Mostly about my amusement

Category: Software (page 1 of 22)

Oh, I do have a WordPress Blog.

It’s been ages since I last posted on my blog and I had been wanting to start again. What to talk about?

The Great Twitter to Mastodon Migration of 2022!

It’s not exactly a migration, it’s more like a mass exodus.

For anyone who’s not aware, Elon Musk completed his purchase of Twitter on October 27th, 2022. This was met by a lot of concerns from Twitter users. He likes to proclaim that he’s a “free speech absolutist” and if you think that means hate speech, anti-wokeness and anti-cancel culture then you are not wrong.

Note: “Wokeness” and “cancel culture” is not a thing. it never has been. Consequences, however are real.

In his first week he posted a nonsense conspiracy reply back to Hillary Clinton and subsequently deleted it. That was not bad but instead of apologizing for spreading that nonsense, he just kept mum. I’m glad he deleted it but, really how dumb do you have to be to go that way?

Then there was the matter of paying a monthly fee to get a “Blue Checkmark™”.

Putting aside the tone deaf “lords & peasants” nonsense, the idea is you pay and you get a blue checkmark seal of approval and other benefits.

It’s an awful idea. First, the existing blue checkmark was to let people know they were reading tweets from a verified person.

Do you follow Jeri Ryan? I do; she’s very cool.

The check mark is to let you know, that’s not a scammer pretending to be Jeri Ryan. Here’s her reply about the $8/month idea.

Verification has always been dodgy on Twitter. The rules changed, sometimes Twitter verified people and sometimes they did not.

The Blue Checkmark is not about spam or bots. It never has been. It’s about validating who that celebrity is.

Anyone who has had to deal with trolls and abusers know this is a bad idea. A scammer or phisher who pays for bulletproof hosting is not going to have a problem with $8/month if it helps them make their target dollars per month.

No one Begrudges Twitter Being Profitable

Twitter is (now) a private company. I don’t know if it has ever been profitable but Musk bought it for $44 billion and that was financed. Making money is a valid goal. This blue checkmark idea is just bad and no one should sign up for that.

Any website owner knows, advertising is king. No one likes ads. No one likes that a website shows me ad for that electronics I was browsing on Amazon. It is creepy. But it is an accepted way to make money on the Internet.

Elon Musk’s way of handling advertisers is typical Elon Musk.

That’s just a nonsense reply. Anyone who thinks it’s a “free speech in America” issue is not from this planet.

Just look at Ye’s troubles. Kanye West has lost major endorsements because he spews unapologetic anti-Semitic hate speech. Why would any brand want to be associated with that?

That’s always been the concern with Twitter being taken over my Elon Musk. Twitter has always been a hellscape when it comes to abuse. Sometimes they nailed it, other times they would routinely punish the wrong person and give the abuser a pass. With his treatment of hate speech/misinformation being “free speech” (it’s not) who wants to posting ads on that platform?

Mastodon is Federated and That’s a Good Thing

My first day really using Mastodon went like this.

  • I posted some toots. They’re called “toots”.
  • Someone replied at me “You smell Jewish” and their profile made it clear they were into “free speech”.
  • I reported them, added a couple of their posts that used the N-word to the report and blocked them.

It’s the Internet and I expected abusers. With a federated model I was not sure my report would mean anything. I was wrong!

Somewhere an admin got that report. They looked at it and I am sure they said “Oh. Yeah. That’s bad.” and banned the user.

There was no “We received your report”, there was no “That user does not violate the TOS”, they just dealt with it. Cool.

I’ll maintain both my Twitter account and my Mastodon account for now. It’s not a big deal, I do that today with Facebook and Twitter. I can be found at this URL.

https://mastodon.xyz/@jan_dembowski

Mastodon

I’ll see how it goes. Mastodon is currently a little slow and sometimes times out on me. That’s OK! That means people are joining it and that’s a good problem to have.

Norton Security Premium Renewal Scheme

I’ve been using Norton security products since the time of the flood. It works, I have protection for the kids devices as well as mine. Every year close to the end of my subscription I get an email that goes like this.

Hi! Your Norton Premium Security subscription is about to expire! Please authorize this payment of $109. Oh, and your credit card on record isn’t valid anymore. We would have just charged you for the full amount but the number isn’t working.

Have you met our Personal Savior Lifelock™? Have you? HAVE YOU MET LIFELOCK? LIFELOCK! LIIIFFEELOOCCCKK!!!! PRAISE TO THE LIFELOCK!!!!

I may be paraphrasing it and/or exaggerating just a little. Not that much.

Last year I called them on the phone and got a very professional person and here’s how the conversation went.

Me: Why would I pay over $100 for that when for $50 I can get the same thing from Costco?

Norton Rep: It’s not the same thing and you do want to renew, right?

Narrator’s Voice: It was the same code, same product and same protection. From the same company.

I ended up getting a discount that matched Costco’s price. It’s been another year and my subscription is due again.

This week I had a repeat of that but instead of a phone call it was an online support chat. That’s cool, I prefer that as there’s not really a he said/she said possibility. We both kept a copy of the chat log.

Amazon had a deal for the same package except for 15 months of coverage and only for $35. With tax it came out to $38.01.

After some back and forth, the polite person inform me that if I did buy that, come back to the chat and reference the still open case. They could add that 15 months once I gave them the code and that’s exactly what I did. I’m good till April 2020.

Here’s where it gets weird. After I validated that my coverage for updates, A/V signatures, etc. was good I received an email from Norton complaining that my credit card info wasn’t good (the card was long cancelled) and that I risked not getting coverage. I went online and disabled automatic renewals.

I’m still protected but only until April, 2020. I can deal with that.

This is how Companies Lose Their Customer’s Trust

In the past I would have cheerfully left on automatic renewals. I think that Software as a Service (SaaS) is a good, sustainable business model. I just don’t like it when companies try to take advantage of me. I no longer trust Norton or their business practices.

Two years in a row I have had to contact Norton just to get the price that they should have offered me in the first place for renewal. They opted to try and get me to renew for $109 automatically. I saved $71 and got another 3 months of coverage thrown in by purchasing the same product from Amazon.

I feel like Norton would rather slip in that expensive renewal than give their customer a discount that I can get just by purchasing the exact same product from their retail channel.

Renewals are a big Part of a SaaS Business

It’s not just the initial sale that gets companies revenue. The renewals are just as important as the initial sale.

I use Cisco Umbrella (I am employed by them) as my main protection on the Internet. It’s the enterprise version of the free OpenDNS and it’s good. For protection I recommend everyone sign up at OpenDNS, install the IP Updater so your settings keep for your household and go. It’s amazingly effective.

I use Norton as a supplement to that protection. I use it out of habit in case there’s something that Umbrella missed. Umbrella has missed a thing, I review my Umbrella logs and Norton logs as well. The Bad Stuff is caught by Umbrella and that means my local copy of Norton never has to deal with it. Life is good.

Norton’s renewal process and pricing is making me re-consider that relationship. I won’t have to deal with this till 2020 but my memories are long and this process was tiresome last year.

If there’s something comparable that crosses platforms I use then I don’t see why I would consider renewing Norton any longer.

This is not a Gutenberg Review, It’s a Blog Post

WordPress users are fantastic. This review and how the reviewer brought it back. My reply is a blog post so here we are and below is my reply.

*Reads. STANDS AND APPLAUDS!*

Hello Jan. I usually write the text all in plain form inside a blog post, then split it with some h2 h3 h4 headings and adding images.

PERFECT! Seriously, thank you for that. 😉 I read many reviews and your reply cheered me up immensely. I’ll let more qualified people reply to that.

About this not being a blog, I beg you pardon if I was OT, but then please tell me, is there an official forum where WordPress users can freely discuss about matters like this?

I’m getting very off topic but the thing with blogs is that they frequently devolve into a mess of either positivity (never saw that myself but I’m keeping an open mind) or negativity (OH YEAH, ALL THE TIME!)

The https://wordPress.org/support/ site is divided into sections for support of the WordPress code, support of plugins and themes, and reviews which is feedback.

When someone leaves a review here it is not a blog post. It’s their experience for that theme or plugin. Though as you know we’ve good software for blogging about that.

If someone leaves a review that is substantive about that plugin or theme then that’s fantastic. Gutenberg’s 4.9.8 callout had the desired effect. People are trying it and for the most part even their 1 star reviews have provided good feedback to improve it.

If someone just vents, hate posts, rage replies then that’s not for here. I don’t think you’re surprised that happens. Such behavior has a limited value and a short shelf-life here. These forums are moderated and no, that’s not censorship in case anyone wants to chime in that way.

You left a review of reviews. I commented about that as a moderator. You replied in an excellent fashion and brought it back to feedback about this plugin and editor. Much thanks!

*Drinks coffee, probably too much but here we are.*

The people who are coding Gutenberg, who are driving it forward, who support the users, who are doing this on their own time for the community are good people. These forums are 100% staffed by volunteers. I know you get that but others will read this and again here we are.

For their efforts they generally get a “thank you” but some disparage them, cast aspersions on their intentions and motivations. The whole effort gets accused by some and something negative and those users are occasionally downright mean and cruel. That may get tolerated on some blogs but that’s abuse and isn’t tolerated long here.

*Finishes off coffee, I’m sure you see a theme with me.*

Thanks again for the update. It’s the weekend so someone may not get to it soon but you’ll get a reply about your experience and some follow up questions.

Time-lapse 3D printer videos

I have two 3D printers and each has a webcam. I use Octopi (Octoprint on a Rasberry Pi) and can stop bad prints from my smartphone if I need to. Some materials are difficult to print and hours into it I can cancel the print job. I tried attaching the webcams to the printer’s heated bed so that I can get stable time-lapse 3D printer videos.

This didn’t go too well. I have both printers in Ikea Lack table enclosures and adding an arm to the bed meant that the camera would smack into the front door of the enclosure. When the bed moved back and forth the camera shook. This made for blurry videos. To address this, someone came up with software to pull it off with a stationary webcam. It’s called Octolapse and you can review the code on Github.

Software Plugins to the Rescue

My favorite software platforms can be extended by add-ons or plugins. Octoprint is no exception.

The Octolapse plugin waits for an event in the print job, moves the bed and extruder to a position you set and then snaps a frame. I use when the layer change for that event. After the frame is snapped the print job resumes. When the layer shift happens again it repeats and snaps another frame.

The results are fantastic. I turned off autofocus on the webcam to prevent some blurriness. Here’s a time-lapse of a multi-color snake I printed. It took 6 hours and 45 minutes. The video is 6 seconds long. It’s not a tall print so there’s not many layers to snap images.

The default Octopi time-lapse print is 1 minute and 37 seconds long and looks like this.

I have not tuned the Octopi video settings and the quality isn’t very good. The reason that the Octolapse version is better is because it’s not a moving image exactly. It’s a collection of sharp still photos stitched into a single video.

This is a better solution than a moving camera attached to the print bed. You can put the camera anywhere and obtain smooth, sharp, time-lapsed videos of your prints. I will probably put my webcams on a small stand and position it closer to the bed for larger full results.

It does add a little time to the print because the plugin inserts the commands to move the bed and extruder, snaps a photo, then goes back to printing. For each layer this is repeated. But the prints typically take hours to print and the time added is negligible.

This is a very elegant solution. The plugin has profiles for my Original Prusa i3 Mk2s MMU and one for my Monoprice Maker Select v2. I’ve not sorted out the Monoprice (the bed needs leveling and isn’t working too well right now) but once I have, I’ll post videos from that printer too.

Wildcard certs via Let’s Encrypt

I just reduced 14 Let's Encrypt certificates down to 2. This is possible because the free service went live for wildcard certs. This has great implications for people who use the WordPress Multisite feature or routinely light up new virtual hosts in the same domain.

You can read Let's Encrypt's understated announcement here.

On my VPS I run Ubuntu 17.10 and it has a version of certbot that you can get from the official repo. Sadly, it's the 0.21 release and wildcard certs need ACME v2 support and that's only in release 0.22 and greater.

Here's what I did

On the command line I cloned cerbot from Github.

git clone https://github.com/certbot/certbot.git
cd certbot
sudo ./certbot-auto

You'll see something like so. On my main box it asked if I'm OK with installing more Python packages. A quick installation of those dependencies and I was ready to go.

Press c to cancel. You want wildcard not single hostname certs. Now type this as one line.

sudo ./certbot-auto certonly --manual --server https://acme-v02.api.letsencrypt.org/directory

The server argument is the important one and points to the new V2 API. I could modify the configuration but I'd have to remember what/where I did that. This is easier for me. Certs generated using the V1 API will work and renew with the new one so there's no worries there. The manual argument prompts you through the steps and ask what domains to use.

Normally this is not a manual process. But for the ACME V2 API, an additional check is required and I don't have a certbot plugin to interface with my DNS provider.

When prompted for the domain name I used "*.dembowski.net dembowski.net" and was instructed to create a DNS TXT record for _acme-challenge.dembowski.net as well as a file in dembowski.net/.well-known/acme-challenge/ with a generated name and content.

If you can put that file on the right web server, if you can update your DNS, then you're considered legitimate. Just make sure you wait for DNS to propagate first before proceeding. You can check if it has (at least for Google) using this link.

I have Namecheap and after a quick visit to that dashboard, I waited for the new TXT record to populate, I created that special file and hit enter.

POOF! My server was validated and the certificates were placed in /etc/letsencrypt and a few minutes later my many hosts were updated to point to that new wildcard cert. I repeated this for my other domain and I'm good.

WordPress Multisite and wildcard certs

If you are running multisite then this simplifies your life tremendously. You can and should have one virtual host for your installation. In my case, they're underneath *.dembowski.net.

In my nginx configuration, I modified the server_name line to add *.dembowski.net and I removed the other vhosts files. They were pointing to the same directory for WordPress and they're not needed anymore.

Less is more. I've been waiting for this since they announced it and lighting up new web server instances while maintaining transport level encryption is such a good thing. Let's Encrypt continues to make the web a more secure place.

3D Printed WordPress Bow Ties

Sometimes my hobbies cross over into each other. This year I attended WordCamp US in Nashville and had an idea. Why not download and make a bow tie with a WordPress logo on it?

First I went to Thingiverse and I quickly found this one. I already had the WordPress logo from converting the SVG with Fusion 360 and I began to work on combining the two files.

About an hour later I swore profusely. I had a lot of problems. My PC was a little under powered. Fusion 360 can do amazing things and you can design a V8 engine with it including all the parts. My limited Fusion 360 skills were failing me.

All I wanted to do was take the logo, position it on the tie and export the results to a new STL file for printing. But I'm not really good at manipulating imported objects that way in a tool like that.

Tinkercad to the Rescue!

Autodesk makes Fusion 360 but they also have a 3D editor that lives on the web and runs in your browser called Tinkercad. I imported the two files, positioned the logo where I wanted it and exported it for printing.

It took me all of 5 minutes. The first pass had the logo a little too thin and it broke too easily. It was also upside down; I thought the clip on bow tie would work that way. Sometimes I make poor choices.

Different Colors

Just as before with my WordPress coin, I wanted the bow tie to be one color and the logo to be another. My working printer does this like so:

  • Print using one color filament till the 59th layer. I used a tool to figure that out.
  • Move the nozzle to the corner and the print away from the nozzle. The nozzle is 200° C and that will melt any plastic it is near.
  • Beep loudly. This is an important step as the 3D printer is in the basement.
  • I remove the old filament and insert the new color.
  • Log into Octopi via my iPhone's browser and tell the printer to resume.

That's it. The bow tie came out well and I printed a few more. Did I mention that I sometimes go overboard? I printed 9.

Opensource All of The Things

The bow tie I downloaded is licensed via Creative Commons – Attribution and Thingiverse provides an easy to print attribution card HTML. Which I could not incorporate into this post except as a graphic and a link.

The 3D printer community is mostly opensource and these were printed on a Prusa i3 clone. I used Simplify 3D to slice the file into gcode but there are some really good opensource slicers such as Cura and Slic3r. I've had some bad luck with Slic3r but I think I sorted that out now.

If you want to play with this modified bow tie then you can download it via Thingiverse. Or create an account in Tinkercad and play with it there. It's an easy thing to do and is lots of fun.

WordPress Is About Responsibility

Your WordPress site (or any web site you put on the Internet) has value. Take care of it, it is your front yard and what the neighbors see. It’s your front office where you invite people to talk or do business with. Own it and take responsibility for it.

Recently on the WordPress support forums, I (not wisely) got into a security conversation. No great minds were changed, nothing new was discovered and nothing was accomplished.

In the hundreds of words exchanged, there was one tidbit sent my way that caught my attention.

Do you really think that it makes sense to expect these people to know/care about — and stay on top of — new/old security risks, manual plugin updates, manual core updates, etc.?

Yes, I do. 100%. Unequivocally.

I didn't reply there as the topic dissolved into a conversation about "blame".

I don't do blame, I'm about responsibility. Blame is for children, blame is for "It's not my/their fault" comments. Blame isn't about taking ownership, it's not a reason for something that happened. Too often blame is about excuses.

This isn't a new thing for me, I blogged about it 9 years ago. There's no shame in not having the technical ability to to maintain your site.

Software is a moving target

I recently went to a work event and one of the things repeated often was that security isn’t a state that you achieve. It’s a posture and is a response to a moving target.

WordPress powers over 28% of all web sites and that number is growing. Just as it is with popular office software and home PC operating systems, that number makes WordPress sites a very attractive target to go after. That’s why WordPress takes security very seriously.

But it’s a less than perfect world out there. Plugins and themes may not get the scrutiny that the core WordPress does. Patches happen all the time. When a minor number release of WordPress is pushed out, unless you or your host did something to prevent that, your site will update without you having to do anything.

Plugins and themes don’t update automatically, that’s turned off by default. That’s also where many sites get exploited.

Learn how to maintain your site

It’s still not a big list.

  1. Learn how to schedule backups and store them off of your WordPress site.
  2. Routinely log into your site to update plugins and themes. Or add a plugin to do it for you.
  3. Learn how to restore backups onto a blank installation.
  4. Or consider paying your host or a service to do these things for you.

Many hosts support WordPress and (for a fee) will do that maintenance for you.

Take responsibility but ask for help when you need it

I’ve not seen any surveys but I would guess that easily 80% of WordPress users don’t know how to do steps 1 through 3 above. I would also wager that half of those users rely on their host provider more than they realize.

That’s fine because most of those users may not lose sleep if they lose their blogs. People start blogs and forget about them all the time. For companies and organizations, a lost or compromised site can hurt their reputation.

If you need help or Very Bad Things™ happened, then you’ve got some options.

  1. See if your host can help you. Many host providers do offer WordPress support, sometimes for a fee.
  2. Hire someone, but be wary. I personally like companies that have real people, who interact and have a real reputation. WP Site Care is one such company, there are others. Don't just use Google, ask people who may know. Go to a local WordPress meetup and ask around.
  3. Post a support topic at the free, 100% staffed by volunteers, support forum. Notice that I put this one last?

Here’s why I put my favorite one at the end. There are no customers there, only users. If your site is on fire and you need it back ASAP then that’s just not a good option. I’ve been supporting and helping to admin those forums for years and they are top notch.

Those forums are staffed by unpaid volunteers working on their free time out of the goodness of their own hearts. Would you tell your CEO that’s your support model? You could do that. Some people have that misunderstanding and it often ends poorly. They don’t get the support they need and sadly, WordPress loses a user who didn’t realize what they were getting into.

A little self-education goes a long way. Don’t be afraid to ask questions about your WordPress site. At the end of the day it’s your responsibility. Learn and create a plan to maintain it and keep it running.

Don’t accept blame for what happens to your WordPress site. Take responsibility instead.

Scrape IFTTT Instagram media into WordPress

I’m a photography nut. I love using my DSLR, I’m mad about film cameras and I use Instagram all the time. I’m also a WordPress user and I have a problem with Instagram: the photos are not preserved on my own site. To fix that I installed the amazing DsgnWrks Instagram Importer plugin and I’ve been using it for years.

While testing WordPress 4.6 beta the plugin stopped working for me. I raised a support topic and I am convinced that my setup has changed. I do not doubt that the problem is mine somehow.

I’m not proficient enough to locate where the break is and I really wanted to share my Instagram photos via my blog. So I created another WordPress account on my photo blog and with my IFTTT account I used this “Instagram to Blog” recipe. That worked, but it loaded the image from Instagram and used the IFTTT URL shortner for link.

I really wanted a copy of my photo on my own server.

I know less about IFTTT recipes than I do the plugin. But I do know how to use WordPress actions and filters so I wrote a small plugin to do the following.

  1. Via the publish_post action look in the content for Instagram image sources and extract those URLs. The wp_extract_urls function is made for this.
  2. When found import those into the WordPress Media Library and attach it to the post using media_handle_sideload.
  3. Make that new attached image the featured image for the post.
  4. Look for IFTTT short URLs and expand them using a simple function I wrote.
  5. Once that’s done then publish the post.

You can view the code via this Gist link. I have that saved and activated as a plugin on my photo blog.

This isn’t the ideal approach for me but it works. The IFTTT recipe successfully publishes a post when I submit a photo to my Instagram account. I’m taking that data and scraping images from another web site. Generally speaking that’s not cool but until I find a cleaner way to do it I’ll have to live with it.

How to use UpdraftPlus when The Bad Thing™ happens

I am in the process of handing over a site to someone who's not used WordPress before and doesn't necessarily know where what lives and how. I thought it would be a good idea for me to document how to use the free UpdraftPlus plugin.

I use the commercial version of this plugin because it is fire-and-forget for my multisite installation. But if you are running a standalone installation of WordPress then the free version is a good suitable option.

Read more