Your “cookie disclaimer” is not enough

With various legal directives in place throughout the world, website owners are “off the hook” by providing a cookie disclaimer and the possibility for the visitor to “opt out”. Some websites have a rather odd approach where they refer you to a page with a vast amount of information abou their “data partners” and invite you to “opt out” on their partners’ page(s). It goes without saying that many people don’t bother because it’s just too much work (which is exactly the purpose).

But when your website designer relies on “web fonts” and/or resources from a content distribution network (CDN) like Javascript libraries, you are also, indirectly leaking some visitor data to the companies hosting such resources. Granted, you’re not “leaking as much data”, but with analytical AI and the huge amounts of data many of these “analytical companies” already have on your visitors, you’re simply providing one more piece of the puzzle to them. Free of charge.

The cost of free is perhaps hard to measure for you and me, but Google and others know exactly how much the data about your visitors is worth.

Ain’t that something.

New Cookie Disclaimer-proposal:

“By continuing to our site, you are agreeing to the collection of data about yourself beyond your wildest imagination and possible comprehension. We could explain it, but you wouldn’t get it anyway.  [OK]”

PS. Hosting external libraries and web fonts on CDN is not always such a grand idea when it comes to website performance. For each and every different such external “site address”, a new session handshake (SSL/TLS/etc) between the visitor’s web browser and the CDN is required.

Cookies in the jar turns into whiskey in the jar

For almost as long as “cookies” have existed on the Internet, companies have made a habit out of using them to track you, your “behavior” on the Internet, and to turn you into something “measurable”. For almost as long, there have been countermeasurements: “cookie blockers”, “ad blockers”, “privacy shields”, and so on. Cookies are, of course, only one of many data points being collected about you while using the Internet.

Companies using third-party service for anything from payment solutions to advertising and the collecting of statistics often don’t fully understand the implications of their choosing one service over another. And for the past several years, this has turned into a rat race.

On one side of the fence, there are companies like Facebook, Google, Quantcast, Amazon, Cambridge Analytica, and other, that want to know everything about you at almost any cost, and on the other side of the fence we have tools to “protect our privacy” during our online experience such as VPN, “ad blockers”, “privacy shields”, “Facebook containers”, “Privacy Badger”, and so on. (None of these tools will prevent you from being tracked by those to make it their business to track you, they are way ahead of such trivial attempts.)

So now people are blocking sites, all kinds of sites without necessarily understanding the implications of their actions. What makes it harder to distinguish “good sites” from “bad sites” is that quite a few of these “trackers” and “cloud asset sites” use sub-domains, like, so we end up blocking everything from “*”.

A company’s e-commerce site using third-party services to collect statistics and “web insights” can quite easily shoot itself in the foot, as the same services are also used in the payment verification process. I have had countless “Verfied by Visa” and “Secure Checkout” transactions fail because I choose to block certain sites, or prevent them from setting cookies. So this actually leads to poor sales performance, rather than enhancing it.

Companies using third-party services for e-commerce checkout solutions need to ask the service provider the question: Will your payment solution work with “ad blockers” and “privacy shields” before using them, or risk losing customers who find far less privacy intrusive services.

Resizing windows in XFCE / XFWM4

This does not seem to be a problem for everyone nor for every XFCE theme, but sometimes it can be a real drag (no pun intended) to resize the windows in XFCE / XFWM4. For no apparent reason whatsoever, this seems to be known by the developers but marked as “wontfix” … #WTF

Anyway, hold down the (left) Alt key (PC keyboard), right click the mouse and then drag in the desired direction to “easily” resize the windows. This is a lot easier with an actual pointing device rather than a “touchpad”, but at least there’s a way.

You can also use Alt+Space and then press R to resize the current window.

This sort of “behavior” is one of (many small) things that annoys and frustrates people with “Linux Desktops”, and in all honesty, this should not be an issue in 2019! #FFS

So, remember:



ALT + [SPACE] followed by the [R] key

Changing your MTU may help certbot / Let’s Encrypt

While attempting to create a Let’s Encrypt SSL certificate using certbot for a number of domains, I ran into something that appeared to be a timeout issue in the certbot client and/or one of the Python libraries used by it.

I found this thread, which recommends changing the MTU to 1300, and it does work. So, maybe this will help you too 🙂

In other words:

ifconfig eth0 mtu 1300

may help you out.

SwiftMailer 5, PHP5, and ISO-8859-15

I’ve been using SwiftMailer for as long as I can remember because it’s, IMHO, a great library and far more logical than PHPMailer and “others”. While maintaining a PHP5 codebase for a rather large project, I ran into an issue while using ISO-8859-15 encoded data. Most people won’t care about ISO-8859-15 over ISO-8859-1 (“Latin1”), but since I live in Europe, I prefer to have support for the €uro character 🙂

To make a long story short, if you need SwiftMailer 5 to properly handle ISO-8859-15, look for a line in “MimePart.php” that looks like this:

if (!in_array($charset, array('utf-8', 'iso-8859-1', ''))) {

and change it to this:

if (!in_array($charset, array('utf-8', 'iso-8859-15', 'iso-8859-1', ''))) {

(Yes, the project will move to a PHP7 codebase at some not so distant point in the future.)

Things to do after migrating to Zimbra 8.8.x

As I recently handled a migration from Zimbra 8.7.11 to Zimbra 8.8.12, I’ve been running into things I think the Zimbra updater should handle by itself, and/or things that should be documented in a more practical way than they currently are. I’ll just keep updating this post with things I find and learn.

(The migration turned into an 18 hour job since we ran into a +1 year old problem where an Ubuntu upgrade form 14.04.LTS to 16.04.LTS more or less wipes your Zimbra setup and leaves it in a very sorry state. Fortunately, I managed to piece it back by hand.)

Zimbra Backup NG

The new and improved Zimbra Backup NG should be enabled IMHO. It does things a lot better than the previous version(s). In a number of places, Zimbra makes references to its improvements, and so on. They should probably include this instruction too:

To disable the “classic” (or “legacy”) backups, a simple

zmschedulebackup -F

(as the “zimbra” user) is all you need to execute. (You may want to hang on to your old backups until they’ve outlived their purpose though. This command only disables/removes the scheduled “legacy” backups.)

Lightbox for Bootstrap 4 and jQuery

Lightbox (or “image preview”) functionality for Bootstrap 4 without additional libraries (apart from jQuery).

Written by Joaquim Homrighausen <>

Do as you wish with this 🙂

This is the Javascript/jQuery code for the Bootstrap 4 modal. You don’t have to use jQuery to accomplish this obviously.

$(document).ready(function($) {

  $(".xslightbox").click(function () {
    if ($(this).attr("data-message") != "undefined") {
      document.getElementById("lightbox_target").src = "";
      document.getElementById("lightbox_target").src = $(this).attr("data-message");
    if ($(this).attr("data-title") != "undefined") {
      document.getElementById("lightbox_title").innerText = $(this).attr("data-title");
  /* This will focus the close button, but you don't really need to do this or
     have a close button for that matter since Bootstrap will close the modal
     if you click outside the modal or - in this case - press the Esc key */
  $("#xslightmodal").on("", function () {


This is the HTML for the Bootstrap 4 modal. You can style it any which way you want. The key to getting the image to behave as you want it (i.e. to make the image responsive) is adding the “img-fluid” class to the img tag.

You can add the “fade” class to the modal if you want it to be “animated”.

<div class="modal" id="xslightmodal" tabindex="-1" role="dialog" aria-hidden="true" data-keyboard="true">
  <div class="modal-dialog modal-dialog-centered" role="document">
    <div class="modal-content bg-light">
      <div class="modal-header">
        <div class="modal-title text-lowercase text-monospace small" id="lightbox_title">
      <div class="modal-body text-center">
        <img id="lightbox_target" class="img-fluid border border-secondary rounded" />
      <div class="modal-footer">
        <button type="button" tabindex="-1" id="lightbox_close" class="btn btn-primary btn-sm" data-dismiss="modal">'.

And then, to use the lightbox, you need:

<a class="xslightbox" title="Preview me"
   data-title="Name of image">Preview</a>

This is also available as a gist on GitHub. Knock yourself out 🙂

Simple password construct validator for PHP

 * Simple password construct validator for PHP 
 * Joaquim Homrighausen <>
 * May 30, 2019 
 * Do whatever you want with this snippet :) 
 * This may not necessarily agree with the section
 * "Strength of Memorized Secrets" in the document
 * from NIST:
 * NIST Special Publication 800-63B 
 * Digital Identity Guidelines 
 * Authentication and Lifecycle Management 

function password_check_construct ($pstr, $min_length = 8)
  //Setup pattern and stuff minimum requested length into it
  if ($min_length < 4) {
    //We need at least four characters to satisfy our regexp
    $min_length = 4;

  $match_rules = '/^(?=.{'.(int)$min_length.',})(?=.*[a-z])(?=.*[0-9])(?=.*[A-Z])(?=.*[[:punct:]]).*$/';

  //Require at least one a-z, one A-z, one 0-9, and one punctuation/special character
  if (preg_match ($match_rules, $pstr) === 1) {
    return (true);
  return (false);

This is also available as a gist on GitHub. Knock yourself out 🙂

Using sfdisk to recover a partition table on Linux

As he re-entered the sfdisk dump manually in the remote recovery console, using the devil’s editor (vi), he was silently thanking the Linux developers for not screwing around with the file system when it cannot be mounted.

Messing around with partition tables, disk volumes, and similar critical configuration parameters can lead to quite unexpected and unintended results. So, it may be a good idea to actually dump the current configuration before you begin your magic.

Using sfdisk, you can dump your Linux partition configuration in a fairly straightforward way. You can try the command by typing just sfdisk -d /dev/disk, where disk is one of the disks in your Linux system. For a list of disks in your system, use the lsblk command. They are identified as “disk” (surprise).

sfdisk -d /dev/sda > sda.txt

This would dump the partition table data for the /dev/sda disk to the file sda.txt. Your output will look something like this:

label: dos
label-id: 0xa828a5d8
device: /dev/sda
unit: sectors

/dev/sda1 : start= 2048, size= 997376, type=83, bootable
/dev/sda2 : start= 999424, size= 999424, type=82
/dev/sda3 : start= 1998848, size= 249659359, type=83

The partition table information can then later be restore by issuing the reverse, i.e.

sfdisk /dev/sda < sda.txt


This procedure may come in handy if you, like me, manage to screw up the partition table and find yourself at the (initramfs) prompt when you restart your Linux machine. You will (obviously) need to save the dump file (sda.txt above) in a location other than your computer. Using this method, it’s often possible to recover your partition table from a rescue boot (be it on CD, DVD or a flash drive).

I happened to have a previous terminal session window open with the above information, so I hand-typed it from one window to another, where I was running the remote recovery console.

There are a lot more complex partition setups than the above, and sfdisk may not work in those cases or for certain RAID and LVM setups. But it it’s a good procedure in applicable situations.