Ulysses writing app – sort notes by date

I’ve been using the great Ulysses writing app on my Mac. It’s a lot like Evernote, but strictly for writing– you won’t be posting other media there, since everything in Ulysses is written in Markdown. Ulysses is pretty minimalist, which I like. And it’s very smooth– I can type as fast as I want and there’s never any pauses, freezing up, or the dreaded pizza of death. These are frequent occurrences in Evernote.

Ulysses looks a lot like Evernote too– no manually managing files, you just create a new one with Command-N (-N) and away you go writing. But out of the box the app doesn’t show creation date or modification date on your notes. This is a problem if you use it for journaling like I do. But you can get the app to display dates, here’s how:

In order to view the creation date or modification date of a sheet on Mac:

  1. Go to the menu “View” › “Sheet Preview” and check “Dates”.
  2. Now, sort your group “By Creation Date” or “By Modification Date” and the date will be visible in the sheet list.

That hint comes from Alexander Roth, Head of Customer Support for Ulysses, via a support email request.


Artisan Gluten-Free Sourdough Bread

I wrote down my recipe for great artisan, crusty gluten-free sourdough bread.

My partner says it’s the best bread she’s ever tasted, and it happens to also be gluten-free. It’s chewy with a real artisan crust. Eating it, she doesn’t miss wheat bread at all. I don’t either.

There’s nothing like having a house filled with the smell of baking bread. We make this every few weeks now, and slice it and freeze it, and so can have crusty gluten-free bread whenever we want.


How to Download a Marco Polo Video on iOS

Marco Polo is a fun app that lets you send and receive videos– a video “walkie-talkie.” The app only gives you the ability to save videos that you sent. But on an iPhone or iPad it’s possible to save videos that other people sent you by using iOS’s screen recording function.

Update: Marco Polo added the ability to save videos to your Photos library on your phone, so the steps below aren’t needed.

Here’s how to download a Marco Polo as a video into your iPhone or iPad photo library (and save on your computer if you want).

  1. First add the screen recording button to your control center
  2. Then go to Marco Polo.
  3. Pull up the control center by swiping up from the bottom of the screen.
  4. Start recording.
  5. Close the control center.
  6. Play the Polo – the sound will be recorded too.
  7. Swipe up to bring up control center, stop recording.
  8. The video is saved in your Photos library. You can send it to your computer via Airdrop.

How to take apart a Brita Water Filter Pitcher for cleaning

I own one of these Brita 10-cup water filter pitchers, and found it a bit tricky to take it apart to clean the inside. Buried in a review on Amazon were these great instructions:

How to take off the filter housing is quite simple: fill the pitcher with soap and water, flip it upside down and the housing should just slip off.

The important part is to fill up the bottom of the pitcher, leaving the top empty. When you flip the pitcher upside down, the weight of the water will make the white plastic insert pop out.

Update: This eventually became too hard, since the insert can stick, and make it hard to remove. I bought a ZeroWater pitcher and am quite happy with it, it’s easy to disassemble for cleaning.


Removing and blocking Monero Crypto-currency-mining WordPress Malware

This is a quick note about how to remove and block Monero crypto-currency mining WordPress malware.

Symptom: You run WordPress on your Linux web server and its CPU is at 100% but it should not be.

Logging into the system, and looking at running processes, you see this:

The cron.php is allowing a backdoor to let bots run mining malware on your server. The /tmp/phprScAj0_j3oku523wjamvhep program is a Monero crypto-currency miner, making money for someone who broke into your system.

The temporary file /tmp/phprScAj0.c contents looks like this:

Kill the processes (replacing the process ids with the ones on your system):

Now remove the malware and secure your system:

  1. Install the Sucuri WordPress plugin – you can do this from WordPress plugins page by doing Plugins > Add New > (search for Sucuri)
  2. Download a new copy of WordPress and copy the new files over the infected ones listed by the plugin – via the command line
  3. Remove all non-Wordpress files listed by the plugin
  4. Install the iThemes Security WordPress plugin – you can do this from the WordPress plugins page by doing Plugins > Add New > (search for iThemes Security)
  5. Disable XML-RPC using the iThemes Security > Settings > WordPress Tweaks page
  6. Remove all php files from wp-content/uploads (these will be named like WordPress system files, but they are not):
  7. Disable PHP execution in the wp-content/uploads directory
  8. Now examine all your theme code for backdoors. You are looking for something like this:

    If you do the following you can rapidly page through all the php code looking for strange things like a big block of numbers like the above example:

    Remove the file or the offending block of code.

  9. Another way to find the files is the following:

    If the file only contains malware (a large eval block) just delete it.
  10. Find and remove files of the form favicon_0c57fe.ico – the letters and digits after the underscore can be different:

    These are not ico files, they have a php back door embedded in them.
  11. Look in wp-config.php for any weird looking includes – maybe including an ico file like the ones listed above. If you find any, remove them.
  12. You are done! – Watch your CPU graphs to make sure you really deleted it and it doesn’t come back.

I am not sure all the steps are needed, but this worked for me and keeps the bots out. I hope it helps someone else.


Google Analytics for WordPress and Shopp eCommerce plugins

I noticed that Google Analytics for WordPress has Shopp eCommerce plugin support that enables conversion tracking, but it doesn’t work on Shopp v1.2.9, the version I have.

I have a fix for this problem – I applied this fix and it works on my site.

You need to change the two lines in the Google Analytics for WordPress plugin file frontend/class-frontend.php function shopp_transaction_tracking that read:

to this:

I submitted this to the plugin author, Joost van de Valk via Yoast.com but he hasn’t gotten back to me, so I’m posting this in case it helps someone else.


Flickr get all image sizes bookmarklet

This is a bookmarklet that gives one-click access to all the Flickr image sizes on the new Flickr site. To use, click the bookmarklet when viewing an image. To install, copy the code, make a new bookmark, edit it, and paste the code into the bookmark’s address field. This has been tested on Chrome, Firefox, and Safari:


Building an Orone Mini part 2: solder paste stencils using gerber2graphtec

This is part of a series of posts about building an Orone Mini, a Maple Mini clone that is designed to be easier to build by hobbyists. It primarily uses surface mount technology, and there are a couple of fine-pitch (0.5mm) devices, so it’s not easy to solder by hand. This means I need to use a solder stencil.

I want to make my own stencils, since I want faster turnaround time. But how to do it? Adafruit has a great tutorial on making SMT stencils, but the final output step uses a laser cutter. I don’t want to buy a laser cutter, since they’re in the thousands of dollars – making my own laser stencil cutter is cool, but right now I don’t have the time for it. Making aluminum stencils also sounds cool but I don’t want to mess around with muriatic acid and other chemicals each time I want to make one.

On Hack A Day I heard about using a vinyl cutter to cut stencils which linked to Peter Monta’s wonderful program gerber2graphtec.

This is a command line program that takes gerber files output by an EDA program (in my case, Eagle) and turns them into something that the inexpensive Silhoutte Cameo stencil cutter can understand. You can get more info on Peter Monta’s SMT Stencil Cutting blog post, or this one at DM Studios on stencil cutting.

Here’s what worked for me:

  1. Graphtec Silhouette Cameo stencil cutter bundle – $270 as of the writing of this blog post, much less expensive than a laser cutter.
  2. 3M PP2500 overhead transparency film
  3. Avery 5353 full-sheet labels
  4. Citrasolv citrus solvent
  5. Dental pick
  6. Wide-field microscope (about $180; I also use it for SMT joint inspection) or magnifying glass

This is pretty much exactly as Peter Monta explains in his SMT stencil cutting blog post. I tried some of the other ways he thought might work – using the cutting mat instead of the full sheet label, or using spray-on removable adhesive. But these weren’t as successful – I think the Avery labels stick well and keep the plastic film from bending while the cutting is going on.

I’m on Mac OS X using Homebrew (rather than the MacPorts that Monta uses). Here’s the steps I went through.:

  1. Install the non-Python dependencies for gerber2graphtec:

  2. Make a Python virtual environment to hold the Python dependencies
  3. If you don’t have Python and pip, install them. (Using brew to install Python installs pip.)

  4. Install virtualenvwrapper and make a Python virtualenv to keep the Python dependencies separate from your global libraries (this step is optional):

  5. Install the Python dependencies:

  6. Clone the gerber2graphtec project

  7. Use an EDA tools to produce the solder stencil layer (tcream layer in Eagle) gerber files as in the Adafruit SMT stencil tutorial. I use a 1-mil shrink – that is, I shrink all the pads by 1 mil so the solder paste doesn’t overflow too much. This is a compromise – I’d really like to shrink by 3 or 4 mils, but the stencil cutter doesn’t produce perfect holes if I shrink the fine-pitch pads that much, and the solder paste I’m using (lead-free Kester NXP) doesn’t go through the small holes that well. 1-mil shrink seems to work fine.
  8. Check the gerber2graphtec options to get ready to convert your gerber to something the Cameo will understand:

  9. Process the tcream gerber file to make a file that can be sent to the Silhouette Cameo (.gtec file). These settings are for a 0.5 inch bounding box around the board outline; gerber2graphtec calculates the border from the bounding box of the stencil, which may not be the edge of the board. I’m adding an offset so the stencil is cut into the right edge of the sheet.

    I’m using 3 passes with increasing force – with three passes I can get almost perfect cut-outs of the fine-pitch pads.

  10. Attach a full sheet label to the transparent overhead film – make sure there are no bubbles and the film is firmly attached
  11. Set the 45 degree cutting blade to setting 1. (With the Avery 5353 labels stuck to the PP2500 film, I found blade length setting 1 perfect using 3 passes, first pass at force 8, second at force 15, third at force 29.)
  12. Load the film+label as media (without the cutting mat)
  13. Send the gtec file to the Cameo cutter:

  14. Unload the media, peel off the stencil:
  15. Remove paper from stencil by running under water and rubbing – this picture shows the stencil with the adhesive gunk still on it:
  16. Remove adhesive using Citrasolv and sponge
  17. Rinse with clean water and dry
  18. Examine under microscope or magnifying glass – remove chads that are still stuck using the dental pick

  19. Using the 3-pass progressively harder pressure, on a fresh sheet with no other stencils cut out of it, I can get almost perfectly square holes even on the fine-pitch pads. The picture above shows a 2-pass run I did on sheet that had other stencils cut out of it. I think the fine-pitch TQFP pads are distorted on this one because the Orone Mini has the STM32 fine-pitch TQFP part laid out on a diagonal – when I cut the test coupon that had fine pitch pads layed out straight, the fine-pitch pads came out almost perfectly:

    When I went to the 3-pass using a fresh sheet, my fine-pitch diagonal pads look like this too. Success!

  20. You are done!

(Part 1: Introduction)


Building an Orone Mini: part 1, introduction

I’m building a Maple Mini clone called the Orone Mini S8H as practice for building an Open Source EEG board. The Orone Mini is a board designed by Garry Bulmer in the UK. It’s software compatible with the Maple Mini but designed to be more easily made at home by hobbyists – it’s a two-layer board, and mainly uses larger 1206 size SMD components, on one side of the board only. Here’s a couple of articles about it: Improving the Maple Mini Part 1, Improving the Maple Mini Part 2. Here’s the Maple Mini specifications.

I got the boards made at the fabulous OSH Park:

This board uses a different mini-USB connector than the Maple, with a couple of tabs that make the board connection sturdier. I forgot to pick the right connector variant in Eagle when I submitted the board – so instead of slots for the connector’s tabs, there are a couple of plated holes that the connector won’t fit into. I had to get out the Proxon Micromot (Dremel-like tool) to router out two slots:

I’ll post updates on my progress here as I go along – so stay tuned!

(Part 2: solder paste stencils using gerber2graphtec)


WordPress botnet protection for websites on Apache 2

There’s a botnet out there that’s attacking WordPress sites, trying to brute-force guess their admin passwords. I recently got alerted there was a traffic spike on my website, which is unusual. I looked at the server access logs, and indeed, there was something trying to access my WordPress login page over and over. This is output from a tail /var/log/apache2/mysite-access.log:

So what to do? I looked around for an article on how to protect myself from the botnet, but didn’t find any good ones. So that’s why I’m writing this article.

WordPress security plugins

If you only have one or a few WordPress sites to protect, as the article I link to above mentions, it looks like you can install a plugin to protect you. Both these will automatically block logins from IPs after a certain number of failed login attempts. I haven’t tried either yet.

Apache mod_security

I wanted a solution that would work for all the WordPress sites on my server. That meant something at the Apache configuration level, or in the OS. I’m running Ubuntu 12.04. Here’s what I did, and it seems to work – this solution will block all attempts to log into WordPress except from a whitelisted IP address.

  1. Install Apache mod_securitymod_security is an Apache module that helps prevent attacks like this, and does a lot of other cool security stuff.
  2. Make sure you follow the instructions in the article above to install the default rule set
  3. Find out your IP address of your home network – one way is to type “What is my IP address” into Google.
  4. Add the following rules into your /etc/modsecurity/modsecurity.conf file:

    Replace the 1.2.3.4 with your home IP address. You can have multiple lines like this if you access your WordPress site from multiple IP addresses.
  5. Restart Apache:
  6. You are done. If you want, you can check your Apache logs to see there’s now 403 error codes being returned for the botnet requests.

The solution isn’t perfect, since you still get lots of “403 – Forbidden” log entries, but it’s better than leaving your WordPress site vulnerable.

Update: after I whitelisted my home IP, the botnet seems to have given up – after about 15 minutes the requests stopped coming.

Update: I posted the question and answer to Stack Overflow, since that will probably get more traffic than this blog post: How do I protect my WordPress/Apache website from a brute-force botnet attack?