Category: Office

A Few Choice Words on the Google Purchase Tracking Freakout

I first heard that Google was [supposedly, surreptitiously] tracking online purchases via users’ Gmail accounts from one Dagny Taggart. An unbridled screed from a blogger whose pen-name is modeled on steadfast, analytical, self-sufficient typecasting, while the world is embroiled in the flavor of the (every)day, 2 Minutes of Hate, directed at the purveyors of online services. Incredulity, please enter stage left on my mark.

Not one to go with the flow – aced social media long before Prof. Glenn Reynolds (see end note) and actually read beyond mere headlines – I decided to see for myself what the hullabaloo was all about.

Yes, I use The Goog for email, and yes I was extremely disappointed. I’ll be reading Vonnegut’s Player Piano tonight instead of joining the Evil Internets Rally & HTML Page Printout Bonfire, as from no less than five different accounts all dastardly Google would tell me was this …

(more…)

Installing libsodium for PHP on macOS Mojave 10.14

While mcrypt installation has been the subject of [developer] fits and [yours truly’s] restarts, mcrypt is in fact going away. libsodium is the new player in town, a point I anticipated long ago being the venerable tech expert that I am just found out being the accountant who unfortunately bears the burden of having used dBase and Paradox in a past life.

That said, the process is relatively similar to mcrypt i.e. you will need brew (and I suggest XCode command line tools, just in case). Instructions for both are readily available via the only hyperlink in the paragraph immediately proceeding this one. Further, you need not bother with PHP source, but you might as well turn off SIP beforehand. Now let’s get started.

(more…)

Plugging mcrypt into PHP on macOS Mojave 10.14

Back by popular demand i.e. someone was struggling with ciphers in PHP and doing so on my dime. This will be quicker than prior implementations as we are going to dispense with building libmcrypt from source, as well as roll 64-bit only.

First, grab/do the following …

1) PHP 7.1.23 source code, which is available here; it is what my machine was running as of late, but you should use php -v to check your version of PHP and then download the PHP source for that version;

2) Xcode 10.2.1, available from the Mac App Store; you will also need the Command Line Tools (macOS 10.14) for Xcode, which you get by selecting “Xcode/Open Developer Tool/More Developer Tools…” from the Xcode menu, then logging into your Apple Developer account; it was at the top of the list as of the morning this post was written;

3) Homebrew (http://brew.sh) which can be installed by typing ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/ install/master/install)” at the command line; I removed Homebrew completely then reinstalled, rather than deal with updates, permissions issues, etc. that might arise after numerous macOS updates/upgrades;

4) Turn off System Integrity Protection (SIP):

  • Click the Apple menu (upper left hand corner of your screen)
  • Select Restart, then hold down the Command-R keys to boot into Recovery Mode
  • Select the Utilities menu and then Terminal
  • In Terminal, type csrutil disable and then hit return; then close Terminal
  • Click the Apple menu and select Restart
  • When you are done installing mcrypt, you can restart SIP by following the above steps while using csrutil enable.
(more…)

Tracker-less

While relatively inactive, this website is now tracker-less.

  • No ads, beacons, or surreptitious pixels
  • No embedded analytics, nor external measurement artifices in use
  • No externally served fonts (a laughably obvious tracking mechanism)
  • No linkage to “social media” or other such insidious trash
  • No first-party cookies (at least after fairly extensive testing)

There are a few YouTube videos embedded within, and since that service’s owner distributes tracking cookies via that media, it will be removed in due course. There may be links to other so-called “services” – varying displays of external content types accumulated over the years – but they too will be exterminated as they are found. Bonus: an aggregate Pingdom score consistently between 99 and 100.

MG signing off (because it was mostly useless shit anyway)

A beginners’ guide to running blockchain full nodes using external storage devices

For those loath to run an established (read: huge) blockchain full node because they don’t want to reserve double digit percentages of their laptop’s soldered (additional read: not upgradeable) solid state storage for the cause, here are simple steps to do so by leveraging external drives. These instructions are for macOS, but Linux and Windows users should be able to derive their own setup from it.

First, let us note the location and size of comprehensive blockchain data stores as presented by both Bitcoin Core and Ethereum Wallet

Bitcoin Core default stores the Bitcoin blockchain under ~/Library/Bitcoin. There you will find several directories and files, including those for your wallet. That which we will want to deploy elsewhere is as follows:

1) ~/Library/Bitcoin/blocks at roughly 170 GB

2) ~/Library/Bitcoin/chainstate at roughly 3 GB

Ethereum is less unwieldly, but nonetheless a lot of data. It can be found under ~/Library/Ethereum; we’ll concentrate on the directories below:

1) ~/Library/Ethereum/geth/chaindata at roughly 80 GB

2) ~/Library/Ethereum/geth/lightchaindata at roughly 0.5 GB

Note that we are going to ignore other items under the main directories, including that representing keys i.e. wallets, wallet.dat in the case of Bitcoin and the /keystore for Ethereum. Why? While setups vary, my particular environment includes a laptop with FileVault2 activated, and a discrete backup drive encrypted AES-256 that receives a weekly clone of the former. Hence I always have two very secure copies of my keys and prefer to keep it that way.

Post-Identification

We are now going to move the big directories noted above to an external storage device. To keep everything organized, first create a “Bitcoin” and/or “Ethereum” directory on the device. Then copy the entire directories from above into those. Next, append “.old” to the original directory location names i.e the directories you copied from.

Now we will create symbolic links aka aliases to point the wallet applications to the new data store. Type the following into terminal …

For Bitcoin

ln -s /Volumes/XYZDRIVE/Bitcoin/blocks ~/Library/Application\ Support/Bitcoin/blocks

ln -s /Volumes/XYZDRIVE/Bitcoin/chainstate ~/Library/Application\ Support/Bitcoin/chainstate

For Ethereum

ln -s /Volumes/XYZDRIVE/Ethereum/chaindata \ ~/Library/Ethereum/geth/chaindata

ln -s /Volumes/XYZDRIVE/Ethereum/lightchaindata \ ~/Library/Ethereum/geth/lightchaindata

(where XYZDRIVE is your drive name)

Note that as the latter locations go for each blockchain, they are small in comparison to the others (not critical to move). Further, with the Ethereum light client data (still in beta), it may be advantageous to not move the lightchaindata directory, in case you are on the road and want to use your wallet in a jiffy.

Finale

Run Bitcoin Core and/or Ethereum Wallet. Assuming your previously stored blockchain(s) is not too far behind with syncing, it should start rolling right away. You can delete the “dot old” directories after you’ve confirmed all is right with the world.

MG signing off (to contribute to the stability of another network, without the storage headaches)

Grab and validate National Vulnerabilities Database updates

Here is a concoction to grab National Vulnerability Database feeds, specifically the Modified JSON and related metadata, then validate the reported sha256 hashes:

import urllib.request
import gzip
import hashlib

#json file
fileurl = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.json.gz'
json_file = '/Users/laptopuser/Documents/Active/NVD/nvd-data/0326/nvdcve-1.0-modified.json.gz'
urllib.request.urlretrieve(fileurl, json_file)
json_file_open = gzip.open(json_file, 'rb')

#meta file
fileurl = 'https://static.nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta'
json_meta_file = '/Users/laptopuser/Documents/Active/NVD/nvd-data/0326/nvdcve-1.0-modified.meta'
urllib.request.urlretrieve(fileurl, json_meta_file)
json_meta_file_open = open(json_meta_file, 'r')

#get hash from meta file
for line in json_meta_file_open:
    li = line.split(':')
    if li[0] == 'sha256':
        ze_sha = li[1].strip('\n')
        print('Meta:', ze_sha)

#calc hash of file
sha256_hash = hashlib.sha256()
with json_file_open as f:
    for byte_block in iter(lambda: f.read(4096),b""):
        sha256_hash.update(byte_block)
    ze_hash = sha256_hash.hexdigest().upper()
    print('Calc:', ze_hash)
    
if ze_sha == ze_hash:
    print('MATCH')

json_file_open.close()
json_meta_file_open.close()

You will get output that looks something like this …

Meta: E3ECE7D603F091E68E60E68CD6E230A28BC9E23EFB7E9B8145E559D1910BE9A6
Calc: E3ECE7D603F091E68E60E68CD6E230A28BC9E23EFB7E9B8145E559D1910BE9A6
MATCH

No apologies for the basic code presentation, nor for using urllib.request.urlretrieve. Feel free to copy and paste into Jupyter notebook or PyCharm if syntax highlighting is desired; as the latter goes, I know that function is supposed to disappear but my application requires keeping a sizable rotation of NIST’s handiwork close by.

MG signing off (to grab and validate some more)

Plugging mcrypt into PHP on macOS High Sierra 10.13: A Requiem

Since Apple’s desktop operating system was called OS X Leopard, I’ve been concocting little ditties on how to plug mcrypt functionality into PHP without complete recompilation and/or using a black box MAMP offering. The previous stop on that [eight year?] journey was with macOS Sierra. And it was/is the end of the line.

Queue list of excuses …

  • I don’t use PHPMyAdmin or Magento eCommerce (both major targets as PHP + mcrypt needs go)
  • I’ve been leaning on Linux VMs for relevant development work (trashing environments and starting over less often than ever)
  • I’ve taken a liking to Python, as it covers everything from number tumbling and data crunching to stupid little utilities for replacing website photos (dropping Anaconda in is a breeze)
  • And not really last but certainly not least, Apple’s latest release, High Sierra 10.13, came complete with a security-related flaw so ludicrous that I probably won’t upgrade until at least iteration two or three. It’s a trust thing.

For those who have already gained elevation in the States’ westernmost major range, all is not lost. If you run through the last set of instructions and replace any code that says “10.12” with “10.13” – along with identifying the proper XCode and PHP versions at the start – you should be ok.

Meanwhile, thanks for the good times.

MG signing off (because that’s all folks)

UPDATE 11/28/17: Like I said, lack of trust.

Right now in Houston

According to the Houston Food Bank

“Right now, one in five people in southeast Texas don’t have enough to eat.”

Probably more like one in three right now, so please click the logo below and give what you can. Link is via convio.net, and has been tested (i.e. I received a valid receipt directly from the HFB).

Medical supplies are also needed, and eBay/Paypal are matching donations up to a quarter million. You can contribute RIGHT HERE.

MG signing off (thinking Texans are pretty cool)

UPDATE: And here’s a Paypal link for Irma related relief -> https://www.paypal.com/us/fundraiser/107725536494624790

Programming the Yaesu VX-8DR on macOS, with the help of CHIRP and Valley Enterprises

In a word, easy.

The quad-band Yaesu VX-8DR is a nifty little radio, but in many respects it also suffers from feature overload. Hence menu pain. Even after several sessions of RTFM, one can still be lost. Programming via computer, please enter stage left on queue.

Unfortunately for Apple users, most pre-packaged programming utilities i.e. cable and software offerings cater to the Windows operating system and/or are designed for serial ports (think DE-9 connector). Those jokers with a spare MacBook Air lying around are almost SOL; they have to assemble their own tools instead.

With a little research it’s a moderately low effort endeavor. Even less if you just continue on here.

(more…)

Bring Blogger images into WordPress, the hard way

You migrate from Blogger to self-hosted WordPress. Your posts move over just fine, but for some reason (or another) your images forget their bus pass. Those pornographic stupid cat, hastily-prepared food, and trying-to-make-people-think-you-are-wealthy-instead-of-deep-in-debt vacation photos still show on the new site as they are properly referenced in the posts, but they actually remain on Google’s servers. You (or your client) don’t like that.

Meanwhile, the two plugins you found to solve this problem, Archive Remote Images and Cache Images, haven’t been updated in years. You take your chances anyway because you are lazy (if it is a personal site), or consistently over-promise and under-deliver (due to the impossibility of getting real work done at coffee shops). Either way, you must now hope you made a full site and database backup beforehand. If you did, you’re solution is now staring you in the face.

The script I concocted (shown after the jump) will get you a folder full of those images – with clean and pretty naming conventions – that you can upload to your wp-content directory, along with a SQL script to update links in your WordPress posts. Said programmatic wizardry dirty hack is written in Python – debugged using version 3.5.2 Anaconda custom (x86_64) on macOS 10.12.3 to be precise – and does rely on some SQL prep work. If you do not know Python, SQL and how to navigate directories while a terminal prompt blinks back, you have two choices: Google it (after determining what the definition of “it” is), or inquire about retaining me to do your work for you.

I’ll make the decision whether to continue easy too; if you cannot execute the following block of code sans assistance you are officially deemed “without paddle” …

SELECT * FROM `wp_posts` WHERE `post_content` LIKE "%blogspot%"
INTO OUTFILE '/home/dump/blogspotposts.csv'
FIELDS TERMINATED BY '|'

That look easy? Then proceed.

First, decide whether to run on your desktop (for future upload) or directly on server. Next, create a directory underneath where the script is located called /bspics. Lastly, make sure the directory the code is in is writable by all.

The code can be found here -> processblogspotimagelinks.py

Once you have changed the obvious stuff to suit your need, run it. Your /bspics directory will fill up with those images I promised – you can then place that entire directory underneath /wp-content – and you’ll also have a file called bsreplacescript.sql which you will run against your WordPress database to update image links in the associated posts.

Important [final] note: the coding was an iterative process, and some data analysis was done between steps in order to account for string possibilities encountered, generating clean file names, etc. It could be refactored, but wasn’t because 1) the end result works as intended and 2) removing those iterations would handicap attempts to modify it for a different data set.

MG signing off (to solve some not-so-commonplace problems)