WordPress 2.3.1 Upgrade

16 Nov 2007

I finally got all of the blogs I manage updated to WordPress 2.3.1, today. Several friends who also use WordPress had experienced some difficulties upgrading to 2.3.0, so I had held off on the updates on some of the blogs until these past 3 days. There were two of them that I had some very small problems with, but they were solved very easily. One of those was this blog, the one you are reading right now.

First, when I was updating my wife’s blog, I got all in a hurry and forgot to make a backup of the database first. Then, when I connected to the wp-admin/upgrade.php script and clicked on the Upgrade WordPress button, all hell broke lose. I had DB errors left and sideways (thankfully, not quite right, though). At that moment, I realized that, “I could really use that DB backup right about now.” Well, I didn’t have it, so I tried the export function from the admin interface and that worked. At least I had her posts (there was a brand new one, too, which wasn’t in the most recent backup file that I did have).
Read the rest of this entry »



Livna: Please, Keep Drivers in the Repo

15 Nov 2007

In dealing with nVidia and ATI drivers for Linux (both a kernel and X driver are needed), I’ve been using the Livna YUM repositories for Fedora to easily install them as RPMs using YUM.

I’ve run into trouble here and there as the Livna folks keep pulling RPMs from their repos for older versions of the kernels. At the very least, they should leave the kmod-* packages in there for the original kernels that shipped with each release. Then, people can install a release and get a good driver. I had to wait for about 3 weeks after I first put F7 on my home workstation (dual AMD Opteron) before I could get the nVidia driver from Livna because they didn’t have one for the older kernel packages and the newer kernels weren’t booting (turned out to be malformed initrd files, which I later fixed).

Yes, I understand that they take up some disk space, but it’s not really that much perhaps 100M per release to keep all kmod-* packages and their dependencies around.

Livna, if you’re listening, please, give us all the driver packages and don’t remove them. You don’t know which kernels are working for people and which aren’t, so you could really be making things pretty difficult for people.



sign-lots-o-keys

11 Sep 2007

On the last day of the Utah Open Source Conference 2007 (UTOSC), there was a PGP/GPG key signing party, hosted by Scott Paul Robertson. It was good to be able to get set up to properly sign so many keys, but it did give me a little problem; I needed to sign everyones’ keys with each of my 4 active keys. That would have been over 100 times running the gpg command. Sounds like something begging to be scripted, so I did.

I’m posting the script, which is still very rough, as I didn’t both taking any time when I whipped it up last night to take care of everything that it really should be doing. Still, I’ll work on it here and there, I’m sure. You can download it from http://www.openbrainstem.net/download/sign-lots-o-keys. If you feel like makeing some fixes, either post your patches (please, create them as a unified diff file, if you wouldn’t mind) and put a link in the comments here and/or on your own blog.

Enjoy!



No More Comments?

28 Jul 2007

After reading Dave Winer’s comments on blogging, in particular the parts where he discusses comments and their negative effects on a blog, I’ve decided to disable commenting in this blog. TrackBacks are still there.

Let’s see how this goes. If you would like to comment, you can’t post it on my site. Use your own blog and use a TrackBack to this article. Let me know what you think.

Personally, I’ve always preferred the idea of TrackBacks over comments. I just wasn’t quite sure how to explain (nor did I ever take the time to really think about) why I felt that way. So, thank you to Dave Winer for helping me quantify it.

Although I have configured this blog to not have the “Allow comments” option selected by default, existing posts which did have that option on should still permit comments. I will fix this by editing the DB directly. Hopefully, existing comments will still be visible once I do so.



WordPress 2.2.1

28 Jul 2007

Well, I’ve been running with WrodPress 2.2.1 for a while now. This was another update that screwed up the blogroll (I patched this in my code for 2.1 and 2.2).

But a new problem has surfaced with 2.2.1 in the admin interface; when loading the Dashboard or the Write or other pages which include wp-includes/js/jquery/interface.js, it freezes up my web browsers. I’ve tried it with Firefox, Opera, Konqueror & Safari, some on both Linux and Windows. The browser eventually lets me kill it (but I have to stop it 2 or 3 times) and then the page will finally load. In browsers where I have debuggers for JavaScript, I find this error:

Error: https://www.openbrainstem.net/blog/peregrine/wp-includes/js/jquery/interface.js?ver=1.2: Error: Error

It’s pretty frustrating trying to use my blog when the admin interface has some buggy JavaScript. I’m going to try to debug it, though JavaScript isn’t my favorite language. I’ll keep you posted if I find a fix.



OpenID Enabled

13 Jul 2007

Thanks go to Christer Edwards for encouraging me to deploy OpenID support on this blog.

If you have an OpenID account, you can now use it to comment and to register on this blog, without having to register on this blog. I haven’t required logins to commont on this blog since June of 2006, but still required commentors to fill in their name and email and optionally allowed them to include a URL for their own site. Now, these kinds of things can be done via your OpenID.

I didn’t activate the second WordPress plugin yet, as I haven’t registered an OpenID of my own, nor have I set up an OpenID server.

I’m thinking about standing up an OpenID server on OpenBrainstem. I’m not really sure about this yet, so I’m asking you, my readers, to weigh in on the idea. Post your views as comments to this post. Tell me why I should or shouldn’t run my own OpenID server.



Sorting SPAM

28 Feb 2007

I been using SpamAssassin for a while to help identify SPAM. About a week ago, I started seeing all messages that were being flagged as SPAM by SpamAssassin show up in my Inbox instead of in my SPAM folder.

Well, it irritated me enough a moment ago to actually take a look at the full headers of just such a message. Here are the headers added by SpamAssassin:

X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.8 (2007-02-13) on
       dark-templar.lamontpeterson.net
X-Spam-Level: ***********************
X-Spam-Status: Yes, score=23.0 required=4.0 tests=BAYES_80,DRUGS_ERECTILE,
       DRUGS_ERECTILE_OBFU,HTML_MESSAGE,RCVD_IN_BL_SPAMCOP_NET,URIBL_AB_SURBL,
       URIBL_JP_SURBL,URIBL_SBL,URIBL_SC_SURBL,VIA_GAP_GRA autolearn=no version=3.1.8
X-Spam-Report: 
       *  2.5 VIA_GAP_GRA BODY: Attempts to disguise the word 'viagra'
       *  2.0 BAYES_80 BODY: Bayesian spam probability is 80 to 95%
       *      [score: 0.8180]
       *  0.0 HTML_MESSAGE BODY: HTML included in message
       *  1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
       *      [Blocked - see <http ://www.spamcop.net/bl.shtml?201.83.176.249>]
       *  1.6 URIBL_SBL Contains an URL listed in the SBL blocklist
       *      [URIs: tersho.com]
       *  3.8 URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist
       *      [URIs: tersho.com]
       *  4.1 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
       *      [URIs: tersho.com]
       *  4.5 URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist
       *      [URIs: tersho.com]
       *  2.4 DRUGS_ERECTILE_OBFU Obfuscated reference to an erectile drug
       *  0.5 DRUGS_ERECTILE Refers to an erectile drug

(Now that’s one spammy piece of SPAM!)

OK, so I took a look at my ~/.mailfilter file on the server:

### SPAM
if ( /^X-Spam-Flag: *(yes|YES) / )
{
   to "$HOME/mail/.SPAM/"
}

Many of my readers may be eagle-eyed enough to spot the problem right away. If you said, “Hey, you’ve got a superfluous space after your closing parenthesis in your regular expression there,” then you got it.

That regex would match either “yes” or “YES” (they are case sensitive). I did this because at some point long ago, I had a rule on a system that used “yes”, but SpamAssassin today produces “YES” and I just didn’t want to have it missing stuff because of something like that.

I decided to further improve this regex so that it might be less likely I’ll have to “fix” it again:

### SPAM
if ( /^X-Spam-Flag: *[yY][eE][sS]/ )
{
   to "$HOME/mail/.SPAM/"
}

Problem solved.

BTW: the term SPAM originally came to be used in the computer world because of the Monty Python Spam sketch.



WordPress 2.1 Upgrade

10 Feb 2007

There were a few minor difficulties updating this blog to WordPress 2.1 Ella (reffering to Ella Fitzgerald). Over the past couple of weeks, I’ve slowly worked on fixing things. It looks like everything is the way it should be now.

There were some databases changes that weren’t handled very cleanly by the update script. I had to drop and recreate the DB from my backup (taken just before starting the upgrade process).

One of things that changed was the way that links are managed. The wp_linkcategories table was “replaced” with a new wp_link2cat table. Unfortunately, the upgrade script didn’t complete the conversion process.

Most of the work required to fix up my links was done within the management interface in my web browser. Not hard, but it took a few moments. One of the categories didn’t make it through the upgrade. Several others (but not all of them) from the categories list now show up, too. Upon further examination I discovered that the only categories that appeared were those which were not assigned to any posts, though, it appears in the UI that they intend all categories to be simultaneously usable for posts, pages & links. However, when I tried to assign a category which is in use for several posts to a link, that link no longer rendered.

The change from a separate set of categories for links to a unified categories system was certainly the right direction. It merely appears that testing of that part of the upgrade code wasn’t very thourough.

Writing this post, I discovered what appears to be a new auto-save feature. Every couple of minutes while the focus is in the post body input field, the auto-save kicks in and a text marker next to the save/publish buttons updates to say “Saved at h:mm:ss” (the time on this notebook). Nice!



TrackMeNot

15 Sep 2006

A few days ago, Peter Abilla published a post about TrackMeNot.

I had read about TrackMeNot a little more than a week before on Bruce Schneier’s blog, and so I already knew TrackMeNot was a flawed idea. Peter also makes some very good points in his post, but, unfortunately, it falls short of pointing out some of the more serious problems with TrackMeNot.

I’ll just summarize the problems here. For further explanation, read Bruce’s post:

  1. It does not hide your searches (they are still identifiable with you).
  2. It’s far too easy to spot (and therefore, far too easy for AOL and others to defeat) and it’s schedule is regular & fixed.
  3. Some of the generated searches are worse than what you would try to hide.
  4. It wastes lots of bandwidth, while returning absolutely no privacy or security benefit.

I like this quote from Bruce’s post:

Yes, data mining is a signal-to-noise problem. But artificial noise like this isn’t going to help much.



Web Browsers and Encryption

1 Sep 2006

While we’re on the subject of browser safety, please, everyone follow this advice: turn off SSL v2 support in every web browser you use. The default configurations of almost all web browsers still leave SSL2 support on for backwards compatibility. There is no such thing as a legitimate encrypted website that uses SSL2, which is completely insecure. Since there is a small flaw in SSL3 that can let an attacker trick any program using SSL3 into “falling back” to SSL2, if you don’t take my advice, you could be using SSL2 and not even know it.

I also disable all SSL3/TLS encryption suites that provide less than 128 bits of key and all 3DES (a.k.a. triple-DES, DES EDE mode or TDES) sets. This is not just because 3DES is insecure, but also because 3DES is so slow. It consumes significantly more processing time and doesn’t really provide much better security than standard CBC mode DES. It’s just not worth the overhead. In addition, there are several vulnerabilities in both 3-key & 2-key 3DES that significantly reduce the complexity to brute-force them. 3DES is not considered a safe protocol.

In their paper titled, “Key-Schedule Cryptanalysis of IDEA, G-DES, GOST, SAFER, and Triple-DES“, John Kelsey, Bruce Schneier and David Wagner describe one weakness found in 3-key 3DES that isn’t present in 2-key 3DES (among other interesting things).

From what I’ve read in the past about browser 3DES support, although nearly all browsers say they use 168 bit 3DES keys (3-key 3DES), many actually use(d) 2-key 3DES (112 bit). I’m not sure how true or false this is in modern browsers, I’ll have to do further research to find out.