I’m going to try out intermittent fasting for a few weeks, after hearing about it for several years from fit-minded friends. It’s tough to find a link on it that doesn’t have some sort of newsletter popup or sell an ebook, but Tim had a good guest post on it in 2008 which ends on a skeptical note, and this beginner’s guide to intermittent fasting by James Clear is awesome for its graphics and straightforward way of introducing the concept and ways to approach it. I’m going to aim for a late lunch and a normal-timed dinner, since like James dinner is often my most social meal.

Update: I also forgot that I wrote about this with a few more links and some good comments in January.

A Bank Website on WordPress

There’s a thread on Quora asking “I am powering a bank’s website using WordPress. What security measures should I take?” The answers have mostly been ignorant junk along the lines of “Oh NOES WP is INSECURE! let me take my money out of that bank”, so I wrote one myself, which I’ve copied below.

I agree there’s probably not a ton of benefit to having the online banking / billpay / etc portion of a bank’s website on WordPress, however there is no reason you couldn’t run the front-end and marketing side of the site on WordPress, and in fact you’d be leveraging WordPress’ strength as a content management platform that is flexible, customizable, and easy to update and maintain.

In terms of security, there are a two simple points:

  1. Make sure you’re on the latest version of core and all the plugins you run, and update as soon as new version become available.
  2. Use strong passwords for all user accounts. For extra credit you could enable a 2-factor plugin, use Jetpack’s WordPress.com login system, or restrict logged-in users to a certain IP range (like behind a VPN).

If your host doesn’t handle it, make sure you stay up-to-date for everything in your stack as well from the OS on up. Most modern WP hosts handle this (and updates) for you, and of course you could always run your site on WordPress.com VIP alongside some of the top sites in the world. If you use any non-core third party code, no harm in having a security firm audit the source as well (an advantage of using open source).

For an example of a beautiful, responsive banking website built on WordPress, check out Gateway Bank of Mesa AZ. WordPress is also trusted to run sites for some of the largest and most security-conscious organizations in the world, including Facebook, SAP, Glenn Greenwald’s The Intercept, eBay, McAfee, Sophos, GNOME, Mozilla, MIT, Reuters, CNN, Google Ventures, NASA, and literally hundreds more.

As the most widely used CMS in the world, many people use and deploy the open source version of WordPress in a sub-optimal and insecure way, but the same could be said of Linux, Apache, MySQL, Node, Rails, Java, or any widely-used software. It is possible and actually not that hard to run WordPress in a way that is secure enough for a bank, government site, media site, or anything.

If you wanted any help on this feel free to reach out to Automattic as well, we have a decade of experience now dealing with high-risk, high-scale deployments, and also addressing the sort of uninformed FUD you see in this thread.

If you’ve developed a major bank site in WordPress leave a link in the comments.

What is music? There’s no end to the parade of philosophers who have wondered about this, but most of us feel confident saying: ‘I know it when I hear it.’ Still, judgments of musicality are notoriously malleable. That new club tune, obnoxious at first, might become toe-tappingly likeable after a few hearings. Put the most music-apathetic individual in a household where someone is rehearsing for a contemporary music recital and they will leave whistling Ligeti. The simple act of repetition can serve as a quasi-magical agent of musicalisation. Instead of asking: ‘What is music?’ we might have an easier time asking: ‘What do we hear as music?’ And a remarkably large part of the answer appears to be: ‘I know it when I hear it again.’

Elizabeth Hellmuth Margulis writes on why we love repetition in music and the neurological effects repeated songs have on us. Hat tip: Brian Groat.

Ambiguity. It’s the defining characteristic of this age. Yesterday offered many certainties. A secure job, stable income, lasting community…a predictable economy, culture, society. But that’s not the case anymore. Something surrounds us, permeating our worlds, defining our lives; though we call it by different names. Economic uncertainty; social instability; political unpredictability. All simply different kinds of ambiguity.

Umair Haque writes on Ambiguity and the Art of Meaning.

Best Headphones Spring 2015 Edition

Since my last headphone post I’ve been trying out lots of different models, and have settled on two new ones as my daily drivers: the PowerBeats 2 and the Sennheiser Momentum 2 Wireless.

beats_by_dre_pr_sentiert_lebron_james_in_re_established_powerbeats2_wireless_01I’ll talk about the Beats first because it’s easy: before I used a Plantronics set for exercise, but the battery life wasn’t great and they would often fall out when running. The Powerbeats 2 are light, have great battery life (they claim 6 hours, that feels about right), stay in place even when running in the Houston heat, charge fast, and as a bonus they look cool. (Beats has always been great about that.) The sound? They’re bad, but good at it. There’s basically no isolation so you can hear traffic and things around you at lower volumes, which is actually a bonus, and if you turn up the volume they get loud enough to drown other stuff out. Buy these for the function, not the sound quality, and you can pick them up from any Best Buy kiosk in the airport or Apple Store if you lose or forget them, so they’re pretty ubiquitous.

71mNNnOhCKL._SL1500_-2I heard about the Sennheisers from Carl Hancock who tried them and gave them a high recommendation. I had trouble finding them but there was a pair local to me at B&H in New York so I got them delivered and I was immediately impressed with them. They’re better than my previous wireless over-ear recommendation the Samsung Level Over in every way: sound, size, compatibility, aesthetics, usability, noise canceling.

The sound is the best I’ve heard from wireless headphones so far. Just the right balance. The noise canceling apparently uses 4 different mics and I’ve found it more than sufficient on dozens of plane rides, including passing the noisy baby test. My only complaint is they don’t “grip” my ears as much, so some sound leaks in that way. They fold up to be pretty small, and I just toss them in my backpack. 81FYeTRjv4L._SL1500_-2The battery goes forever, or as they claim 22 hours. You really forget to charge these things for a while and they still have plenty of juice. The volume and other controls actually work with the iPhone, and bluetooth calls have sounded great and people can actually hear me. Only downside is they have basically a proprietary connection for their 1/8th inch cable, so you have ta carry that around, but they charge with standard micro-USB. The only possible challenger I can think to these are the BeoPlay H8s, which I haven’t tried yet.

tl; dr: If you want to exercise and get sweaty, get the Powerbeats 2 in your favorite color. For traveling, listening to music, talking, and generally enjoying amazing sound without worrying about wires, try out the Sennheiser Momentum Wireless.

I think it’s interesting that both of these recommendations are version 2.0 of a product, it’s good to see companies iterating and improving on products even if they’ve already been successful in the marketplace.