Archive for the ‘Computers’ Category

Remove Password on PDF file.

Tuesday, March 14th, 2017

My accountant sent me my tax returns as password protected PDF files. There isn’t any way to get them out of Adobe Acrobat Reader without the password. There are lots of on-line solutions, but that means giving someone else access to your data. There are also programs that you can download, but it’s hard to know if you can trust them. Instead just drop your PDF onto Safari. Enter the password, then use File –> Print to print to PDF.

If you want to add a new password, open the file in Preview and then use the Export as PDF command. Click on the Show Details button and check the box for encryption. You can add your own password here. The encrypted files will open in Reader and Preview.

More Re-negotiation error in Apache logs

Friday, May 27th, 2016

I was worried that updating my page to only accept secure https connections might lock out some customers who are still using Windows XP and old IE browsers. I was a bit worried when,
after updating my SSL ciphers I am still getting errors like this:


SSL Library Error: error:14080152:SSL routines:SSL3_ACCEPT:unsafe legacy renegotiation disabled
[client 180.76.15.31:51166] AH02225: Re-negotiation request failed
[client 134.249.131.0:51259] AH02225: Re-negotiation request failed
[client 134.249.131.0:51123] AH02225: Re-negotiation request failed
[client 1.39.57.169:37633] AH02225: Re-negotiation request failed

However, looking up the first ip with whois yields a netname of Baidu, the next two are located in the Ukraine, and one from India. There are a whole bunch of these, so I’m guessing it’s some spammers looking for forms that they can fill in with links. I just had 643 catalog requests a few days ago that defeated my rudimentary spam checking tool, so that’s what I’m going with for now.

Re-negotiation error in Apache logs

Monday, May 23rd, 2016

After refactoring a site and implementing https for all pages on it, I started looking closely at the logs. I was getting lots of error messages with things like, ‘routines:SSL3_ACCEPT:unsafe legacy renegotiation’ and ‘Re-negotiation failed’, so I started looking into it. I was also vaguely aware of BEAST and RC4 weaknesses so I wanted to secure the Apache server as much as possible as well.

The first thing I found was a reference to the Mozilla Server Side TLS Config Generator. It gives a very long list of ciphers that are appropriate for your web server and client needs.

It also suggests using mod_headers to implement HSTS, which according to Wikipedia, “HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking.”

I didn’t see headers in my mods-available list and looking at the output of phpinfo();, it does not appear to have been implemented. To install mod_headers on Ubuntu you just need to run a simple command.


sudo a2enmod headers
sudo service apache2 restart

Now my mods look like this:
Apache mods

My old SSLCipherSuite was very short,
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!SSLv2:+EXP:+eNULL
The new one is a monster


SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS

I have no idea what most of these are, but I’m sure the good folks at Mozilla do.

The last thing they recommend is that you implement OCSP Stapling. The details are complicated, but it basically speeds up the verification of the certificate.

After adding the new lines in the appropriate place in my sites-available file for the site, I restarted Apache and everything is running fine. In the fifteen minutes it took to write this up, I have had no negotiation messages in the error log.

Once you have implemented the changes, test your site at SSLabs. I got an A+.

Disk space

Thursday, October 8th, 2015

I was asked to take a look at a server that was no longer responding. The first thing I did after going to the co-lo and booting the console in single user repair mode was look at disk usage.


$ df
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/sda1             70557052  70557052         0 100% /
none                    508792       224    508568   1% /dev
none                    513040         0    513040   0% /dev/shm
none                    513040      1076    511964   1% /var/run
none                    513040         0    513040   0% /var/lock
none                    513040         0    513040   0% /lib/init/rw
/dev/sdb1             70557052  46954944  20018012  71% /media/Backup

As you can see the server usage went to 100%. Normally it is near the size of the hot backup drive. So some file suddenly got large. When this happens, none of the services will respond. So you can’t ssh in and the websites stop responding.

Then I started looking for files that could be causing the problem. I was told that the last time this happened the log files weren’t being erased. I check on this server from time to time and this week it was at 82%, so that didn’t seem likely but I ran this command anyway.


sudo find /var/log/ -size +20M | xargs du | sort -n -r | less

Nothing really jumped out at me but there were lots of old logs that had been zipped, and some that were labelled ‘old’, so I ran this to get rid of them

rm *.gz
rm *.old

It made a little improvement, but not enough to get the df command to go below 100%. It did go to 68852672 which was enough to get ssh into the server after a reboot. I kept looking for the source of the large files but had no luck. We have a call in to the guy who fixed it last time hoping he remembers what he did.

Lou Buys A Computer

Tuesday, July 14th, 2015

Costello calls to buy a computer from Abbott

ABBOTT: Super Duper computer store. Can I help you?

COSTELLO: Thanks I’m setting up an office in my den and I’m thinking about buying a computer.

ABBOTT: Mac?

COSTELLO: No, the name’s Lou.

ABBOTT: Your computer?

COSTELLO: I don’t own a computer. I want to buy one.

ABBOTT: Mac?

COSTELLO: I told you, my name’s Lou.

ABBOTT: What about Windows?

COSTELLO: Why? Will it get stuffy in here?

ABBOTT: Do you want a computer with Windows?

COSTELLO: I don’t know. What will I see when I look at the windows?

ABBOTT: Wallpaper.

COSTELLO: Never mind the windows. I need a computer and software.

ABBOTT: Software for Windows?

COSTELLO: No. On the computer! I need something I can use to write proposals, track expenses and run my business. What do you have?

ABBOTT: Office.

COSTELLO: Yeah, for my office. Can you recommend anything?

ABBOTT: I just did.

COSTELLO: You just did what?

ABBOTT: Recommend something.

COSTELLO: You recommended something?

ABBOTT: Yes.

COSTELLO: For my office?

ABBOTT: Yes.

COSTELLO: OK, what did you recommend for my office?

ABBOTT: Office.

COSTELLO: Yes, for my office!

ABBOTT: I recommend Office with Windows.

COSTELLO: I already have an office with windows! OK, let’s just say I’m sitting at my computer and I want to type a proposal. What do I need?

ABBOTT: Word.

COSTELLO: What word?

ABBOTT: Word in Office.

COSTELLO: The only word in office is office.

ABBOTT: The Word in Office for Windows.

COSTELLO: Which word in office for windows?

ABBOTT: The Word you get when you click the blue ‘W’.

COSTELLO: I’m going to click your blue ‘W’ if you don’t start with some straight answers. What about financial bookkeeping? Do you have anything I can track my money with?

ABBOTT: Money.

COSTELLO: That’s right. What do you have?

ABBOTT: Money.

COSTELLO: I need money to track my money?

ABBOTT: It comes bundled with your computer.

COSTELLO: What’s bundled with my computer?

ABBOTT: Money.

COSTELLO: Money comes with my computer?

ABBOTT: Yes. At no extra charge.

COSTELLO: I get a bundle of money with my computer? How much?

ABBOTT: One copy.

COSTELLO: Isn’t it illegal to copy money?

ABBOTT: Microsoft gave us a license to copy Money.

COSTELLO: They can give you a license to copy money?

ABBOTT: Why not? THEY OWN IT !

(A few days later)

ABBOTT: Super Duper computer store. Can I help you?

COSTELLO: How do I turn my computer off?

ABBOTT: Click on ‘START’.

Well Golly


Atheism Plus

Buy from Amazon