John Walker

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 day, 6 hours ago

    2020 February 21

    Updated the WP ULike plug-in to version 4.1.6.  This update was
    released on 2020-03-16, just three days after 4.1.5, and was, as
    usual, mostly fixes to flaws in the previous attempt, some ratty
    "pro" features, and trivialities such as changing the version
    number (and nothing else) in comments in numerous files.  A
    total of 42 files were modified, with the majority being
    language translation files we don't use.  There were no changes
    in the three files in which we have local code, so I simply
    removed them from the update kit so our local versions will
    remain in…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 6 days, 5 hours ago

    2020 February 16

    The version 2020.1.3 update to the Stop Spammers plug-in,
    installed on 2020-02-14, has a surprise Valentine's Day massacre
    for administrators.  The plug-in adds a line to the Dashboard
    page if there are Allow Requests pending, with a link that's
    supposed to take you to the Allow List management page.  The
    link is:
        https://www.ratburger.org/wp-admin/admin.php?page=ss_allowrequests
    But with the "enhancement" of the administration pages in the
    update, this is incorrect and whacks the user with a
        Sorry, you are not allowed to access this page.
    white screen of…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week, 1 day ago

    2020 February 14

    Our "wp_update.pl" program, which prepares update kits for
    WordPress and plug-in update installations, did not correctly
    handle file names containing spaces.  The fine people at Stop
    Spammers saw fit to include two such files in their latest
    update, associated with the "pro" version they are launching.  I
    added appropriate quoting to commands executed by the program so
    these idiotic file names will work.  Of course, this meant I had
    to install the modified program in all of the update work
    directories.  Maybe it's time to move it to a parent directory
    and run it…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week, 2 days ago

    2020 February 13

    Updated the WP ULike plug-in to version 4.1.5.  Yep, that's
    right, I didn't wait long enough for the next shoe to drop. 
    This time we have 41 files modified to add some unnecessary
    premature optimisation of MySQL requests, fixes to fixes from
    the last release, lots of files modified just to change the
    version number, and a load of changes to localisation files. 
    The two deleted files were GitHub documentation files
    accidentally included in the previous update.  There were no
    changes in the two files in which we have local code, so
    integration was straightforward.  I…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 week, 4 days ago

    2020 February 11

    WP ULike released the version 4.1.4 update a few days ago and
    there hasn't been the sound of another shoe dropping, so I'm
    going to go ahead and install it.  Although this plug-in has
    been extensively modified and is at the heart of our custom
    notifications system, all of the notification local code is in a
    single file, ~/plug/wp-ulike/inc/general-hooks.php.  The only
    other local code is to fix validation errors in
    ~/plug/wp-ulike/assets/css/wp-ulike.css and its minimised evil
    dwarf twin, and since there were no other changes to these files
    since the previously…

    [Read more]

  • John Walker posted a new activity comment 1 week, 4 days ago

    After further investigation, this turns out to have been the consequence of a configuration setting which was lost when the WP ULike version 4.1.3 “update” was installed on 2020-01-27. That version revamped the administration pages and, of course, lost all settings and customisation made in earlier versions. One of the things lost was the setting to restrict likes and unlikes only to logged-in users. I restored this setting, and it should now behave correctly. Full details will be in the Updates Group post at midnight.

  • John Walker posted a new activity comment 1 week, 4 days ago

    The WP-ULike plug-in that we use to handle likes does not require a user to be logged in to like or unlike something. If a non-logged-in user likes something, it increments the count but does not add an icon (because it doesn’t who the person is). This is in the spirit of standard WordPress, which allows people to comment without being logged in. We have local modifications that block most mischief that might be done by non-logged-in people, but WP-ULike was one I didn’t think of (and wasn’t aware existed). I’ll look into blocking anonymous likes/unlikes when I apply the next…[Read more]

  • John Walker posted a new activity comment 1 week, 4 days ago

    I have no idea why you didn’t see the Categories box. I just opened a new post composition window and it was right where it’s supposed to be. I edited your post as administrator and added what seemed reasonable categories. Again, the categories box appeared normally on the post edit page. If you edit the post now, do you see the categories box?

  • John Walker posted an update in the group Group logo of UpdatesUpdates 2 weeks, 3 days ago

    2020 February 5

    Updated the Subscribe to Comments Reloaded plug-in to version
    200205.  This is a minor update which adds a few fixes that we
    won't be using, such as the option to send plain text rather
    than HTML mail, require users to answer a challenge question
    before subscribing, and a function to add subscribers.  However,
    there is what is called a "fix":
        It is now possible for visitors to subscribe to comments
        when the comments are only open for logged in users and the
        visitor is not logged in.
    This opens the door to the possibility for visitors to the site
    to cause…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 3 weeks ago

    2020 February 1

    Updated the User Role Editor plug-in to version 4.53.  This is a
    medium-sized update which adds a whole bunch of unnecessary
    complexity so that changes are applied via AJAX transactions and
    JavaScript rather than reloading the page to display them.  It
    seems to me that anybody who is spending so much time changing
    settings in this plug-in is doing something wrong which speeding
    up the page refresh isn't going to improve.  There are, of
    course, fixes for the idiot multi-site feature, and some
    corrections for grammar in messages.  We have no local code in
    this plug-in.…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 3 weeks, 1 day ago

    2020 January 31

    The site was being crawled rapidly by TurnitinBot, which
    purports to be an "anti-plagiarism" service of no benefit to the
    sites it hammers with its requests.  I added a disallow to
    ~/rb/robots.txt.  We'll see if it honours it.  In the meanwhile,
    I firewalled 199.47.87.142, from which it was currently hitting
    the site.
    
    The whack-o requests for "GET /.git/HEAD HTTP/1.1" from IP
    addresses all over AWS that we started to see on 2020-01-29 have
    petered out and now we're seeing requests for "GET /.env
    HTTP/1.1" from the usual suspects, again with a User Agent…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 3 weeks, 3 days ago

    2020 January 29

    Now, this is weird: starting at 00:55:15, we began to get
    requests for "GET /.git/HEAD HTTP/1.1" with a User Agent of
    "curl/7.47.0".  These accesses were blocked because I changed
    the permissions on ~/.git to 700 on 2020-01-25 after noting Web
    crawlers poking around in there.  The accesses come from a
    variety of IP addresses, including:
        13.250.18.206       AWS Singapore
        13.48.123.4         AWS Sweden
        15.188.27.45        AWS France
        18.185.138.92       AWS Germany
        18.231.169.207      AWS Brazil
        3.120.189.33        AWS Germany
        3.8.116.118…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 3 weeks, 4 days ago

    2020 January 28

    The ability to click the avatar of a user who liked a post,
    comment, or group post/comment to display their profile page was
    lost with the installation of the WP ULike plug-in version 4.1.3
    update. Clicking the avatar would, instead, just re-display the
    page upon which it appeared.  This turned out to be yet another
    configuration setting which was lost with the installation of
    the update.  The contents of the "wp-ulike-likers-list" is not
    hard-coded in the plug-in, but rather specified by templates
    stored in the database which can be modified on the Settings
    page.…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 3 weeks, 5 days ago

    2020 January 27

    It has now been three days without an update to WP ULike, so I'm
    going to go ahead and install the 4.1.3 version. Although this
    plug-in has been extensively modified and is at the heart of our
    custom notifications system, all of the notification local code
    is in a single file, "Jolly Roger",
    ~/plug/wp-ulike/inc/general-hooks.php.  The only other local
    code is to fix validation errors in
    ~/plug/wp-ulike/assets/css/wp-ulike.css and its minimised evil
    dwarf twin, and since there were no other changes to these files
    since the previously installed version, I just deleted…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 3 weeks, 6 days ago

    2020 January 26

    Between 07:39:01 and 07:39:18, just seventeen seconds, we were
    hit by 411 requests from 64.227.52.219, an ISP in New York City
    which claims to be a cloud hosting provider.  This was an
    average rate of 24 hits a second, with a peak of 68 hits during
    the second 07:39:15.  This hammered the CPU Credit balance down
    from 576 to 573 in seconds, with CPU load peaking at 3.19.
    During the attack, we got in the error_log:
        [Sun Jan 26 07:39:19.951349 2020] [mpm_event:error]
            [pid 2365:tid 140116655057088] AH10159: server is
            within MinSpareThreads of…

    [Read more]

  • John Walker posted an update in the group Group logo of UpdatesUpdates 4 weeks ago

    2020 January 25

    Well, yes...and here we go again.  Overnight another update from
    WP ULike, version 4.1.3, came over the pole and impacted
    somewhere in the same hemisphere as the target, so they didn't
    make it to 48 hours without another "fixes to fixes to fixes to
    fixes" attempt.  This one contains five new fixes to problems in
    4.1.0 and subsequent attempts to get it right.  This resets the
    48 hour clock.  We'll see what happens next.
    

    Disabled the diagnostic code in: ~/plug/disable-json-api/classes/disable-rest-api.php which logs REST API attack attempts in the error_log.…

    [Read more]

    • I wondered about the blank notifications. Thanks for the explanation.
      And, thanks for maintaining such a cool site.

      0
  • John Walker posted an update in the group Group logo of UpdatesUpdates 4 weeks, 1 day ago

    2020 January 24

    Disabled the diagnostic output from pruning excess unread
    notifications in ~/theme/functions.php function
    rb_notif_prune(). This appears to be working perfectly and
    there's no reason to continue to clutter the error_log with its
    routine reports.
    
    Committed the changes to disable diagnostic output from
    notification pruning (Build 419) and published to GitHub.
    
  • John Walker posted a new activity comment 4 weeks, 1 day ago

    This doesn’t make any sense. Pagination of notifications is 25 per page, not 20. The order in which notifications appear on the pages is a function of BuddyPress and WP ULike and has not changed since they were installed in December, 2017.

  • John Walker posted an update in the group Group logo of UpdatesUpdates 1 month ago

    2020 January 23

    You'll recall that yesterday I decided to defer installing the
    newly-released WP ULike 4.1.0 due to the plug-in's record of
    dropping "fixes to fixes" updates shortly after each major
    release.  Well, overnight there were not one but *two* such
    updates, 4.1.1 and 4.1.2, both fixing bungling in 4.1.0.  I will
    continue to wait until the debris stops clattering from the sky:
    until, say, 48 hours have elapsed without an "update".
    
    Between 11:24:36 and 11:28:10 Huawei Singapore
    (114.119.128.0/18) was back at it again, hitting two to three
    times a second from a wide variety…

    [Read more]

  • John Walker posted a new activity comment 1 month ago

    According to the AWS CloudWatch logs, apart from the attack noted above, which lasted from around 18:25 to 20:00 UTC, the server was essentially idle (from a CPU standpoint) all day. There was no unusual load either measured by either hits or network data transfer in the Access Statistics (https://www.ratburger.org/index.php/statistics/) for yesterday. I didn’t notice any slow response in my own accesses to the site.

  • Load More