Archive | LAMP

Linux Apache MySQL Python Perl PostgreSQL

What’s on your network?

This article in ZDNet points to flaws in Microsoft’s SMB file sharing systems (“Windows networking”) that are, unfortunately, faithfully reproduced in Samba:

http://www.zdnet.com/article/its-not-just-windows-anymore-samba-has-a-major-smb-bug/

See also:

https://access.redhat.com/security/cve/CVE-2017-7494

This means that an old Samba server you have could be be misused as a vector for malware to get a foothold on systems where local Windows machines could get infected. Over the weekend, I went through and cleaned out, updated, reconfigured, or blocked access at some of my client sites.

I also took a long look at our in-house dev network for stuff that could be a problem and found a couple of issues:

– An old Western Digital NAS device was running an *ancient* version of Linux and Samba, and unfortunately is no longer being supported by the manufacturer (last update, 2012). In addition to basic SMB file serving, it supplied media streaming over various protocols and offered ftp (turned off). Despite being in fine shape, mechanically and electronically, I had to turn it off, because, even though the source code is available (yeah, GPL), cross-compiling and rebuilding an ARM 2.6 kernel and utilities into a modern version, and getting it to work on an unsupported device is more effort than I have time for.

– A couple of our networked printers shipped from the factory with all their protocols turned on, even if not configured nor active: SNMP, Web server,  SMB, FTP, tftp, LPD, Raw port, IPP, AirPrint, Web Services, Google Cloud Print, SMTP, mDNS and LLMNR, several of which I had to look up. Surely, there could be no flaws there! And, to boot, two of them were running older versions of firmware, also worth updating.

I am a strong skeptic of the IOT marketing that drops devices into your home/office network that communicate with “the cloud” and can be run from your cellphones, or likely anyone else’s. Unlike PCs with firewalls, intrusion detection, malware scanners and intentionally secure devices like routers, IOT devices are trying to “Just Work” and security might not be in mind.

I knew this was the case for things like “Smart” TVs and voice-recognition devices, but it hadn’t dawned on me that printers would also be in that category.

Be careful out there.

Managing broken links

My WordPress site has thousands of links to other web servers. Inevitably, these links grow old and many get lost. I use the excellent and highly recommended Broken Link Checker for WordPress to scan all the blog posts, and flag the links that aren’t working. It sends me an email each morning. There are many reasons why a link wouldn’t work, and a variety of error messages that can result: the request could time out because the web server is down, the network is having a bad day, or the site is no longer available. The request for the link could be rejected, redirected, of forbidden with a variety of error results, some transient and some permanent. If I think the link is down permanently, I can try to find an archive.org archive of the page (which the plugin helps to find) or remove the links as irretrievably gone.

A broken link displayed visually.

Broken Link

When the plugin discovers a broken link, it wraps the link in an HTML element that allows you to highlight the error in a variety of ways. I’ve chosen a red wavy underline to highlight the broken link, and automatically added the text “(Broken link)” to the link. For links that I’ve reviewed and decided they are not only broken, but gone forever, I use a different highlight: an orange dotted underline followed by “(link removed)”. If the reader floats their mouse over the removed link, it will display a caption showing where the link used to go.

All this magic is performed thanks to the plugin, and a little bit of styling. The plugin allows the author to specify their own styles, and I’ve chosen to use the following CSS to create the effect:

.broken_link, a.broken_link {
    -webkit-text-decoration-line: underline;
    -webkit-text-decoration-color:red;
    -webkit-text-decoration-style: wavy;
    text-decoration-line: underline;
    text-decoration-color:red;
    text-decoration-style: wavy;
}
.broken_link::after, a.broken_link::after {content: ' (link broken)';}

How do you learn to type such gobbledegook? Search the web, view other sites whose styles you like, and do your research. In this case, the text-decoration advanced styles (line, color and style) are fairly recent additions to most browsers. You can check on the appropriateness of using new styles at sites like caniuse.com, which can tell you which browsers and browser versions support the styles you’d like to apply. At the link above, you’ll s

Removed Link

Removed Link

ee the style won’t work in Microsoft’s Internet Explorer and Edge, which are another good reason not to use them. The style is supported in the most recent version of FireFox and Chrome, which is good enough for me. I also recommend looking at the “Usage relative” link on caniuse.com, as that shows what version people are actually using, rather than the latest cutting edge version. In this case, caniuse tells me that Google Chrome and IOS’ Safari work better with the -webkit- prefix, so that’s why the style is repeated with and without the prefix.

(Yes, the text-decoration has a shortened form which combines the color, line and effect in a single shortcut line:

.broken_link, a.broken_link {-webkit-text-decoration: red wavy underline;}

but I prefer the longer form, at least until I’m more familiar with the new styles, and the browser compatibility issues.)

Please stay on the line, as calls are answered in the order in which they are received

Astute fans may have noticed the site seems to be having a little trouble. Yup. The site became non-responsive the morning of 20-Nov-2014, and the usual actions had little effect. There were few clues in the logs nor diagnostics easily pulled from the software. To get up and running quickly, I did the famous “WordPress 5 minute Install” and restored the essential configuration. I’ll be restoring the usual theme, fonts, plugins and assets (pictures, links, videos, etc.) from backups as time allows.

Thank you for your understanding.

Notes from Feb 25th Web Dev Meeting: Brian Cardarella on Ember.js

The Portsmouth Web Dev meetup is hosted at Alpha Loft in Portsmouth. This month there were two meetings: Ember on the 25th and Lightning talks on the 26th. On the 25th was the first, with Brian Cardarella of dockyard.com giving the main presentation on Ember.js.

Brian started with a bit of a history lesson. Ember spun off of SproutCore from Strobe. SproutCore 1.0 suffered from the slow (at the time) JavaScript runtimes and overly-complex UI widgets, resulting in a poor user experience. The 2.0 branch was started and Yehuda Katz (core contributor, Rails, jQuery and more) and Carl ??? and pushed off UI elements to focus on the core and on speed.

The run loop is the core event loop engine of Ember, and code in Ember can enqueue new items onto the loop, which continues to loop as long as there are items to be processed. There is great documentation in the Ember Guides, and a good video overview. Brian suggests that the Ember Starter Kit is just that, a good way to get started, but likely not appropriately robust for a professional application.

Enough background, we jumped into http://ember.jsbin.com/ and Brian commenced live coding in Ember to demonstrate how the Ember application essentially hooks into the body tag of the DOM and can read and write elements from there. He showed how actions could be triggered by observed changes, that setters and getters were required for property manipulation.

Ember has its own form of MVC (doesn’t everything?) where Models are business rules containers, and Controllers are contexts in which your interactions with models occurs, essentially acting as proxies. Views are nearly becoming deprecated as their functionality is being replaced with HTML5 Web Components (there’s currently a polyfill for these called polymer.) Routes are similar to Rails with nesting. URLs can be considered a state manager for an Ember app, so two users see the same thing at the same URL, unlike some other JS frameworks. There is an Ember Inspector for Chrome and FireFox that allows you to dive deep into the View Tree, Routes and Data for debugging. Excellent peer support is available on IRC at emberjs and emberjs-dev.

Brian and Dockyard have built Ember-AppKit-Rails as a gem to create a shared directory for an Ember app and its Rails backend. Note this is Very Beta, Somewhat Experimental and may be abandoned. You have been warned. Brian explained there are not yet any Best Practices worked out, so different attempts have been tried. Side-by-side projects where the two are separate may turn out to be a better design; Brian is looking at Ember AppKit [Update: Deprecated, but URL updated for reference]. Ember is designed to deal with different backends, depending on their API syntax. The one he was using was ActiveModelAdaptor, build to work with Rails.

An excellent question on “Where do you do validation?” And the answer: pretty much everywhere. Brian is the author of ClientSideValidations and has some experience with this. He tried something similar with Ember but points out that the context of the front end and backends can be so different that the validations aren’t necessarily the same.

Brian then proceeded to do a demonstration of an under-development project by Dockyard and even in its early stages, it appeared pretty promising.

Brian recommended downloading Ember, reading through the Guides, and taking some time to learn the components. Promises are a key element to the Ember framework and are worth reviewing; ECMAScript 6 will have promises built in. Handlebars, the templating language, is expected to be replaced by HTMLBars in the next major revision. Best practices and calling conventions (especially error/exception/validation handling) are still up in the air; check out JSONAPI.org for some work on this front.

So, we had an action-packed, fact-filled, acronym-filled session with a lot of good material and an excellent overview of the state of Ember and its promising future. Thanks for Brian for speaking and for Josh Cyr, Alpha Loft proprietor, for hosting!

0

Broken tag cloud

Broken Tag Cloud

Broken Tag Cloud

I noticed this morning that the tag cloud on my blog’s home page was only three lines long. That’s not right. A little study showed that the three lines were word-wrapping based on spaces within individual tags, and that there was no space between the tags, causing them to run off the right side of the pages, where the overflow was hidden. I poked around a couple of places looking for changes to the code that could have caused this: both the WooTheme’s Canvas theme I’m using and the WooDojo add-on only specify the minimum and maximum font sizes, leaving the default ‘separator’ parameter value. The tag cloud is built up in the wp-includes/category-template.php file, where the default is rather strangely set as “\n” as documented on the WordPress site. Adding an explicit parameter of separator to the Woo elements didn’t seem to have an effect. As a temporary fix to confirm I’m on the right track, I overrode the defaul in the wp-includes file to “&middot” and the word-wrap problem is gone. Next, I’ll see if I can find some other place within the Admin UI and/or the database where the separator is specified and see if I can get it reset properly. Stay tuned.

0

CDN Syncing!

Magnifying glass

Detective Work

So, I rolled up the sleeves and dug into the web server logs and the code of the CDN synchronizing tool. I found the GitHub site where the code came from, forked the code and created a branch with a couple of different attempts at fixing it. On my third attempt, seem to have a working hourly sync run using the WordPress pseudo-cron functionality. I’ll bundle up my changes and offer a pull request to the upstream developers so they can have the changes as well.

0

Blog optimization update: WordPress, CDN, Speed, Caching, Accessibility

Keep Calm and Clear Cache

Keep Calm

I’ve continued to do some research on optimizing the blog responsiveness, and I’m pleased with the results. Anecdotal tests this morning, with no local caching, showed a 2 second load time with a 1.2 second DOMLoaded event. That’s pretty good. Here are a few notes on things I’ve been working on:

  • Google’s PageSpeed Tools offered some helpful insights.
  • Minifying some of the text assets – HTML, CSS, and JavaScript – is working well, though I’d like to be more easily able to toggle this for debuggng.
  • Using the Rackspace CloudFiles caching with WordPress lacks a good automated tool on the WordPress side to keep the cache synced with changes. I’ve been using the SuperCache plugin for local speedups, and it supports a variety of CDNs. The CDN-Sync-Tool plugin is no longer available on the WordPress.org site, and several forks on GitHub all seem to be out of date. It’s unclear, so far, where the problem is. The WP cron jobs are failing. Whether that’s an internal configuration problem, or unsupported calls to an old API, I haven’t worked out yet. Next time I try this, I’ll look at some deeper pilot testing for CDNs with better WordPress support.
  • Inspired by “Why Bother with Accessibilty” by Laura Kalbag, part of the excellent 24ways series, I did some initial accessibility testing. The WAVE Web Accessibility Evaluation Tool tests your site for accessibility, an essential feature these days. Accessibility makes your site more understandable and easier to navigate for all users. Disabilities aren’t someone else’s problems; they are a state we will all pass through at one stage or another.There are a few glitches in my templates that I will work to rectify. A larger problem s the observation that my style choices have lead to a rather low-contrast site.

Using SQLite to Bypass the 2 GB .DBF Filesize Limit

Front page to ebook

Click to visit Hentzenwerke

The Hentzenwerke site has been updated, crediting me with editing Whil’s latest ebook, “Using SQLite to Bypass the 2 GB .DBF Filesize Limit.” Whil posits an interesting problem: how to work around the FoxPro 2-gigabyte DBF file limit when the client’s import file balloons in size? In this case, the problem was not that the data had exceeded the limit, but that additional data was included within the import file; more haystack hiding the needles. His solution was to use SQLite as an intermediate step, load in the bloated data, and then cherry-pick the few columns that really needed to be imported for this application. Sample files, instructions on working with SQLite, and example code of importing the SQLite data into VFP are included.
I volunteered to go over his first edition of the ebook and provide a technical review and light edit. I added a few suggestions for alternative techniques, poked at his prose when it got a little awkward, and tested his code and found a few typos. He, in turn, was gracious enough to roll his eyes and ignore my comments. I appreciate him giving me credit as editor on the book.

0

Notes from Seacoast WordPress Developers Group, 4-Dec-2013

Seven people attended the December meeting of the Seacoast WordPress Developers group, held at the AlphaLoft coworking space in Portsmouth, NH. The main topic was “Best Business Practices,” which was a great topic but, as always, the conversations and netwokring and recommendations that went on around the main topic were also very helpful and informative. Among those tidbits:

  • The Ewww image optimizer can reduce the size of images and speed webpage loading with minimal quality change.
  • Matt Mullenweg delivers an annual “State of the Word” speech with lots of interesting insights.
  • Open question: What topics would YOU like to learn about? The group is about YOU. How can we get YOU to attend?
  • Which SEO are people familiar with? WordPress SEO by Yoast was the most popular mentioned
  • Question on speeding sites, and a recommendation for the P3 Plugin Performance Profiler

On to the main topic: “Best Business Practices” can easily degenerate into a “Client Horror Stories” session. Kudos to organizer Amanda Giles for keeping a tight rein on the discussions and getting us to focus on covering as much as possible. Andy provided a redacted proposal he had written up for a client and we reviewed and discussed it. There was a lot of good back and forth. Andy had some very insightful item in his proposal that made it clear what the client would see at each phase, what items were optional or deferred to a later project phase, and how client decisions could affect the outcome in terms of schedule and cost. This was a great launching point for a lot of discussion on terms, contracts (my stance: pay a lawyer for a few hours to draft a good contract!), how to handle open-ended items like design reviews and never-ending revisions, terms for stock photos and graphics, and so forth. The discussion was very worthwhile and everyone felt they had their questions answered and learned a few new things. What more can you ask for a meeting?

Our next two meetings are scheduled for TUESDAY (not the normal meeting night) January 7th and Wednesday, February 5th. Please consider joining the Meetup group to keep up on the details on upcoming meetings.

0

New post testing CDN support on WordPress

DSCN1940 So, the Content Distribution Network is in place and several tests indicate it is working well — page loads are much faster, the URLs of the CDN content are re-written properly — but the next question is whether new materials will be automatically added to the CDN. The picture at the left (and yes, this is an excuse to post a cute dog picture, too) should appear with a link to the high-resolution (1.8 Mb) image. On the blog itself, that link should be of the format http://blog.tedroche.com/wp-content/uploads/2003/12/NameOfPicture.jpg, while if the picture is picked up by the CDN synchronization software, it should upload to the CDN and the URL be rewritten to http://static.blog.tedroche.com/etcetera. Let’s try it out and see what happens…

Woah. Success first time. Pretty cool.

Some details on what I’ve got set up: I’m using the Rackspace Cloud Files service as the CDN. I had worked with Rackspace before on some hosting projects, and have a friend working there, so I thought I’d try them out first. It appears that their CDN services are in an early stage and don’t have all of the features of soe of the more mature products. In particular, it appears that the blog software is reponsible for pushing any new or updated content to the CDN. By contrast, the Amazon S3 offering has an ‘origin pull’ feature that will pull content from the original source when it is first requested, and subsequently cache it.

In order to get the contents of my local blog to sync with the CDN, I added the CDN-Sync-Tool plugin. A lot of web searching seemed to indicate I could find this in the WordPress Plugins directory online, but the tool has been pulled from the directory. Apparently, it is undergoing some redevelopment. The version I found was on GitHub under https://github.com/WDGDC/CDN-Sync-Tool and installation was not more complex that downloading the ZIP and unzipping it in the plugins folder. Bear in mind that you should be comfortable with using the command line and have the skills to review the files you are installing on your machine, as there has been no review by the WordPress folks, and the code is currently under development and you may need to deal with bugs, incompatibilities and support problems. So, this isn’t the path I’d recommend for less-technical WordPress developers, and likely isn’t the path I’d recommend for a client looking to put a CDN into production use.

Note that most cache programs and their CDN features are set up in such a way that logged-in users may see a slower site, but more up-to-date, site, and that in order to test caching you’ll need to log out of your WordPress session.

 

0

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.