HOWTO – How to change the post width for a WordPress blog

Question: How do I change the width of a WordPress blog?

Answer: Although each style is different, edit the file style.css

Also: be careful.

Remediation

$ diff /var/wordpress/Some-Blog/wp-content/themes/twentyeleven/style.css{.orig,}
77c77
< 	max-width: 1000px;
---
> 	max-width: 2000px;
196c196
< 	max-width: 690px;
---
> 	max-width: 1200px;
2694c2694
< } 
\ No newline at end of file
---
> }

General

Look for something about a fixed width or a maximum width in pixels.

#page {
   width: 1200px;
}

Background

… and not entirely helpful in their own right.

HOWTO – Make WordPress upload more than 2MB, also where is php.ini?

Question: How do I make WordPress upload more than 2MB?
Question: Where is where is php.ini?

Answer: You must modify the file php.ini to declare a larger limit.
Answer: The file php.ini is at /etc/php.ini.

Also: You must restart httpd (apache) after the reconfiguration.

Remediation

$ diff /etc/php.ini.orig /etc/php.ini
736c736,737
< post_max_size = 8M
---
> #post_max_size = 8M
> post_max_size = 32M
885c886,887
< upload_max_filesize = 2M
---
> #upload_max_filesize = 2M
> upload_max_filesize = 32M
$ sudo systemctl restart httpd.service

Derivations

$ find / -xdev -name php.ini 2>/dev/null
/etc/php.ini
$ php -i 2>/dev/null | grep php.ini
Configuration File (php.ini) Path => /etc
Loaded Configuration File => /etc/php.ini
$ php -i | grep php.ini
PHP Deprecated:  Comments starting with '#' are deprecated in /etc/php.ini on line 736 in Unknown on line 0
PHP Deprecated:  Comments starting with '#' are deprecated in /etc/php.ini on line 886 in Unknown on line 0
Configuration File (php.ini) Path => /etc
Loaded Configuration File => /etc/php.ini
PHP Warning:  Unknown: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Los_Angeles' for 'PST/-8.0/no DST' instead in Unknown on line 0
$ rpm -q -f /usr/bin/php
php-cli-5.3.19-1.fc16.i686
$ rpm -q -f /etc/php.ini
php-common-5.3.19-1.fc16.i686
$ cat /etc/fedora-release 
Fedora release 16 (Verne)

Actualities

Exhibition on a WordPress 3.4 blog.

Background

… and not entirely helpful in their own right:

HTTP and UDP

httpp and httpps

Who

When

  • 2010-Current.
  • 2012-10-28, announced to the ietf-http-wg@we.org

httpu and httpmu

draft-goland-http-udp-01Multicast and Unicast UDP HTTP Messages; Yaron Y. Goland (Microsoft); 1999-11-09 (expired: 2000-04).

  • New protocol names: httpu and httpmu
  • For httpmu the lack of a URI (a path) means *by some rationale (Section 5.3).
    • httpu://example.com and httpu://example.com/ are the same and have an implied path of / (slash)
    • httpmu://example.com and httpmu://example.com/ are different wherein the former has a path of * (star) and the latter has a path of / (slash), as per usual.
  • New headers (Section 11)
    • AL is like Location, but allows for multiple redirect locations
    • mx is a response-delay advisory, in integral seconds (not fractional seconds).
    • S is a unique client identifier, unique across all time; requests without an S don’t require a response.
  • Cookies are not implementable in Somethings(S, Serial Sequence, Something; that globally unique Request Identifier)
    • Cookies are:
      • sent out by servers
      • returned by clients
    • Somethingsare:
      • sent out by clients
      • returned by servers
  • SSDP Mailing List (circa 1999)

Protocols

  • TURN
  • STUN
  • STUNT

Related

Irrelevant

General UDP

at Jimi Wales’ Wiki

Specific

Cookies that give you away: The surveillance implications of web tracking | Englehardt, Reisman, Eubank, Zimmerman, Mayer, Narayanan, Felten

Steven Englehardt, Dillon Reisman, Christian Eubank, Peter Zimmerman, Jonathan Mayer, Arvind Narayanan, Edward W. Felten; Cookies that give you away: The surveillance implications of web tracking; draft; 2014-12-19; 12 pages.

Abstract

We study the ability of a passive eavesdropper to leverage “third-party” HTTP tracking cookies for mass surveillance. If two web pages embed the same tracker which tags the browser with a unique cookie, then the adversary can link visits to those pages from the same user (i.e., browser instance) even if the user’s IP address varies. Further, many popular websites leak a logged-in user’s identity to an eavesdropper in unencrypted traffic.

To evaluate the effectiveness of our attack, we introduce a methodology that combines web measurement and network measurement. Using OpenWPM, our web privacy measurement platform, we simulate users browsing the web and find that the adversary can reconstruct 62—73% of a typical user’s browsing history. We then analyze the effect of the physical location of the wiretap as well as legal restrictions such as the NSA’s “one-end foreign” rule. Using mea- surement units in various locations—Asia, Europe, and the United States—we show that foreign users are highly vulnerable to the NSA’s dragnet surveillance due to the con- centration of third-party trackers in the US. Finally, we find that some browser-based privacy tools mitigate the attack while others are largely ineffective.

Mentions

  • Methodology (Section 4, page 4)
    • Synthetic queries; i.e. no consumers were actually involved (or harmed) in this study.
    • Profile Generation
      1. Random generation of traces from random selection of Alexa top 500 sites.
      2. Generated user behavior seeded via the 2006 AOL Search Query Dataset.
    • Algorithmically generated user behavior.
    • Amazon colos: VA, IR, JP
    • MaxMind GeoLite for geolocation
  • OpenWPM
    • http_requests
    • http_responses
    • http_cookies
  • Giant Connected Component (GCC)

Projects

Plugins

  • Adblock Plus
  • Do Not Track
  • Ghostery
  • Lightbeam
  • HTTPS Everywhere
  • ShareMeNot
  • TrackingObserver

also vendor-supplied 3rd-party cookie blocking

Secret Silly Codenames (of the NSA)

Recited for gravitas & grandeur.

  • QUANTUMCOOKIE
  • XKEYSCORE

Who

Authors

in order of appearance

  • Steven Englehardt,
  • Dillon Reisman,
  • Christian Eubank,
  • Peter Zimmerman,
  • Jonathan Mayer,
  • Arvind Narayanan,
  • Edward W. Felten

Acknowledged

  • Jennifer Rexford
  • Doug Madory
  • Harlan Yu
  • Andrew Clement
  • Colin McCann

Referenced

Previously

Via: backfill

Promotions

Justifications

Actualities


References

  1. Do Not Track (DNT).
  2. Ghostery
  3. ShareMeNot: Protecting against tracking from third- party social media buttons while still allowing you to use them.
  4. TrackingObserver, A browser-based web tracking detection platform.
  5. Executive Order 12333 United States Intelligence Activities; 1981.
  6. NSA ‘planned to discredit radicals over web-porn use; In BBC News; 2013-11.
  7. Tor Stinks; a presentation; promoted at The Guardian; 2013-10-04.
  8. G. Acar, C. Eubank, S. Englehardt, M. Juarez, A. Narayanan, C. Diaz; The web never forgets: Persistent tracking mechanisms in the wild; In Proceedings of the 21st ACM Conference on Computer and Communications Security (CCS); 2014; previously noted.
  9. G. Acar, M. Juarez, N. Nikiforakis, C. Diaz, S. Gürses, F. Piessens, B. Preneel. FPDetective: dusting the web for fingerprinters; In Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security (CCS); ACM; 2013; pages 1129–1140; previously noted.
  10. A. Arnbak, S. Goldberg; Loopholes for circumventing the constitution: Warrantless bulk surveillance on americans by collecting network traffic abroad; 2014; SSRN.
  11. M. Ayenson, D. J. Wambach, A. Soltani, N. Good, C. J. Hoofnagle; Flashcookies and privacy II: Now with HTML5 and ETag respawning; In Proceedings of World Wide Web Internet And Web Information Systems; 2011; SSRN.
  12. M. Balakrishnan, I. Mohomed, V. Ramasubramanian; Where’s that phone?: Geolocating IP addresses on 3G networks. In Proceedings of the 9th ACM SIGCOMM conference on Internet Measurement Conference (IMC); ACM; 2009; pages 294–300; slideshare, promotion,
  13. R. Balebako, P. Leon, R. Shay, B. Ur, Y. Wang, L. Cranor; Measuring the effectiveness of privacy tools for limiting behavioral advertising; In Proceedings of Web 2.0 Security and Privacy Workshop (W2SP), 2012.
  14. [The] NSA stores metadata of millions of web users for up to a year, secret files show; J. Ball; In The Guardian; 2013.
  15. P. E. Black; Ratcliff/Obershelp pattern recognition; In Some Venue at the National Institute for Standards & Technology; 2004-12.
  16. E. Bursztein; Tracking users that block cookies with a HTTP redirect; In His Blog; 2011.
  17. S. Chen, R. Wang, X. Wang, K. Zhang; Side-channel leaks in web applications: A reality today, a challenge tomorrow. In Proceedings of the 2010 IEEE Symposium on Security and Privacy (SP); IEEE; 2010; pages 191–206.
  18. A. Clement; IXmaps – Tracking your personal data through the NSA’s warrantless wiretapping sites; In Proceedings of the 2013 IEEE International Symposium on Technology and Society (ISTAS); IEEE; 2013-06-27; pages 216-223; paywall.
  19. HTTPS-Everywhere; Electronic Frontier Foundation (EFF).
  20. The surveillance market and its victim; B. Elgin, V. Silver; In Bloomberg News, 2011.
  21. S. Englehardt, C. Eubank, P. Zimmerman, D. Reisman, A. Narayanan; Web privacy measurement: Scientific principles, engineering platform, new results. (unpublished) manuscript, 2014.
  22. Are we private yet?; Ghostery (a promotional site)
  23. New details show broader NSA surveillance reach; S. Gorman, J. Valentino-Devries; In The Wall Street Journal (WSJ); 2013.
  24. How the NSA is still harvesting your online data; G. Greenwald, S. Ackerman; In The Guardian; 2013.
  25. M. Hastak, M. J. Culnan; Persistent and unblockable cookies using HTTP headers; In Some Blog; 2011.
  26. D. Herrmann, R. Wendolsky, H. Federrath. Website fingerprinting: Attacking popular privacy enhancing technologies with the multinomial naïve-bayes classifier. In Proceedings of the 2009 ACM Workshop on Cloud Computing Security (CCSW); ACM; 2009; pages 31–42.
  27. A. Hintz; Fingerprinting websites using traffic analysis. In Privacy Enhancing Technologies (PETS); Springer; 2003; pages 171–178.
  28. B. Krishnamurthy, K. Naryshkin, C. Wills; Privacy leakage vs. protection measures: the growing disconnect; In Proceedings of the Web 2.0 Security and Privacy Workshop (W2SP); Volume 2; 2011; pages 1–10.
  29. B. Krishnamurthy, C. Wills; Privacy diffusion on the web: a longitudinal perspective; In Proceedings of the 18th International Conference on World Wide Web (WWW); ACM; 2009; pages 541–550.
  30. B. Krishnamurthy, C. E. Wills; On the leakage of personally identifiable information via online social networks; In Proceedings of the 2nd ACM Workshop on Online Social Networks; ACM; 2009; pages 7–12;
  31. B. Krishnamurthy, C. E. Wills. Privacy leakage in mobile online social networks; In Proceedings of the 3rd Conference on Online Social Networks; USENIX; 2010.
  32. B. Liu, A. Sheth, U. Weinsberg, J. Chandrashekar, and R. Govindan; AdReveal: improving transparency into online targeted advertising; In Proceedings of the Twelfth ACM Workshop on Hot Topics in Networks; ACM; 2013; page 12; notes & Q+A.
  33. D. Madory, C. Cook, K. Miao; Who are the anycasters? In Proceedings of NANOG59, Volume 10; 2013.
  34. J. Mayer (Stanford); Tracking the trackers: Self-help tools; In Their Blog; 2011-09.
  35. J. R. Mayer, J. C. Mitchell; Third-party web tracking: Policy and technology; In Proceedings of the 2012 IEEE Symposium on Security and Privacy (SP); IEEE; 2012; pages 413–427.
  36. A. M. McDonald, L. F. Cranor; Survey of the use of Adobe Flash local shared objects to respawn HTTP cookies. ISJLP, 7:639, 2011; technical report CMU-CyLab-11-01; 2011-01-31; landing.
  37. S. J. Murdoch, G. Danezis; Low-cost traffic analysis of Tor; In Proceedings of the IEEE Symposium on Security and Privacy (SP); IEEE; 2005; pages 183–195.
  38. S. J. Murdoch, P. Zieliński; Sampled traffic analysis by internet-exchange-level adversaries. In Proceedings of Privacy Enhancing Technologies (PETS); Springer; 2007; pages 167–183.
  39. N. Nikiforakis, A. Kapravelos, W. Joosen, C. Kruegel, F. Piessens, G. Vigna; Cookieless monster: Exploring the ecosystem of web-based device fingerprinting. In Proceedings of the 2013 IEEE Symposium on Security and Privacy (SP); IEEE; 2013; pages 541–555.
  40. L. Olejnik, Minh-Dung Tran, C. Castelluccia; Selling off privacy at auction. In Proceedings of the Network and Distributed Systems Symposium (NDSS); 2014-02-23; landing, slides; previously filled.
  41. A. Panchenko, L. Niessen, A. Zinnen, T. Engel; Website fingerprinting in onion routing based anonymization networks; In Proceedings of the 10th annual ACM workshop on Privacy in the Electronic Society; ACM; 2011; pages 103–114.
  42. M. Perry, E. Clark, S. Murdoch; The design and implementation of the Tor browser, draft; 2013-03.
  43. F. Roesner, T. Kohno, D. Wetherall; Detecting and defending against third-party tracking on the web; In Proceedings of the 9th USENIX Symposium on Networked Systems Design and Implementation; 2012.
  44. A. Soltani, S. Canty, Q. Mayo, L. Thomas, C. J. Hoofnagle; Flash cookies and privacy; In Proceedings of the AAAI Spring Symposium: Intelligent Information Privacy Management; 2010.
  45. NSA uses Google cookies to pinpoint targets for hacking; A. Soltani, A. Peterson, B. Gellman; In The Washington Post; 2013-12-10.
  46. D. X. Song, D. Wagner, X. Tian; Timing analysis of keystrokes and timing attacks on ssh; In Proceedings of the 10th USENIX Security Symposium; 2001.
  47. A. M. White, A. R. Matthews, K. Z. Snow, F. Monrose; Phonotactic reconstruction of encrypted voip conversations: Hookt on fon-iks; In Proceedings of the 2011 IEEE Symposium on Security and Privacy (SP); 2011; pages 3–18.
  48. T.-F. Yen, Y. Xie, F. Yu, R. P. Yu, M. Abadi; Host fingerprinting and tracking on the web: Privacy and security implications; In Proceedings of the 19th Annual Network and Distributed System Security Symposium (NDSS); 2012.
  49. M. Zalewski; Rapid history extraction through non-destructive cache timing (v8); In His Blog; undated?

ServiceWorker of HTML5

Mentioned

Concepts

  • Push Notifications
  • Offline First
  • Background Sync

Overview

  • ServiceWorker is like SharedWorker
    • Own thread.
    • No DOM, no page access, no need for a page.
    • Has an upgrade model.
    • HTTPS only.
  • Cross Origin Resource Sharing (CORS)
    • by default,
    • but no-cors is possible
  • ECMAScript
    • ECMAScript 5 (ES5)
    • ECMAScript 6 (ES6)
    • ECMAScript 7 (ES7)
      • async functions
      • await

Referenced

Browsers

Firefox

  • about:config
    • dom.serviceWorker.enabled
    • dom.serviceWorkers.testing.enabled

Chrome

Promotions

Related

Client-Hints

User Agent Detection

Actualities

Fedora 21

It’s Here! Announcing Fedora 21!; ; In Fedora Magazine; 2014-12-09.

Mentions

Fedora.next

Fedora.next – Fedora Present and Future: a Fedora.next 2014 Update

Base

Cloud

Server

Workstation

  • yes

Via backfill

Icons

atomicGNOMEcockpitdevassistantfreeIPAwayland
cloud-sidebarserver-sidebarworkstation-sidebar
cloud
server
workstation

accessories.dell.com | This Connection is Untrusted

Nothing says “The Web is Misconfigured” quite like a low-level security protocol failure notice: Dell 28 Ultra HD Monitor – P2815Q

Firefox blocks Flash v11.202.424 and prior because CVE-2014-9163 (APSB14-27)


Get Flash Player; Adobe

Details

broken Linux 11.2.202.424 and earlier APSB14-27
fixed flash-plugin-11.2.202.425-release.x86_64.rpm Download

Adobe

  • APSB14-27 Security updates available for Adobe Flash Player

Mozilla

  • 1109795Blocklist Flash versions vulnerable to CVE-2014-9163 (15.0.0.242 and below, 11.2.202.424 on linux)

Mitre

  • CVE-2014-9163 Stack-based buffer overflow in Adobe Flash Player
    before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in 2014-12.

Adobe

Background

General

Firefox
Chrome
Flashblock FlashControl
NoScript ScriptBlock, ScriptSafe NotScripts

$ sudo yum update -y flash-plugin
Loaded plugins: auto-update-debuginfo, langpacks, refresh-packagekit
Resolving Dependencies
--> Running transaction check
---> Package flash-plugin.x86_64 0:11.2.202.359-release will be updated
---> Package flash-plugin.x86_64 0:11.2.202.425-release will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package         Arch      Version                  Repository             Size
================================================================================
Updating:
flash-plugin    x86_64    11.2.202.425-release     adobe-linux-x86_64    6.9 M

Transaction Summary
================================================================================
Upgrade  1 Package

Total download size: 6.9 M
Downloading packages:
No Presto metadata available for adobe-linux-x86_64
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Updating   : flash-plugin-11.2.202.425-release.x86_64                     1/2
Cleanup    : flash-plugin-11.2.202.359-release.x86_64                     2/2
Verifying  : flash-plugin-11.2.202.425-release.x86_64                     1/2
Verifying  : flash-plugin-11.2.202.359-release.x86_64                     2/2

Updated:
flash-plugin.x86_64 0:11.2.202.425-release

Complete!

Caltrain Peninsula Corridor Electrification Program (PCEP), Caltrain Modernization Program, 2014-12

Caltrain Peninsula Corridor Electrification Program (PCEP), Caltrain Modernization Program, 2014-2019 (2020-2021 by some statements). <- www.caltrain.com/electrification

Via: backfill

Mentions

  • The project has commenced.
  • It is not fully funded
    <quote ref=”FAQ“>Approximately 75 percent of service between San Jose and San Francisco will use EMUs. The remainder will use diesel locomotives. Full conversion to EMUs for the San Jose to San Francisco service will occur at a future time when funding is secured and the remaining diesel trains reach the end of their service life.</quote>
  • All trees will be removed that 10 feet or closer to the overhead power grid.

Argot

  • California High Speed Rail Authority (CHSRA)
  • Caltrain Modernization (CalMod) Program
  • California Environmental Quality Act (CEQA)
  • Communication-Based Overlay Signal System Positive Train Control (CBOSS PTC)
  • Diesel Multiple Units (DMU)
  • Dual-Mode Multiple Units (DMMU)
  • Electric Multiple Units (EMU)
  • Electromagnetic Fields (EMF)
  • Electromagnetic Interference (EMI)
  • Environmental Impact Report (EIR)
    • DEIR (Draft EIR?)
    • FEIR (Final EIR?)
  • Federal Transit Authority (FTA)
  • High-Speed Rail (HSR)
  • Overhead Contact System (OCS)
  • Right-of-Way (ROW), Caltrain ROW
  • Tier 4 Diesel Locomotive
  • Traction Power Facilities (TPF)
  • JPB (probably Joint Powers Board)
  • Samtrans
  • Vehicle Miles Traveled (VMT)

Actualities

 

LibreOffice printing Does.Not.Work. Not with GNOME, not with manual config, not at all. And maybe never has.

Seems that …

  • LibreOffice printing is broken; more specifically, the print selection dialog.
  • Maybe it always has been broken, but who prints nowadays?

But

  • This seems like one of those classic cases in open source where Group A with Application A thinks their Widget is better than Group B which writes all the other applications and defines the whole culture in which both live and whose Widget works, just works, and is in use by everyone.
  • So Group A continues to refuse to integrate their application.  Their pride is enbiggened.  Users don’t get any Widget services from Application A.

Workaround

  • Export as PDF
  • Print the PDF
    • lpr from the command line
    • evince for the cli-challenged

Environment

  • Fedora 19-21
  • GNOME
  • CUPS printing functions
    • announced network-wide
    • via ipp on IPv4 and IPv6
  • Works everywhere but LibreOffice.
    • in all GNOME applications
    • in Firefox 29

Folklore

  • Something about how spadmin should be used to configure the LibreOffice printers
    • /usr/lib64/libreoffice/program/spadmin
    • Response:
      • Doesn’t do anything
      • The Use System Print Dialog setting
        • charitably, doesn’t work at all
        • it seems to truncate printing functionality, it flashes a dialog that never draws … but nothing prints.
  • Printing problems with libreoffice and (remote) cups server; In SuperUser; 2014-01
    • Diagnosis: Only the Generic Printer shows up, not the network-wide CUPS printers
    • Remediation
      • Tools->Settings->General
      • Uncheck: Use LibreOffice Dialogs
      • Check: Use Experimental Features
    • Response: The dialogs indicated don’t match what’s in the product (any longer).
  • CUPS printing problem with LibreOffice; In Arch Linux Forums; 2013-11-26.
    • Claim: used to work until cups-1.7.0
    • Response: resolution unclear, the thread trails off…
  • Alan Bell; UDS Desktop Improve Print Dialogs; some random notes; circa 2012-12-01?
    • Hints about gtk2 and gtk3 print dialogs
    • Reminder that LibreOffice does their own thing, their print dialog won’t work.
    • Printing, Wireframes; GNOME
  • CUPS printers not available from KDE or LibreOffice; In Ask Fedora; 2012-08-27
    • 853929 Cups printers not available from kde or libreoffice
    • Claim: upgrade to cups 1.4.2 fixes the problem
    • Response: must have been a different problem; Fedora 19 uses CUPS 1.9.x
  • GNOME Print Dialog; In Ask LibreOffice; 2012-05-16.
    • Remediation Recipe
      • Tools->Settings->General
      • Uncheck: Use LibreOffice Dialogs
      • Check: Use Experimental Features
    • Response: the v4.1 product no longer works like this.

Files

$ find /usr/lib64/libreoffice .config/libreoffice -name 'ps*conf'
  • /usr/lib64/libreoffice/share/psprint/psprint.conf
  • ~/.config/libreoffice/4/user/psprint/psprint.conf
[__Global_Printer_Defaults__]
DisableCUPS=false

The LibreOffice 4 spadmin Interface


The LibreOffice 4 Print Dialog


The GNOME Print Dialog

Follows CUPS broadcasts … there are your printers … right there!