Today I updated my gentoo server’s eselected PHP from 5.6 to 7.2 and wordpress phabricator and mediawiki didn’t even hiccup. WordPress went from a steaming pile of stubborn version upgrade refusal right back into line. I used mysqldump to back up all my databases, less than a GB. I git pulled phabricator’s stable branch (updated weekly from master) and ran a boatload of database patches that went smooth as coconut milkfat. I git-skipped the .arcconfig files so i could just update them in place. OK… why did that all just work?

Update: I went ahead and made the phabricator-recommended changes to mysql and PHP, including installing a PHP memory-based cache:

emerge -DavuN dev-php/pecl-apcu

And that, of course, cascaded me into a gentoo server update.

  • first I had to [emerge -av glibc] as it was ancient
  • do not put comments in [/etc/portage/package.use/zzz_autounmask]
  • used advice from gentoo perl docs:
emerge -uDNav --with-bdeps=y --backtrack=100 --autounmask-keep-masks=y @world

And away we go…

UPDATE: ok these are a few more of my “favorite” things…

  • mediawiki required an update, I had to manually tweak my multi-site LocalSettings overrides since some themes were removed, and some were added.
  • I decided to go through all the phabricator tweaks that it complains about.
  • I fell into an update of my fork of Simple Web Server, not really related except that it was YA deep rabbit hole.
  • Files served up were made real pretty with this; I had to tweak the .htaccess to make it correctly mo safe.
  • Moving to boost 1_69_0 was actually a lot of (CPU) work.
  • While I was moving things around, I set up a nice git flow for my stock app, with branches:
    • develop
      • feature/postgress-archive
      • refactor/use-archive-db
    • master
      • release/1.55.41-pre-archive-database

Sometimes you just gotta stop and have a bump…

Hey all you bloggers and publishers. If, like me, you’ve been putting off updating your blogs and wikis to show up nicely on smartphones, fear not, there are DIRT SIMPLE FAST solutions available today to set up special skins for mobile browsers that are gorgeous. As of today, here are the instant solutions.

WordPress

  • Right inside your admin panel in WordPress, click on the Plugins button in the left pane.
  • Select Add New.
  • Punch in WPTouch and hit “Search Plugins”.
  • There it is, now install it!
  • That’s it. Seriously. You can play with the settings if you want (like changing the logo), but you don’t need to. Wow!

Mediawiki

  • This skin is the one you want, but it has a few issues.
  • Here is a corrected version, use it to take your chance for it to work “out of the box” 🙂 Download and untar it from within your [mediawiki/skins] folder. The changes I made are listed at the end of this post.
  • Now users can select the skin in their preferences, but we want automatic! Update your LocalSettings.php file to set $wgDefaultSkin as follows:
    if (preg_match("/iphone/i", $_SERVER['HTTP_USER_AGENT'])) {
        $wgDefaultSkin = 'wptouch';
    } elseif (preg_match("/android/i", $_SERVER['HTTP_USER_AGENT'])) {
        $wgDefaultSkin = 'wptouch';
    } elseif (preg_match("/webos/i", $_SERVER['HTTP_USER_AGENT'])) {
        $wgDefaultSkin = 'wptouch';
    } elseif (preg_match("/ipod/i", $_SERVER['HTTP_USER_AGENT'])) {
        $wgDefaultSkin = 'wptouch';
    } elseif (preg_match("/opera mini/i", $_SERVER['HTTP_USER_AGENT'])) {
        $wgDefaultSkin = 'wptouch';
    } else {
        $wgDefaultSkin = 'vector';
    }
  • Go enjoy it!

Easy and beautiful!

(continued…)

I have been so happy with my gentoo boxes lately, having had zero problems for the past few months, and no itch to bump. I must have lucked out and hit a really stable spot in the ever-changing world of open source.

But I don’t want to get too comfortable. Much longer and I probably won’t have a clean upgrade path. Besides, I think I smell something shiny out there somewhere… Seriously, I am looking forward to the latest XBMC changes. That software absolutely rocks.

Here we go! (continued…)

I love my websites and servers and applications. I expose a lot of my toys on the internet, because it’s FUN and USEFUL. I try to apply the 80/20 rule in getting things done, doing 20% of the security I should to achieve an 80% benefit. I don’t have time to “do it right”, if that’s even possible. I know this is a terrible approach to network security, but it is my conscious choice. There is fun to be had.

The approach burns me on occassion, but I get by. I’ve been hacked twice in 10 years, not a bad record considering my approach. The second hack occurred recently. Some poor bastard in backwoods Russia or God-knows-where has been scanning and hacking WordPress sites with a backdoor approach to adding admin accounts. Once the admin account is set up, they inject redirection scripts into the php template code.

I have not taken the time to install all the WordPress updates the moment they come out – classic example of my slacker approach to security. So at some point in time, I got hacked. The sad part is that I did not even notice it until much later, when Firefox’s automatic malware detection kicked in and Google and StopBadware.org started denying me access to my own site.

Apparently the injected code had the capacity to install malware – not that I would know, being a linux user. The cleanup involved purging all the injected php code, which was obfuscated with “eval(base64)” wrappers, and removing the hacked WordPress admin accounts.

The fact that I was potentially adding malware to the computers of people visiting my websites is enough to make me physically ill. Some of that paranoia and obsession required to achieve a moderate level of security has surfaced. My WordPress and Mediawiki sites are too rich and chock full of functionality for me to personally do any real level of guarantee of security – I have to rely on the popularity of their code base and assume issues get caught quickly. But the least I can do is upgrade them whenever a new stable release is available. Generally speaking, this is what keeps me on the internet, and it is no longer an optional activity.

The only other flaw in my setup of which I am painfully aware is due to virtual hosting restrictions. I do a LOT with my one little IP and my one little server (including truly free truly legit SSL), but I cannot host more than one SSL virtual site on port 443. Just “the way things are”. I need to be diligent about redirecting secure traffic through the one configured SSL domain. But this is never easy.

The silver lining: the WordPress iPhone app now works! The pace of blogging should now improve from glacial to very infrequently. :>

Peace out.