Member of the reality-based community of progressive (not anonymous) Massachusetts blogs
Something I noticed out of the corner of my eye while researching my last post, but didn’t have time to delve into deeply, is the fact that Chris Doherty’s donation page does not appear to have an SSL (Secure Socket Layer) certificate indicator. The donor page asks for your full information, including all credit card info, and claims at the top that “This is a secure page” with a padlock image, but what is more important than easily made in-page claims, is the missing padlock you should be finding on the bottom bar of your browser when you hit that page.
The donation form itself is in an iframe - embedding code from another site, the URL of which is:
But just because “secure” is in the subdomain of the page being pulled, it does not mean security. That page URL also does not have the “https” prefix - https indicates a secure URL. The form script appears to resubmit to itself via relative URL (web talk for using the same prefix and domain).
Curious, I put my IT husband on the case, and he used what’s known as a “packet sniffer” - software that monitors the pieces of information, called packets, that are sent to and fro whenever you submit something and then receive something through the web (or rather, through a network then the web). An encrypted (SSL) packet is indecipherable via packet sniffer. However, the test data that we submitted through the form on that page was perfectly intact in the packet sniffer. That means a knowledgeable computer person (with malicious intent) can, particularly if you are on say, an unsecured network at a coffee shop or library, grab 100% of your credit card information, everything that person needs to use the card themselves online (including the CVV, address, name, and expiration date).
If I were Chris Doherty, I would be really pissed off at my web design firm. This is a terribly amateur mistake that could compromise the personal information of donors. And it needs to be fixed ASAP.
UPDATE: Looking at the code for the page now, the iframe now links to “https://secure.sage-systems.com/cms/chrisdoherty/?l=donate” which appears to be a secure site (the certificate doesn’t name ownership info, but it at least has SSL).
This means the parent page (the contribute page) itself does not have SSL, but the transaction should be secure. It’s not how I would set it up - in that people do look for that padlock on the bottom bar when they are on a page asking for credit information, and it will not appear there, but it should be secure. I don’t have a packet sniffer here with me so I can’t check it but my guess is it’s encrypted. So good on the web updater for getting to it quickly. Still, pretty rookie move…
How quickly our electoral paradigm has shifted! Yesterday, I became a fan on Eileen Donoghue’s state Senate campaign facebook page. I was fan #9 (and the eight already listed, I knew most of them personally, ha). Today, I hopped on and looked again, and already, there are 140 fans listed. I’m guessing it’ll quickly ramp up from there.
Five days ago, this Senate seat wasn’t even an “open seat.” Now, the battle has been engaged already, online!
Can’t say that as a web designer and developer, I’m unhappy about the new, virtual engagement process of our elections.
I found this blog post which dredged up a 1995 article, complaining how the internet was really overpromised, that is very amusing. It’s chock-full of yummy goodies to laugh at, but its opening alone is precious! Bold mine, to highlight stuff that yes, really did come true, you internet Scrooge!
But today, I’m uneasy about this most trendy and oversold community. Visionaries see a future of telecommuting workers, interactive libraries and multimedia classrooms. They speak of electronic town meetings and virtual communities. Commerce and business will shift from offices and malls to networks and modems. And the freedom of digital networks will make government more democratic.
Baloney. Do our computer pundits lack all common sense? The truth is no online database will replace your daily newspaper, no CD-ROM can take the place of a competent teacher and no computer network will change the way government works.
Too funny. The only one that, I think, you can hand to this 15-year-old rant, is that we haven’t replaced teachers, though classrooms are a very different place technologically than they were, in most schools.
Anyway, go read it, it’s very funny. Talk about having no vision!
Coming at you live, via the internets, a series of toobs where you can have a virtual discussion…I’m going back to my facebook feed (which was where I found this link).
We could all (well, those of us on the losing side anyway) use a little funny in our day.
Hat tip to Mr. Lynne sitting across the room over there.
This was too good not to link to. It’s gone viral today with no less than three people [in my acquaintance] linking to it by email or Facebook.
Yes, sometimes being a web designer is hell.
Update: And you have to see this crazy stuff! Awesome!
Jackie wrote about the Globe article which mentioned that in the Governor’s public online voting about the new Massachusetts coin, the Lowell National Parks make it to second place on the list of possible historic and natural treasures to be depicted on the coin.
Now, the LNHP was behind the Gloucester’s Fisherman’s Memorial by a very large margin. However, if you recall, I linked to and wrote about the voting and encouraged people to show some hometown pride and vote for our own National Park.
I would love to see the list of referring URLs on that particular page! Is this evidence of LiL’s burgeoning ability to (almost) affect the outcome of inconsequential decisions by the federal government?
There’s no doubt now, change has come to America.
While things are slow going on Left in Lowell 2.0, things do go. I largely have the infrastructure design built (a lot of it in my head, but also partly in the software) for the basic front-page/user-post system, and am working on a new website layout design as well. (When I get frustrated with my back end design, I switch to playing around with the front end, and vice versa.)
So LiL2.0’s initial features will have those two items - the functionality of the current blog in Wordpress, plus user posts - though I am forgoing a Recommended List in the first edition, since I want to wait to see just how much user-generated content we get at the start…a Recommended List would be moot if there were only a new user post or two every day or so. However, that’s also in the works in the future, with a ratings system that will be pretty damn cool in the end. Possibly including a “highest rated comments” list if I feel really ambitious.
I do plan on specifically inviting local arts organizations and other cultural groups to become user contributors, so that when something interesting is going on, like an event or fundraiser, art show or poetry reading, they can write about it themselves on the blog.
Some other awesome features I plan on building: a page which showcases recent posts via RSS of other local blogs in the greater Lowell area - I’m thinking right now that it’ll be in three tabs, a “From the Left,” “From the Right” and a “General” tab for those blogs like the CM’s blog, which are nonpartisan and informational. Maybe even an “All” tab if you like your feed all mixed in. This will perhaps pull only the title, post date, and maybe a bit of a teaser from the text and the blog it is from, so you’ll have to click on them to read them. I want to encourage people to visit these other sites, not steal their content for mine. (Heck, even if I’m the only one who uses it, I’ll be happy - much easier to keep tabs on new content for my own purposes!)
Another future feature I think I would like will be a Live Blog quick-post system. This will basically be a way for moderators to take any amount of users (including myself) and “attach” them to a live blog post, where they will then have access to posting to it in a live-blog situation. That will leave the use of comments for comments, and forgo the need to edit a whole post to post a live blog, which will hopefully be less unwieldy on handheld devices while out on the road. It will also show the name of the live-blogger, the time it was posted, and be in (probably) reverse chronological order, so that you can refresh a live-blog post and see whatever is new. (If I can really hack it, I might even show you using an indicator what is new, if you are a logged-in user).
So it would look like this:
City Council Debate Live Blog!
Mimi (8:54pm): OK, this thing is wrapping up. I can’t believe that Oscar even said that!
Lynne (8:46pm): Wow, strong closing from Big Bird. I thought the nesting reference was killer.
waitilnextyear (8:43pm): I’ve just wrapped up my list of promises from the city council candidates…I’ll post them later. To be honest, I think it’ll be a very tall order for this list to be even 50% fulfilled. Especially in this economic downturn - I mean, promising a solar panel on every roof is laudable, but really unrealistic.
Lynne (8:30pm): Oooh! Bert just got up and punched Ernie in the head!
And so on.
Anyway, thought I would give an update, and by the way, I will need beta testers! Probably not for a week or two minimum, but if you are a longtime reader I can trust, and you want to help me kick the tires on this thing so that I can work out usability and/or software bugs, keep that in mind. Be the first of your friends to see LiL2.0! You’ll be the envy of…well, not that many people, but maybe a couple.
And, if you have suggestions on features you’d like to see, or have an opinion on how a feature should work, contact me at my email, lynne at leftinlowell.com (replace the at with an @, no spaces).
I just got word as to what is happening with Blue Mass Group, if you have been trying to get that website all day. Apparently, SoapBlox, which BMG uses for hosting and running their site, has been seriously hacked. It looks very, very bad.
This follows the hacking and death of Journalspace, another popular blog site, which very recently went under due to the severity of its data loss. I suspect the two are not unrelated.
I’ve already offered what help I can to David, but it’s hard to know how quickly BMG might be back up, if it can get back up at all with its archives intact. Best wishes, guys.
Just doing some catching up on my news here - holidays and family stuff has me behind.
I’d like to belatedly welcome to the Lowell blogosphere occasional LiL commenter Cliff Krieger, a local Republican activist, whose blog is far less alliterative than this one though quite comprehensive (albeit from a different point of view). If you hadn’t seen the link from richardhowe.com, Cliff started Right-Side-of-Lowell over a month ago. (Which side would that be, the north or the south?! Kidding!) Apparently the local blogosphere is now no longer tipped completely towards the progressive side.
Cliff strikes me as the sort of person who is doing the work his party needs on the ground (butchering my name notwithstanding) so it should be interesting to observe where the local Republican party can get itself. Frankly, good competition is never a bad thing. Just, don’t be too good at it.
[powered by WordPress.]
57 queries. 1.048 seconds