Problem with HTTPS Everywhere and Google Translate

We recently noticed a small problem where we have HTTPS Everywhere installed within our Firefox Browser and we were trying to view a translation using Google Translate.

The translation page would display correctly yet only the page headers would be shown. The actual translation was not visible.  Inspection of the Java Console revealed an error:

Error: Load denied by X-Frame-Options: https://translate.google.com/translate?client=tmpg&depth=1&hl=en&langpair=en%7Cfr&rurl=translate.google.com&u=http://macrotoneconsulting.co.uk/ does not permit cross-origin framing.

The actual HTTPS rule was already disabled within the HTTPS plugin so we were puzzled as to why it was failing.  We tried disabling the HTTPS Everywhere plugin completely and the translation would work. So it was almost as if even though the actual rule to convert the http to https redirect was disabled it was trying to use the rule!

Continue reading
Tags:
5209 Hits
0 Comments

MySQL 1071 and associated errors.

mysqlOur users have reported a few MySQL errors over the years but one of the most common appears to be the

ERROR 1071 (42000): Specified key was too long; max key length is xxx bytes

Where xxx is some specified value often, but not always, a value of 767.

For that reason we decided that we would make this blog entry to try and explain the situation.

We are concerned here mainly with InnoDB tables since that is what we tend to use in our extensions.

Continue reading
907 Hits
0 Comments

Newsfeeds display – solution to an enigma

b2ap3 icon joomlaWe have always displayed a few relevant newsfeeds upon our web site, but it has never, to be honest been very high on the visitor list, or upon our own priority list. We long ago noticed that the default display for the ‘Newsfeeds Categories’ in the front end of our site comprised merely of two lines, one for each of the two newsfeed categories we use, which also acted as a link to the underlying newsfeeds in the respective category.  There was no page header, no display of the breadcrumb information, and no details of the category descriptions.  In short  a very barren page.

Originally it was suspected that it might be a template or CSS type problem.  Attempts to change the menu settings, resaving module specifications etc.,  all proved fruitless.  It didn’t matter what the menu settings were, they were silently ignored.  One is tempted to say it was a cache type problem, but bearing in mind that this has been the situation for several months, if not longer  and the various caches’ had been manually cleared several times during that period, it was obvious that something else was amiss.

With the change to a new site template, the situation remained unresolved and it was starting to get a little bit annoying.   So given a hour or so spare we decided to investigate further.  Inspection of the PHP code underlying the display revealed no clues, and despite retrying all our previous steps we were no further forward.

Searching the web for similar reported problems drew a complete blank, apart from a link to a very strange problem we had ourselves encountered with the display of breadcrumbs on a previous occasion.  Looking back we found out previous blog entry. [So keeping a blog can prove useful.]  We thus decided to clear all URL entries from the sh404SEF component for the com_newsfeeds component.  Low and behold on refreshing our web page the correctly formatted page was shown, complete with headers, breadcrumbs, descriptive text etc.

We realise that sh404SEF keeps track of URL links, but why this should impact the page display is currently a bit of a mystery.  It doesn’t itself cache pages, but must somehow also keep track of which modules and what the ‘previous’ settings were for a page ,for which it is keeping a record of the link.  I am sure that I have never read anything of this sort in the component documentation.

What we learnt gain from this is that sh404SEF seems to have some strange characteristics which impact what is displayed upon a screen, far and above just converting non SEF URLs to a SEF format.  So it you are ever seeing a similar type of problem and every thing else seems to failing to resolve it, it might, if your site is using sh404SEF be worth clearing your entries and seeing if it resolves the problem.  Certainly stranger things have happened.

750 Hits
0 Comments

Web Site Revamp

We are pleased to announce the revamp of our web site.

We have retaining all of our previous content which is now presented in a template designed by Joostrap making use of Bootstrap v3.

This redesign is intended to reflect some of the newer emerging technologies and also increased performance and a more streamlined design. It is fully responsive and mobile ready, using HTML5 as standard.

This is the first of a number of changes we will be making on the site which will be made over the next month or so. Our previous template has served us well for a while but all things have their time and it was time to move with the times.

Update 25/06/2014: Have also upgraded the version of Joomla to the latest release. Hopefully everything will remain stable.

782 Hits
0 Comments

Canvas Fingerprint code tracking

fingerprintThe topic of the moment appears to be ‘Canvas Fingerprinting’ with a number of articles available on the web. It is the latest development in use for tracking the movement of users on the web. You do not need to click on a widget to be tracked, just visiting the site is sufficient.  It exploits the subtle differences in the rendering of the same text to extract a consistent fingerprint that can easily be obtained in a fraction of a second without the user being made aware.

A research paper concluded that code used for canvas fingerprinting had been in use earlier this year on 5,000 or so popular websites, unknown to most of them. Most but not all the sites observed made use of a content-sharing widget from the company AddThis.

The mechanism: Canvas Fingerprinting works in a similar way to cookies, by keeping a record of which sites are visited. When a browser loaded the AddThis widget, JavaScript that enabled canvas fingerprinting was sent. The script used a capability in modern Web browsers called the canvas API that allows access to the computer’s graphics chip, which is intended for use with games or other interactive content.

An invisible image is sent to the browser, which renders it and sends data back to the server. That data can then be used to create a “fingerprint” of the computer, which could be useful for identifying the computer and serving targeted advertisements.

But of several emerging tracking methods, canvas fingerprinting isn’t the greatest: it’s not terribly accurate, and can be blocked.  The Electronic Frontier Foundation (EFF) recommend their own ‘Privacy Badger’ or the Disconnect add-on.  

The list of sites that still track you is at this address.

So much for privacy.

980 Hits
0 Comments

ReCaptcha disappeared from User Registration.

ReCaptchaWe were recently informed of a problem on our site where the ReCaptcha image was not being displayed.  This was puzzling since we hadn’t changed anything and the image was showing in other locations upon the site, such as adding article comments etc.

We were aware of a few changes a year or so ago by Google but are not aware of any recent changes.  After some searching we found this article which described our problem and provided a solution that appears to work well.

We had already checked that Method 1 in the article didn’t resolve the problem so we used Method 2 which we reproduce below.

This overrides the Core Joomla code for ReCaptcha:
1. Open the file: /plugins/captcha/recaptcha/recaptcha.php
2. Find the following string in the OnDisplay function:

return '<div id="dynamic_recaptcha_1"></div>'; 

3. and replace with:

   1:  // Replace YOUR_KEY with your public key 
   2:   
   3:   return '<div id="dynamic_recaptcha_1"> 
   4:   <script type="text/javascript" src="http://www.google.com/recaptcha/api/challenge?k=YOUR_KEY"></script> 
   5:   <noscript><iframe src="http://www.google.com/recaptcha/api/noscript?k=YOUR_KEY" height="300" width="500" frameborder="0"></iframe><br> 
   6:   <textarea name="recaptcha_challenge_field" rows="3" cols="40"></textarea> 
   7:   <input type="hidden" name="recaptcha_response_field" value="manual_challenge"></noscript> 
   8:   <script type="text/javascript"> 
   9:   window.onload = function() { 
  10:   Recaptcha.focus_response_field(); 
  11:   } 
  12:   </script> 
  13:   </div>'; 

 

 

We have tested using Firefox, Chrome and IE and in all cases we now see the ReCaptcha image, where as previously we were not.

The following additional comments were present in the original article and also apply in our situation.

Additional

  • This applies to a case where the code WAS working and without any changes to the server (no updates), and the recaptcha simply stopped displaying.
  • Public Key and Private Key have been setup in the Joomla Core Plugin.
  • Set to display in both User Registration and Global Configuration.
  • K2 is NOT installed.

Note Well:

This change would have to be reapplied if the plugin is updated by any future update from Joomla, but at least the site user registration is working correctly!

1484 Hits
0 Comments

Pavlovian approach to Password Management.

Engineers as Stanford recently unveiled a new password policy that shuns one-size-fits-all security.  This has been followed a system proposed by Lance James, the head of the cyber intelligence group at Deloitte & Touche.   This proposes a system that provides rewards or penalties based on the passcode choices people have made.

The example given is one as follows:

A user who picks "test123@#" might be required to change the password in three days under the system,. The three-day limit being based upon calculations showing it would take about 4.5 days to find the password using offline cracking techniques. Had the same user chosen "t3st123@##$x" (all passwords in this post don't include the beginning and ending quotation marks), the system wouldn't require a change for three months.

An interesting concept, and on that would avoid forcing users who have made a sensible password choice from being forced to change their passwords because some other less careful users choose ‘easier passwords’.

The full article is here.

1007 Hits
0 Comments

Privacy Badger– an interesting Browser plugin

There is an interesting plugin for Chrome and Firefox currently in ‘Alpha’ release from the EFF (Electronic Frontier Foundation) who brought us ‘HTTPS Everywhere‘ named ‘Privacy Badger’.

Privacy Badger is described as a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web.  If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser.  To the advertiser, it's like you suddenly disappeared.

More details upon the EFF website.

1011 Hits
0 Comments

Web access URL’s containing ‘RK=0/RS=’ string

We have noticed over the past few months an increase in the number of web access upon various URL addresses upon our site with a string starting ‘/RK=0/RS=’, followed by strings of other characters.  To us they are obviously some attempt to get access to information but we were a little puzzled as to how they might possibly work. The URL’s they are attached to are varied but seem to be upon a lot of Blog addresses. The RS= looks like it could be a regular expression for a pattern match of sorts, since some(but not all) are sometimes followed by a caret ^ but that is speculative.

They look to be a form of  SSI injection with the header, with the attempt to try and pass tokens into the URL for some purpose..

Apparently we are not alone and there is much discussion upon the web as to exactly what it is trying to achieve and who might be behind it, but no clear answer is currently known.

One way to remove them might be a simple .htaccess rule similar to the following:

RewriteRule ^(.*)RK=0/RS= /$1 [L,NC,R=301]

An alternative would be to block the IP addresses from which they are coming, but if they are not ‘hard addresses’ in the sense that they are not reusable,  then the risk is that you may end up blocking legitimate traffic.

Recent Comments
Geoffrey Chapman
You could well be correct, just not quite what they are trying to achieve/access. We currently see up to 100 attempts with these ... Read More
Wednesday, 07 May 2014 08:57
1836 Hits
3 Comments

EU Cookie Plugin 1.1.2 released

cookies

EU Cookie system plugin release 1.1.2 for Joomla 2.5 and 3.2.

This minor update adds a new option to specify the height of the image over the acceptance button, changes the image specifications to be relative and not absolute and tidies up the plugin credits.

The plugin has been used on our site since the introduction of the legal requirement to comply with the EU Cookie Directive for web sites.  This plugin complies with the regulation by notifying the user of the Cookie policy.

 

686 Hits
0 Comments
Go To Top

The Macrotone Consulting Web site would like to use cookies to store information on your computer, to improve our website. Cookies used for the essential operation of the site have already been set. To find out more about the cookies we use and how to delete them, see our Privacy Policy.

I accept cookies from this site.