Finally, Binero offers Let’s Encrypt SSL certificates

Finally! It took a while, but as of midsummer Binero now offers SSL-certificates from Let’s Encrypt. And it’s really smooth installing them as well, at least on WordPress which is the only kind I’ve tested so far.

Since there is a drawback, ignoring the fact that the service is in beta-mode, (something which for example shows up when you try to access all help- or info-links, where all info is not yet in place), there is currently a limitation on 2 certificates per account.

Well, it doesn’t say so anywhere, but I could only register two certificates for my account, and as a consequence since I’m running two main sites and two subdomains, two of these are still missing certificates. And the webmail is also (still) missing a certificate.

All in all I believe I would need 6 certificates to cover all current needs. Or a (two) wildcard certificates. Or I’d need to redesign some of the subdomains into being integrated subfolders in the main site. Something I don’t really want.

But Let’s Encypt is free, so why not just order the additional certificates. Well, first of all Binero charges a small administrative fee for these. Not so expensive but I think I’ll manage without for the time being, (at least during beta). And secondarily, the link to order additional certificates doesn’t work yet… Another beta-flaw I suspect.

But still, it’s a giant step forward. And just in the nick of time, since most web browsers are about to start flagging http-sites as unsecure, beginning now in July, and going a step further after summer vacations, in September.

And I’ve yet to find out how to force https-redirections through .htaccess. My initial attempts haven’t worked, even though as per WordPress recommendations.

But despite some minor glitches, so far this is a huge success!

Advertisements

Upgrading to WordPress 4.9.6

Upgrading to WordPress 4.9.6, another manual update. It seems so backwards to have to start caring for manual updates again after automatic updates have been working for so long.

Upgrading to WordPress 4.9.4

When I initially started keeping track of my upgrades, of both WordPress but also mostly all other software updates as well, it was since there had been several bugs caused by updates, in turn causing me to spend a lot of time troubleshooting and resolving these. And I wanted to keep a log on when I upgraded, what I upgraded to easier find and resolve issues and how much time I spent on these rather meaningless tasks.

Over the last few years the updates on all platforms I use have both become so frequent it’s become quite impossible to write them all down, the steady trickle of updates have become a huge flood, but on the other hand updates have overall, with some quite notable exceptions, become much better in quality and have required less and less time and intervention from me.

Such as with WordPress, which has been silently and robustly updating itself across all my sites. With an exception today, where the 4.9.4 update just sat there waiting for my approval, for some reason. Maybe I was too fast, or just logged in precisely at the time it became available and the auto-update had not yet had time to react, I don’t know, but there it was, the surprise of having to manually initiate an update. But it worked flawlessly.

The danger of all these successful auto-updates is that I’ve been negligent with doing backups. Since they usually work. And usually update themselves overnight. And doing backups “just in case” is a really great example of wasting time which I don’t have.

Anyway, if only MediaWiki could advance to a state where updates could be performed with the same ease as WordPress. Since at the moment leaving MediaWiki is not an option.

And the cumulative updates of Windows 10 and Windows server are still a pain in size and time taken to install, even if they auto-update fairly well most of the time…

Full post-width tiled gallery

In order to get the tiled gallery to use the full width of the post (currently 900px) instead of the built-in limit of 640px I’ve updated the /includes/functions.php with the following lines:

// Changes tiled gallery width

function custom_tiled_gallery_width( $custom_hello_text ) {
return 900;
}

add_filter( ’tiled_gallery_content_width’,’custom_tiled_gallery_width’);

This worked great, but I’m expecting it might get overwritten in future WordPress-updates and needs to be re-modified.

Independent publisher theme

I’m trying out the new “Independent publisher” theme for WordPress. So far it looks quite nice, it’s interesting that there’s such a big difference in looks if you choose a header or not. I might re-add my old header but I’m quite fond of this clean look too.

I’m still not sure whether it’s good enough to switch my main website, since I expect it will as usual take a lot of reformatting of image widths, and other small design stuff which comes along with changing themes.

It could use a blueish color theme too, especially for the icons.

A new wave of spam

I noticed the other day that I’d gotten quite a lot of spam in one of my WordPress sites again. I hadn’t noticed initially since it was all automatically flagged as spam and not published, but just sat in the approval queue.

But the interesting part was the change in behavior, where practically all entries now were from an oddly generated number-string-email-adress, at gmail.com, all of them had a first name only (where previous spammers tried to look like a “real” person with both firstname and lastname), and most interesting, they all had the same phrasing, and all had the same kind of spelling errors in the test.

I’d guess it’s an attempt to look “human, less than perfect”, but it gets so obvious with batches of 20 almost identical posters with the same spelling errors, just repeated in so small ways that it could have been real. But weren’t.

Enabling 2FA login

I came across this article on enabling two-factor-authentication for several accounts.

I noticed that not only are there several more services now offering 2FA than when I last checked a few months back. But once I set out to enable my accounts on these services I also noticed that several of them now supports apps in addition to SMS-messages.
And I’m also very glad that the apps are becoming more generic so I don’t need to have a mass of apps installed on my phone, but rather that it’s now possible to use for example Microsoft Authenticator not only for Microsofts own accounts but also for Google, Twitter, Dropbox, Amazon and others.

The article doesn’t mention Steam though, but I think it should. Steam is quite huge as platform and enabling 2FA was both easy and well worth it, considering the info stored there. And neither is Apple mentioned which is a little odd, but AppleID is also very smooth to enable for 2FA.

There are also some identity services missing in the article where maybe I should look more into their respective settings to see if they now support easy to use 2FA as well.

I’m thinking specifically of WordPress, Instagram, IMDb and Origin. And of course all the web shops where personal info is stored.

And lastly what I’d like to see now is support in Password Safe for PC and the pwSafe iOS app for tagging accounts with a green colour flag if they’re 2FA enabled.