Updates

  • John Walker posted an update in the group Group logo of UpdatesUpdates 3 hours, 41 minutes ago

    2018 December 12

    Published the changes of Builds 228-232 on GitHub.  This
    encompasses all of the builds related to the WordPress 5.0
    migration.
    
    Brought the local repository mirror on Juno into synchronisation
    with the master on GitHub.
    
    Confirmed that the obsolete "Ratburger t2" instance, terminated
    yesterday, has actually disappeared from the list of instances
    in the EC2 management console.
    
    The avatars of users who liked a BuddyPress group post or
    comment were run together horizontally.  This was due to a
    "margin: 0;" rule in (deep breath):
        #buddypress #activity-stream…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 11 hours, 41 minutes ago

    I have just installed the version 3.5.2 update to the WP ULike plug-in which manages “likes” on posts and comments. This update makes major changes to the JavaScript files and CSS style sheets used to manage and render likes. If something seems to look or behave oddly, please try clearing your browser cache (Ctrl-Shift-Del on most desktop browsers) and reload the page to see if that clears up the problem. Full details will be in the regular post on this group at midnight.

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 day, 4 hours ago

    2018 December 11

    Committed the changes to delete the "twentyfifteen" theme. This
    is not strictly a WordPress 5.0 change, so I made it a separate
    commit from the bulk of the WordPress 5.0 update. The
    "twentyfifteen" theme was removed from the WordPress 5.0
    distribution, so a clean install of 5.0 will not include it, so
    deleting the theme from our installation makes us compatible
    with a pure 5.0 environment.  All of this is moot because we
    never used twentyfifteen at all (the "ratburger_devel" theme we
    run is derived from twentysixteen).  The changes are pure
    deletions of the theme…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 2 days, 3 hours ago

    2018 December 10

    Here is the draft plan for migrating the production site to
    WordPress 5.0.
        1.  Install the Classic Editor plug-in in the
            ~/plug directory of the production site, but
            do not activate it.  This will expedite activating
            this plug-in after the migration.
        2.  Impose the IP restriction in ~/rb/.htaccess.  This
            will prevent user access during the migration
            process.
        3.  Make an AMI backup of the production site, with
            reboot.  This provides absolutely clean snapshots
            of the system prior to the migration.…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 2 days, 12 hours ago

    Blast from the Past

    It has been exactly a year since the Ratburger.org site became operational on 2017-12-10 and the first member (non-administrator) account was registered. In commemoration, here is the system narrative of the moment of creation, starting when the project began on December 9th and continuing through the 10th. Because the Updates group was not created until later, these entries have never before been posted on the site.

                                   Experimental Discussion Site
                                         Project Narrative

    2017 December 9

    Began work,…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 3 days, 3 hours ago

    2018 December 9

    From now on, I'm following the instructions in the testsite.txt
    checklist, and will not describe the details except when I
    diverge from the procedures therein.
    

    Started the Ratburger Test instance. It came up normally. Set the /etc/hosts entry for raw and the DNS for raw.ratburger.org. Verified SSH access to both. Stopped httpd on the server. Set the hostname to "raw".

    Patched the MySQL database to change the site name in internal URL references.

    To bring the test system into sync with the production system (recall that the snapshots from which its volumes were…

    [Read more]

    • It sounds like a pretty full day. Congratulations on one year of hosting, and doing so with style. Cheers!


      Users who have liked this activity:

      • avatar
  • John Walker posted an update in the group Group logo of UpdatesUpdates 4 days, 3 hours ago

    2018 December 8

    Performed a:
        service iptables save
    to preserve the firewall rule changes across the next reboot.
    
    Made a mirror backup to Juno.
    
    Made a backup AMI:
        Ratburger Backup 2018-12-08  ami-005cd7136ef673706
            /           snap-08e6c09f4499ed9b9
            /server     snap-08515542bda6af362
    
    Installed all pending update packages: 24 in total, 1 for
    security including a new kernel and mariadb.
    
    Rebooted at 14:28 UTC.  The system had been up for 26 days.
    
    The system came up normally after the reboot.  We are now
    running on kernel 4.14.77-86.82.amzn2.x86_64.
    
    This is a…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 5 days, 4 hours ago

    2018 December 7

    This article (scroll down to "Amazon Linux 2"):
        .https://superuser.com/questions/1072408/how-to-install-lets-encrypt-on-amazon-linux/1124409#1124409
    claims to show how to install Letsencrypt certbot on AWS Linux 2
    from the Fedora EPEL repository.
        yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
        yum-config-manager --enable epel
        yum install certbot
        certbot certonly --standalone -d yourdomain.com
    A comment says you must also:
        yum install python26-virtualenv.noarch
    before it will run.  I haven't tried this yet;…

    [Read more]

    • I have used the revert to draft feature on a couple of posts. Primarily because immediately after posting I saw I had not done paragraph breaks properly, or spotted a typo I had missed while proofreading. I hope it is a feature you can keep. Otherwise I will have to bug 10 Cents to fix my fat thumbs errors.


      Users who have liked this activity:

      • avatar
    • When the revert to draft feature was implemented on 2017-12-12 there was no way for members to edit published posts. This is standard WordPress behaviour; once a post is published, only an Administrator can edit it, not its author. In standard WordPress, if you grant somebody the ability to edit published posts, that gives them the ability to edit all posts, not just their own. This is completely crazy, of course, but, hey, it’s WordPress—what do you expect?

      On 2018-02-11, I added code to allow members to edit their own published posts, without letting them edit posts by other p…[Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 6 days, 4 hours ago

    2018 December 6

    Well, today is the big day: the day WordPress has
    promised/threatened to drop the Big One: WordPress 5.0.  I would
    think, given the probable reaction among the WordPress community
    to this forthcoming Tower of Bungle, that tomorrow would be a
    more appropriate choice, but perhaps they want to awaken the
    sleeping giant on less sleep.
    
    Anyway, the new release has not yet dropped as of this writing,
    so as a warm up the plug-in developers have been issuing more
    "fixes to fixes" [or in some cases fixes(n) to fixes(n-1)] just
    to keep administrators occupied.  Let's try to…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week ago

    2018 December 5

    We have another mad login storm attack underway.   This one was
    detected and logged as:
        Block 2018-12-05T21:23:01 80.211.1.203 login
    The IP address resolves to a block belonging to Aruba S.p.A. of
    Ponte San Pietro (BG), Italy.  Despite the fancy name ("Aruba
    S.p.A. - Cloud Services IT1") this is just a class C IP block,
    no larger than Fourmilab's.  The IP address was automatically
    blocked by gardol_wp.  In the following half hour, the blocked
    IP address hammered in 7136 login packets.
    
    Available memory is holding around 2600000.  Whatever was
    hitting memory back…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week, 2 days ago

    2018 December 3

    The billing statement from AWS for November arrived today.  It
    confirmed that as of 2018-11-03 we have been running on a
    t3.medium reserved instance which, as calculated, reduced the
    effective hourly CPU charge for the site by 33% over the
    previous on-demand charge.  There should be no more monthly CPU
    charges for the site, as they are covered by the yearly up-front
    payment for the reserved instance.
    
    Updated the WP Mail SMTP plug-in (again!) to version 1.4.1. This
    fixes a bad quoting bungle in the last update (backslashes in
    passwords did not work correctly) and…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week, 3 days ago

    2018 December 2

    The BuddyPress update has now run for more than 24 hours without
    any apparent problems so I committed the changes to the Git
    repository (Build 223) and published them to GitHub.
    
    Starting at 20:33 UTC we started to get warnings from
    watchMem.pl about low free memory.  It reported 1437192, below
    our threshold of 1500000.  There were only the usual 13 php-fpm
    processes, so at first I thought it might be a bloat of mysqld,
    so I restarted it with:
        systemctl restart mariadb
    but that didn't help.  I then performed a:
        systemctl restart php-fpm
    and free memory…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week, 4 days ago

    2018 December 1

    Well, there hasn't been a panic patch update to the BuddyPress
    4.0.0 release, so I decided to have a go at integrating our
    local code and installing it.  There were a total of 101 files
    modified and 10 added in this release.  All of the local code
    was integrated without any conflicts.  As always, when
    integrating local code into:
        buddypress/bp-templates/bp-legacy/js/buddypress.js
    it is necessary to run:
        minify buddypress.js
    to create the buddypress.min.js which is actually used.
    
    I didn't see anything in the changes which looked serious.
    There's some code…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week, 5 days ago

    2018 November 30

    Updated the WP Mail SMTP plug-in (directory name wp-mail-smtp)
    to version 1.4.0 from version 1.3.3.  Despite the jump from 1.3
    to 1.4, this is a minor update, the only parts of which affect
    us is updating the Google client authentication libraries to the
    latest version.  (The old version was working fine, however.)
    We have no local code in this plug-in.   This update modified 89
    files and added 10 new files. Sent a test E-mail to my account
    and it was sent and received successfully.
    
    Today gardol_wp, running in "locked and loaded" mode, did its
    thing when a login…

    [Read more]

    • Very good. Congratulations on successful programming, and thanks again for vigilant site management.
      Thanks also for sharing these update reports.

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week, 6 days ago

    2018 November 29

    The BuddyPress developers have excreted a new update, jumping
    from version 3.2.0 to 4.0.0.  This does not claim compatibility
    with the forthcoming dreaded WordPress 5.0, but rather is an
    update for the current 4.9.8.  Despite the jump in version
    number, the content appears relatively minor: GDPR faffing
    about, changes to their stupid "Nouveau" template (which we
    don't use), and the like.  Here is the complete list of changes:
        .https://codex.buddypress.org/releases/version-4-0-0/
    This doesn't look like a big leap to install, but as with
    anything from these guys,…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 2 weeks, 1 day ago

    2018 November 27

    A couple of days ago the "At a Glance" panel in the
    administrator Dashboard/Home panel apparently spontaneously
    moved from the top, where it had been since inception, to below
    the "Activity" panel.  This was a complete mystery because there
    hasn't been any change to the WordPress core code since
    2018-10-26 and that wasn't vaguely related to the administration
    panel.  It turns out that you can move the items in the
    Dashboard/Home panel around by grabbing the title bar of the
    item and dropping it in a new location.  I can only assume that
    some other administrator…

    [Read more]

    • I thought you were going to block that entire block of addresses? The likelihood of a legitimate user getting one of those addresses is vanishingly low.
      Thanks again for your work to keep Ratburger.org a pleasant corner of the internet. It is nice to be a Ratburgher.

  • John Walker posted an update in the group Group logo of UpdatesUpdates 2 weeks, 5 days ago

    2018 November 23

    We've now had three consecutive backups, two of database only
    and one of database plus files, run since the installation of
    the UpdraftPlus version 1.15.5 update.  It looks like the update
    is working fine, so I committed the changes to the repository
    (Build 221) and published to GitHub.
    
    We caught another login crack storm with gardol_wp at 17:56 UTC.
    The log entry was made successfully and I manually blocked the
    IP address which was from the same IP block in China as
    yesterday's.
    
    Installed:
        yum install whois
    The whois client will be used by gardol_wp to dump…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 2 weeks, 6 days ago

    2018 November 22

    Today we got the first detections of login storm attacks from
    gardol_wp: three from China, Italy, and another from China
    registered to an IP block named, I kid you not, "wuxi jiangyin
    praises delighted water scrubbing revenue stamp Ltd."  I
    manually muzzled the IP addresses.  I noted, however, that
    entries in the /server/log/gardol/gardol_wp_log file did not
    appear as the muzzle commands were issued (currently printed
    only) for these IP addresses.  What I think is going on is that
    I neglected to set the LOG output stream to unbuffered, so the
    short log entries were…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 3 weeks, 6 days ago

    2018 November 15

    Began the development of an automated defence against denial of
    service and password-cracking login storm attacks.  This is an
    external program that monitors the HTTP server's access_log file
    like the original Gardol program developed during the
    distributed denial of service attack against Fourmilab in early
    2004.
        .http://www.fourmilab.ch/documents/security/incidents/ddos_2004-01/
    I did not actually use code from Gardol, but rather re-purposed
    the log monitoring code from Logtail:
        .http://www.fourmilab.ch/webtools/logtail/
    as it is cleaner and in a more…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 4 weeks ago

    2018 November 14

    Installed the Login LockDown plug-in:
        .https://wordpress.org/plugins/login-lockdown/
    This detects bad log-in attempts and, after 5 failures (this is
    configurable), locks out the IP address from log-in attempts for
    60 minutes (also configurable).  Note that this simply blocks
    access to the log-in page, so a mindless bot which simply keeps
    pounding away will still litter the access log with its
    attempts.  The plug-in maintains an Activity list which shows
    blocked IP addresses, and this can be used as a guide to
    firewalling offenders. This plug-in can serve as the…

    [Read more]

  • Load More