Category: Geek (page 5 of 36)

March 16, 2015

New thrift shop find

I like old film cameras and I often visit Island Thrift to see what they’ve got. Normally it’s just a few 35mm plastic film cameras from the 80s. Those aren’t very interesting, but this week they had some good selections behind the case.

Olympus SLR OM-1MD w/50mm f/1.8 lens in good condition.
Olympus SLR OM-2 w/50mm f/1.8 lens. The shutter was jammed solid.
Yashica Electro 35 G (1968 version, up to ASA 500) with a dented lens rim.
Yashica Electro 35 from 1966. The original non-G version that went to ASA 400.

Of course I got the last one. 🙂

I did a check out of all 4 and gave the manager a lesson in old film cameras. I looked at the shutter settings from bulb to 1/1000 on the OM-1MD, checked the aperture changed when moved, the film advance, looked for fungus and scratches on the lens and made sure the shutter didn’t stick.

Except for the OM-2, the cameras worked. The manager removed the OM-2 which I thought was decent of him.

Without a battery the Electro 35 will default to 1/500 exposure. I thought the aperture blades were stuck (they’re not) but what this new camera needs is work on is the wiring. At home when I put a battery in I got the check battery light working but I also got a ZZZT! noise on the inside.

I took the battery out quickly. This camera is over 48 years old so I do expect some problems. The light seals disintegrate on touch and the whole thing can use a good cleaning. I’ll do some research, I think I know where I can get this one serviced.

January 31, 2015

Fixing my SSL based shortlinks

If you look at the HTML source for this NGINX post I wrote you’ll find this code.

<link rel='shortlink' href='http://wp.me/pLamj-2Lz' />

Which was inserted when I published the post via Jetpack. Shortlinks are cool.

But if you use curl -LI on that wp.me URL you see that it goes http -> http -> https which irks me.

$ curl -LI http://wp.me/pLamj-2Lz
HTTP/1.1 301 Moved Permanently
Location: http://blog.dembowski.net/?p=10637

HTTP/1.1 301 Moved Permanently
Location: https://blog.dembowski.net/?p=10637

HTTP/1.1 301 Moved Permanently
Location: https://blog.dembowski.net/2014/i-am-nginx-and-so-can-you/

$

I like https based URLs because I want the communication between my web server and your web browser to be encrypted.

My web server does 301 redirect the browser to the https version but I don’t want any plain text http in the mix. It’s not Jetpack’s fault, I’m passing the non-SSL URL to it to get the shortlink.

Having the shortlink point to a plain http URL doesn’t fit well with my tin foil hat. Since my web sites are SSL enabled there is no reason to use unencrypted http anymore.

YOURLS to the rescue

I am pretty sure that Jetpack’s URL shortner will handle SSL based URLs in a friendly encrypted way but I’d rather use YOURLS.

YOURLS stands for Your Own URL Shortner and I’ve been using my own installation for years. In December I blew up my multisite and disabled my YOURLS plugin (and several other things). Today I made a subtle change to my shortlink installation’s config.php file.

This line

define( 'YOURLS_SITE', 'http://dn7.me' );

was changed to this with https.

define( 'YOURLS_SITE', 'https://dn7.me' );

And just like that my short URLs are now SSL based. The old http shortlinks continue to work fine.

I previously used Ozh’s plugin but the plugin Andrew Norcross created is recommended by many and I switched to that one. It’s really easy to use, you just fill in 2 fields and click the check boxes.

WP-CLI should be used in all the things

I could not find where the heck my URLs were being generated as non-SSL. If I asked in the forums or looked at the wp_get_shortlink() source code I am sure I could figure it out. But I’m lazy and instead I just used wp-cli like so.

cd /to/my/multisite/directory
wp db export ~/save-me.sql
wp search-replace 'http://blog.dembowski.net' 'https://blog.dembowski.net' --network

The export command was my safety net incase my backups aren’t as good as I think they are. If this hurt anything then I could put the database back right before I munged it up.

Today I published a post and it has this code and shortlink.

<link rel='shortlink' href='https://dn7.me/2ou' />

Looking at that with curl reveals this.

$ curl -LI https://dn7.me/2ou
HTTP/1.1 301 Moved Permanently
Location: https://blog.dembowski.net/2015/good-product-integration-is-important/

$

The https URL sends a 301 to the destination https URL with nothing else to see. My tin foil hat is now even a little tighter.

You do know that you use Jetpack, right Jan?

I’m not really concerned about data leakage and this really is just an excercise for me. I like Jetpack and understand the implications of continuing to use it.

When you setup a web server the default port is 80 without any encryption. SSL on port 443 needs to be configured and turned on manually with x509 certs. Wouldn’t it be great if you could do away with HTTP and just use HTTPS? That’s part of what Let’s Encrypt is trying to accomplish.

As a service it’s supposed to be available mid-2015 and I can’t wait to see how that goes. Encryption everywhere is a great idea and in the 21st century there’s no excuse not to use it.

January 31, 2015

Good product integration is important

My iPhone 6 arrived in the mail, a few calls later it was activated and my old Note II became a paperweight. It’s not that I dislike Android or Samsung products, it’s just that my latent Phone Curse™ kicked in. After 2 years it was time to retire the old one.

The old phone was getting long in the tooth. It’s been months since the camera could focus (that’s important, right? For a camera to focus?) I routinely lost my playlists and the built in keyboard code would crash all the time. Even after I factory reset the phone and formatted the storage. CRASH! Instant phone grief.

It’s not the phone. It’s me and it’s always been me. Any electronic device that is near me for too long loses it’s mind.

What I like about Apple products

Apple does something really well that is evil, persuasive and disruptive. Did I mention how EVIL they are?

Their phones work well by themselves or with other things such as Bluetooth equipped cars.

See what I mean about evil? With my Galaxy Note II I had problems getting music to play in my car. I would need to start the music app on my phone and cross my fingers. To sync my music (I use both iTunes and Google Play Music) I would try different applications such as doubleTwist’s AirSync but that was always hit or miss. Occasionally the sync would go spa and I’d have to use harsh language on it.

Using the Google Play Music app always worked provided I had good cell coverage. Listening to music while driving where it pauses is enough to make anyone start drinking. If the music is in the phone’s cache cool but if not it could be a long ride.

With my new iPhone I get into the car, wait for the Bluetooth to connect and hit play. If the car was set to the phone player already then music would just begin by itself. No muss, no fuss it just works.

Text messaging? Oh yeah, iPhones do that but they extend it into iMessage. When you log into Facetime or iMessage and you have a Mac you can continue to message via the Mac. It’s a smooth transition and I can pickup messaging without my phone. Same with Facetime and it’s not limited iPhones. I can use my phone to message or Facetime my daughter on her iPhone (she got Lily’s old phone with no service) from my phone or Mac.

With my old phone I never used a lock screen. The Note II is huge and typing the code was like walking across the room. On the iPhone the fingerprint reader is almost transparent in its use. Press the home button to awake the screen. Leave your thumb there a little longer and the phone unlocks.

While on the topic, iPhone apps can use the fingerprint reader too just like your iTunes account. I use 1Password and unlocking with just my thumb is amazingly cool. I’ve been playing with Clef and I authenticate to that service in the same way.

Again it all just works, the integration is seamless.

Yes, I can do most of that in Android with 3rd party apps

That’s where Apple extends their EVILNESS. It’s built in. The messaging and Facetime like experience on Android? Skype on your phone and Skype on your PC or Mac. There is no Facetime or iMessage for the PC that I am aware of and that’s not a mistake. Apple is in the business of selling their products, not PCs.

Same with the music sync and car integration. Apple works closely with car manufacturers so when I play music I see the cover art, time passed, time left, can select from playlists, scroll through songs, etc. With my built in Samsung music player I can see the song before, playing and next song. That’s it. The doubleTwist music player has even less functionality.

The Note II does not have a fingerprint reader but current models do. I’ll assume that they can be unlocked in similar ways but I don’t think the 3rd party app support is there.

I am not an Android hater

I like well designed products. And I did look at HTC phones and the current generation of Samsung phones. They’re really good but the integration problems I’m having are inherent to the Android operating system. With the new Lollipop version that may have improved. With the Motorola line of phones running a “pure” version of Google’s OS maybe the integration with cars has improved.

There’s also the “change is good” factor for me. IOS and Android apps really are not the different anymore. With IOS you get less built in buttons (my old phone had a “go back” soft button, IOS has a home button) and once you change gears to IOS it’s all the same.

In another 2 years or so I expect my curse to kick in again. Maybe at that time I will switch back to a Google phone. Apple has a huge market and support but future Android phones might get the seamless experience I am looking for.

January 1, 2015

Thoughts on my LG G Watch

For the last 7 days I’ve been wearing my Christmas gift from my brother and sister-in-law: an LG G Watch. It’s a watch that runs Android Wear and works hand in hand with my smartphone.

As a watch

It’s very comfortable. The strap is rubber like and the holes take into account small wrists like mine. It stretches a little bit so I’ve got it on snug but it’s not cutting off my circulation. With my regular watch that’s not the case since I never added another hole in the strap and it’s always a little loose. I’m always aware of my Citizen watch but I can forget I’m wearing this one.

The watch is rated to meet IP67 requirements which according to this Wikipedia page (I had to look it up too) it means it is dust tight and can be submerged up to 1M at “under defined conditions of pressure and time”. I took that to mean I can wash it under the facet if I need to and wearing it in the rain will not be a problem.

I’m not sure how strong the display face is. My Citizen watch has an “Anti-Reflective Mineral Crystal” and it’s tough. I bump into things all the time and I’m always amazed that 2 and half years later the face doesn’t have gouges in it. The LG G Watch may be scratch resistant but I would not want to test that.

Since it’s a smart watch you can change the face with a download and I currently like TextFace.

As a display extension for the phone

When I think “smart watch” I’m really thinking about a Dick Tracy radio watch. Dick Tracy never said “Oh no! I’m outside of cell phone coverage!” though he may have had to deal with Flattop jamming his signal. Android Wear devices are not that but they’re still pretty cool.

This watch connects with my Android phone via Bluetooth. It can run applications designed for it but the primary function is to be another notification area. It’s a place for your phone to let you know you’ve got mail, a text message, Tweet, etc. By default the watch will vibrate though that can be turned off.

The 400mAh battery lasts me all day and except for a friend favoriting 20+ my Tweets in minutes (and you know who you are 😉 ) I’ve not had any problems. LG provides a micro USB cable, A/C charger and a docking stand with a tacky (not sticky) bottom so it grips your nightstand or desk.

I did install a bunch of watch faces and the Google Fit app works well. But there’s not much application utility for me. I can hold my watch up and say out loud “OK Google. Directions to Pizza.” and that does work. The Google Maps app will fire up and I can select walking directions if I want to. But how often would I do that? It’s not that the watch isn’t designed well (it is) it’s just that the concept of smart watches and Android Wear is still developing.

That all said the watch is very cool and I like it

I keep my phone in my pocket and get all the notifications on my wrist. Those watch notifications can be ignored on a per app basis. I’ve gotten Slack notification on my watch and that feels like the Geek Bat Signal.

When someone calls me on my phone I get the option to accept or ignore them while getting caller ID on my watch. I occasionally get cold called on my cell and a quick swipe on my watch is a “Nope!” I don’t think I can talk to people via my watch but I’ve not tried.

I control my music playing on my phone via the watch. This is the phone in my pocket. That’s just nuts. It’s in my pocket! That’s like using the TV remote to turn it on while the on button is 2 feet away from you. You could just reach out and push the button, but it’s still very cool doing things via the smart watch.

I’ll use it for at least 2 more weeks

I like my LG G watch a lot. But in a couple of weeks my cell phone contract is up and I decided months ago that I’m getting an iPhone 6. Not surprisingly, this watch only works with Android phones.

The watch is fun but I really want to switch to an iPhone. If Apple does it correctly this experience will lead to me getting the iWatch when it comes out. Maybe, I’ll want to see what others think about it first.

December 31, 2014

The mood struck me and I organized all the things

Saturday I went to Lowes and picked up new air filters for the house. The old filters were… they needed replacement badly. While there the lightbulb went off and I picked up the following.

1 – Utilitech 10-Outlet surge protector. It’s 42″ long.
1 – 4′ x 4′ pegboard cut into 1 feet strips. I only used one strip.
2 – packs of screws and nuts
1 – pack of Stanley elbow brackets

The elbow brackets were bent into shape with just a little gentle persuasion. I mounted them on the pegboard and attached strips of rubber shower liner to make sure I did not scratch up the desk.

Yes, it is my desk but if I damaged it I’d have faced some serious adult supervision.

With the metal brackets safely rubberized I hung the board off the back of my desk and started attaching all the junk from the floor.

The results came out OK. I’d love to tie up all of the power, USB and ethernet cables but I do move things on my desk so that’s not a good idea. If I ever have to take it apart I’ll put the new power strip on the top. Right now it bows out a little and the 42 inch long surge protector would prevent that.

It’s really too bad I did not take a before picture of that cable and outlet horror show. It cried out “Fire hazard!” every time I looked at it. I had one of those 2 pronged monsters on the wall outlet that made the 2 plugs into 6 outlets. Power cables and junk just littered the floor and I meant to fix it years ago.

How many years ago? The article that inspired me was this one. It’s not a new idea but I’m glad I got around to it.

December 3, 2014

I Am NGINX! (And So Can You!)

A few months ago I switched my Apache2 installation for this blog from mod_php to php5-fpm. Using Ubuntu LTS this was as simple as running apt-get remove libapache2-mod-php5 ; apt-get install php5-fpm and adding /etc/apache2/conf-available/php5-fpm.conf with just a few lines.

I activated that config and it worked! Mostly. There was some more than that but it wasn’t hard. I did this because I wanted to play with mod_pagespeed and I needed php5-fpm to do that.

It didn’t exactly work as well as I’d have liked.

My Apache2 installation had become temperamental.

I couldn’t get the number of workers right and there was some sort of condition that was causing php5-fpm to break and generate 500 errors. The logs didn’t tell me what was going on and the problem was outside of WordPress. Restarting Apache2 every couple of days worked but that just sucked.

I like server based solutions that just work. This one was effecting all 7 sites in my network including Lily’s store.

This was a great time to switch to nginx!

I could not get my multisite /files/ and blogs.dir working on nginx. It just wasn’t doing what I thought it should and I think it was because of my 7+ years of carried database options and junk.

When I tried fix it I found many other things broken on my installation. So I ended up creating a brand new multisite installation, imported via XML all of the sites (I only had 7 so that wasn’t too bad) and after it all worked I globally searched and replaced all the references of the new sites with the old.

That took me almost a week. I worked on it after hours, November is a busy month at work. I did get Lily’s site working first so there’s that. I may write a post about that exercise. The search and replace worked well and so did the DNS part.

Here’s my Apache2 .htaccess bits and the nginx conf replacements. All of the nginx bits are in one file.

Redirecting an old URL to a new one

Years ago my installation URL was different and I used a ReWriteRule to send visitors to the right place.

RewriteEngine on
RewriteCond %{HTTP_HOST} wp\.dembowski\.net [NC]
RewriteRule (.*) https://blog.dembowski.net/$1 [R=301,L]

This is long gone but incase you need it, here you go for the nginx equivalent.

server {
        listen 80;
        server_name wp.dembowski.net;
        return 301 https://blog.dembowski.net$request_uri;
}

Send all URLs to the SSL version (with exceptions)

I want WordPress to be SSL based but I am comfortable with my RSS feed being available via plain http.

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} blog\.dembowski\.net [NC]
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/feed/$
RewriteCond %{REQUEST_URI} !^/index\.php$
RewriteCond %{QUERY_STRING} !^feed=rss2$
RewriteRule ^(.*)$ https://blog.dembowski.net/$1 [R=301,L]
</IfModule>

On nginx that works out to these lines in my server section for plain http.

location /feed/ {
        try_files $uri $uri/ /index.php?q=$uri&$args;
}

location / {
        return 301 https://$http_host$request_uri;
}

Everything get’s handled by the “location /” part and exceptions like “/feed/” go above those lines. If I had any other exceptions then they would go between the two.

SSL all and SPDY

In my server section for the SSL based version, I have these lines.

listen 443 ssl spdy;

The nginx package I’m using is compiled to include SPDY 3.1 support. I haven’t put back PageSpeed but SPDY is fun to play with.

With Apache2 I used mod_ substitute change my http references to https in the HTML output. With nginx I use the HttpSubsModule.

subs_filter_types text/css text/xml;
#
# http host substitution for https versions
#
subs_filter 'href=\'http://$http_host/' 'href=\'https://$http_host/';
subs_filter 'href=\"http://$http_host/' 'href=\"https://$http_host/';
subs_filter href='https://fonts.googleapis.com href='https://fonts.googleapis.com;
#
# make http into protocol-relative URLs
#
subs_filter src=' src=';
subs_filter src="http: src=";

The Google Fonts was put in because one of my sites use it and the SSL page broke until I put that there. And I don’t yet have Jetpack’s infinite scroll working quite right. Meh.

While I’m at it, you should always set HTTP Strict Transport Security to tell web browsers not to downgrade from HTTPS to HTTP.

In Apache2 that’s this line.

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

In nginx in your server section add this line.

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

Redirecting client IPs

Sometimes I just don’t want some people to visit my site and 301 them to a YouTube video. IP blocking is a temporary solution but in Apache it’s easy.

RewriteCond %{REMOTE_HOST} 192.168.111.75 [OR]
RewriteCond %{REMOTE_HOST} 10.22.33.230 [OR]
RewriteCond %{REMOTE_HOST} 172.16.11.132
RewriteRule .* https://www.youtube.com/watch?v=NN75im_us4k [R=301,L]

Easy to accomplish with nginx with these lines. The 403 isn’t the same code but the results are the same.

location / {
        include /var/www/vhosts/block_ip.txt;
        try_files $uri $uri/ /index.php?q=$uri&$args;
}

The block_ip.txt file contains these lines.

# Deny these IPs
error_page 403 https://www.youtube.com/watch?v=NN75im_us4k;
deny 192.168.111.75;
deny 10.22.33.230;
deny 172.16.11.132;
allow all;

So no .htaccess live changes?

With Apache2 when you make a .htaccess file change it is live immediately. Each http request that hits the server parses the content of that (and other) files.

That’s not true with nginx and any configuration changes need a “service nginx reload” as root or via sudo. I don’t make frequent configuration changes so that’s not a problem for me.

What’s with the Stephen Colbert thing?

I like Stephen Colbert. You don’t get the reference for the blog post title do you?

October 20, 2014

Remove shortlink URLs from comments

Or remove them from anywhere, though I’m not sure why you’d remove shortlinks from your own author’s posts.

I’ve written a small plugin that will filter your comments using preprocess_comment which is a useful filter comment data before it’s committed to your database. The other toys I used are wp_extract_urls and wp_remote_head to make http head requests to web sites.

The plugin works like this: you feed a function a URL and it gives you back a URL but with shortlinks you get the real destination. It uses wp_remote_head() to make an http HEAD request and looks for the location header.

If it finds that header then it recursively calls itself to get real destination up to 5 requests. After 5 requests the URL is replaced with the # sign. If it doesn’t find that header then the original URL is returned.

Depending on your site that can be a lot of URLs and to cache those results I create transients for those URLs. The next time in a 12 hour window that URL is tested then WordPress will pull the data from the transient.

I’ve never used transients and I’m not sure this is a good idea or not. But if you need to eliminate shortlinks then this plugin might do it. Also this parses all URLs in the post or the comment and that’s probably not necessary. A simple check can be put in to see if the URL is on a list of shortlink providers and ignore all the rest.

You can download the plugin from this Gist page.

Once you’ve downloaded it save it to your wp-content/plugins directory as short-links-begone.php and activate the plugin in your WordPress dashboard. This plugin will not change any post data or old comments. It will modify new comments when they are submitted.

October 15, 2014

sed to the rescue again

Some days you just want to quickly edit a bunch of config files in one go.

One of the reasons I use Ubuntu LTS is that it’s got long term support (<light sarcasm>is that why it’s got LTS in the name?</light sarcasm>) and I make configuration templates that I just reuse in all the places. Poodle was announced and the short of it is that you need to disable the SSLv3 protocol on your web server.

No big deal. Visit your sites-available directory and change “SSLProtocol All -SSLv2” to add “-SSLv3” at the end. 17 times.

*Drinks more coffee and makes that face*

Or you know, run this command after checking you have “SSLProtocol All -SSLv2” in those mod_ssl config files.

sed -i.bak -e 's/SSLProtocol All -SSLv2$/SSLProtocol All -SSLv2 -SSLv3/g' *.conf

The -i.bak is to create unedited copies because bad things do happen to nice people.

Once I made sure that the files were edited I ran these commands to restart the web server and test.

service apache2 restart
openssl s_client -connect blog.dembowski.net:443 -ssl3

I promptly saw this line.

140496364975776:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:

And all was right in the world. I deleted the .bak files and finished my coffee.

September 25, 2014

This time it’s not the phone company’s fault

Around 8 AM Sunday my dial tone went “Buh-By!” and none of my phones worked. They were getting juice but no dial tone. I have Verizon FIOS and called the support line on my cell phone.

The phone company put a box on the outside of my house so with the tech on the line I disconnected my house and plugged an old phone into the test jack. Instant dial tone. Swell.

What’s wrong with my house phone cabling? Well… what’s not wrong with it?

Dad and I used to run phone and network cabling for contracting jobs and Dad would always run the cables to a closet. Each of those runs were terminated on a 66 block. Dad never liked the 110 block, he was an old timer that way.

When we cabled up my old house we did the exact same thing: straight run to the basement closet for each line, terminated on a 66 block. The phone company was on that block too and a few punches later and the whole house worked. The network cabling went the same way and the hose phone closet was an organized thing of beauty.

Not so much with this house and the closet is a horror show and somewhere there’s a short. There’s no block mounted and all the phone lines are twisted together. I’m going to have to run new cable and that’s going to mean cutting holes into some walls. This is going to suck wind loudly but maybe I can use this to finally wire up the second floor as I wanted to for years.

August 30, 2014

No more @import for me

Well, at least not for current WordPress child themes.

I like child themes and always recommend that people use them instead of modifying any WordPress theme directly. Using a child theme makes your changes belong to you and they won’t get erased when the original theme gets updated.

I’ve told people to use something like this in their child theme’s style.css file.

/*
Theme Name: Sorbet Child theme for Mostly Harmless
Theme URI: https://blog.dembowski.net/
Description: Child theme for the Sorbet theme
Version: 0.1
Author: Jan Dembowski
Author URI: https://blog.dembowski.net/
Template: sorbet
*/

@import url("../sorbet/style.css");

/* Start your custom CSS after this line */

See that @import line? That had previously been required if you wanted to inherit the parent theme’s CSS. At the moment my child theme does not have that @import anymore and instead I’ve created a functions.php file with these lines in it.

<?php

function mh_sorbet_child_style() {
        wp_enqueue_style( 'sorbet-parent-style', get_template_directory_uri() . '/style.css' );
        // wp_enqueue_style( 'sorbet-child-style', get_stylesheet_uri() );
}

add_action( 'wp_enqueue_scripts', 'mh_sorbet_child_style' , 5 );

Which really is a more WordPress way to do it. I added a function mh_sorbet_child_style() where I first queue up the parent theme’s style.css and then queue up the child theme.

Notice how I commented out the second line? The parent theme already queues up the current theme’s style.css file and in my case that is sorbet-child/style.css. In my child theme I do not need to queue it a second time as it’s not necessary.

But I do want to ensure that the parent theme is queued up earlier than the child theme CSS. That’s why I add the wp_enqueue_scripts with a priority of 5 instead of the default 10. That should always load the parent CSS first. If the theme does not queue up it’s style.css that way then I would un-comment out that line.

Just as before, any new CSS will go into my child theme’s style.css file.