End the War on Freedom - Webmaster stuff

Near Disaster

Wed, 03 Sep 2008 05:37:49 -0500

You may have noticed that you couldn't get to this site yesterday. I inadvertently allowed the billstclair.com domain to expire. Fortunately, I caught it before my registrar sold it to a domain parking service. Whew!

Mibbit

Fri, 22 Aug 2008 11:13:41 -0500

Mibbit is a web-based IRC client. Very nicely done AJAX code. Has a wizard to set up an embedded chat or a link to a server and channel that you pick. I added a Mibbit link to the Trubanc home page pointing to the #Trubanc channel on irc.freenode.net. There's an embedded chat below:

Debugging SSL Connections

Tue, 24 Jun 2008 19:24:59 -0500

I've had a little trouble with the SSL certificate for this site and for some sites for which I do technical maintenance. I wrote up a little about that in Intermediate SSL Certificates. Well, I asked my web hosting provider to install the intermediate certificates for another web site that is also using a GoDaddy certificate. They said that they had done it, but I was still getting warnings in Safari, on both my Mac and my iPhone. So I did some Googling, and found some simple Java code that I could modify, and enable debugging while running, to show the SSL handshake during a connection to a web site.

I have uploaded that code as billstclair.com/blog/images/ssltest.zip. The zip file decompresses into the "ssltest" directory, containing the following files:

ssltest	a bash script to run the java program
ssltest.class	the compiled version of the Java program
ssltest.java	the source code for the Java program
ssltest.zip.sh	a bash script to create ssltest.zip

You're certainly welcome to look at the Java source, and change it to your liking, but to use the program, you just need to cd to the ssltest directory in your shell, and type the following:

Quote:

./ssltest billstclair.com

Or change "billstclair.com" to your favorite SSL-enabled web site. It prints quite a bit of stuff, but the most interesting to me were the lines beginning with "chain [", which show the certificate and the intermediate certificates, if any.

I didn't include an ssltest.bat file for Windows, because I have no way to test it, but it should be pretty obvious how to convert the bash script into a Windows batch file.

Enjoy!

Intermediate SSL Certificates

Wed, 18 Jun 2008 07:20:03 -0500

At the end of January, I installed an SSL certificate on this web site. I initially got a free certificate from cacert.org. That worked, but I had to tell my browsers to import their root certificate in order to stop security warnings. So I switched to a GoDaddy certificate, thinking that it would work. Same problem. Well, yesterday I installed a GoDaddy certificate at another site, and this time I read GoDaddy's instructions (may require an account). Turns out that they, and many other SSL vendors, don't sign their certificates with their root certificate authority (CA). They use an intermediate certificate, which establishes a chain of trust to the root CA. That intermediate certificate needs to be installed on the web server. Today, I asked the Site5 folks to install that intermediate certificate, and, voila, no more browser complaints. Unfortunately, my iPhone still complains. Guess it's missing the root of the chain, the "Go Daddy Secure Certification Authority", or Apple left out the intermediate certificate part of the validation process. Sigh...

SSL Access Available

Thu, 17 Jan 2008 03:41:42 -0600

Well, I finally paid the $15 that site5.com charges to install an SSL certificate, so you can now get get encrypted access to this site.

https://billstclair.com/blog/

You will likely get a warning that the Certificate Authority (CA), CAcert.org, is unknown to your browser. That's the drawback of using a free CA. There will likely be an option to add their certificate. Do it if you want to get rid of the warning (and warnings for similar certificates from other web sites).

If you say www.billstclair.com, you'll get a warning, every time you visit here after relaunching your browser, that the domain doesn't match the certificate. So don't do that unless you like the warning.

Web Site Nearly Wiped Out

Fri, 11 Jan 2008 06:23:14 -0600

I decided to add --delete-after to an rsync command last night to keep one of my directories exactly matching the version on my local disk. Problem is, I was doing the rsync from that directory's parent, which had nothing else in it. So rsync started deleting files and directories at the top-level. Fortunately, I had -v in the command, so I saw this, and was able to stop it before everything was gone. Also, fortunately, most of the changes since I switched from my nearlyfreespeech.net hosting were either in the Drupal database, that this blog uses, or in one of two directories on my local disk. And I never shut down the old hosting location. So between those three places, and about an hour of my time, I believe I've restored everything. All the top-level links at billstclair.com work. And this blog. rsync'ed everything back to the backup location afterwards, to make it easier should I do something incredibly stupid like this again. Whew!

New Web Hosting Service

Wed, 02 May 2007 20:12:41 -0500

I've been very happy with NearlyFreeSpeech.net (NFS). They've been serving billstclair.com for quite a few years now. But my bandwidth has risen to a gigabyte a day, which means a dollar a day for NFS' hosting. That's $30/month. I was clued into a new hosting service by one of the guys on the Linkinus IRC channel (Linkinus is a nice Mac OS X IRC client). I can get more bandwidth for $10/month there than I'm getting for $30/month at NFS. They don't have the free speech philosophy of NFS, and I don't know yet how their reliability and speed will compare, but so far they look faster, and money is tight. I can go back pretty easily, should that become necessary.

Anyway. I hope you enjoy my new home. Same domain, same politics, different web service provider: Site5.com.

Liberty!

Shift of Blog Energy

Sun, 03 Dec 2006 18:30:47 -0600

I'm spending a lot of my blogging time at my iMac Pr0n Blog these days. Don't know how long it will last, but at least until configuration of my new machine slows down.

Drupal, the blogging engine I use for this site, is very nice, but I must admit that I like the simplicity of BlogMax, which I'm using again at the iMac Pr0n Blog.

Drupal Duplicate Sessions Issue

Fri, 06 Oct 2006 15:00:17 -0500

fbomb at drupal.org - this blog was showing "You are not authorized..." messages today, on every page. I discovered the cause. I must have twice posted a delete request for a disapproving a spam user, and this had the side-effect of deleting user 0, the anonymous user, from my database. This caused the "not authorized" message and also a duplicate key database error on attempting to log in. ejk posted the fix:

Quote:

INSERT INTO users (uid, name, mail) VALUES ('0', '', '');

INSERT INTO users_roles (uid, rid) VALUES (0, 1);

Captcha Comments Replace Spam Filter

Wed, 12 Jul 2006 11:00:42 -0500

I've installed Drupal's Captcha module (completely automated public Turing test to tell computers and humans apart). This forces you to transcribe some random text, designed to be hard for computer programs to grok, to post an anonymous comment or to register. If you register, you will be able to post comments without the Captcha nonsense.

This should stop automated comment spam. It won't, however, stop rooms full of low-paid workers posting spam. We'll discover soon which is my problem.

I hate Captcha strings, since I often have a hard time decoding them. These don't appear to be too bad. Please let me know how they work for you, either by comments to this post, or via email to bill@billstclair.com (or to billstclair@gmail.com if my web hosting mail forwarder doesn't like your email server).

The captcha module is at http://drupal.org/project/captcha

Spam Comments Abound

Thu, 29 Jun 2006 05:24:07 -0500

The spam comments are getting out of hand. My spam filter can't distinguish them from the real comments anymore, so it's marking all comments as spam. I can still distinguish them, though, most of the time, so don't stop commenting just because you don't see your comment until I approve it.

I've closed comments on the Hitler thread. This was beginning to look like "All Hitler, all the time." Not a pleasant prospect from my perspective. So all you Hitler lovers and Hitler lover haters. Chill.

Burning the Midnight Oil

Fri, 12 May 2006 06:02:39 -0500

My posting frequency has gone down a bit of late. I've been working late at night on the Puppy Linux 2.0 Alpha. I got my ipw2200 wireless networking interface to work, and found a bug in the code that makes file system changes, initially memory-resident, persistent. Today, I'll be installing Ruby and getting my S3 code to work (it'll probably "just work").

Remember, I've been a computer hacker for a lot longer than I've been a political hack.

Membership moderation enabled

Mon, 08 May 2006 20:42:49 -0500

I got a lot of bogus registrations today, so I've turned on moderation for new members. You can still join, but your account won't be active until I review it. Very few of my regular readers have chosen to register anyway. There are a few benefits to registering:

You can post forum entries
You won't have to type your name and email address to comment
You can disable some of the side blocks, e.g. the banners

911 Timeline Moved to S3

Sun, 19 Mar 2006 09:45:15 -0600

I finished moving my mirror of Paul Thompson's 911 Timeline to S3. billstclair.com/911timeline now redirects to a page documenting the move. All other links to the timeline automatically redirect. Apache's Redirect and RedirectMatch directives at work.

Next step in my S3 Ruby library: streaming upload of files and web URLs and download of files. The current Amazon-provided library requires objects to fit in memory.

Spam Filter Added

Wed, 01 Mar 2006 17:14:06 -0600

I installed and enabled Jeremy Andrews' Drupal Spam Module 2.0, to attempt to get rid of the online poker comment spam that started appearing en masse today. It uses a Baysesian filter, plus some counts to flag spam. t will notify you if your comment is flagged as potential spam. It also sends me email, so I'll unmark anything that is obviously mischaracterized. Hopefully, it will just work (famous last words).