Jim Rome's Interactive Site http://jamesrome.net/drupal/rss.xml en Internet ID monitoring is useless http://jamesrome.net/drupal/id_monitoring <span class="field-wrapper">Internet ID monitoring is useless</span> <span class="field-wrapper"><span lang="" about="/drupal/user/1" typeof="schema:Person" property="schema:name" datatype="">jarome</span></span> <span class="field-wrapper">Sun, 07/28/2019 - 08:28</span> <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div class="field-wrapper field field-node--field-display-title field-name-field-display-title field-type-string field-label-hidden"> <div class="field-items"> <div class="field-item"><h2><a href="/drupal/id_monitoring" hreflang="en">Internet ID monitoring is useless</a></h2> </div> </div> </div> <div class="field-wrapper body field field-node--body field-name-body field-type-text-with-summary field-label-hidden"> <div class="field-items"> <div class="field-item"><p>As part of their "service," MyIDCare monitors your compromised passwords on the internet. But this is totally useless!</p> <p><img alt="" height="840" src="/drupal/sites/default/files/MyIDCare.png" width="766" /></p> <hr /><p>But, almost all of my 1000 different accounts use my e-mail address for my user ID, and this report does not identify the site in question, so there is nothing I can do about this!</p> <p>If you were compromised by Equifax, take the $125 (+ $25.hour spent) rather than credit monitoring.</p> <p> </p> </div> </div> </div> <section class="field-wrapper"> <h2 class="field-items">Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=189&amp;2=comment_node_blog&amp;3=comment_node_blog" token="Q0pNWCeWshkcv1ErWkPPmRd2p9rTZOuGhXIhcEkbuf8"></drupal-render-placeholder> </section> </div> </div> Sun, 28 Jul 2019 14:28:16 +0000 jarome 189 at http://jamesrome.net/drupal Review of Evelo Aurora Mid-drive Bicycle http://jamesrome.net/drupal/Evelo_Aurora <span class="field-wrapper">Review of Evelo Aurora Mid-drive Bicycle</span> <span class="field-wrapper"><span lang="" about="/drupal/user/1" typeof="schema:Person" property="schema:name" datatype="">jarome</span></span> <span class="field-wrapper">Thu, 06/06/2019 - 13:18</span> <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div class="field-wrapper field field-node--field-display-title field-name-field-display-title field-type-string field-label-hidden"> <div class="field-items"> <div class="field-item"><h2><a href="/drupal/Evelo_Aurora" hreflang="en">Review of Evelo Aurora Mid-drive Bicycle</a></h2> </div> </div> </div> <div class="field-wrapper body field field-node--body field-name-body field-type-text-with-summary field-label-hidden"> <div class="field-items"> <div class="field-item"><h3>Introduction</h3> <p>The <a href="https://www.evelo.com/electric-bicycles/aurora/">Evelo Aurora</a> is the second electronic bike I have tried. (See my <a href="https://jamesrome.net/drupal/vanmoof">review of the Vanmoof S2</a>.) Unlike the Vanmoof S2, the Evelo Aurora looks like an e-bike:</p> <p><img alt="" height="600" src="/drupal/sites/default/files/20190606_151244_0.jpg" width="800" /></p> <p>The Aurora has a step-through frame and a big obvious battery pack. Since I preordered the bike, I got a discount, and the free carrier bag (shown). However,  the Aurora I received is not quite the Aurora I saw on the Web site, and in the videos. Missing are the studs for a water bottle holder.  And the double kickstand has been replaced by a single one (barely visible). Evelo says that people had problems with the original stand, and that the new one is an upgrade. I also paid to upgrade to the Thudbuster seat post (shown), and added a bell, a rear-view mirror, and a clamp-on water bottle holder on the side of the handlebar extension. The air pump is part of their Commuter Package, and I attached it to the carrier rear riser with zip ties. </p> <h3>Assembly</h3> <p>The Web site says the Aurora comes "almost fully assembled." This was not the case for my bike, and Evelo is still investigating why this occurred. The front fork, and handlebars were attached to the rest of the bike with zip ties; there must have been 20 of them all told. Evelo has an assembly video, but it assumes that the fork and handlebars are in place. What is worse, both the fork and handlebars are entangled with cables and fluid tubes (for the brakes). It is a real rats nest.</p> <p>After the fact, Bill Cummings of Evelo mailed me some pictures of the disassembled front headset assembly, which I post here for your edification</p> <table border="1" cellpadding="1" cellspacing="1" style="width: 800px;"><tbody><tr><td><img alt="" height="520" src="/drupal/sites/default/files/EveloHeadset.png" width="353" /></td> <td> <p>PART Numbers</p> <p>​</p> <p> 1    Ball bearings in cage -- this goes in first, with the bearings facing upwards as shown</p> <p>​</p> <p> 2    Dust cover with lip.  Inner lip goes down</p> <p> </p> <p>​ 3    Solid tapered spacer.  Taper (wedge) goes down and will contact the ball bearings</p> <p> </p> <p>​ 4    Split tapered spacer. Taper (wedge) goes down</p> <p> </p> <p> 5   Decorative conical spacer.  Narrow side goes up</p> <p> </p> <p>6–9  Spacers.  You probably only have 3.  Sequence doesn't matter at all.</p> </td> </tr></tbody></table><p>Parts 1–3 were installed in the headset as shown below. The parts came in the loose cardboard box was inserted into the main carton. It had a hole in it, and I had to fish out the parts out of the main carton. Be careful—I originally ignored part 4 and had to reassemble these parts again. </p> <p><img alt="" height="600" src="/drupal/sites/default/files/20190606_105852.jpg" width="800" /></p> <p>I also originally had the cables dressed badly, and had to remove the handlebars again to fix this. Here is how I ended up dressing the cables and tubes:</p> <p><img alt="" height="800" src="/drupal/sites/default/files/frontview.png" width="600" /></p> <p>There is a trick to getting the headbolt in the handlebars tightened properly. You need to press down hard on the handlebars while tightening the top bolt as far as it will go, checking to see that there are no gaps in the head assembly, especially at the bottom. Then, adjust the handlebars to be straight, and tighten the two side bolts. What is very difficult about this process is that without the front fork in place, there is nothing to hold the bike upright and straight. If I were to do this again, I would temporarily install the front wheel so that with the fork in place, you can hold the bike up using the kickstand. The front wheel will not go in place unless you remove a plastic tab from the brake calipers. In the assembly video, it is orange I think. Mine was black. It has a handle like a pop-top ring that you can pull. You will have to remove the wheel to install the front fender. Or get a friendly assistant. </p> <h3>Riding the Aurora</h3> <p>The Aurora does solve the problems I had with the Vanmoof S2, namely a lack of power and/or gears for steep hills. But it does so at a price—about $1000 and 24 pounds of weight. Wheeling it to my front door required some "horsing" of the rear of the bike to make the sharp turns. But once on the road, this awkwardness disappeared. I have only had a chance to ride 5.5 miles today before the deluge started, so these are very preliminary observations. I will update this post as I learn more.</p> <p>The control panel is very obvious in its use, and easy to see on this cloudy day. I only tried the automatic shifting mode, but it offered seamless performance, unlike the clunky Vanmoof. When I reached 20 mph (the speed limit I set to avoid needing a license), there was a noticeable clunk as the power assist stopped. But I was able to pedal up all the hills I encountered easily enough. That is a big plus.</p> <p>The handlebar grips are painful. The diamond rubber hatching digs into your hands. Luckily I had riding gloves with gel pads.</p> <p>More when the weather clears . . .</p> <p>I have had a chance to ride a 20- and 14-mile trip in nice weather, together with some shorter trips. 20 miles is the hurt point for my hips. The 14-mile trip is shown below:</p> <table border="1" cellpadding="1" cellspacing="1" style="width: 615px;"><tbody><tr><td><img alt="" height="461" src="/drupal/sites/default/files/map%20Health_0.png" width="600" /></td> <td style="width: 200px;">The numbers show the progression of my trip</td> </tr><tr><td><img alt="" height="510" src="/drupal/sites/default/files/hill-speed_Samsung%20Health_0.png" width="600" /></td> <td style="width: 200px;">The red numbers are the assist levels I used (approximately) at different parts of my trip.</td> </tr></tbody></table><p>Along the river, I tried riding with 0 assist since it is flat. A nice feature of the Aurora is that even with the assist off, the automatic (or manual) CVT transmission is still on and usable. So you can ride the Aurora much as a regular unpowered bike that uses a derailleur. However, in manual mode, the calibration is very strange: anything above the third bar seems like an incredibly low gear. I could not pedal fast enough to apply power to the bike. Unpowered, and on flat ground, I generally rode at about 14 mph. With assist level 1, this was more like 19 mph, or even the limited 20.5 mph. But it was a very windy day, and i definitely needed an assist as noted on the map. </p> <p>The assist control is very sensitive, and I often jumped up or down by 2 levels instead of one. Practice makes perfect, I guess. If you accidentally downshift to 0, it feels like the bike has suddenly hit a patch of molasses. But in general, the CVT transmission worked flawlessly when I left it in assist level 1, and also when I goosed it up to go up a steeper hill. After I left my street, I turned up the adjacent street (Crestview) which is a steep, long uphill. As I proceeded, the hill got steeper, and I added more assist until I got up to level 4 near the top. This one street took 10% of the battery! I have not yet decided whether it is better to change the assist level, or to push down the power lever while going up hills.</p> <p>For me, if I avoided the big hill, I got about 25 miles on a battery charge. Your mileage may vary. The hills here eat battery, even when they are not too steep. My battery only seems to charge to 98%. Also, despite the warnings in the manual, don't unplug the charger from the bike once it is charged. Overnight, it lost about 10% of its charge when I unplugged it the evening before. Finally, as you ride, the battery % jumps down 2-4% rather than descending one% at a time. There is a USB charging port on the bottom of the control/display unit, a handy feature if your cell phone runs out of juice.</p> <p>A nice feature of the propulsion system is that you can press down the left lever to get up to speed very quickly when you start. However, I still have not mastered this process. If I stand with a foot on each side of the bike, I cannot sit on the saddle. If I start with the left pedal halfway up, the right pedal hits me in the right shin. I think that the best method for starting the bike at a light is to dismount on one side (left for me) of the bike, put the left foot on the pedal at its lowest point, and let the motor coast the bike while you swing the other foot through the frame to the right side. I am still perfecting this skill.</p> <p>The motor system is very quiet—a swishy sound at most. The Vanmoof made a lot of noise compared to the Evelo.</p> <p>Riding the Aurora with the power assist at level 1 makes the bike feel alive. It is a very invigorating experience. Everything becomes easier to do (except sharp turns). The bike likes to go at about 19 mph on level ground. Even if you stop pedaling, the motor is still working. You will not maintain your speed (at least at level 1), but the slowdown time is much longer than on a conventional bike.</p> <p><img alt="" height="450" src="/drupal/sites/default/files/20190617_113932_0.jpg" width="600" /></p> <p>As you can see by comparing this handlebar image to the one at the top of the page, I changed the rear-view mirror. The top one seemed like a good deal, but the mirror is flat, and gives a tiny view of the world. It also moves position when jarred by a bump. The <a href="https://smile.amazon.com/gp/product/B07QJ55K13/ref=ppx_yo_dt_b_asin_title_o05_s01">new one</a> is convex, and positions itself high enough so that I see more than just my left hand. Furthermore, my bike path is undermined by tree roots which make riding very bumpy, and this mirror did not move at all, despite a bumpy ride.</p> <table border="1" cellpadding="1" cellspacing="1" style="width: 711px;"><tbody><tr><td><img alt="" height="600" src="/drupal/sites/default/files/20190625_100438.jpg" width="450" /></td> <td style="width: 248px;"> <p>Tree roots cause the bike path to get rough and bumpy—a great reason for shocks in the fork, and the Thudbuster seat post.</p> <p>It is also imperative that the rear-view mirror does not change position due to the bump. The second mirror I bought has a rubber insert under the mount clamp and never budges.</p> </td> </tr></tbody></table><p>And note the <a href="https://smile.amazon.com/gp/product/B01DDPTJY6/ref=ppx_yo_dt_b_asin_title_o00_s00">water bottle holder</a> I mounted to the stem. There is no room left on the handlebars, and this location makes it very easy to grab and to replace the bottle. I had to use a zip tie to prevent the bottle holder from flipping over. Finally, because my neck is fused, which prevents me from looking up, I used all 3 stem extenders to get a nice upright riding position. I get a lot of air resistance, but I can see, and the motor keeps me going at a good speed.  The speed-generated wind cools me off, even when it is hot and humid out.</p> <h3>Conclusion</h3> <p>I really like my Evelo Aurora, and I think you will like it too. Contact me for a discount code.</p> <hr /><h3>Updates</h3> <p>I took a really bad fall at low speed trying to turn on a thin layer of gravel sprayed out over asphalt by passing cars. Do not turn on gravel! The Aurora was undamaged, but I fell on top of a handlebar and did a number on my chest. I have recovered. It was really nice to have the bike do all the work going home.</p> <p>You can reset the gearing in the rear hub by holding down the auto/manual switch for 7 seconds while the rear wheel is moving. I tried it twice, but it made no difference. The manual speeds are all much too low except when set at the bottom 2 bars, or when going uphill.</p> </div> </div> </div> <section class="field-wrapper"> <h2 class="field-items">Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=188&amp;2=comment_node_blog&amp;3=comment_node_blog" token="2VdRs548VE63vl2RtPhAAFN3Q09xqNm47lWqIgWKiHY"></drupal-render-placeholder> </section> </div> </div> Thu, 06 Jun 2019 19:18:55 +0000 jarome 188 at http://jamesrome.net/drupal Review of Vanmoof Electrified S2 bicycle http://jamesrome.net/drupal/vanmoof <span class="field-wrapper">Review of Vanmoof Electrified S2 bicycle</span> <span class="field-wrapper"><span lang="" about="/drupal/user/1" typeof="schema:Person" property="schema:name" datatype="">jarome</span></span> <span class="field-wrapper">Tue, 05/21/2019 - 11:32</span> <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div class="field-wrapper field field-node--field-display-title field-name-field-display-title field-type-string field-label-hidden"> <div class="field-items"> <div class="field-item"><h2><a href="/drupal/vanmoof" hreflang="en">Review of Vanmoof Electrified S2 bicycle</a></h2> </div> </div> </div> <div class="field-wrapper body field field-node--body field-name-body field-type-text-with-summary field-label-hidden"> <div class="field-items"> <div class="field-item"><p>The <a href="https://www.vanmoof.com/en_us/electrified-s2-x2">Vanmoof Electrified S2</a> bike is from Holland, with a USA store in Brooklyn.</p> <p>It is a very handsome bicycle:</p> <p><img alt="" height="600" src="/drupal/sites/default/files/20190517_112759_0.jpg" width="800" /></p> <p>In particular, just looking at it, you probably would not know this is an electric bike. Weighing about 41 pounds, it is a lot heavier than a standard high-end bike, but it is a lot lighter than many other e-bikes (~60 pounds). My neck is fused (I cannot look up), so I installed the two (included) stem risers. It still does not give me a particularly upright sitting position. </p> <p>The Vanmoof claim to fame is a very clever anti-theft system. Your bike is connected to an app on your Android or IOS device. You can lock or unlock the bike using the phone. You can also lock the S2 by pushing in the little knob you can see just in front and a bit below the rear axle nut. You can unlock it by entering a code using a button on the left handlebar. When the bike is locked, the rear wheel will not turn, and moving the bike sets off a loud alarm. Furthermore, if you report the bike stolen (via the app), and if if is locked, Vanmoof can track it down via a GPS cell connection built into the bike. It costs $240 for three years of this service. If Vanmoof cannot find the bike, they will replace it. There are also two special security nuts on the axles that can only be removed using a special tool (included). However<a href="https://ebiketips.road.cc/content/news/false-info-vanmoof-rejects-tech-website-s-claim-it-hacked-one-of-dutch-firm-s"> these security claims may be overblown</a>.</p> <p>I will come back to the phone app later in this review.</p> <p>Mechanically, the motor is in the front wheel hub, and there is a two-speed Sturmey-Archer internal shifter in the rear hub. The only thing the rider can control is the power assist level (from 0–4), which I always left on 4. This also can be done via the app or manually on the stopped bike. From my point of view, the power train is the weakest part of the S2 in hilly East Tennessee. We have many steep hills, and the power assist gets lower and lower as you pedal slower and slower. To help solve this problem, there is a button on the right side of the handlebars you can press to give a power boost. On a long, gradual hill, this works like a charm, but on a short steep hill, I could barely make it to the top of the hill. If the hill is longer, the S2 just does not have power. There are no hills in Holland! When I got the S2, the power assist button did not work properly. It stuttered and dropped out. It took a month for Vanmoof to admit that this was a problem, which they mostly fixed with a bike firmware update (version 1.6) The app tells you such an update is available—a nice touch.</p> <p>I also had difficulty with the gearing. Often, after coasting down a hill, I had trouble keeping my feet on the pedals because there was little resistance. I wish there was a way to shift manually.</p> <p>When the hills are not to steep, the S2 feels like a normal bike, but one in which you do not have to worry about gear shifts. It is easy to keep up a 15 miles-per-hour speed.</p> <p>The tires are not at all puncture resistant. Over night, my rear wheel went flat, and this was due to a thorn that barely entered the tire. And when the tire goes flat, the kickstand no longer works, and the bike keeled over into my glass table top (see above). It was also totally unobvious how to remove the rear wheel which is captured by the chain guard. I had to call Vanmoof in Holland to get a video of the process, which took a week. You will need to carry two different Allen wrenches, the special nut remover, and a wrench for that (plus a repair kit and a pump) to rescue yourself from a flat in the middle of nowhere. The front wheel is ner to take off. It is very hard to get at the screws of the cover for the cable on the front fork—it took me well over an hour. There are no welded points to attach a pump or water bottle holder.</p> <p>The biggest source of frustration with the Vanmoof system is the app. If you switch phones or update Android, the app will not start. I rebooted the phone, uninstalled/reinstalled the app, reset the bike with a paperclip, and it still crashed every time I tried to start it. Eventually, I unlocked the bike manually, and lo and behold, the Vanmoof app then started. Also, there were times that the app lost connection to the bike. It did this after the above-mentioned flat tire. I replaced the wheel, and knowing that the bike was unlocked. I took it out. I live on a hill, and when I reached the bottom and started up the next hill, I realized that the bike was off. There was no connection to the app. It required a reset using a paperclip. I did not have one with me, so had to walk the bike home. Carry a paperclip with you! The app also controls things like the lights, horn, the max top speed, and shows you where the bike is parked. I hope Vanmoof fixes the issues I had with the app.</p> <p>But I need a more powerful bike motor where I live. Vanmoof has been gracious about letting me return the S2 for a refund.</p> </div> </div> </div> <section class="field-wrapper"> <h2 class="field-items">Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=187&amp;2=comment_node_blog&amp;3=comment_node_blog" token="XcMmQYM7Q3mYqYC3aQG6ZfroXIoHWKIA_7gz6HJruL8"></drupal-render-placeholder> </section> </div> </div> Tue, 21 May 2019 17:32:45 +0000 jarome 187 at http://jamesrome.net/drupal Script for updating the Drupal 8 core http://jamesrome.net/drupal/drupal8_update <span class="field-wrapper">Script for updating the Drupal 8 core</span> <span class="field-wrapper"><span lang="" about="/drupal/user/1" typeof="schema:Person" property="schema:name" datatype="">jarome</span></span> <span class="field-wrapper">Thu, 04/18/2019 - 15:02</span> <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div class="field-wrapper field field-node--field-display-title field-name-field-display-title field-type-string field-label-hidden"> <div class="field-items"> <div class="field-item"><h2><a href="/drupal/drupal8_update" hreflang="en">Script for updating the Drupal 8 core</a></h2> </div> </div> </div> <div class="field-wrapper field field-node--field-attachment field-name-field-attachment field-type-file field-label-above"> <div class="field-label">attachment</div> <div class="field-items"> <div class="field-item">You don't have access to download this file.</div> </div> </div> <div class="field-wrapper body field field-node--body field-name-body field-type-text-with-summary field-label-hidden"> <div class="field-items"> <div class="field-item"><hr /><p>Drupal 8 has integrated  other projects and modules into the Drupal Core. For example: Views, Symfony, and JQuery. Asz a result, whenever any of the included projects have an architecture change, or security issue, the Drupal Core must be updated, and there is not an automatic way of doing this. As a result, there have been a half-dozen Core updates in the past month, and it wastes 2–3 hours of my time whenever I must update my 6 sites. And this is if there are no bugs in the provided update, and all goes smoothly.</p> <p>It occurred to me that I essentially do the same things to each site each time I update them, so why not create a shell script? So I did, and I offer it to others with the following provisos:</p> <ul><li>There are no guarantees of correctness or application to your site. Editing the script may be needed. Although my script makes a backup of your files and database, I suggest you make your own until you have confidence in the script.</li> <li>I assume that there are links to <em>composer.phar</em> and <em>vendor/drush/drush/drush </em>in the installation directory (where vendor and this shell script are located).</li> <li>I inserted pause statements in the script to enable you to make sure things are working correctly as the script is executed. When you are confident of the script, comment them out.</li> <li>I have used this script to successfully update major (5.5 -&gt; 5.6) updates, and minor updates (5.6.14 -&gt; 5.6.15).</li> </ul><p>Save the script in your main Drupal directory. I called it <em>drupal8_update.sh</em></p> <p>Once you have confidence in the script, you can remove the diagnostics and pauses.</p> <hr /><blockquote><p>#!/bin/bash -x</p> <p># A script to upgrade a Drupal installation to the next minor version<br /> # This script uses drush to initiate database updates; Assumes there is a drush link to vendor/drush/drush/drush<br /> # and a link to composer.phar in the install directory<br /> #init<br /> function pause(){<br />    read -p "$*"<br /> }</p> <p>TMP="~/tmp"</p> <p># check for user input<br /> if [ ! $@ ]; then<br />   echo<br />   echo "  Usage:"<br />   echo "    $0 MAJOR MINOR SITE [DIRECTORY]"<br />   echo<br />   echo "    MAJOR: The new MAJOR version to install - e.g., 8.6"<br />   echo "    MINOR: The new MINOR version to install - e.g., 14 (for 8.6.14)"<br />   echo "    SITE: a nick for your site (fixes multiple sites)"<br />   echo "    DIRECTORY: The relative path to your Drupal installation; if blank the current directory is assumed"<br />   echo<br />   echo "  Example usage:"<br />   echo "    $0 6.  9 xisam public_html/"<br />   echo<br />   exit 0<br /> fi<br /> MAJOR=$1<br /> MINOR=$2<br /> VERSION="${MAJOR}.${MINOR}"<br /> OLD_VERSION="${MAJOR}.$(( ${MINOR} - 1 ))"<br /> DRUPAL_OLD="drupal-${OLD_VERSION}"<br /> echo "OLD_VERSION = $OLD_VERSION   DRUPAL_OLD =$DRUPAL_OLD"<br /> pause 'Press [Enter] key to continue...'<br /> if [ ! $4 ]; then<br />   SITEPATH="."<br /> else<br />   SITEPATH=$4<br /> fi</p> <p>SITE=$3<br /> DRUPAL_SITE="${SITE}-"<br /> DRUPAL_VERSION="drupal-${VERSION}"<br /> DRUPAL_PACKAGE="${DRUPAL_VERSION}.tar.gz"<br /> TMP_FILE="${TMP}/${DRUPAL_PACKAGE}"</p> <p>echo "Drupal_site=${DRUPAL_SITE}"<br /> echo "DRUPAL_PACKAGE=${DRUPAL_PACKAGE}"</p> <p>cd $SITEPATH</p> <p># Put the site offline<br /> echo "Putting site in offline mode..."<br /> ./drush sset system.maintenance_mode 1</p> <p>pause 'Site is offline. Press [Enter] key to continue...'</p> <p># backup core files<br /> echo "Backing up current Drupal core files... "<br /> tar --exclude=./.htaccess --exclude=./*.php --exclude=./libraries --exclude=./modules --exclude=./profiles --exclude=./themes -zcvf ./ "${DRUPAL_SITE}drupal-core.backup.tgz"<br /> echo "Done."<br /> # (ls) | xargs echo</p> <p>#backup database; use result-file option to prevent charset corruption<br /> echo -n "Backing up current Drupal database... "<br /> ./drush sql-dump --result-file=../drupal-upgrade.backup.sql.tgz<br /> echo "Done."</p> <p># example download link <a href="http://ftp.drupal.org/files/projects/drupal-6.9.tar.gz">http://ftp.drupal.org/files/projects/drupal-6.9.tar.gz</a><br /> DOWNLOAD="<a href="http://ftp.drupal.org/files/projects/">http://ftp.drupal.org/files/projects/</a>${DRUPAL_PACKAGE}"<br /> echo "Start downloading $DRUPAL_PACKAGE... "<br /> wget -q $DOWNLOAD<br /> echo "Done."<br /> echo "Untarring new distribution"<br /> tar -zxf $DRUPAL_PACKAGE<br /> pause 'Untarred. Press [Enter] key to continue...'</p> <p>echo "Removing .old directories and old distro files if any"<br /> rm -rf *.old<br /> rm -rf ${DRUPAL_OLD}*<br /> mv core core.old<br /> mv vendor vendor.old<br /> # (ls) | xargs echo<br /> echo "Old versions removed. Core &amp; vendor moved to .old Upgrading Drupal core files... "<br /> echo $(ls)</p> <p>cd $DRUPAL_VERSION<br /> cp -R vendor ../<br /> cp -R core ../<br /> cp -f *.php ../<br /> cd ../<br /> # (ls) | xargs echo<br /> pause 'New directories copied. Press [Enter] key to continue...'</p> <p>./composer update<br /> pause 'Composer did the update. Press [Enter] key to continue...'<br /> # The .htaccess file is purposely not copied</p> <p>echo "Done."</p> <p>echo -n "Upgrading Drupal database... "<br /> yes | ./drush updb<br /> ./drush cr<br /> echo "Done."</p> <p># Put the site back online<br /> echo -n "Putting site back online... "</p> <p>./drush sset system.maintenance_mode 0<br /> echo "Done."</p> <p>echo<br /> echo -n "If something went horribly wrong type \"restore\" to restore from backup: "<br /> read RESTORE</p> <p>if [ "$RESTORE" = "restore" ]; then<br />   echo -n "Restoring database... "<br />   MYSQL_CONNECT=$(drush sql-connect)<br />   $MYSQL_CONNECT &lt; ../drupal-upgrade.backup.sql.tgz<br />   echo "Done."</p> <p>  echo -n "Restoring files... "<br /> #  tar -xzf ../drupal-core.backup.tgz -C ./<br /> rm -rf core<br /> mv core.old core<br /> rm -rf vendor<br /> mv vendor.old vendor<br />   echo "Done."</p> <p>   echo "Your upgrade failed, but the backup was restored"<br /> else<br />   echo "removing .old directories"<br />   echo "Your upgrade is complete"<br /> fi</p> <p>BACKUP_DIR=$(readlink -f ../)<br /> echo "Backup files before the upgrade where saved in the following locations:"<br /> echo "  ${BACKUP_DIR}/${DRUPAL_SITE}drupal-core.backup.tgz"<br /> echo "  ${BACKUP_DIR}/drupal-upgrade.backup.sql.tgz"<br />  </p> </blockquote> </div> </div> </div> <section class="field-wrapper"> <h2 class="field-items">Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=186&amp;2=comment_node_blog&amp;3=comment_node_blog" token="FDAKAXAEMxoDiklNGN5VjPJgsoUQrUQE6QW_Lszgu7s"></drupal-render-placeholder> </section> </div> </div> Thu, 18 Apr 2019 21:02:59 +0000 jarome 186 at http://jamesrome.net/drupal How you can stream your music collection http://jamesrome.net/drupal/streaming_music <span class="field-wrapper">How you can stream your music collection</span> <span class="field-wrapper"><span lang="" about="/drupal/user/1" typeof="schema:Person" property="schema:name" datatype="">jarome</span></span> <span class="field-wrapper">Thu, 02/28/2019 - 13:35</span> <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div class="field-wrapper field field-node--field-display-title field-name-field-display-title field-type-string field-label-hidden"> <div class="field-items"> <div class="field-item"><h2><a href="/drupal/streaming_music" hreflang="en">How you can stream your music collection</a></h2> </div> </div> </div> <div class="field-wrapper body field field-node--body field-name-body field-type-text-with-summary field-label-hidden"> <div class="field-items"> <div class="field-item"><p>I have run out of room for CDs and records. All available wall space is taken, and cabinets can cost more than the music media. Hence, all of my music has now been transferred to my computer systems. I have about 120,000 tracks now, which take about 2 TB of storage. All newer tracks are in lossless Flac or M4a, and many are in high-resolution (24 bits up to 96 kHz). To be safe, I have FIVE copies of everything on different disks and different machines. (I have actually managed to lose three backups once...). I also have one copy in my vault. </p> <p>But how to play the music in three venues: on a computer, at my HiFi, and when I am out and about (or sharing with friends and relatives). I have multiple solutions I use: Logitech's Media Server and their Transporter DAC; Subsonic; and BluOS streaming to my Node 2i - 3855 DAC/Streamer. I also use Audirvana on my Mac, and tried using Roon to also feed the Node 2i.</p> <h2>Playing on a HiFi System</h2> <p>Although I have an excellent wireless WiFi system, if you want to stream Hi-Res music, you should get hard-wired Ethernet connections. I have two such devices:</p> <p><img alt="" height="289" src="/drupal/sites/default/files/P2280003-1.jpg" width="800" /></p> <p>On the left is the Node 21 - 3855, and on the right (bottom) is a Logitech Transporter.</p> <h3>Logitech Media Server</h3> <p>I have been using the <a href="https://en.wikipedia.org/wiki/Logitech_Media_Server">Logitech Media Server</a> (LMS) system since forever. It used to be called Squeezebox until Logitech bought out Slimdevices and dropped the product line. I own 3 Transporters and 5 of their lesser devices. The way the system works is that you install their free LMS server software on a Mac, Windows, or Linux computer. I have mine on a Linux i7 Dell running OpenSUSE Leap 15. This machine is always on ready to serve its clients. The Transporter got <a href="http://www.hifiplus.com/articles/tested-logitech-transporter-network-music-player/">rave reviews</a> when it first came out, but it is quite old in the tooth now. It has a 24bit/96kHz limit, and no MQA. But I cannot hear the difference at higher sample rates. You can still buy a new Transporter on Ebay for $500. I have one at my HiFi, and one in my bedroom. Note that if you try to play multichannel or over 96 kHz tracks, <strong>bad things will happen</strong>!</p> <p>You access the LMS server via its Web interfaces. There are two:</p> <p>One is for setting up the system in all its gory details</p> <p><img alt="" height="355" src="/drupal/sites/default/files/LMSsettings%20.png" width="704" /></p> <p> </p> <p>The other is for selecting your music</p> <p><img alt="" height="786" src="/drupal/sites/default/files/LMSPlayer.png" width="919" /></p> <p>Now of course, I could access my LMS collection via any Web browser (say on phone) and use the phone as a controller when at my HiFi. But if you allow LMS access through the firewall, you can also listen to music ON your phone.</p> <p>Aside from things sounding really good, the LMS is very configurable, which is probably why it was discontinued. Fortunately, Logitech still has one person (Michael Herger) who is maintaining the software and adding new features. There is also a very helpful online <a href="https://forums.slimdevices.com/">forum</a> left over from the Squeezebox days. As you can see, LMS can stream media from all the major streaming services, in addition to your own music collection.</p> <p>Note that the above Web interface will not play music on your computer, but there is an app called Squeezeplay that will do so.</p> <p><img alt="" height="495" src="/drupal/sites/default/files/Squeezeplay.png" width="789" /></p> <p><img alt="" height="493" src="/drupal/sites/default/files/Squeezeplayatrist.png" width="803" /></p> <p>Generally I am very pleased with the LMS system, and sincerely hope that it keeps going. There is now an open source version of the LMS software.</p> <h3>Bluesound Node 2i</h3> <p>I got the <a href="https://www.bluesound.com/products/node-2i/">Node 2i </a>to see if it was time to replace my LMS system.  It costs $500, and supports 24-bit/ 192 kHz audio streams. It also has MQA. </p> <p><img alt="" height="201" src="/drupal/sites/default/files/Node2iback.png" width="769" /></p> <p>Notice the Ethernet connector—a sign that this is a music player, and not just a DAC. The BlueOS software is inside the Node 2i, and is accessed via the Web, or an application on your Mac, PC, or phone. Again, this will only play music via the Node 2i, so the phone interface is just a remote control.</p> <p><img alt="" height="598" src="/drupal/sites/default/files/BlueOSController.png" width="800" /></p> <p>As with the other music servers, BlueOS supports all of your networked music (a NAS server is not needed, just a Windows Samba share). It also supports your accounts with all the major streaming services as shown above. The BlueOS software makes better use of album images than the LMS system.</p> <table border="1" cellpadding="1" cellspacing="1" style="width: 800px;"><tbody><tr><td><img alt="" height="818" src="/drupal/sites/default/files/Screenshot_20181128-090950_BluOS.jpg" width="398" /></td> <td><img alt="" height="818" src="/drupal/sites/default/files/Screenshot_20190228-191302_BluOS.jpg" width="398" /></td> </tr></tbody></table><p>On the left is the Android app accessing my music library, and on the right, it is accessing Qubuz.</p> <h3>Roon</h3> <p>Many writers in audiophile publications (Stereophile, Absolute Sound) rave about Roon. I rave AT Roon. I had a free 90-day trial and installed Roon on my Linux server (very easy to do). Roon supports the node 2i and enev my Transporter. However it does not support any of the LMS plugins that make the Transporter so useful—it is my clock and weather forecaster.</p> <p>The problem with Roon is that it is totally unacceptable for a large classical music collection. I have about 5000 artists (which for me is composers). They are stored in my file system as <em>Last_name, First_name,</em> which is appropriate for classical music. Roon insists on displaying then by <em>First_name, Last_name</em>. Very few people know the first name of obscure Classical composers (Currier, Philador, Shebalin,....). According to Roon</p> <blockquote><p>this practice runs contrary to how Roon behaves. This quote is from the Roon KB for Best File Tagging Practices:</p> <p>One thing worth noting is that Roon will attempt to match up names that you have put into your file tags with Roon database versions of the <em>same individuals</em> who are associated with <em>identified</em> content in your library. You’ll get much better results if you stick with the likes of the following:</p> <ul><li>Wolfgang Amadeus Mozart</li> <li>Pyotr Il’yich Tchaikovsky</li> <li>Paul McCartney</li> <li>Richard Rodgers; Oscar Hammerstein II</li> </ul><p>than if you use:</p> <ul><li>Mozart, Wolfgang Amadeus</li> <li>Ludwig van Beethoven (1770-1827)</li> <li>Rodgers and Hammerstein</li> </ul></blockquote> <p>There is also an issue with how one transliterates Russian names. I decided upon <em>Peter Ilyich Tchaikovsky</em>. </p> <p>Even worse, unlike in LMS, there is no way to limit the tags used by Roon in making its list. This there are a huge number of entries, many of which are doubled, even tripled (Artist, Album Artist, Composer). And each one is displayed in a large image.</p> <p><img alt="" height="500" src="/drupal/sites/default/files/RoonArtists.jpeg" width="312" /></p> <p>And scrolling on a phone through over 5000 such images is a non-starter. There is supposedly an alphabetical index, but it was hidden on my devices. Roon also lists each act or Swan Lake as a separate album, adding to the plethora of listings. The advice from Roon is to use WORK and PART tags, to correctly identify compositions. But I have 115,000 tracks, and am NOT going to retag them.</p> <p>Thus, it is impossible to find things to play. Roon is a case where more is worse. On the Roon forum, I got this message:</p> <blockquote><p>I guess for a start most users aren’t mainly classical devotees and don’t have such large libraries. You are already a double edge case as a user.<br /> If you have a set way of working and tagging that is at odds with the roon default then this will also be difficult.<br /> Roon are re-doing the classical experience after a lot of feedback such as yours. You might be better off by skipping a few months until whenever the next major release surfaces and see if it is a better fit.</p> </blockquote> <h2>Streaming to phones and your own externally accessible music server</h2> <h3>Subsonic</h3> <p>I am a big fan of <a href="http://www.subsonic.org/pages/index.jsp">Subsonic</a>, and use it to access my music outside of my house, or to share it with friends. If you want Subsonic to work on mobile device apps (as opposed to using a Web page), it costs $1 a month. I bought a perpetual license many years ago. </p> <p><img alt="" height="1220" src="/drupal/sites/default/files/subsonic.png" width="1110" />I really like Subsonic's interface. Unlike with Roon, you can rapidly find the composer via the left-hand pane. The right-hand pane shows all users online and what they are listening to. It also has a rudimentary chat capability there. Because this is a software-based system, it actually plays the music you choose from the Web page, or from a mobile app. On Android, I recommend <a href="https://play.google.com/store/apps/details?id=github.daneren2005.dsub"><em>Dsub</em></a>; In IOS I use <a href="https://itunes.apple.com/us/app/play-sub-music-streamer/id955329386?mt=8"><em>play:Sub</em></a>.</p> <p>By default, Subsonic runs as root, so you must create a subsonic user and run it as this user to be secure. Also, it is easy to encrypt your sessions with a self-signed certificate, but your users will have to accept this certificate after a security warning.</p> <p>Subsonic also gives you a detailed listing of network usage by user</p> <p><img alt="" height="884" src="/drupal/sites/default/files/SubsinicNetwork.png" width="800" /></p> <p>As you see, you can configure users to be able to upload or download music. Access is password protected.</p> <h3>LMS</h3> <p>You can also configure the Logitech media server to serve music to the Internet, but I much prefer the Subsonic interface. There are Android apps that will play the LMS music on your phone, or that will control your HiFi system.</p> </div> </div> </div> <section class="field-wrapper"> <h2 class="field-items">Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=185&amp;2=comment_node_blog&amp;3=comment_node_blog" token="X6CQ9qEDJ2_jx__e-ZOBkzi-AY1ygHMBkLuqQQKUbkU"></drupal-render-placeholder> </section> </div> </div> Thu, 28 Feb 2019 20:35:56 +0000 jarome 185 at http://jamesrome.net/drupal A comparison of lossless music streaming services http://jamesrome.net/drupal/streaming_services <span class="field-wrapper">A comparison of lossless music streaming services</span> <span class="field-wrapper"><span lang="" about="/drupal/user/1" typeof="schema:Person" property="schema:name" datatype="">jarome</span></span> <span class="field-wrapper">Mon, 02/25/2019 - 13:30</span> <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div class="field-wrapper field field-node--field-display-title field-name-field-display-title field-type-string field-label-hidden"> <div class="field-items"> <div class="field-item"><h2><a href="/drupal/streaming_services" hreflang="en">A comparison of lossless music streaming services</a></h2> </div> </div> </div> <div class="field-wrapper body field field-node--body field-name-body field-type-text-with-summary field-label-hidden"> <div class="field-items"> <div class="field-item"><p>As an audiophile, I only want to listen to lossless audio, and high-resolution audio is even better. I also refuse to subscribe to streams with copy protection. This leaves out iTunes, Amazon Music, Spotify, and their ilk. I also listen almost entirely to Classical music, so if that is not your thing, some of my comments may net apply.</p> <p>A few general comments are appropriate for classical music fans. Unlike most other genres where the artist name and the song title are needed, for a classical fan, much more information is needed so that you know what you are listening to. You need the</p> <ul><li>composer</li> <li>name of the composition</li> <li>name of the movement or section (which can be quite long)</li> <li>performers (conductor, soloists, symphony,...)</li> <li>performance date (not the same as the release date) </li> <li>the release date (so you can tell if it has been remastered)</li> </ul><p>None of the streaming services do this properly, although Qubuz is the closest to what is required. Thus, I always must look up the thing I am listening to on the Web. I have found that <a href="https://www.allmusic.com/">Allmusic</a> usually has the most complete information.</p> <p>Another issue all the services are guilty of is sometimes streaming tracks in an album out of order. Why, I wonder?</p> <p>I have extensively tried Deezer, Tidal, and Qobuz, but Deezer never turned on their Hi-Res music stream while I was subscribed.</p> <h2>Tidal</h2> <p>Tidal must be having financial problems because they ripped me off several times. They have a policy of no refunds, no matter what. In particular, I had two accounts at Tidal, and there is no way to log out of their Android app to switch accounts. This caused me to accidentally subscribe twice while trying to get it to work. Even 1 minute after activating the wrong account, they refused a refund.</p> <p>Tidal uses MQA for its high-resolution tracks, which is technically not lossless, and I do have Audirvana Plus to decode them on my computer, and also have a BlueSound Node 2i to decode MQA on my HiFi system. However, it is quite unclear how to record these MQA tracks so that they can unfold at a later time. And my old ears cannot hear any better reproduction from MQA vis-a-vis a 24-bit 96-kHz stream (Qobuz). The advantage to MQA is that it takes less bandwidth, which may be important when listening on a mobile device.</p> <p>There are several issues with Tidal that made me drop it.</p> <ul><li>Its Mac application keeps stopping with red error messages. Weekly-ish upgrades do not seem to make things better.<br /><img alt="" height="435" src="/drupal/sites/default/files/TidalError.png" width="701" /></li> <li>It is really aimed at non-Classical customers. <ul><li>They do not have that many Classical tracks, and even fewer in MQA.</li> <li>It is often impossible to tell what you are listening to because Classical tracks need much more information than pop/rock tracks (see above). For example, in a collection album, the composers are often not listed. (Which composer wrote which quartet?) <p> <img alt="" height="579" src="/drupal/sites/default/files/TidalComposer.png" width="800" /></p></li> </ul></li> <li>Because of this, I always have to open a browser to look up the album so I can label it properly when I rip. This is made much harder by the fact that NONE of the writing on the application is selectable so that I can easily copy it into the browser search bar. This is a royal pain.</li> <li>Most (in my opinion) new albums are NOT listed in the new album section. I have to read <em>BBC Music Magazine</em> or <em>American Record Guide</em> and mark new albums. Then I search for them, and even though they were never listed in New Albums, they are there about half of the time.</li> <li>Many of the tracks are overloaded (clipped at 0 dB), ven after I reduce the recording volume. What is the point of a Hi-Res or lossless track when the loud parts are distorted? (Lord of the Rings recording) <p> <img alt="" height="597" src="/drupal/sites/default/files/LOTRClipped.png" width="807" /></p></li> <li>Tidal plays other music after my desired selection. There seems no way to turn this off!</li> </ul><h2>Deezer</h2> <p>Deezer is based in France, and has many of the same issues as Tidal. But their application does not crash. </p> <ul><li>It is impossible to copy text out of the application.</li> <li>Again, not all new albums are listed.</li> <li>They never got the promised high-resolution tracks.</li> <li>Another issue arises if you listen to operas where there are track divisions, but no natural pause in the content. MP3 requires a gap in the music at these points, but FLAC should allow a gapless stream. Deezer has gaps in the "lossless" stream. This does make it easy to find track label locations, but interrupts your listening enjoyment.</li> </ul><h2>Qobuz</h2> <p>Qobuz just turned on in the USA two weeks ago. Its Hi-Res (24-bit) stream costs $25 a month, but it is worth it. There are still a few teething pains in that not all the albums that say they are Hi-Res, are actually in Hi-Res, but Qobuz says they are working on it. Qobuz is by far the best of these three services.</p> <ul><li>Note how many albums are available in High-Resolution: <p> <img alt="" height="846" src="/drupal/sites/default/files/qobuz.png" width="800" /></p></li> <li>The Album title information is selectable and copyable, so it is easy to find information about the albums.</li> <li>While the track labels are not selectable, and also do not list the composer, if you double click a playing track, you get full information that IS selectable and copyable. However, the full track name is still cut off, so you must still use a Web browser to get the movement tempo. <p> <img alt="" height="597" src="/drupal/sites/default/files/QobuzQuartets.png" width="800" /></p></li> <li>Note that the track has its bit rate displayed.</li> <li>Generally, things are not clipped. Compare the same Lord of the Rings recording:<br /><img alt="" height="290" src="/drupal/sites/default/files/LOTRQuobuz.png" width="800" /></li> <li>Qobuz has program notes for many of the albums, and informative articles: <p> <img alt="" height="573" src="/drupal/sites/default/files/QobuzInfo.png" width="800" /></p></li> <li>I have just discovered that if you click the album cover in the bm playing section, you will unlock the following screen, which lets you read and download the whole album booklet! I try to put the pdf of the booklet in each of my ripped albums, hoping that some player will soon let you view them.<br /><img alt="" height="440" src="/drupal/sites/default/files/qobuz4.png" width="800" /></li> <li>Their Mac application has not crashed, but lately I have had annoying problems with their cache being corrupted. The playback gets to a certain point in the music and just stops. The play button shows a circular waiting gif. Restarting the album will not work—it will stop again at the same point. You must clear the cache by clicking on the top-right user icon, selecting <em>Music Playing,</em> scrolling to the bottom, and clearing the cache. I restart Qobuz for good measure too.</li> <li>If you adjust the volume properly, there are no overloads.</li> </ul><p> </p> </div> </div> </div> <section class="field-wrapper"> <h2 class="field-items">Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=184&amp;2=comment_node_blog&amp;3=comment_node_blog" token="vj77P6xK5_a-o8LGq2U45hUQ-475PUdfXisUzMdSe8s"></drupal-render-placeholder> </section> </div> </div> Mon, 25 Feb 2019 20:30:50 +0000 jarome 184 at http://jamesrome.net/drupal Do fancy speaker cables make a difference? http://jamesrome.net/drupal/speaker_wire <span class="field-wrapper">Do fancy speaker cables make a difference?</span> <span class="field-wrapper"><span lang="" about="/drupal/user/1" typeof="schema:Person" property="schema:name" datatype="">jarome</span></span> <span class="field-wrapper">Thu, 01/24/2019 - 08:29</span> <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div class="field-wrapper field field-node--field-display-title field-name-field-display-title field-type-string field-label-hidden"> <div class="field-items"> <div class="field-item"><h2><a href="/drupal/speaker_wire" hreflang="en">Do fancy speaker cables make a difference?</a></h2> </div> </div> </div> <div class="field-wrapper body field field-node--body field-name-body field-type-text-with-summary field-label-hidden"> <div class="field-items"> <div class="field-item"><p>As an Electrical engineer, I thought that I knew enough about speaker cable. My Magnepan MG 3.7i speakers were connected to my Sanders Magtech amplifier using <a href="https://www.monsterstore.com/collections/speaker/products/black-platinum-cl-rated-monster-xp-clear-jacket-speaker-cable">heavy zip cord</a> from Monster Cable.</p> <p>But ever since I bought my new Maggies (to replace my old original MG-1s), I had been unhappy with their imaging, and have been moving my speakers and my listening position, all without much effect.</p> <p>After reading an ad in Absolute Sound for Kimber Kable, it seemed to me that they had some sound physics ideas. The cross-braided helices should reduce any pickup of interference from electrical interference, and the multiple strands insulated from each other should provide plenty of surface area for the higher frequencies, which travel on the surface of the wire.</p> <p><img alt="Kimber Kable 12TC" data-entity-type="file" data-entity-uuid="bc4f2302-252e-4509-9920-1f72f4f33845" src="/drupal/sites/default/files/inline-images/12tc_angled.png" width="400px" /></p> <p>Since there was a 30-day trial, I decided to get a <a href="https://www.kimber.com/products/12TC">2-m pair of Kimber Kables</a> for about $650 with banana-plug terminations.</p> <p>My preconceptions about speaker cables were all wrong. As soon as I turned on my system with the new cables, a palpable sound stage opened between, and encompassing my MG 3.7i speakers. Imaging was back!</p> <p>I have a SVS subwoofer, which I also have not been truly happy with. It connects to my Sanders preamp via SVS cables, so my new speaker cables should not really matter. However, the crossover to my subwoofer is set at 35 HZ, so a fair amount of the bass is actually produced by my Maggies. Suddenly, the muddy, flubby bass disappeared! The cannons in the 1812 Overture still shook my room, but they now sounded like cannon, and not bass drums. </p> <p>One of my favorite organ albums, "Toccatas &amp; Fugues; E. Power Biggs, Organ of the Cathedral at Freiburg," sounded absolutely awesome. The first track uses different banks of pipes, which are placed about the cathedral. I could now hear their U-shaped arrangement clearly.</p> <p>I will keep the cables. Color me a believer!</p> </div> </div> </div> <section class="field-wrapper"> <h2 class="field-items">Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=181&amp;2=comment_node_blog&amp;3=comment_node_blog" token="r-jVbrYCWXuqe8Z7p4_mzNbFjTkrc4aDBXVsXBhiWiw"></drupal-render-placeholder> </section> </div> </div> Thu, 24 Jan 2019 15:29:48 +0000 jarome 181 at http://jamesrome.net/drupal How to install (or update from Drupal 7 to) Drupal 8.6 http://jamesrome.net/drupal/installingDrupal8 <span class="field-wrapper">How to install (or update from Drupal 7 to) Drupal 8.6</span> <span class="field-wrapper"><span lang="" about="/drupal/user/1" typeof="schema:Person" property="schema:name" datatype="">jarome</span></span> <span class="field-wrapper">Wed, 10/24/2018 - 09:21</span> <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div class="field-wrapper field field-node--field-display-title field-name-field-display-title field-type-string field-label-hidden"> <div class="field-items"> <div class="field-item"><h2><a href="/drupal/installingDrupal8" hreflang="en">How to install (or update from Drupal 7 to) Drupal 8.6</a></h2> </div> </div> </div> <div class="field-wrapper body field field-node--body field-name-body field-type-text-with-summary field-label-hidden"> <div class="field-items"> <div class="field-item"><ol><li> <p>Create a database, database user (with all permissions) and a database user password. Most hosting environments let you do this from a mySQL link in the Control Panel. You can administer the database using phpMyAdmin, also accessible from the Control Panel.</p> </li> <li> <p>Unpack the Drupal 8.x distribution in a directory and open that directory in a Web page.</p> </li> <li> <p>Follow the installation instructions and eventually you will be shown the site home page.</p> </li> <li> <p>Be sure that your webpage hosting environment for PHP is at least PHP 7.0. The newer the better. Be sure that your command line PHP version is also at least 7.0. </p> </li> <li> <p>Install composer by putting this php file into the Drupal directory <a href="https://getcomposer.org/installer">https://getcomposer.org/installer</a>. Run the installer:  </p> <p><span style="font-family:Courier New,Courier,monospace;">php ./installer</span></p> </li> <li> <p>Link composer.phar to composer (for convenience):</p> <p><span style="font-family:Courier New,Courier,monospace;">ln -s composer.phar composer</span></p> </li> <li> <p>Install drush using composer:</p> <p><span style="font-family:Courier New,Courier,monospace;">php composer require drush/drush</span></p> <p><span style="font-family:Courier New,Courier,monospace;">ln -s vendor/drush/drush/drush ./drush</span></p> </li> <li> <p>Although Drupal has a GUI interface for managing modules, in Drupal 8 it is better to install them using composer because it correctly makes the two composer.json and composer.lock files. Also, they are placed in the modules/contrib directory rather than in modules. Unless you are doing Drupal development, use the --no-dev option in the following:</p> <p><span style="font-family:Courier New,Courier,monospace;">php composer update --no-dev</span></p> <p>Confusingly, it asks you</p> <p><span style="font-family:Courier New,Courier,monospace;">Discard changes [y,n,v,d,?]?</span></p> <p><span style="font-family:Courier New,Courier,monospace;">   y - discard changes and apply the uninstall</span></p> <p><span style="font-family:Courier New,Courier,monospace;">   n - abort the uninstall and let you manually clean things up</span></p> <p><span style="font-family:Courier New,Courier,monospace;">   v - view modified files</span></p> <p><span style="font-family:Courier New,Courier,monospace;">   d - view local modifications (diff)</span></p> <p><span style="font-family:Courier New,Courier,monospace;">   ? - print help</span></p> <p>and you want to answer yes. Answer yes a second time to actually update the symfony files inside the Drupal distribution</p> </li> <li> <p>You should install additional modules using composer:<br /><span style="font-family:Courier New,Courier,monospace;">php composer require drupal/module_name</span></p> </li> <li> <p>You can enable a module from the command line using drush:<br /><span style="font-family:Courier New,Courier,monospace;">drush en module_name -y</span></p> </li> <li> <p>At this point, it is a good time to check that your site is still working. Check for errors:</p> <p><span style="font-family:Courier New,Courier,monospace;">./drush watchdog-show</span></p> <p>or do this from the GUI Reports/Recent log messages. Using drush can help you to find errors if your GUI breaks with the infamous "The website encountered an unexpected error. Please try again later." message.</p> </li> <li> <p>Update your database using the update.php web page, or using drush</p> <p><span style="font-family:Courier New,Courier,monospace;">./drush updatedb</span></p> </li> <li> <p>Now install your initial module set using composer. I recommend stopping occasionally to check that your site is still working. Installing <em>admin_menu </em>totally trashed my site. (Use <em>admin_toolbar</em> instead.). If you are updating your site from a previous version of Drupal (6 or 7), install all of the modules that were activated in your old site, and make a list of those unavailable in Drupal 8. Using composer to install modules also installs their required libraries and enters the modules into the composer.json and composer.lock files. Installing from the Extend menu does not do these things.</p> <p><span style="font-family:Courier New,Courier,monospace;">php composer require drupal/your_module_name</span></p> </li> <li> <p>While you are doing the above, use the GUI Extend web page to find and activate each newly-installed modules to be sure nothing is going wrong.</p> </li> <li> <p>Clear your caches after any big change to see the result</p> <p><span style="font-family:Courier New,Courier,monospace;">./drush cr</span></p> <p>and now is a good time to back up your database using <em>phpMyAdmin</em>. Also zip up your Drupal directory, for example:</p> <p><span style="font-family:Courier New,Courier,monospace;">zip -r d8-10-22-2018.zip d8</span></p> </li> <li> <p>Every time there is an update for the Drupal core, you need to replace the core and vendor directories and all of the .php files in the main directory. You then must run steps 7 and 8 and 10 again.</p> </li> <li> <p>You should now run a status report. You will probably find the following, but you should NOT fix this until your site is moved to its final location.</p> <p><span style="font-family:Courier New,Courier,monospace;">TRUSTED HOST SETTINGS</span></p> <p><span style="font-family:Courier New,Courier,monospace;">Not enabled</span></p> <p><span style="font-family:Courier New,Courier,monospace;">The trusted_host_patterns setting is not configured in settings.php. This can lead to security vulnerabilities. It is highly recommended that you configure this. See <a href="https://www.drupal.org/node/1992030">Protecting against HTTP HOST Header attacks</a> for more information.</span></p> </li> <li> <p>If you are upgrading from a previous Drupal version, now is the time to run your update. Be sure to install and enable all of the update modules first.</p> <p><a href="https://www.drupal.org/docs/8/upgrade/drupal-8-migrate-modules">https://www.drupal.org/docs/8/upgrade/drupal-8-migrate-modules</a></p> <p>especially Migrate Drupal UI unless you wish to upgrade using drush. It is a good idea to copy all of your public files to the new site (if you want them) before the upgrade.</p> </li> </ol><hr /><h2>What if things go wrong?</h2> <p>Here is an example of what can go wrong with Composer:</p> <pre> <span style="font-size:11px;"><code>[RuntimeException] Failed to execute git clone --no-checkout 'https://git.drupal.org/project/coder.git' '/home2/orcmaorg/public_html /vendor/drupal/coder' --dissociate --reference '/home2/orcmaorg/.composer/cache/vcs/https---git.drupal.org-projec t-coder.git/' &amp;&amp; cd '/home2/orcmaorg/public_html/vendor/drupal/coder' &amp;&amp; git remote add composer '<span style="color:#e74c3c;">https://git.drupal.org/project/coder.git</span>' &amp;&amp; git fetch composer Cloning into '/home2/orcmaorg/public_html/vendor/drupal/coder'... fatal: unable to create thread: Resource temporarily unavailable fatal: cannot repack to clean up</code></span></pre><p>Note that the URL in red does not exist. You need to search the bugs in the coder project to find <a href="https://www.drupal.org/project/coder/issues/2919773#comment-12846434">https://www.drupal.org/project/coder/issues/2919773#comment-12846434</a><br /> which says the code is at <a href="https://github.com/klausi/coder" rel="nofollow">https://github.com/klausi/coder</a>. </p> <p>There are two files that Composer creates and updates (an important reason to do things using Composer and not the GUI).</p> <ul><li><strong>composer.json</strong> lists all the <em>system</em> modules in your Drupal, and which versions of each module is needed. I ran into problems with entity_update, which is required by drush (I think):<br />       <span style="font-size:11px;"><span style="font-family:Courier New,Courier,monospace;">"drupal/entity_update": "^1.1"</span></span><br /> but it needed to be<br />        <span style="font-size:11px;"><span style="font-family:Courier New,Courier,monospace;">"drupal/entity_update": "^<a href="mailto:1.2@RC">1.2@RC</a>"</span></span><br /> so I edited this file.</li> <li><strong>composer.lock</strong> gives the name of each system module, and all of its metadata, including where to get the module. It is here that you have to fix the above URL:<br /><span style="color:null;"><span style="font-family:Courier New,Courier,monospace;"><span style="font-size:11px;">        {<br />             "name": "drupal/entity_update",<br />             "version": "1.2",<br />             "source": {<br />                 "type": "git",<br />                 "url": "<a href="https://git.drupal.org/project/entity_update">https://git.drupal.org/project/entity_update</a>",<br />                 "reference": "8.x-1.2-rc7"<br />             },<br />             "dist": {<br />                 "type": "zip",<br />                 "url": "<a href="https://ftp.drupal.org/files/projects/entity_update-8.x-1.2-rc7.zip">https://ftp.drupal.org/files/projects/entity_update-8.x-1.2-rc7.zip</a>",<br />                 "reference": "8.x-1.2-rc7",<br />                 "shasum": "1da5f2de7c6adcda9eac8140b5406e588910d50b"<br />             },<br />             "require": {<br />                 "drupal/core": "~8.0"<br />             },<br />             "type": "drupal-module",<br />             "extra": {<br />                 "branch-alias": {<br />                     "dev-1.x": "1.x-dev",<br />                     "dev-master": "1.2.x-dev"<br />                 },<br />                 "drupal": {<br />                     "version": "8.x-1.2-rc7",<br />                     "datestamp": "1515696784",<br />                     "security-coverage": {<br />                         "status": "not-covered",<br />                         "message": "Project has not opted into security advisory coverage!"<br />                     }<br />                 }<br />             },<br />             "notification-url": "<a href="https://packages.drupal.org/8/downloads">https://packages.drupal.org/8/downloads</a>",<br />             "license": [<br />                 "GPL"<br />             ],<br />             "authors": [<br />                 {<br />                     "name": "Nuwantha",<br />                     "homepage": "<a href="https://www.drupal8.ovh">https://www.drupal8.ovh</a>",<br />                     "role": "Admin"<br />                 }<br />             ],<br />             "description": "Update Drupal 8 Entity schema.",<br />             "homepage": "<a href="https://www.drupal.org/project/entity_update">https://www.drupal.org/project/entity_update</a>",<br />             "support": {<br />                 "source": "</span></span></span><span style="color:#c0392b;"><span style="font-family:Courier New,Courier,monospace;"><span style="font-size:11px;"><strong><a href="https://github.com/klausi/coder">https://github.com/klausi/coder</a></strong></span></span></span><span style="color:null;"><span style="font-family:Courier New,Courier,monospace;"><span style="font-size:11px;">",<br />                 "issues": "<a href="https://www.drupal.org/project/issues/entity_update">https://www.drupal.org/project/issues/entity_update</a>"<br />             }<br />         },</span></span></span></li> </ul><p>But making these changes still gave the same error message!</p> <p>Composer makes a <strong>.composer</strong> directory above your Drupal main directory. Inside of this is a <strong>cache</strong> directory. It too must be deleted. Then everything will work.</p> <h3>Drupal 8 should not be this difficult!!!!</h3> <hr /><h3>Finding things inside Drupal</h3> <p>I grabbed these tips on how to find things that are referred to in your Drupal installation, but are missing:</p> <p>Do the following:</p> <p>grep -rnw '/path/to/somewhere/' -e "pattern"</p> <ul><li> <p>-r or -R is recursive,</p> </li> <li> <p>-n is line number, and</p> </li> <li> <p>-w stands match the whole word.</p> </li> <li> <p>-l (lower-case L) can be added to just give the file name of matching files.</p> </li> <li> <p>Along with these, --exclude or --include parameter could be used for efficient searching. Something like below:</p> </li> </ul><p>grep --include=\*.{c,h} -rnw '/path/to/somewhere/' -e "pattern"</p> <p>This will only search through the files which have .c or .h extensions. Similarly a sample use of --exclude:</p> <p>grep --exclude=*.o -rnw '/path/to/somewhere/' -e "pattern"</p> <p>Above will exclude searching all the files ending with .o extension. Just like exclude file it's possible to exclude/include directories through --exclude-dir and --include-dir parameter; for example, the following shows how to integrate --exclude-dir:</p> <p>grep --exclude-dir={dir1,dir2,*.dst} -rnw '/path/to/somewhere/' -e "pattern"</p> <p>--------</p> <p>grep -Ril "text-to-find-here" /</p> </div> </div> </div> <section class="field-wrapper"> <h2 class="field-items">Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=180&amp;2=comment_node_blog&amp;3=comment_node_blog" token="h-stXHK3scsM6_vCBgM4Bc82maazQ9mQGaC7DJb9VmM"></drupal-render-placeholder> </section> </div> </div> Wed, 24 Oct 2018 15:21:56 +0000 jarome 180 at http://jamesrome.net/drupal Picking a host for your Web site http://jamesrome.net/drupal/hosting <span class="field-wrapper">Picking a host for your Web site</span> <span class="field-wrapper"><span lang="" about="/drupal/user/1" typeof="schema:Person" property="schema:name" datatype="">jarome</span></span> <span class="field-wrapper">Sun, 10/21/2018 - 08:46</span> <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div class="field-wrapper field field-node--field-display-title field-name-field-display-title field-type-string field-label-hidden"> <div class="field-items"> <div class="field-item"><h2><a href="/drupal/hosting" hreflang="en">Picking a host for your Web site</a></h2> </div> </div> </div> <div class="field-wrapper body field field-node--body field-name-body field-type-text-with-summary field-label-hidden"> <div class="field-items"> <div class="field-item"><p>This advice applies to the kind of shared hosting accounts that individuals and small organizations might use. Your site shares a server with other users.</p> <p>If you want to host a Website accessible to the public, how should you go about picking the host? Most people look at the obvious things:</p> <ul><li>Cost (including add-ons)</li> <li>Amount of storage</li> <li>Number and size of databases</li> <li>Number of email accounts</li> <li>Free non-commercial SSL certificates</li> <li>Speed (promised)</li> </ul><p>At the moment, I have my Websites on three different hosts:</p> <ul><li>Just Host (<a href="https://my.justhost.com">https://my.justhost.com</a>)</li> <li>Ionos (was 1&amp;1) (<a href="https://www.ionos.com/hosting/web-hosting">https://www.ionos.com/hosting/web-hosting</a>)</li> <li>A2 Hosting (<a href="https://www.a2hosting.com/">https://www.a2hosting.com</a>)</li> </ul><p>Each site tries to lure you with its offers:</p> <table align="center" border="1" cellpadding="1" cellspacing="1" style="width: 800px;"><tbody><tr><td><img alt="" height="1170" src="/drupal/sites/default/files/ionos.png" width="798" /></td> </tr><tr><td><img alt="JustHost.png" height="580" src="/drupal/sites/default/files/JustHost.png" width="798" /></td> </tr><tr><td><img alt="A2Hosting.png" height="582" src="/drupal/sites/default/files/A2Hosting.png" width="800" /></td> </tr></tbody></table><p>Please notice the greater technical details and features in the A2 Hosting site. While these are important considerations, there may be more critical differences among hosting providers. I run six Websites, all based upon Drupal (which I recommend highly for a serious site that needs fine-grained access controls). However, to run Drupal Composer requires ai least 768 MB of memory for php, so you cannot use the cheapest A2 plan. The cheapest Ionos plan offers just 256 MB.</p> <ul></ul><p>I am going to migrate all of my sites to A2hosting. Let me tell you why.</p> <p>The first difference among the sites is the file layout. All sites give you a htdocs (or public_html) directory, which is where internet-accessible are placed. But you also need a directory that is NOT accessible over the internet for security purposes. Drupal requires this. Amazingly, <strong>Ionos does not give you a directory above htdocs</strong>. They do allow you to specify private files, but there is no way for Drupal to use these. You need this file space to store backups, new patches or versions for your system, etc. T<strong>his is a security issue!</strong></p> <p>All hosts also allow you to choose Linux or Windows as a hosting platform. I always choose Linux (usually a version of Debian). I see no good reason to use a Windows-based server.</p> <p>All hosts let you manage your site via a Control Panel. Almost all sites use a control Panel from CPanel.com, but there is a difference in what you can control, and how fine-grained things are. In addition to the Web interface via CPanel, to really manage your site, you will want to log in with ssh or to transfer files using sftp. All hosts allow this, but it is a bit easier with JustHost because you can use your username and site name:</p> <pre> ssh username@sitename.org</pre><p>Other hosts require the specific address of your host server. It is no big deal, but you should keep track of this. No host allows the use of X-windows (graphical ssh interface), so you need to learn how to use Vi (or better, Vim) in order to edit site files in your terminal window. However, on my Mac, using Transmit, I can mount a remote directory and use BBedit locally to edit my site files.</p> <p>You will need a bunch of usernames and passwords to manage your site, so I urge you to make an encrypted spreadsheet page to remember all of them. <em>They need to all be different for site security</em>! For example, you will need login credentials for</p> <ul><li>Your hosting provider</li> <li>ssh/sftp</li> <li>Drupal (or Wordpress...) administration</li> <li>The database server</li> <li>Your site email accounts</li> </ul><p>And you may also need credentials for useful site add-ons such as</p> <ul><li>Google Maps and/or geolocation</li> <li>Paypal</li> <li>Mailchimp</li> <li>Recaptcha (anti-spam)</li> </ul><p>The latest versions of Drupal (8.x) require management from your terminal via programs called <em>Composer</em> and <em>Drush</em>. This makes life a lot harder for site builders in my opinion. Both of these programs and Drupal itself rely upon the program <em>PHP</em>. There are three issues: All hosts allow you to choose the version of PHP for your site, but not all sites offer the latest version. </p> <table border="1" cellpadding="1" cellspacing="1" style="width: 800px;"><tbody><tr><td><img alt="phpVersionsJustHost.png" height="889" src="/drupal/sites/default/files/phpVersionsJustHost.png" width="798" /></td> </tr></tbody></table><p><strong>JustHost stops at PHP 7.0,</strong> whereas PHP is is now up to version 7.3. Even worse, for Drupal, many of the Composer options require PHP &gt; 7.1.3. There is no reason for the host to NOT put up more recent versions of PHP. Notice also that the PHP extensions offered by JustHost are Meagre. A2 Hosting offers an easy checklist to add extensions:</p> <table border="1" cellpadding="1" cellspacing="1" style="width: 800px;"><tbody><tr><td><img alt="A2phpversions.png" height="619" src="/drupal/sites/default/files/A2phpversions.png" width="798" /></td> </tr></tbody></table><p>The second issue is that the version of PHP that you can use in your ssh shell is not necessarily the same as the one you can choose for your Web site. JustHost has only recently switched this to version 7.0 (from version 5), but it is still too old to properly run Composer.</p> <pre> php -v PHP 7.0.31 (cli) (built: Aug  2 2018 14:51:52) ( NTS</pre><p>And, no host allows you to actually change your shell PHP version.</p> <p>A2 Hosting uses php 7.1.23</p> <pre> php -v ea-php-cli Copyright 2017 cPanel, Inc. PHP 7.1.23 (cli) (built: Oct 13 2018 05:10:45) ( NTS )</pre><p>but, for Ionos:</p> <p><span style="font-size:14px;"><span style="font-family:Courier New,Courier,monospace;">~$ php -v<br /> PHP 4.4.9 (cgi-fcgi) (built: Oct 19 2018 06:51:47)<br /> Copyright (c) 1997-2008 The PHP Group<br /> Zend Engine v1.3.0, Copyright (c) 1998-2004 Zend Technologies</span></span></p> <p>and their explanation is:</p> <p><em><strong>"We set the php version to default which is PHP 4. In a shared hosting package we don't have an option to change that." </strong></em></p> <p>Php 4 is no longer maintained so <strong>using php 4.x is also a security issue</strong>, and moreover, it will not run the Drupal tool <em>Composer</em>, which is used to update Drupal and should be used to install modules. Yes, you can search for a newer version of php and use it via a full path, but since you have no home directory in which to put a .bashrc file which could change your path, or make aliases, this is a royal pain.</p> <hr /><p>The final issue is whether you can control the PHP runtime parameters, and how easy it is to do this. A2 Hosting once again has a nice interface for this</p> <table border="1" cellpadding="1" cellspacing="1" style="width: 800px;"><tbody><tr><td><img alt="A2phpOptions_0.png" height="618" src="/drupal/sites/default/files/A2phpOptions_0.png" width="798" /></td> </tr></tbody></table><p>On some other hosts, you must edit a php.ini file manually. Ionos (1&amp;1) seems to ignore the php.ini file.</p> <p>Having up-to-date host software is critical because your web environment might require the latest versions, and also, there are many security fixes. <strong>It is dangerous to use old unpatched versions of software</strong>. You have no way of telling whether your host software is patched or not. Once again, JustHost seems to be behind the curve. If you run phpMyAdmin (to administer your databases via a GUI), you get</p> <pre> You should upgrade to MySQL 5.5.0 or later.</pre><hr /><h3>Migration</h3> <p>When you switch hosting providers, it is very nice for the new host to migrate your site from the old host. A2hosting does this nicely.</p> <hr /><h3>Software to manage your site</h3> <p>My Drupal Theme Zurb_foundation requires npm to manage it properly. Without a directory level above www, it is impossible to do this. On A2Hosting, a ~/bin directory is already in your path, and you can easily install the required node.js, linking its bin directory to ~/bin.</p> <hr /><h3>Vulnerability checking</h3> <p>Another advantage of A2Hosting (I just discovered) is that they scan your installation for security issues and send you an email; none of my other hosts do this.</p> <table border="1" cellpadding="1" cellspacing="1" style="width: 798px;"><tbody><tr><td> <table border="0" width="100%"><tbody><tr><td><a href="http://www.a2hosting.com" target="_blank"><img alt="A2 Hosting" border="0" shrinktofit="true" src="https://my.a2hosting.com/images/a2hosting-logo-320x50.png" /></a> <p>Toll Free (USA/Canada): <strong>1-888-LINUX-HOST</strong></p> <p>International: <strong>+1 734-222-4678</strong></p> <p> <a href="https://my.a2hosting.com/">Support Center</a> <a href="https://my.a2hosting.com/">Billing Services</a> <a href="http://www.a2hosting.com/contact">Contact Us</a></p></td> </tr></tbody></table><table><tbody><tr><td> </td> <td bgcolor="#FFFFFF"> <table><tbody><tr><td>Hello, <p> As part of our commitment to providing you with a secure hosting environment, we performed an automated scan of your domain(s) kacbtn.org hosted on mi3-ss36.a2hosting.com</p> <p> It appears patches are available for application(s) installed in the following path(s):</p> <p> Open redirect vulnerability in Drupal<br /> /home/kacbtnor/public_html/core.old/lib/Drupal/Core/Security/RequestSanitizer.php</p> <p> Open redirect vulnerability in Drupal<br /> /home/kacbtnor/public_html/core.old/lib/Drupal/Core/Routing/UrlGenerator.php</p> <p> Open redirect vulnerability in Drupal<br /> /home/kacbtnor/public_html/core.old/lib/Drupal/Component/Utility/UrlHelper.php</p> <p> Incorrect permissions vulnerability in Drupal<br /> /home/kacbtnor/public_html/core.old/modules/content_moderation/src/StateTransitionValidationInterface.php</p></td> </tr></tbody></table></td> </tr></tbody></table></td> </tr></tbody></table><p><strong>Sign up to create or to transfer your Web site to A2Hosting</strong></p> <p><a href="https://www.a2hosting.com?aid=jarome&amp;bid=a9ce3dc6" target="_top"><img alt="" height="60" src="//affiliates.a2hosting.com/accounts/default1/banners/a9ce3dc6.jpg" title="" width="468" /></a><img alt="" height="1" src="https://affiliates.a2hosting.com/scripts/imp.php?aid=jarome&amp;bid=a9ce3dc6" style="border:0" width="1" /></p> <p> </p> </div> </div> </div> <section class="field-wrapper"> <h2 class="field-items">Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=179&amp;2=comment_node_blog&amp;3=comment_node_blog" token="p6f-yHhiXNlpSBYvxl7UyaOgwPZoiCd6HBcxaQBOd_g"></drupal-render-placeholder> </section> </div> </div> Sun, 21 Oct 2018 14:46:55 +0000 jarome 179 at http://jamesrome.net/drupal http://jamesrome.net/drupal/hosting#comments A crash course on phishing http://jamesrome.net/drupal/phishing <span class="field-wrapper">A crash course on phishing</span> <span class="field-wrapper"><span lang="" about="/drupal/user/1" typeof="schema:Person" property="schema:name" datatype="">jarome</span></span> <span class="field-wrapper">Sat, 09/15/2018 - 07:43</span> <div class="layout layout--onecol"> <div class="layout__region layout__region--content"> <div class="field-wrapper field field-node--field-display-title field-name-field-display-title field-type-string field-label-hidden"> <div class="field-items"> <div class="field-item"><h2><a href="/drupal/phishing" hreflang="en">A crash course on phishing</a></h2> </div> </div> </div> <div class="field-wrapper body field field-node--body field-name-body field-type-text-with-summary field-label-hidden"> <div class="field-items"> <div class="field-item"><p>Recently members of one of my mailing lists received e-mail purportedly from me, and thought that I had been hacked. I am quite paranoid about computer security, so know that my systems are all secure. It takes several hours a week (at least) to do this. What I believe happened is that someone on my list has been hacked, and one of my e-mail messages to the list was intercepted, and the list was used for phishing purposes.</p> <p>We all need to know how to identify perhaps innocent-looking e-mails that are maliciously directed at us. I really recommend using Google's Gmail because it is very effective at filtering out such messages. Here is an example of a phishing message from my gmail spam folder: (I have highlighted suspicious things for your edification, but the whole message reeks of unreality.)</p> <hr /><pre wrap=""> <span style="font-size:10px;">Bank of America 115 W 42nd St, New York, NY 10036, USA From Desktop of Mr. Jeff Anderson Our Ref: BOF-0XX2/987/20 E-mail: <a href="mailto:jeff44105@gmail.com"><span style="background-color:#f1c40f;">jeff44105@gmail.com</span></a> It is my modest obligation to write you this letter as regards the Authorization of your owed payment through our <span style="background-color:#f1c40f;">most respected financial institution (Bank of America)</span>. I am Mr. Jeff Anderson, TRANSFER INSPECTION OFFICER, foreign operations Department Bank of America, the British Government in Conjunction with us government, World Bank, <span style="background-color:#f1c40f;">united</span> Nations Organization on foreign Payment matters has empowered my bank after much consultation and consideration to handle all foreign payments and release them to their appropriate beneficiaries with the help of a Representative from Federal Reserve Bank of New York. As the newly Appointed/Accredited International Paying Bank, We have been instructed by the world governing body together with the committee on international debt reconciliation department to release your overdue funds with immediate effect; with this exclusive vide transaction no.: wha/eur/202,password: 339331, pin code: 78569, having received these vital payment numbers, <span style="background-color:#f1c40f;">you are instantly qualified to receive and confirm your payment</span> with us within the next 96hrs. Be informed that we have verified your payment file as directed to us and your name is next on the list of our outstanding fund beneficiaries to receive their payment. Be advised that because of too many funds beneficiaries, you are entitled to receive the sum of <span style="background-color:#f1c40f;">$14.5M,(Fourteen Million Five Hundred Thousand Dollars only)</span>, as to enable us pay other eligible beneficiaries. To facilitate with the process of this transaction, please kindly re-confirm the following information below: <span style="background-color:#f1c40f;">1) Your Full Name: 2) Your Full Address: 3) Your Contact Telephone and Fax No: 4) Your Profession, Age and Marital Status: 5) Any Valid Form of Your Identification/Driver's License: 6) Bank Name: 7) Bank Address: 8) Account Name: 9) Account Number: 10) Swift Code: 11) Routing Number:</span> As soon as we receive the above mentioned information, your payment will be processed and released to you without any further delay. This notification email should be your confidential property to avoid impersonators claiming your fund. You are required to provide the above information for your transfer to take place through Bank to Bank Transfer directly from Bank of America We Look Forward To Serving You Better. Mr. Jeff Anderson, TRANSFER INSPECTION OFFICER Bank of America</span> </pre><hr /><p>The information they request is sufficient for the sender to clean out your banking account!</p> <p><strong>Note that it is trivially easy to change the From: name of the message sender, so you can never trust this.</strong> But you can go further to see who really sent this; in Thunderbird, you can do this in the View menu and selecting headers/all. Or, you can use View/Message Source. You will then be presented with the full route that the e-mail took through the internet:</p> <hr /><pre> <span style="font-size:10px;">Delivered-To: jamesrome@gmail.com Received: by 2002:a67:dd83:0:0:0:0:0 with SMTP id i3-v6csp981460vsk; Sat, 1 Sep 2018 16:10:47 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZP5hl5aj9eEycLEMUKsu50rwHbVtD3eFwrpKkxQHSyScHj/buTJ31eUH8T0iuli8JSma2P X-Received: by 2002:a63:24c:: with SMTP id 73-v6mr20914277pgc.252.1535843447249; Sat, 01 Sep 2018 16:10:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535843447; cv=none; d=google.com; s=arc-20160816; b=KAmB+sKtR/d9gocNxjvx98I1V9pudt4YlnOs5PTSuzBLVccJkrQTh+n7MzxwD4RIeW SaYxDe3AzP8vaC28gVlhItq8Ao4sgVbTsnkf2OAraAm77V+dMUXcQaxu4xqGM57p8e68 Yv1ofDOIM3PxtsmiqlV6BE2qXoqlhazHzI4uEx72snRuTw91IIeHo3xCid3c0A0q3J+4 Ty6CCKRvEF1PPy0F5NQazmhW+CDhMx/+ARpBZpDgZyV6YgTyoXbVLJGYFIKm+DKKgRuG sVSO6tNvo2wLqpqu9MSk3N1FJ4mRid1cJfId36+5Kt1Nq/9CRWAW3yIMivYE8MuA/UVN LhDA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=to:message-id:content-transfer-encoding:mime-version:date:subject :from:reply-to:arc-authentication-results; bh=+qiV0KE8J5jwioiXhBhoxbc+f5PGBxBFMIyJrH38oCI=; b=Lnqr7bTEoytKYtdNGUKvzaWrWyp5LWeiykKI8vZBCFRpVELXXQnFve7dbX9RzKrjjr ZJpTNjhF0VG5Q2yIsymAAFGt57UYtM5OqZuLACR0VgL3OWbhgHPwF3lyQ926XFKDGPe/ 7IXq2itfDJcee2EvdERgoSyIrgRqmg3Q18aQzcsm8FLdFADFwS3oIhDKEQFGTpGye3PQ B46nmGwWMIdhNLeycSyr37519/dfXK53yZCwYFcDc6RzK06UYc482j3vCux2xbt2ubI/ CotsRAbN/u7RA5ofKDfjqGasuEtsJCvZ6pZgWvC1sSShOUanqcqJulLRK8ByngHfUHtk iCKg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of admin1@angel.ocn.ne.jp designates as permitted sender) smtp.mailfrom=admin1@angel.ocn.ne.jp Return-Path: &lt;admin1@angel.ocn.ne.jp&gt; Received: from mbkd0213.ocn.ad.jp (mbkd0213.ocn.ad.jp. []) by mx.google.com with ESMTP id 81-v6si15855928pfw.261.2018.; Sat, 01 Sep 2018 16:10:47 -0700 (PDT) Received-SPF: pass (google.com: domain of admin1@angel.ocn.ne.jp designates as permitted sender) client-ip=; Authentication-Results: mx.google.com; spf=pass (google.com: domain of admin1@angel.ocn.ne.jp designates as permitted sender) smtp.mailfrom=admin1@angel.ocn.ne.jp Received: from mf-smf-unw008c1 (mf-smf-unw008c1.ocn.ad.jp []) by mbkd0213.ocn.ad.jp (Postfix) with ESMTP id 44E042005B0; Sun, 2 Sep 2018 08:10:28 +0900 (JST) Received: from msgw008-03.ocn.ad.jp ([]) by mf-smf-unw008c1 with ESMTP id wF2CfsSribXPgwF2CfG9li; Sun, 02 Sep 2018 08:10:28 +0900 <span style="background-color:#f1c40f;">Received: from User (p1186067-ipngn200712niho.hiroshima.ocn.ne.jp []) by msgw008-03.ocn.ad.jp (Postfix) with SMTP id 42B83C59D61; Sun, 2 Sep 2018 08:09:52 +0900 (JST)</span> Reply-To: &lt;jeff44105@gmail.com&gt; From: "BANK OF AMERICA"&lt;admin1@angel.ocn.ne.jp&gt; Subject: MESSAGE FROM BANK OF AMERICA Date: Sun, 2 Sep 2018 01:10:29 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1251" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-Id: &lt;20180901230953.42B83C59D61@msgw008-03.ocn.ad.jp&gt; To: undisclosed-recipients:;</span></pre><hr /><p>Notice that the real sender was from Japan: <span style="background-color:#f1c40f;">p1186067-ipngn200712niho.hiroshima.ocn.ne.jp.</span><span style="background-color:null;"> This is clearly not from Bank of America in New York.</span></p> <p><span style="background-color:null;"><strong>While reading a e-mail text will not infect your computer, embedded images and especially attachments can.</strong> Good e-mail clients will block images in e-mails until you approve them. <strong>Never open an attachment unless you follow the above steps to verify that the sender is legitimate.</strong></span></p> <p>To end this brief tutorial, here is a legitimate e-mail from me so you can see the difference in the header:</p> <hr /><pre> <span style="font-size:10px;">Return-Path: &lt;jamesrome@gmail.com&gt; Delivered-To: webmaster@orcma.org Received: from just174.justhost.com by just174.justhost.com with LMTP id kEaPKwUTnVtWbwAArTHMMg for &lt;webmaster@orcma.org&gt;; Sat, 15 Sep 2018 08:11:17 -0600 Return-path: &lt;jamesrome@gmail.com&gt; Envelope-to: webmaster@orcma.org Delivery-date: Sat, 15 Sep 2018 08:11:17 -0600 Received: from mx76.antispamcloud.com ([]:50042) by just174.justhost.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.91) (envelope-from &lt;jamesrome@gmail.com&gt;) id 1g1BI5-0007Me-7w for webmaster@orcma.org; Sat, 15 Sep 2018 08:11:17 -0600 Received: from mail-yb1-xb29.google.com ([2607:f8b0:4864:20::b29]) by mx76.antispamcloud.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.89) (envelope-from &lt;jamesrome@gmail.com&gt;) id 1g1BHt-0002M6-4O for webmaster@orcma.org; Sat, 15 Sep 2018 16:11:05 +0200 Received: by mail-yb1-xb29.google.com with SMTP id k5-v6so5973773ybo.10 for &lt;webmaster@orcma.org&gt;; Sat, 15 Sep 2018 07:10:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=55XWXD9NPxm+omfraVCH6GQ2qOp+Xd1x54JB1lD5JhI=; b=ioR/BBEiYtvjNhJcLYFHtp+pycN9+TKkMoTNYukkoQMWm0K12SP4bjXZ6HesMkrtw6 GsnmlXrLjvz1SnPIUsYkASa49ZlSpLl7z+QZ/Ldu4H36Hwy2NGO4EzM1akPggx20guxl yihKqYRC6atLHoPU9u1MqIDUH/iaAMyt7RSDBlCnC8neiaHt1d01QyUcd7o7KqUgrNpC JR0loA+F0caiQD4CeEzrkDw3SJXIc9lqd7U9ggcMotAtw4n2S2E9vKYXdKstDLgehzm5 tClzQWyNQ9iypQzLdsQ+O1GEpp6PEQ5nB5drscED5GAMqdim781oVHy3iXrg4vwCn14s sSZw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=55XWXD9NPxm+omfraVCH6GQ2qOp+Xd1x54JB1lD5JhI=; b=oAZ8K8psyhSuNKHkW+kNQIAOnA9Y+Q6ew/xsg3jkXeJvox+DXHOODGz6damZAAAh90 T69u8Bw0SiDuH6YWhlvRAcFf+CTsM7sjaj9IIsehtvvYhR0uYG84b13unyvgUzneRuzM nsqPZiAe86CaAamQ2/oA+1tWXQBn0fIHVoPam9OYADX5l0EHwE/h4VITU8+XtmG2hYbC 6koyFSYbvj/Dct6qB/90L4s1Uy5uRJ3JGJNOLFOhlr8cbE4YwloKghVcggPN0q3Y3cPg m+gRx4lJI13F32t0QvM6m1pjbJnE4sfPMQBU452klT2v1KXg5fggtNe2nYOmvaPEdU7r nNsg== X-Gm-Message-State: APzg51DRQXBu1kZmfKiLNGdb5gjnzpPyb6dlwtANv2zZsxBhEEg/xYvW Modoft2TQiwpiTbyQi9PHr2Zh0uA X-Google-Smtp-Source: ANB0VdZ4YojFZbWTwWzBxm9Uuw3wijVl0a965Mhid4ztbMrBLuOwNbbpJp+19XWqOJ7/EiYI4W5YBg== X-Received: by 2002:a25:cbc8:: with SMTP id b191-v6mr7519987ybg.223.1537020651508; Sat, 15 Sep 2018 07:10:51 -0700 (PDT) <span style="background-color:#f1c40f;">Received: from JARMAC.local (c-73-121-14-196.hsd1.tn.comcast.net. []) by smtp.gmail.com with ESMTPSA id s63-v6sm5566520ywd.63.2018. for &lt;webmaster@orcma.org&gt;</span> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 15 Sep 2018 07:10:51 -0700 (PDT) To: webmaster@orcma.org From: James Rome &lt;jamesrome@gmail.com&gt; Subject: This is a test Message-ID: &lt;366df68d-0466-8f50-2ffb-5dd94329886c@gmail.com&gt; Date: Sat, 15 Sep 2018 10:10:50 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Thunderbird/60.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US Received-SPF: pass (mx76.antispamcloud.com: domain of gmail.com designates 2607:f8b0:4864:20::b29 as permitted sender) client-ip=2607:f8b0:4864:20::b29; envelope-from=jamesrome@gmail.com; helo=mail-yb1-xb29.google.com; X-SPF-Result: mx76.antispamcloud.com: domain of gmail.com designates 2607:f8b0:4864:20::b29 as permitted sender <span style="background-color:#f1c40f;">Authentication-Results: mx76.antispamcloud.com; dmarc=pass header.from=gmail.com Authentication-Results: antispamcloud.com; spf=pass smtp.mailfrom=jamesrome@gmail.com; dkim=pass header.i=gmail.com </span>X-AntiSpamCloud-Class: whitelisted X-AntiSpamCloud-Evidence: sender X-Recommended-Action: accept X-Filter-ID: EX5BVjFpneJeBchSMxfU5k4vttopaznJi+Oy9Zlg/zMoS0oCIPR/rZSAJyoppnqc4iF/GF/s/jIX rGukyuoBNXDl5xqzAR3iXAUhHqRFFAvGkupNenPrxEEkt+tCfY2t9YrRV4WvzFt2037yKVsLxkyR hh+lk+itmHMUtkInh7Tq32fObvm4BUqXBDU2nHdDl1R7/ClUcVcJ4Qk8yjrl1iTg127TqHZDxA/k ZB41Rh//I6dVM9aCE3XwJtDzHS3TXLCgQeVFXJbShRwKWlqpy+42Vki7412dpbhrD2d47zYqyS7y viWX4Y+TSSXoHLdLbweT2+CRGv/wRpjFRRmp/QCB2MaZkZ2VaougMWpoIHvcwaxVtBcR0F+RGqyP zltVayJlvHoXTBhS4eFwr87chpjNZXvY/LaOLYt/eqQRpiYILb/DK32fbx7z0dUW4eBs0on3OmSH gIFVk16+U330sDbf7Pr0wN7IAExZRosm0MLbYXv5WOsQcB/yA02SEVSGIrv3F28sfojuZI3S+Bdc 3lnsyWu8Q0HDoORE+fy5gr3LgKffTIgl7nuGO/IJU1342OUMeHyTpNN0eXybX/w7/6hAkYmm8VLk ulb8pHdV1ZM5HoPL7XZG1wG2jCHBGpvBGplHcpVCCoX989hgB8R+yNMcQs06Siyku1OXfA2p6TjD PfbvFi2v+4eN23Y33UiTKLILAej3Udqot7L/rL7e+zWI7l3aGHQGuJm+qKiMbmpgrlzScZ9BKehd zB4Xx60LiD9/tuWoAGBqY4cqG4XYbrV4D5juttJ+Ne5zs2e7CtOIWGrMph8g/xbYmARR4eVvV2G7 4uRzYVEz+iWN4lDeuZzgDCICWjJzsTlWpuDqBSeEgPjdq+SVnW0lHN3HIsIWK35OgCET3t6v6yUd o2J+0tqA3xvMIqc3MGYVXxCnrJSIP3+25agAYGpjhyobhdhuEmgCmgCoXJeXpXuyrHo9XppQDpfP mup33qUtmQ53RslWBb39uS1TjWG2Inx+Ts2Qvce5bLLLmf+d7Dm4btGCTQ== X-Report-Abuse-To: spam@quarantine2.antispamcloud.com X-Spam-Status: No, score=1.5 X-Spam-Score: 15 X-Spam-Bar: + X-Ham-Report: Spam detection software, running on the system "just174.justhost.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: Legitimate e-mail from me. -- James A. Rome 116 Claymore Lane Oak Ridge, TN 37830-7674 865 482-5643 //jamesrome.net [...] Content analysis details: (1.5 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: jamesrome.net] 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.5 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (jamesrome[at]gmail.com) -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.1 AWL AWL: Adjusted score from AWL reputation of From: address X-Spam-Flag: NO Legitimate e-mail from me.</span> </pre><hr /><p>Notice that I have been authenticated by the sending organization, Gmail. It even has the name of my computer.</p> <h3>How to view headers on mobile devices</h3> <p><b>Apple Mail</b></p> <ol><li>Open Apple Mail.</li> <li>Double-click to open the email message.</li> <li>Choose "<b>View</b>" at the top menu and select "Customize Toolbars."</li> <li>Drag the "Full <b>Headers</b>" or "Long <b>Headers</b>" icon into your toolbar and save changes. See Figure 1. Figure 1.</li> <li>Now, you can click on "Full <b>Headers</b>" or "Long <b>Headers</b>" to the top of the toolbar.</li> </ol><p><strong>Gmail</strong></p> <p>You cannot view headers in the Gmail app (Android or IOS). You will have to use a browser to go to Gmail.com. Once there:</p> <ol><li>From a browser, open <a href="https://mail.google.com/" target="_blank">Gmail</a>.</li> <li>Open the email you want to check the headers for.</li> <li>Next to Reply <img alt="Reply" height="18" src="https://storage.googleapis.com/support-kms-prod/0ILCTQF6KSeSL6mVgL8W9U2ax5kPcv6Ty3GH" title="Reply" width="18" />, click the Down arrow <img alt="Down Arrow" height="18" src="https://storage.googleapis.com/support-kms-prod/76B4941B08D1516AC7336D5A3C2E7914920D" title="Down Arrow" width="18" />.</li> <li>Click <strong>Show original</strong>.</li> </ol><p>The headers will show in a new window, including fields like authentication results. To get the full message header, copy everything below "Download original."</p> <p> </p> </div> </div> </div> <section class="field-wrapper"> <h2 class="field-items">Add new comment</h2> <drupal-render-placeholder callback="comment.lazy_builders:renderForm" arguments="0=node&amp;1=178&amp;2=comment_node_blog&amp;3=comment_node_blog" token="UHxrIgav-Wt4wvomEc5xli2jD6WomvXCG-Os8YZvGLs"></drupal-render-placeholder> </section> </div> </div> Sat, 15 Sep 2018 13:43:01 +0000 jarome 178 at http://jamesrome.net/drupal