So! You like retro game systems?

One of my recent hobbies (aside from breaking my WordPress site) is anything related to the Raspberry Pi. I use it as a network media player in my living room, USB computer on a stick and as a retrogaming console.

Nintendo recently released the NES Classic Edition which comes with 30 built in games. This holiday season it will be a big hit and it sold out almost as quickly as it was released. With a Raspberry Pi 3 running Retropie you can accomplish almost the same thing. It just takes a little geeky work and some parts.

Here’s the parts and links. I usually just drive out to Micro Center in Westbury and get it in person.

Raspberry Pi 3 $29.99 Micro Center
Raspberry Pi 3 case $8.99 Micro Center
USB charger (5 volts, 2.4 amps) $8.99 Micro Center
Microsoft Xbox 360 wireless controller for Windows 2 x $35.99 Best Buy
32GB microSD Class 10 $10.99 Micro Center
6′ HDMI cable $6.99 Amazon
Total: $137.93

OK, that added up quickly. The NES Classic Edition is $59.99. Add another $9.99 for a second wired controller and you’re only in for $69.98.

I begin to see what Lily means. Grownup’ing is a pain.

The XBox 360 wireless controllers that I linked to also include a USB transceiver. That part number JR9-00011 is cheaper than just a controller alone. I don’t know why.

Just about any USB game controller that works with your PC will work with Retropie. I picked these because I had a spare and I like being able to sit on the couch while playing.

Download and burn the Retropie image

Visit Retropie’s download page and make sure you get the one for Raspberry Pi 2/3. At the time of this post that’s version 4.1

I’ve never tried burning the image using a Mac. On a PC I just use 7Zip to expand the retropie-4.1-rpi2_rpi3.img.gz and use Win32 Disk Imager to write it to the microSD card.

There are some really good detailed instructions for installing and configuring Retropie here.

https://github.com/retropie/retropie-setup/wiki/First-Installation

When it boots you will be asked to configure your controller so you’ll need to get your XBox 360 controllers working.

think the Xpad driver ships and is activated by default. I don’t recall activating it myself. If that’s not the case then I’ll update this post.

  1. Put batteries into your XBox 360 controller, and plug the XBox 360 Wireless USB transceiver into any free port on your Pi.
  2. Press the stylized XBox button on your controller to turn it on and then press the button on the transceiver.
  3. The front of your controller has a not quite recessed wireless sync button. Press that and your controller will connect to your USB transceiver.
  4. Press a button on your controller to begin configuring it.

From the Retropie Git docs, you’ll configure the buttons like so.

The image is from that Retropie installation page. I didn’t want to hotlink the image as that’s rude. If it’s a problem I’ll remove the image.

You will get some of the button assignments wrong. Don’t worry, as long as you get the D-PAD, START button and A button assigned then you can redo it later on.

That USB transceiver supports up to 4 controllers. When you use PS2 emulation for games it not only works but so does the rumble part. That’s cool.

Network your Raspberry Pi 3

I happen to have an Etherenet connection onto my Raspberry Pi 3.  It also comes with a built in 802.11n wifi adapter. You want your Retropie on your network and being able to ssh to it is very useful.

https://github.com/retropie/retropie-setup/wiki/Wifi

Borrow a USB keyboard from your PC or Mac so you can enter your wifi key. You won’t need it afterwards. I do all my Linux admin via ssh from my PC or Mac.

Your Raspberry Pi 3 running Retropie is a Linux server. It’s running a Debian based distribution called Raspbian. If you’ve spent time administering an Ubuntu LTS VPS then this will feel very similar if not downright identical.

The reason for getting your Retropie on the network is simple: once you do you will find a new Windows share at \\RETROPIE and you can deposit the NES ROMs you obtain in \\RETROPIE\roms\nes as easy as drag-n-drop.  You’ll have to do some research where to get them yourself. They’re not hard to find.

When you do obtain NES ROMs make sure you keep them in individual ZIP archive files. Don’t extract them, just from them as is into your nes directory. Once you’ve gotten your roms onto your new system, press the “start” button on your controller and restart emulationstation.

So many emulators to use

Retropie supports many retro arcade systems. My favorite are MAME, SNES, NEO GEO and of course NES. I don’t play a lot of Atari 2600 games though I should. That’s one of the systems I had as a kid.

The emulators are easy to use. Generally you just drag the ROM zip file into it’s directory. Use \\RETROPIE\roms\nes and \\RETROPIE\roms\snes for the  right one. You’ll see many more directories there but for now ignore them. You can explorer them later.

This is not a game system for everyone

If you are just looking for the classic NES games and can get your hands on one even with the small controller cables, then do so.

This illustrative YouTube video can explain the mindset of people who do this sort of thing.

You’ll either immediately understand where I’m coming from or you wont. That’s OK, some people just enjoy the nerdy aspects of things.

Using a Raspberry Pi 3 with Retropie is purely a geeky exercise. It works, it works well. It’s easy to maintain provided you are willing to learn the Zen of the Debian Based Linux Server™

Part of the appeal of the Raspberry Pi 3 is that it is a server with a quad core ARM CPU running at 1GHz. It has 1 GB of RAM built in. With a 32GB microSD card, case, and A/C adapter it’s a full on Linux server for less than $70.

Setting up a small PC with similiar stats will run you at least $200. The small size of the Raspberry Pi 3 shouldn’t take away from the fact that it is a Linux server. It has a default user ID and password. You should change that if you’re concerned.

Here’s an example of what I mean. Yesterday I did the following.

  1. ssh’ed to the retropie as the pi user.
  2. Ran sudo apt-get update ; sudo apt-get -y upgrade ; sudo apt-get -y dist-upgrade
  3. Ran cd Retropie-Setup then sudo ./retropie_setup.sh
  4. Selected “Update all installed packages” and skipped the OS ones because I already did those.
  5. Had coffee. See illustrative video above.
  6. Ran sudo reboot to reboot box.

If you read that, stopped at step 2 and said “Are you kidding me?” then it’s alright. You’re OK. The NES Classic Edition is for you, it’s $60 and it is fire and forget. It does not have any network capabilities, it will never be updated. And there’s no legal question about using one either.

If you want to roll your own and don’t mind getting up to your neck in Geeky Nerdy things then maybe the Raspberry Pi 3 is for you.

Confirmed: I’m not getting the PC back anytime soon

This may fall under category of “bad parenting” but probably not. I hope not. Just don’t tell Lily, OK?

My daughter saw all of the fun her brother has playing Team Fortress 2 and wanted in on the action. The kitchen iMac doesn’t play games very well but my PC does. So I set her up on an account there, logged her into Steam and the rest was history.

She picked up TF2 quickly. Then she saw that she could play Borderlands 2, Torchlight II, Portal 2 (is there a “two” thing going on?) and spent hours on the PC.

Her normal activity is drawing on the iPad. She’s really good and has developed a real skill. Video games are normally the domain of her brother. But they seem to like playing on the same TF2 server. When they’re on the same team she plays the medic and supplies health to the other players. When she’s on different teams she plays the scout.

She spent the whole evening playing and I had no clue. It wasn’t till I went to turn off the light in the office that I saw her. Her mother would not be happy had she walked into the room.

There is hope that the has inherited Lily’s Adult Supervision™ genes. I told her that I’d get a third PC for her, probably from Costco. Her answer?

That’s wasteful. I can share yours when you are not using it.

I have no idea where she picks that stuff up. I’ve certainly never encouraged that sort of behavior.

How to use UpdraftPlus when The Bad Thing™ happens

I am in the process of handing over a site to someone who’s not used WordPress before and doesn’t necessarily know where what lives and how. I thought it would be a good idea for me to document how to use the free UpdraftPlus plugin.

I use the commercial version of this plugin because it is fire-and-forget for my multisite installation. But if you are running a standalone installation of WordPress then the free version is a good suitable option. Continue reading “How to use UpdraftPlus when The Bad Thing™ happens”

Did I mention I like WP-CLI?

I’ve written praise for wp-cli before but it’s a toy that will never get old for me.

I was working on this problem for a friend and I needed to create a test multisite installation. I have a domain I can use aside from my main one so I setup another nginx virtual host, setup the DNS entries and used Let’s Encrypt to obtain legitimate X.509 certificates.

For creating the DB and WordPress config I used CLI commands.

$ mysql -u root -p

create database leeloodallas;
grant all privileges on leeloodallas.* to 
"brucewillis"@"loc1alhost" identified by "5oM3U36ul$tringH3re";
flush privileges;
exit;

$ wp core download

$ wp core config --dbname=leeloodallas \
--dbuser=brucewillis \
--dbpass=5oM3U36ul$tringH3re \
--extra-php <<PHP
define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );
define( 'WP_DEBUG_DISPLAY', false );
PHP

$ wp core install --admin_user=yourlogin \
--admin_password=Y3a2n0tHaP3n1ng \
--admin_email=you@example.com \
--url=blog.dn7.me \
--title="Leeloo Dallas Multisite"

$ wp core multisite-convert --subdomains

Yes, all the passwords and IDs are changed.

When I get into deep water (and I did) I just rm * -rf in the virtual host’s directory and in mysql drop database leeloodallas; and do it all over again.

The only thing different from other times is the wp core multisite-convert --subdomains command. I already have cookie cutter nginx configs and DNS is fire and forget. Once I had the vhost setup the Let’s Encrypt commands (also scriptable) was trivial.

WP-CLI is cool and scripting this is such a time saver.

2FA should be built into WordPress core

Does email work with your WordPress installation? When someone leaves a comment on your blog or your WordPress installation automatically updates to a minor version number such as 4.4 to 4.4.1 do you get that email?

You did get those emails? Great! Now go, install and activate the Two Factor Authentication plugin maintained by George Stephanis. I’ll wait.

Now that you have done that, on the top right corner of your dashbaord is a “Howdy, User” link. Click that and select Edit My Profile. Scroll down on your profile page and enable the first two options. That’s “Email” and “Time Based One-Time Password (Google Authenticator)”.

2fa-setup-page

I made the Google Authenticator my primary means of logging in. I keep the app on my password protected iPhone, it’s a one-time password (OTP) generator and it doesn’t need access to Google to work. It’s time based after all.

What is two factor authentication (2FA)?

2FA is a means to increase the confidence when you log in that you are in fact who you say you are.

When you log into WordPress, you use an ID and password. The security is in the password and should be along the lines of “gHJjgbtjXa9FLyGkhaHR0o” which I got courtesy of my 1Password app. That password is one factor of authentication. Your password is something that you know.

The second factor is what you have in your possession. In my case it’s my Google Authenticator app on my iPhone.

When I log into my WordPress site I am prompted for my username and password. Once that is successful I am then asked for my authentication code.

authentication-code

Which I get from my app. If that does not work then I click on the backup method and soon get a code via email. I enter that code and I am in, which is why I asked if mail works at the beginning of this post.

Mail needs to work. So does good time keeping.

My multisite installation is on a VPS and I run NTP. I have to because on a VPS the time will drift (on anything really) and if my server’s time is far enough out of sync then my OTP will not work. Or my phone could be dead but I still can access my email.

By configuring the email as a fallback I have another way to get into my installation. That email code is good till it’s used or is replaced and can get you out of a bind.

2FA needs to be built into core

Having 2FA in WordPress as a built-in option moves the security bar farther.  It increases the security posture for users and if it is an option, if it’s easy to setup then it will be adopted by users.

Yes, it will take some education for people to use it properly but that is not insurmountable.

In the past, users would install WordPress and forget to maintain them. The other day I came across a 3.5.2 installation. That was released in July 2013. In Internet years that’s ancient and there are several known exploits out there. The 3.5.x code isn’t maintained.

As of version 3.7 minor release updates are turned on automatically by default. If you installed 3.7 and did not do anything else then as of today you are or will be running 3.7.12 shortly. Major version upgrades are not automatic so 3.7.x will not update to 3.8 or even to the current 4.4.1. The major versions need to be updated by the user initiating that upgrade, although some forward thinking hosts will do it for you anyway.

Automatic updates are a result of the developers wanting the environment to become more secure. Unpatched WordPress installations were the cause of compromised sites that sent spam, spread spammy links and made the Internet neighborhood a worse place to be.

It also gave WordPress an unjustifiable reputation for being insecure because users did not maintain their code.

Having 2FA is similar to enabling TLS on your WordPress installation. If your server supports HTTPS just update your Site URL and WordPress Address, perform a little search and replace for the old http:// references to their TLS versions and you are done. More and more sites are defaulting to https because it’s easy.

2FA is like that, it’s a step in the direction of users taking their security into their own hands. It’s educational too, meaning that once it’s setup and working you’ve learned something new.

What about the Support Team’s concerns?

Mika Epstein, myself and others expressed reservations not about having 2FA built into WordPress. We like this idea. Our concerns were along the lines of “How can we walk the user through disabling 2FA if they bork it badly?”

The idea we expressed was that this should be enabled by editing the wp-config.php file by hand, just as you have to do when you enable multisite. If you can do that successfully then you are technical enough for 2FA. The words I used were “you need to be this tall to enable this feature”.

I don’t think that anymore. If someone’s email is working then they can get back into their installation with the emailed access code.

What I’d like to avoid is the situation that exists with password resets. If you look at the WordPress Codex article about resetting your password then you may understand.

For manual password resets I encourage users to add a line to their theme’s functions.php file but that can be dicey. If they typo that file they can break their whole site. That’s still more appealing for me than trying to walk a user through using phpMyAdmin.

Manual password resets is difficult for regular users. If they can enable 2FA and have a not too difficult way to disable it then any reservations I’ve had are gone. I know this is being worked on and I would really like to see this properly put into WordPress 4.5.

It’s something that can make the Internet neighborhood a more secure place to be.

Let’s Encrypt is all kinds of awesome

I had some time and did a git pull on the Let’s Encrypt github page. This is a project that makes it easy to install and maintain free X.509 certificates for web servers. The certificates are in PEM format and can be easily used for any server app but usually it’s just for HTTPS on web servers.

Requesting your own certs

The first time I ran the ./letsencrypt-auto command it used apt-get to download its dependencies. The integration with Ubuntu is nice and works well. A few minutes later of some prodding and poking, meaning I read the Let’s Encrypt User Guide, I gave it a shot.

On my VPS I selected blog.epyon-1.com and ran the following command as root.

./letsencrypt-auto certonly --webroot -w /var/www/vhosts/dembowski.net/ -m not@my-email.btw -d blog.epyon-1.com

The site blog.epyon-1.com is on my WordPress network so the directory is the same. The end result of that was to politely create and place these symlinked files.

/etc/letsencrypt/live/blog.epyon-1.com/cert.pem
/etc/letsencrypt/live/blog.epyon-1.com/fullchain.pem
/etc/letsencrypt/live/blog.epyon-1.com/privkey.pem

A quick update to my nginx config for

ssl_certificate /etc/letsencrypt/live/blog.epyon-1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blog.epyon-1.com/privkey.pem;

I checked with “nginx -t” and “service nginx restart” and that was it.

Encryption has never been this easy

The certificate is valid for 90 days and is recognized by all browsers.

lets-encrypt-epyon-1.com

To renew it I’ve created a cron job for the first of every month to run this command.

./letsencrypt-auto certonly --webroot -w /var/www/vhosts/dembowski.net/ -m not@my-email.btw -d blog.epyon-1.com -d epyon-1.com --renew

Which is the same command with just --renew added to it. Easy. If you don’t renew the CA will send you a reminder at the email you specified via the “-m not@my-email.btw” command line argument.

I’m not directing the output to /dev/null because if that cronjob works or not I want to see that output. If the cronjob fails then I can always run the command by hand.

Will I switch all my domains to Let’s Encrypt?

Why not? The project is currently in a public beta and the Let’s Encrypt tools will change and continue to be developed. But for the next 90 days the certificate I obtained will work fine. Even better if they automatically renew.

What I am looking for is a reasonable expectation of privacy between my web server and my visitors. I do not use TLS for authentication and the Let’s Encrypt certificates work fine.

If I had an online store then I might consider getting an Extended Validation Certificate but that would be only to reassure visitors when they are making a purchase. EV certs are not cheap. Let’s Encrypt is free so it’s not a hard decision for me to make.

This helps protect the traffic from casual snoopers between my server and your browser. It’s not a magic bullet for security but the wide spread adoption of encryption will help promote privacy.

Server admins love WP-CLI

I’m more of a Network Monkey, but whenever I can provision something just using an ssh session I smile. Many hosts use WP-CLI already and I’ve installed it on my VPS too.

This morning I wrote up a small script to go to my test vhost directory and did the following.

  • Install a blank WordPress site
  • Update some settings
  • Fix my user display name
  • Make sure the plugins and themes are up to date (Akismet needed an update)
  • Delete the default post and page
  • Install, activate and configure the Wapuuvatar plugin
  • Install and activate the Baskerville theme
  • Imported the Theme Unit Test data
  • Cleaned up after the import
  • Used search and replace to make all my http URLs into https

All this was performed without using a mouse or web GUI. (Okay, I checked the avatar setting via /options.php, but I didn’t have to.)

Here’s the script with sensitive details changed.

#!/bin/bash
cd /my/notsecret/www/vhosts/bang.dn7.me

# Setup a new WordPress installation

wp core download

wp core config --dbname=tothemoon \
--dbuser=testuser \
--dbpass=3c962761afbf9ab40a2e75346809c8cf

wp core install --admin_user=jan \
--admin_password=Rea11y*ot7y^assWiRd \
--admin_email=example@example.com \
--url=bang.dn7.me \
--title="Bang! Boom! Pow!"

# Update some options and my account info

wp option update blogdescription \
"What could possibly go wrong?"
wp option update comment_moderation 1
wp option update comments_notify 0
wp option update moderation_notify 0
wp option update comment_whitelist 0
wp user update 1 --first_name="Jan" \
--last_name="Dembowski" \
--display_name="Jan Dembowski"

# Make sure plugins and themes are all up to date

wp plugin update --all
wp theme update --all

# Clean up the default post and page

wp post delete 1 --force
wp post delete 2 --force

# Wapuuvatar is cool. Install, activate
# and set to the default avatar

wp plugin install wapuuvatar --activate
wp option update avatar_default dwapuuvatar

# Let's play with the Baskerville theme

wp theme install baskerville --activate

# Now to import the theme unit test data

wp plugin install wordpress-importer --activate

curl -O https://wpcom-themes.svn.automattic.com/demo/theme-unit-test-data.xml

wp import theme-unit-test-data.xml --authors=create

# Clean up in aisle seven

wp plugin deactivate wordpress-importer
wp plugin delete wordpress-importer
rm theme-unit-test-data.xml

# My test site is also TLS so I'll fix 
# all the things to point to the encrypted URL

wp search-replace http://bang.dn7.me https://bang.dn7.me

# All done

I previously dropped the test installation’s database and created a new empty one. A quick “rm -rf *” (which wise people never do) in the right vhost directory and I ran “bash install-bang.sh”.

It works like a charm. Smart web hosts can and do tie WP-CLI into their provisioning setup. I happened to setup my vhost with TLS and mysql in advance but with a little backend work this can be easily automated.

If you have a test server to play with then give WP-CLI a try. You’ll get a better understanding of both WordPress and the command line.

Internet Explorer. Oh, the pain. Make it stop.

I like CSS. It’s clean, (mostly) standards based and while not all browsers will agree on goofy features, some basics should just work. CSS3 Flexbox support should be on that list for current versions of browsers.

Guess which browser doesn’t support “flex-direction: column”? Internet Explorer will not be updated by Microsoft for anything except security patches. The CSS works fine in the Edge browser.

In my last post I described how to get CSS to visually crop and center featured images. With Internet Explorer 11 the cropping worked but the image wasn’t vertically centered. The “overflow: hidden” did it’s job but the image displayed from the top and the rest was hidden.

Centering images using javascript

This is not a new problem and I found this article on how to use a little jQuery to make a browser do it’s thing. When it’s one image then you can use the class assigned to it.

I ended up adding this class to each featured image.

mh-thumbnail-<?php the_ID(); ?>;

Then I outputted this script where any featured image was.

<script type="text/javascript">
jQuery(document).ready(function() {

	var imageHeight_<?php the_ID(); ?>,
	wrapperHeight_<?php the_ID(); ?>,
	overlap_<?php the_ID(); ?>,
	container_<?php the_ID(); ?> = jQuery('.mh-thumbnail-<?php the_ID(); ?>');

	function centerImage() {
		imageHeight_<?php the_ID(); ?> = container_<?php the_ID(); ?>.find('img').height();
		wrapperHeight_<?php the_ID(); ?> = container_<?php the_ID(); ?>.height();
		overlap_<?php the_ID(); ?> = (wrapperHeight_<?php the_ID(); ?> - imageHeight_<?php the_ID(); ?>) / 2;
			container_<?php the_ID(); ?>.find('img').css('margin-top', overlap_<?php the_ID(); ?>);
	}

	if( BrowserDetect.browser == 'Explorer' ){
		jQuery(window).on("load resize", centerImage);
	}
});
</script>

That sucks. It’s doable, but I needed to use “the_ID()” because each featured image needed it’s own calculation to center correctly.

I did not want that “jQuery(window).on” to fire for anything except but Internet Explorer. jQuery removed the ability to easily detect the browser and for good reason: you should write scripts based on the browser’s capabilities and not the version or software vendor. My javascript skills are worse than my CSS.

I ended up using this script and I can detect “Explorer” now. Adding a line to my child theme’s functions.php file took care of that.

wp_enqueue_script( 'mh-browserdetect', get_stylesheet_directory_uri() . '/browserdetect.js' );

The end result is that for any current browser the CSS does it’s job. For Internet Explorer the javascript gives it that little push to get it to play nicely. I haven’t tried Internet Explorer 8 but I’m not sure I care to.

Working with version 11 already made me feel like I need a bath.

My new Seiko 5 automatic watch

It’s good to have hobbies and lately I’ve been looking into different watches. My old everyday watch is a Citizen Eco-drive. It’s nice enough but it’s a) got roman numerals (why…?), b) the face is really busy and c) has more features than I had any interest in. After a couple of years of use I scratched the heck out of it (the metal, not the glass).

I really wanted a Hamilton field watch. Those are automatic (self-winding) have a 40mm diameter and has a simple face with the date and time. They’re also $350-$700 depending on which model you like. I’m a hobbyist but that’s a little much for me right now.

So I started looking at different brands and came up with this solution. Via Amazon I purchased the following.

  • $54 Seiko 5 SNK803 automatic watch
  • $36 brushed stainless steel push button clasp
  • $18 Honey Oil-Tan Leather Watch Strap

The total was $108 with free shipping. I paid too much for the clasp but I wanted one that matched the brushed steel of the watch itself.

finished-snk803

I like it. The band needs to be broken in but it’s a light, no nonsense watch. it’s not solar powered like my Citizen watch but the old fashioned self-winding appeals to me.

What are the building codes there again?

In China’s Hunan province a glass bottom bridge exists and lets brave tourists walk across. Another one is scheduled for opening and will be the longest glass bottom bridge in the world. I don’t know if I’ll ever visit either but I am sure that if I do I’m not crossing. Here’s how I know.

In 2011 Lily and I took the kids to China. Part of that trip included stopping at Shanghai and we visited the Pearl Tower. The tower is concrete and very orderly, tourists lined up and took a fast elevator to the observation deck. Part of the deck goes around the perimeter and has thick glass panels for the floor.

It’s at least an 800 foot drop. It’s very safe but when you are walking around it and looking down you don’t think about the safety. It didn’t help that the kids worked up their courage and started jumping on the floor panels. That’s not what freaked me out though.

the-girl-skydeck

Making our way around the deck we came across a part that had those bank teller line posts. Except these posts were set at the corners of a new looking and very clean glass floor panel. Instead of a velvet rope, it had yellow plastic tape.

There was YELLOW DO NOT CROSS TAPE TELLING YOU NOT TO STEP ON THAT GLASS FLOOR PANEL.

That freaked me out. I wish I took a photo but instead I grabbed the kids and we went to the inside of the deck where the floor was concrete. The tower is amazing but at that moment I had to find an Internet connection. I really wanted to visit Google in the worst way possible. I had to look something up.