Who the heck has time to write a blog post post?

No, not a typo. But seriously, I have lots of ideas for blog posts – when I’m in the middle of doing whatever it is that gives the idea for a blog post, but the energy rarely exists outside of that task and then when I think about it later, I decide I have way more important things to do (which is true, that’s not my imagination).

So, how did I find time to write this blog post about writing a blog post? I didn’t.

7:11 AM here in Flower Mound, TX.

I decided that part of my problem is that I want to write the “right” blog post. Yea, that will never happen.

So if you wasted a minute of your time looking for insight on how to find time to write a blog post, here’s your great words of wisdom: quit spending so much time not writing it, or thinking about writing it, or pondering what you should write about, and just write.

As you were…

CKEditor Spellcheck Plugins Security

We have been using CKEditor a long time (since it was FCKEditor…always loved that name, makes me giggle like a little kid when I even say it to myself) and just love the product. There are 2 plugins that come with it for spell checking, SCAYT, and WebSpellChecker. Both SCAYT (Spell Check As You Type) and WellSpellChecker are enabled by default, however, SCAYT is not enabled for autoload by default. When I realized that I could enable the autoload for SCAYT, I did just that…and then one of my team members asked a very pertinent question, one that I should have asked a long time ago. Have we reviewed the security (or lack thereof) used by these plugins / service?

If don’t already realize this, these 2 spellchecking plugins are a service provided by WebSpellChecker.net. Both of these plugins send the text being checked to this service and return the results. I knew this fact, but that’s as far as I had really considered it.

What I had not considered is if this service was secure. The┬ásite that we use CKEditor on is secure – it has to be. We are a healthcare facility and we have to protect PHI (Protected Health Information). Now, users should never be entering PHI into text boxes that use CKEditor – nor should anyone ever be entering any other data that needs to be secure in these fields (like passwords). However, we all know that this will happen. The data itself is stored secured and we remove this information as we find find it.

After I was asked the question, I did some research on WebSpellChecker.net’s site and general searches as well, but I could find nothing that told me if these plugins used a secure connection or not. So, I finally just tested it myself using Fiddler and was shocked to find out these are not secure (SSL / TLS) connections, but plain text HTTP!

fiddler shows definitively no security is used for ckeditor spellcheck plugins

Needless to say, we have disabled these plugins completely. We were just using the free version of this service anyway. WebSpellChecker.net does have a paid service and maybe if we paid for it, they would provide some way to use HTTPS. I was very surprised thought that a service like this that was enabled by default in a very common WYSIWYG editor was not secure. Glad we caught it.

Not Just For “Show”

2013 Ford Taurus SHO Review

sho1

As I was driving my 2013 Ford Taurus SHO a couple of days ago, I suddenly felt compelled to write about this amazing vehicle.

But first…

  1. I am not a Ford fan
  2. This is not a comprehensive review, this is a “why this car is so freaking awesome” review

I’ve put about 3800 miles on this vehicle since I bought it 4 months ago – that’s a record for me, as I usually put about that much every month on a vehicle!!! I sold my 2010 Nissan Armada Platinum for the SHO and when I did, I was very nervous about not driving what is now my second favorite vehicle and one that such enormous (literally) versatility. So, my plan was to get into something cheaper and while perusing the Mustang GT’s (again, not a Ford fan, but I love muscle cars, and I’ve owned 1 seriously bad-ass tuned Mustang GT before.)

So, am I going to review the SHO or what? I’m getting there.

I test drove the car with a salesman, of course, but you can never test drive a car like this with a salesman….properly. I could see that it definitely was impressive. The interior was as technology advanced as I’d ever seen (and that’s a big deal to a nerd like me), yet also very refined (nice leather, emblems, etc…) and extremely comfortable. Giving up a beast like the Armada, I need cargo space and thankfully the SHO has a giant trunk (I think the salesman said I could put quite a few bodies in there, no wait, it was 9 sets of golf clubs.) The wheels, lines and grille are gorgeous. Then there is the driving: like I said, you can’t test drive much with some guy eyeballing in the car.

So, I bought it – just like that, the last 2013 they had, right off the showroom floor (the 2014 was out by the way, but this one has better wheels IMO and 5 grand cheaper.)

AND THEN I DROVE IT.

Wow. My first day out with this I really was in a dead run to get somewhere, straight from the dealer. I was almost overwhelmed at the power the SHO has available – and a twin-turbocharged…oh heck from the website:

 

v6twinturbo

 

Every time I get in the SHO, I am surprised how incredibly fast it is – like I get in my nice family car and then go, “Holy cow, who built this thing???” The handling is amazing as well. Oh, and it’s all-wheel-drive. So, it will go as fast it can, in any direction you like (watch out for whiplash.) Seriously, though, I’ve had some very fast cars in my life and I’d take this up against any of them. Truly an amazing accomplishment, Ford Motor, Co. Bravo.

http://www.ford.com/cars/taurus/trim/sho/