Macrotone Blogs

Macrotone blogs upon Joomla, our products and other matters.

Privacy Badger– an interesting Browser plugin

There is an interesting plugin for Chrome and Firefox currently in ‘Alpha’ release from the EFF (Electronic Frontier Foundation) who brought us ‘HTTPS Everywhere‘ named ‘Privacy Badger’.

Privacy Badger is described as a browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web.  If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser.  To the advertiser, it's like you suddenly disappeared.

More details upon the EFF website.

  1288 Hits
  0 Comments

Web access URL’s containing ‘RK=0/RS=’ string

We have noticed over the past few months an increase in the number of web access upon various URL addresses upon our site with a string starting ‘/RK=0/RS=’, followed by strings of other characters.  To us they are obviously some attempt to get access to information but we were a little puzzled as to how they might possibly work. The URL’s they are attached to are varied but seem to be upon a lot of Blog addresses. The RS= looks like it could be a regular expression for a pattern match of sorts, since some(but not all) are sometimes followed by a caret ^ but that is speculative.

They look to be a form of  SSI injection with the header, with the attempt to try and pass tokens into the URL for some purpose..

Apparently we are not alone and there is much discussion upon the web as to exactly what it is trying to achieve and who might be behind it, but no clear answer is currently known.

One way to remove them might be a simple .htaccess rule similar to the following:

RewriteRule ^(.*)RK=0/RS= /$1 [L,NC,R=301]

An alternative would be to block the IP addresses from which they are coming, but if they are not ‘hard addresses’ in the sense that they are not reusable,  then the risk is that you may end up blocking legitimate traffic.

Recent Comments
Geoffrey Chapman
You could well be correct, just not quite what they are trying to achieve/access. We currently see up to 100 attempts with these ... Read More
Wednesday, 07 May 2014 08:57
  2191 Hits
  3 Comments

EU Cookie Plugin 1.1.2 released

cookies

EU Cookie system plugin release 1.1.2 for Joomla 2.5 and 3.2.

This minor update adds a new option to specify the height of the image over the acceptance button, changes the image specifications to be relative and not absolute and tidies up the plugin credits.

The plugin has been used on our site since the introduction of the legal requirement to comply with the EU Cookie Directive for web sites.  This plugin complies with the regulation by notifying the user of the Cookie policy.

 

  880 Hits
  0 Comments

Longaccess: pass your digital assets to your heirs

longaccessOne question that is often asked is how one preserved ones’ digital assets and pass them on to your heirs.  We recently read about a new service that may offer a solution.

Longaccess promises to be a cold storage of sorts for your digital life. It's a cloud-based service that operates off Amazon's S3 data centres, but unlike other file lockers such as Dropbox or Google Drive, Longaccess aims to be less accessible, but more dependable. It describes itself as a ‘safe’ on the Internet, a location where one can store files fully encrypted and secured, safe and ready to be accessed for decades.

Longaccess is not a file syncing service, nor is it  a file sharing service.  It is a service for storing files for long periods of time. Files that are NOT updated, or changed at all. Every time a file is created and uploaded to a Longaccess Archive using the desktop application, one gets an Archive Certificate.  This is a simple text file, that contains all the information required to access the data in the future:

- Anyone with access to the Archive Certificate can access the corresponding Archive data: Nothing else is required, not even a username or password.

- Access to the Archive data is impossible without the corresponding Archive Certificate. No one, not even the owner, nor Longaccess, can decrypt the Archive without the Archive Certificate.

One can think of the Archive Certificate as a full entitlement to access the data of a specific Archive. If one gives a copy to someone else, they can also access the data.

There are a number of questions re cost etc. that immediately spring to mind, including how they can guarantee they will be around in a decade or so, question which they try to answer on their web site.

Sounds interesting and may well be a way to preserve those ‘old’ photographs for posterity.  One that may well be worth watching for a future opportunity.

  1319 Hits
  0 Comments

Test email in foreign languages

We have been working with the emailing of problem reports to our Issue Tracker component recently in particular with the specific problem of languages using ISO-8859-2 character sets.

Having made some code changes to handle this, we were thinking of how it might be possible to test out other languages, with other character sets such as Chinese, Korean etc.

The little grey cells starting thinking about the various translation sites upon the web, and whether there might be any that could not only perform a translation of some specific text but also complete the task by emailing the translation to a specific address.

After some searching it seems that this is not an unusual requirement and we found several that could possibly do what we required. A lot only handled the translation part of the requirement, but the sending of the email was not that common. It was important that the email was sent from the third party since if we used a local email client the details in the message header and body did not accurately reflect the correct character set in use, and this was the one thing we wanted to test.

A number of sites imposed limitations such as the number of characters in the message, the number of messages that could be sent etc., which is generally reasonable since they are endeavouring to make a living from providing a service and would prefer to charge.  However these limitations were not of a major concern to us, especially as the text content could be anything at all, as long as the character sets were represented.

We obviously will not list all of the sites we investigated but the one which we found suitable for our needs was WorldLingo and though it insisted in creating accounts for both our sender and receiver of the generated emails, this was something we could easily live with. There is a vast range of possible languages to choose from, certainly more than we will ever use or test I suspect, and the machine translations were more than adequate for our purposes.

Our requirements were not all that unusual at all, and I suspect others might have the same sort of need, in which case hopefully this may act as a pointer.

Update: One interesting side effect we noticed was that, when we sent the email (via WorldLingo) it was 'processed' by our component and automatically send a reply acknowleging receipt. Since the emails from WorldLingo are all sent out with individual identifers in the email address the reply was sent to the named worldlingo address which then forwarded it to use (the sender). The interesting aspect was that the text was 'translated' on the reply and didn't quite match what was the 'original' text in English. One of the interesting aspects of translating in this case from English->Japanese->English. Not a concern to use but just goes to show how things can get confusing in translation.

  1029 Hits
  0 Comments

Issue Tracker Template Overrides

b2ap3 icon joomlaWe have recently been ‘playing’ with a new ‘Bootstrap v3’ template for the front end of our site.  This involved use creating a set of template overrides for our Issue Tracker component and we decided to share the details with our users.

Joomla has long had the ability to create Template Overrides, which are modifications to the Joomla components or modules. This permits changes to be made upon a ‘local site’ basis without the need to change or hack the supplied code.

We are primarily concerned with the Issue Tracker component and we have tried hard to produce front end displays of Individual Issues and of the Issue Entry form that would be usable in the majority of installations. However the differences between the various template used on sites are many and vast, and it is almost inevitable that they will not be suitable for everyone. This was indeed the situation we discovered ourselves when using a BootStrap template for the site.

Continue reading
  1675 Hits
  0 Comments

Mail ISO-8859-2 character sets

We recently received a report that the email fetching feature within our Joomla Issue Tracker component wasn’t handling the subject header and email body correctly for the ISO-8859-2 character set. This character set is used by a number of Eastern European countries, so we were interested in resolving the problem if we possibly could.

We tend to use the standard PHP imap routines and it was immediately obvious how we should handle the subject, but implementing a call to the imap_mime_header_decode method. This worked well and was a very quick fix.

Continue reading
  1343 Hits
  0 Comments

MariaDB and Joomla ?

MariaDBWe were looking at the possibilities of upgrading the version of MySQL we are using on out NAS system and were reminded of the existence of the MariaDB database as a possible alternative. Alternative because our NAS does not easily permit the upgrade of the MYSQL part of the system mainly because it is so tightly tied into the other features.

What is MariaDB one might ask. Well there is probably no better explanation that that upon the MariaDB web site.

Continue reading
Recent Comments
Geoffrey Chapman
Have noticed that since 4.1 RC has been installed on the QNAP that MariaDB is present in /mnt/ext/opt/mariadb ( or use link to /us... Read More
Wednesday, 07 May 2014 11:16
  3307 Hits
  2 Comments

Handling Googlebot URL detected errors.

GoogleWe tend to use Google Webmaster Tools to monitor our main site and in particular the Crawl Errors that it detects.  Sometimes we are a little confused as to where the errors are coming from since the 'source' URL is sometimes the self same page indicated as in error, and others indicate pages where we fail to find the link referenced as in error.

That said it has proved generally useful and mostly they are trivial to fix.  What it has been difficult to discover, is a good reference guide to the topic of Search Engine Friendly URLs known as SEF. Whilst acknowledging that the subject of SEF can be quite involved, our searches have yet to reveal a good comprehensive article upon the best design and implementation mechanisms. It is even more difficult to discover a good guide to resolving problems. Having found nothing suitable we decided to create this post as a record of our investigations and perhaps act as a guide for others.

Continue reading
  3082 Hits
  0 Comments

ICANN looking to handle DNS namespace collision risks

I note from this article that a draft of a report (PDF) commissioned by ICANN and carried out by JAS (Joint Applicant Support) Global Advisors includes a series of recommendations — ranging from alerting network operators by returning 127.0.53.53 as an IP address to, in extreme conditions, killing a delegated second-level domain — to deal with the issue of traffic intended for internal network destinations ending up on the Internet via the Domain Name System.

Instead of the familiar 127.0.0.1 loopback address for localhost, the report suggests "127.0.53.53". Because the result is so unusual, it's likely to be flagged in logs and sysadmins who aren't aware of a name collision issue are likely to search online for information about the address problems.

"Numerous experiments performed by JAS confirmed that a wide range of application layer software logs something resembling a 'failed connection attempt to 127.0.53.53' which is the desired behavior. We also confirmed that all modern Microsoft, Linux, Apple, and BSD-derived operating systems correctly implement RFC 1122 (albeit with variations) and keep the traffic within the host system, not on the network," the report states.

  1661 Hits
  0 Comments
Go To Top

The Macrotone Consulting Web site would like to use cookies to store information on your computer, to improve our website. Cookies used for the essential operation of the site have already been set. To find out more about the cookies we use and how to delete them, see our Privacy Policy.

I accept cookies from this site.