Posted on Leave a comment

Delete Site Cache from Chrome

Chrome, why are you such crap at simple things? I need to delete the cache/cookies from a single website. It appears impossible these days. There is an odd work around, as follows:

> Three Dots 
    > Advanced 
        > Content Settings 
            > Cookies 
                > See All Cookie and Site Data 
                     > {Search for site} 
                          > Remove All Shown

For good measure, also go do:

> Three Dots 
    > Advanced 
        > Clear Browsing Data 
            > Cached Images and Files (only)

Yeah, what a joke. I sure wish there was an extension/plugin that would allow for a single click, but not that I can find.

Posted on

Tidying Up Digitally

Originally published as Tidying Up Digitally at www.mcneill.io.

Marie Kondo is an expert on tidying a house. Her Netflix series Tidying Up with Marie Kondo and two books (both of which are worth reading, best in chronological order) are best-sellers: - The Life-Changing Magic of Tidying Up: The Japanese Art of Decluttering and Organizing (The Life Changing Magic of Tidying Up) - Spark Joy: An Illustrated Master Class on the Art of Organizing and Tidying Up (The Life Changing Magic of Tidying Up) She suggests that her principles can apply to organizations and work life as well. However in both respects the digital aspect is not tackled at all. Even the humble inbox is not discussed, though of course Inbox Zero is an obvious fit to her approach toward paper-based information (which is essentially, to have none of it, or only the bare minimum of contracts and warranties). While other industries have looked to a bit of click-bait around Marie Kondo, such as the Financial Times woefully inadequate How to Marie Kondo your investment portfolio, the idea of using intuitive judgment is certainly something that can apply to other aspects of our lives. Because financial investing is something only experts in financial investing have intuitive expertise in, this application does not work out very well. Gary Klein's Sources of Power is still the best account of how intuition works for experts in time-limited, high-risk situations. For Klein, the subject of research was experts with 15 or more years of experience in high risk decision-making. For everyone who has lived through adolesence, intuition regarding ones household possessions have crossed into that line where there is functioning intuition which can be drawn upon.

Digital Tidying

Applying tidying principles of the Kon-Marie method makes perfect sense in terms of the digital landscape: - Applications and Apps - Email, Documents, and Media (Ebooks, Audio, Video)

Two-Stage Tidying

The two stages of tidying are: - Discarding - Organizing

Digital Discarding

Discarding fairly straightforward: does this application, data, or media provide any spark of joy. One can't hold it in one's hand, but one can nevertheless reach a conclusion. In the case of mobile apps and desktop applications it is fairly straightforward. In some cases, necessity may posit the need to keep something around that is less-than-joyful but also might as well inspire a search for a more joyful replacement.

Digital Organizing

The basics of organizing are putting related things (category, size) in one location. Since digital things are not generally put away, it is the original location that is key (and finding things later). Since files are sometimes best kept by file time (that is, so that programs editing those files can go to a single location, for a certain class of file). Example: Which of the following is preferred: - /brands/brand-x/images/... - /brands/images/brand-x/... In some cases where a given file may deal with more than one brand, then clearly the second is more effective, but in the case of a larger set of files for a specific brand, then the first is definitely a better organization. Obviously both are possible, but it is important not to get too imprecise and flexible, as that generally yields only confusion and file disorganization.

Digital Space

Even given very large storage space, data and applications can clutter a device. Marie Kondo suggests that not the place of use but the place of return is most important (that is, give things a home that it is easy to return it to, rather than trying to optimize for where it is easy to pick up). As mentioned above, storing things in easy-to-remember locations will be key, as putting things back into those locations (a digital file structure) will be very important. Visual clutter is still present when viewing directory trees, and is a significant failing in terms of Linux distributions and their file structures in terms of where applications and related data lives in logical drives.

Posted on

Podcast Platforms

Podcasting is growing (slowly) and offers a great opportunity for brand engagement. Generally free, the idea is to be where the audience already is, and have a reliable host for content and the rss feed.

Media and RSS Hosting

Google Podcasts and Google Play Music Podcasts

Note, these are two different things: First Thing - Google Podcast (part of Google Search) - Google Podcast Publisher Tools - Google Podcasts App Second Thing - Google Play Music Podcasts

Pocket Casts (#4 platform

Stitcher (#3 platform)

Spotify (#2 platform)

iTunes/Apple Music (#1 platform)

WordPress Plugins

Posted on

Generic Roadmap

This is meant to be a reminder of important issues/decisions that already have some thought put in them (usually by others). - Automatic categorization of text is a core tool now - Instead of offering advice, rank priorities - Build a website first (before an app), some forgotten article but the point is: faster, and desktop users expect applications to work (and to pay for them). Plus if done correctly, this can work on all platforms (and then build the app for the appstore). Stick with what we know in the marketing channels we know. Expand products, and channels for those products.

Posted on

DNS Records and Services

First, there are two kinds of DNS records: those for client look, and those for a server.

Client Lookup

I don't trust Google DNS, though for a while it was the go to DNS, and easy to remember at 4.4.8.8 8.8.4.4 and 8.8.8.8. For privacy, for me, there are two options, with the first being just better: - dns.watch 84.200.69.80 / 84.200.70.40 - 1.1.1.1 / 1.0.0.1 If one wants some security (as a service), then Quad9 is worth a look.

DNS Services

There are several DNS services to choose from. Dyn and related companies is the worst. Free DNS services such as afraid.org and he.net are unreliable, or simply not reliably fast. It makes the most sense to go with a top-rated DNS service (highly available and fast resolve times), and pay for this service (though less is more when it comes to expenses). - DNSmadeEasy.com - Silly name, $30/year for 10 domains, fast and reliable. Generally in the top 10 of private resolvers. I've not found better/faster for cheaper.

DNS Records

NS Records

There are several records to worry about. The first are nameservers, which are put into the registrar database. This can be as few as two or as many as six (possibly more).

A Records

Depending on the DNS Server, these can have wildcards or not. Generally there are at least three A records to have: - Root domain - www subdomain - * wildcard For certain services, it is required to have a www. and also people mistype this, so it is best to have it as a domain, to have it on the SSL certificate, and to have a reroute from www. to the root domain.

CNAME Records

Usually only Bing Webmaster Tools requires a CNAME record. Otherwise these are generally worthless.

MX Records

These are for the mailserver. Usually a few are needed, one plus two backups. Gsuite has five records, but that is overkill. The top three make the most sense. Also, there are priority numbers, e.g, 1, 5, 10 to govern the round robbin-style resolving. - 1, aspmx.l.google.com. - 5, alt1.aspmx.l.google.com. - 5, alt2.aspmx.l.google.com.

TXT Records

TXT records are the go to place for every third party to put their info. Several examples of TXT Records include: - Yandex Webmaster Tools validation - Google Webmaster Tools/Analytics/GSuite/etc. validation - _acme-challenge records for DNS-based authentication for LetsEncrypt

PTR Records

PTR records are essentially a reverse so that an IP address is associated with a host.domain.tld. This is key for sending email.

DKIM, SPF, DMARC

These are all records for email security, at various levels. DKIM and DMARC are TXT records, and SPF can be TXT or specific SPF records, depending on the DNS service provider. - Setting up Gsuite DKIM, SPF, DMARC - Google on DMARC records - Test SPF and DKIM - Google on SPF - DKIM on Gsuite - Google: About DKIM

SPF Records

SPF looks like:

host.domain.com / "v=spf1 include:_spf.google.com ~all"

SPF are one of the earliest and easiest email records to set up for security, and specifically states which hosts can send email for the domain.

CAA Records

These records help tell SSL Cert providers which of those providers can generate a cert for the domain records. Each host needs two records: - Name (host), Type: iodef, Value: "mailto:address@domain.com" - Name (host), Type: issue, Value: "letsencrypt.org"

Posted on

WordPress – Soup to Nuts

I've written about WordPress at various points. I've been using this cms for 13-14 years, and for me it is well-known, though a bit worn out. The breakage it has has not improved much, and the resources needed are not up to the modern task. Essentially most performance gains are made through improvements in Nginx, PHP, and MariaDB (thankfully, and not inconsequentially). WordPress is a most dreaded platform for 64.5% of developers answering a developer survey on Stack Exchange. This beats out the core enabling technology dread levels of MySQL (50.4%) and PHP (58.6%). Simply put, WordPress has a premium dreadfulness to it. For me it is time for the devil I don't know, rather than the one I do. Even with the Classic Press fork of WordPress, we are dealing with ossified technologies. Granted they will likely not die (the code base is too large), but that does not make them forever bankable and safe, as in the nobody got fired for using IBM of the past.

Previous Articles

Posted on

WordPress 5 – Automattic Waterloo

Automattic is the organization behind WordPress the content management system, wordpress.com, and a number of smaller entities. With some estimates, WordPress has ~30% market share of the web. It has taken on in excess of []$300m in funding](https://www.crunchbase.com/organization/automattic) over the years. After 2–3 years of development of WordPress, Automattic was founded in 2005 to receive an initial funding round of $1.1m.

Competition and Growth

Competition is seen as foremost coming from the lower-end, simpler website design companies such as Wix and Medium. Basic usability and ease-of-use of the WordPress editor is seen as a stumbling block to growth, especially with investors who seek a return. Matt Mullenweg, the co-founder CEO, is not shy to demonstrate the user problems, as seen in his most recent State of the Word presentation from 10 December 2018: State of the Word — Matt Mullenweg — 10 December 2018 While there is an interesting solution provided in terms of Project Gutenberg and blocks to replace the wysiwig/code view editor, it in no way is an answer to novice users creating pages that have complex visuals (other than possibly copy-paste from Word or Google Docs). More importantly, by removing the current wysiwyg/code view editing interface that all intermediate and advanced users have mastered, everyone is forced into a learning curve regarding these less-than-intuitive blocks. Certainly it is a mental model, as Mullenweg suggests, just not an intuitive one, or one that the interface makes readily apparent. To allow for a transition period (aka Phase 2) the old editor will be available by means of a plugin, and has promised support until 2021. The incipient integration of Gutenberg into Core caused quite a bit of disgruntlement, and induced action on the part of a group to do what is always possible with open source software, and to create a new release from the old source code.

ClassicPress, calmPress Forks of WordPress 4.9

Strengths can be weaknesses, and the open source software strength of WordPress has now been used against it in the form of hard forks of the project. ClassicPress released its first version which is a fork of WordPress 4.9. Work began on this hard fork on 30 August, with alpha and beta releases on 24 October and 21 November. calmPress, another fork of WordPress 4.9 is the effort of a single developer. calmPress 0.9.9 a fork of 4.9 was released on 29 November 2018, with alpha and beta versions starting back in September. There was discussion about collaboration on a shared plugin directory between calmPress and ClassicPress, but that has not progressed.

ClassicPress Organizational Development

ClassicPress calls itself a business-focused release. That is, professional, stable, reliable performance. Already ClassicPress is undergoing some performance tuning and a focus on security. The main point is to dodge the bullet of Gutenberg, as with WordPress 5.0 that becomes integrated into Core. Building a successful software project includes proper, effective guidance as well as resources (programming and money). From the ClassicPress forum and Slack channel, these discussions appear to be taking place, and developers are indeed doing the necessary, day-to-day, block-and-tackle efforts.

WordPress 5 Released

WordPress 5.0 was released on 06 December 2018. On 12 December WordPress 5.0.1 was released to include some security bug fixes. However, this also began to introduce breakage.

This is a Waterloo

The Battle at Waterloo has become a metaphor for something difficult to overcome, or recover from. With novices unable to easily adopt the new interface, and with a good swath of intermediate and advanced users in open rebellion against the change, there are now opportunities for sharpened knives. The forces arrayed against Automattic are as follows: - Those who will defect to a hard fork (ClassicPress, etc., see above) - Those who will defect to an alternate platform (Grav, etc., see below) The main forces for Automattic are: - User base inertia, - Community that will censor defectors to a hard fork, and - The WooCommerce and subsidiary plugins which make finding a replacement a more complex and time consuming task. (This is akin to trying to supplant Windows without having an alternative to Office.)

Troop Strength and Depth

While this might seem like a less difficult challenge than the fated Waterloo, the strength of Automattic's development ranks is thin and ragged. The ability to create quality code and a quality experience should be seriously questioned. For example: - Two plugins remain in Core that cannot be touched (for the obviously irrelevant political reason that they were created more than a decade ago by the CEO), and lead developers have to resort to lying about it in the bug tracker. In ClassicPress, those two plugins were removed in the first Alpha release. - The infamous WordPress plugin repository redesign fiasco of 2015–2017. - Last but not least, the hostility to and distaste for Gutenberg to date. If it were a matter of executing and providing a speedy and pleasent experience, then the rather steep learning curve could be mastered. Instead, the very same puzzling experiences found in user testing with novices using the current editor will be found writ large with not only novices, but intermediate and advanced users of the previous platform. As one reviewer put it I'm tripping over my own feet. Again, it will take more than evangelism to win this battle because the quality of the WordPress package, including the ridiculous redesign of the Plugin directory and its functionality. This is not to mention, the antiquated development tools and processes that continue to cause WordPress, like an old jalopy, to rattle and shimmy down the backroads and washed out valleys of bloatland.

Humans Hate Change

If the above were not enough, there is the very basic psychology that is arrayed against Automatic in this signficant change, which is: humans hate change. Witness: - Why redesigns don't make users happy - Why most redesigns fail

Alternative to WordPress -- Flat File CMS

It is important to view another issue with WordPress which adds complexity and resource requirements, which for many sites is unnecessary: the requirement for a database. Flat file content management systems are increasingly functional and reliable and have significant advantages over the use of a database. Databases are generally opaque, more difficult to inspect, require their own backup and restore procedures, have their own security, use more resources (specifically ram, but also processor) and with advanced caching readily available, do not have much in the way of benefit. For special uses such as shopping carts and session management, a database can be used as a supplement to a Flat File CMS, but for serving most content, it makes little sense. Grav CMS, a maturing Flat File CMS, is a viable alternative to WordPress for certain use cases, perhaps even the majority (and has shopping cart plugins available). For those developers, administrators, and endusers, like me, who have spent more than a decade with WordPress are are looking for a platform for the next 10 years, Grav looks quite promising, as does ClassicPress. WordPress? Not so much.

Posted on

CMS Maturity Hallmarks

Content Management Systems come in all shapes and sizes, and it is unfair to evaluate their maturity based on their functionality. However, to some degree this is still a useful metric, depending on the fucntionality. Below are hallmarks of functional maturity. Again, certain CMS's will not receive an accurate score based on specific niche uses or unique aspects. - CLI / command line interaction - Serverless-able - Database-less/database-optional - Various caching options available - Ecommerce-friendly/Ecommerce package(s) available - SEO metadata friendly - Email/Form management - Effective templating system

Posted on

PHP and MariaDB on Debian

Note: instructions for installing and configuring phpMyAdmin also included below.

Related Artices in Debian Services and Applications - Debian on AWS Lightsail - OpenVPN on Debian + UFW Firewall - Nginx and Letsencrypt on Debian - PHP & MariaDB on Debian

- Grav CMS on Debian

As of December, 2018 there are decent performance gains with the latest PHP and MySQL (MariaDB, not Oracle) versions. These are: - PHP 7.3.0 released 06 Dec 2018 - MariaDB 10.3.11 released 20 Nov 2018 PHP 7.3 outperforms PHP 7.2 and earlier versions on nearly all real-world web cms platforms. At the same time, MariaDB does indeed have performance enhancements which generally make it faster than the Oracle offering. For MariaDB the performance advantages have been apparent since at least MariaDB 10.1 vs. MySQL 5.7 back in 2014. This is no surprise, being that MariaDB was founded and developed under the direction of the original MySQL founder. The main advantages technically are better thread management and defragmentation of the MariaDB than MySQL databases. In addition, a larger variety of engines are available under MariaDB including NoSQL (Cassandra).

Set up PHP Repository and Certs

sudo apt-get install apt-transport-https lsb-release ca-certificates
sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list

Update and Install PHP

Currently this is the 7.3 branch

sudo apt-get update -y
sudo apt-get install -y php7.3
sudo apt-get install -y php7.3-cli php7.3-common php7.3-curl php7.3-fpm php7.3-gd php7.3-json php7.3-mbstring php7.3-opcache php7.3-readline php7.3-xml php7.3-intl php7.3-zip
php7.3-mysql

Update and Upgrade apt

sudo apt update -y
sudo apt upgrade -y

Verify php-fpm status

systemctl status php7.3-fpm.service

stop injected data into server returns

sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.2/fpm/php.ini
systemctl restart php7.3-fpm.service

Edit php7.3 php-fpm conf file if needed, e.g., increase upload size variables.

nano /etc/php/7.3/fpm/php-fpm.conf

Make the following changes:

cgi.fix_pathinfo = 0
...
max_execution_time = 300
...
upload_max_filesize = 32M
...
post_max_size = 32M

MariaDB - Install cert manager, key, repository

currently 10.3

sudo apt-get install -y software-properties-common dirmngr
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://mirrors.dotsrc.org/mariadb/repo/10.3/debian stretch main'

Then perform update and install mariadb-server

sudo apt update -y
sudo apt-get install -y mariadb-server
sudo systemctl status mariadb

Enable auth socket

sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf

Add plugin-load-add = auth_socket.so in the [mysqld] section. Then save and restart MariaDB.

sudo systemctl restart mariadb.service

Secure the database

sudo mysql_secure_installation

PhpMyAdmin on Debian

Provided that Nginx and LetsEncrypt SSL is installed and configured. It is time to install PhpMyAdmin

sudo apt-get update
sudo apt-get install -y phpmyadmin

Add a symlink from /usr/share/phpmyadmin to /var/www/html or whatever directory for whichever website

sudo ln -s /usr/share/phpmyadmin /var/www/html

Note for security through obscurity, rename the link

sudo mv /var/www/html/phpmyadmin pma

Install and enamble mcrypt in php, and restart php-fpm

sudo apt-get install -y mcrypt
sudo phpenmod mcrypt
sudo systemctl restart php7.3-fpm

Test to see if it works

https://host.domain.tld/pma/

Limit access to /pma/ by ip address, by editing the nginx configuration

nano /etc/nginx/sites-available/default

Add the following line to the top above server:

geo $admin { default 0; 203.150.176.16 1; }

And put a nested statement under \.php as per this StackOverflow answer

location ~ \.php$ {
    location ~ (/phpmyadmin/) {          # add this
        if ($admin = 0) { return 404; }  # add this
        ## fastcgi parameters            # duplicate these lines
    }                                    # add this
    ## fastcgi parameters ##
}
Posted on

Nginx and Letsencrypt SSL on Debian

It is a good idea to get PHP and MariaDB on Debian set up before Nginx (except the PhpMyAdmin which can come after).

Related Artices in Debian Services and Applications - Debian on AWS Lightsail - OpenVPN on Debian + UFW Firewall - Nginx and Letsencrypt on Debian - PHP & MariaDB on Debian

- Grav CMS on Debian

Install Nginx

Edit the /etc/apt/sources.list to add the Nginx repostitory

nano /etc/apt/sources.list

Add the following repository (currently for Debian 9/Stretch)

deb http://nginx.org/packages/mainline/debian/ stretch nginx

Download and install the key for the repository

wget https://nginx.org/keys/nginx_signing.key
sudo apt-key add nginx_signing.key

Remove nginx-common, update apt and install nginx

sudo apt-get remove -y nginx-common
sudo apt-get update -y
sudo apt-get install -y nginx

Systemd / Nginx Race Condition

There is a known race condition, with a workaround as follows:

mkdir /etc/systemd/system/nginx.service.d
printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" > /etc/systemd/system/nginx.service.d/override.conf
systemctl daemon-reload

Edit /etc/nginx/sites-available/default

Note: these edits are not comprehensive, just to get certbot working. Uncomment the following lines:

listen 443 ssl default_server;
listen [::]:443 ssl default_server;
...
location / {
...
try_files $uri $uri/ =404;
}

Where it says server_name _; change _ to an appropriate fqdn that has an appropriate A record. Save and restart the nginx:

service nginx restart

Letsencrypt Certbot

sudo apt-get update
sudo apt-get install -y python-certbot-nginx certbot -t stretch-backports

Run letsencrypt (automatic)

certbot

Test access from a browser.

HSTS Preload

Browsers have a list of servers that require https/ssl. Add sites to the list. Two things are required: 80 to 443 redirect, and an hsts header. For the redirect, add this server configuration:

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
        return 301 https://$host$request_uri;
}

For the HSTS header, this needs to be added to each server. Can simply be added after the listen 443 ssl; line:

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

Nginx Info

Nginx has become the standard for much of the web, for the basic standard reason it is not creaky old (though of course still lovable) Apache. However, before we get too far ahead of ourselves, let's recall exactly what we need to know about Nginx in order for it to work as well as Apache: - Installation - Configuration files - Support of SSL / LetsEncrypt - SFTP/SCP access to file system (and file rights + ownership) - Multiple virtual servers / directories - Mimetypes - Support for PHP - Threading - .htaccess and related

Nginx and Related Files and Directories

Standard or default files and directories as follows: - /etc/nginx - application directory - /etc/nginx/nginx.conf - main configuration file - /usr/share/nginx/html - default website root directory - noted as html in nginx.conf - /var/log/nginx/error.log - error log - /var/log/nginx/access.log - access log - /etc/nginx/mime.types - mime types - /etc/php.ini - php configuration file

Nginx / PHP-FPM Security Issues

There are significant issues with PHP-FPM in terms of keeping site caching partitioned when using multiple websites/virtual sites. Opcache should be turned off and individual users should be in charge of a different php-fpm process for each site. How to do this is not listed here (just yet).