Medo's Home Page

Creating Certificate Signing Request Under Windows

Certificate that I use for code signing was about to expire so I went to StartSSL to get a new one. After going through standard identity verifications only thing remaining was to submit certificate signing request (CSR). Last time I created one on my Linux machine using openssl. This time I wanted to create it under Windows.

It turns out this is not difficult at all. First step was to download openssl installation for Windows. Message about missing Visual C++ 2008 Redistributables could be safely ignored and after annoying setup procedure (why would anybody think you want to install stuff to root directory) everything was ready.

Creating certificate signing request was exactly the same command as on Linux:

openssl req -new -newkey rsa:4096 -nodes -out my.csr -keyout my.key

After answering a few questions, all that was left to do was to open resulting my.csr file in any text editor and copy/paste it to the certificate authority. Not as easy as on Linux (where openssl is usually part of OS) but close enough for me.

PS: In order to get PFX certificate based on private key and certificate file, you can also use openssl:

openssl pkcs12 -export -inkey my.key -in my.cer -out my.pfx

My WordPress

Every WordPress installation is a unique creature as far as customization goes. Mine starts with latest WordPress installation combined with a great free theme called Suffusion. Beauty is, of course, in the eye of the beholder but I believe to be one of best themes out there. It is extremely configurable and you can find it works as well on multimedia-rich sites as on simple home pages as this.

As on all WordPress sites, plugins are plentiful and they change with seasons. Here is my list and reason for them:

Akismet

This is part of probably every blog out there. It will not catch every spam but it will help you deal with most annoying ones out there.

Broken Link Checker

Linking to other websites is path toward hell as far as I am concerned. While it seems as a good idea at first, it can lead to a lot of broken links years down the road. Sometimes nothing can be done about it - resource is simply gone - but this plugin at least makes you aware of it.

CloudFlare

If you use CloudFlare and you love statistics, you will want to install this plugin too. Without it every user would seem to come from the same set of proxied IP addresses and all that per-country log analysis would be for nothing. :)

Facebook Open Graph Meta Tags for WordPress

Simple plugin that does its job - gets your website sharing links for Facebook and Google+ have proper excepts and look decent. It is not fancy and there aren’t many things you can change but I find myself liking all defaults anyhow. I was using NGFB Open Graph+ before but with time it became annoying dealing with its advertisements for bigger Pro edition. Not only that you got a huge banner on your admin pages (sacrilege!) but they started removing features with newer editions (bait, hook & switch). I won’t use it again any time soon.

Fast Secure Contact Form

Simple solution for contact forms. It was a bit annoying to configure, but it worked flawlessly since.

Google XML Sitemaps

Google web crawler occasionally might need a bit of hint as what page is considered more important in your view. 99% of time everything will work properly regardless, this is just to cover all bases.

Limit Login Attempts

Protecting against brute-force password cracking is probably something that should be already built-in to WordPress. But this simple plugin will do to. Security must-have.

Nonsingular noindex

This is a custom plugin I built to avoid Google indexing search and category pages. As blog grew, it became annoying to see search pages in Google results higher than actual page and I had to do something about it. Since I haven’t found any plugin readily available, I decided to build one.

Online Backup for WordPress

If you love your site, you will backup it. And you will backup it offsite. Mailing it to GMail account is perfect for me and this plugin does it without issues.

Simplest icon link

Just a simple plugin to add Apple touch icon to website. Probably there is dozen other plugins that do the same, but I decided to roll my own.

Snippet pre

Never finished plugin for source code highlighting. Since I found every syntax highlighter lacking in some way I decided to build one for myself. While I do use it for new posts, it has severely limited capabilities in its current form.

Snippet text template

One more itch I had to scratch was repeating of same phrases over and over again on multiple pages. So I built this plugin to help me with that. Unsuitable for anybody else because of hardcoding, but it does its job here.

SyntaxHighlighter Evolved

Syntax highlighter that I stopped using because of some annoying bugs and lack of development. However, lot of older posts use it so it will stay here a while. Ultimate goal is to change all those posts to use my own highlighter (once I finish it) but lack of time will probably ensure that never happens.

W3 Total Cache

Probably best caching program out there. If you are using shared hosting and there is any significant traffic, you need something like that. Lot of small options help optimize for your particular situation.

Widget Logic

If you want to limit widgets to some pages only, this is plugin for you.

WordPress HTTPS

This plugin ensures that your login always goes over HTTPS instead of HTTP. Must have if you occassionaly use unknown WiFi to access your blog. Of course, you do need SSL certificate too.

Single Instance Script on NAS4Free

Great thing about NAS4Free is the opportunity to do really powerful scripting. You can do automation scripts on par with full-blown *nix distributions. Better still, you can even configure them to run at desired times giving you full hand-off experience.

With all that power and possibility of scripts running left and right, it pays off to do some sanity checking. Most common one is disabling multiple instances (particularly important for backup script).

Since NAS4Free is FreeBSD-based, some things might be a bit different than your everyday Linux but rough code would be:

SCRIPT_NAME=`basename $0`
PID_FILE="/var/tmp/.$SCRIPT_NAME.pid"
PID_LAST=`cat $PID_FILE 2> /dev/null`
if [ -n "$PID_LAST" ]; then
    PID_ACTIVE=`ps $PID_LAST | grep "^$PID_LAST" | grep "${SCRIPT_NAME}\$"`
    if [ -n "$PID_ACTIVE" ]; then
        echo "ERROR: Script is already running!" >&2
        exit 255
    fi
fi
echo $$ > $PID_FILE


# DO SOMETHING USEFUL


rm $PID_FILE

When script is started for first time, process identifier (PID) is written to /var/tmp/.script.sh.pid (where script.sh is name of our script). This is followed by some useful action (insert your code here). When the job is done, /var/tmp/.script.sh.pid is simply removed and everything is fresh for a new start.

If we start second instance of script before first one has completed, script will find its temporary file. While it might stop with an error at this point, I prefer it to run additional check. Previous script might have crashed and thus temporary file might be just a leftover and there is nothing really running.

So it reads content of a temporary file in order to find previously used PID. That PID is then found in the list of processes and compared against a script name (maybe some other script is running under same PID - rare but happens). If process with same number and name is found, script throws an error and exits.

Simple and works 99% of time.

Script does have some issues. You cannot have two scripts with same name using the same trick because temporary file is based on a name only. Similar problem might be a false positive if another script with same name accidentally gets same PID as our previously running script (although this is highly unlikely). Solution for both would be using realpath command and basing temporary file and PID search on it.

Another issue might be how easy is to trick script into a parallel execution. Just remove temporary PID file and script will be no wiser. And there is no real way around this. Intention of this code is to prevent accidental parallel execution - if user wants to shoot at his foot, he will do it.

You can really make this as complicated or as simple as you wish. I found my sweet spot in the code above.

[2018-07-22: NAS4Free has been renamed to XigmaNAS as of July 2018]

Blackmailing Bastards

With a new year there came a bit of change from my domain registrar. Their post is Croatian-only but this is the gist of it: there are new TLDs available (.app, .shop, etc.), e-mail address verification is required, and free whois privacy is gone.

For those not aware, each website must have name, address and similar personal stuff filled upon registration. Companies usually have no issues with this but for individuals this is really inconvenient because everyone on Internet suddenly knows your home address. To alleviate this issue, domain registrars are usually satisfied if they have your information and whois gets filled with alternate data (usually their address). And everybody is happy.

Starting this year Plus hosting will start charging additional 40 HRK (+ tax) for this service.

Just to make it clear, I am not blaming them for this increase. For last 8 years they have given me the best service I could imagine and their response time was remarkable (immediate response for non-urgent queries even on Christmas). Their web packages are competitive, servers are good and there is really almost nothing I would change.

Their top registrar (OpenSRS) decided to start charging for privacy and they really had no other choice than to forward that cost to their customers. Since they are really small company, swallowing the price increase themselves is probably not a realistic expectation.

And don’t be mistaken, this is pure blackmail by OpenSRS. Since your registrar is usually also your web hosting provider, you got domain for free. Going anywhere else for domain (and leaving web service where it is) would cost you around $10 which is exactly how much they charge you for privacy. Since cost is the same, most users won’t bother with transfer and they will just pay the ransom. It is essentially the same business model patent trolls use - make it cheaper/simpler to settle than to fight.

As for my site, I haven’t decided what to do. Simplest solution of paying the cost increase just seems wrong. Moving away from Plus hosting is not something I am even seriously considering because that would be punishing them for something outside of their control. And having domain with one registrar while web hosting is at other’s would be annoying any time when there is a DNS issue and two companies start playing troubleshooting ping-pong.

I already contacted Plus about this and they assure me that my private address won’t be visible. If true it will alleviate my biggest complain. However, whether that is true or not is another matter. I am sure that guys at Plus believe it to be so but OpenSRS clearly lists address among the fields that are exposed. Time will tell.

Whatever decision might be, I have another few months to figure it out. Maybe OpenSRS idiots will smarten by then…

Why HP, Why?

Due to my Intel NUC needs I got myself a new 802.11ac wireless card (Intel 7260). Since NUC didn’t really need AC, I decided to put new card into wife’s aging HP mini and take its N wireless. My hope was that newer card would improve wireless range just a bit and thus I would gain her eternal gratitude. That was the plan at least.

As it is always the case with small machines, replacing anything is not really straightforward and some disassembly is required. In this case it was just removal of keyboard and new card went in even a bit easier than expected. After a bit of fidgeting with keyboard’s plastic tabs on reassembly I was ready to get into Windows.

Seconds later I was greeted with:

104 Unsupported wireless network device detected.
System Halted. Remove device and restart.

Yep, dear HP decided in their eternal wisdom to forbid wireless replacement. And I cannot imagine any other reason for this other than a case of pure assholeism.

It is definitely not for money. Not only that wireless cards almost never fail but their low cost would anyhow ensure that HP would see little to no profit on any exchange. Even worse, you can plugin another card that is same Broadcom chipset and it works. That means that they didn’t force anybody into using HP replacement services.

They also didn’t do it to force you into using HP upgrade - there is no such thing nor it was ever available. Maybe there were some plans but I doubt that because card was not really positioned to be user-replaceable.

Saving grace would be if they did it for compatibility. Maybe their testing discovered some bug on other cards so they decided to nip it in the bud. If this is really the case (no matter how unlikely it is) than it is pure laziness of engineering team. They decided to solve technical problem with a software block. And someone higher up decided to cover this up and not document such incompatibility anywhere. But I really doubt that.

Most likely story is that some “smart” manager overheard engineers speaking about difficult to replace wireless card. On that he said “We have it replaceable? We don’t have that on list of features. Disable it.” Engineer shrug and did as it was told. And now, years after that moment of stupidity, we have machine that cannot be upgraded. Not for technical reason, but for pure politics.

1 … 135 136 137 138 139 … 268