Technology Tales

Notes drawn from experiences in consumer and enterprise technology

Collected Snippets

SolarWinds has issued security updates to address four critical vulnerabilities in its Serv-U file transfer software, which could allow attackers to gain root access on unpatched servers. The most severe flaw, CVE-2025-40538, involves a broken access control issue that enables the creation of system admin users and arbitrary code execution under high-privilege conditions. Additional vulnerabilities include type confusion and an insecure direct object reference flaw, though exploitation typically requires existing administrative access. While over 12,000 Serv-U servers are exposed online according to Shodan, Shadowserver estimates fewer than 1,200 are actively accessible. The software has historically been a target for cybercriminals and state-sponsored groups, with past exploits linked to ransomware campaigns and zero-day attacks. CISA currently tracks nine active SolarWinds-related security flaws, underscoring the ongoing risk posed by unpatched systems.

Hackers believed to be working for the Chinese government compromised the popular open-source editor Notepad++ between June and December 2025, delivering malicious updates to users through a hijacked update mechanism. The attackers exploited vulnerabilities in the shared hosting server where the Notepad++ domain was hosted, redirecting certain users to a malicious server that delivered compromised software versions. Security researchers identified the perpetrators as Lotus Blossom, an espionage group known to target government, telecommunications, aviation, critical infrastructure and media organisations, with victims in this campaign being primarily those with interests in East Asia.

The developer, Don Ho, discovered that attackers gained hands-on access to victim computers through the tainted software, though the precise method of the initial server breach remains under investigation. After fixing the vulnerability in November and terminating hacker access in December, Ho urged users to download the latest version containing security fixes, whilst apologising for the incident that affected software that has had tens of millions of downloads over its two-decade history.

Altova recently highlighted three key capabilities in their software products for users who purchased XMLSpy 2022. MapForce now offers PDF data extraction through a visual interface where users can search for specific words to locate and extract tables or other content, which proves particularly valuable when working with large documents or repetitive elements in data mapping workflows. XMLSpy has introduced a graphical BSON editor that displays binary JSON documents in a readable grid format, allowing developers to view, modify and convert between BSON and formats like JSON and YAML without struggling with the inherently unreadable binary format. The company has also developed an XBRL Tagging solution for European Single Electronic Format reporting, enabling business users to visually tag financial statements in familiar PDF or HTML formats using their mouse and searchable menus, which then generates compliant iXBRL reports without requiring deep technical expertise in XBRL standards.

When a manager hesitates over paid Excel training, it usually reflects uncertainty about business value rather than opposition to development, so the case needs to be framed around workflow stability, fewer errors and measurable improvements. Free learning options can build general competence but often fail to address the messy reality of mission-critical spreadsheets, specific business rules and the shortcuts teams use under pressure, which is where targeted training can make processes consistent and repeatable. Cost objections can be met by comparing a modest workshop fee with payroll and showing how even small efficiency gains quickly repay the investment, while the claim that there is no time for training can be reframed as a sign of inefficient systems that a short, focused session can relieve through automation and better methods. Confidence in traditional Excel skills may also overlook modern features such as Power Query, Power Pivot, dynamic arrays, scripting and AI assisted workflows, so a low-risk pilot with before and after measures of time and errors can provide proof and make the decision easier. Here is where you can find out more.

Users can view and modify their personal language, time zone and regional preferences through their profile page in SharePoint, accessible from desktop or mobile devices. These settings only affect the individual user's view of SharePoint sites and do not change how others see the same content. To make changes, users must navigate through their profile picture or name at the top of any SharePoint page, select their Microsoft 365 profile, and access the language and region options through the edit details screen. If working in a local SharePoint environment rather than Microsoft 365, the site collection administrator must first enable additional languages before users can select them, and any language settings changed in Microsoft 365 will override those set directly in SharePoint.

Google Sheets and WordPress can be connected through several methods to streamline content management workflows. A WordPress plugin enables data transfer between the platforms, allowing users to create or update posts automatically when spreadsheet information changes, though this requires a paid business plan and involves technical configuration steps including code handling. Alternatively, users can embed spreadsheet content directly into WordPress pages using iframe links, though this approach raises privacy concerns and offers limited formatting control.

A more efficient solution involves using Zapier, which automates the transfer of content from Google Sheets to WordPress without requiring coding knowledge. This automation proves particularly valuable for writers and content creators who draft articles in spreadsheets before publication, as it eliminates manual copying and pasting whilst maintaining proper formatting. The process involves setting up a trigger that monitors new spreadsheet rows and an action that creates corresponding WordPress posts with customisable settings for categories, images, authors and publication status. Zapier also supports reverse workflows, such as logging published WordPress posts back into spreadsheets for tracking purposes, and can integrate additional steps like AI-generated content enhancement before publication.

Because I have been publishing articles with multiple sections, it has not been that clear when one ends and another starts on pages with more than one being displayed at a time. Thus, I made a slight tweak to the styling to make that clearer: adding box shadows. This has been applied to the welcome header on the front page too, allowing me to tidy up things a little more. After that, I set to sorting out the associated image so that it displays properly. Heading colours got adjusted too in an effort to offer more distinctions between them. The structural clarity was the most important motivation, while the other tweaks freshen things up a little too.

After a period of time with a noticeable slowdown that was frustrating at times, I tried a seemingly irrelevant tweak: changing the nameserver definitions in /etc/resolv.conf to Cloudflare and away from in-house settings. So far, that seems to have helped. Only time will tell if that is not an illusion. If so, I have another option in my mind.

Looking at my visitor numbers now, they really have fallen away from what they once were. In an age when many go to LLM systems for finding information, that is not such a surprise. After all, I do it myself. In fact, it is one of the reasons that I have for retaining a ChatGPT subscription. Those extensive deep dive reports containing hyperlinked information have countless uses.

Here is a gotcha that confused me recently. Having a licence for SAS Analytics Pro on Viya, I was wondering why a Docker container was being spun up for me, especially when there was no feedback. Later, it turned out that the licence file was in the wrong place. Only when I placed it in the sasinside area did everything work as it should. Because licences only get renewed annually, I am adding here as an aide de mémoire for future reference. It is too easy to forget something when you are not doing it every day.

  • The content, images, and materials on this website are protected by copyright law and may not be reproduced, distributed, transmitted, displayed, or published in any form without the prior written permission of the copyright holder. All trademarks, logos, and brand names mentioned on this website are the property of their respective owners. Unauthorised use or duplication of these materials may violate copyright, trademark and other applicable laws, and could result in criminal or civil penalties.

  • All comments on this website are moderated and should contribute meaningfully to the discussion. We welcome diverse viewpoints expressed respectfully, but reserve the right to remove any comments containing hate speech, profanity, personal attacks, spam, promotional content or other inappropriate material without notice. Please note that comment moderation may take up to 24 hours, and that repeatedly violating these guidelines may result in being banned from future participation.

  • By submitting a comment, you grant us the right to publish and edit it as needed, whilst retaining your ownership of the content. Your email address will never be published or shared, though it is required for moderation purposes.

Copyright © 2007-2026, TechnologyTales.com