Macrotone Blogs

Macrotone blogs upon Joomla, our products and other matters.
Categories
Tags
Archives
Calendar
Categories:   All Categories
Suggested keywords
x
Geoffrey Chapman

Pavlovian approach to Password Management.

Engineers as Stanford recently unveiled a new password policy that shuns one-size-fits-all security.  This has been followed a system proposed by Lance James, the head of the cyber intelligence group at Deloitte & Touche.   This proposes a system that provides rewards or penalties based on the passcode choices people have made.

The example given is one as follows:

A user who picks "test123@#" might be required to change the password in three days under the system,. The three-day limit being based upon calculations showing it would take about 4.5 days to find the password using offline cracking techniques. Had the same user chosen "t3st123@##$x" (all passwords in this post don't include the beginning and ending quotation marks), the system wouldn't require a change for three months.

An interesting concept, and on that would avoid forcing users who have made a sensible password choice from being forced to change their passwords because some other less careful users choose ‘easier passwords’.

The full article is here.

Tags:
Privacy Password Control security
Geoffrey Chapman

Privacy Badger– an interesting Browser plugin

There is an interesting plugin for Chrome and Firefox currently in ‘Alpha’ release from the EFF (Electronic Frontier Foundation) who brought us ‘HTTPS Everywhere‘ named ‘Privacy Badger’.

Privacy Badger is described as a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web.  If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser.  To the advertiser, it's like you suddenly disappeared.

More details upon the EFF website.

Tags:
browser Plugin Privacy security
Geoffrey Chapman

Web access URL’s containing ‘RK=0/RS=’ string

We have noticed over the past few months an increase in the number of web access upon various URL addresses upon our site with a string starting ‘/RK=0/RS=’, followed by strings of other characters.  To us they are obviously some attempt to get access to information but we were a little puzzled as to how they might possibly work. The URL’s they are attached to are varied but seem to be upon a lot of Blog addresses. The RS= looks like it could be a regular expression for a pattern match of sorts, since some(but not all) are sometimes followed by a caret ^ but that is speculative.

They look to be a form of  SSI injection with the header, with the attempt to try and pass tokens into the URL for some purpose..

Apparently we are not alone and there is much discussion upon the web as to exactly what it is trying to achieve and who might be behind it, but no clear answer is currently known.

One way to remove them might be a simple .htaccess rule similar to the following:

RewriteRule ^(.*)RK=0/RS= /$1 [L,NC,R=301]

An alternative would be to block the IP addresses from which they are coming, but if they are not ‘hard addresses’ in the sense that they are not reusable,  then the risk is that you may end up blocking legitimate traffic.

Tags:
website SPAM logs links
Christine Chapman

EU Cookie Plugin 1.1.2 released

cookies

EU Cookie system plugin release 1.1.2 for Joomla 2.5 and 3.2.

This minor update adds a new option to specify the height of the image over the acceptance button, changes the image specifications to be relative and not absolute and tidies up the plugin credits.

The plugin has been used on our site since the introduction of the legal requirement to comply with the EU Cookie Directive for web sites.  This plugin complies with the regulation by notifying the user of the Cookie policy.

 

Geoffrey Chapman

Longaccess: pass your digital assets to your heirs

longaccessOne question that is often asked is how one preserved ones’ digital assets and pass them on to your heirs.  We recently read about a new service that may offer a solution.

Longaccess promises to be a cold storage of sorts for your digital life. It's a cloud-based service that operates off Amazon's S3 data centres, but unlike other file lockers such as Dropbox or Google Drive, Longaccess aims to be less accessible, but more dependable. It describes itself as a ‘safe’ on the Internet, a location where one can store files fully encrypted and secured, safe and ready to be accessed for decades.

Longaccess is not a file syncing service, nor is it  a file sharing service.  It is a service for storing files for long periods of time. Files that are NOT updated, or changed at all. Every time a file is created and uploaded to a Longaccess Archive using the desktop application, one gets an Archive Certificate.  This is a simple text file, that contains all the information required to access the data in the future:

- Anyone with access to the Archive Certificate can access the corresponding Archive data: Nothing else is required, not even a username or password.

- Access to the Archive data is impossible without the corresponding Archive Certificate. No one, not even the owner, nor Longaccess, can decrypt the Archive without the Archive Certificate.

One can think of the Archive Certificate as a full entitlement to access the data of a specific Archive. If one gives a copy to someone else, they can also access the data.

There are a number of questions re cost etc. that immediately spring to mind, including how they can guarantee they will be around in a decade or so, question which they try to answer on their web site.

Sounds interesting and may well be a way to preserve those ‘old’ photographs for posterity.  One that may well be worth watching for a future opportunity.

Tags:
storage security website
Geoffrey Chapman

Test email in foreign languages

We have been working with the emailing of problem reports to our Issue Tracker component recently in particular with the specific problem of languages using ISO-8859-2 character sets.

Having made some code changes to handle this, we were thinking of how it might be possible to test out other languages, with other character sets such as Chinese, Korean etc.

The little grey cells starting thinking about the various translation sites upon the web, and whether there might be any that could not only perform a translation of some specific text but also complete the task by emailing the translation to a specific address.

After some searching it seems that this is not an unusual requirement and we found several that could possibly do what we required. A lot only handled the translation part of the requirement, but the sending of the email was not that common. It was important that the email was sent from the third party since if we used a local email client the details in the message header and body did not accurately reflect the correct character set in use, and this was the one thing we wanted to test.

A number of sites imposed limitations such as the number of characters in the message, the number of messages that could be sent etc., which is generally reasonable since they are endeavouring to make a living from providing a service and would prefer to charge.  However these limitations were not of a major concern to us, especially as the text content could be anything at all, as long as the character sets were represented.

We obviously will not list all of the sites we investigated but the one which we found suitable for our needs was WorldLingo and though it insisted in creating accounts for both our sender and receiver of the generated emails, this was something we could easily live with. There is a vast range of possible languages to choose from, certainly more than we will ever use or test I suspect, and the machine translations were more than adequate for our purposes.

Our requirements were not all that unusual at all, and I suspect others might have the same sort of need, in which case hopefully this may act as a pointer.

Update: One interesting side effect we noticed was that, when we sent the email (via WorldLingo) it was 'processed' by our component and automatically send a reply acknowleging receipt. Since the emails from WorldLingo are all sent out with individual identifers in the email address the reply was sent to the named worldlingo address which then forwarded it to use (the sender). The interesting aspect was that the text was 'translated' on the reply and didn't quite match what was the 'original' text in English. One of the interesting aspects of translating in this case from English->Japanese->English. Not a concern to use but just goes to show how things can get confusing in translation.

Tags:
Issue Tracker joomla Language Email Electronic
Geoffrey Chapman

Issue Tracker Template Overrides

b2ap3 icon joomlaWe have recently been ‘playing’ with a new ‘Bootstrap v3’ template for the front end of our site.  This involved use creating a set of template overrides for our Issue Tracker component and we decided to share the details with our users.

Joomla has long had the ability to create Template Overrides, which are modifications to the Joomla components or modules. This permits changes to be made upon a ‘local site’ basis without the need to change or hack the supplied code.

We are primarily concerned with the Issue Tracker component and we have tried hard to produce front end displays of Individual Issues and of the Issue Entry form that would be usable in the majority of installations. However the differences between the various template used on sites are many and vast, and it is almost inevitable that they will not be suitable for everyone. This was indeed the situation we discovered ourselves when using a BootStrap template for the site.

Continue reading
Tags:
PHP Template joomla Issue Tracker components
Geoffrey Chapman

Mail ISO-8859-2 character sets

We recently received a report that the email fetching feature within our Joomla Issue Tracker component wasn’t handling the subject header and email body correctly for the ISO-8859-2 character set. This character set is used by a number of Eastern European countries, so we were interested in resolving the problem if we possibly could.

We tend to use the standard PHP imap routines and it was immediately obvious how we should handle the subject, but implementing a call to the imap_mime_header_decode method. This worked well and was a very quick fix.

Continue reading
Tags:
Email Issue Tracker joomla PHP
Geoffrey Chapman

MariaDB and Joomla ?

MariaDBWe were looking at the possibilities of upgrading the version of MySQL we are using on out NAS system and were reminded of the existence of the MariaDB database as a possible alternative. Alternative because our NAS does not easily permit the upgrade of the MYSQL part of the system mainly because it is so tightly tied into the other features.

What is MariaDB one might ask. Well there is probably no better explanation that that upon the MariaDB web site.

Continue reading
Tags:
database MySQL joomla Tools
Geoffrey Chapman

Handling Googlebot URL detected errors.

GoogleWe tend to use Google Webmaster Tools to monitor our main site and in particular the Crawl Errors that it detects.  Sometimes we are a little confused as to where the errors are coming from since the 'source' URL is sometimes the self same page indicated as in error, and others indicate pages where we fail to find the link referenced as in error.

That said it has proved generally useful and mostly they are trivial to fix.  What it has been difficult to discover, is a good reference guide to the topic of Search Engine Friendly URLs known as SEF. Whilst acknowledging that the subject of SEF can be quite involved, our searches have yet to reveal a good comprehensive article upon the best design and implementation mechanisms. It is even more difficult to discover a good guide to resolving problems. Having found nothing suitable we decided to create this post as a record of our investigations and perhaps act as a guide for others.

Continue reading
Tags:
htaccess joomla SEF Tools
Go To Top

Joomla! Debug Console

Session

Profile Information

Memory Usage

Database Queries