Archive for April, 2014

Heartbleed bug

Saturday, April 19th, 2014

By now, you might have heard of this thing called the Heartbleed bug, which is making the rounds on most Internet news sites.

The truth is, it’s not as bad as it sounds. The vunerability was pretty bad, but in practice, for any of our users the risk was minimal.

First, the bad news: some of your data might have been exposed to anyone sniffing our traffic. The operative word here is might. Chances are very, very slim that any sniffing took place, plus this was not a breach in our database, they didn’t have access to any of the data we keep there (user name and email address, if you provided one) they would only been able to grab your password if they were sniffing online at the actual time you logged in. Think about it, with the trillions of web pages out there, the chances of someone actively sniffing Doghouse pages are what? A quadrillion to one?  An Octodecillion to one? Something crazy anyway.

As I say, extremely unlikely.

The good news:

  1. We have patched all our systems so the Heartbleed bug is no longer an issue.
  2. If you are worried about this bug, change your password in Doghouse. Here’s a link explaining how.

Which services were affected?

Only Doghouse, and only when you contribute any data from the Pedias or when you logged in to admin.bruji.com or doghouse.bruji.com (they’re the same page). If you only use Doghouse for searches and have never contributed any entries you have nothing to worry about.

What data do you store?

We only store your user name and your email address if you provided one so we can communicate with you if the need arises. We never sell or expose your data to anyone, ever, under any circumstances. You can view our privacy policy right here.

What about my password?

Your password is stored with high-grade encryption and looks like this:

e8afdd90d1dec343128b090e39e77eb08f859d4d78ce88262db6fb8f3d9a314ab7a486508567c21ded896bf3c32048fa6abd8987b5d57a1f46fcf6441a30d59a

That doesn’t mean that even if someone got a hold of it they could use it to login with your username because we also use an added security measure appropriate called a salt and there is no way to reverse this encryption to figure out what the password really is.

But, I repeat, nobody but us has access to this data not even through the Heartbleed bug.

OK, this sounds good, but I’m still worried, what should I do?

Just change your password if you use it elsewhere and are worried someone might have caught it as you were logging in and you’ll be fine.

New Web Design

Wednesday, April 2nd, 2014

Main Site

The web page finally got a make-over after two years of patiently waiting on our to do list and several months of work and careful planning to roll it out simultaneously across the main web site, the store, the blog and the forum. All of which run different software so we had to coordinate several different templates.

It took us this long because the main priority has always been our apps and Doghouse. Nora and I have seen our time consumed by the Pedias and Pocketpedia, so we let Alex, our Doghouse guru (the man responsible for the results you get when searching), tackle the job. He gave the web site time on weekends and when he needed a break of thinking about all the moving pieces that is Doghouse administration. Since finishing the migration to new servers and a Padrino API he has found himself with more time, so work quickly accelerated.

Forum Site

All of a sudden I load the web site one morning and everything is in place. It’s nice to see all these months of work spring up all of a sudden and even more exciting to be able to share this with all our users. Since it was a complete overhaul there will be a couple of months of tweaks and users have already started pointing Alex in the right direction. Like all software and trees the web page is changing and growing and there are always corners that need trimming; so do pester Alex if you find any broken links or missing functionality.

On the technical side, Nora and I are old school and tend to write each HTML tag in a text editor and then style it with some basic CSS. Alex on the other hand is new age and uses all the latest frameworks. Those of you who have signed up as moderators to Doghouse know all the animations and fancy designs he employs via Ruby on Rails and things called LESS and SCSS (he assures me that LESS is more). Nora and I were not quite ready to give up our regular HTML so we asked him to still use some traditional HTML with a light sprinkling of new frameworks for type and layout. Especially since we knew that the integrations with PHPBB (the forum) and WordPress (the blog) otherwise would be complicated. Not to mention eSellerate’s system (the store) that still uses ASP.

Bookpedia Site

We are quite impressed with the work Alex has done on the web site and want to thank him for all the hard work and extra hours he has put in to this. Glad to have a man of so many trades on the team, who was able to finally get this web site removed from the to do list. Hopefully the trend for flat will stay steady for a couple of years and we won’t need a redesign for a while.