The newspaper industry ‘app’ mystery

Yeah its the tempest

The monkey houses newspaper (my blog) also has an online version of which you need a login to and we don’t have them, as i block some things and if you do visit the site it complains about it.  Nobody in the zoo visits the site for the nagging delay and the weird commentators who want world war three or something less doomsday like say who’s multimillionaires daughter has a diet cookery book out and why an eel in your stomach will work wonders which could be a world war three in your stomach i guess if that is not overthinking things..

Anyhow i was not bothered but I had an interest to see if subscribers also got served ads – i guess ‘yes’ if you ask me what i suspect with the extra data the bush telegraph also knows to create a super cookie for nefarious advert use – say buy a hardback book about word war three dieting? – loose weight with Polonium*  But the newspaper who apparently gave us web access never told the alpha ape here in the monkey house how to login.  Not that anyone the monkey house was bothered by this omission.

Then all of a sudden he tells me they reduced the price of the subscription and cancelled the web access for non use. Oh news to all.

The monkey house is not bothered by this but it is something i will not now know.  Ignorance is bliss..I did once try and get a more up to date ‘free’** computer for a beta they where giving away [not me] but neither seemed wiling to do anything about it

The moral to this story if you do not tell customers of a thing they won’t use it.not that my exploration would result in happy customers here paying extra for web access..

Cookies !

*works.** note the exclamation marks

html5 validation in the wild.

The monkey house here in zoo needed its website changed so i got handed this job and when i ran my perfectly looking site through a validator it had a few issues but those things always do.

are-you-serious-wtf-meme-baby-faceHtml5’s date and time features i did not get and where complained about especially pubdate which seems to have confused many so i left those in.

Nav roles also brought up a public health warning which i ignored.

The rest where my errors, unclosed div’s, form elements without id=”foo” and of course the odd typo.

In the end i fixed most of the issues but a noscript issue made me question my sanity when the feature which needs a scripting back end told me that it would never run in a noscript environment, i would hope so.

The site still looks the same for all the improvements.

Really it does not look like i did anything, but i did. Honest

html5 and an odd css problem

headacheI was looking at our production zoo website when i noticed that the css mailto image was not displaying.

It was pointing to a wrong url and several days later after changing that still no image was showing up, i eventually fixed it with a space in the html.

It was working and in the old browser from redesign but had since stopped, bloody browsers changing there minds.

On seo books

hipsterSome seo books where read my me here in the monkey house – there not my choice but what i could find rather than buy paper  ebooks it appears are the way to go here but with a lot of crooks in seo meaning one book a decade is out of the question due to scams by seo professional’s in there quest misdirecting searches.

This is not an endorsement of the items below but they reflect a more modern world view than i usually could obtain there are two books reviewed.

moranFirst is isbn: 9781119129554 was not a book i bought and is by Peter Kent and called seo for dummies (edition six) published in 2015 a publisher i dont think a lot of and aviod

Kent is a lot more honest than mr Odden who you will meet below.  This book has technical terms in as a bonus and lays out a long term view rather than claim that a one off $25 will buy you first result (my blog) which many seo ‘professionals’ flog and does not work.

It is low on technical content but he points out the downsides of the seo profession too although to describe nofollow as a curse seems a tantrum.  Hey your ‘profession’ fucked it up.

A bit general term but full lifecycle.

3/5 bananas

seocrookisbn: 9781118167779 is by Lee Odden and called optimize published in 2012 it was not a book i bought but in the introduction you have to be a brilliant public speaker to do seo.   I nearly gave up at that point for reasons of deadpan humour.

Hold on lets do this as a speech after all comrade Odden suggests it.

picardmy lords ladies, gentlemen and honoured league of international chicken sexers of planet earth may i tell you that many people google things, tweet and use facebook and this can be a commodity.

Using a marketing plan Odden employs usefull idiots to create noise that drowns out any meaningful conversation for example consider this meaningless crap.

seospamAlas it takes the author to nearly the end of the book to admit that nofollow in blogs and competitors mean this stuff is of poor quality and i imagine that this din of don’t think of that try this is hardly the kind of content deemed of value.  It does kind of explain why i don’t get the comment spam volume here.

Yeah its the tempest

Yeah its the tempest

If the high noise ratio to meaningless content is Odden’s aim then i will imagine that this non technical book will require a complete overhaul very soon.

But it might work if your a public speaker.  I failed to master that skill in the time i read the book in.

0/5 bananas.

Seo books um lets say are best not purchased.

hsts and hpkp in the wild

babymemehsts impressed me when i had to do a tls upgrade unexpectedly, that’s a great thing to configure although preload as syntax option is best removed and is counter intuitive.

But hpkp (my blog) still baffles me.  hpkp is a waste of time although i have ‘valid’ hpkp i still have no hpkp backup key and the report uri thing also remains a mystery to me – is it a form in html,a cgi script or something else.

Specifically problems seem to exist with primary and backup keys (if you hairy eyeball to documentation) appears to be done with pin-sha256=\”base64+primary==\”; and +backup but i can’t verify that although it could be rfc right.

report uri is also a mystery to most just do the hashes so i guess they also gave up on it however it is supposed to work – i rekon a cgi like form is used

The higher mysteries of hpkp will remain here in the zoo

letsencrypt fail

The zoo runs several websites off one piece of hardware and some of you lot probably will be amazed that it is possible (my blog) and it works.

However lets encrypt is a wreck behind the scenes even run as root i failed to get past this web hoster’s botched implementation certbot

Carol Beer little britain says computer said no

Carol Beer little britain says computer said no

Problems encountered — one registration per /etc and need two accounts

I delete one , i get further than before then i need to create directories and when i run those commands (printf) the client still says no and when dealing muiltple ip addresses then some editing of the python syntax is needed


:/tmp/certbot/public_html# $(command -v python2 || command -v python2.7 || command -v python2.6) -c “import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer((”, 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \

Needs to become

:/tmp/certbot/public_html# $(command -v python2 || command -v python2.7 || command -v python2.6) -c “import BaseHTTPServer, SimpleHTTPServer; \
s = BaseHTTPServer.HTTPServer((‘<ip address>’, 80), SimpleHTTPServer.SimpleHTTPRequestHandler); \

However a dns redirect trumps this feature so its a real pain in the arse – all i wanted was tls website for an expired tls domain – no joy and for a postfix instance a certificate which seems to demand a website which i dont want.

I also deleted my 443 config (i did make a backup) but it strikes me as very much not ready for the real world. I decided to buy ssl instead.

Perhaps my tlsa records (my blog) upset the process but when certbot does computer says no when i wanted was something along the lines of a crt, pem chain which i could figure out the rest instead i get a boiler plate 443<monkey>.com apache template somewhere in /etc.

rocketletsencrypt is too restrictive and its configuration leaves much to be desired.  OK I was working this as an in place upgrade rather than a ‘virgin’ domain which never had ssl cert before which i could test* but its not rocket science tls but the process involved is horrid.


*to do this i would create dns zones,change dns glue records,switch on an ipv4 address and add a www thing,delete the bad account data,and then a day later try again.  No thanks.

web-design categories in

retardIs useless with two or three companies posting adverts – ok wordpress is probably not a place to do html (my blog)  and i would not choose a company from a search on wordpress.

So i guess web-design is a bad tag it should be pimp-my-webdesign-thing-twice-a-day thing-iffy.

It’s not voodoo.

Some technical support tags also reek of criminality


what contact will the tls provider use game.

guessI had to do an emergency ssl renewal recently* and while approving the first contact, the second is somewhat of a guess being the admin or tech contact.  I always seem to get to assume the wrong one, but some use one but not the other.

There pretty painless mostly if you have done it before and you get a guess who game as well.

*nobody informed me

hosted web hosting – um meh

mehThis was a test so just in case the stuff the zoo has becomes obsolete which is something that may be for a future date .

So i  bought (well rented) a discounted domain name and had a look at hosted offerings as well which was free for a short time – a webredir screwed me from displaying any html i had laying about until I de dns’ed it

Email i can only do spf (i had to add – my blog) , no dkim (my blog), so dmarc (my blog) looks unlikely with the email offering so limited.

secretI also had unrelated client issues since there is no sshfs in 32bit debian, where you mount a directory locally however undefeated so I ended up with a  firefox extension but the hoster did not support tls handshakes.  Oh well scp is sort of ‘secure’ I guess in name only.

Php was a let down with no geoip db’s no humour program to probe and my html forms did not work on my experimental hosted site. I will have to work harder on those for another day.

ssh access is a comedy, and the wiki is surprisingly sparse

securimageDay two begins and it is back to the php forms, the captcha works (my blog) and if i fail today i am going to need help.

I ask about form email because i was lazy and a file download and upload later with some experimenting get me working forms that deliver email  – maybe the wiki is not so bad and i must not be the only person to ask that.Having a mail server like the zoo has would have meant those forms working straight away

irishdrunkI do like the new domain name, which is a lot better than the hosting demo which looks poorly utilised (i want email servers and imap servers and …) say ‘wasted’ it could do so much more. Day three i delete the hosted instance (free) but for spending €2 i get a domain  and an ssl cert for a year as a bonus.  Two lines in the dns get me redirected to our proper website here in the zoo.

Dnssec was not possible – i’d need my own dns server to get that.

Hopefully i will not have to use this hosting but most of what i had works on the hosted platform and that was the point of this whole exercise. This is not a rant that unless its a full access to server then its useless but the extra hoops it entails.  But i know that simple wont cut it.

I will make a backup and hope i need never to dig out my workings.

A success i guess or a failure from the other point of view.  But i would need a ‘real’ server rather than something that just has a database on and can serve html files without ssl (ssl costs extra).


postman pat is faster than yahoo

postman pat is faster than yahoo

Is not a weather pattern for wales but a webmail system, there is a paid and a community version which seems unable to do sasl type passwords ala DIGEST-MD5 and so [January 2016] is plain text login.

cyrus/imap[*]: login: * [*] user plaintext User logged in SESSIONID=<*>

Rainloop is very easy to install compared to others and once you have a site profile it looks quite good and styles seem to support mobile devices.   Documentation is about two pages so your on your own.

I had a few issues on the profile as i dont usually setup email clients every day and once you click on setting up i got plaintext logins to my imap account, i have yet to send mail from it but it seems something to explore so its a keeper although usage will determine if i keep it or remove it from the webserver.

That’s another post.