I turned pale-#3.

   Whew, I had a terrible time. However, I cannot complain to anyone because that was my own fault.

   Yesterday, while I was writing about the article related to phpMyAdmin and MariaDB, I saw the error log of MariaDB and found some errors on it. I thought they came from my manual update. So I started messing around with MariaDB to solve them, had so enthusiasm to it and fell into a pitfall, grrr. As I did multiple things for the time, I could not understand what gave me such wrong conditions really. What a goofy situation!! I make such a blunder every few years, oops.

   I gave up to restore the MariaDB after all and re-installed MariaDB 10.0.12. Now, I think it was better to re-install it from the first. But I did not back up the latest data for a change, so I couldn’t give up restoring the old state easily. Danger past and God forgotten. I can’t believe my deficit in learning ability, he-he.

  As a result I lost three articles.

  All have come back. But very early in the morning now. Exhausted!

Updating to PHP5.5.14.

   They released PHP5.5.14 on Jun-25 23:06:26UTC. So, I updated my PHP from 5.5.13 to 5.5.14 on my Web server (Windows7HP+SP1(x86)).

   According to ChangeLog, this includes eight CVE fixes, oh! my gosh. They also concerns about bug 67072. If you have issues related to this and need more information, you should visit their upgrading guide.

   The php.ini-production has no change. As the official PHP binary includes php5apache2_4.dll, I extract the zip archive and replace all PHP5.5.13 files with all PHP5.5.14 files except my php.ini. Then, I restart my Apache. That’s it.

   If you need how to configure PHP5.5, please see the post. It is for a mbstrings user, but the information gives some help for you.

   I used this opportunity to update to phpMyAdmin 4.2.5 and MariaDB 10.0.12. If you need more information about their configuration, Please see “phpMyAdmin 4.2.0 is released” and “MariaDB 5.5“.

I couldn’t find my mesh strainer!!

green peas 水羊羹
green peas 水羊羹 with tea
   The day before yesterday, in the freezer compartment, I found green peas I had forgotten. I decided to make bean paste for 水羊羹(みずようかん). Boiled and mashed, but I thought the peels must have given us bad texture. So I changed my plan which was making 粒餡(つぶあん). 粒餡 is made of whole beans. To make 漉し餡(こしあん), I need a mesh strainer. When we make 漉し餡, we must remove peels and mash peas more smaller. So I looked for my strainer, but I couldn’t find it, oops. I always act after the event, he-he.
 
   Where has my strainer gone? I did not have used it for years, well I had no choice. I made 漉し餡 without Japanese strainers.
 
   I had acceptable 漉し餡. ~~~~~≫ Now, I’ll show you my 水羊羹!!

A solution of “SSL3_READ_BYTES:sslv3 alert handshake failure” on WordPress.

   Since WordPress that was version 3.7 had a ca-bundle.crt in its wp-includes folder, I’ve had troubles when I upgrade my WordPress Network. I misunderstood the message “Warning! Problem updating https://SITENAME.” meant one of my sites had a trouble, but now I think it meant the first site the WordPress checked out was wrong and the WordPress had no information about the rest of my sites.

   First I had the “Error message: SSL certificate problem: self signed certificate in certificate chain” because I use a self-signed certificate. But Oiram gave me its solution. All I need is to add my CA cert data to the ca-bundle.crt.

   Next I had the “Error message: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure”. I’ve had a hard time with this trouble for more than two months. Finally, I have the complete solution of this today \(^o^)/.

   I look back now and think the trouble had three issues.

  1. My client.crt had no ssl_client extension. so I re-made a client.crt with ssl_client extension like this. The reference of this is “sslv3 alert handshake failure when using SSL client auth”.
    First, I added the next text to the end of my openssl.cnf.

    [ ssl_client ]
    basicConstraints = CA:FALSE
    nsCertType = client
    keyUsage = digitalSignature, keyEncipherment
    extendedKeyUsage = clientAuth
    nsComment = “OpenSSL Certificate for SSL Client”

    And I made a new client.crt with ssl_client extension.
    >openssl ca -config openssl.cnf -policy policy_anything -extensions ssl_client -in client.csr -out client.crt

    • With the old client.crt, I had the next two errors when I did “openssl s_client -connect o6asan.com:443 -cert client.crt -key client.key -CAfile cacert.pem”. But, the new one gives no error.
    • error:14094418:SSL routines:SSL3_READ_BYTES: ~
      error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure: ~
    • Of course I re-made a new clientcert.p12
  2. At “Upgrade Network”, WordPress uses cURL. But cURL doesn’t accept P12 format certificates. So I need PEM format certificates.
    • To make a clientcert.pem from the clientcert.p12
      >openssl pkcs12 -in clientcert.p12 -nokeys -clcerts -out clientcert.pem
    • To make a clientkey.pem from the clientcert.p12
      >openssl pkcs12 -in clientcert.p12 -nocerts -out clientkey.pem
       
      To make a copy of the clientkey.pem and remove the pass phrase from it.
      >copy clientkey.pem cp_clientkey.pem
      >openssl rsa <cp_clientkey.pem> clientkey.pem
  3. To tell my WordPress the places of the client certificates.
    • To add the following lines to just before the line “curl_setopt( $handle, CURLOPT_CAINFO, $r[‘sslcertificates’] );” in the file class-http.php.

      curl_setopt( $handle, CURLOPT_SSLCERT, 'the exact path of clientcert.pem' );
      curl_setopt( $handle, CURLOPT_SSLKEY, 'the exact path of clientkey.pem' );

      I hate to change WordPress core PHP scripts, so I try and try other methods, but nothing is useful. After all, I add the lines above to the class-http.php.

      To copy the clientcert.pem and the clientkey.pem to somewhere in the server, somewhere means a safer place anyone cannot access via the Internet.

    This reference is Client URL Library.

   If you need how to create certificates, see the post “WordPress: Administration Over SSL #1”.

   Now the error has gone. I’m happy, clap,clap!!

After all, I’ve updated to Windows8.1 Pro(x86) on the NJ2100.

Update information      Edit    Edit2(Jun.23)    Edit3(Jul.7)    Edit4(Jul.24)

   In my previous post, I wrote “Tried Windows8.1 Pro on the laptop PC (NJ2100), and failed”. But I’ve updated to Windows8.1 Pro(x86) on the NJ2100 after all.

   Before starting update from Store, I deleted the SiS Mirage 3 Graphics driver based on R529_Logo.zip. If not deleting, I would have the error “0xC1900101 – 0×30018”. As I deleted the driver, I was able to finish the update. But I would have the trouble again if I install the driver after updating. So, I cannot use the monitor resolution 1440×900 now. I use the the MS Basic Display Adapter driver and take the monitor resolution 1280×768. See the Edit4.

   After updating, I also found the Realtek High Definition Audio was disabled. So, I visited the Realtek official site, downloaded a 32bit_Win7_Win8_Win81_R275.exe and installed it. The latest driver version is 6.0.1.7246. But I had terrible noise again. Therefore I replaced ver. 6.0.1.7246 by ver. 6.0.1.5506 which is an NJ2100’s genuine driver for VISTA by EPSON. See the Edit.

   Now, I can use Windows8.1 Pro(x86) on the NJ2100 without problems.

   By the way, I have frustration about the way of 8.1 distribution. MS says Windows 8.1 for Windows 8 is equal to service packs for other windows. But we have the only way of its update from Store. Its size is very large, so its download takes very long time. If failed, we have to start again from very beginning. In early times, we can download the ISO file of 8.1 without an 8.1 product key, but now it is very difficult. Why do they give us a DVD or something?

   Another complaint I have is the way of ‘Sign in’. I hate to use MS account to log in my PC. We can still use a local account when we log in our PC and can avoid MS account when we update to Windows8.1. But it is more difficult to find its steps. What does MS have in mind?

Edit:

   Every reboot gives me the Realtek High Definition Audio Codecs ver. 6.0.1.5506 disabled. I’ve tried re-installations several times, but I finally give it up. Now I use the High Definition Audio Device driver by MS. So I cannot use some of the device features, like stereo mix. I have no hope about it.

   I had a DRIVER_POWER_STATE_FAILURE. I did “bcdedit /set disabledynamictick yes” again. At this moment, I feel better of it and expect this is continuing.

Edit2(Jun.23):

   After my update to 8.1, I have a trouble with USB External Hard Drives which are unconnected from the PC very often. I change values about two of Power Options.

  1. About USB selective suspend setting —> Disabled.
    1. Control Panel
    2. System and Security
    3. Power Options
    4. Change Plan Settings
    5. Change advanced power settings
    6. USB Settings
      • USB selective suspend setting
        1. On battery —> Disabled
        2. Plugged in —> Disabled
      • Click Apply, then click OK.
  2. About Turn on fast startup (recommended) —> Uncheck.
    1. Control Panel
    2. System and Security
    3. Power Options
    4. Choose what the power button does
    5. Change settings that are currently unavailable
    6. Shutdown settings
      • Turn on fast startup (recommended) —> Uncheck
    7. Click Save changes
Edit3(Jul.7):

   The above customization did not work for me. I still had the same trouble.

   Yesterday, I found the page “Help! After installing Windows 8.1, my USB drive disappears or file transfers stop unexpectedly…“. The first half of the page told me I already did but the last half gave me new information. I tried and it is working well until now. See the page:
   To disable suspend on idle for this device:
     1. Obtain the hardware ID of the USB storage device.
     2. Change the device setting in the registry.

   By the way, the author added the note about 2014/4/8 Windows Update, but this reverting did not work for my USB HDD.

   Oh, I almost forgot to write. I wasn’t able to find VID-PID at Hardware Ids. They were showed up at Parent.

Edit4(Jul.24):

   After upgrading, I couldn’t watch WOWOW メンバーズオンデマンド. I had 6030. I installed and uninstalled Silverlight5 again and again. I deleted all things ( i.e. cache folder and mspr.hds) under ProgramData\Microsoft\PlayReady. But nothing useful. I thought really hard about why 6030 occurred. I doubted the MS basic display adapter driver. This gave the Generic Non-pnp monitor driver to NJ2100. Maybe Silverlight5 requires more than the Generic Non-pnp monitor for its DRM.
   I could not give up WOWOW メンバーズオンデマンド because I enjoyed it before upgrading. So I decided to install the SiS driver from R529_Logo.zip. But this driver probably gave me ‘0xC1900101 – 0×30018’ on my first attempt to upgrade. So, I made a full backup image before my act.
   Then I did install. Bingo!! I can watch WOWOW メンバーズオンデマンド now. And I have the 1440×900 resolution. Besides, I have no blue screen at this point. I hope this continues.

   Yesterday I installed the SiS driver from R529_Logo.zip. I was comfortable to use the NJ2100 last night, and I went to bed.
   Today I found a serious problem. When I turn on the PC, the mouse cursor has disappeared. It has never come back until I give up the SiS driver. This is a big trouble. Oops!!

Updating to MariaDB 10.0.11.

   I’ve updated to MariaDB 10.0.11 on my server (Server OS : Windows7HP+SP1(x86)). I write the procedures as follows.

   First, I backed up all the sever data. Especially, MariaDB and MyDB.

   Next, I updated to MariaDB 10.0.11.

  1. Downloaded mariadb-10.0.11-win32.zip.
  2. Extracted the Zip archive.
  3. Control Panel >> Administrative tools >> Services
    Select the MariaDB service name and stop.
  4. Delete all contents in the MariaDB folder. Install the four folders named bin, include, lib and share and license files to the folder.
  5. Control Panel >> Administrative tools >> Services
    Select the MariaDB service name and start.

   That’s it.

   I used this opportunity to update to phpMyAdmin 4.2.3 and this is its ChangeLog. If you need its configuration, see “phpMyAdmin 4.2.0 is released”.

Updating Apache because of OpenSSL Security Advisory [05 Jun].

Update information      Edit(Jun.9)

   I updated my Apache 2.4.9 to 2014 5 Jun version because of OpenSSL Security Advisory [05 Jun]..

   It is built with ‘IPv6 Crypto apr-1.5.0 apr-util-1.5.3 apr-iconv-1.2.1 openssl-1.0.1h zlib-1.2.8 pcre-8.34 libxml2-2.9.1 lua-5.1.5 expat-2.1.0’. Its Changelog.

   I really appreciate Steffen’s hard and quick work. Thanks again, Steffen.

Edit(Jun.9):
   I found this on the Net, so linked to it as a reference.
OpenSSL Patches Critical Vulnerabilities Two Months After Heartbleed

Fireflies in my garden.

   I can see fireflies in my garden this time of year. We call firefly/fireflies ホタル(蛍) in Japanese. I heard the word ホタル was derived from 火垂る. 火垂る is literally “fire dripping”.

   By the way, to take a video of fireflies is very difficult for me, so the video is very very short. Strangely, I feel the firefly moving on the video is very faster than real one.

Microsoft Security Advisory 2915720 ???

   Now we have June. On Microsoft Security Advisory 2915720 they announced “Changes in Windows Authenticode Signature Verification”, and the Advisory was first published at 10 Dec. 2013. They said “The change is included with Security Bulletin MS13-098, but will not be enabled until June 11, 2014.” and suggested this actions.

   So I tested my PCs by “EnableCertPaddingCheck”=”1”, the PCs are a CF-J10(Win7 HP Sp1 64bit), an NJ2100(Win8 Pro 32bit), xw4200(Win7 HP Sp1 32bit) and KeyPaso(Vista Business SP2 32bit). But I have no troubles right now. Do you know what environments give me troubles under enabling CertPaddingCheck?

   By the way, I found Microsoft Security Advisory 2915720 was Updated on 21 May 2014 and the enabling date changed from June 11 to August 12.

Updating to PHP5.5.13.

Update information      Edit(Jun.9)

   They released PHP5.5.13 on May-28 19:57:18UTC. So, I updated my PHP from 5.5.12 to 5.5.13 on my Web server (Windows7HP+SP1(x86)).

   According to ChangeLog, this includes the fixes for CVE-2014-0237 and CVE-2014-0238. At this time, their Description is still ** RESERVED ** on the pages. CVE-2014-0237 is related to bug #67328 and CVE-2014-0238 is related to bug #67327.

   The php.ini-production has no change. As the official PHP binary includes php5apache2_4.dll, I extract the zip archive and replace all PHP5.5.12 files with all PHP5.5.13 files except my php.ini. Then, I restart my Apache. That’s it.

   If you need how to configure PHP5.5, please see the post. It is for a mbstrings user, but the information gives some help for you.

   By the way, they announced their fourth and final beta should show up on the 29th of May. But we cannot see it still now. Do they have something wrong to delay final beta release? When will PHP5.6 come?

Edit(Jun.9):
   They released PHP 5.6.0beta4 on June 5 UTC. This is the final beta version. They say their first Release Candidate should show up on the 19th of June. I don’t know how many RC shows up, but PHP 5.6.0 general availability will come anytime soon.