The mood struck me and I organized all the things

Saturday I went to Lowes and picked up new air filters for the house. The old filters were… they needed replacement badly. While there the lightbulb went off and I picked up the following.

The elbow brackets were bent into shape with just a little gentle persuasion. I mounted them on the pegboard and attached strips of rubber shower liner to make sure I did not scratch up the desk.

Yes, it is my desk but if I damaged it I’d have faced some serious adult supervision.

With the metal brackets safely rubberized I hung the board off the back of my desk and started attaching all the junk from the floor.

Pegged up equipment

The results came out OK. I’d love to tie up all of the power, USB and ethernet cables but I do move things on my desk so that’s not a good idea. If I ever have to take it apart I’ll put the new power strip on the top. Right now it bows out a little and the 42 inch long surge protector would prevent that.

It’s really too bad I did not take a before picture of that cable and outlet horror show. It cried out “Fire hazard!” every time I looked at it. I had one of those 2 pronged monsters on the wall outlet that made the 2 plugs into 6 outlets. Power cables and junk just littered the floor and I meant to fix it years ago.

How many years ago? The article that inspired me was this one. It’s not a new idea but I’m glad I got around to it.

I Am NGINX! (And So Can You!)

A few months ago I switched my Apache2 installation for this blog from mod_php to php5-fpm. Using Ubuntu LTS this was as simple as running apt-get remove libapache2-mod-php5 ; apt-get install php5-fpm and adding /etc/apache2/conf-available/php5-fpm.conf with just a few lines.

I activated that config and it worked! Mostly. There was some more than that but it wasn’t hard. I did this because I wanted to play with mod_pagespeed and I needed php5-fpm to do that.

It didn’t exactly work as well as I’d have liked.

My Apache2 installation had become temperamental.

I couldn’t get the number of workers right and there was some sort of condition that was causing php5-fpm to break and generate 500 errors. The logs didn’t tell me what was going on and the problem was outside of WordPress. Restarting Apache2 every couple of days worked but that just sucked.

I like server based solutions that just work. This one was effecting all 7 sites in my network including Lily’s store.

This was a great time to switch to nginx!

I could not get my multisite /files/ and blogs.dir working on nginx. It just wasn’t doing what I thought it should and I think it was because of my 7+ years of carried database options and junk.

When I tried fix it I found many other things broken on my installation. So I ended up creating a brand new multisite installation, imported via XML all of the sites (I only had 7 so that wasn’t too bad) and after it all worked I globally searched and replaced all the references of the new sites with the old.

That took me almost a week. I worked on it after hours, November is a busy month at work. I did get Lily’s site working first so there’s that. I may write a post about that exercise. The search and replace worked well and so did the DNS part.

Here’s my Apache2 .htaccess bits and the nginx conf replacements. All of the nginx bits are in one file.

Redirecting an old URL to a new  one

Years ago my installation URL was different and I used a ReWriteRule to send visitors to the right place.

RewriteEngine on
RewriteCond %{HTTP_HOST} wp\.dembowski\.net [NC]
RewriteRule (.*) https://blog.dembowski.net/$1 [R=301,L]

This is long gone but incase you need it, here you go for the nginx equivalent.

server {
        listen 80;
        server_name wp.dembowski.net;
        return 301 https://blog.dembowski.net$request_uri;
}

Send all URLs to the SSL version (with exceptions)

I want WordPress to be SSL based but I am comfortable with my RSS feed being available via plain http.

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} blog\.dembowski\.net [NC]
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/feed/$
RewriteCond %{REQUEST_URI} !^/index\.php$
RewriteCond %{QUERY_STRING} !^feed=rss2$
RewriteRule ^(.*)$ https://blog.dembowski.net/$1 [R=301,L]
</IfModule>

On nginx that works out to these lines in my server section for plain http.

location /feed/ {
        try_files $uri $uri/ /index.php?q=$uri&$args;
}

location / {
        return 301 https://$http_host$request_uri;
}

Everything get’s handled by the “location /” part and exceptions like “/feed/” go above those lines. If I had any other exceptions then they would go between the two.

SSL all and SPDY

In my server section for the SSL based version, I have these lines.

listen 443 ssl spdy;

The nginx package I’m using is compiled to include SPDY 3.1 support. I haven’t put back PageSpeed but SPDY is fun to play with.

With Apache2 I used mod_ substitute change my http references to https in the HTML output. With nginx I use the HttpSubsModule.

subs_filter_types text/css text/xml;
#
# http host substitution for https versions
#
subs_filter 'href=\'http://$http_host/' 'href=\'https://$http_host/';
subs_filter 'href=\"http://$http_host/' 'href=\"https://$http_host/';
subs_filter href='https://fonts.googleapis.com href='https://fonts.googleapis.com;
#
# make http into protocol-relative URLs
#
subs_filter src=' src=';
subs_filter src="http: src=";

The Google Fonts was put in because one of my sites use it and the SSL page broke until I put that there. And I don’t yet have Jetpack’s infinite scroll working quite right. Meh.

While I’m at it, you should always set HTTP Strict Transport Security to tell web browsers not to downgrade from HTTPS to HTTP.

In Apache2 that’s this line.

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

In nginx in your server section add this line.

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

Redirecting client IPs

Sometimes I just don’t want some people to visit my site and 301 them to a YouTube video. IP blocking is a temporary solution but in Apache it’s easy.

RewriteCond %{REMOTE_HOST} 192.168.111.75 [OR]
RewriteCond %{REMOTE_HOST} 10.22.33.230 [OR]
RewriteCond %{REMOTE_HOST} 172.16.11.132
RewriteRule .* https://www.youtube.com/watch?v=NN75im_us4k [R=301,L]

Easy to accomplish with nginx with these lines. The 403 isn’t the same code but the results are the same.

location / {
        include /var/www/vhosts/block_ip.txt;
        try_files $uri $uri/ /index.php?q=$uri&$args;
}

The block_ip.txt file contains these lines.

# Deny these IPs
error_page 403 https://www.youtube.com/watch?v=NN75im_us4k;
deny 192.168.111.75;
deny 10.22.33.230;
deny 172.16.11.132;
allow all;

So no .htaccess live changes?

With Apache2 when you make a .htaccess file change it is live immediately. Each http request that hits the server parses the content of that (and other) files.

That’s not true with nginx and any configuration changes need a “service nginx reload” as root or via sudo. I don’t make frequent configuration changes so that’s not a problem for me.

What’s with the Stephen Colbert thing?

I like Stephen Colbert. You don’t get the reference for the blog post title do you?

Constantine is a fun show

I’m watching NBC’s Constantine via FIOS on demand. It’s a fun show but I wonder how faithful it’s going to be to the original comic.

I’ve not look at that comic for ages. Unlike the Keanu Reeves version, this one has someone playing as a brit.

It’s s fun show if a little grim. I mean what else to expect with a prime time show that deals work demons.

I’m writing this post from my phone as a way to play with the WordPress Android client. Easy so far and the client has come a long way since I last looked at it.

October 24th

Tomorrow is the 2nd anniversary of when my Dad passed away. It’s also the day I fly to attend WordCamp San Francisco and in all the excitement I’d completely forgotten the significance of the day.

That’s alright and it’s good. In my immediate family we’ve never been concerned about such dates. The thing to remember is the person and the impact they’ve had on you. You remember their life and not their death.  That doesn’t mean I don’t remember Dad; not a day goes by when one of us will say something like “Grandpa could fix anything”.

Dad’s hobbies where simple: learn how to build anything that he needed to make or repair something else. He was an electrical engineer and that often meant he would write his own custom assembly language compilers for some EEPROM he needed to program. Or test different paints for cooking a 1930’s radio chassis in the oven to reproduce the right wrinkle effect. Did you know that you can bake some clear plastics to remove the cloudiness and make it more transparent and new?

I don’t have that level of expertise in my hobby but I knew that Dad understood why I like to get involved with WordPress. He would approve of my attending a WordCamp (I only started at WCNYC this year) because you can’t ever stop learning new things.

That’s a recurring theme in my family: learn new things and do those things you like to do. That’s a large part of what my family taught me and I hope I pass that onto my children. That’s what I’ll remember tomorrow and how I’ll observe the day.

Remove shortlink URLs from comments

Or remove them from anywhere, though I’m not sure why you’d remove shortlinks from your own author’s posts.

I’ve written a small plugin that will filter your comments using preprocess_comment which is a useful filter comment data before it’s committed to your database. The other toys I used are wp_extract_urls and wp_remote_head to make http head requests to web sites.

The plugin works like this: you feed a function a URL and it gives you back a URL but with shortlinks you get the real destination. It uses wp_remote_head() to make an http HEAD request and looks for the location header.

If it finds that header then it recursively calls itself to get real destination up to 5 requests. After 5 requests the URL is replaced with the # sign. If it doesn’t find that header then the original URL is returned.

Depending on your site that can be a lot of URLs and to cache those results I create transients for those URLs. The next time in a 12 hour window that URL is tested then WordPress will pull the data from the transient.

I’ve never used transients and I’m not sure this is a good idea or not. But if you need to eliminate shortlinks then this plugin might do it. Also this parses all URLs in the post or the comment and that’s probably not necessary. A simple check can be put in to see if the URL is on a list of shortlink providers and ignore all the rest.

You can download the plugin from this Gist page.

Once you’ve downloaded it save it to your wp-content/plugins directory as short-links-begone.php and activate the plugin in your WordPress dashboard. This plugin will not change any post data or old comments. It will modify new comments when they are submitted.

sed to the rescue again

Some days you just want to quickly edit a bunch of config files in one go.

One of the reasons I use Ubuntu LTS is that it’s got long term support (<light sarcasm>is that why it’s got LTS in the name?</light sarcasm>) and I make configuration templates that I just reuse in all the places. Poodle was announced and the short of it is that you need to disable the SSLv3 protocol on your web server.

No big deal. Visit your sites-available directory and change “SSLProtocol All -SSLv2” to add “-SSLv3” at the end. 17 times.

*Drinks more coffee and makes that face*

Or you know, run this command after checking you have “SSLProtocol All -SSLv2” in those mod_ssl config files.

sed -i.bak -e 's/SSLProtocol All -SSLv2$/SSLProtocol All -SSLv2 -SSLv3/g' *.conf

The -i.bak is to create unedited copies because bad things do happen to nice people.

Once I made sure that the files were edited I ran these commands to restart the web server and test.

service apache2 restart
openssl s_client -connect blog.dembowski.net:443 -ssl3

I promptly saw this line.

140496364975776:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:

And all was right in the world. I deleted the .bak files and finished my coffee.

This time it’s not the phone company’s fault

Around 8 AM Sunday my dial tone went “Buh-By!” and none of my phones worked. They were getting juice but no dial tone. I have Verizon FIOS and called the support line on my cell phone.

The phone company put a box on the outside of my house so with the tech on the line I disconnected my house and plugged an old phone into the test jack. Instant dial tone. Swell.

What’s wrong with my house phone cabling? Well… what’s not wrong with it?

Dad and I used to run phone and network cabling for contracting jobs and Dad would always run the cables to a closet. Each of those runs were terminated on a 66 block. Dad never liked the 110 block, he was an old timer that way.

When we cabled up my old house we did the exact same thing: straight run to the basement closet for each line, terminated on a 66 block. The phone company was on that block too and a few punches later and the whole house worked. The network cabling went the same way and the hose phone closet was an organized thing of beauty.

Not so much with this house and the closet is a horror show and somewhere there’s a short. There’s no block mounted and all the phone lines are twisted together. I’m going to have to run new cable and that’s going to mean cutting holes into some walls. This is going to suck wind loudly but maybe I can use this to finally wire up the second floor as I wanted to for years.

“If anyone else drives the car, we will impound it.”

Nice blog post title. That’s the memory that sticks out from my Dollar Rent A Car experience. It turns out that Lily and I do not react well to being treated badly when doing something innocuous like renting a car. I’ll explain.

Oh, and if you do rent a car? Call your insurance company and credit card first. You may not need to pay for extra car insurance from the rental company.

VIVA LAS VEGAS!

Recently my family went on a vacation to Las Vegas. Our flight was delayed so we arrived about 1 AM New York time and everyone from the flight was tired.

McCarran airport organizes its rental car companies offsite and we took a quick shuttle bus to the location. When we got to the Dollar counter the gentleman pulled up our reservation, looked at our ID, credit card, etc.

Soon we got down to brass tacks.

Him: “Which of these insurance plans do you want?”
Me: None of them, thank you.

The plans were arranged on a card like so.

  1. Buy this one! This one! Me! Be safe! Safest!
  2. Meh. OK then, suit yourself. But I hope nothing bad happens for your sake.
  3. You. Cheap. Bastard. You suck. See if I care.

You get the idea. The minimum plan was an additional $25 per day that we didn’t need.

Him: “What? What? You are going to drive the car with no insurance?”
Me: We have that covered via our car insurance and the credit card.

Did I mention that Lily and I have traveled before? Not our first time at the rodeo.

The credit card I used covers almost up to the KBB value of the rental car and that’s a secondary insurance. With our main auto insurance it covers more; we called both companies and checked.

Him: “Where are you from?”
Me: New York.
Him: “Well, this is Nevada, not New York. It’s different here. Your coverage doesn’t work here.”

Gee, thanks buddy. I thought we were in Newark, NJ. I’m sure you know what you are talking about.

This led to more scintillating conversation where both my wife and I were treated like idiots. The rep behind the counter kept interrupting us, explained to us repeatedly that we had to select and buy an insurance option from him.

Him: “You are going to rent this car without insurance??”
Me: No, we have-
Him: “Do you understand that if ANYTHING happens to this car we will come after YOU?”
Me: I expect that-
Him: “Are you prepared to replace this car?”

Seriously, that happened. I get that they feel that they need to “inform” the customer. But I work in support too and that’s never an appropriate way to talk to people let alone customers.

Me: So, you are refusing to rent us that car?

Now that sped things up. He began to angrily process our reservation. Honestly, he was acting like we were stealing food from his family.

Him: “Who is going to drive the car?”
Me: Just me.

And that’s when he said it. I’ll just make this a little bigger to stress that.

impound-the-car

I snorted out loud at that one. For a second I really wanted to get into it with this malcontent and ask “Even if I use valet parking and how would you know?” but we were wasting enough time. We didn’t come to here to spend time with Dollar Rent A Car.

I do all the driving on vacations. I like to, it’s not really a problem for me. I would have preferred to have added Lily as a driver but I didn’t want to prolong this any further.

While waiting for my papers I did shoot off this tweet.

Twitter is a good venue for complaining.

Hello? Dollar Rent A Car? This is not how you ever treat customers.

It’s just a car rental. While that may be a big deal for a car rental company, it’s only something I do maybe once a year. And I did accept and drive off with the car so I wasn’t mortally offended.

Next time I need a car? There’s no chance that I’ll even consider Dollar again. It’s not that I think Dollar a “bad” company but after that first impression why would I ever give them my business or recommend them to anyone?

When I’m the customer you only get one pass at me with your stunning ignorance and bad attitude.

No more @import for me

Well, at least not for current WordPress child themes.

I like child themes and always recommend that people use them instead of modifying any WordPress theme directly. Using a child theme makes your changes belong to you and they won’t get erased when the original theme gets updated.

I’ve told people to use something like this in their child theme’s style.css file.

/*
Theme Name: Sorbet Child theme for Mostly Harmless
Theme URI: https://blog.dembowski.net/
Description: Child theme for the Sorbet theme
Version: 0.1
Author: Jan Dembowski
Author URI: https://blog.dembowski.net/
Template: sorbet
*/

@import url("../sorbet/style.css");

/* Start your custom CSS after this line */

See that @import line? That had previously been required if you wanted to inherit the parent theme’s CSS. At the moment my child theme does not have that @import anymore and instead I’ve created a functions.php file with these lines in it.

<?php

function mh_sorbet_child_style() {
        wp_enqueue_style( 'sorbet-parent-style', get_template_directory_uri() . '/style.css' );
        // wp_enqueue_style( 'sorbet-child-style', get_stylesheet_uri() );
}

add_action( 'wp_enqueue_scripts', 'mh_sorbet_child_style' , 5 );

Which really is a more WordPress way to do it. I added a function mh_sorbet_child_style() where I first queue up the parent theme’s style.css and then queue up the child theme.

Notice how I commented out the second line? The parent theme already queues up the current theme’s style.css file and in my case that is sorbet-child/style.css. In my child theme I do not need to queue it a second time as it’s not necessary.

But I do want to ensure that the parent theme is queued up earlier than the child theme CSS. That’s why I add the wp_enqueue_scripts with a priority of 5 instead of the default 10. That should always load the parent CSS first. If the theme does not queue up it’s style.css that way then I would un-comment out that line.

Just as before, any new CSS will go into my child theme’s style.css file.

 

OK, no more Xmarks for me

I like the idea behind Xmarks but there seems to be something I am doing that’s just not working.

Here’s what I’ve done.

  1. Installed Xmarks on all of my browsers. For Internet Explorer this meant a small system tray app.
  2. Made one set of bookmarks the Master To Rule all of My Bookmarks™. I did that once and confirmed that Xmarks has those bookmarks via the My Xmarks page. Neat page BTW.
  3. Synchronized all of my browsers. The first time I selected “the download and erase bookmarks on this browser” option.
  4. Bookmarks are synchronized! Sweet.

A few days later I started losing whole sections of my bookmarks. Not so sweet. Fortunately Xmarks has a great revision system and I was able to roll back to the set I wanted. Repeatedly. Sometimes more than once an hour.

I think the culprit is Chrome but I just couldn’t get the darn thing to behave. I’m sure Xmarks is not at fault, It’s just that one of my browsers never attended kindergarten and doesn’t know how to share with the other kids.

I’m back to manually synchronizing my bookmarks which isn’t a big deal as I don’t add to them that frequently. For Firefox I’m using Mozilla Sync which has developed into a nice option from years ago. For that browser it just works and also synchronized my add-ons, preferences, etc. For Chrome the bookmarks are shared using the Great Google Data Collection Experiment™.

This may have been why I stopped using this software in the first place. Meh, back to sorta syncing my bookmarks at least in Firefox and Chrome.