.Net Core 3.0 Released Today

Microsoft released the .Net Core 3.0 framework today. Along with a lot of other changes, the biggest news is support for desktop app development, by supporting winforms and WPF. Venturebeat has more info on the release: https://venturebeat.com/2019/09/23/microsoft-releases-net-core-3-0-with-support-for-wpf-and-windows-forms/

And Microsoft has the announcement on their developer blog here: https://devblogs.microsoft.com/dotnet/announcing-net-core-3-0/

Wordfence cannot delete files on Windows Server IIS

I’ve been running Wordfence on a number of wordpress sites I run on a windows server. Yes, you can run wordpress/php/mysql on windows. No, it’s not a great idea though. I’ve run into numerous issues with this setup and regret doing it, but it’s also been interesting to see the varying levels of support for running this configuration.

Wordfence will scan for infected files on my windows installs, and will find and list them- but when I try to delete the infected files, it always shows an error dialog stating “An invalid file was requested for deletion.” I initially thought this was a permissions issue, but after ruling this out I asked online about this error. I was surprised to not find a lot of others having the same issue, just a few. And the support forums didn’t do much to help either. I finally noticed that Wordfence lists all the officially supported operating systems, and Windows is *not* on that list. Woops.

Since php is not compiled, I decided to spend 10 minutes and see if I could find the source of this issue- and sure enough, I found that Wordfence was calculating a path incorrectly such that it was getting confused by the backslashes in windows file system. It seems to handle this fine in almost every area, but this one line was comparing two paths, and one had a forward slash where the other had a backslash- making them unequal and thus the “An invalid file was requested for deletion” is triggered.

I was able to hack the code a little to fix this, and now I have my windows wordpress wordfence working and deleting the files I request it to. You can update it yourself as well if you need this- find the file wp-content\plugins\wordfence\lib\wordfenceClass.php and update the following portion with these modifications, starting at line 4987:

$file = $issue['data']['file'];
$localFile = realpath($localFile);
$localPath = realpath(ABSPATH) . DIRECTORY_SEPARATOR;
if(strpos($localFile, $localPath) !== 0){
	return array('errorMsg' => __('An invalid file was requested for deletion.', 'wordfence'));

Note that I’m sure Wordfence is not a fan of having their php files edited, so this is fully unsupported and any updates to the plugin will likely overwrite this file and “break” it again.

Wordfence, feel free to implement this fix. Y’all are really close to working on a whole other operating system 🙂

IGSHID – the new(?) instagram click tracking ID

Apparently instagram has started adding a tracking click id named igshid that is similar in purpose to the facebook click id named fbclid- although this parameter seems to be used in links TO instagram instead of on links outbound from it as the facebook one is. I haven’t found any real info on this parameter yet, I’ll dig a bit more and update here.

WordPress Connection Timed Out Errors- debugging and repairing

Maybe you have an older, heavily modified wordpress site that has some outdated custom code, older plugins, and various other custom stuff that hasn’t been updated in some time. Your site occasionally stops responding for a while, often with an unable to establish database connection error. In Mysql you see a bunch of sleeping connections from your site, piling up until the connection limit is hit (often 100 connections) and then no more connections can be made- until all those sleeping connections finally time out (often set to 300 seconds) and clear, so the site can then start making new connections again. You try debugging this and can’t figure out why there are sleeping connections- WPDB and/or mysql client code all closes connections after use so how can they be left running? The main pages on the site are fast and responsive, so what is holding this open for so long anyway? And why the heck does it happen so infrequently, but frequently enough to be a pain?
Do this:
-Turn on error messages and logging to error file (will add details here, but there’s plenty info out there on how to do this)
-Let it run until these problems happen. Or, try to turn it on WHILE the problems are happening. The log file might get huge otherwise. Mine has a ton of deprecation warnings so it will grow rapidly.
-Once logging has run during the sleeping connection problem happening, open the log file and search for “fatal” to find fatal error messages.
-You should find a line with a fatal error message related to the database connection timing out after 300 seconds- this line will show you which php file caused the problem. In my case, it was an outdated plugin that I really didn’t need anymore, so I disabled it.

And now, back to semi-stable, or at least not crashing, wordpress bliss.

(I still hate wordpress though. well, php. I hate php. Yes! it’s horrible.)


I run a number of wordpress sites on a windows/IIS server, and many of these sites keep getting infected with some kind of trojan that seems to try to redirect traffic away to other sites, thus building “fake” backlinks and traffic. One of the files that seems to commonly show up is named zwi-cofg.php – it has a bunch of heavily disguised code inside it, so I haven’t dug into what it actually does yet- but out of all the infections I’ve seen, this file seems to be the most common. Googling it didn’t reveal anything so figured I would create a post and see if any others are discovering this file- and what you may have figured out about it? I’m also working to lock down my sites so they don’t continue to get infectected, but I’m beginning to think this is not an easy task when running php on windows servers. All the best practices I’ve seen don’t seem to go far enough. Continuing to investigate…

DNS problem: SERVFAIL looking up CAA for domain name

Certify has been a great tool for setting up free ssl, and is especially nice if you have a lot of sites- for both cost savings and the ability to auto-update certs. I use a windows based tool called Certify The Web to automate this and it’s worked great for a long while.
I started having errors recently with the tool though- along the lines of “DNS problem: SERVFAIL looking up CAA for ” followed by the specific domain name. This took a little head scratching, but apparently the problem comes from a new CAA record that DNS servers can (should?) support- it’s a record that allows you to list which certificate authorities are trusted for the particular domain.
Many/most Dns servers didn’t support this record a while back, and certify would eat the “error” message received when querying for it. But this recently changed and certify now requires that the CAA record be supported- even if it’s empty. So, error messages are no longer allowed, but empty ones are fine.
I use the DNS servers at my domain registrar for a lot of domains, and apparently the server has not been updated to support this record- so I suddenly began to get this error on my sites. I use AWS DNS for higher profile sites, and it seems to work fine.
In case you run into this with your servers, you’ll need to get in touch with your DNS provider and ask them to update it so it supports this new(er) record.

Copy Amazon cart to another account

If you have multiple amazon accounts like I do (business account and personal), there’s a good chance you’ve added a bunch of products to your cart to then realize you are logged into the wrong account. Argh.
Amazon used to have some feature to copy cart contents to a different account based on email, but apparently this created some kind of security issue and was removed. They now suggest moving your cart to another Amazon account by putting all your cart items into a wish list, then sharing it to the other user, etc. etc. Sounds like a pain.
There is also a chrome extension that helps get around this, but who the heck trusts those things nowdays?
So the hack I found that sorta helps but doesn’t completely, is as follows:

-When logged into the “wrong” account with all the items in the cart, open your shopping cart page.
-Open a second tab and then login with the correct account. In the same browser.
Now you are logged into the correct account, but you have that zombie cart part still open from the other account.
-Carefully right click each item in your old cart, and click “open in new tab”
-go through each tab, and click “add to cart”- this will then add them all to the correct cart that you are currently logged in with.

Proceed with checkout and done. Not one click, but not terrible either.

Thanos Bad Blood

Googling some stuff about Bad Blood (the book about Theranos) and comparing Theranos to Thanos- discovered a lot of people are googling “Thanos Bad Blood”. I guess we could throw some Taylor Swift in there to make the full remix for There Will Be Bad Blood and Grammar: The Musical. Or something. I don’t know anything about Thanos yet so he (or it?) was likely excluded in this working title. Something about turning to sand and disappearing… speaking of, where has Liz Holmes been lately? Anyway, if you wound up here, you might be one of those misguided googleurs and you’re actually looking for this book titled Bad Blood: Secrets and Lies in a Silicon Valley Startup. It’s on my to-read list, unfortunately under a pile of more important reads.

Update: wound up buying the audible book and listened to it while on the road. Good “read” though a bit too long and at times felt almost petty in trying to make Liz and Co look bad, but… they definitely deserved it. Her ability to manipulate people was second to almost none- perfect mix of young, blonde, confident, well spoken- oh and a complete psychopath. It’s interesting to see how she kept doubling down on fake-it-til-you-make-it, but seriously, you really want to do that with a device that will definitely- not maybe- eventually wind up killing people due to it simply just Not Working. But the part that truly demonstrates her insanity is- there just was not any real path forward to a version of their machine that would address all the issues and eventually work. So the “make it” part of the faking it just wasn’t there. This is where mental illness had to be in effect, convincing herself of things that simply were not true. And she likely believe them. Really amazing story.

FBCLID – the new Facebook Click ID querystring parameter

Facebook has begun adding a querystring parameter to outbound links- the FBCLID – aka facebook click id. This parameter is annoying for many when they try to copy and then paste or share a link to something they clicked on from facebook, as a normally clean and even short url now has this big ugly FBCLID parameter appended to it.

I assume this parameter has been added to assist with tracking facebook clicks with websites that may not have cookie tracking enabled, but it could also be to help track how links are shared with others- as this would let facebook see who visited the orginal link and then who they shared it with, as it has a unique FBCLID value assigned to it.

My hope is that this click id will allow for more granular conversion tracking for facebook ad clicks. Currently, facebook requires a pixel be installed on your landing page and any conversion events you wish to track are script executed on the page. This works well overall, but it is not optimal for lifetime value calculations inside the facebook adcenter. If an ecommerce store has an offline conversion, or doesn’t know the true value of a conversion until a day after the initial interaction, this information is difficult to load back into facebook so the ads can be auto-optimized. I’ll be researching this more soon but my hope is that the fbclid parameter will allow us to store a unique visitor ID and then load conversions with associated values back into facebook- possibly later and also perhaps multiple conversions- and have an accurate profitability number that we can then tune and optimize ad spend against. I will update as I learn more about this.

Feeling ANSI about Windows console color codes

My first software “product” was a BBS fancy menu generator that utilized ANSI based colors and those funky shaded block characters, to generate a completely new and semi-randomized background pattern on every load. Written in pascal. It ran on a couple BBS’s. Yay.

Today I thought about those ANSI codes and whether they still work in Windows consoles today- found this article on the topic


Short answer – In modern Windows 10, Yes- but your app need to call some system api’s to enable it, and this is considered fragile. Apparently the safer way to do this, in .Net at least, is via the Console.SetforegroundColor and similar. It looks like Node.js has a built-in layer that decodes the ansi escape codes into these api calls as a sort of proxy, so maybe .Net could use something like this as well? Ok, back to real work.


Update folder modified date based on file contents

I’ve used this tool a few times with good result-


If you copy a bunch of folders + files to another drive, maybe as a makeshift backup, and restore them later- the folders will all get new timestamps on them. Not a huge deal, but if you’re looking for that project you were working on a couple years back, it’s helpful to sort by modified date and narrow down your search. Typically the files inside the folders will maintain their correct timestamps (created + modified dates), just the folders will lose this data.

This tool simply scans all folders/sub-folders and finds the newest modified date on the files contained inside, and then updated the folder modified date to match this. It won’t necessarily exactly match what the folder’s original stamps were, but.. it’s better than nothing.

Oh, and it’s free.

.Net C# code error that wasted a day of my life

Can you quickly spot the error in this code?

if (GetRandomNumber(1, 20) > 19); // upped this from 17)
        redirout = OtherURL;

You’ll likely think it’s something with a boundary state in the GetRandomNumber method, and sure that’s a good guess, but the actual mistake/error is visible right here, in this code.

If you can’t find it, here’s a hint- we noticed that redirout was being assigned OtherURL a lot.. way more than 1 in 20 times… in fact.. Every time!

The crappy part is it compiled but once your see it, it feels like maybe it shouldn’t compile. I also feel like I was warned about this back 20 years ago.. learning Turbo C. ;p

This actually hurt my business today. No fun, but glad to finally figure it out and get it repaired.

How to sign an agreement in a Word docx file

I realized today that I’m not sure what the “correct” way to fill out and sign a word document based agreement would be. My process usually involves typing info into the “fields”, but many documents just draw underlines in the space where you are supposed to enter data… So when you type here, you now have text *without* an underline, breaking the former underlined space into two parts that are now spread further apart than the should be, messing up the format of the rest of the document. So then I’ll select the text, click underline, and then click on the now-too-long blank underline and start hitting delete to get the length back down to near original. Except it never lines up exactly as previously so the fields all wind up slightly odd in length and are just plain ugly.

Whew. Ok then I’ll usually print the doc file to a pdf, open it in a pdf editor and sign it by adding my signature image… or sometimes sign it directly on the screen if I’m on a touch enabled device (such as my awesome surface studio pc).

Sometimes I’ll skip the first step and just print the whole thing to pdf, and then use the pdf editor to try to line up text boxes over each field and type into them. They usually don’t line up perfectly, so this looks kinda bad as well.

Am I missing something or is this just something we all put up with?

Image restore broken in Windows 10 1709 “Fall Creators Update” (and Hack Solution)

(I found a hack to get this image to restore- I added it at the bottom)

This bit me pretty bad this week- if you use the older version of windows backup and take an image snapshot of your windows 10 pc- the latest version of windows will make the image, but this image WILL NOT restore correctly. The restore operation will fail with a message about the volume shadow copy service- specifically:

The system image restore failed.

Error details: A Volume Shadow Copy Service component encountered an unexpected error. Check the Application event log for more information.

I attempted to make a system restore drive using an older version of windows 10 to see if that would allow it to restore my 1709 based image- but this *also* failed. So the problem appears to be with the image and not with the image restore process/sofware.

I’ve also read that this only affects UEFI based systems- if you run on MBR it should still be able to restore the drive.

This makes me wonder if the image would be able to restore if I had only taken an image of the main data drive and not included the EFI/boot partition(s) in the image? (Update below covers this)

I can link to the *many* discussions online about this but simply google 1709 image restore and you will see them. I also chatted with a tech at the microsoft store and he said they are well aware of the issue, and trying to escalate it to get it resolved, but no luck so far.

This really is about the worst thing you can have go wrong- as in my case, my system died and I tried to restore from an image I had taken some days prior. And when it failed… this means I will have to fully load up windows with all the ensuing updates (taking a big part of a day), and then try to remember what applications I had installed, reinstall all those, and then copy over all my individual user files from a backup drive. And hope nothing is missed or timestamps messed up in the copy, etc etc. a HUGE headache that is winding up costing me nearly a week of productivity, when this image restore would have just had me back up in running in a few hours instead. Pretty much the worst thing to have go wrong with an OS, and Microsoft doesn’t even seem to understand yet that it’s broken.

Since my original post, I tried a bunch of things that would simply not work, but finally found something that did: Use Macrium Reflect to restore the data drive from the windows backup image. I initially tried restoring all the partitions from the windows restore using Macrium, but this never would work- I finally would up using a default windows install with all the updates, and then just replace the c drive partition with the one from the windows backup. Steps roughly are:

  1. Install windows and run all the updates
  2. Install macrium reflect- take a snapshot of this install for “just in case”
  3. Open Disk Management, and Action, Attach VHD
  4. Navigate to where the VHDX files from your windows image backup are. Select the one with the windows files- usually just the “biggest” vhdx file.
  5. Use Macrium to do a image backup of this partition, and save the MCIMG file as the new macrium version of the original vhdx backup file. Use an external drive.
  6. Create a system restore drive from macrium.
  7. Boot this restore disk, then locate the macrium image on external drive and use it as the source.
  8. *pay attention* – drag the main windows drive partition from the source to the same spot on the destination drive. We want to only overwrite the windows drive (c: usually) and none of the other partitions.

After this, I rebooted and it needed another reboot and finally showed the login screen. I won’t go over how many other iterations I tried of this before finding the right one, but let’s just say that’s a lot of ways to make this *not* work. Namely, don’t bother trying to restore all the partitions from the windows restore- I did this and it just didn’t work. Seems like it would, and maybe it would for you, but not here.