Elasticsearch. Here is what you can expect from this release:

  • Numeric & Date range fields: New field types (integer_range, float_range, long_range, double_range, and date_range) were added allowing you  to define a minimum and maximum numeric or date range when you post data to the document field. For example, an event lasting an entire weekend can now be easily added and can then be searched by checking if the event’s date range lies inside or outside a search range or a specific date falls within the event’s date range.
  • Cluster Allocation Explain API: For Elasticsearch admins, when a cluster went down because of shards not being allocated often required a number of queries to different APIs to figure out what exactly happened to a cluster. The new Cluster Allocation Explain API combines the information scattered around different APIs to make it easier to diagnose the problem and get it solved quicker.
  • Keyword Normalization: For the new keyword type added in version 5.0, it was not easy to do things like lowercase the characters since it was meant for aggregations & scripting. This update allows you to use normalizerstokenizers that only affect individual characters, not entire terms. This allows you to use character modifiers on the field when you need to.
  • Term Aggregation Partitioning: Elasticsearch defaults term aggregations to the top 10 but can be set to higher values. However, many were requesting if there was a way to just return all top terms (such as using a negative value). However, it is not possible. Why? Because can take much longer for databases with many thousands, millions, or even billions of terms. However, people were persistent so they came up with another way. An example is looking for all the accounts that have not logged in recently. In this update you can partition the terms across a set number then request the terms from each partition individually.

https://www.elastic.co/blog/elasticsearch-5-2-0-released

 

Release: WordPress 4.7.2

The WordPress logo. A "W" cut out of a dark gray circle with an outline of the same color. "WordPress" is written below the logo. "Word" is a dulled blue and "Press" is the same gray color as the logo.

Last week WordPress released the second security update for version 4.7. There were 3 security issues fixed:

  • Interface for assigning taxonomy terms in Press This was shown to users who did not have permission
  • An SQL injection vulnerability was patched in the WP_Query class to prevent poorly coded plugins and themes from falling victim (involving post types)
  • Fixed a cross-site scripting (XSS) vulnerability in the post listing table (excerpts were not being escaped)

It is strongly encouraged that, if you are not using an automated update system, you manually update/upgrade your version of WordPress to this latest to prevent exploitation.

WordPress 4.7.2 Security Release