Card-tumbling, like its evil relatives of automated spam, script kiddies and privacy breaches, is not a problem to be solved, but is a fact of life on the internet.
Recently, new strategies for bad actors means that even if you thought you'd fixed this, you might need to review your defenses.
If you've got a publicly accessible contribution page using an on-site payment processor, there's a good chance that you're a target.
and is that really a thing?
I’ve noticed an increase in questions about security over the past year. While I would say that you can’t be too secure, I’m not as convinced that you can’t have too much “security”. The difference is that “being secure” is not the same as doing things in the name of “more security”.
Security for your CiviCRM install is important, especially this time of the year. Because of two recent, massively exploited vulnerabilities in Wordpress, I'm posting this with some simple advice for small organizations that might not think they can do anything about security, or that it might not affect them.
My recent blog posts have talked about containers, Docker and why I think they're a good fit for hosting CiviCRM. Here's a deeper dive into two design ideas that are part of my Simuliidae open source hosting project.
Let's share stories, ideas and code. Containers are good for sharing.
Like all interesting questions, this has three worthwhile answers: yes, no, and maybe. Let's explore them all.
In 1992, there was a little known new thing called the world wide web. By 1995, it was a "thing". Now, what exactly do those quotes do to the word "thing"? And what does this have to do with "entities"? Cue my favorite programming joke.
This month, British Columbians (in Canada) will be voting on whether to adopt proportional representation (PR) when electing their provincial representatives. If they do, they'll be the first province in Canada to do so.
Fair Vote Canada has been advocating for proportional representation in Canada's voting systems for more than 10 years, and I've been working with them for almost as long, using CiviCRM.
If you are a medium or large organization and use a payment processor with CiviCRM, and especially if your reporting needs are complex (e.g. political parties that need to report income rather carefully), then you will have run into the challenge of reconciling payment processor income in CiviCRM against your bookkeeping system and/or your bank account.
It's a time of year when machines and people get stressed, particularly in countries where tax laws and custom favour end-of-year donations. And if you've ever managed a CiviCRM installation, the last thing you probably want is to interrupt your end-of-year festivities with an issue of someone being unable to make a donation.
