Posted on Leave a comment

Telegram for Social Networking

Telegram is a great chat app, but there is more, and less to it, than say Twitter and Facebook. The first thing is that a lot of this gamification of likes/thumbsup is gone. Want to know if someone read your post? That has to be done either via direct message, or in a group (and the person has to respond). Recently there are new apis that help enable discussions on posts, as well as connecting channel posts as annoucements in groups.

Types of Accounts in Telegram

There is a single namespace in telegram for all entities: users, channels, groups, and bots. Users are individual accounts tied to a phone number (I think that is mandatory). Telegram Channels are one-way broadcast accounts, which can have multiple admins (but messages are signed by the channel. Membership in channels is unlimited. Telegram Groups can include up to 200,000 users, and everyone can post.

Using Bots for Commenting and Discussion

Note that for feedback on channel posts one can add a like bot or other such simple feedback, or add a discussion group and put that information in the channel description. A third new option is to have a comment system using an app which would also be available on the web as a preview (without logging into Telegram). The preview bot that does this works nicely and shows off what kind of api/developer support Telegram.

No Manipulation or Advertising

Instead of the constant intrusion of 99% annoyance in terms of timeline distortion and advertising as found in Facebook and Instagram (and to some extent Twitter, which is going down that same path).

Essentially, the use of channels with comments can replace any given social network (other limitations apply), such as Twitter, Facebook, and Instagram. While those platforms still have the lion's share of engagement and users, moving over to the Telegram way of things makes sense.

Telegra.ph for Longform

Telegra.ph is a longform microblog platform which is very simple and also has zero advertising. There is a nice Telegraph App in the Google Play store.

Installing Telegram

For the Linux and ChromeOS world, the options are: Telegram Desktop (for Linux) and Telegram Android App (for ChromeOS).

Posted on Leave a comment

Delete Site Cache from Chrome

Chrome, why are you such crap at simple things? I need to delete the cache/cookies from a single website. It appears impossible these days. There is an odd work around, as follows:

> Three Dots 
    > Advanced 
        > Content Settings 
            > Cookies 
                > See All Cookie and Site Data 
                     > {Search for site} 
                          > Remove All Shown

For good measure, also go do:

> Three Dots 
    > Advanced 
        > Clear Browsing Data 
            > Cached Images and Files (only)

Yeah, what a joke. I sure wish there was an extension/plugin that would allow for a single click, but not that I can find.

Posted on Leave a comment

Tidying Up Digitally

Marie Kondo is an expert on tidying a house. Her Netflix series Tidying Up with Marie Kondo and two books (both of which are worth reading, best in chronological order) are best-sellers:

Continue reading Tidying Up Digitally

Posted on Leave a comment

Podcast Platforms

Podcasting is growing (slowly) and offers a great opportunity for brand engagement. Generally free, the idea is to be where the audience already is, and have a reliable host for content and the rss feed.

Media and RSS Hosting

Google Podcasts and Google Play Music Podcasts

Note, these are two different things: First Thing - Google Podcast (part of Google Search) - Google Podcast Publisher Tools - Google Podcasts App Second Thing - Google Play Music Podcasts

Pocket Casts (#4 platform

Stitcher (#3 platform)

Spotify (#2 platform)

iTunes/Apple Music (#1 platform)

WordPress Plugins

Posted on Leave a comment

Generic Roadmap

This is meant to be a reminder of important issues/decisions that already have some thought put in them (usually by others).

Stick with what we know in the marketing channels we know. Expand products, and channels for those products.

Posted on Leave a comment

WordPress 5 – Automattic Waterloo

Automattic is the organization behind WordPress the content management system, wordpress.com, and a number of smaller entities. With some estimates, WordPress has ~30% market share of the web. It has taken on in excess of []$300m in funding](https://www.crunchbase.com/organization/automattic) over the years. After 2–3 years of development of WordPress, Automattic was founded in 2005 to receive an initial funding round of $1.1m.

Competition and Growth

Competition is seen as foremost coming from the lower-end, simpler website design companies such as Wix and Medium. Basic usability and ease-of-use of the WordPress editor is seen as a stumbling block to growth, especially with investors who seek a return. Matt Mullenweg, the co-founder CEO, is not shy to demonstrate the user problems, as seen in his most recent State of the Word presentation from 10 December 2018: State of the Word — Matt Mullenweg — 10 December 2018 While there is an interesting solution provided in terms of Project Gutenberg and blocks to replace the wysiwig/code view editor, it in no way is an answer to novice users creating pages that have complex visuals (other than possibly copy-paste from Word or Google Docs). More importantly, by removing the current wysiwyg/code view editing interface that all intermediate and advanced users have mastered, everyone is forced into a learning curve regarding these less-than-intuitive blocks. Certainly it is a mental model, as Mullenweg suggests, just not an intuitive one, or one that the interface makes readily apparent. To allow for a transition period (aka Phase 2) the old editor will be available by means of a plugin, and has promised support until 2021. The incipient integration of Gutenberg into Core caused quite a bit of disgruntlement, and induced action on the part of a group to do what is always possible with open source software, and to create a new release from the old source code.

ClassicPress, calmPress Forks of WordPress 4.9

Strengths can be weaknesses, and the open source software strength of WordPress has now been used against it in the form of hard forks of the project. ClassicPress released its first version which is a fork of WordPress 4.9. Work began on this hard fork on 30 August, with alpha and beta releases on 24 October and 21 November. calmPress, another fork of WordPress 4.9 is the effort of a single developer. calmPress 0.9.9 a fork of 4.9 was released on 29 November 2018, with alpha and beta versions starting back in September. There was discussion about collaboration on a shared plugin directory between calmPress and ClassicPress, but that has not progressed.

ClassicPress Organizational Development

ClassicPress calls itself a business-focused release. That is, professional, stable, reliable performance. Already ClassicPress is undergoing some performance tuning and a focus on security. The main point is to dodge the bullet of Gutenberg, as with WordPress 5.0 that becomes integrated into Core. Building a successful software project includes proper, effective guidance as well as resources (programming and money). From the ClassicPress forum and Slack channel, these discussions appear to be taking place, and developers are indeed doing the necessary, day-to-day, block-and-tackle efforts.

WordPress 5 Released

WordPress 5.0 was released on 06 December 2018. On 12 December WordPress 5.0.1 was released to include some security bug fixes. However, this also began to introduce breakage.

This is a Waterloo

The Battle at Waterloo has become a metaphor for something difficult to overcome, or recover from. With novices unable to easily adopt the new interface, and with a good swath of intermediate and advanced users in open rebellion against the change, there are now opportunities for sharpened knives. The forces arrayed against Automattic are as follows: - Those who will defect to a hard fork (ClassicPress, etc., see above) - Those who will defect to an alternate platform (Grav, etc., see below) The main forces for Automattic are: - User base inertia, - Community that will censor defectors to a hard fork, and - The WooCommerce and subsidiary plugins which make finding a replacement a more complex and time consuming task. (This is akin to trying to supplant Windows without having an alternative to Office.)

Troop Strength and Depth

While this might seem like a less difficult challenge than the fated Waterloo, the strength of Automattic's development ranks is thin and ragged. The ability to create quality code and a quality experience should be seriously questioned. For example: - Two plugins remain in Core that cannot be touched (for the obviously irrelevant political reason that they were created more than a decade ago by the CEO), and lead developers have to resort to lying about it in the bug tracker. In ClassicPress, those two plugins were removed in the first Alpha release. - The infamous WordPress plugin repository redesign fiasco of 2015–2017. - Last but not least, the hostility to and distaste for Gutenberg to date. If it were a matter of executing and providing a speedy and pleasent experience, then the rather steep learning curve could be mastered. Instead, the very same puzzling experiences found in user testing with novices using the current editor will be found writ large with not only novices, but intermediate and advanced users of the previous platform. As one reviewer put it I'm tripping over my own feet. Again, it will take more than evangelism to win this battle because the quality of the WordPress package, including the ridiculous redesign of the Plugin directory and its functionality. This is not to mention, the antiquated development tools and processes that continue to cause WordPress, like an old jalopy, to rattle and shimmy down the backroads and washed out valleys of bloatland.

Humans Hate Change

If the above were not enough, there is the very basic psychology that is arrayed against Automatic in this signficant change, which is: humans hate change. Witness: - Why redesigns don't make users happy - Why most redesigns fail

Alternative to WordPress -- Flat File CMS

It is important to view another issue with WordPress which adds complexity and resource requirements, which for many sites is unnecessary: the requirement for a database. Flat file content management systems are increasingly functional and reliable and have significant advantages over the use of a database. Databases are generally opaque, more difficult to inspect, require their own backup and restore procedures, have their own security, use more resources (specifically ram, but also processor) and with advanced caching readily available, do not have much in the way of benefit. For special uses such as shopping carts and session management, a database can be used as a supplement to a Flat File CMS, but for serving most content, it makes little sense. Grav CMS, a maturing Flat File CMS, is a viable alternative to WordPress for certain use cases, perhaps even the majority (and has shopping cart plugins available). For those developers, administrators, and endusers, like me, who have spent more than a decade with WordPress are are looking for a platform for the next 10 years, Grav looks quite promising, as does ClassicPress. WordPress? Not so much.

Posted on Leave a comment

CMS Maturity Hallmarks

Content Management Systems come in all shapes and sizes, and it is unfair to evaluate their maturity based on their functionality. However, to some degree this is still a useful metric, depending on the fucntionality. Below are hallmarks of functional maturity. Again, certain CMS's will not receive an accurate score based on specific niche uses or unique aspects. - CLI / command line interaction - Serverless-able - Database-less/database-optional - Various caching options available - Ecommerce-friendly/Ecommerce package(s) available - SEO metadata friendly - Email/Form management - Effective templating system

Posted on Leave a comment

PHP and MariaDB on Debian

Note: instructions for installing and configuring phpMyAdmin also included below.


Related Artices in Debian Services and Applications - Debian on AWS Lightsail - OpenVPN on Debian + UFW Firewall - Nginx and Letsencrypt on Debian - PHP & MariaDB on Debian - Grav CMS on Debian


As of December, 2018 there are decent performance gains with the latest PHP and MySQL (MariaDB, not Oracle) versions. These are: - PHP 7.3.0 released 06 Dec 2018 - Next PHP release 7.4 likely out December 2019 - MariaDB 10.3.11 released 20 Nov 2018 - Latest MariaDB release 10.4 is in release candidate status as of May, 2019. It would be good to do a new version along with PHP when it's next is released, say Dec 2019/Jan 2020.

PHP 7.3 outperforms PHP 7.2 and earlier versions on nearly all real-world web cms platforms. At the same time, MariaDB does indeed have performance enhancements which generally make it faster than the Oracle offering. For MariaDB the performance advantages have been apparent since at least MariaDB 10.1 vs. MySQL 5.7 back in 2014.

This is no surprise, being that MariaDB was founded and developed under the direction of the original MySQL founder. The main advantages technically are better thread management and defragmentation of the MariaDB than MySQL databases. In addition, a larger variety of engines are available under MariaDB including NoSQL (Cassandra).

Set up PHP Repository and Certs

sudo apt-get install apt-transport-https lsb-release ca-certificates
sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list

Update and Install PHP

Currently this is the 7.3 branch

sudo apt-get update -y
sudo apt-get install -y php7.3
sudo apt-get install -y php7.3-cli php7.3-common php7.3-curl php7.3-fpm php7.3-gd php7.3-json php7.3-mbstring php7.3-opcache php7.3-readline php7.3-xml php7.3-intl php7.3-zip
php7.3-mysql

Update and Upgrade apt

sudo apt update -y
sudo apt upgrade -y

Verify php-fpm status

systemctl status php7.3-fpm.service

stop injected data into server returns

sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.3/fpm/php.ini
systemctl restart php7.3-fpm.service

Edit php7.3 php-fpm conf file if needed, e.g., increase upload size variables.

nano /etc/php/7.3/fpm/php-fpm.conf

Make the following changes:

cgi.fix_pathinfo = 0
...
max_execution_time = 300
...
upload_max_filesize = 32M
...
post_max_size = 32M

MariaDB - Install cert manager, key, repository

currently 10.3

sudo apt-get install -y software-properties-common dirmngr
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://mirrors.dotsrc.org/mariadb/repo/10.3/debian stretch main'

Then perform update and install mariadb-server

sudo apt update -y
sudo apt-get install -y mariadb-server
sudo systemctl status mariadb

Enable auth socket

sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf

Add plugin-load-add = auth_socket.so in the [mysqld] section. Then save and restart MariaDB.

sudo systemctl restart mariadb.service

Secure the database

sudo mysql_secure_installation

PhpMyAdmin on Debian

Provided that Nginx and LetsEncrypt SSL is installed and configured. It is time to install PhpMyAdmin

sudo apt-get update
sudo apt-get install -y phpmyadmin

Add a symlink from /usr/share/phpmyadmin to /var/www/html or whatever directory for whichever website

sudo ln -s /usr/share/phpmyadmin /var/www/html

Note for security through obscurity, rename the link

sudo mv /var/www/html/phpmyadmin pma

Install and enamble mcrypt in php, and restart php-fpm

sudo apt-get install -y mcrypt
sudo phpenmod mcrypt
sudo systemctl restart php7.3-fpm

Test to see if it works

https://host.domain.tld/pma/

Limit access to /pma/ by ip address, by editing the nginx configuration

nano /etc/nginx/sites-available/default

Add the following line to the top above server:

geo $admin { default 0; 203.150.176.16 1; }

And put a nested statement under \.php as per this StackOverflow answer

location ~ \.php$ {
    location ~ (/phpmyadmin/) {          # add this
        if ($admin = 0) { return 404; }  # add this
        ## fastcgi parameters            # duplicate these lines
    }                                    # add this
    ## fastcgi parameters ##
}
Posted on Leave a comment

Nginx and Letsencrypt SSL on Debian

It is a good idea to get PHP and MariaDB on Debian set up before Nginx (except the PhpMyAdmin which can come after).


Related Artices in Debian Services and Applications - Debian on AWS Lightsail - OpenVPN on Debian + UFW Firewall - Nginx and Letsencrypt on Debian - PHP & MariaDB on Debian

- Grav CMS on Debian

Install Nginx

Edit the /etc/apt/sources.list to add the Nginx repostitory

nano /etc/apt/sources.list

Add the following repository (currently for Debian 9/Stretch)

deb http://nginx.org/packages/mainline/debian/ stretch nginx

Download and install the key for the repository

wget https://nginx.org/keys/nginx_signing.key
sudo apt-key add nginx_signing.key

Remove nginx-common, update apt and install nginx

sudo apt-get remove -y nginx-common
sudo apt-get update -y
sudo apt-get install -y nginx

Systemd / Nginx Race Condition

There is a known race condition, with a workaround as follows:

mkdir /etc/systemd/system/nginx.service.d
printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" > /etc/systemd/system/nginx.service.d/override.conf
systemctl daemon-reload

Edit /etc/nginx/sites-available/default

Note: these edits are not comprehensive, just to get certbot working. Uncomment the following lines:

listen 443 ssl default_server;
listen [::]:443 ssl default_server;
...
location / {
...
try_files $uri $uri/ =404;
}

Where it says server_name _; change _ to an appropriate fqdn that has an appropriate A record. Save and restart the nginx:

service nginx restart

Letsencrypt Certbot

sudo apt-get update
sudo apt-get install -y python-certbot-nginx certbot -t stretch-backports

Run letsencrypt (automatic)

certbot

Test access from a browser.

HSTS Preload

Browsers have a list of servers that require https/ssl. Add sites to the list. Two things are required: 80 to 443 redirect, and an hsts header. For the redirect, add this server configuration:

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
        return 301 https://$host$request_uri;
}

For the HSTS header, this needs to be added to each server. Can simply be added after the listen 443 ssl; line:

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

Nginx Info

Nginx has become the standard for much of the web, for the basic standard reason it is not creaky old (though of course still lovable) Apache. However, before we get too far ahead of ourselves, let's recall exactly what we need to know about Nginx in order for it to work as well as Apache:

  • Installation
  • Configuration files
  • Support of SSL / LetsEncrypt
  • SFTP/SCP access to file system (and file rights + ownership)
  • Multiple virtual servers / directories
  • Mimetypes
  • Support for PHP
  • Threading
  • .htaccess and related

Nginx and Related Files and Directories

Standard or default files and directories as follows:

  • /etc/nginx - application directory
  • /etc/nginx/nginx.conf - main configuration file
  • /usr/share/nginx/html - default website root directory - noted as html in nginx.conf
  • /var/log/nginx/error.log - error log
  • /var/log/nginx/access.log - access log
  • /etc/nginx/mime.types - mime types
  • /etc/php.ini - php configuration file

Nginx / PHP-FPM Security Issues

There are significant issues with PHP-FPM in terms of keeping site caching partitioned when using multiple websites/virtual sites. Opcache should be turned off and individual users should be in charge of a different php-fpm process for each site. How to do this is not listed here (just yet).