Updates

  • John Walker posted an update in the group Group logo of UpdatesUpdates 6 days, 6 hours ago

    2019 October 17

    Updated the WP Twitter Auto Publish plug-in to version 1.4.1.
    This update consists of a trivial feature (remembering the
    Twitter publishing preferences from post to post) used as the
    justification for an undocumented grab-bag of code aimed at
    up-selling users of this free plug-in to the "premium" products
    from its creators.  Our only local code in this plug-in is a
    comment which explains to the unwary that you must have a PHP
    plug-in installed to avoid mangling of URLs in tweets which
    contain UTF-8 characters.  It did not conflict with other
    changes in the same file.…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week ago

    2019 October 16

    In the next attempt to figure out where the embedding of media
    URLs in the Post editor occurs, I decided to try removing the
    plug-ins loaded into TinyMCE one by one and see if one of them
    broke the embedding.  We'd already established that "media"
    didn't do it, so I started down the list of suspects.  Pulling
    "wordpress" and "wplink" did nothing as well, but when I disabled
    "wpview" the embedding stopped and the URL was just linked as
    was happening in my experiments with the comment editor.
    

    The HTTP log had grown to 2.7 Gb since it was last cycled on 2019-04-02, so…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week, 1 day ago

    2019 October 15

    Performed an experiment which occurred to me overnight.  I
    modified the code in functions.php to entirely drop out the
    TinyMCE RB_media and the standard media plug-ins and then tried
    pasting a YouTube link.  It still worked!  So this is, indeed, a
    case of misdirection, in fact the grandest one I've encountered
    since I began my regrettable acquaintance with WordPress.  As of
    now, I have no idea whatsoever where the live expansion of
    pasted media links is happening, and can only say for sure that
    it doesn't happen in the 1166 line media.js which is chock-full
    of code…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week, 2 days ago

    2019 October 14

    I am now pretty much sure that the real-time embedding of oEmbed
    links in TinyMCE is performed in:
        ~/rb/wp-includes/js/tinymce/plugins/media/plugin.js
    There is a function called matchPattern() which applies a set of
    regular expressions matching embeds. Note that this checks for a
    relatively small subset of sites compared to those which
    WordPress embeds.  But, a further mystery: this list contains no
    URL for Twitter, and yet Twitter embeds are expanded in real
    time by TinyMCE.  The word "twitter" appears nowhere in the
    TinyMCE directory tree.
    
    One step back....…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week, 2 days ago

    2019 October 13

    Put a probe in ~/theme/functions.php function
    ratburger_filter_tiny_mce_before_init() and confirmed that it is
    being called when I compose a comment, indicating teeny mode is
    off, and that the same list of plug-ins are being used for the
    Post and comment editors.  Further, the complete list of TinyMCE
    options appear to be identical for Posts and comments.
    
    Tried explicitly setting:
        $options['media_live_embeds'] = true;
    in ratburger_filter_tiny_mce_before_init().  Didn't do a thing.
    
    I give up.  I left the code in:…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week, 4 days ago

    2019 October 12

    In the next futile attempt to improve the handling of
    composition of comments, I tried switching the wp_editor()
    invoked by tinymce-comment-field from "teeny" mode to the
    regular mode used by the Post editor.  I added code to
        ~/plug/tinymce-comment-field/controller/class-editor-controller.php
    which only executes for RB_me(), which invokes the editor with:
        wp_editor('', 'comment',
                  array('textarea_rows' => 15,
                        'teeny' => false,
                        'quicktags' => true,
                        'media_buttons' => true,…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week, 5 days ago

    2019 October 11

    It's "fixes to fixes" time again!  Yesterday, we installed the
    version 191009 update to the Subscribe to Comments Reloaded
    plug-in.  Today, the honk nose and silly shoe troupe deliver its
    replacement, version 191011, which fixes a bungle in one of the
    files which littered the error_log with PHP warning messages for
    some users (apparently running a configuration different than
    ours, since I didn't see them--probably it only happens for
    sites running ancient versions of PHP, as so many WordPress
    sites seem to do).  After reviewing and syntax checking the
    code, I…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week, 6 days ago

    2019 October 10

    Updated the Subscribe to Comments Reloaded plug-in to version
    191009.  This is a minor update whose major change consists in
    adding the ability to import subscriptions from another plug-in
    which we've never used.  They fixed a quoting problem in
    handling options, and there was vast faffing around with the
    text of comments, since something seemed to possess them to get
    rid of proper capitalisation in comments.  We have no local code
    in this plug-in, so after syntax checking it, I simply applied
    the update kit.  I then checked all of its configuration…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 2 weeks ago

    2019 October 9

    Trying to figure out why YouTube links intended to be embeds are
    getting wrecked when pasted into comment composition boxes, the
    first stop is function autoembed() in:
        ~/plug/tinymce-comment-field/controller/class-comment-controller.php
    which passes the body of the comment to $wp_embed->autoembed($text);.
    I added a probe in this function, which revealed that the link
    has already been wrapped by the {a} tag when the function is
    called. So, it's happening somewhere lower on the totem pole.
    
    Next we look for places it might be pattern matching URLs and
    find…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 2 weeks, 1 day ago

    2019 October 8

    Saved copies of the current iptables block lists:
        super
        service iptables save
        service ip6tables save
        cd /server/var/gardol
        cp -p /etc/sysconfig/iptables iptables_save_2019-10-08
        cp -p /etc/sysconfig/ip6tables ip6tables_save_2019-10-08
        chown kelvin:kelvin *_2019-10-08*
        chmod 444 *_2019-10-08*
    
  • John Walker posted an update in the group Group logo of UpdatesUpdates 2 weeks, 2 days ago

    2019 October 7

    Updated the User Role Editor plug-in to version 4.52.  This is a
    very minor patch to correct another bungle in the idiotic
    "Multisite" feature which is a pathetic nest of bugs which we
    fortunately were not foolish enough to use.  We have no local
    code in this plug-in.  After running ./chk, I installed the
    update kit and looked around; everything seems to be OK.
    
    Committed the User Role Editor plug-in update (Build 356) and
    published the changes to GitHub.
    
  • John Walker posted an update in the group Group logo of UpdatesUpdates 2 weeks, 6 days ago

    2019 October 3

    Updated the WP RSS Aggregator plug-in to version 4.15.2.  This
    is a minor update which fixes a number of bugs which didn't
    affect us.  The only functional change is to sort the feeds in
    alphabetical order.  The README.md file in the plug-in's root
    directory, which appears not to have been maintained, was
    deleted. We have no local code in this plug-in.  After
    installing the update kit, I checked the settings and list of
    feeds and everything appeared to be OK.  As usual, I will wait
    for tonight's scheduled feed update before committing the
    changes.
    
    The WP RSS…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 3 weeks, 1 day ago

    2019 October 1

    Well, it happened: BuddyPress dropped the 5.0.0 update today.
    This is described as a "major feature release".  In fact, the
    only signficant change is a new REST API which lets other
    programs twiddle with objects inside BuddyPress, allowing
    developers to stack ever more fragile tiers of hacks and kludges
    on top of the already tottering WordPress and BuddyPress.  As we
    won't be using this, we can only hope that adding it didn't
    break something we do use.  They have also massively messed
    around with the way group invitations and membership requests
    work, but since we…

    [Read more]

    • So far so good.
      Ratburger.org continues to be a stable and reliable corner of the internet.
      Many thanks.

  • John Walker posted an update in the group Group logo of UpdatesUpdates 3 weeks, 2 days ago

    2019 September 30

    Updated the Login Lockdown plug-in to version 1.8.1.  This
    update consists of cosmetic changes and adding support for
    language translation (but no actual translations).  We have no
    local code in this plug-in.  After installation I visited the
    Settings page and everything looked all right.
    
    Committed the Login Lockdown version 1.8.1 update (Build 353)
    and published the changes to GitHub.
    
  • John Walker posted an update in the group Group logo of UpdatesUpdates 3 weeks, 3 days ago

    2019 September 29

    Received the following rather condescending reply from AWS to
    the request for reverse DNS for our Elastic IP address.
        Hello,
    
        Thank you for submitting your request to have the email
        sending limit removed from your account and/or for an rDNS
        update.
    
        In order for us to proceed with your request, we require the
        following information:
    
        ***Please provide a detailed statement indicating how you
        intend to ensure this account is not implicated in sending
        of unwanted mail. (Please provide preventative measures)
    
        Please reply directly…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 3 weeks, 4 days ago

    2019 September 28

    It's been 21 months since I ran an audit on our support of
    SSL/TLS/https with:
        .https://www.ssllabs.com/ssltest/analyze.html?d=ratburger.org&hideResults=on
    I re-ran it, and we again scored A+ on both IPv6 and IPv4. It's
    worth running this every now and then because occasionally
    vulnerabilities are discovered in older, little-used variants of
    SSL/TLS implementation which require disabling near-obsolete
    protocols in order to maintain the A+ rating.  In this case,
    that hadn't happened.
    

    The SSL audit revealed that we did not have a CAA record in the DNS entry for…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 3 weeks, 5 days ago

    2019 September 27

    It has now been more than two weeks since the Akismet plug-in
    was deactivated and there have been no adverse consequences.
    The Akismet site account page:
        https://akismet.com/account/
    shows zero active sites on the API key, as it removes
    activations after 14 days with no queries.  I went ahead and
    cancelled the subscription so it won't auto-renew on December
    19th.  The account status page now shows:
        You don't have any active subscriptions. Add one now
        to get your API key.
    so it appears the bloodsucker is finally staked.  Received
    cancellation…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 month, 1 week ago

    2019 September 16

    Added optional fields to the account registration page:
        Location
        How did you discover Ratburger?
        Web Site
        Twitter Handle
    These are part of a user's profile and may be edited at any
    time.  The "How did you discover Ratburger?" is visible only to
    the user and administrators, while the others are public.  The
    main purpose of these is to aid in background checks of new
    users before approving them and granting Contributor status.
    Spammers are unlikely to fill out these fields, or else a spam
    robot will fill them with spammy things.  This is a…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 month, 1 week ago

    2019 September 14

    Overnight we appear to have caught up with the login flood
    attackers and the rate of attacks slowed to a trickle.  I saved
    the firewall block list again to capture the additions.
    
    Went through posts on Admin Comm and manually re-applied all of
    the manual firewall blocks of spammer ISPs which were lost in
    yesterday's crash.
    
    Made a mirror backup to Juno.
    
    Made a backup AMI:
        Ratburger Backup 2019-09-14  ami-0904493c380bac2ba
            /           snap-0b706d93ecf69ffc4
            /server     snap-0df88d40bf821568f
    Because we made a snapshot after the crash recovery…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 month, 1 week ago

    2019 September 13

    At 22:20:32 the system became nonresponsive to external
    requests. It continued to respond to ping, but HTTP, SSH, etc.
    all timed out.  The only thing unusual in the /var/log/messages
    before the freeze was:
        Sep 13 20:20:26 ip-172-31-24-57 php-fpm[4597]:
            [WARNING] [pool www] child 20087 said into stderr:
            "php-fpm: UnableToAcquireString `Cannot allocate memory'
            @ fatal/string.c/AcquireString/135."
        Sep 13 20:20:27 ip-172-31-24-57 php-fpm[4597]:
            [WARNING] [pool www] child 20087 exited with code 1 after
            922.034162 seconds…

    [Read more]

  • Load More