Speed UP WordPress [or any site]

If you use a shitty server/network or your wordpress theme/plugins/content combination is heavy you can speed up the loading on the side of the client and server side by using a plugin like “W3 Total Cache”; it could set easily the browser needed headers to avoid hops, and also cache things like DB queries, or a in-server cache to save a static copy of the php files pre-generated as static content. The installation it just with a few clicks, the configuration the first time maybe take some time to understand, but once you do it, it is a straight forward procedure, by just enabling some type/s of cache or another according the kind of server that you are using or desired level of cache…

But beware in some cases if you server is not fast enough it can cause the adverse effect!
So here is a clean/neat solution [if you are on linux] to archive at least the browser cache.
Edit the .htaccess file and add something like:
<IfModule mod_expires.c>
ExpiresActive on
ExpiresDefault "access plus 1 day"
ExpiresByType text/html "access plus 1 week"
ExpiresByType image/jpg "access plus 1 month"
<IfModule mod_headers.c>
Header append Cache-Control "public"
</IfModule>
</IfModule>

This is just a example, as you can see you can set different expiration headers per mime types… [also by file extension, and [lot?] of other parameters]

Tech Note: the header will be constructed as:
Cache-Control: max-age=172800, public

If you need for some rare reason (External cache CDN provider compatibility, better look a like, some standard, etc ) the header like this:
Cache-Control: public, max-age=172800
Just add at the end of the .htaccess file (inside the “IfModule mod_expires.c”) this:
<IfModule mod_headers.c>
Header edit Cache-Control "max-age" "public, max-age"
</IfModule>
That will invert the order of the values…
Or directly write the full header [on the order that you want] like this:
Header set Cache-Control "max-age=172800, public"

If you are on windows I guess that there is a “rewrite” rule or something similar to address this issue, but as it weren’t the case, you will have to research by yourself…

References:
https://wordpress.org/plugins/w3-total-cache/
http://httpd.apache.org/docs/current/mod/mod_expires.html
https://paulund.co.uk/set-expire-headers-in-htaccess

AC.

Posted in Medium Technical, Wordpress | Tagged , , , , , , , , | Comments Off on Speed UP WordPress [or any site]

Dump saved WIFI password from CMD

To dump some saved WIFI password on Windows just type:
netsh wlan show profile name=[ssid] key=clear

This will need a elevated command prompt and will also show other details that can be usefully on scripts, or similar…

AC.

Posted in Basic Technical, Learned Today, Networking | Tagged , , , | Comments Off on Dump saved WIFI password from CMD

Disable local IP leak on Firefox – WebRTC

Avoid sites fetching your internal IP by disabling WebRTC…

The native way:
– Go to about:config and set “media.peerconnection.ice.default_address_only” to true

And the old way:
– Use a plugin like “Disable WebRTC”
https://addons.mozilla.org/en-us/firefox/addon/happy-bonobo-disable-webrtc/

What is WebRTC and what does it work for?
https://en.wikipedia.org/wiki/WebRTC

Sources:
https://wiki.mozilla.org/Media/WebRTC/Privacy
https://addons.mozilla.org/en-us/firefox/addon/happy-bonobo-disable-webrtc/

AC.

Posted in Medium Technical, Security | Tagged , , , | Comments Off on Disable local IP leak on Firefox – WebRTC

WordPress Proxy

Running WordPress on a internal network or something like that and want to handle all the internal connections with a proxy?

Just edit the “wp-config.php” and add this:
define(‘WP_PROXY_HOST’, ‘90.90.90.90’);
define(‘WP_PROXY_PORT’, ‘3128’);
define(‘WP_PROXY_USERNAME’, ‘username’);
define(‘WP_PROXY_PASSWORD’, ‘password’);
define(‘WP_PROXY_BYPASS_HOSTS’, ‘localhost, www.someurl.com’);

References:
http://wpengineer.com/1227/wordpress-proxysupport/

AC.

Posted in Medium Technical, Wordpress | Tagged , , , | Comments Off on WordPress Proxy

FON2100A OpenWRT Unbrick

A small step to step on how to revive a bricked FONERA 2100A (With Redboot installed)

fon2100a

Files Needed:
Easy Redboot flash utility:
http://download.berlin.freifunk.net/fonera/ap51-flash-gui-1.0-42.exe
Previous program dependency:
http://www.winpcap.org/install/bin/WinPcap_4_1_3.exe

OpenWRT Kamikaze 8.09.2
http://downloads.openwrt.org/kamikaze/8.09.2/atheros/openwrt-atheros-vmlinux.lzma
http://downloads.openwrt.org/kamikaze/8.09.2/atheros/openwrt-atheros-root.squashfs

Hardware needed:
– PC Computer (Or VM)
– Bricked Fon2100A (Previously jailbreaked)
– Network cable
– Brain

Instructions:
Note: This only will work if the Redboot is accessible (Ex. if you previously installed OpenWRT), to check if it is working, connect the fonera to the PC while is turned off, disable all other network interfaces, set the interface where the fonera is plugged in to 192.168.1.166 subnet 255.255.255.0 gateway 192.168.1.1, turn on the fonera and while is loading (between 2-9 sec since turned on) telnet to 192.168.1.1:9000 and if you get the Reboot console, means that the fonera could be revived by this way…

1 – Disable all network interfaces and leave only the one where the fonera will be plugged.
2 – Plug the fonera to the network while is turned off
3 – Run the software “Freinkfurt AP51 EasyFlash”, select 2 image files.
4 – Turn on the Fonera, and the software using PCAP will detect the device and flash it using the Redboot.

You can do it also without the easyflash software if you “know” how to work directly with the Redboot. (Or following some other very long instructions)

And you can also use a more recent version of OpenWRT, I recommend Backfire 10.03.1 (Dic-2011), it works OK and have more features installed, like WPA.
I tested also some other recent versions like Attitude Adjustment 12.09 and Barrier Breaker 14.07; but the FON2100A is to old for that ones and will make it to be extremely slow or unresponsive.

References:
http://wiki.openwrt.org/toh/fon/fonera
-?-

AC.

Posted in Linux, Networking | Tagged , , , , , | Comments Off on FON2100A OpenWRT Unbrick

WordPress – Get all posts where a meta key does not exist

Simple…

$search_values['meta_query'] = array(
'relation' => 'OR',
array(
'key' => 'psychedelics', //replace with the non existing field to query
'compare' => 'NOT EXISTS',
'value' => '' // Ignored, but needed to work...
),
array(
'key' => 'psychedelics', //replace with the non existing field to query
'value' => '2CB' //any value
)
)

Source:
http://wordpress.stackexchange.com/questions/80303/query-all-posts-where-a-meta-key-does-not-exist

AC.

Posted in Learned Today, Medium Technical, Wordpress | Tagged , , , , , | Comments Off on WordPress – Get all posts where a meta key does not exist

Generate and Test a iOS Push Certificate

Hello,

A (working) quick way to generate a working P12 Certificate using OpenSSL for push notifications on your iOS apps:

Transform the Certificate from CER to PEM
openssl x509 -in aps_production.cer -inform DER -out distrib_final.pem -outform PEM}
Transform the Key from P12 to PEM (P12 file must be exported from the “Keychain Access” application)
openssl pkcs12 -nocerts -out distrib_final_key.pem -in certificates.p12
Generate Final Certificate:
openssl pkcs12 -export -in distrib_final.pem -inkey distrib_final_key.pem -certfile CertificateSigningRequest.certSigningRequest -name "apn_developer_identity" -out distrib_final_ready.p12
A connection test to see if the certificate is working:
openssl s_client -connect gateway.push.apple.com:2195 -cert distrib_final.pem -key distrib_final_key.pem

Notes:
– This does not cover the certificate “request”…
– The right certificate to use is on your Apple Developer Account under “Certificates, Identifiers & Profiles/Identifiers/Apps IDs” (NOT THE DISTRIBUTION ONE)

AC.

Posted in iOS, Mac, Medium Technical | Tagged , , , , , , , , , , | Comments Off on Generate and Test a iOS Push Certificate

OSx Advanced Search: Find + Grep

To find some text inside all types of files:

find . -type f -exec grep -l "some text" {} +

AC.

Posted in Basic Technical, Learned Today, Mac | Tagged , , , , , | Comments Off on OSx Advanced Search: Find + Grep

OpenSSL – Comodo “unable to get local issuer certificate”

Hello,

If you use Comodo certificates over an (web) application that uses OpenSSL and you get the error “unable to get local issuer certificate” that mean that you have to merge the all the certificate chain on one file and submit it on your application as the “CA Certificate”, so OpenSSL will be able to fully resolve the certificate.

Mix this 3 files on one, on this order:
COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt

Then submit the newly created file, along your certificate and your private key to the app that you are setting up, and that should do the trick!

Full Error:
20 X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: unable to get local issuer certificate

References:
https://www.hmailserver.com/forum/viewtopic.php?t=27316
https://www.openssl.org/docs/apps/verify.html

Regards,
AC.

Posted in Linux, Medium Technical | Tagged , , , , | Comments Off on OpenSSL – Comodo “unable to get local issuer certificate”

Compile OpenSSL from source on old Ubuntu

Hello,

If your version of Ubuntu is no longer supported you should update…
But in the meantime you could fix the broken or insecure packages on this way…

Note: Before continue check if you can get from a trusty source the package on DEB compiled that match your OS and architecture (and install it with: “dpkg -i file.deb”)


//before aptget: check that the sources are working!!!
//install prerequisites
apt-get install libssl-dev make gcc
//create a folder, download (openssl in this case, but can apply to any package) and decompress
wget http://openssl.org/source/openssl-1.0.1j.tar.gz
tar xfz openssl-1.0.1.tar.gz
//change to folder
cd openssl-*
//configure (take note of the paths!)
./config --prefix=/usr zlib-dynamic --openssldir=/etc/ssl shared
//compile
make
//install!
sudo make install

//use sudo if necessary (not just for make, for all commands)
//then if everything went ok check the version
openssl version -a

If you specifically do this to fix heartbleed or another critical vulnerability that leaked information, remember to replace SSL certificates with new ones and change users credentials…

//info from:
http://wiki.openssl.org/index.php/Compilation_and_Installation#Intel
http://mariobrandt.de/archives/linux/upgrading-openssl-on-debian-6-squeeze-or-ubuntu-8-04-hardy-456/
http://askubuntu.com/questions/133806/getting-an-error-when-using-make-command-installing-aircrack-ng-on-ubuntu-12
http://ubuntuforums.org/showthread.php?t=825560ddd

Regards,
AC.

Posted in Linux, Medium Technical, Security | Tagged , , , , , , , , , | Comments Off on Compile OpenSSL from source on old Ubuntu