Enabling WordPress comments

I just enabled WordPress comments on my own personal pages. For the moment I’ve enabled the SI Captcha plugin and to remove the default website link in the comment form I added the urlfilter.php file trick that I found here.

You do not need to be registered to logon but you need a name and email but all comments are moderated.

To retrofit enabling comments to older posts then you go into the All Posts dashboard option, check the box next to the title to select all the posts and then in the Bulk Actions you select Edit and then Apply. This will open a lot of selection and options. Pick the Comments option of Allow and then do Update.

Resetting Plesk subscription Renewal date to never suspend

If you have a virtual host with Plesk Parallels for your own use then you might accidental setup your subscriptions to expire which is a bit annoying for internal users that have no need for billing related expirations. Though you may change the Service Plan to never expire this does not update existing subscriptions and they will remain with an expiry date.

To remove this expiry date you must first set the service plan to have an unlimited Validity period (see bottom of the setting page for the service plan) and then go into each subscription that has a renewal date i.e. it is not “—” and customise the Expiration date to be unlimited.

This will now lock that subscription but it will have no Renewal date. Now you click the Unlock and Sync and this subscription is now back in sync with the service plan with no renewal/expiration date.

Do this for each subscription that you do not bill clients for.

Needed to add SMTP support with WordPress 3.4

Using Contact form 7 Version 3.2 fine on my personal blog web site and then upgraded to WordPress 3.4. The contact form stopped working with the usual red administration error message.

I found that I had to add WP-Mail-SMTP (latest version Version 0.9.1 ) plugin and set SMTP to defaults of localhost and then it worked again.

Rather odd. Take care if you are upgrading to WP 3.4 to check your contact forms still work.

Using multiple avatars and your right to privacy

Over the years we have taught many people to use the Internet and they have gone from nothing to active users. We mainly focus on the older person and they have some very specific usability issues and use cases such as planning and booking flights, booking tickets, booking hotels, buying books/eBooks, movies or music and using VOIP-like systems as well as traditional email.

We’re very proud of getting some people who have never had an email address and who relied on a lot of walking or phoning about to have them being able to plan, book and pay for trips to see their friends; all online from their home. It’s a really nice feeling to get things like videochat going so they can talk and see their grandchildren on the other side of the world or to take and upload photos rather than developing and posting hard copy prints.

Naturally they are fearful of phishing and identify theft and they have a reason to be as they actually have money that could be stolen.

Children have different concerns: Now we don’t have much demand to teach children as that is the other way around – they are taught at school and have no problems with being online, they don’t have much money or credit cards but do have a risk of identity discovery and potential abuse that could follow from that with cyberbullying or people socially engineering them to revealing parent’s details (like parent credit card details).

Our approach is to teach people, old and young, to maintain multiple online identities. We say that they are in control here of their data and not the other system. Make it like a game so the created names are something like an amalgam of characters they like. They also have their real identity that parts are only known to friends they meet in real life and obviously real data needs to be given to companies for credit card purchases or plane tickets but for every other system then use one or more avatars: the decent of a human to the Internet.

This works well with children as they love character acting and especially as every modern electronic gadget wants Internet access. Our own children’s Playstation3 for instance has nothing on it that could ever be of any use to someone socially engineering our children online. Everything from names, dates of birth, address or ZIP/Postcodes, email addresses can and is made up. So who cares ?

Well the government and the online companies seem to care. Their approach is that children need parents permission and they imply that the private data that the person should provide is accurate and that they will keep it safe. Companies want data they can sell that points back to real people and the Government just wants to do whatever governments want to do.

No, sorry, a better approach is for the person, the parent and the child to collude and give out nonsense data that allows them to use a service but the data is of little relevance as data outside of that service. The loss of data by the company becomes irrelevant as the theft has no relationship to the person’s actual physical identity or real person. By getting into a mindset that nothing online is what it seems then you instil the idea of do not trust anything unless you can verify your trust.

 

Broken pip – not actually installed

Was trying to install unidecode using pip (python installer) on a development system to test out a django based application and got an error,

$ sudo pip install unidecode
Traceback (most recent call last):
  File "/usr/local/bin/pip", line 5, in <module>
    from pkg_resources import load_entry_point
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 2675, in <module>
    parse_requirements(__requires__), Environment()
  File "/usr/lib/python2.7/dist-packages/pkg_resources.py", line 552, in resolve
    raise DistributionNotFound(req)
pkg_resources.DistributionNotFound: pip==1.0.2

I don’t think the actual values of what I was installing nor the pip=x.y.z actually matter as I have seen others with this message when I did a google search but my problem eventually was that I had the pip bash shell installed at two locations but did not actually have the pip Python package installed at all.

I had a “pip” command script that comes with the python-pip package at /usr/local/bin and at /usr/bin and both were different versions. The one at /usr/local/bin was python-pip from easy_install and the other at /usr/bin was from the Ubuntu distribution package manager. Now pip is a Python package manager, and easy_install is  a Python package manager and obviously the Ubuntu itself has a package manager. Yes all of this is just asking for trouble but right now just wanted to move on and get my django server application running.

To fix I removed the Ubuntu package python-pip from within Ubuntu package manager and then ran,

sudo easy_install pip

…to actually get pip installed. Now the pip script at /usr/local/bin was wanting the latest version of pip (1.1 actually) and I had the latest version of pip package actually installed and I could now install the unidecode python package. I am now happy.

I don’t know when this mess happened but I’m not the first to get into such an odd state on a development system. I think the Ubuntu python-pip package is my culprit. Hopefully this post can help you too.

Using DNS TXT records to effect EU/UK cookie law

It struck me that the most logical way of expressing what policy you have for a web site for the use of cookies or personal data is to detail this policy within the DNS records that a person (or their device) must look up BEFORE they hit your site. A bit like how SPF records detail email delivery policy for your systems and recipients can use this (or ignore it) when they look at emails that are claimed to be from your domains.

The suggestions of using web page forms or pinch pages or similar requires both the site operator and the site user to do things for no logical and practical gain to either party.

So how would this work ? Well you would add a TXT record that has an expiry and for each CNAME or A record or a default, it would list either a URI to a privacy policy which would include details on cookie use and/or a set of flags on cookie use the URL of the policy is a bit like the CRL within SSL)..

The user, before they visit the web site thus has the opportunity to examine the privacy and cookie use policy without actually visiting the web site.

Actually we know anonymous web site users won’t give two flying ducks about what cookies our web sites use given they probably already use anything from ad blocking software to browsers within virtual machines, but for some bizarre reason the UK Information Commissioner’s Office (ICO) has managed to gold-plate an equally bizarre EU cookie directive.  Yes the ICO is the same group that gets everyone who handles personal data from babysitters through to government departments to pay either Tier 1 of  £35 or Tier 2 of £500 (if you have 250 or more employees and £25.9 million revenues – yes logic isn’t their strong point) but the ICO doesn’t have an online payments system nor can it take credit/debit cards so you end up having to print out the forms you just filled in online and send those with your cheque or you can use a direct debit from your bank account only they can’t actually do direct debits if you had to pay a Tier 2 £500 fee. In sharp contrast the Companies House that is the regulator and registrar for companies does everything online and you can renew your annual company registration for the grand sum of £14 online as well.

Removing dust from CPU coolers works

I’ve always been loathe to clean the insides of computers but then I have spent most of my life with systems in machine rooms with filtered air. Taking machines down to remove dust bunnies makes no sense in a carrier-grade environment where you prevent dust in the first place and you do anything to protect uptime. The retail-domestic environment is rather different. You can’t filter dust unless you exclude humans and pets as dust is for the most part bits of human i.e. skin that we slough off, as well as dirt, hair and pet fur. Yes, dust is PEOPLE !

So what evidence do I have that it can make a difference ? I now try and log CPU and hard disk temperatures for any machine I manage to my central Pandora FMS system. Microsoft Windows is very poor in exposing the CPU temperature sensors with no proper support at all via WMI so you must rely on 3rd party programs of which few have a command line interface to allow cron-like collection and central logging. GNU/Linux machines on the other hand have the lm-sensors package and that generally works for all modern machines and gives a command-line access to the CPU temperatures (use the hddtemp package for hard disks). Here is a graph of a Ubuntu 11.04 based server we have in a kitchen environment,

About 3 months ago the average CPU temperature was about 30 degrees C (86 F) but this has trended up and was now about 44 degrees C (111 F) when idle. So for a spring-clean I decided to open the case and clean it out. There wasn’t a massive amount of dust but the AMD stock cooler vanes were clogged. Just used a vacuum cleaner to suck up the dust. Hold the CPU cooler fan to stop it from manically spinning around and just put the vacuum cleaner on maximum and pass over the cooler fan. The dust should slowly suck out.

As you can see it made a dramatic change to the CPU temp with a 14 degree C drop  (about 25 F drop). This is now the 3rd retail-domestic machine that I have cleaned and observed the side-effects and it is certainly worthwhile as long as you have recorded the CPU temperature over time to give yourself (and the client) the objective evidence that this is a necessary job.

Print it : Read it : Use it : Flush it.

I saw that someone had created an old style ticker-tape printer for Twitter feeds. I remember the days of 50 baud TELEX systems so there is a nostalgia here but I also remember being electrocuted on frames a few too many times with the +/- 80 VDC signalling that TELEX used from the exchange. That hurt.

A long while ago I thought of printing Wikipedia onto Toilet paper. The ever-changing, ever-growing nature of Wikipedia meant that you would never run out of material. Copyright was simple. Content filtering would be a lot harder. Then I imagined what would happen if someone found their favourite leader, person or icon was pre-printed onto toilet paper and back-burnered this idea.

Perhaps if there was a printer that was made that you could print your own toilet paper at home with your own Wikipedia data, Twitter feeds or even RSS feed. No need to censor as it is your home and it obviously needs no ideas from me for you to think what to print if you’ve spent even a few minutes in the more radical political arenas of the Internet. The more inappropriate and bizarre the political sentiment the more deserving to be printed onto this paper.

Maybe done centrally and you order say a dozen rolls of Political quotes from 1992-2012. Now that is adding value to a commodity !

Anyway just an idea…..

UPDATE: It appears that some else has the same idea – http://www.getshitter.com/ – for printing the toilet paper centrally from your Twitter feeds so I guess the technology to print on demand, rather than a pre-set pattern, must exist in the toilet paper world.

They launched on the 28th March so 4 days after my post here on the Twitter feeds but I see their domain name WHOIS was a month ago so they’re ahead as it’s a real product so great work whoever you are !.

Please sign up to the Companies House eReminder service

The United Kingdom government Companies House has an eReminder service that allows them to send out emails to up to 4 email addresses per company to remind secretaries or directors or other responsible people of legally important filing dates.

To set this go into the Companies House webfiling service and for each of your companies add your email address/es, or if you have an accountant that does this filing then get them to add your email address as one of the recipients. The system sends out a confirmation token to the email address to round-trip the subscription.

If you are a director of a company then you have certain legal duties related to your company. These are encoded in a multi-hundred page law plus more guidelines and regulations. There are a few critical dates and forms to file but this can all be done online in minutes.

The “Companies House” (who is the monopoly registrar of companies in England and Wales) has got a very good electronic system in place but there were a few things (the most important things) that still go via the regular post regarding filing accounts and annual returns. So they have an electronic filing system that allows you to file instantly but the trigger was paper-based letters sent out via the snail-mail post.

Confusion is guaranteed especially as more people think of their company as a virtual entity (well it is a legal fiction even though it is a legal person that has fundamental rights) and that all transactions are done online. With the statistics for missed or late filings then there has always been a background level of late filing and the government has got a reasonable amount of a few million pounds sterling a year from fines. For very large companies with paid accountants this non-filing is probably for strategic reasons to avoid having the financial position of the company revealed but for very small companies this is probably due to lack of staff or just plain forgetfulness.

Since early 2009 the statistics for fines has fluctuated dramatically and I think the Companies House noticed this too or simply saw that the ability to file documents electronically in minutes and yet they send out postal reminders was an illogical use of dead-trees and the eReminder service was launched mid-last year 2011.

If everyone uses this then it should stop or eliminate the accidental penalties and all that will be left will be the deliberate non-compliance, which is what the government is after anyway. The multi-million quid windfalls in fines that the government gets should also drop to a fraction of that.The effectiveness of this should hopefully show up in the statistics that the Companies House has on its web site for late-filing and fines from about last August onwards.

The UK remains a good location to start and run a company, especially a technology company. The ability to form a company in a day on your own for a few pounds and file everything electronically is incomparable to other parts of Europe that maintain a traditional approach of large minimum capital, high legal fees and lots of paperwork.

Broken PHP filter_var() hiccups ResourceSpace install on some URL

Was installing the very interesting ResourceSpace package for a client and the client domain names use “-” in the domain part. They also have the non-dashed version too which redirects to the dashed version. There is nothing wrong with having dashes in the host section of a URL as long as it is not the first character.

The install broke because of the dash and the problem is that the PHP filter_var() function is fine with an underscore in the domain name but not a dash thus filter_var(“http://www.bad_example.com”, FILTER_VALIDATE_URL)) will be true even though it’s an invalid domain name but filter_var(“http://www.good-example.com”, FILTER_VALIDATE_URL)) will be false even though it is valid.

There is not really much to do here other than upgrade PHP to the precise version that fixes this and on my development server I am at 5.3.2 but that’s not working and I’m not going to deviate from the Parallels packages for this. Also if you are on shared hosting you are not going to easily demand the hosting company fix this one bug.

So you are going to have to go into the install script and comment out the filter_url() code or alter the user provided URL to swap the “-” to a character that is always valid and swap the “_” to a character that is always invalid no matter if the filter_url() is good or bad.

So I created a “testbaseurl” from the “baseurl” and tested that rather than the original,

$testbaseurl = str_replace(parse_url($baseurl,PHP_URL_HOST), 
               str_replace(array("_", "-"), array("^", "x"), 
               parse_url($baseurl,PHP_URL_HOST) ), $baseurl  );

which you use instead of $baseurl thus in the ResourceSpace example in /pages/setup.php at about line 510 onwards set the file to,

        //Check baseurl (required)
        $baseurl = sslash(get_post('baseurl'));
        //filter_var() is broken in certain PHP versions as it doesn't permit dashes in host but does 
        //permit underscore. Swap these to always legal or illegal characters. Don't use testbaseurl other
        // than with filter_var()
        $testbaseurl = str_replace(parse_url($baseurl,PHP_URL_HOST), 
               str_replace(array("_", "-"), array("^", "x"), 
               parse_url($baseurl,PHP_URL_HOST) ), $baseurl  );
        if ((isset($baseurl)) && ($baseurl!='') && ($baseurl!='http://my.site/resourcespace') && (filter_var($testbaseurl, FILTER_VALIDATE_URL))){
            //Check that the base url seems correct by attempting to fetch the license file
            if (url_exists($baseurl.'/license.txt')){
            $config_output .= "# Base URL of the installation\r\n";
            $config_output .= "\$baseurl = '$baseurl';\r\n\r\n";
            }
            else { //Under certain circumstances this test may fail, but the URL is still correct, so warn the user.
                $warnings['baseurlverify']= true;
            }
        }
        else {
            $errors['baseurl'] = true;
        }

 

 

I just imagined the price of 3D printer “ink” !

I saw an older article on TheRegister.co.uk about Pirate Bay having 3D printer files.  The article and the comments are enthusiastic. Actually just about every article you see on 3D printing is overflowing with excitement. Reality hasn’t happened yet so we can all dream.

I also relish the idea of being able to knock out parts to repair things but with this article (perhaps it is the ‘flu I have)  I had the strangest of thoughts that cascaded around,

We know about how Inkjet printers cost a few dollars but the cartridges cost 10x that amount and how the printer manufacturers fight the re-fillers with chipped OEM cartridges ? Well I envisage 3D printers using the same model of low-cost printer but chipped feedstock containers. Just as printer ink can cost more than the tears of the Unicorns that dance in the moonlight of an enchanted forest so I expect to see feedstock of such cheap material as aluminium and ceramic powders that will cost more than semi-precious gems or silver and gold.

As the general public we know of counterfeit bags and other branded items which the logo is the most important part ? You can easily avoid these if you have no need to buy luxury-brand goods and it is not going to really kill you if you accidentally do get one. Well this counterfeit problem is now going to extend to a vast range of OEM parts such as car, boat, bike and household appliance spare parts. These could cause you injuries.

There has always been a problem with high priced items like aircraft parts but these should be  detected as the supply chain has an established ability to track items from source to destination. But other industries do not have that papertrail.

3D printing will cause emergent behaviours in our social systems and we won’t have a clue what will hit us. until it happens. You just have to be prepared to adapt and evolve.

Once again.

Foil-backed insulation blocking WIFI

Client has fixed up an old building and has used solid insulation which has an aluminium foil backing that acts as a heat and vapour block. It also stops WIFI dead.

Normally this wouldn’t be a problem and all your signals would be under the roof but this client has a 3-story rustic building with the office at the top and a bedroom at the back on the ground floor with a new roof. Whilst the WIFI signals are fine from the top to the bottom of the main building, immediately you pass under the foil-insulation of the extension then the signals stop.

The most cost effective solution to get WIFI to this back room without running Ethernet cables through meter thick stone walls is to use powerline adapters. Recently I have seen the retail prices for these plummet to less than 50 Euros per pair (for TP-Link brand from Amazon.it or Amazon.co.uk). Currently testing these out and they are looking fine but there is one caution that you need to consider.

These units give off a high frequency audible noise. It is like the flyback transformer of an old style CRT or TV. From experience with different customers these high frequencies can be annoying and frustrating to remove. So you may need to use powerline technology to sneak through the building and then for the last few meters use a cheap switch plus long pre-made ethernet cables or another WIFI AP.

Unintended consequences – shopping bags

Like many we avoid the throwaway plastic shopping bags but have been driven to use the large re-usable ones. But the law of unintended consequences has happened and we now use these reusable bags for so many things we wonder where they have been all our lives,

  • they are great to carry computer desktops. Much easier than by hand but check sizes first.
  • Can be used to carry flat screens as well. Obviously not old CRTs but not many of those left.
  • perfect for network cables and other odds and ends that can’t be carried easily
  • ad hoc toy containers or a solution to clear a desk
  • laundry bags both to and from the washer and onto the line
  • to take recycled bottles and plastic to the the recycling bins
  • wood carriers to bring in firewood

Oh and shopping.

 

 

Observations on eBook usability

One interesting if emotional event had happened recently that has helped me understand the advantages and usability disadvantages and my observations about use of eBooks with the terminally ill.

One of my clients was admitted into a hospital and then later moved to a hospice (they have since died) and they had become very attached to their Amazon Kindle prior to their illness as it allowed them to read a large array of books without carrying around kilos of paper. When hospitalised then this certainly was an advantage as they were bedridden for around 3 months until they had died.

They had purchased the Kindle mid last year so I unwittingly ended up looking at a lot of usability issues of this device for older people right through to the day they died albeit with just this one example.

Other than the charging issues which I had blogged about here, the device worked well up until the client started to lose manual dexterity towards the last week of life and the loss of visual acuity around 36 hours before death.  Given all the eBook readers I have seen at the electronic stores have similar delicate and flush controls there is no clear solution here other than someone bringing out a more rugged device with a more chunky (think Steampunk or Industrial-Military) design and no one has done that yet.

The floors at hospitals are always smooth and hard so there is never the chance of a safe landing if the device is dropped. You must put the device in a hard case. The device also has the risk of being crushed or similar with either the patient or the nurses moving the patient so a hard cover that is visible is neccessary. The client had commented on the case I got that “Pity it was dark”; again this is an issue of visual acuity in finding the device on the bedside or bed covers. Modern beige, greys or black are not the best – it needs to be bright and eye-catching – maybe just retro-fit sticky fluorescent safely tape to the case ?

The device case or cover can’t be smooth plastics and slip out of fingers or slide off surfaces so a high-friction surface is needed but equally the device case or cover will get food on it so it must be a wipe-clean surface.

The electronic ink has a good contrast and the ability to scale fonts is certainly essential to help readability and I understand pretty well all eBook readers do this though towards the very end you will find that the client (patient) may significantly lose vision and cannot read at all. I don’t think there is much that technology can do to overcome this but it would be a helpful feature if you could get a reading summary or statistics page that detailed what was read e.g. as pages/words per session. I had to make a guess based on what the screen was on and what the percentages were of the books being read – based on the completion bars but I was only guessing. Even a basic statistics screen to allow per-session and/or per-day page flip counts would be extremely useful objective feedback to help provide an early warning of changes in the client’s (patient) mental or physical wellbeing.

Other ideas I had were that it would be nice if the reading spot light in the hospital room could come on automatically when the eBook was turned on (I was thinking infrared remote  – this could be aft-market in the retro-fitted case – and uniquely key-coded lights a bit like X10 – IR shouldn’t interfere with medical devices). I though that because the client had to fish around for the light controls and get those right and then find the eBook: I believe that technology should anticipate what you want to do thus if you pick up the eBook then you want to read so you want the reading lights on.

When the patient wanted a new book it was hard to work out what they wanted and how to get it to the device. If the online web site could also have a printed book listings with codes (including QR codes) so you could print out a cheat-sheet of new and related books for your client and then give those to them to choose. They can then decide and you can then buy and download via, for example, your mobile phone. Not all hospitals have WIFI built-in to rooms but cell phones usually work somewhere though they like you to turn them off in places but you’ll get service in public places – if the eBook was tethered to the cell (even if it was via USB or Bluetooth bridge) then this could be a way of synchronising the eBook with new material. The Kindle Whispernet is a good idea and worked well even on GPRS but navigation is naturally hard for the patient and the Whispernet is only Amazon’s not eBooks in general. Just ideas for now.

Ubuntu 10.10 package download of large files can fail with OverflowError: signed integer is less than minimum

I was doing a distribution upgrade on a 10.10 system to 11.04 via do-release-upgrade. The system has games installed, so the total files to download are over 2.5 Gigabytes e.g. games like Nexuiz has a data file that is about 273 Megabytes. The Internet access is low speed broadband (about 70 KBytes per second download maximum) with other machines using this ADSL line so that’s about 10 hours for the whole release.

The  do-release-upgrade downloads can fail on these larger files on congested lines at and if you look at the log file, i.e. tail /var/log/dist-upgrade/main.log ,  it will say something like,

  File "/tmp/update-manager-HXahEI/DistUpgradeViewText.py", line 42, in pulse
    apt.progress.text.AcquireProgress.pulse(self, owner)

  File "/usr/lib/python2.6/dist-packages/apt/progress/text.py", line 164, in pulse
    apt_pkg.time_to_str(eta))

OverflowError: signed integer is less than minimum

If you look at that code in /usr/lib/python2.6/dist-packages/apt/progress/text.py (it’s Python) around line 161 onwards and think about what can happen on …

            eta = int(float(self.total_bytes - self.current_bytes) /
                      self.current_cps)

There are a number of issues here with this. That eta value isn’t checked before it is passed to the apt_pkg.time_to_str() and that’s not good because,

1) I think the self.current_cps can be a float less than 1 and as the size of an int on this system (64bit Athlon with Python 2.6.6 ) is,

>>> import sys
>>> print sys.maxint
9223372036854775807

then the eta could be quite large e.g. if that maximum value was seconds and converted to years would be just under 300 billion years.

2) But the actual error is “signed integer is less than minimum” not an overflow of a maximum so this bug seems to be about some magic number. Now if you enter in the python program,

>>> import apt_pkg
>>> print apt_pkg.time_to_str(-1)
213503982334601d 7h 0min 15s

and if you enter in other odd numbers then you can trigger the “signed integer is less than minimum” e.g. see these examples,

>>> apt_pkg.TimeToStr(-2147483648)
'213503982309746d 3h 46min 8s'
>>> apt_pkg.TimeToStr(-2147483649)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
OverflowError: signed integer is less than minimum

so it clearly can have values over 24855 days i.e. apt_pkg.time_to_str(2147483647) so looks like there are some odd boundaries that cause OverflowError: signed integer is less than minimum as well as a OverflowError: signed integer is greater than maximum. I ran a loop that incremented an integer by 1 and gave up and Control-C it when it went through 836477585 which is 9681d 10h 53min 5s so if there are any boundary conditions it’s not obvious. I suspect that the garbage is with what is fed to the TimeToStr() and not a flaw in TimeToStr(). I suspect that if the download process resets itself then the file size self.total_bytes is temporarily nonsensical e.g. 0 whilst the program resets the download.

So that code section needs sanity limits on the eta because looks like we can’t trust any of self.current_cps to be reasonable or self.total_bytes to be accurate but I think self.current_bytes may always be fine, e.g. I changed line 164 end =… to have some range checking,

            if eta < 0:
                end = " %sB/s ~%s" % (apt_pkg.size_to_str(self.current_cps),apt_pkg.time_to_str(0))
            elif eta > (30 * 24 *60 * 60):
                end = " %sB/s >%s" % (apt_pkg.size_to_str(self.current_cps),apt_pkg.time_to_str(30 * 24 *60 * 60))
            else:
                end = " %sB/s %s" % (apt_pkg.size_to_str(self.current_cps),
                                 apt_pkg.time_to_str(eta))

where the 30*24*60*60 means 30 days but there are other ways of doing this e.g. check  self.total_bytes is greater or equal to self.current_bytes or limit eta to a range and then keep existing calculation.

Once you edit that file you can simply restart the do-release-upgrade console and it will use your new code on the fly.

The bug is in other distributions e.g. see this bug report https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/884625 but not fixed. The problem is that the apt_pkg.time_to_str(), which is actually apt_pkg.TimeToStr() is probably being passed nonsensical values for self.total_bytes due to file downloads being reset for large and/or poor circuits. The apt_pkg.TimeToStr() should also reasonably handle negative times and not display nonsense but that’s another problem.