Trackserver v5.0 released

So… here we are! A new version of my Trackserver WordPress plugin was released! If you don’t know what Trackserver is, please have a look at its dedicated page on this website and the plugin’s details on WordPress.org.

Almost five years have passed since the last major release, and the last minor release, v4.3.2, was more than three years ago. In the first few months after the last release, a lot of work was done on restructuring the plugin, but the job at hand turned out to be bigger than expected, and before I could finish it, life got in the way.

So here’s a small disclaimer: after so much time, and so many failed attempts to release a new version, I decided to just do it: release a new version on WordPress.org, exactly as it currently is on Github. This means that some features, and most notably the upgrade process have not been tested very well. Version 4.3.2 is old, and I have always been running the latest code myself. It also means that not every known issue that may still be present in v5.0 is fixed. If things don’t work for you the way you expect, I apologize. Please open an issue, preferably on Github, and I’ll try to help you as well as I can.

As with every major release, there are a few big changes that deserve some special attention. Here we go.

Universal URL slug for all supported apps

In earlier versions of Trackserver, each supported client app (TrackMe, OruxMaps, etc.) had its own URL slug, which allowed Trackserver to quickly pick a the right protocol to listen for.

Trackserver v5 introduces a new universal slug, that can be used in all supported clients. The server will use different heuristics to pick the correct protocol. This means that all clients have to be reconfigured to use the new slug, which is ‘trackserver’ by default. You can configure the slug in Trackserver’s options.

To illustrate this with an example:

With v4, in TrackMe, you would use https://yourhost/wp/trackme in the ‘URL Header’ setting.

In OruxMaps, you would use https://yourhost/wp/mapmytracks.

With v5, you would use https://yourhost/wp/trackserver in either of them!

Your Trackserver profile in the WordPress backend will display this URL at the top of the page. The old, app-specific URL slugs still work in Trackserver v5.0, so nothing will break right away, but they are marked deprecated in the options page, and they will be removed in a future version.

The universal URL does, however, take two different forms. It is possible to embed authentication credentials in the URL, for apps that do not support a more secure method of authentication, like HTTP POST or HTTP basic authentication. TrackMe, OsmAnd and SendLocation are the known clients that need this. In earlier versions this was already possible (and necessary) for some apps, while for example OsmAnd would normally be configured to send the credentials as URL parameters (?username=abc&password=xyz). In v5, I decided to standardize this on having the credentials in the URL as components, rather than as parameters, although the parameters still work. For named apps, the Trackserver URL would look like this:

https://yourhost/wp/trackserver/<username>/<password>

Either of these methods are inherently insecure, because the credentials will likely be logged in the webserver’s access logs. That’s why Trackserver stopped requiring your WordPress password for these apps a long time ago. And please, please, please.. always use HTTPS!!

And that brings me to the second big change that needs some more explanation.

App passwords

In earlier versions of Trackserver, there were different authentication credentials for different apps:

• Some apps (OruxMaps, OwnTracks) were considered secure enough to use your WordPress password.
• For the other apps, each one had a different ‘secret’ in your Trackserver profile.

Apart from the confusion and the hassle of managing all these different secrets, there was the problem of sites that use SSO for logging in to WordPress, in which case users don’t really have WordPress password to use with Trackserver.

In version 5, these app-specific passwords and access keys have been transformed into ‘App Passwords’, and are now app-independent. Existing access keys are automatically converted to App Passwords during the upgrade, and will all be valid for all supported apps, including the apps that worked with your WordPress password before.

Your WordPress password will still work for those apps, but that may change in a future release. Switching to App Passwords is recommended, regardless of the app you use for tracking. The main benefit is an increase in security, because your WordPress password will no longer be necessary for using Trackserver. Trackserver App Passwords can be changed often without impacting WordPress logins. As an added bonus, App Passwords also work in WordPress installs that use SSO mechanisms like OAuth2 for user logins.

App passwords can be managed in your Trackserver profile. They also have permissions attached to them: ‘read’, ‘write’ and/or ‘delete’. Most apps only create tracks and send location updates, and they would only need ‘write’ permission for that. If you configure an app password with only write permissions, it cannot be used to download your tracks or delete anything, in case it would fall into the wrong hands.

Some apps, like TrackMe for example, have functionality that requires read and/or delete permissions. If you use that functionality, you have to configure an app password with appropriate permissions. But even TrackMe can be used for online tracking with only write permissions.

Other changes

There were also a lot of more or less minor changes, that I should mention here:

• You can now search / filter tracks with a search box at the top of the tracks list.
• A bulk action for duplicating tracks was added.
• The PHP code was restructured in a major way, separating code into different classes in a logical way.
• Leaflet was updated to version 1.9.3.
• Experimental support for µlogger.
• Numerous small changes and fixes, improving usability, robustness and error handling.

A complete list of changes can be found in the changelog.

No changes at all were made in the shortcode or the presentation side of things.

Docker on Debian Wheezy

Maybe you have already heard of the next revolution in application deployment called Docker. I quote:

Docker is an open-source engine which automates the deployment of applications as highly portable, self-sufficient containers which are independent of hardware, language, framework, packaging system and hosting provider.

On the getting started page, you can see that you need an Ubuntu machine to get it running:

Requirements

• Ubuntu 12.04 (LTS) (64-bit)
• or Ubuntu 12.10 (quantal) (64-bit)
• The 3.8 Linux Kernel

One thing that is missing from this list, is AUFS support in the kernel, which isn’t a sure thing these days in Ubuntu.

However, I was interested in running Docker on a 64-bit Debian Wheezy machine, and this post explains how to do it. It’s not really hard, but you need to install an Ubuntu kernel. At least, I haven’t been able to find a 3.8 kernel for Wheezy just yet.

Your best bet is the 3.8 kernel from Ubuntu 13.04 Raring, backported for Ubuntu 12.04 LTS Precise. If that link is broken, try this one or get the right page from here. I have tried a kernel from Ubuntu’s mainline kernel PPA, but the 3.8 and 3.9 kernels for Raring from there seem to lack AUFS support.

I downloaded the deb named linux-image-3.8.0-23-generic_3.8.0-23.34~precise1_amd64.deb, which installs on Wheezy without problems. Just do:

$ sudo dpkg -i linux-image-3.8.0-23-generic_3.8.0-23.34~precise1_amd64.deb
$ sudo reboot

Now find a Docker package on Launchpad. Get the one that is built for Precise.

First install the dependencies:

$ sudo apt-get install lxc bsdtar

and then Docker. This will not succeed:

$ sudo dpkg -i lxc-docker_0.4.0-1_amd64.deb
Selecting previously unselected package lxc-docker.
(Reading database ... 40929 files and directories currently installed.)
Unpacking lxc-docker (from lxc-docker_0.4.0-1_amd64.deb) ...
Setting up lxc-docker (0.4.0-1) ...
/var/lib/dpkg/info/lxc-docker.postinst: 4: /var/lib/dpkg/info/lxc-docker.postinst: /sbin/start: not found
dpkg: error processing lxc-docker (--install):
 subprocess installed post-installation script returned error exit status 127
Errors were encountered while processing:
 lxc-docker

This is caused by Docker’s Ubuntu package trying to use upstart to start the daemon, which does not work on Debian. Disable that:

sed -i 's~/sbin/start~#/sbin/start~' /var/lib/dpkg/info/lxc-docker.postinst
sed -i 's~/sbin/stop~#/sbin/stop~' /var/lib/dpkg/info/lxc-docker.prerm

If you now have apt-get fix its state, it should work:

$ sudo apt-get -f install
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up lxc-docker (0.4.0-1) ...

That’s it!

Now continue with the examples on Docker’s website. Happy Docker’ing!

Mail aan Ticketservice

Onderstaande mail stuurde ik zojuist aan Ticketservice. Zal wel weer een kutreactie op komen.

Al eerder heb ik u gevraagd waarom uw “servicekosten” zo hoog zijn, maar u kwam in uw antwoord niet verder dan “die zijn meestal ca 10% van de aanschafprijs”, wat natuurlijk een KUT-antwoord is.

Zojuist heb ik, met veel gedoe en frustratie, kaartjes besteld voor Bruce Springsteen. U rekent hier 7,50 servicekosten voor. Ik vind dat BELACHELIJK. U dienstverlening is ronduit SLECHT, en 7,50 is heel veel geld voor het opsturen van een PDFje.

Kunt u verantwoorden waarom u meent 7,50 PER KAARTJE te moeten rekenen. Vind u zelf ook niet, dat dat een belachelijk hoog bedrag is?

Ik ben als frequent concertbezoeker gedwongen om klant bij u te zijn, maar die ervaring is nooit, maar dan ook NOOIT een prettige geweest. Ik hoop oprecht dat u:

a) uw dientverlening verbetert, zodat ik niet EEN UUR bezig ben met het bestellen van 4 kaatrtjes

b) uw tarieven verlaagt, en loskoppelt van de aanschafprijs van het kaartje, want die koppeling is er in de praktijk natuurlijk niet. Gewoon 2 of 3 euro per kaartje rekenen, dat is redelijk en eerlijk. Wat u nu doet gaat alle perken te buiten.

Koffie-ijs zonder ijsmachine

Aangepast en vertaald in het Nederlands op 6 oktober.

Dit recept komt oorspronkelijk van http://www.eating-for-england.com/no-churn-coffee-ice-cream/, maar omdat ik die link al een paar keer kwijt was, en er bovendien Engelse maten in worden gebruikt, heb ik het recept hier overgenomen en aangepast aan het metrisch stelsel.

Homemade ice cream without a machine? I was gob smacked when I realised how easy this is. Learning to bake and cook over the last few years has included a series of fun surprises: I never would have guessed that any old person could make ice cream at home so dang easily.

I started my ice cream adventure with one of my all-time favourite flavours, coffee. Everything about this is reminiscent of Vietnamese coffee for me – the intense sweetness from both the heavy cream and sweetened condensed milk immediately transported me back to backpacking in South-East Asia, enjoying iced coffee on hot, steamy mornings. Not a bad thing to reminisce about on these humid, 100F Minnesota days with a cold cup of ice cream in hand.

Koffie-ijs zonder ijsmachine

adapted from Vanilla Bean

Ingrediënten

• 1 blikje (*) gecondenseerde volle melk met suiker (Friesche Vlag)
• 1/2 eetlepel vanilla-extract of aroma
• 1/2 kopje (60 ml) sterke koffie, oftewel 1 flinke espresso, gekoeld
• 250 ml slagroom, gekoeld

(*) Een blikje gecondenseerde melk van Friesche Vlag bevat iets meer inhoud dan nodig

Instructies

• Doe de room en de koffie in een kom en klop het mengsel stijf met een mixer
• In een andere kom, meet 220 ml gecondenseerde melk af en voeg het vanille-extract toe
• Schep met een rubber spatel de geslagen room bij de gecondenseerde melk en schep voorzichtig om, totdat het een homogeen mengsel is
• Zet het mengsel in de vriezer en laat tenminste 6 uur invriezen

RE: Cisco Software Downloads – Registration Concerns

Yesterday, I registered a user account with cisco.com. As you can deduct from yesterday’s tweets, this was not a very pleasant experience. My frustration grew so big, that I, when prompted for feedback about the registration procedure, entered the F-word a few times to be done with it.

Today, however, I got a polite mail from a Cisco employee, asking me to elaborate on the issues I had. This is what I wrote. Let it be a lesson to people who design registration forms for websites.

Hi,

> > We appreciate your feedback and regret any inconvenience.

And I apologize for my choice of words in the feedback I sent you.

> > Can you please elaborate on the issues you faced with registration? Was
> > there a specific step or question that caused issues? These details will
> > help us improve the website for all customers.

Well, it took me no less than 9 times to successfully submit the registration form, including a few times were I forgot to re-enter a password, as this isn’t kept between subsequent submits.

A couple of annoyances:

•  The field named ‘Retype Email Address’ doesn’t make sense. Why do you want me to copy and paste my email address??
•  Phone number check is too strict. I entered ‘+3140……..’, which was declined because of the ‘+’.
•  Postal code check is too strict. I entered ‘5612 AX’, which is the offical notation in The Netherlands, but it was declined because of the space in the middle.
•  I am obliged to choose and answer 2 (two!) secret security questions. I do not understand how these questions increase security in any way, and I do not want to use them. I do not forget passwords (or rather: my secure password store doesn’t). Answers to ‘security questions’, however, I cannot remember and it is none of your business how my first pet was named.
•  If any of the entered values does not conform to what the website expects, a message is printed for the first error only. So you fix that, resubmit, find out you forgot the passwords, resubmit again, only to find out there a more errors to fix. That’s just dumb.
•  Finally, after submitting the form a number of times, the website gave me a ‘Your session timed out’ error, and all values were erased so I had to start from scratch.

I hope this helps.

Best regards,
Martijn Grendelman

P.S. The evil registration form can be found here.