Mostly about my amusement

Author: Jan Dembowski (page 7 of 96)

Getting back into the photography routine

Tonight there will probably be another snowfall so I don’t know if I’ll get any street shots tomorrow. I’ve put on the “never ready” case and replaced the camera strap on my Yashica Electro 35 GSN. The original strap worried me and I don’t want risk dropping a camera made after 1973.

It’s a rangefinder camera and takes great shots. I normally use my Olympus Trip 35 for street photography but the mood struck me to use a different camera. It will be dark when I get out of work and I want to shoot some 800 ISO film (the Trip 35 goes up to 400 ISO film). I’ve shot the Trip 35 in the dark and have gotten some good photos but they were strained. Or “retro” if you like those sort of images like this one. 😉

Late night February 2013 in midtown Manhattan shot with an Olympus Trip 35

Late night February 2013 in midtown Manhattan shot with an Olympus Trip 35

Wintertime is not the best for street photography (metal camera, cold fingers) but I’ve been itching to take more photos. Last year I fell out of the habit of packing a camera and taking lots of photos. I want to get back into that routine and I hope to start this week.

I like taking photos. I love old film cameras. With film you get approximately 26 shots per roll and that forces me to think and frame the shot. They’re not always keepers but with practice I’ve posted hundreds of film shots. It’s something I enjoy and I hope this week I go through at least a couple of rolls.

Fixing my SSL based shortlinks

If you look at the HTML source for this NGINX post I wrote you’ll find this code.

<link rel='shortlink' href='http://wp.me/pLamj-2Lz' />

Which was inserted when I published the post via Jetpack. Shortlinks are cool.

But if you use curl -LI on that wp.me URL you see that it goes http -> http -> https which irks me.

$ curl -LI http://wp.me/pLamj-2Lz
HTTP/1.1 301 Moved Permanently
Location: http://blog.dembowski.net/?p=10637

HTTP/1.1 301 Moved Permanently
Location: https://blog.dembowski.net/?p=10637

HTTP/1.1 301 Moved Permanently
Location: https://blog.dembowski.net/2014/i-am-nginx-and-so-can-you/

$

I like https based URLs because I want the communication between my web server and your web browser to be encrypted.

My web server does 301 redirect the browser to the https version but I don’t want any plain text http in the mix. It’s not Jetpack’s fault, I’m passing the non-SSL URL to it to get the shortlink.

Having the shortlink point to a plain http URL doesn’t fit well with my tin foil hat. Since my web sites are SSL enabled there is no reason to use unencrypted http anymore.

YOURLS to the rescue

I am pretty sure that Jetpack’s URL shortner will handle SSL based URLs in a friendly encrypted way but I’d rather use YOURLS.

YOURLS stands for Your Own URL Shortner and I’ve been using my own installation for years. In December I blew up my multisite and disabled my YOURLS plugin (and several other things). Today I made a subtle change to my shortlink installation’s config.php file.

This line

define( 'YOURLS_SITE', 'http://dn7.me' );

was changed to this with https.

define( 'YOURLS_SITE', 'https://dn7.me' );

And just like that my short URLs are now SSL based. The old http shortlinks continue to work fine.

I previously used Ozh’s plugin but the plugin Andrew Norcross created is recommended by many and I  switched to that one. It’s really easy to use, you  just fill in 2 fields and click the check boxes.

WP-CLI  should be used in all the things

I could not find where the heck my URLs were being generated as non-SSL. If I asked in the forums or looked at the wp_get_shortlink() source code I am sure I could figure it out. But I’m lazy and instead I just used wp-cli like so.

cd /to/my/multisite/directory
wp db export ~/save-me.sql
wp search-replace 'http://blog.dembowski.net' 'https://blog.dembowski.net' --network

The export command was my safety net incase my backups aren’t as good as I think they are. If this hurt anything then I could put the database back right before I munged it up.

Today I published a post and it has this code and shortlink.

<link rel='shortlink' href='https://dn7.me/2ou' />

Looking at that with curl reveals this.

$ curl -LI https://dn7.me/2ou
HTTP/1.1 301 Moved Permanently
Location: https://blog.dembowski.net/2015/good-product-integration-is-important/

$

The https URL sends a 301 to the destination https URL with nothing else to see. My tin foil hat is now even a little tighter.

You do know that you use Jetpack, right Jan?

I’m not really concerned about data leakage and this really is just an excercise for me. I like Jetpack and understand the implications of continuing to use it.

When you setup a  web server the default port is 80 without any encryption. SSL on port 443 needs to be configured and turned on manually with x509 certs. Wouldn’t it be great if you could do away with HTTP and just use HTTPS? That’s part of what Let’s Encrypt is trying to accomplish.

As a service it’s supposed to be available mid-2015 and I can’t wait to see how that goes. Encryption everywhere is a great idea  and in the 21st century there’s no excuse not to use it.

Good product integration is important

My iPhone 6 arrived in the mail, a few calls later it was activated and my old Note II became a paperweight. It’s not that I dislike Android or Samsung products, it’s just that my latent Phone Curse™ kicked in. After 2 years it was time to retire the old one.

The old phone was getting long in the tooth. It’s been months since the camera could focus (that’s important, right? For a camera to focus?) I routinely lost my playlists and the built in keyboard code would crash all the time. Even after I factory reset the phone and formatted the storage. CRASH! Instant phone grief.

It’s not the phone. It’s me and it’s always been me. Any electronic device that is near me for too long loses it’s mind.

What I like about Apple products

Apple does something really well that is evil, persuasive and disruptive. Did I mention how EVIL they are?

Their phones work well by themselves or with other things such as Bluetooth equipped cars.

See what I mean about evil? With my Galaxy Note II I had problems getting music to play in my car. I would need to start the music app on my phone and cross my fingers. To sync my music (I use both iTunes and Google Play Music) I would try different applications such as doubleTwist’s AirSync but that was always hit or miss. Occasionally the sync would go spa and I’d have to use harsh language on it.

Using the Google Play Music app always worked provided I had good cell coverage. Listening to music while driving where it pauses is enough to make anyone start drinking. If the music is in the phone’s cache cool but if not it could be a long ride.

With my new iPhone I get into the car, wait for the Bluetooth to connect and hit play. If the car was set to the phone player already then music would just begin by itself. No muss, no fuss it just works.

Text messaging? Oh yeah, iPhones do that but they extend it into iMessage. When you log into Facetime or iMessage and you have a Mac you can continue to message via the Mac. It’s a smooth transition and I can pickup messaging without my phone. Same with Facetime and it’s not limited iPhones. I can use my phone to message or Facetime my daughter on her iPhone (she got Lily’s old phone with no service) from my phone or Mac.

With my old phone I never used a lock screen. The Note II is huge and typing the code was like walking across the room. On the iPhone the fingerprint reader is almost transparent in its use. Press the home button to awake the screen. Leave your thumb there a little longer and the phone unlocks.

While on the topic, iPhone apps can use the fingerprint reader too just like your iTunes account. I use 1Password and unlocking with just my thumb is amazingly cool. I’ve been playing with Clef and I authenticate to that service in the same way.

Again it all just works, the integration is seamless.

Yes, I can do most of that in Android with 3rd party apps

That’s where Apple extends their EVILNESS. It’s built in. The messaging and Facetime like experience on Android? Skype on your phone and Skype on your PC or Mac. There is no Facetime or iMessage for the PC that I am aware of and that’s not a mistake. Apple is in the business of selling their products, not PCs.

Same with the music sync and car integration. Apple works closely with car manufacturers so when I play music I see the cover art, time passed, time left, can select from playlists, scroll through songs, etc. With my built in Samsung music player I can see the song before, playing and next song. That’s it. The doubleTwist music player has even less functionality.

The Note II does not have a fingerprint reader but current models do. I’ll assume that they can be unlocked in similar ways but I don’t think the 3rd party app support is there.

I am not an Android hater

I like well designed products. And I did look at HTC phones and the current generation of Samsung phones. They’re really good but the integration problems I’m having are inherent to  the Android operating system. With the new Lollipop version that may have improved. With the Motorola line of phones running a “pure” version of Google’s OS maybe the integration with cars has improved.

There’s also the “change is good” factor for me. IOS and Android apps really are not the different anymore. With IOS you get less built in buttons (my old phone had a “go back” soft button, IOS has a home button) and once you change gears to IOS it’s all the same.

In another 2 years or so I expect my curse to kick in again. Maybe at that time I will switch back to a Google phone. Apple has a huge market and support but future Android phones might get the seamless experience I am looking for.

Thank you #wpmom for everything

kim-parsell-is-now-following-you

I can’t remember when I first started interacting with #wpmom Kim Parsell. I’ve been looking and the earliest I can find was an email from April 26, 2012 saying that she was following me on Twitter.

Hundreds of tweets and many emails later and it sure seems like it was much longer than that. She had that effect on you and on October 25th, 2014 I finally got to meet her in person at WCSF.

She was so down to earth and so real. Nervous too, she was going onto tape as the Docs lead for explaining the Codex and getting involved in that team. When that video was taken I was near the podium doing the thumbs up thing before and after her presentation. She had nothing to worry about and she did fine.

The WordPress community is volunteer driven and we all focus on those things we are individually interested in. For me I like to provide support even if it’s just a “Hey, try this plugin it may help you out” reply in the forums. That’s an easy way to get involved and takes very little time.

Kim did so much more than that. She was an active and key member of the Docs team and contributed to WordPress core. She downplayed it but she was a member of and a huge person to the whole support team. She collaborated with so many people. The tag #wpmom was one that she embraced and it was true, she really was like the Mom to all of us. On my last day at WCSF I walked over to sit with her and see how she was doing. I had to, I told her I would. We talked about meeting again at other WordCamps and I wanted to introduce my kids to her.

Now that won’t happen and I feel awful. When I heard the news about Kim’s passing I was shocked. I kept telling myself that she’s just taking a break or a vacation. That’s what I told myself till the last minute.

I feel so small right now. But interacting with her online made me a better person. Collaborating with her and others is amazing and even small contributions are valuable. I got to meet her in person and I’m so grateful for that. She made me feel involved and important. I’ll miss her and her encouragement but I can’t mope about it. That’s not something wpmom would approve of.

Thoughts on my LG G Watch

For the last 7 days I’ve been wearing my Christmas gift from my brother and sister-in-law: an LG G Watch. It’s a watch that runs Android Wear and works hand in hand with my smartphone.

As a watch

It’s very comfortable. The strap is rubber like and the holes take into account small wrists like mine. It stretches a little bit so I’ve got it on snug but it’s not cutting off my circulation. With my regular watch that’s not the case since I never added another hole in the strap and it’s always a little loose. I’m always aware of my Citizen watch but I can forget I’m wearing this one.

The watch is rated to meet IP67 requirements which according to this Wikipedia page (I had to look it up too) it means it is dust tight and can be submerged up to 1M at “under defined conditions of pressure and time”. I took that to mean I can wash it under the facet if I need to and wearing it in the rain will not be a problem.

I’m not sure how strong the display face is. My Citizen watch has an “Anti-Reflective Mineral Crystal” and it’s tough. I bump into things all the time and I’m always amazed that 2 and half years later the face doesn’t have gouges in it. The LG G Watch may be scratch resistant but I would not want to test that.

Since it’s a smart watch you can change the face with a download and I currently like TextFace.

As a display extension for the phone

When I think “smart watch” I’m really thinking about a Dick Tracy radio watch. Dick Tracy never said “Oh no! I’m outside of cell phone coverage!” though he may have had to deal with Flattop jamming his signal. Android Wear devices are not that but they’re still pretty cool.

This watch connects with my Android phone via Bluetooth. It can run applications designed for it but the primary function is to be another notification area. It’s a place for your phone to let you know you’ve got mail, a text message, Tweet, etc. By default the watch will vibrate though that can be turned off.

The 400mAh battery lasts me all day and except for a friend favoriting 20+ my Tweets in minutes (and you know who you are 😉 ) I’ve not had any problems. LG provides a micro USB cable, A/C charger and a docking stand with a tacky (not sticky) bottom so it grips your nightstand or desk.

I did install a bunch of watch faces and the Google Fit app works well. But there’s not much application utility for me. I can hold my watch up and say out loud “OK Google. Directions to Pizza.” and that does work. The Google Maps app will fire up and I can select walking directions if I want to. But how often would I do that? It’s not that the watch isn’t designed well (it is) it’s just that the concept of smart watches and Android Wear is still developing.

That all said the watch is very cool and I like it

I keep my phone in my pocket and get all the notifications on my wrist. Those watch notifications can be ignored on a per app basis. I’ve gotten Slack notification on my watch and that feels like the Geek Bat Signal.

When someone calls me on my phone I get the option to accept or ignore them while getting caller ID on my watch. I occasionally get cold called on my cell and a quick swipe on my watch is a “Nope!” I don’t think I can talk to people via my watch but I’ve not tried.

I control my music playing  on my phone via the watch. This is the phone in my pocket. That’s just nuts. It’s in my pocket! That’s like using the TV remote to turn it on while the on button is 2 feet away from you. You could just reach out and push the button, but it’s still very cool doing things via the smart watch.

I’ll use it for at least 2 more weeks

I like my LG G watch a lot. But in a couple of weeks my cell phone contract is up and I decided months ago that I’m getting an iPhone 6. Not surprisingly, this watch only works with Android phones.

The watch is fun but I really want to switch to an iPhone. If Apple does it correctly this experience will lead to me getting the iWatch when it comes out. Maybe, I’ll want to see what others think about it first.

The mood struck me and I organized all the things

Saturday I went to Lowes and picked up new air filters for the house. The old filters were… they needed replacement badly. While there the lightbulb went off and I picked up the following.

The elbow brackets were bent into shape with just a little gentle persuasion. I mounted them on the pegboard and attached strips of rubber shower liner to make sure I did not scratch up the desk.

Yes, it is my desk but if I damaged it I’d have faced some serious adult supervision.

With the metal brackets safely rubberized I hung the board off the back of my desk and started attaching all the junk from the floor.

Pegged up equipment

The results came out OK. I’d love to tie up all of the power, USB and ethernet cables but I do move things on my desk so that’s not a good idea. If I ever have to take it apart I’ll put the new power strip on the top. Right now it bows out a little and the 42 inch long surge protector would prevent that.

It’s really too bad I did not take a before picture of that cable and outlet horror show. It cried out “Fire hazard!” every time I looked at it. I had one of those 2 pronged monsters on the wall outlet that made the 2 plugs into 6 outlets. Power cables and junk just littered the floor and I meant to fix it years ago.

How many years ago? The article that inspired me was this one. It’s not a new idea but I’m glad I got around to it.

I Am NGINX! (And So Can You!)

A few months ago I switched my Apache2 installation for this blog from mod_php to php5-fpm. Using Ubuntu LTS this was as simple as running apt-get remove libapache2-mod-php5 ; apt-get install php5-fpm and adding /etc/apache2/conf-available/php5-fpm.conf with just a few lines.

I activated that config and it worked! Mostly. There was some more than that but it wasn’t hard. I did this because I wanted to play with mod_pagespeed and I needed php5-fpm to do that.

It didn’t exactly work as well as I’d have liked.

My Apache2 installation had become temperamental.

I couldn’t get the number of workers right and there was some sort of condition that was causing php5-fpm to break and generate 500 errors. The logs didn’t tell me what was going on and the problem was outside of WordPress. Restarting Apache2 every couple of days worked but that just sucked.

I like server based solutions that just work. This one was effecting all 7 sites in my network including Lily’s store.

This was a great time to switch to nginx!

I could not get my multisite /files/ and blogs.dir working on nginx. It just wasn’t doing what I thought it should and I think it was because of my 7+ years of carried database options and junk.

When I tried fix it I found many other things broken on my installation. So I ended up creating a brand new multisite installation, imported via XML all of the sites (I only had 7 so that wasn’t too bad) and after it all worked I globally searched and replaced all the references of the new sites with the old.

That took me almost a week. I worked on it after hours, November is a busy month at work. I did get Lily’s site working first so there’s that. I may write a post about that exercise. The search and replace worked well and so did the DNS part.

Here’s my Apache2 .htaccess bits and the nginx conf replacements. All of the nginx bits are in one file.

Redirecting an old URL to a new  one

Years ago my installation URL was different and I used a ReWriteRule to send visitors to the right place.

RewriteEngine on
RewriteCond %{HTTP_HOST} wp\.dembowski\.net [NC]
RewriteRule (.*) https://blog.dembowski.net/$1 [R=301,L]

This is long gone but incase you need it, here you go for the nginx equivalent.

server {
        listen 80;
        server_name wp.dembowski.net;
        return 301 https://blog.dembowski.net$request_uri;
}

Send all URLs to the SSL version (with exceptions)

I want WordPress to be SSL based but I am comfortable with my RSS feed being available via plain http.

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} blog\.dembowski\.net [NC]
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/feed/$
RewriteCond %{REQUEST_URI} !^/index\.php$
RewriteCond %{QUERY_STRING} !^feed=rss2$
RewriteRule ^(.*)$ https://blog.dembowski.net/$1 [R=301,L]
</IfModule>

On nginx that works out to these lines in my server section for plain http.

location /feed/ {
        try_files $uri $uri/ /index.php?q=$uri&$args;
}

location / {
        return 301 https://$http_host$request_uri;
}

Everything get’s handled by the “location /” part and exceptions like “/feed/” go above those lines. If I had any other exceptions then they would go between the two.

SSL all and SPDY

In my server section for the SSL based version, I have these lines.

listen 443 ssl spdy;

The nginx package I’m using is compiled to include SPDY 3.1 support. I haven’t put back PageSpeed but SPDY is fun to play with.

With Apache2 I used mod_ substitute change my http references to https in the HTML output. With nginx I use the HttpSubsModule.

subs_filter_types text/css text/xml;
#
# http host substitution for https versions
#
subs_filter 'href=\'http://$http_host/' 'href=\'https://$http_host/';
subs_filter 'href=\"http://$http_host/' 'href=\"https://$http_host/';
subs_filter href='https://fonts.googleapis.com href='https://fonts.googleapis.com;
#
# make http into protocol-relative URLs
#
subs_filter src=' src=';
subs_filter src="http: src=";

The Google Fonts was put in because one of my sites use it and the SSL page broke until I put that there. And I don’t yet have Jetpack’s infinite scroll working quite right. Meh.

While I’m at it, you should always set HTTP Strict Transport Security to tell web browsers not to downgrade from HTTPS to HTTP.

In Apache2 that’s this line.

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

In nginx in your server section add this line.

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

Redirecting client IPs

Sometimes I just don’t want some people to visit my site and 301 them to a YouTube video. IP blocking is a temporary solution but in Apache it’s easy.

RewriteCond %{REMOTE_HOST} 192.168.111.75 [OR]
RewriteCond %{REMOTE_HOST} 10.22.33.230 [OR]
RewriteCond %{REMOTE_HOST} 172.16.11.132
RewriteRule .* https://www.youtube.com/watch?v=NN75im_us4k [R=301,L]

Easy to accomplish with nginx with these lines. The 403 isn’t the same code but the results are the same.

location / {
        include /var/www/vhosts/block_ip.txt;
        try_files $uri $uri/ /index.php?q=$uri&$args;
}

The block_ip.txt file contains these lines.

# Deny these IPs
error_page 403 https://www.youtube.com/watch?v=NN75im_us4k;
deny 192.168.111.75;
deny 10.22.33.230;
deny 172.16.11.132;
allow all;

So no .htaccess live changes?

With Apache2 when you make a .htaccess file change it is live immediately. Each http request that hits the server parses the content of that (and other) files.

That’s not true with nginx and any configuration changes need a “service nginx reload” as root or via sudo. I don’t make frequent configuration changes so that’s not a problem for me.

What’s with the Stephen Colbert thing?

I like Stephen Colbert. You don’t get the reference for the blog post title do you?

Constantine is a fun show

I’m watching NBC’s Constantine via FIOS on demand. It’s a fun show but I wonder how faithful it’s going to be to the original comic.

I’ve not look at that comic for ages. Unlike the Keanu Reeves version, this one has someone playing as a brit.

It’s s fun show if a little grim. I mean what else to expect with a prime time show that deals work demons.

I’m writing this post from my phone as a way to play with the WordPress Android client. Easy so far and the client has come a long way since I last looked at it.

October 24th

Tomorrow is the 2nd anniversary of when my Dad passed away. It’s also the day I fly to attend WordCamp San Francisco and in all the excitement I’d completely forgotten the significance of the day.

That’s alright and it’s good. In my immediate family we’ve never been concerned about such dates. The thing to remember is the person and the impact they’ve had on you. You remember their life and not their death.  That doesn’t mean I don’t remember Dad; not a day goes by when one of us will say something like “Grandpa could fix anything”.

Dad’s hobbies where simple: learn how to build anything that he needed to make or repair something else. He was an electrical engineer and that often meant he would write his own custom assembly language compilers for some EEPROM he needed to program. Or test different paints for cooking a 1930’s radio chassis in the oven to reproduce the right wrinkle effect. Did you know that you can bake some clear plastics to remove the cloudiness and make it more transparent and new?

I don’t have that level of expertise in my hobby but I knew that Dad understood why I like to get involved with WordPress. He would approve of my attending a WordCamp (I only started at WCNYC this year) because you can’t ever stop learning new things.

That’s a recurring theme in my family: learn new things and do those things you like to do. That’s a large part of what my family taught me and I hope I pass that onto my children. That’s what I’ll remember tomorrow and how I’ll observe the day.

Remove shortlink URLs from comments

Or remove them from anywhere, though I’m not sure why you’d remove shortlinks from your own author’s posts.

I’ve written a small plugin that will filter your comments using preprocess_comment which is a useful filter comment data before it’s committed to your database. The other toys I used are wp_extract_urls and wp_remote_head to make http head requests to web sites.

The plugin works like this: you feed a function a URL and it gives you back a URL but with shortlinks you get the real destination. It uses wp_remote_head() to make an http HEAD request and looks for the location header.

If it finds that header then it recursively calls itself to get real destination up to 5 requests. After 5 requests the URL is replaced with the # sign. If it doesn’t find that header then the original URL is returned.

Depending on your site that can be a lot of URLs and to cache those results I create transients for those URLs. The next time in a 12 hour window that URL is tested then WordPress will pull the data from the transient.

I’ve never used transients and I’m not sure this is a good idea or not. But if you need to eliminate shortlinks then this plugin might do it. Also this parses all URLs in the post or the comment and that’s probably not necessary. A simple check can be put in to see if the URL is on a list of shortlink providers and ignore all the rest.

You can download the plugin from this Gist page.

Once you’ve downloaded it save it to your wp-content/plugins directory as short-links-begone.php and activate the plugin in your WordPress dashboard. This plugin will not change any post data or old comments. It will modify new comments when they are submitted.