Increasing the economic cost of WordPress logins to bad client browsers

With the recent attack on Workpress sites it struck me that if all logons were more expensive in CPU to the clients and if this CPU burden was used to generate crypto currency then whilst normal logon demands would not impact any one legitimate user, a distributed brute force attack would be slowed and at the same time financially aid the attacked web sites. This would thus offset the economic cost to sites that are brute force attacked.

This is a very different strategy from plugins which mine visitors. A logon is a client solicited  request whereas a mining plugin that mines visitors is unsolicited use of the client CPU.

Most human users of WordPress sites stay logged on through  cookies so a one-off load (which could be dynamically adjusted to only kick in inversely proportional to the attack rates) would not be noticed. An attacking client though would suddenly find that WordPress logons become ever increasingly more expensive in client side CPU. The greater the attack rate then the more crypto currency mined for the benefit of the attacked web site.

This would not create a new opportunity for attackers as any attacker that has control of client machines would just mine crypto currency locally on the machine without all the hassle of attacking other machines.

yarn install fails as it is using cmdtest package and not yarn

yarn was previously provided by cmttest and these are very different programs to yarn the package manager.  If you are using software sources (e.g.  that are managed through yarn (you will find a yarn.lock file with the software source) but when you try and run yarn install and then you get e.g.

yarn install
ERROR: [Errno 2] No such file or directory: 'install'

then firstly check to make sure that cmdtest is not installed.

sudo apt remove cmdtest

You would install yarn with

sudo apt-get install yarn

See the yarn packager web site for more details on installation.

United Kingdom must remain in the European Union

The United Kingdom must stay in the European Union.

A minority of nationalists have told a large number of lies to skew a gerrymandered advisory poll that has been used by a belligerent government to ignore the future of over half of the electorate to protect its parliamentary seats from the minority of nationalists.

The current Prime Minister May does not represent us.

The United Kingdom has done well in the EU and will do well in the EU in the future. It will not do well outside of the EU free trade area. The Government is trying to take away our citizenship of the world’s richest region. It is absurd and will be undone or it will be the undoing of the United Kingdom.

Gmail always marks emails as SPAM due to invalid SPF.

Two parts to this but essentially Gmail will put incoming emails into the Gmail SPAM folder if you have not configured SPF correctly on your sending domain DNS. It will only say,

"Why is this message in Spam? It's similar to messages that were detected by our spam filters. "

Rather than explaining this exactly, and assuming your test email is not written like a ‘409 letter, then your problem is always related to SPF records.

To make sure gmail will deliver emails from your private servers i.e. on your own domain and not a well known public email domain, you MUST have defined the SPF records correctly for your domain.

Here is a list of what can have gone wrong:

Your server uses IPv6. Gmail will default to IPv6 connections if your SMTP handling server has both IPv4 and IPv6. So you MUST add the IPv6 IP address to the SPF record.

You have incorrectly formatted the SPF record e.g. you have accidentally added double quotes around the record when using a web-style DNS record editor on your DNS/registrar.

To see what SPF records gmail found then select the Spam folder in Gmail and click your spammed email and then pick “More” (which is to the right of the display in the Gmail next to the reply button, and then pick “Show Original”.

You need to find the section for SPF and you now need to look for two things,

       spf=neutral ( 2b01:499:56:1000:54a9:28c6:0:1 is neither permitted nor denied by best guess record for domain of

A GOOD result is,

Received-SPF: pass ( domain of designates 2b01:499:56:1000:54a9:28c6:0:1 as permitted sender) client-ip=2b01:499:56:1000:54a9:28c6:0:1; Authentication-Results:; spf=pass ( domain of designates 2b01:499:56:1000:54a9:28c6:0:1 as permitted sender)


Joomla 1.5 quirk in [20151206] – Core – Session Hardening patch

The Joomla 1.5 (EOL) patch to the session.php file has a quirk in it that raises a warning notice. The advisory is

[20151206] – Core – Session Hardening

but if you blindly copy that file to your system then you will end up with a web site that raises many error messages,

Notice: Only variable references should be returned by reference in /libraries/joomla/session/session.php on line 343

I thought there would be a fix for this but when I googled for that message I found thousands of hits to broken Joomla web sites. Yes, hundreds of web sites are busted in that they have lots of error messages ! The fix I have done is easy, edit the NEW session.php file you have downloaded and edit this as follows to pass a variable back,

 @@ -339,8 +339,13 @@
 $error = null;
 return $error;
 - return $this->data->getValue($namespace . '.' . $name, $default);
 +// removed this next line as it generates a Notice: Only variable references should be returned by reference error
 +// return $this->data->getValue($namespace . '.' . $name, $default);
 +// and define a variable with the data to be returned....
 + $getnamespacenamedata = $this->data->getValue($namespace . '.' . $name, $default);
 + return $getnamespacenamedata;


If you don’t know what to do with this change to get rid of that error message then you are going to have to find someone who has some PHP/Joomla experience to edit the files for you.

No posts in WordPress after server/php migration due to obsolete/broken plugin

The scenario is that you restore you files and database to a new host and then when you access the dashboard (as well as the front end) you see no posts. They are listed i.e. All (nnn) Published (x) Draft (y), but there are none displayed.

Equally, you upgraded the current server to a new version and this upgrades the php version.The site may work (with blank list of posts) or the site may break and the frontend or administration cannot be accessed.

We had this and for us it was a very stale plugin that should have deleted years ago (Psychic Search) !.

If this happens to you and you have back-end access to the administration interface then deactivate all plugins that are old until the site comes back correctly.

If the site is so broken that you do not have access to the administration interface then you can use FTP to go to wp-content/plugins and then go through the change date and from the oldest dated plugin, download it (to take a backup) and then delete the plugin. When WordPress tries to load the now-deleted plugin then it can’t and the plugin becomes deactivated. This should get you back into the site and you can then use the administration interface to either install a updated version of the broken/obsolete plugin or an equivalent that does have support for your host/php version.

Acer Aspire ONE no WIFI in Ubuntu due to hardware switch state

Intermittently when an Acer Aspire ONE suspends in Ubuntu 14.10 then the WIFI does not come back. The hardware switch (a non-latching slider switch on the front right hand side of the laptop) has no effect. Rebooting and disabling/enabling Networking has no effect.

The rfkill list command will show,
0: phy0: Wireless LAN
Soft blocked: no
Hard blocked: yes

One way I found to clear this is to power down the laptop and then hold the WIFI switch to the right i.e. in the on position and then use the power switch to turn on the laptop as normal but keep the WIFI switch held on. You should see the little orange WIFI  LED blink once and once the laptop is starting to boot up after the BIOS display then release the WIFI switch so it flips back to the left/off position.

The WIFI should be back to normal now and the rfkill list will show Hard blocked: no.

Older Transmission-gtk stops working after Ubuntu 15.04 upgrade

Upgraded my development machine from Ubuntu 14.10 to 15.04 and found an odd quirk with Transmission-gtk. The symptom was that Magnet links would not load from Firefox even though magnet is associated with transmission-gtk (to see this go to about:preferences#applications in Firefox and search for magnet)

I ran the transmission-gtk from a terminal and got,

transmission-gtk: error while loading shared libraries: cannot open shared object file: No such file or directory

This was strange as the packages depended upon so I then did a which transmission-gtk and it was /usr/local/bin/transmission-gtk and not the expected /usr/bin/transmission-gtk and I then remembered that I had manually installed Transmission version 2.83 on top of the older package manager version because the older package manager version of Transmission-gtk  in Ubuntu 14.10 would intermittently crash. As an aside if you really want the manually installed 2.83 version to run in Ubuntu 15.04 then you can symbolic link the relevant library with this,

cd /usr/lib/x86_64-linux-gnu
sudo ln -s
sudo ldconfig -v

I eventually decided to uninstall the manually entered version by going to my source built directory and doing a sudo make uninstall

After you have uninstalled the manually entered version then a which transmission-gtk should return /usr/bin/transmission-gtk

The Transmission version with Ubuntu 15.04 is now 2.84 (onwards).

Once you have fixed it that the transmission-gtk can launch then clicking magnet links in Firefox now works.

FreeSWITCH bootstrap libtool not found – missing libtool-bin

Was rebuilding FreeSWITCH source and had upgraded my test machine Ubuntu from 14.10 to version 15.04 so I did a make uninstall on FreeSWITCH and reran the but it came up with the error of libtool not found.

Libtool (2.4.2) was installed but what I found is that I had to add libtool-bin with,

sudo apt-get install libtool-bin

Then worked fine.

Windows XP stalls when opening DOCX.

A client has a Windows XP machine (due to be migrated) and it was very slow to open DOCX documents. This stalled Outlook when Outlook launched DOCX attachments and it stalled explorer from the File Manager too. The fix was simple – right mouse the document properties and reset the “Open with…” to the same Office program and the problem goes away.

ASUS X51R laptop CMOS battery bad causes blank screen no boot

The ASUS X51R laptop exhibits a strange failure when its built-in CMOS battery is dead or low. Rather than having some kind of fall-back it basically ceases to operate from power-on. In some cases it will post a message about CMOS battery low but when you continue then it stays on a blank screen and doesn’t boot. Most of the time it will just power to a blank screen i.e. the laptop seems to startup and have fans and disk startup but no further POST or booting into the operating system. The “Zz” light may be on all the time but that is not relevant.

A client got this problem – one day it was booting fine and the next it was a blank screen so there is no early warning of impending failure.

The CMOS battery is a 3 Volt CR2032 style battery. These last for around 7 years so always keep them in their packaging so you can see the expiration date. Ideally use a new battery from a trustworthy supplier for a client laptop as it takes a long time to replace.

To change the CMOS battery you need to do a complete tear down of the laptop to the motherboard. There is nothing unusual with this teardown – if you have never stripped a laptop then this is not a job for you. I have done a lot so this was pretty trivial tear down,

– remove main battery, memory, hard disk, and WIFI
– remove all visible screws on bottom and back (they are all different sizes so draw a picture and keep them in separate piles),
– push in the 3-tabs at top edge of keyboard and lever out keyboard (unclip ribbon cable),
– lay screen fully back and lever up plastic covers on screen hinges and the curved plastic cover that is in the middle that is over the screen cables to motherboard plugs
– unclip the screen cables from the motherboard and flip over and unclip the WIFI cables and poke the wires out as you remove the screen (the screen itself just stays assembled to its hinges with 2x WIFI cables and 2x multi-way screen cables attached)
– unscrew the screws that you can see that were being hid by the keyboard and that were hidden by the screen that hold the top cover down
– unclip the narrow touchpad ribbon cable and pop up the top cover,
– unscrew the screws on the motherboard – there is a arrow-head symbol near each hole that marks which holes are used but ideally draw a picture and keep the screws seperate,
– unclip the fan assembly and cable, the speaker cable (towards middle front of motherboard) and battery feed ribbon cable and remove the DVD/CD drive if it’s not yet removed (it should slide out as its retaining screw is removed),
– carefully lift out the motherboard,
– you will see the battery on the bottom – it is a standard fitting – use a screwdriver to pop in the retaining tab and then remove and dispose – remember which way it was oriented but the +ve case side should be up (-ve small disk side down),
– do not use your fingers to touch your new battery but remove it from its packaging and clean your new battery with a clean dry cloth and then insert into the socket without touching it with bare hands. The reason to not touch it is that your hands have oil on them and over many years this can corrode.
– Re-assemble in reverse order.

Before re-assembling fan then please clean out the dust. There is nothing special to remember on re-assembly.

When assembled then it will boot instantly without any problems. The date and time will be wrong (reset to 2007 or similar) but you can easily reset this. With a new CMOS battery the laptop should last for another 5-7 years. The whole job takes about 1.5 hours.

Opera slow Flash due to multiple plugin locations enabled

I use Opera as one of a number of browsers for testing purposes. Noticed that Flash was jumpy (Opera 12.16 with flash 11.2 r202 on Ubuntu 14.04 64 bit). It took a while to find the problem but I believe that it was due to multiple flash plugins enabled. To see what plugins are enabled go to,

Opera -> Page -> Developer Tools -> Plug-ins

(or the shortcut URL of opera:plugins )

If you see multiple locations of the Shockwave flash enabled then disable all except one e.g. leave the one located at,  /usr/lib/mozilla/plugins/ enabled.

Restart Opera and hopefully this may clear your problem.

List of emails not being displayed in top folder in Thunderbird after upgrade

After upgrading from a prior version 6 of Thunderbird to version 31 the top level folder for one account did not show a list of emails. The emails were there and when you clicked on the display it displayed the full email but the space in the list was all blank rows and there was no column headings of subject, dates or recipients as you would expect.

The fix is trivially simple – click the folder display options and reset to the default. You can now fine-tune what you want displayed.




memtest86+ cannot load a ramdisk with an old kernel image

This error happens when you use UNetbootin to create an Ubuntu disk and it incorrectly adds a ramdisk to the memtest86+ boot option.

Until UNetbootin fix their code then cursor down to the “Test memory” option and hit tab and then at the boot options remove the “initrd=/ubninit” so that the command line is now just…


and then hit enter and Memtest86+ will now run as expected.

My Ubuntu 14.04 currently has UNetbootin 585-2ubuntu1 and this quirk will possibly be fixed in newer releases but sometimes all you have lying around is an emergency install USB/disk so always good to know how to get around  a problem rather than downloading new code.

tentacle server not logging agent data after Pandora FMS upgrade

If you are using the password option for the tentacle protocol then you must also add the password to the TENTACLE_EXT_OPTS in the /etc/init.d/tentacle_serverd  file e.g.


If you do not do this then if you are using the agent password option then no agent data will be logged.

This is not a very secure way of data logging.