Sep

28

What P.T. Bridgeport Taught Me About Typography

Articles

You never know what you’ll discover when sorting through old books. I used to spend hours as a kid carefully creating my own typefaces and learning how to add perspective to letters. Ask me a few weeks ago where my love of typography came from, and I certainly wouldn’t have said it came from a bear. That was until I found this panel of P.T. Bridgeport in the pages of Walt Kelly’s book The Incompleat Pogo.

I used to imagine P.T. Bridgeport’s voice sounding something like W.C. Field’s. It’s marvelous how Kelly could convey a colorful personality using black ink and white paper and speech ballons. And convey inflection and tone of voice by varying the size, style, and weight of type.

I have only three well-loved (okay, falling apart) books by Walt Kelly left, Ten Ever-Lovin’ Blue Eyed Years With PogoPotluck Pogo, and The Incompleat Pogo, out of what used to be a much larger family collection. I used to pour over this and the other Pogo books long before I could read. This wanna-be P.T. Barnum whose every utterance is a sales pitch wasn’t even one of my favorite Pogo characters—those would be Albert Alligator, Pup Dog, and those three bats Bewitched, Bothered, and Bemildred—but he apparently had the longest lasting influence. Is it possible that P.T .Bridgeport is also responsible form my I love of early circus posters.

 

Posted by | 0 comments
Aug

27

An Expert Answers Questions About Hacking

Articles

Black Hat Squadron
The heros of the story of my hacked website are the folks at JTPrattMedia. If hackers are the guys wearing black hats, these folks are wearing the white hats. John Pratt, the company’s principal, graciously agreed to answer some of my questions about hacking and hackers.

 Please help me understand what happened to my website and why someone would want to hack my website. Who did it and what did they get out of it?

 The thing to know is that there is almost never a “someone.” In your house, you would know if somebody was trying to break in. You probably have no idea that your website receives thousands of break attempts per day — 99.99% of which are completely automated. These are almost all automated bots and scripts trying to:

  • Deface your website
  • Inject spam into your website
  • Break your website
  • Infect computers

Read here: www.jtpratt.com/series/wordpress-security-guide

and this recent blog post: www.jtprattmedia.com/my-wordpress-website-is-still-getting-hacked

 Is anyone keeping track of how many websites are hacked each year? Is there a place to report internet attacks?

 No and no. There never would be. Every access attempt to a website is logged on every webserver. Most companies would never want this information public — therefore it would never be shared in such a way where stats could be collected. There is no place to report attacks, and prob never will be. Websites are hosted on different servers, different locations, with different companies — attackers use fake credentials and fake IP’s, and to make matters worse many are just “zombie” attacks (that you can’t track back to a real person).

Let me give you a scenario. We’ll say I live in Russia and a crime syndicate pays me a fee to write a bot that infects websites with poker and gambling related spam to get traffic to their illicit websites.

Let’s say I found a hole in WordPress version 3.3.0 (from a year ago) that allows you to upload a file into a website. I write a script that searches for websites using that version of WordPress and then uses that hole to break in and upload a file.

The file that gets uploaded is a PHP script, it looks for your theme files and injects spam in the footer. This is very common and pretty simple — but you would think you could trace the source of the break-in to a computer (and or person), right?.

No. Here’s a more complicated scenario at a much higher level. The crime syndicate hires an experienced genius level programmer to create some “malware” with a payload that is self-replicating. This is on the level of science fiction in a way when you think about it. This type of malware (the type they call rootkits and trojans) has the ability to infect a PC — send emails to an entire address book of friends, infect them, infect their friends, and their friends, and so on. Many of these mave mini mail servers and web servers built in — and they can serve the scripts to attack websites (like the previous example).

So at a base level let’s say a guy in Detroit named “Bob” has a laptop —and his teenage kids use it at night. They click an ad on a music download website and unwittingly get an malware infection that his virus scanner doesn’t detect. Bob’s entire email address book gets an email from him with a spam link — he figures his Facebook or Gmail account has been hacked, and changes his passwords.

While Bob’s laptop is used — when it’s connected to the web the trojan rootkit searches for websites using WordPress running version 3.3.0 so it can break in and upload the file that injects spam in the footer (from the first example).

The malware might run on Bob’s laptop as a “zombie” for years before it’s found and removed. People don’t even know their computers are breaking into other computers (day and night). There are hundreds of scenarios just like this.

 This world map of Cybercrime at http://globalsecuritymap.com/ published by http://hostexploit.com, does that look pretty accurate to you?

 J  I would say that looks completely accurate.

M — What were you doing before you began repairing hacked websites?

 J — I have personally been building websites since 1995. JTPratt Media has been my full time WordPress company since 2009, and we do SEO and social media management in addition to WordPress development. We first began fixing websites with spam problems, and then fixing hacked websites as that problem became more mainstream a few years back. We don’t only fix hacked websites (now), but we do get those inquiries each and every week — in additional to regular WP development.

M — How did you get involved in repairing hacked websites?

 J — WordPress started as a blogging tool and has grown exponentially each year since 2004. In the last 3 years (especially) it has officially moved from a “blogging tool” — to a tool to create and manage business websites. Because it’s mainstream (like Windows) it’s a target because of the base of sites it holds. It’s a common misconception that you shoudn’t use WordPress because it has security issues. With more than 50 million websites using it, and since it now runs almost 1/5 of the web — more than ANY other CMS system in the world — hackers target it more than any other. The websites broken into are in the thousands, as compared to millions of installations, and WP is very secure when maintained properly.

A few years back we wrote this WordPress security guide: www.jtpratt.com/series/wordpress-security-guide

We started to get new clients from that with broken hacked websites that needed to be fixed. Soon we had fixed quite a few — and found the process was usually the same to clean, secure, and harden them — and we still pretty much use that same process today.

 Has hacking increased since you began repairing hacked websites?

 J  It will never stop, and is definitely growing. However security is getting better, and now with Google notifying website owners of infections there are more stopgaps in place than ever before.

M — Has hacking become more sophisticated since you began repairing hacked websites?

 J  Definitely. Especially since it’s automated, and once computers are infected with zombie “bots” that can search for and attack more websites — things that are self-replicating and go into the wild can live there for years, continuing to do damage.

 Are some content management systems more vulnerable than others? Which ones? Why?

 J  This used to be the case, but not much anymore as most of what’s out there is constantly developed by a team of coders and very mature.

 Hacking, malware, badware, spam, bots… What’s the difference?

 J  There are hundreds of explanations for these very similar things (most of which the ordinary person doesn’t want to know anything about).

M — Anything else you’d care to add?

 J  The most important things for anyone to remember:

  1. Stay up to date (WordPress, and all plugins + theme)
  2. Have a regular offsite backup
  3. If you don’t know what to do, or how to do it — hire an expert. Otherwise your website could be lost.

 

Photocredit: Felt beige cowboy hat on a white background by Ealdgyth, September 14, 2007, aquired from Wikimedia Commons

 

 

Posted by | 1 comments
Aug

21

Hacked!

Articles

Black Hat Squadron
At first I didn’t realize that my WordPress website had been hacked.

I work up one morning to find a flurry of comments had come in to my blog during the night. The warm fuzzy feeling of having so many interested readers quickly disappeared when I discovered that none of the comments were addressed to me. The first dozen or so appeared to have come from the discussion board for an online typography class. Who the students were and how their conversations got routed to my blog, I’ll never know. They stopped at about 2 a.m.

There was a lull before the spam started. The few I opened were filled with gibberish. It came in slowly at first—at a rate of one and hour—but the pace kept ticking up a notch. By mid-morning I was receiving one spam a minute.

DYI Spam Fighter

I devoted the entire weekend to figuring out how to stop the attack.

I went into the dashboard of my WordPress site and turned off the comments on every page. This did absolutely nothing. The comments continued to click in to my site from the giant cyber spam dispenser.

There were hours and hours of research. I updated WordPress, changed my all of passwords, discovered and removed malicious code hidden in several places, and rebuilt my site. None of this worked. It didn’t matter that all of my code was clean. The spam engine was controlling my contact form from outside of my website.

Once I discovered that the source was outside my site, I deleted my contact page and renamed the php file for my contact form. The spam stopped instantly. But I had disabled my blog.

Some Things are Better Left to Professionals

Why is it that my first thought is to hire an expert when there is a problem with the wiring in my house or when my car’s engine dies, but when my website was hacked I thought I could gain the knowledge to fix it in only two days?

Like many members of the WordPress community, I would rather do it myself. But that roll-up-my-sleeves attitude didn’t take into account my full-time job, graduate school, or my relationships. I also needed confidence that my site was not just sort of—but really—fixed before I started posting articles again.

Who You Gonna Call?

The results of my Google searches for “my WordPress site was hacked” and similar queries were either desperate pleas for help from WordPress owners like myself or step-by-step DIY solutions. I turned up only a handful of professionals who unhack WordPress sites. I chose JTPratt Media. Thanks to John and his team my site was scrubbed and secured in a couple of days.

John Pratt agreed to answer some of my questions about hacking. His answers are in my next post.

Posted by | 1 comments
May

18

10 Typeface Pairs for Cash-Poor Designers

Articles

cut pink paper valentine for typeface pairs

 

Several of my students asked me to recommend serif and sans serif typefaces that go well together. I realized that most of the combinations I was going to suggest involved purchasing fonts. With many of them working their way through school, it didn’t seem fair to expect them to buy fonts for my class. So I began looking for pairs in the core sets of fonts that all graphic designers have on their computers—that install with the Apple operating system, Adobe Creative Suite, and Microsoft Office. When I couldn’t find a list on the web, I started experimenting.

I set the following parameters: the typefaces had to be in the three core sets, and have a least four weights (regular, bold, italic, and bold italic). To make a good pair I looked for similar letter shapes, x-heights, stroke weights, and “feel.” I found over 20 pairs, but there isn’t enough room to include them all. I’m only posting 10. On the first line the letters may appear to be the same size because their sizes have been adjusted to make comparison easier.

I hope you find the the following 10 combinations useful.

Calibri & Book Antiqua (MS Office / MS Office)

Typeface pair Calibri Book & Book Antiqua

Century Gothic & Bookman Oldstyle (MS Office / MS Office)

Typeface pair Century Gothic & Bookman Oldstyle
Futura & Palatino (Mac OS X / Mac OS X)

Typeface pair Futura & Palatino
Gil Sans & Adobe Caslon Pro (Mac OS X / Mac OS X)

Typeface pair Gil Sans & Adobe Caslon Pro
Gil Sans & Chaparral Pro(Mac OS X / Mac OS X)

Typeface pair Gil Sans & Chaparral Pro
Helvetica Neue & Garamond (Mac OS X/ MS Office)

Typeface pair Helvetica Neue & Garamond
Myriad Pro & Adobe Caslon Pro (Adobe CS4 / Adobe CS4)

Typeface pairs Myriad Pro & Adobe Caslon Pro

Myriad Pro & Minion Pro (Adobe CS4 / Adobe CS4)

Typeface pair Myriad Pro & Minion Pro
Optima & Didot (Adobe CS4/Adobe CS4)

Typeface pair Optima & Didot

Posted by | 6 comments
May

01

Heroes: Robert, Ellen, & Jason

Articles

Names of typgography heros spelled with scrabble pieces

 

Robert is , the author of The Elements of Typographic Style. This was the first graphic design book that I fell in love with. Set in the typefaces Minion Pro and Syntax, the layout of this book is so elegantly considered that I find myself turning each page with extreme care. Something I don’t do with most books. While reading his book I learned to respect and really look closely at the forms that make up a letter, each letter’s relationship to its neighbor, and their form on a page. It got me rethinking who I was and what I wanted to do. I had already been working for 8 years as a graphic designer, but had not let go of the idea that I was really a painter, and graphic design was my day job. Becoming a graphic designer in spirit has been a slow process. But I can pinpoint where it began—with his book.

Ellen is . She has written a number of books on design. The only one I have read, so far, is Thinking with Type: A Critical Guide for Designers, Writers, Editors & Students. Where Bringhurst’s book is scholarly and at times hard to read, reading Ellen Lupton’s book can be like having an intense late-night conversation with your best friend.

Read More» Posted by | 3 comments
© Copyright morganelye - Theme by Pexeto