Google and Facebook bypassing P3P User Privacy Settings

I wrote about P3P a very long time ago, and have implemented it on several websites. Some history, the W3C crafted the P3P policy.
Microsoft introduced P3P support in IE6 (in 2001) and it remains implemented in all current versions of the browser. The primary intended use is to block 3rd party cookies within the browser on behalf of the user.

Interesting enough, Microsoft has had been a bit of a struggle with Google and Facebook, which send the following HTTP response headers.

Google’s Response:

P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."

Facebook’s response:

P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"

REFERENCES:

WordPress credentials for update

After moving or updating WordPress, later plugin updates may start asking for FTP and/or SSH credentials. This can be easily avoided by setting the following:

  1. In wp_config.php

    define('FS_METHOD', 'direct');
  2. Verify file ownership permissions, on Ubuntu, this is typically:

    sudo chown -R www-data:www-data YOURFOLDER

Mozilla Firefox Tracking Protection

While “Do Not Track” (DNT) was an HTTP Header used to “request” that the browser sent to a server, it was not guaranteed to be honored. New versions of Firefox support “Tracking Protection” that automatically block many common tracking mechanisms.

  • Type “about:config” in the URL line.
  • Toggle “privacy.trackingprotection.enabled” from false to true.
  • Done!

REFERENCES:

Disable IPv6 on Ubuntu

Ubuntu updates occasionally fail due to IPv6 update servers not being reachable. While I prefer to keep IPV6 activated, this approach will allow you to disable it for updates, simply reverse the steps to re-enable afterwards!

  1. Update the configuration file…

    sudo vi /etc/sysctl.conf

    ADD:

    # IPv6 disabled
    net.ipv6.conf.all.disable_ipv6 = 1
    net.ipv6.conf.default.disable_ipv6 = 1
    net.ipv6.conf.lo.disable_ipv6 = 1

  2. Then, you must enable the change…

    sudo sysctl -p

  3. To verify…


    ifconfig

Upgrade Splunk server

Initially this seemed a bit problematic for me. Each time the browser client is started it (by default) checks for a new server release and prompts the user to upgrade. The installation automatically identifies the currently installed version and takes the necessary steps to migrate configuration.

Steps are similar to initial installation.

  1. Download the appropriate build for your server (i386 vs. amd64)
  2. transfer to the server via sftp or other secure means
  3. sudo /opt/splunk/bin/splunk stop
  4. sudo dpkg -i splunk*
  5. sudo /opt/splunk/bin/splunk start
  6. … accept terms… Y
  7. MIGRATE “y”
  8. http://HOSTNAME:8000
  9. sudo /opt/splunk/bin/splunk enable boot-start

Install Splunk on Ubuntu

Splunk is a popular enterprise level tool for log collection, analysis and management. While you can obtain an enterprise license, most functions are available in the free community edition.

Setup is very easy:

  1. Download and move the .tar.gz file to the appropriate server (i386 vs. amd64)
  2. sudo dpkg -i splunk*.deb
  3. Start the server:

    sudo /opt/splunk/bin/splunk start

    The first time you run after installation or update you will have to accept terms.

  4. Access the admin screen:

    http://HOSTNAME:8000

    login (admin/changeme)
    change password

  5. Go to Settings/Forwarding * Receiving
    – add new (port 9997)
  6. Open firewall port (if enabled):

    sudo ufw allow 8000
  7. Now to start as a service…

    sudo /opt/splunk/bin/splunk enable boot-start

Competitors:

REFERENCES

Apache Commons-Email java implementation steps

Many java developers are familiar with the venerable javax.mail.* packages and make use of them in their applications.

While it works well, it can often be cumbersome to work with and difficult to implement new features. Apache Commons-Email, now at version 1.4 (May 2015), provides a simpler interface to send emails with HTML format and attachments.

NOTE: The below examples assume that you are using an SMTP server that verifies the sender. You may need to modify the examples for your specific configuration. Additionally, I’ve left out the try/catch blocks for “Exceptions” that you will have to add.

Using javax.mail.* to send an text formatted message:

final String body = "Example email body";
final String emailFrom = "From User ";
final String emailTo = "To User
";
/* NOTE: 'session' and 'conn' are outside of the scope of this example but generally contain host and authentication information */
javax.mail.Session session = getSession(conn);
final javax.mail.Message message = new javax.mail.internet.MimeMessage(session);
message.setFrom(new javax.mail.internet.InternetAddress(emailFrom));
message.setRecipients(javax.mail.Message.RecipientType.TO, javax.mail.internet.InternetAddress.parse(emailTo));
message.setSubject(subj);
message.setText(body);
javax.mail.Transport.send(message);

Using commons-email for HTML email.

final String body = "Example email body";
final String emailFromAddr = "[email protected]";
final String emailFromName = "User From";
final String emailToAddr = "[email protected]";
final String emailToName = "User To";
final String username = "myusername";
final String password = "mypassword";

final org.apache.commons.mail.HtmlEmail email = new org.apache.commons.mail.HtmlEmail();
email.setHostName("localhost");
email.setSmtpPort(25);
email.setAuthentication(username, password);
email.setAuthenticator(new org.apache.commons.mail.DefaultAuthenticator(username, password));
//email.setSSLOnConnect(true);
final String charset = "UTF-8";
email.setCharset(charset);
email.setFrom(emailFromAddr,emailFromName);
email.setSubject(subj);

email.addTo(emailToAddr, emailToName);
//email.setDebug(true);

// set the alternative message
email.setTextMsg("Your email client does not support HTML messages.");

// set the html message
final StringBuilder sb = new StringBuilder();
sb.append("");
sb.append(body);
sb.append("");
email.setHtmlMsg(sb.toString());
email.send();

Using commons-email with an inline attachment:

final org.apache.commons.mail.HtmlEmail email = new org.apache.commons.mail.HtmlEmail();
/* (insert code from example above above) */
String cid = null;
try{
final URL url = new URL("http://www.example.com/logo.gif");
final String img = email.embed(url, "Logo");
cid = "\"\"";
}
catch(final MalformedURLException ex){
// eat it!
}
// set the html message
final StringBuilder sb = new StringBuilder();
sb.append("");
if(cid!=null){ sb.append(cid); }
sb.append(body);
sb.append("");
email.setHtmlMsg(sb.toString());
email.send();

Code changes to use the library should not take very long as Commons-Email builds on top of javax.mail.*. In most cases, For Maven projects, you can remove the javax.mail references and simply add the new commons-email one to your pom.xml:


<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-email</artifactId>
<version>1.4</version>
</dependency>

REFERENCES:

Windows 7+ “GodMode”

To give you complete control over all the configurable options in Windows 7+ at a single press of a button just simply create a new folder anywhere and rename it to this:


GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

The folder you create will now have 270 items that are to do with configurable options in Windows 7. Interestingly it also works for Windows 8.1 and 10 as well.

NOTE: Vista partially supported this feature, but was prone to crashing until the folder was removed.

REFERENCES:

Hackintosh – running Apple OS/X inside VirtualBox (on Ubuntu or Windows)

I’ve done a LOT of web and software development in my career, one of the biggest problems I’v e had is doing proper testing on various platforms. VirtualBox can be run on most platforms, and allows for you to virtualize various operating systems. Apple’s OS X can be problematic to install, here’s some functioning instructions and settings that I’ve successfully used for my virtual Hackintosh test environment.

WARNING: As this uses an image of the software, it is advisable to also have a valid licenced copy as to use this without a licence would be “stealing”.

NOTE: this is a version of Snow Leopard, unfortunately you will NOT be able to update or add “fixes” to this test copy as it will usually break. I recommend making a copy of the VM if you wish to try!

My VirtualBox settings:

Mac OS X
Mac OS X Snow Leopard (64-bit)
1024MB
1 core
Disable EFI
6MB+ video

Steps:

  1. English, continue
  2. Utilities… disk Utilities… Select drive, Erase, name, erase… close
  3. continue
  4. Select disk… continue
  5. Customize (see instructions for: updates, kernels & bootloaders)
  6. NOTE: i only did 10.6.1 (an earlier 10.6.2 failed)

  7. Install
  8. Resolution fix – (I could not save file, but here are the instructions…

    Finder > OSX Drive (On desktop) > Extras > com.apple.Boot.plist (open with TextEdit – use the field to find)


<key>Graphics Mode</key>
<string>1280×1024x32</string>

REFERENCES:

Cache Busting URL’s with querystring params?

There is a LOT of noise and discussion about this online, most often attributed to the following source,
http://www.stevesouders.com/blog/2008/08/23/revving-filenames-dont-use-querystring/

While it was relevant back when this was written in 2008, but the main reason cited was proxy server behavior, particularly Squid Proxy. FWIW, Squid had this capability before, but it was not the default setting. They changed their default policy with caching dynamic URLs with their 2.7 release, stable since 31 May 2008.

http://wiki.squid-cache.org/ConfigExamples/DynamicContent

Outline: The obsolete default configuration of squid prevents the caching of dynamic content (pages with ? in the URI), like so:


hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin \?
cache deny QUERY

NOTE: That policy setting was created at a time when dynamic pages rarely contained proper Cache-Controls, that has now changed. From the release of Squid 2.7 and 3.1 the squid developers are advocating a change to this caching policy. These changes will also work in 3.0 and 2.6 releases despite not being officially changed for their squid.conf.default.

The changed policy is to remove the QUERY ACL and paired cache line. To be replaced by the refresh_patterns below:


refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320

Squid Release history, for reference.

Version First STABLE release Date Latest Release Latest Release Date

3.5   Jan 2015
3.4	09 Dec 2013	3.4.12 	 18 Feb 2015 
3.3	09 Feb 2013	3.3.13 	 28 Aug 2014 
3.2	14 Aug 2012	3.2.13 	 13 Jul 2013 
3.1	29 Mar 2010	3.1.23 	 09 Jan 2013 
3.0	13 Dec 2007	STABLE26 28 Aug 2011 
2.7	31 May 2008	STABLE9 16 Mar 2010 
2.6		01 Jul 2006 	STABLE23 17 Sep 2009 
2.5		25 Sep 2002 	STABLE14 20 May 2006 
2.4		20 Mar 2001 	STABLE7 02 Jul 2002 

NOTE: if you would like to verify how widespread QueryString versioning is, please look at the source of microsoft.com or just about any WordPress powered website.

REFERENCES: