I so love it when spring finally gets around to removing the chill and darkness of winter. I just wish it would do it consistently and without pollen. One day, out and about in t-shirt and shorts, enjoying the 80+ degree temperature, followed by flurries the next day takes its toll on me too quickly. Add the trees and bushes and flowers coming to life and I am a mess.
I think I have almost gotten rid of the first (and last) cold of the season so I will be back to writing here. In the meanwhile, I am also doing some hacking of the non-respiratory type, digging into the design of this web site (again). More on that as it appears.
Time for the cough medicine and a sandwich for Mary.
I hate visitors who just cannot use web sites for what they were intended. My particular annoyance of the past few weeks is people trying to break into the administrative section of our WordPress installations. Why? I guess because it is something to do to prove themselves as idiots… oh, I meant hackers. It used to be once, maybe twice a day, that someone would bang on the wp-login.php page, and then grow bored. Then it became once or twice an hour and they would try 5 or 10 times and give up. Over the past several days, the volume increased exponentially to the point where it was obviously an automated login hack script. While no one was getting through, the server performance took a serious hit each time someone did it until earlier this evening when the load resembled a DoS (Denial of Service) attack. With the help of our service provider, Liquid Web, we kept the server up and running.
Serious acts like these require serious action on our part. I reviewed the potential options:
- change from WordPress to another CMS
- rename the wp-login.php file to something secret
- move the wp-login.php file to another directory
- move the wp-login.php file to a secured directory
- find a plug-in to remedy the situation
Option 1 is unacceptable because we love WordPress. Option 2, while it seems simple enough, is not viable because it involves changing the WordPress code base and any reference to that file name which is frequent. Every time an update is made to WordPress, I would have to make the same changes, all making further problems if a change is not 100% correct. Options 3 and 4 are unacceptable for the same reasons, too. So, I started to look through the plug-ins directory to see what, if anything, had been written to remedy this. I found several that mechanically do what options 2, 3, and 4 do. This is unacceptable since if the developer decides to move on, get lazy, or, sadly, get sloppy, errors are introduced. More plug-ins alert, disallow, and dissuade, but all require some manual effort to truly correct the problem (i.e. blacklist IP addresses). So I put my thinking cap on and headed to Google, searching for some way to disallow access to only one page in a directory of many files.
I found a solution that required only a few lines in the .htaccess file which is used by the Apache web server. There is already in place on each instance of WordPress since we use mod-rewrite to pretty up the URLs within the WordPress instance. It involves using the FilesMatch directive. The code fragment in .htaccess looks like this:
ErrorDocument 403 http://...where to send them to...
Deny from All
Allow from ...list of IP address(es)
The first line (ErrorDocument) defines where to send the visitor to if they fail the security check below there. If the file matches the expression after FilesMatch, I first deny all visitors while allowing any from a list of IP addresses. Granted, this limits me to working from home and other fixed private addresses that are hard-coded, but, since I have shell access from anywhere, I simply go in and remove the check temporarily so I can get signed on. After doing that, I sign in and then flip it back to nornal. Reminder, the true security is whether or not the person has the correct credentials (ID and password) from WordPress. This does not improve upon an already secured process, simply eliminates access to the sign-on page.
While this works for now, I am still researching other options. Please leave a comment if you have any good ideas!
An additional thought: In order to make search engines realize you don’t want that file picked up and farmed, you need to make sure of two things:
- Remove the login link from your sidebar and elsewhere. If they are scanning for links to farm, they will find it.
- Make sure that your sitemap.xml file does not have an entry for it. If you are using Arne Brachhold’s Google XML Sitemaps plug-in, you are fine.
I discovered this tonight when I saw a harvester coming through the web site and the 2nd page it swept up was that one!
Tonight, the good folks at Liquid Web, where we host all of our web sites, are adding a new component to our suite of services: Apache Tomcat. Tomcat serves Java Servlet and JavaServer pages, which is a whole new adventure for me.
So why are we doing this? Mary has been creating a web-based document and information archival/retrieval system using a LAMP-platform software application called Omeka.
If you are not familiar with Omeka, it is like WordPress with an extensive document handling back-end for librarians, archivists, and just about anyone who needs to index, store, and display a wide range of media types.
Mary is working with data that has a spatial component: the geographic location of the information within the documents. Since this is a web-based application, I was looking around for a package that could be implemented within Omeka to add a map display. The Scholars’ Lab at the University of Virginia Library have done just that with a suite of Omeka tools called Neatline. Funny, because to a map geek like I am, it is truly neat! Their description of Neatline is what caught my eye when I was searching for this type of product:
Neatline allows scholars, students, and curators to tell stories with maps and timelines. As a suite of add-on tools for Omeka, it opens new possibilities for hand-crafted, interactive spatial and temporal interpretation.
This is not your usual social mashup of maps and “here I am”. Think of the adage “a picture is worth a thousand words” and you get a very basic idea. Neatline makes it possible to translate the data into a visual representation of both place and time. Place and time? The concept of place is simple – a dot on a map, a troop line, location of a group of buildings, or the site of a disaster. Now, get out your sheet of clear plastic and draw what happens in the next hour, day, month, or millennium. And the next. And the next. Push all of this visual data into a stack atop a base map and you can show the temporal transition over the spatial visualization. In a word: powerful! It is an amazing way to analyze what happened, project what could happen, but at the same time illustrate the processes that took place or could take place. Another component of the suite is a tool to develop graphical timelines from your Omeka data.
Sure, you say, it is possible. Take a few minutes and take a tour of their sample exhibits. Be prepared to be dazzled and educated!
Besides Omeka, one of the components of Neatline uses to draw on a wealth of geographic data is an open source system called Geoserver. A contributor to the OSGeo Project, this package provides a single interface to a wide range of worldwide spatial data resources: maps, street data, location use data, census information, and much much more. Geoserver is written in Java and runs under Tomcat which is the reason for adding this component to our suite of services used.
All of these components – Omeka, Neatline, Tomcat and Geoserver – are open source, being developed around the world for use by all. Most of all, this is fun!
I have already posted this question to several forums. To date, I have received no true answer as to why this is happening. Every time that I open Google Chrome on Debian Squeeze, this message appears menacingly at the top of the first open browser window and won’t go away:
Since when and why?
The fact is that yes, Google Chrome is still updating and has been for the past month. I was hoping to receive an answer saying why it will not be supporting this version of my operating system. The stock answer most seem to be posting is “why don’t you just use Chromium?” (the open source version of Google Chrome).
My short answer to that is I don’t want to use Chromium. The longer answer is that Mary and I use Google Chrome on every other computer and device that we own, over several operating environments. We just started using Chrome for Android. The Android version alone has been such an improvement because it can grab links of open windows on any other place that we have Google Chrome open. It makes testing the mobile view of web sites a breeze. Add to that the shared bookmarks, history, and account IDs and passwords, and I think you will begin to understand why our Internet world revolves around using Google Chrome.
We have adopted so many Google products, like Google Mail, Google Calendar, and Google Drive, to make our life much simpler and streamline. An addiction? A dependency? Yes, a self-imposed organizational technique to make our life easy. To switch over to Chromium would put a wrench into the workings of our well-oiled life machine.
I have found some references to something not working in Version 27+ of Google Chrome on certain platforms. I have found no list of what is not going to work and why it will not work. At the moment on our Debian Squeeze and Debian-based (antiX) systems, we are running Google Chrome Beta Version 26.0.1410.43 (Official Build 189671) with no issues. When I first saw this message, we were running early 27.0 versions from the unstable libraries. I reverted back to beta to see if the message would go away. Of note, we run the development version on our CR-48 Chromebook (Chrome OS/Google Chrome) as well as on a wide range of Windows XP and Windows Vista machines, all with no apparent issues.
Now, to make matters worse, there is a link at the end of the warning message to a Google Chrome help page. For all platforms, it requires a minimum of 128 MB of RAM and 100 MB of free disk space. For the Microsoft world, Windows XP with SP 2+, Windows Vista, Windows 7, and Windows 8 are suppported. In the Linux world, Ubuntu 10.04+, OpenSuSE 11.3+, Fedora 14, and Debian 6.0+ are supported.
So, clearly they state that Debian Squeeze and later are supported, right? I am writing this on the machine that gets this message and, by the numbers, it is running:
# cat /etc/debian_version
# uname -s -r -v -o
Linux 2.6.32-5-amd64 #1 SMP Mon Feb 25 00:26:11 UTC 2013
So I guess the suggested platforms stated on that help page are for pre-release 27? Luckily, the antiX machines are based upon Debian Wheezy (Version 7.0) and are not triggering the error message.
One thing I did notice, though, in investigated what is going on was the process to find out what OS version is running. The stock Debian way is to do the following:
# cat /etc/debian_version
I did some reading and found that the generic way to find the Linux you are running is to:
Running this command under Debian Squeeze (6.0) yields nothing since no file of that name exists. However, running it on Debian Wheezy (7.0) yields this:
# cat /etc/*release
PRETTY_NAME="Debian GNU/Linux 7.0 (wheezy)"
Next step I guess is to open a ticket asking the question as to how the Linux release is determined in the Google Chrome code base. I think I will also open one on the Chromium web site and, since it is open source, do a scan to see if I can find just how they do it. Perhaps this is one of those undocumented enhancements that drive people like me wild!
Any ideas or thoughts? Leave a comment please! I am cross-posting this on Google+ to the Debian and Google Chrome communities so let me know either here or there. You can find me easily on Google+ at http://jimmetzger.net/+.
I shared the following graphic which depicts the rather frightening number of US military bases in the Middle East, with the focus being on their location with respect to Iran.
I didn’t add any explanatory comment, leaving the interpretation of the graphic and my views up to the reader. Leaving out my views was a mistake on my part because one of my friends added this comment to the post:
If you’re defending Iran why don’t you just move there. See how many opinions you can have from that country.
As soon as I saw it, I realized my error. I posted the following response:
Not in the least, [my friend's name]! Just the fact that every time we cut the budget of other programs to build yet another base in the Middle East, you have to ask the question Why? The Joint Chiefs of Staff (the guys that run their individual military branches) and the Department of Defense (that runs our entire offensive and defensive protection) all told the Congress that they did NOT need additional funding (other than what they asked for, as a part of inflation, rising costs, etc.). So, Congress, knowing better than them, decided they needed billions more. Better example: the (our fire department) Equipment Committee along with the chief officers decided that the two engines were the only additions required this year. When they presented their funding request to the township’s Board of Supervisors, they decided that we were wrong and we needed ten MICU’s and fifteen more brush trucks. Also, while they were at it they decided to cut all funding for fuel and protective gear, and, that they would use the taxes collected for fire protection to fund a township staff trip to Europe.
I fully support the US and am proud to have the privilege of enjoying the freedom that members of our Armed Forces have fought and died for to protect.
I made the assumption that my friends would already know my point of view. Take this very seriously. Even those who you think know you can get a very different impression if you don’t at least reiterate your position with regards to a particular topic. Take this one step further. How many people will read your posting that have no clue who you are and be left with the wrong impression? How many readers of your blog or follows on Google+ or Twitter will you lose because you did not take a few extra minutes and read the post from the stranger’s point of view. It could be the first and last time they read something you have written. This, of course, does not guarantee that someone will not have a different point of view about the content. It is, though, better that they fully understand why you wrote the posting.
Yes, this is more of what I have said before on this subject: write once, edit until its right. As far as the commentary on the graphic, that is my position, stated clearly.
Crazy Eddie – image from Allthingsd
Yeah I feel like Crazy Eddie sometimes… oh the insanity! My problem is that I never seem to settle on what this all should look like. I try to make it accessible, searchable, readable, and, above all, something you will want to come back and delve further into what’s inside of it.
For the moment (since I do have this bad habit of design, redesign, repeat), I am back using Atahualpa in anticipation of possibly using a theme design tool that they make in the near future.
Things will be a bit rocky for a few hours while I tweak, poke, prod, and cook Easter dinner (the top item on my To Do list today).
As always, enjoy!
See on Scoop.it – Debian Tips and Hints
With the recent release of Debian 7.0 Installer Release Candidate, the final release of Debian 7.0 “Wheezy” is effectively on approach. For those not up to speed on this major Linux distribution update, here’s a list of some of the top features.
Jim Metzger‘s insight:
Those of us who use Debian daily are using Debian 6.0 “Squeeze” and are looking forward to Wheezy becoming the new stable. I know that I am looking forward to the new features, as well as seeing the tools that I use daily getting up to current in the repositories. Read about more new features they are teasing us with for Debian 7.0!
Note – I am testing out a new curation and publishing tool called Scoop.It and this is the first entry that is cross-posting across my personal publishing space. Comments please!
See on www.phoronix.com
I rarely make mistakes… not! Considering it is almost midnight and Mary, Bill, and I just got home from a wonderful birthday dinner for Dan (Outback, I had Trout with Shrimp and Lobster, the others were rib-eye gourmets), I made a faux-pas while trying to remove an intruder on one of our domains at Liquid Web. I thought I had copied the offending IP address and pasted it into the firewall rules. As I pressed the kill the bastard button, it crossed my mind that the IP address looked strangely familiar. Then, the web session froze. My ssh sessions crashed. As I read the IP address aloud, I realized… it was my IP address, still locked in the buffer from about 6 hours ago. Oops!
I went over to the support request panel and instead of just saying fix it, I composed the following trouble ticket message:
Well, I fat fingered a cut/paste and…. blocked myself from my VPS. As I wipe
the egg off my face, please remove xxx.xxx.xxx.xxx from the iptables.
I figured a little humor was in order. This is how the ticket thread ensued:
My name is Mark, and I will be assisting with the egg removal. I will be
logging in and checking out if in fact you re blocked in the firewall. I will
report back in just a moment.
Chuckling right along with me I see!
The IP xxx.xxx.xxx.xxx has been removed. Please let us know if you require
All done, I always take a moment to thank the ticket handler, not just close the ticket.
Thanks, Mark. Next time I will make egg salad! Feel free to close the ticket. Thanks again for superior service with humor!
I really am very happy with the technical support team at Liquid Web. Whether it be a simple question or not so simple problem to resolve, they always respond promptly, courteously, going the extra mile and answering the next question before it is asked, and, yes, now I can add, with a true sense of fun! Did I mention that the service is always at a 200% plus level and the pricing is reasonable, in fact, economical because of the commitment to the highest possible level of customer service? I highly recommend that everyone should consider this outstanding service provider!
On a side note: the Fred Flintstone graphic above is from a very interesting article on All Things D concerning your fingers and the errors they (you) make as related to the time of day!