Categories
WordPress

Memorandum #2.

同一記事の日本語版

   Some notes for my memory.

  1. About Apache.
    I forgot to add “ServerTokens” to my httpd.conf. So, I’ve done it today, “ServerTokens Prod”.
  2. About FireFox.
    FireFox has a feature “network.prefetch-next”. Its default value is true. If I access a site infected a malware, the feature might bring something bad to my PC. So, I changed its value from true to false. You can find “network.prefetch-next” by “about:config”.

    Another FireFox feature “plugins.click_to_play” value I changed from false to true.

    Maybe these two are my imaginary fears, ha-ha.

  3. About WordPress.
    They released WordPress 3.5.2. It is a security and maintenance release. I download and update wordpress-3.5.2-ja.zip by manual. I cannot use automatic update on my server because the update page does not show Japanese version. Why doesn’t the page show the latest Japanese version? I think I run my WordPress as a Multisite and its default language is English. Anyway, I always update my WordPress by manual.

    Nothing in particular. But, I found the file swfupload-all.js was deleted.

    I take this occasion to update to phpMyAdmin4.0.4.

Categories
WordPress

WordPress: Administration Over SSL #2

同一記事の日本語版

   Now, WordPress setting. As I had no experience about this, it was a worry to me, but, no problem. I found HOW TO do it.

   I set “define(‘FORCE_SSL_LOGIN’, true);” in my wp-config.php. I don’t use “define(‘FORCE_SSL_ADMIN’, true);” because my server is already slow (^^;).

   I access my log-in page. Immediately, I have a message “Multisite only works without the port number in the URL.”. OOPS!! I would have wanted to use port xxxxx instead of SSL well-known port. I have no choice, then I replace port xxxxx with the default. Well, I’ve got SSL login to my WordPress.

   I must learn about rewrite rule or so. But now, I am satisfied by this level.

Categories
translation

Another information about ~-#5.

Update information      Edit(Jun.30)

   Hey, I got another information about the new collection of short stories. You know, its name piece is “Hisho no Tori (丕緒の鳥)” and it contains four short stories. The two of them are “Hisho no Tori (丕緒の鳥)” and “Rakushō no Goku (落照の獄)”, and nobody knows the other two titles until yesterday.

   Yesterday, they announced them. 「青条の蘭」 and 「風信」.

   I have a little trouble with 「青条の蘭」’s reading. It has two readings: “Seijō no Ran” or “Aosuji no Ran”. Its English title is perhaps “Bule line orchid”.
   「青条の蘭」’s reading is “Seijō no Ran”. (Edit: 06.28)

   「風信」 is “Fūshin”. Its English title is “A/The Letter(s)”, “Rumor(s)”, or something. It depends on the story.

   I added a new translation to “The translation of Juuni kokuki newsletter by Shinchōsha“.

Edit(Jun.30):
   I decided to translate “風信” into “Which way is the wind blowing?”. See here.

Categories
WordPress

WordPress: Administration Over SSL #1

同一記事の日本語版
Update information      Edit(Jun.19)

   As I wrote before, my WordPress Login, I can only do via my home LAN because of my access control. But, honestly, it’s inconvenient very much (-_-;). So, I want I can log in my WordPress by my mobile PC. However, to transmit an unencrypted password goes against my policy.

   So, I decide to support SSL on my server (WindowsXP SP3 (x86)) again. Actually, as Apache 2.4 win32 binaries is built with apr-1.4.6 apr-util-1.4.1 apr-iconv-1.2.1 openssl-1.0.1e zlib-1.2.7 pcre-8.32 libxml2-2.9.0 lua-5.1.5 expat-2.1.0, it includes openssl.exe, openssl.cnf and other openssl files. The user is only me and the feature I need is only to log in my WordPress. Therefore, I need a private CA instead of the provider CA, like as VeriSign‘s.

   First, I make cakey.pem and cacert.pem. Usually, we use CA.pl on windows. But, Apache 2.4 win32 binaries doesn’t have CA.pl, so I use openssl.exe directly as command line tool. You can find HOW TO on the document page.

  1. Make a directory myCA somewhere in the server. Under the myCA, make directories private and newcerts, an empty text file index.txt. Actually, I made the myCA directory on a removable media. Because it’s convenient for moving my_ca.crt and clientcert.p12 to my client PC and secure if I remove it from my server when not using.
  2. The file openssl.cnf exists in the Apache conf directory. On WindowsXP, you see openssl.cnf as openssl, a file type “SpeedDial”. Open the file and modify. This modification is absolutely necessary on WindowsXP. If not, you will have an error like the below. MS new cmd.exe can use both “/” and “” as directory separators. But old cmd.exe can’t use “/”. Besides, to escape character is required in the file. So, you need “”.

    Error opening CA private key ./myCA/private/cakey.pem
    3464:error:02001003:system library:fopen:No such process:.cryptobiobss_file.c:398:fopen(‘./myCA/private/cakey.pem’,’rb’)
    3464:error:20074002:BIO routines:FILE_CTRL:system lib:.cryptobiobss_file.c:400:
    unable to load CA private key

    Modification of openssl.cnf:

         RANDFILE = $ENV::HOME/.rnd —> RANDFILE = $ENV::HOME.rnd
         #oid_file = $ENV::HOME/.oid —> #oid_file = $ENV::HOME.oid

         dir = ./demoCA —> dir = (drive xx):myCA   (Exact path required)
         certs = $dir/certs —> certs = $dircerts
         crl_dir = $dir/crl —> crl_dir = $dircrl
         database = $dir/index.txt —> database = $dirindex.txt

         new_certs_dir = $dir/newcerts —> new_certs_dir = $dirnewcerts

         certificate = $dir/cacert.pem —> certificate = $dircacert.pem
         serial = $dir/serial —> serial = $dirserial
         crlnumber = $dir/crlnumber —> crlnumber = $dircrlnumber

         crl = $dir/crl.pem —> crl = $dircrl.pem
         private_key = $dir/private/cakey.pem —> private_key = $dirprivatecakey.pem
         RANDFILE = $dir/private/.rand —> RANDFILE = $dirprivate.rand

    If you use TSA (Time Stamping Authority), you have to make the same modifications for the TSA area.

    As I use 2048 bits as default, I also modify the next.
         default_bits = 1024 —> default_bits = 2048

    By the way, I don’t add (drive x):(Apache bin dir) to the path environment variable. If you feel better to do that, please do so though I don’t like it.

  3. Run cmd.exe
         >cd (drive xx):myCA
         >copy index.txt+   (as a replacement for UNIX touch command)
         >echo 01 > serial   (a serial file contains a valid serial number is required)
         >(drive x):(Apache bin dir)openssl req -new -keyout privatecakey.pem -out careq.pem -config (drive x):(Apache conf dir)openssl.cnf

         Enter PEM pass phrase: xxxxxxxxxxxxxxxx   (pass phrase for cakey.pem)
         Verifying – Enter PEM pass phrase: xxxxxxxxxxxxxxxx   (pass phrase for cakey.pem)

         Country Name:JP
         State or Province Name:FUKUOKA
         Locality Name:FUKUOKA
         Organization Name:o6asan’s Web Site
         Organizational Unit Name:myCA
         Common Name:o6asan.com
         Email Address:My mail address

         A challenge password: blank
         An optional company name: blank

  4. Selfsign a certificate request, using CA extensions:
         >(drive x):(Apache bin dir)openssl ca -config (drive x):(Apache conf dir)openssl.cnf -selfsign -in careq.pem -extensions v3_ca -out cacert.pem

         Enter pass phrase for (drive xx):myCAprivatecakey.pem: xxxxxxxxxxxxxxxx   (pass phrase for cakey.pem)

         Sign the certificate? [y/n]: y
         1 out of 1 certificate requests certified, commit? [y/n] y

         >copy cacert.pem (drive x):(Apache conf dir)   (cacert.pem for Server use)
         >copy cacert.pem my_ca.crt   (my_ca.crt for Client use)

   Second, I make server.key and server.crt.

  1.      >(drive x):(Apache bin dir)openssl req -new -keyout server.key -out server.csr -config (drive x):(Apache conf dir)openssl.cnf

         Enter PEM pass phrase: xxxxxxxxxxxxxxxx   (pass phrase for server.key)
         Verifying – Enter PEM pass phrase: xxxxxxxxxxxxxxxx   (pass phrase for server.key)

         Country Name:JP
         State or Province Name:FUKUOKA
         Locality Name:FUKUOKA
         Organization Name:o6asan’s Web Site
         Organizational Unit Name:WordPress
         Common Name:o6asan.com
         Email Address:My mail address

         A challenge password: blank
         An optional company name: blank

  2. Sign a certificate request:
         >(drive x):(Apache bin dir)openssl ca -in server.csr -out server.crt -config (drive x):(Apache conf dir)openssl.cnf

         Enter pass phrase for (drive xx):myCAprivatecakey.pem: xxxxxxxxxxxxxxxx   (pass phrase for cakey.pem)

         Sign the certificate? [y/n]: y
         1 out of 1 certificate requests certified, commit? [y/n] y

         >copy server.crt (drive x):(Apache conf dir)

  3. As Win32 doesn’t support SSLPassPhraseDialog builtin, I need to remove the encryption from my server.key because of getting rid of an error at Apache startup time (PDF version).

         >copy server.key cp_server.key
         >(drive x):(Apache bin dir)openssl rsa <cp_server.key> (drive x):(Apache conf dir)server.key

         Enter pass phrase: xxxxxxxxxxxxxxxx   (pass phrase for server.key)

   Third, I make clientcert.p12.

  1.      >(drive x):(Apache bin dir)openssl req -new -keyout client.key -out client.csr -config (drive x):(Apache conf dir)openssl.cnf

         Enter PEM pass phrase: xxxxxxxxxxxxxxxx   (pass phrase for client.key)
         Verifying – Enter PEM pass phrase: xxxxxxxxxxxxxxxx   (pass phrase for client.key)

         Country Name:JP
         State or Province Name:FUKUOKA
         Locality Name:FUKUOKA
         Organization Name:o6asan’s Web Site
         Organizational Unit Name:Administration
         Common Name:o6asan
         Email Address:My mail address

         A challenge password: blank
         An optional company name: blank

  2.      >(drive x):(Apache bin dir)openssl ca -in client.csr -out client.crt -config (drive x):(Apache conf dir)openssl.cnf

         Enter pass phrase for (drive xx):myCAprivatecakey.pem: xxxxxxxxxxxxxxxx   (pass phrase for cakey.pem)

         Sign the certificate? [y/n]: y
         1 out of 1 certificate requests certified, commit? [y/n] y

  3. Make pkcs12 format client file.
         >(drive x):(Apache bin dir)openssl pkcs12 -export -in client.crt -inkey client.key -out clientcert.p12

         Enter pass phrase for client.key: xxxxxxxxxxxxxxxx   (pass phrase for client.key)
         Enter Export Password: xxxxxxxxxxxxxxxx   (password for client PC use)
         Verifying – Enter Export Password: xxxxxxxxxxxxxxxx   (password for client PC use)

    Close cmd.exe

   Now, I have cacert.pem, server.crt, server.key in my Apache conf directory, and, my_ca.crt and clientcert.p12 for my client PC on the removable media. These five files I only need to support SSL on my server.

   I uncomment the following lines in my current httpd.conf.

  • LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
  • LoadModule ssl_module modules/mod_ssl.so
  • Include conf/extra/httpd-ssl.conf

   I modify the file httpd-ssl.conf which exists in the Apache extra conf directory.
     Listen 443 —> Listen xxxxx   (If you leave the default, it’s no problem.)

     <VirtualHost _default_:443> —> <VirtualHost _default_:xxxxx>
     DocumentRoot “c:/Apache24/htdocs” —> DocumentRoot “my document root”
     ServerName www.example.com:443 —> ServerName o6asan.com:xxxxx
     ServerAdmin admin@example.com —> ServerAdmin My mail address
     ErrorLog “c:/Apache24/logs/error.log”
     —> ErrorLog “|bin/rotatelogs.exe -l -f logs/error.%Y.%m.%d 86400″ (my ErrorLog format)
     TransferLog “c:/Apache24/logs/access.log”
     —> TransferLog “|bin/rotatelogs.exe -l -f logs/access.%Y.%m.%d 86400″ (my CustomLog format)

     #SSLCACertificateFile “c:/Apache24/conf/ssl.crt/ca-bundle.crt”
     —> SSLCACertificateFile “C:/Apache24/conf/cacert.pem”

     #SSLVerifyClient require —> SSLVerifyClient require
     #SSLVerifyDepth 10 —> SSLVerifyDepth 10 SSLVerifyDepth 1

     <Directory “c:/Apache24/cgi-bin”> —> <Directory “my cgi-bin directory”>

   Restart My Apache.
   Install my_ca.crt and clientcert.p12 to my client PC Web browser.

   The remaining is the settings for my WordPress. Whew!

Edit(Jun.19):
   When I first logged in my WordPress over SSL, I had the message “Multisite only works without the port number in the URL”. I had no choice, then I replaced port xxxxx with the default. (^^;)

Categories
Uncategorized

Updating to PHP5.4.16.

Update information      Edit(Aug.3)

   At Jun-05 22:49:25UTC, they released PHP5.4.16. So, I downloaded a Thread Safe version php-5.4.16-Win32-VC9-x86.zip for my server (WindowsXP SP3 (x86)).

   Acoording to the ChangeLog, it has some bug fixes, also patches for CVE-2013-2110.

   As php5apache2_4.dll included in the official PHP binary 5.4.10+, I extracted the zip archive and replaced all PHP5.4.15 files with all PHP5.4.16 files except my php.ini. Then, I restarted my Apache. That’s it.

   If you need how to configure PHP5.4, please see the post on my Japanese blog. Of course, it is only in Japanese and for a mbstrings user, but I think the information gives some help for you.

   I’ve also updated to phpMyAdmin4.0.3.

Edit(Aug.3):
   If you need how to configure PHP5.5, please see “To create a Wamp-like Web Server in Windows7-#2“.

Categories
Uncategorized

NotScripts on Google Chrome.

   Recently, I have a problem with my Firefox on Windows8 PRO, NJ2100. On the Net, I found out someone had the same issue, but cannot find the resolution. I don’t understand exactly when I have the problem or not. So, I decided to change my main browser from Firefox to Google Chrome on my Win8.

   As I’ve used the plug-in ‘NoScript’ on Firefox since 2 and a half years ago, I look for the same features plug-in I can use on Google Chrome. I think the plug-in ‘NotScripts’ gives me similar features, so, I install it.

   The biggest difference between ‘NoScript’ and ‘NotScripts’ is a password. After adding ‘NotScripts’ to CHROME, you have an alert page. At the first time, you need to set your password in the file CHANGE__PASSWORD__HERE.js. The file exists in the NotScripts folder,
%userprofile%AppDataLocalGoogleChromeUser DataDefaultExtensions
odjhifogjcknibkahlpidmdajjpkkcfnversionNO.
After that, the plug-in is activated.

Categories
translation

I’ve re-translated “Hyōhaku (漂舶)”.

   I’ve finished the re-translation of “Hyōhaku (漂舶)”, so, I’ve released my second edition. I added some phrases forgotten to translate, again (^^;). I wonder you can find any improvements of my English about this edition.

   At the first edition of the story, I had very troubles with Rokuta(六太)’s way of speaking. He is an ordinary bad brat, so his language is bad. For a non-native English speaker, to translate dialect or bad language is more difficult than to translate standard language. At this time, I had troubles again. Sigh.

   In my re-translation, I use Prolonged Sound Mark for a long vowel when I romanize some nouns. For example, ō, ū.

Categories
everyday life

Shigeyama Sensaku IV (四世茂山千作) passed away.

   Shigeyama Sensaku IV (四世茂山千作) passed away at the age of 93. He is one of the greatest Kyōgen actors. Age 93, it’s enough to pass away, but, still very sad. I loved his Kyōgen very much. 合掌.

Categories
private remark

My thought of gods.#4

   I found an interesting article on the Internet. It is Who/what created the world?. On it, Japan has 1,766 votes, 33% of which has polled “God created the world” and 67% of which has polled “Big Bang created the world”.

   As soon as I see it, I wonder who is “God”. For people of monotheistic religions, God is the god maybe 100%. But for us? When Japanese poll a vote, how many percents of us imagines “God” monotheists expect? Even if we read the word “God”, in our brain the word is automatically translated into “神”. When it happens, we recognize “God” as “神”. And “神” is never the One God.

   Actually, for me, “神 created the world” is consistent with “Big Bang created the world”. Pay attention to the word “神”. It’s never the God. The control room of Hayabusa had an Ofuda of Chūka shrine(中和神社) and others. This is a very famous episode. The Ofuda of Chūka shrine which Dr. Kawaguchi(川口淳一郎) got from the shrine and he made a play on words linking 中和器(chūwa-ki = neutralizer) and 中和神社(Chūka-jinja). They have same kanji characters though their pronunciations are different.

   He was not kidding by his act. We have the saying “Do your best and leave the rest to Providence (人事を尽くして天命を待つ)”. He did his best and there was not anything else he could. So, he did make such a play and did pray, I think. Since early times, Japanese have accepted a lot kinds of religions, but we still keep a primitive faith to Nature(自然) in our mind. When we use the word 自然, it also includes us, human-beings.

   From the Meiji Restoration(1868) to the end of World War II(1945), Japanese government used Shrines (神社) as one of the tools of state administration, so shrines carry political implications now. But originally, shrines have no relationship with the government. They have long history. In some periods of the long history, they might have some relationship with the powers of the day, but they originated in our primitive faith to Nature.

   We have a god everywhere, kitchen oven, bath, lavatory, etc. By the way, bath and lavatory are usually separated in Japan still now.

   When Japanese are asked his/her religion, he/she often answers he/she has no religion or he/she is an atheist. You should not blindly accept it. It’s NOT true. It means he/she is not a Christian, not a Muslim, and so on. We, most of Japanese, even today, have our old gods in our mind. It is our religion.

Categories
everyday life

Today’s flowers in my garden and in my house.

   Now, in my garden many kinds of flowers are in bloom. I’ll show you their photos.

   And, one of my family loves Ikebana, who picks the flowers from the garden and makes flower arrangements by them in the house. Please take a look!!
 

CIMG3693 CIMG3692 CIMG3691
CIMG3690 CIMG3689 CIMG3688
CIMG3687 CIMG3686 CIMG3685
オーニソガラム・シルソイデス CIMG3681 ムラサキカタバミ
CIMG3677 CIMG3675 CIMG3674
CIMG3700 CIMG3699 CIMG3698
CIMG3664 CIMG3694 CIMG3696 CIMG3697