Better SSL with mod_substitute

Renewing my SSL certificates was on my to do list for months and today I’m at home recuperating from a fever that kept me up all night. Since my web server is now patched it is a good time to get new SSL certificates. So I contacted StartSSL and did the deed.

WordPress and SSL has always irked me because just putting a certificate on the web server and using the https URL would still give you elements that are loaded via http (not SSL) and your browser’s address bar would look like this.

ssl-conflict

See that yellow warning triangle over the lock? It irks me. It does. It’s a personality flaw, a blemish, an imperfection. It loudly announces to the world that I’m Doing It All Wrong™. I see that on my site and I hang my head in shame.

OK it’s not really that big a deal. I could play with WordPress SSL plugins but part of my background is configuring applications on servers and Apache2 has a useful module called mod_substitute.

I have two configuration files for my site. One is for the http version and the other is for SSL. It’s like two separate virtual hosts with the same directories.

After I enabled mod_substitute I added these lines to my SSL config.

<Location />
 AddOutputFilterByType SUBSTITUTE text/html
 Substitute "s|href=\"http\://blog.dembowski.net/|href=\"https://blog.dembowski.net/|"
 Substitute "s|href=\'http\://blog.dembowski.net/|href='https://blog.dembowski.net/|"
 Substitute "s|src=\'http:|src='|"
 Substitute "s|src=\"http:|src=\"|"
</Location>

I’m using the alternate delimiter “|” because I don’t want to escape out the URL slashes.

That’s probably too many lines. The first two Substitute lines replaces any URLs of mine from http:// to https://. The next two are for any reference that load elements using plain “http:”. I don’t substitute those with “https:” but instead make those URLs “//” without an explicit protocol.

Doing that gets this image in my browser’s address bar.

ssl-conflict-gone

Green is good. Order is restored.

Why didn’t I use a WordPress HTTPS plugin?

Because I’m lazy and not feeling well. Also using mod_substitute lets me filter the HTML output after WordPress has generated it but before it is sent to the web browser. That gives me more confidence that I’ll get all of the URLs that I want to change.

I’m only using this trick on the SSL version of my site. It’s not a perfect solution and I’m curious to find what this breaks. I had to disable Jetpack’s Photon option because some of my images were not being sent to that CDN properly and there may be other thing as well.

This is not something for everyone (if you’re on a shared host for example) but if you can load Apache2 modules and restart your web server then this may work for you too.

Update: Using (.*) instead of “blog” works for my other vhosts as well. Nope, that breaks LOTS. Reverting back.

Screen Shot 2014-04-04 at 8.09.43 AM

Careful what you post online

So it began innocently with this Tweet/Foursquare check in.

I checked in with Foursquare which is something I do on a regular basis. I do this every time I visit the store. It’s a form of advertising in my not so humble opinion.

The store then got a call from someone named “James” asking for me. When I picked up the phone I was asked if I’d locked my key in the car. Naturally I asked who is this and had a short game of “Don’t you know?” which ended with Lily saying “That’s nice, everything is fine now, goodbye.” and hanging up.

I thought the call was from a customer so I gave the phone to Lily. “James” claimed to have met her yesterday.

Here’s what happened: either the Tweet or the Foursquare check in matched a search. Somone saw that the store has a web site, the phone number is there and the rest is history. Or it could have been one of my followers (I’d like to think that’s not the case) or I’m on a Twitter list.

Now as stories go this is creepy and definitely stalkerish but it could have gone much worse. There was no swearing, no shouting and we didn’t get a call back (the number was marked private of course). But that really was my own personalized PSA about casually posting some details online.

I’ve been using social media (that’s a great term isn’t it? It beats “online extrovert”) and I am always aware of the risks. We’ve all read about or even know someone who has been harassed and stalked. I’ll try and be more circumspect about details like that in the future. It’s unfortunate but it’s the reality of this media. The world is more connected and that fellow could have been calling from anywhere.

If someone’s reading this and getting a chuckle then thanks for the wake up call. I’ll adjust accordingly.

What really irks me is that I’ve been trying to get Lily to use Twitter. This little episode really cements her opposition to that. It’s not that she has anything against Twitter it’s just that that medium doesn’t interest her. This small event pretty much means her social interactions will remain squarely in the real world.

4443186340_42fc7d2f57_b_Queens-globe

I’ll always be a transplant from Queens

You think of a lot of things during a 15 minute drive to the train station. I will never be mistaken for a native Long Islander.

I grew up in Queens, attended high school in Brooklyn, went to City College on 136 street in Manhattan and eventually Queens College (very long story). I didn’t get my first car until I was 24 or so. I lived in the 5 boroughs and I liked taking the subway and trains to anywhere I wanted in NYC.

We moved to Long Island because we needed a bigger house and wanted to send our kids to a better school district than the one in our Queens neighborhood. It’s a great house in a good neighborhood.

That said, I will never get used to Long Island.

There’s no sidewalks anywhere

Part of my weekend routine was having breakfast at the Dunkin’ Donuts near St. John’s University. We lived just a few blocks from there and we were just a little more than across the street from the school. I like being able to walk to shopping for groceries and things.

There’s not anywhere I can walk to. Everything is at least a 10 minute drive. If I was feeling brave I might use my bicycle but less than mile away a cyclist was left as the victim of a hit and run. That pretty much rules that idea out.

Some of the drivers are the worst

Not all of them of course but a lot of them. My biggest pet peeve is the yellow line is perceived as a suggestion. I always drive on my side as I don’t think getting in to a car wreck is a good way to meet new people.

A fun example: I come out of my side street and head to the light. Another driver rounds the corner and is almost half his car width into my lane. I stop my car and put on my least offending “What are you doing?” face and the other driver swerves out of my lane. Usually I get the “What? I didn’t do nothing wrong!” look but on one occasion I got flipped the bird. Maybe he was from NYC too?

People who drive by their own rules irk me too. I’m at a light, it turns green and I advance into the intersection signaling a left turn. I’m waiting in the intersection* for the opposite car to either turn or go straight. That gets me a blank stare and the other driver eventually makes hand motions indicating I should turn in front of him. I usually make my own hand motions right after that.

The grass really isn’t greener and I’m not moving anytime soon

I do like the privacy and it’s a great house on a great property. Also I’ve met some amazing Long Islanders and our friends are the best. Lily and I do like living here.

But I’m typing this on a LIRR train. This leg of the commute is long enough that I can draft up a 600 word blog post from scratch. It’s an adjustment and after almost 10 years I’m pretty sure I’ll continue to do this commute. But I’ll still miss some of the convenience of living in Queens.

*NOTE: Yes, I invented my own intersection driving rules. In NY you are not supposed to enter the intersection until you can successfully make the left turn. It’s my blog and I can complain about what I want. ;)

Featured image photo by Mr.TinDC

Favorite new WordPress 3.9 feature

Copying and pasting from Microsoft Word directly into the Visual Editor is my new favorite thing in 3.9 beta. I just tried it on Lily’s store WordPress site and it worked alright. This is a fortunate side effect of 3.9 getting a new version of TinyMCE.

I know, that sounds anti-climatic even a little mundane given the great enhancements that 3.9 will be delivering. But I occasionally (once a month) have this conversation.

Them: How can I copy this Word document into WordPress?

Me: First select the text and paste that into notepad. I like notepad++ myself.

Me: Then you take the text you just copied into notepad select and copy it into the Visual Editor. Again.

Me: Make sure you copy from notepad. Bad things will happen if you paste that into the Visual Editor directly from Word.

Me: Then you apply the styling such as bold, underline, etc. To that text. For titles I like to use the <h3> tag myself.

Me: No, that layout thing you did in Word won’t work.

Me: Images? If you use the Snipping Tool then you can save that image to your hard disk.

Me: Once you’ve done that, upload that into the media library.

Me: Then you can insert it into the WordPress post. The image I mean, I usually go with centered and no link.

Them: Zzzzzz Wha-? What we’re we talking about??

I myself don’t like the idea of users creating content for WordPress outside of WordPress but I’m told I’m special. Apparently “regular” users (yes I’m doing the “air quotes”) such as my wife and some siblings use Word that way.

Lily creates flyers for wine tastings once a week. Right now she has to wait for me to create the event on the WordPress site (thank you Modern Tribe! that’s a great plugin) then cross post it to the company Facebook page. If I can show her how to just paste the content into WordPress to create the event then she can deliver the post sooner.

Also that means I’ll have one less thing to do each week.

Next I have got to test out dragging images into the Visual Editor to upload them that way. That’s got to improve “regular” users workflow too.

Let’s play a game called SERP

On the support forums occasionally (OK today) someone will ask that a post be edited to remove a link or company name for SEO reasons. Unless there’s a good reason for that (and SEO isn’t) then it just isn’t done. There are millions of posts on those forums; can you imagine if a small percentage of members asked for posts to be edited that way?

It’s not always necessary to edit The Interwebz

I am not a web front end developer. I don’t do “SEO”, I don’t at this time have any advertisements on my site. I post to my self-hosted WordPress blog for my own amusement and occasionally the amusement of my friends.

But just for giggles, let’s do a search on Google for my name. I wonder what comes up?

seo-games-jan-dembowski

Huh. That’s weird.

The first hit is my Twitter page, followed by my Make/Support author page, a Polish biologist then a general who both died before I was born (no relation). Then there’s some images (hey, 3 of those are me!) and then my WordPress site. Ah, there’s my Flickr page. I was worried about that not being there.

There is nothing on that search engine results page pointing to the WordPress forums. That’s a shame. I’ve got *looks WOW* 10,772 posts in the forums. That’s not necessarily a lot by the way.

How did that happen?

Again I am not into “SEO” and I haven’t done anything to impact that SERP. I even had to look up what SERP meant to make sure I’m using the term correctly.

But my guess is that the results happened that way because those links are pertinent and each of those links have content that is updated. That’s all there is to it.

  • I tweet everyday non-stop so it’s no wonder that popped up as the first hit.
  • I post to make/support at least once a week so there’s that.
  • Links 3 and 4 are cool and I like that my name is notable (even if the original spelling was Dębowski, ę is pronounced /ɛm/, w is a v sound, look it up).

The important thing is that I produce content and that’s why when someone looks up my name you get sites that I actually update.

So “SEO” magic isn’t real?

There are people who advertise and I assume make a living on SEO work and I am sure they know what they are doing.

If I had a site that I was selling something then I may be concerned that my actual site is 6th down from the top (skipping the images). If I were selling something then perhaps I’d use an SEO plugin. I’d also update my actual site more frequently.

Even without my doing anything special a search for my name shows the links that I expected to see.

My advice to people who want links removed from the forums or anywhere remains the same: if you don’t like your search engine results then change them. Produce original content on your own site. That’s really all there is to it.

miles-obrien

Some journalists still inspire you

 

Miles O’Brien has always been one of my favorite science reporters and I was sorry to hear about the loss of his left arm.

You know he’s going to get through it but it’s horrific that this could happen to him. Give a few minutes and see his interview on PBS NewsHour. It’s great to see him moving forward and explain his phantom pain and what he’s going through.

His Contaminated Waters report is informative and I look forward to seeing what he produces next.