Rss Bot

One of the main functions of a good logo design is to make your brand recognisable and get it seen. With these criteria in mind, Adidas can pat itself on the back as its distinctive three stripe icon has been recognised as the most shared brand logo across social media platforms. The search for the most-shared logo was conducted by analytics company Brandwatch, which lived up to its name as it used image recognition software to scour various platforms. Adidas breezed into first place, with its logo appearing in 154 unique images every minute. How's that for brand visibility? Trailing behind the clothing brand were the likes of Google, Coca-Cola and Starbucks, while key rival Nike were pipped to the post in second place. The full list of 100 ranked brands also includes Amazon, Facebook, and Microsoft, none of which could break into the top 10. Adidas comfortably outstrips the competition "Brands spend millions plastering their logos across billboards, t-shirts, screens and pretty much any non-listed building," product marketing manager and author of the report, Phill Agnew, told The Drum. "However most businesses have no way to quickly quantify the effectiveness of this expense, or gauge how they're performing against their competitors in real time. Until now." So what's the secret to Adidas' success? Well, thanks to its football involvement, the logo appeared on the kits of sports stars like Cristiano Ronaldo and Alexis Sánchez. As this overlaps with FIFA video games, the Adidas logo managed to break out of its usual domains in a way that is unreachable for brands like Apple and Disney. So if you want to get your logo in front of more people, perhaps a sporting endorsement is the way to go. Related articles: How to create a killer social media campaign Malaysian tourism logo sparks social media furore 10 social media tricks you didn't know about View the full article

Creating a great reading experience online isn't just down to finding the right web font (although, of course, that is important). There are plenty of other factors to consider, from how the text displays on different devices to where it sits on the page. Follow this step by step guide to make sure you get it right. If you're after something more in-depth, take a look at our guide to the rules of responsive web typography. 01. Read the content Meaningful typography starts with one thing: the content. True typographers know this; they’ll always read the book before they start typesetting for it. Unfortunately, it seems that many web designers underestimate the importance of content in a web design process. They will often find excuses in the fact that the website doesn’t exist yet, so there’s no content to work with. When that’s the case, use content that is similar. If you’re designing a website about finance and economics, for example, find an article about that and read it. 02. Choose a typeface based on content Now you have read the content, you’re ready to choose your main typeface. If a website is about technology, but is expected to have medium to long articles, use a typeface that looks a bit modern but is easy to read. If it’s an art gallery portfolio, you can get away with something edgy. Don’t use Lorem Ipsum as placeholder text – it’s a strange form of the Latin language that has nothing to do with your website. Use the content from Step 01, in the language that will be used, and then design around that. 03. Start mobile-first An important step is to design the best reading experience for the screen that’s hardest to design for: mobile. Mobile-first is a fundamentally different approach to web design, in which progressive enhancement is favourable to graceful degradation. Don’t design the best reading experience for desktop screens and then adapt for mobile – or, worse, forget about mobile altogether. Choose a combination of font size and line height that works best on smaller screens. Your starting point should be the agreed-on browser default of 16 pixels. 04. Adapt for large screens Don’t let mobile-first turn into mobile-only. The tools for shaping the best reading experiences for different screens are in place and they should be used. Larger screens are usually further away from readers' eyes so the base font size needs to be larger. 18 pixels is widely considered a good starting point. Don’t forget to limit the width of paragraphs – 60 characters per line is recommended for the best reading experience. The line height needs to be looked at again – 1.4 or 1.5 times the font size is usually best. 05. Use a scale It’s now time to define a range of reusable font sizes based on a scale. The most common way to do that is to use a modular scale. Go to Modular Scale, enter your base font size and choose a scale. It will give you a range of font sizes to choose from. Defining a scale and trying to stick to it adds meaning to font size choices and prevents the chaos that often arises from randomly assigning them instead. 06. Set a baseline grid The next step is to start thinking about other text elements around the body text you should have designed by now (titles, lists, captions, side comments, and so on). To add meaning behind placing these elements on your website, it’s best to use a baseline grid (if don't understand grid theory, now's the time to swot up on that, too). This grid originates from your body text line height. If your line height is 22 pixels, you need a vertical grid based on that. When that is in place, you’re ready to set the sizes and margins of other text elements so they’ll fit inside this grid. This article was originally published in creative web design magazine Web Designer. Buy issue 271 or subscribe. Read more: How to make text render perfectly Typography quiz reveals gaps in letter knowledge 3D fonts: 9 top type tips View the full article

If you're tired of waiting around for hours for renders of your 3D art, you should check out ZBrushCore and its rendering process, Best Preview Render, or BPR. Using it is as simple as pressing the BPR button at the top right of the interface. This produces a high-quality image you can then export. ZBrushCore tends to simplify all of its processes, which is why there aren’t many settings you can tweak in the Render palette. However, since the rendering stage is all about producing a good-looking image of your model with decent image resolution, we need to consider other aspects that affect the render such as the Material type, lighting and shadows. There are two types of materials in ZBrushCore: MatCaps and Standard Materials. The main difference is that the Standard Materials react to the position of the light source, whereas the MatCaps (Material Capture) have the lighting and colour information already baked in. The process of adding or positioning a light is very simple and there’s even a dedicated palette for it. If you choose to use a MatCap, then the effect of the light won’t be visible until you create the render. 01. Camera setup Higher values will produce an exaggerated perspective in the image Before you hit that Render button, you need to choose a camera angle that works for your model. The size of the canvas is the size for the render. With that in mind, go ahead and rotate the model to find a view that you like. Open the Draw palette and use the Angle of View. This is essentially like tweaking a camera lens to change the perspective and how much of the ‘scene’ is captured by the lens. 02. Lighting options The Intensity slider (circled left) makes it possible to alter the strength of each light. You can reduce the Ambient light slider (circled right) to zero, to make the light and shadow effect stronger To start tweaking the light sources, dock the Light palette to the right tray and click the BPR button for a quick render test. Each switch with a lightbulb represents a light, and by default there’s only one enabled. Click the thumbnail with the sphere to move the yellow dot around: this represents the position of the light. Do another quick BPR test so you can see the difference. 03. Shadow properties If the shadow on the floor looks cut off, try increasing the size of the floor grid from the Draw palette The PBR Shadows slider will determine how sharp or soft the cast shadows will be. A higher value will create smoother shadows, but you might need to increase the number of Rays to avoid artefact. You will only see the effect of changing the Shadows slider after running a quick BPR test. Turning the Floor off before rendering enables you to render without casting shadows on to the floor. 04. Material options To remove an assigned material, assign the Flat Color material first. You can also click the Brush icon from the Subtool list to turn the assigned polypaint and material on or off To select a different material, choose it from the Material palette or the Material thumbnail at the left of the UI. If you have multiple subtools and you want different materials between subtools, you need to assign the materials. Turn on the M switch at the top of the interface and make sure the RGB one is off. Then go to the Color Palette, and click the FillObject button. Now if you select a different material, you’ll see that the object you just ‘filled’ stays with the previous material. 05. Render and export You can change the background colour before rendering from the ‘back’ swatch in the Document palette. Increasing the value of the SPix slider in the render Palette will create smoother edges Finally, once you’ve chosen your camera angle, tested your light position, tweaked shadow properties and assigned your materials, it’s time to render your image. Fortunately, we’ve done all the heavy lifting and the rendering process just involves pressing the BPR button and waiting while ZBrushCore does its thing. If you’re happy with the result, go to the Document palette, click the Export button and save your render as a PSD file. This article was originally published in issue 158 of ImagineFX, the world's best-selling magazine for digital artists. Subscribe to ImagineFX here. Related articles: Model an alien pirate creature in ZBrush How to digitally sculpt in ZBrushCore How to sculpt convincing eyes in ZBrush View the full article

Adobe has set the standard for photo editing and so much more with Photoshop. You can take your work to the next level by learning to use this powerful tool from Adobe by learning from professionals with the Complete Photoshop Mastery Bundle. You can get this collection of expert-taught lessons on sale now for $29 (approx. £21)! Photoshop is a powerful app that can be overwhelming when you're first learning it. This bundle will take away your fears by teaching you every detail of the app that you need to know so that you can master every aspect of it. You'll get access to 8 courses packed with 214 lessons, each offering you actionable information that will teach you how to master lighting effects, create cinematic gradients, colour black and white photos and much, much more. The Adobe Photoshop and Editing Mastery Bundle is valued at $1,210. You can get it on sale right now for 97% off the retail price. That means you pay just $29 (approx. £21) an amazing amount of saving on a course every photographer will love, so grab it today! Related articles: The 40 best Photoshop plugins 5 best laptops for Photoshop The 10 commandments of Photoshop etiquette View the full article

You're reading Website Design Examples for ICO Campaigns, originally posted on Designmodo. If you've enjoyed this post, be sure to follow on Twitter, Facebook, Google+! Cryptocurrency, blockchain, ICO. Do these words sound familiar to you? If so, then you probably have some crypto cash in a digital wallet. It is safe to say that despite all the recent falls and bans, cryptocurrency is still popular. … View the full article

3D programs can help when you need to add structures to an existing image or painting When working out how to draw a new piece, preparation is key. An important thing I always consider when starting a new illustration is the overall composition. It helps to make up your mind about where the big shapes in your image will go. Adding building structures and an Imperial shuttle to a mountain ridge can significantly change your composition, so be aware of the traps you can get caught in, and keep a close eye on how the image changes when you start introducing new shapes to your artwork. 31 brilliant Blender tutorials It can save you time if you work with a 3D program such as Blender or Modo, in which you can create a backdrop of your mountain ridge and then quickly block out the big shapes of your structures in front of it. That way you can create 3D art with maximum control over the scale and placement of each individual part. Furthermore, it becomes quick and easy to duplicate and move parts around to build up your image. I see it like a big puzzle, and when everything falls into place I sort of feel it 'click'. Afterwards, I drag my renders into Photoshop, ready for painting. If you've set up your camera in your 3D software correctly, then the structures should fit into your mountain ridge perfectly. 01. Map it out When starting a new painting, make an effort to focus on the big shapes and how they relate to each other. When shapes recede into the distance they become lighter, so try to place layers of shapes on top of each other to give your scene a sense of distance. 02. Block out in 3D Once I'm satisfied with the composition I start blocking out the structures in 3D. After that I drag and drop them into Photoshop, and try to separate the buildings according to the layer of rock they're place upon. This makes it easier to add details to them later on. 03. Focus on light and colour Finally, I focus on the lighting and colour scheme, and start to detail everything. By using a large Soft brush on an Overlay layer you can quickly bathe an image in light and make a certain area feel especially warm or cold. All that's left now is to add little lights and we're done! This article originally appeared in ImagineFX, the world's best-selling magazine for digital artists. Subscribe here. Like this? Read these... 60 amazing Illustrator tutorials Stunning trailer shows what Star Wars might have been 120 Photoshop tips, tricks and fixes View the full article

A glitch caused Twitter passwords to be stored in plain text on an internal log. View the full article

The malware targets Windows servers with a cornucopia of well-known exploits, all within a single executable -- including the EternalBlue NSA hacking tool. View the full article

Florida-based phone maker BLU is facing an FTC complaint over allegations it shared detailed personal user data with a third-party firm that included full text messages, call logs and contact lists. View the full article

Bad actors are leveraging the critical Drupal vulnerability to install cryptomining malware on servers and browsers, View the full article

Here's a fun font that will have you joyfully flailing your arms in the air like the famous amphibian muppet. Meet Kernit, a free font set inspired by the work and characters of the legendary muppet master himself, Jim Henson. Nope, that's not a typo, Kernit gets its name from a witty mashup of Kermit the Frog and kerning. But then again you probably figured that out for yourself. (It took us a couple of passes before we noticed it, ahem.) Developed by independent brand experience company COLLINS and MCKL, Kernit was created to capture the sense of fun and whimsy that Henson's world has become know for. According to the designers, "it was also inspired by the bold, playful, rounded typography of the late seventies, which was so apparent in much of the Henson work." Available in two weights, Kernit Bold and Kernit Outline, the retro fonts are deisgned to be used interchangeably to give your layouts and lettering some visual rhythm. Check out Kernit in action below. Kernit was developed as part of an exploration of the Jim Henson Exhibition Kernit was developed as part of COLLINS' design exploration for The Jim Henson Exhibition at The Museum of the Moving Image in New York. By immersing themselves in Henson's work, including classics productions such as Dark Crystal, the COLLINS team were able to really get a handle on what it takes to make a font fit for the creator. Download Kernit for free here. Related articles: 20 perfect font pairings 9 golden rules for combining fonts 12 professional fonts for designers View the full article

Attackers can leverage the flaw by convincing users to open a file purported to be a recording of a past WebEx event. View the full article

Any Android owners who feel a sense of competition with their iPad-wielding counterparts may be slightly irked that SketchBook 4.0 is only appearing on their platform months after it launched on iOS. But set any irritation aside, and you’ll discover a compelling update with features artists looking for Android apps will appreciate. Chief among these is a revamped user interface that stays out of your way as you work. It vanishes if your brushstrokes veers near one of its tool panels, and many interface elements are reduced in scale. This makes some controls, like the drawers for adjusting Brush size and Opacity, a little fiddly to access, however. Tap near the centre-bottom of the screen, meanwhile, and a menu with shortcuts appears. Complicated pricing When you first install SketchBook, it’s the Free edition, with limited functionality but no time limit on how long you can use it. To unlock the full toolset, you have two options: you can either spend £4.09 on the Pro Tools in-app purchase, which gives you the tools only within the Android app; or get an annual SketchBook subscription (£4.09 a month or £24.99 a year). The subscription must be renewed each year, unlike the in-app purchase, but you get access to the full tools on the versions of SketchBook for Windows, Mac and iOS as well as Android. Shibuya Race was created by artist Ryohei Yamashita using SketchBook Bear in mind that the desktop computer editions don’t offer the one-off purchase option, only the subscription, so if you plan to use SketchBook on either Windows or Mac as well as Android, you may as well forget the in-app purchase and commit to the subscription instead. With all these complicated buying options, it’s worth mentioning first that the Android app smoothly recognises your subscription when you first log in on the app; and second that once you’ve logged in, the app keeps all the Pro Tools active even if your tablet isn’t connected to the internet. New features The main differences your upgrade awards are customisable canvas sizes; dozens more brushes, including a Inking brush with a pleasing line quality; a limit to the number of layers dictated by your device’s memory rather than the Free version’s miserly three layers; the ability to make selections and masks; and unlimited Undos. You also get access to more drawing tools, including rulers and fills. SketchBook's user interface is much improved We also like the Predictive Stroke mode, which tidies up your line after you draw it. It’s a real boon for digital inkers, and you can adjust the extent to which your lines will be altered. This release brings SketchBook for Android up to speed with other versions and maintains the software’s reputation as a quality, unobtrusive drawing tool. Perhaps more importantly for patient Android owners, the under-the-bonnet changes should see more contemporaneous updates across all SketchBook versions in the future. This article was originally published in ImagineFX issue 158, the world's best-selling magazine for digital artists. Subscribe now. Read more: 95 tutorials on how to draw View the full article

Jessica Walsh is well-established in the design world. Not only is she a partner at one of the top 20 US design studios of 2018 Sagmeister & Walsh, she's also very well known for saying how it is, something which is evident from her handwritten #jessicawalshhasnofilter posts on Instagram. Now taking her thoughts and feelings one step further, Walsh has launched new project Sorry I Have No Filter – a merchandise website full of straight-talking designs, including jackets, tees, socks, pins, pillows, mugs, iPhone cases and more. Sorry I Have No Filter is a new merchandise site, full of straight-talking product designs "I started Sorry I Have No Filter as a written Instagram series of thoughts I was thinking in my head over five years ago," says Walsh. "I've realised many of my own feelings and insecurities are largely universal, and, through this, gained quite a bit of confidence. "I've learned to let go of expectations, live life on my own terms and stop caring so much about what others think of me. There are so many external pressures on women to live, act, look, smile a certain way, and I am just over it all. "My sister calls this my 'I don't give a fuck' attitude. This was part of the inspiration of the Sorry I Have No Filter site being a middle finger. It's 2018 and women should just be and behave and act however they want – and we should support each other in our own individual paths and ways of expressing ourselves." Ladies, Wine & Design Ladies, Wine & Design aims to foster women in the creative industries Sorry I Have No Filter follows on from Walsh's earlier endeavour, the popular Pins Wont Save the World, 100 per cent of the donations from which went directly to charities under threat as a result of Trump's administration. But now proceeds are shifting to Ladies, Wine & Design, an initiative Walsh set up that aims to foster women in the creative industries. "Our initiative is to mentor, champion, and foster creative women through free global events such as talks, salon nights, mentorship circles, and more. Our goal through LWD is to bring women together to form positive relationships so we can lift each other up, share resources and inspiration, and help propel each other forward," explains Walsh. You'll find more information on Ladies, Wine & Design and upcoming events via its new LWD website and Instagram page. Related articles: 12 tips to turbocharge your design career How to get to the top spot of a global creative agency 10 best portfolio templates for designers View the full article

It seems like there is another website or service being compromised by hackers every day. When that happens, your passwords and personal information can be put at risk. Dashlane Password Manager is one of the best tools around to keep you safe when those breaches happen. Get a 1-year subscription on sale now for 50 per cent off the retail price! Dashlane is the perfect solution to the extremely common problem of insecure passwords. We all know what a secure password requires, but few of us take the time to make unique ones for each and every account. With Dashlane, you won’t need to remember those long, complicated strings of letters and numbers just to make your account secure. This premium service fills in forms so you don’t have to, and gives you access to your accounts on any device. That means you can access your passwords anytime you need them. You can get a one-year subscription to Dashlane on sale for just $19.98 (approx. £15). That's a saving of 50 per cent off the retail price for a tool that will make sure your passwords are always safe and secure, so grab this deal today! Related articles: 9 security tips to protect your website from hackers Send large files: 11 free tools Download images securely with a VPN View the full article

Adobe Capture CC is a fantastic app that enables you to find fonts and colours simply by taking a photo. You may be wondering what fonts have been used in your favourite magazine, for example, or you may wish to take colour references from an object or scenery. In this article we'll run through three ways to get the most from Capture CC. You can find the app on the iOS App Store or Google Play. Get Adobe Creative Cloud 01. Find colours from a photo Create a colour palette based on a photo From the Colors tab within the app, simply tap the ‘+’ button and point the camera towards the object or scenery you wish to capture. You will see that the app is already working at finding popular colours. Once you’re happy with your arrangement, take the photo and refine it further. You can proceed to save your captured colours to a library, picking them back up and using them in other Adobe tools. 02. Identify fonts Identify any typeface You can also use Capture CC to identify the fonts that have been used in a printed design, or find closely matched fonts. Head over to the Type tab within the app and direct the camera over the typography you wish to capture. There will be a blue line to help you with alignment. Once you have the typography in view, take the photo and then make sure the app has cropped the text correctly. Press the big tick and let Adobe analyse the image. Once it has finished analysing, it will provide you with a list of best matched fonts within Adobe Typekit that you can then go on to use. 03. Create a shape Turn images into vector shapes Finally, you can use Capture CC to create vector shapes. Shape is a very useful feature for a number of reasons. It’s a great way of vectorising an object so that you can play around with it further in Illustrator. For example, you may wish to vectorise a signature or perhaps some freehand typography. It’s great for capturing elements that are just easier to draw with pen and paper. Read more: 7 tips to manage colour better on the web 5 tips for understanding colour theory The best colour tools for web designers View the full article

You may not think your site has anything worth being hacked for, but websites are compromised all the time. The majority of website security breaches are not to steal your data or mess with your website layout, but instead attempts to use your server as an email relay for spam, or to set up a temporary web server, normally to serve files of an illegal nature. Other very common ways to abuse compromised machines include using your servers as part of a botnet, or to mine for Bitcoins. You could even be hit by ransomware. Hacking is regularly performed by automated scripts written to scour the internet in an attempt to exploit known website security issues in software. Here are our top nine tips to help keep you and your site safe online. 01. Keep software up to date It may seem obvious, but ensuring you keep all software up to date is vital in keeping your site secure. This applies to both the server operating system and any software you may be running on your website such as a CMS or forum. When website security holes are found in software, hackers are quick to attempt to abuse them. If you are using a managed hosting solution then you don't need to worry so much about applying security updates for the operating system as the hosting company should take care of this. If you are using third-party software on your website such as a CMS or forum, you should ensure you are quick to apply any security patches. Most vendors have a mailing list or RSS feed detailing any website security issues. WordPress, Umbraco and many other CMSes notify you of available system updates when you log in. Many developers use tools like Composer, npm, or RubyGems to manage their software dependencies, and security vulnerabilities appearing in a package you depend on but aren't paying any attention to is one of the easiest ways to get caught out. Ensure you keep your dependencies up to date, and use tools like Gemnasium to get automatic notifications when a vulnerability is announced in one of your components. 02. Watch out for SQL injection SQL injection attacks are when an attacker uses a web form field or URL parameter to gain access to or manipulate your database. When you use standard Transact SQL it is easy to unknowingly insert rogue code into your query that could be used to change tables, get information and delete data. You can easily prevent this by always using parameterised queries, most web languages have this feature and it is easy to implement. Consider this query: If an attacker changed the URL parameter to pass in ' or '1'='1 this will cause the query to look like this: Since '1' is equal to '1' this will allow the attacker to add an additional query to the end of the SQL statement which will also be executed. You could fix this query by explicitly parameterising it. For example, if you're using MySQLi in PHP this should become: 03. Protect against XSS attacks Cross-site scripting (XSS) attacks inject malicious JavaScript into your pages, which then runs in the browsers of your users, and can change page content, or steal information to send back to the attacker. For example, if you show comments on a page without validation, then an attacker might submit comments containing script tags and JavaScript, which could run in every other user's browser and steal their login cookie, allowing the attack to take control of the account of every user who viewed the comment. You need to ensure that users cannot inject active JavaScript content into your pages. This is a particular concern in modern web applications, where pages are now built primarily from user content, and which in many cases generate HTML that's then also interpreted by front-end frameworks like Angular and Ember. These frameworks provide many XSS protections, but mixing server and client rendering creates new and more complicated attack avenues too: not only is injecting JavaScript into the HTML effective, but you can also inject content that will run code by inserting Angular directives, or using Ember helpers. The key here is to focus on how your user-generated content could escape the bounds you expect and be interpreted by the browser as something other that what you intended. This is similar to defending against SQL injection. When dynamically generating HTML, use functions that explicitly make the changes you're looking for (e.g. use element.setAttribute and element.textContent, which will be automatically escaped by the browser, rather than setting element.innerHTML by hand), or use functions in your templating tool that automatically do appropriate escaping, rather than concatenating strings or setting raw HTML content. Another powerful tool in the XSS defender's toolbox is Content Security Policy (CSP). CSP is a header your server can return which tells the browser to limit how and what JavaScript is executed in the page, for example to disallow running of any scripts not hosted on your domain, disallow inline JavaScript, or disable eval(). Mozilla has an excellent guide with some example configurations. This makes it harder for an attacker's scripts to work, even if they can get them into your page. 04. Beware of error messages Be careful with how much information you give away in your error messages. Provide only minimal errors to your users, to ensure they don't leak secrets present on your server (e.g. API keys or database passwords). Don't provide full exception details either, as these can make complex attacks like SQL injection far easier. Keep detailed errors in your server logs, and show users only the information they need. 05. Validate on both sides Validation should always be done both on the browser and server side. The browser can catch simple failures like mandatory fields that are empty and when you enter text into a numbers only field. These can however be bypassed, and you should make sure you check for these validation and deeper validation server side as failing to do so could lead to malicious code or scripting code being inserted into the database or could cause undesirable results in your website. 06. Check your passwords Everyone knows they should use complex passwords, but that doesn’t mean they always do. It is crucial to use strong passwords to your server and website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts. As much as users may not like it, enforcing password requirements such as a minimum of around eight characters, including an uppercase letter and number will help to protect their information in the long run. Passwords should always be stored as encrypted values, preferably using a one way hashing algorithm such as SHA. Using this method means when you are authenticating users you are only ever comparing encrypted values. For extra website security it is a good idea to salt the passwords, using a new salt per password. In the event of someone hacking in and stealing your passwords, using hashed passwords could help damage limitation, as decrypting them is not possible. The best someone can do is a dictionary attack or brute force attack, essentially guessing every combination until it finds a match. When using salted passwords, the process of cracking a large number of passwords is even slower as every guess has to be hashed separately for every salt + password which is computationally very expensive. Thankfully, many CMSes provide user management out of the box with a lot of these website security features built in, although some configuration or extra modules might be required to use salted passwords (pre Drupal 7) or to set the minimum password strength. If you are using .NET then it's worth using membership providers as they are very configurable, provide inbuilt website security and include readymade controls for login and password reset. 07. Avoid file uploads Allowing users to upload files to your website can be a big website security risk, even if it’s simply to change their avatar. The risk is that any file uploaded, however innocent it may look, could contain a script that when executed on your server, completely opens up your website. If you have a file upload form then you need to treat all files with great suspicion. If you are allowing users to upload images, you cannot rely on the file extension or the mime type to verify that the file is an image as these can easily be faked. Even opening the file and reading the header, or using functions to check the image size are not foolproof. Most images formats allow storing a comment section that could contain PHP code that could be executed by the server. So what can you do to prevent this? Ultimately you want to stop users from being able to execute any file they upload. By default web servers won't attempt to execute files with image extensions, but don't rely solely on checking the file extension as a file with the name image.jpg.php has been known to get through. Some options are to rename the file on upload to ensure the correct file extension, or to change the file permissions, for example, chmod 0666 so it can't be executed. If using *nix, you could create a .htaccess file (see below) that will only allow access to set files preventing the double extension attack mentioned earlier. Ultimately, the recommended solution is to prevent direct access to uploaded files altogether. This way, any files uploaded to your website are stored in a folder outside of the webroot or in the database as a blob. If your files are not directly accessible you will need to create a script to fetch the files from the private folder (or an HTTP handler in .NET) and deliver them to the browser. Image tags support an src attribute that is not a direct URL to an image, so your src attribute can point to your file delivery script providing you set the correct content type in the HTTP header. For example: Most hosting providers deal with the server configuration for you, but if you are hosting your website on your own server then there are few things you will want to check. Ensure you have a firewall setup, and are blocking all non essential ports. If possible setting up a DMZ (Demilitarised Zone) only allowing access to port 80 and 443 from the outside world. Although this might not be possible if you don't have access to your server from an internal network as you would need to open up ports to allow uploading files and to remotely log in to your server over SSH or RDP. If you are allowing files to be uploaded from the Internet only use secure transport methods to your server such as SFTP or SSH. If possible have your database running on a different server to that of your web server. Doing this means the database server cannot be accessed directly from the outside world, only your web server can access it, minimising the risk of your data being exposed. Finally, don't forget about restricting physical access to your server. 08. Use HTTPS HTTPS is a protocol used to provide security over the Internet. HTTPS guarantees that users are talking to the server they expect, and that nobody else can intercept or change the content they're seeing in transit. If you have anything that your users might want private, it's highly advisable to use only HTTPS to deliver it. That of course means credit card and login pages (and the URLs they submit to) but typically far more of your site too. A login form will often set a cookie for example, which is sent with every other request to your site that a logged-in user makes, and is used to authenticate those requests. An attacker stealing this would be able to perfectly imitate a user and take over their login session. To defeat these kind of attacks, you almost always want to use HTTPS for your entire site. That's no longer as tricky or expensive as it once was. Let's Encrypt provides totally free and automated certificates, which you'll need to enable HTTPS, and there are existing community tools available for a wide range of common platforms and frameworks to automatically set this up for you. Notably Google have announced that they will boost you up in the search rankings if you use HTTPS, giving this an SEO benefit too. Insecure HTTP is on its way out, and now's the time to upgrade. Already using HTTPS everywhere? Go further and look at setting up HTTP Strict Transport Security (HSTS), an easy header you can add to your server responses to disallow insecure HTTP for your entire domain. 09. Get website security tools Once you think you have done all you can then it's time to test your website security. The most effective way of doing this is via the use of some website security tools, often referred to as penetration testing or pen testing for short. There are many commercial and free products to assist you with this. They work on a similar basis to scripts hackers in that they test all know exploits and attempt to compromise your site using some of the previous mentioned methods such as SQL Injection. Some free tools that are worth looking at: Netsparker (Free community edition and trial version available). Good for testing SQL injection and XSS OpenVAS Claims to be the most advanced open source security scanner. Good for testing known vulnerabilities, currently scans over 25,000. But it can be difficult to setup and requires a OpenVAS server to be installed which only runs on *nix. OpenVAS is fork of a Nessus before it became a closed-source commercial product. SecurityHeaders.io (free online check). A tool to quickly report which security headers mentioned above (such as CSP and HSTS) a domain has enabled and correctly configured. Xenotix XSS Exploit Framework A tool from OWASP (Open Web Application Security Project) that includes a huge selection of XSS attack examples, which you can run to quickly confirm whether your site's inputs are vulnerable in Chrome, Firefox and IE. The results from automated tests can be daunting, as they present a wealth of potential issues. The important thing is to focus on the critical issues first. Each issue reported normally comes with a good explanation of the potential vulnerability. You will probably find that some of the medium/low issues aren't a concern for your site. There are some further steps you can take to manually try to compromise your site by altering POST/GET values. A debugging proxy can assist you here as it allows you to intercept the values of an HTTP request between your browser and the server. A popular freeware application called Fiddler is a good starting point. So what should you be trying to alter on the request? If you have pages which should only be visible to a logged in user then try changing URL parameters such as user id, or cookie values in an attempt to view details of another user. Another area worth testing are forms, changing the POST values to attempt to submit code to perform XSS or uploading a server side script. Related articles: How to make it in the web design industry 18 great examples of WordPress websites The 10 best HTML5 template designs View the full article

Google, Microsoft, security researchers and hacking groups have lined up to protest the bill, which would criminalize unauthorized computer access. View the full article

It's almost 30 years since Katsuhiro Otomo's Akira was released in Japan on 16 July 1988. Otomo's epic animated tale of teenage biker gangs and rampant genetic mutations in post-apocalyptic Neo-Tokyo took another three years to make it to the West, but once it arrived it quickly became a cult hit and is largely responsible for bringing the word 'manga' to Western vocabularies. How to colour your manga art like a pro Akira's notable for its insanely smooth and detailed hand-drawn animation, giving it an almost CG look years before actual CG animation became the norm. And while talk of a live action remake of Akira keeps cropping up, so far it's yet to materialise. So for now we'll just have to make do with Awaken Akira, an amazing CG tribute created by a couple of dedicated Akira fans, Ash Thorp and Zaoeyo (XiaoLin Zeng). Awaken Akira only lasts a minute – and that's including the credits – but it's a glorious taster of a dream Akira remake that we'd love to see in full. It took Thorp and Zaoeyo a year to make, fitting in work on it between other commitments, and demonstrates a similar attention to detail to that which you'll see in the original animated film. Tetsuo! Awaken Akira comes across like a teaser trailer or taster reel; rather than replicate action from the film, it instead recreates a selection of key shots from the film in CG, focusing on locations and items rather than the characters. It does an incredible job of conjuring up the flavour and atmosphere of Otomo's iconic original, and the enterprise is lent further impact with a score by Pilotpriest that echoes the original soundtrack superbly. If you're keen to see how Thorp and Zaoeyo did it, they've thoughtfully collected a number of their processes into a YouTube playlist, showcasing and explaining their techniques over the course of 26 in-depth videos. Kaneda! The sheer amount of work that's gone into creating this minute of video gives you a whole new appreciation of the effort that Katsuhiro Otomo and his team must have put into animating the original film. It's a beautiful love letter to an animated classic, and even if it's all over just a little too quickly, it's just the incentive to dig out your DVD or Blu-Ray and watch the original again. Enjoy! How to draw manga characters The 27 greatest animated music videos 6 manga artists to watch out for View the full article

Researchers found a critical remote code execution vulnerability afflicting two Schneider Electric products that could give attackers to disrupt or shut down plant operations. View the full article

We've all become used to having decent type online these days thanks to web fonts, but if you're a web designer without a background in typography, you might be unaware of some of the lesser-known features of your fonts that can really help bring your website layout to life. Better web typography in 13 simple steps Now, though, there's a free tool online that makes it easy to unlock your fonts' full potential. It's called Wakamai Fondue and it's designed to answer the question, 'What can my font do?' Geddit? It's the work of Dutch developer Roel Nieskens, and it's incredibly simple to use. Simply go to the the Wakamai Fondue site, drag a font onto its big circle (or just click the circle to upload a font instead), and it'll tell you all about the font's features that you probably didn't know about. So, if your favourite font has a whole load of extra glyphs, ornaments and ligatures that you weren't aware of, this is the perfect way to find out about them. And more than that, Wakamai Fondue helps you use all these features online. How well do you really know your fonts? As well as a summary of the font's details, its features and character set, Wakamai Fondue also provides you with all the CSS you'll need to take advantage of your font's features in your web projects. Simply download the auto-generated stylesheet and you'll be able to unlock a load of layout features that you might not have realised existed. Wakamai Fondue reveals your fonts' hidden features and gives you the CSS to use them It's the perfect way to help pump up your web designs with extra print design flair, and used wisely, these extra features will make your pages not only easier on the eye, but more readable, too. Combine your newly found font features with the wisdom in these typography tutorials and you'll soon be able to take your web layouts to the next level. Related articles: 5 web typography trends to look out for The rules of responsive web typography 4 top typography tools for web designers View the full article

There's no denying Debbie Millman is a big name in the branding world. She served as president of Sterling Brands for 20 years, working on major household names like Burger King and Häagen-Dazs, she also co-founded the world's first graduate branding course. However, in her talk at D&AD Festival, she said that working in the branding industry made her feel like her "soul was withering away". We caught up with her afterwards to find out what made her feel this way – and the shake-up in the industry that means she's much more optimistic for the future. Millman helped launched the world's first graduate branding course "I wouldn't say it was a negative experience, it was just a complicated experience because it was all very commercial and I'm also an artist," Millman explains. "I felt the artist in me was dying.” When we ask if she thinks the situation has changed or improved, she mentions a new branding trend that she's excited about, and which is less to do with profit margins and more to do with positive change. Branding has become democratised... It’s something people can use to create symbols to signify change and movements and options Debbie Millman “Branding has become democratised,” she smiles. “I believe that branding is no longer relegated to the consultants and the marketers. It’s something that people can use to create symbols to signify change and movements and options.” While branding has always been created and controlled by professionals, now regular people have started taking back control and adopting it for their own – non-commercial – causes. A pivotal moment was the terrorist attacks in Paris. Artist Jean Julien created a pictorial tribute ‘Peace for Paris’, which combined the Eiffel Tower and the peace symbol. He shared it on Instagram with the accompanying hashtag #jesuisparis, it gained momentum and became almost the official symbol of the attacks, with thousands of others sharing it in solidarity. The repost on Instagram’s official feed gained over 1.5 million Likes. Jean Jullien's Peace for Paris became a symbol of solidarity with the victims of the attacks Other terrorist attacks saw similar behaviour, and then came Black Lives Matter, Time’s Up and #MeToo. “What I consider to be one of the biggest and most important brands of our time was created right after the election and came to global prominence by March 2017, which was the pink pussy hat,” says Millman. “You know: it’s a colour and a shape – all the tangible, tactical requirements of a great brand.” A brand called you There's another side of branding that has been on the rise recently: the idea of a 'personal brand'. Millman herself offers a course on CreativeLive entitled A Brand Called You – but it's not quite what it seems. “It’s called a Brand Called You with a bit of a nod and a wink. I have very, very strong feelings about people as brands," she says. "Brands are manufactured meaning. We create a mark to symbolise something else. It’s created, it’s manufactured, it’s constructed. People, I believe, shouldn’t aspire to be brands, because otherwise you’re manufacturing a personality and a persona.” To position yourself as a brand is to eliminate the richness and the character of what it means to be human Debbie Millman While launching a brand to represent your style is fine (a range of dishware, for example), when designers take that one step further and become the brand themselves, with brand attributes they must adhere to, is where things get dangerous, says Millman. Somewhere along the line, the designer will invariably end up doing something off-brand, and it will all fall apart. “There are aspects of branding that can help you create a broader dialogue with the public so they might understand your point of view or your style," Millman explains. "But to position yourself as a brand is to eliminate the richness and the character of what it means to be human.” Millman spoke at 2018's D&AD Festival about her complicated relationship with branding Rather than suggesting its students become a ‘brand’, Millman's course aims to teach confidence and how to network, so that students can position themselves where they want to be within the marketplace and have as meaningful a job as possible. Millman noticed that while students are taught a lot of useful processes and theories – typography, kerning, colour theory, layout and so on – there’s not a lot on how to get a job or how to talk about your work and present ideas. “I believe that who you are and what you believe is as important as your portfolio,” she says. Tomorrow's branding trends Millman's CreativeLive course is an extension of the class she teaches at the School of Visual Arts in NYC; part of the branding programme she launched in 2009 with Steven Heller and still a big part of her life. While branding may have been a cynical place when Millman was working in that sphere, the attitudes of her students today are a cause for optimism. “It’s almost uncanny how consistent the students are now about wanting to make things to help improve the world, and it’s really really exciting,” she smiles. “As I see the new generation coming up through the ranks, I’m very very optimistic that we’re in good hands. That we have people who will be the leaders of tomorrow who are really really clear about their priorities and doing things and making things and contributing things that make this planet better as opposed to worse. There’s still obviously a need to make money, but it’s far less selfishly capitalistic than it once was.” More from D&AD 2018: How to create amazing infographics How to get to the top spot of a global creative agency Video exclusive: How to break the rules on Instagram View the full article

Adding in some convincing characters has always been the best way to make any 3D art scene come to life. Architectural visualisation especially can really benefit from adding crowds of people to a walkthrough or still in order to help sell a design. Unfortunately, up until recently, the disciplines for creating a convincing 3D scene and rigging human characters have been quite difficult, especially when crowds or a street scene are involved. Then when it comes to animating, making sure the characters do not bump into each other can be yet another chore, especially when the 3D software does not have any bespoke crowd or character tools. Buy Anima 3 here Luckily, the crowd animation software Anima from AXYZ Design has been through a rapid upgrade path over the past couple of years. And with Anima 3, the team have added more refinements and improvements rather than simply reinventing the wheel. Populate your 3D scene with people in a couple of clicks with Anima 3 Anima removes most of the headache of adding people to existing 3D scenes. The main workflow of Anima is unchanged: load in a model of a scene into Anima 3, and then draw paths of where the people (or actors) are to go. The parameters of the path, such as width and directions, are easily adjusted. Anima can then populate them with a user-defined number of actors, which can be adjusted as and when required. Anima has great granular control with direction, with speed and type of walk cycle all adjusted on each individual actor by selecting them in the viewport. Anima 3’s sophisticated AI converts an actor’s walk cycle to make sure no characters walk into each other on the fly It is really satisfying to create a populated scene in a couple of clicks, using traffic lights to manage road crossings alongside seating animations to create a sophisticated population – for anything from a street scene to the crowd in a sports stadium. Things get even better when Anima 3’s sophisticated AI converts an actor’s walk cycle to make sure no characters walk into each other on the fly. Each actor can also be posed and duplicated to make new actors in the editing mode window, and turned from a standing to a running or sitting actor using the Motion Clips Library or from a predefined list in the main scene view. Unreal Engine 4 support Anima 3 supports Unreal Engine through a bespoke plugin alongside Cinema 4D and 3ds Max The primary change in version 3 is Anima stepping out from a perceived focus on architectural visualisation, allowing the software to become the basis of many character requirements across a range of disciplines. The big clue to this addition is Unreal Engine 4 support, which allows Anima 3 to integrate with the game engine and add actors to Unreal levels without having to animate them in Unreal itself. This is great news for archviz specialists who are looking to make the move to real-time visualisation and potentially VR, as one Anima project can now work with 3ds Max, Cinema 4D and now Unreal Engine, creating efficiencies for visualisations across a range of different formats. While Anima does export its characters in a wide range of formats, the plugin integration is still the best way to go in terms of raw performance and ease of use. Anima does a good job of suiting every artist, from those who need to populate either a still or animation with people quickly, to those who really want to dive deep into the animations and character modifications. To integrate Anima into studio pipelines and other applications, an API toolset is available as well. New PBR textures on the actors within Anima 3 work great with first and third- party render solutions Anima 3 feels a lot more refined than the previous version, although the UI still takes a bit of getting used to. All of the major controls are intuitive, with responsiveness and viewport speed much improved. Adding paths and tools such as escalators is much easier than before, and snapping elements to one another to create complex systems of integration is much more logical and intuitive. All the actor models when exported use PBR shading, making it easier than ever before to work with a variety of render engines and maintain the same look. The character models do look excellent and the motion cycles have also been refined. And if the models that come with Anima are not enough, there is a large online library that can be accessed and purchased directly from within Anima 3. AXYZ Design’s Metropoly characters can also be purchased and imported into Anima 3. For new users, Anima 3 is still a bargain for anyone wanting sophisticated characters within their scene, and there's a free upgrade for any user whose licence-free update period is still active. Buy Anima 3 here Also read: 5 pieces of killer hardware every 3D artist will crave This article originally appeared in 3D World issue 232; subscribe here. View the full article

Directors and film experts know how to make the most difficult shots look effortless. Don't let that fool you, it takes a lot of know-how to capture the perfect shot. You can learn how to make the most of your resources by studying the Videography Bootcamp, on sale now for just $39 (approx. £29). When you get your hands on the Videography Bootcamp, you'll have access to the tips and tricks industry experts took years to learn. There are lessons here for every level of filmmaker. You'll learn how to make the most of your DSLR camera, how to utilise tools like drones and green screens, cinematographic tricks, and how to film like a pro. Work your way through over 33 hours of content, spread over eight professionally-taught courses and you'll see your work improve right in front of your eyes. You can get the Videography Bootcamp on sale now for just $39 (approx. £29). That's a savings of 97 per cent off the retail price for a course packed with must-have filmmaking knowledge, so grab this deal today! View the full article

Great design is (rarely) created in isolation. Like it or not, taking criticism from others is a big part of a designer's life – whether it's coming from your boss, your clients, or your peers. However, with the right attitude, this feedback can help you hone your craft and improve your work, and your design portfolio. Here are some top tips for using criticism as fuel for your creative process. 
01. Get opinions early Us creatives can be pretty delicate when it comes to our work and ideas. If we're honest with ourselves, most of the time when we let others in on our latest pet project we're hoping to be showered with praise, dubbed a 'genius' and carried off into creative superstardom on a wave of positivity. This need for positive reinforcement can all too often cause us to lock ourselves away in our studios, polishing and polishing our ideas until we feel ready to unleash them onto the world. This tendency can, however, set us up for a fall. If you've spent weeks polishing an idea in secret, you're in for shock if someone you respect isn't as impressed by the idea as you are when you finally stump for the big reveal. By actively seeking an outside perspective soon after ideas emerge – casting our 'darlings' into the cold light of day early on – we can save ourselves a lot of time and pain later, and this can help soften the blow when we realise we've been polishing a turd. As much as we might, deep down, want to impress with our ideas, we should remember we can actually develop our thinking rapidly and radically with a few simple conversations. 02. Listen hard It's easy to go into defensive mode when we open up our ideas to the scrutiny of others. When feedback starts flying at you, there's a natural creative reaction to put your mind into overdrive with rebuttals that will keep the concept alive. But by letting your mind think up a response, you're not really allowing it to listen. There's little use in asking for input, if you're not going to take it in. Instead of priming yourself for debate, really listen to what is being said without thinking about what that means for you or the idea – you can mull that over later. 03. Remember it's not personal Just because someone doesn't like your idea, doesn't make you a failure. In fact, most successful innovators came up with a lot of 'wrong' ideas before they hit on the game-changer. The trick is to not to get too down about negative feedback, and rather use it as a catalyst to push yourself and your ideas further. 04. Don't take an opinion as gospel An opinion on your work is just that: an opinion. While you should be as open as possible to the feedback you're getting, you don't have to take it as the truth when it comes to developing your work later. It's helpful to take what you hear with a creative pinch of salt. See the input as research rather than an instruction. On reflection, you'll likely find some of the feedback useful and some that takes you in a direction you don't want to go in. This is your work: listen hard to the feedback and decide what makes sense to you. 05. Adjust and repeat The real power of actively seeking feedback is that it gives you a chance to reflect and course-correct before it gets too late. Each phase of listening to others should be followed by a phase of reflection and recalibration. This is your opportunity to push your ideas further. 
When you've incorporated the valuable feedback, there's only one thing left to do. Go and get more feedback, and repeat the whole process again! These tips were originally part of a Modual student workshop run by Fred Deakin. Related content: How to power up your skills as a freelancer Download the best free fonts The ultimate guide to logo design View the full article