Archive for the ‘Web Development’ Category
Posted by jpluimers on 2022/02/08
As a precursor to a post tomorrow showing that serving UTF8 does not mean organisations go without unicode problems, first some statistics.
The first Unicode ideas got drafted some 30 years ago in 1987. In 1991, more than 30 years ago, the Unicode Consortium saw the light. Nowadays more than 95% percent of the web-pages (close to 100% when you include plain ASCII) is served using the UTF-8 encoding.
It means that nowadays there is a very small chance you
will see mangled characters (what Japanese call mojibake) when you’re surfing the web.
Some nice graphs of unicode growth are at these locations are at these locations:
I think especially important are 2008 (when UTF-8 had outgrown all other individual encodings) and slightly after 2010, when UTF-8 alone covered more than 50% of the pages served. These exclude ASCII-only pages. Adding those would make the figures even larger.
Historical yearly trends in the usage statistics of character encodings for websites, June 2021
–jeroen
Posted in Development, Encoding, Software Development, UTF-8, UTF8, Web Development | Leave a Comment »
Posted by jpluimers on 2022/02/01
[Wayback] Jeroen Wiert Pluimers on Twitter: “”Too special” password character password woos at @HORNBACH_NL : [ Het wachtwoord moet minstens acht tekens lang zijn, en minstens een getal en een letter (a-zA-Z) bevatten. De volgende speciale tekens zijn toegestaan: !”#$%&'()*+,.:;?@_|} ] 1/”
I wonder what kind of parser they use, as these printable special ASCII characters are forbidden:
- \-/[\]^`{~
- space (0x20)
- tab (0x9)
- line feed (0xa)
- carriage return (0xb
- vertical tab (0xb)
- form feed (0xc)
Seems no JSON or SQL to me: there I would expect other limitations.
What would break if you use them in other fields or pass them in an HTML POST-request?
I mean: these passwords should be salted and hashed immediately when the HTML-POST request is received, so certainly they would not be stored somewhere or passed many layers into code, right?
Oh, in order to activate an account there, you need to accept some 40+ A4 sized pages of legal stuff. Brave Dutch judge that will put these all in favour of Hornbach.
–jeroen
Read the rest of this entry »
Posted in Development, LifeHacker, Power User, Security, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2022/02/01
Sometimes it is easier to have current and public CA signed TLS certificates for internal servers than to setup and maintain an internal CA and register it on all affected browsers (including mobile phones).
One of my reasons to investigate this is that Chrome refuses to save credentials on servers that have no verifiable TLS certificate, see my post Some links on Chrome not prompting to save passwords (when Firefox and Safari do) about a week ago.
Below are some links for my link archive that hopefully will allow me to do this with Let’s Encrypt (msot via [Wayback/Archive] letsencrypt for internal servers – Google Search):
Read the rest of this entry »
Posted in Cloud, Cloudflare, Development, Encryption, ESXi6, ESXi6.5, ESXi6.7, ESXi7, Fritz!, Fritz!Box, Fritz!WLAN, Infrastructure, Internet, Let's Encrypt (letsencrypt/certbot), Power User, Security, Software Development, Virtualization, VMware, VMware ESXi, Web Development | Leave a Comment »
Posted by jpluimers on 2022/01/20
For quite some time now, Chrome (think years) refuses to prompt for saving passwords whereas Firefox and Safari do prompt and save them, even for site types that it used to save passwords for in the past.
It has been annoying enough for too long now that I tried to do better than the Google searches I used back when I saw this happen first.
Below are some links based on new searches (starting with [Wayback] adding a password in chrome settings – Google Search); hopefully I can try them after I made a list of sites that Chrome does not show the password save prompt for.
Solutions I tried that failed (but maybe useful for others):
Solutions still to try:
Read the rest of this entry »
Posted in Chrome, Chrome, Communications Development, Development, Encryption, ESXi6, ESXi6.5, ESXi6.7, Firefox, Fritz!, Fritz!Box, Fritz!WLAN, Google, https, HTTPS/TLS security, Internet, Internet protocol suite, Let's Encrypt (letsencrypt/certbot), Power User, routers, Safari, Security, TCP, TLS, Virtualization, VMware, VMware ESXi, Web Browsers, Web Development | Leave a Comment »
Posted by jpluimers on 2021/12/29
This option in Chrome has moved around a bit, so here is how it was in Version 89.0.4389.90 (Official Build) (64-bit) when I documented it.
- Browse to
chrome://discards/
- Don’t be intimidated by the many rows and columns; only the rightmost 8 (at the time of writing) are interesting:
- Search for the URL (in my chase
https://web.whatsapp.com/ , so I searched for whatsapp which you see as orange in the screenshots below) for which you want to ensure it will never sleep/hibernate (Chrome calls this “discardable”)
- Click
Toggle under the checkmark ✔ so it changes into a cross ✘️ (so the URL will never be discarded, hence always stays awake)
Do this only for tabs that are not CPU/memory/traffic intensive
I got there via these posts:
When searching for discards, I found this post: [Wayback] How to Prevent Chrome from Reloading Tabs When You Switch to Them
Chrome has built-in memory management that causes inactive tabs to “sleep” as RAM is filled. When you click the tab again, it has to reload the page. It’s annoying.
–jeroen
Posted in Chrome, Development, Google, Power User, SocialMedia, Software Development, Web Development, WhatsApp | Leave a Comment »
Posted by jpluimers on 2021/12/28
People around me often wonder why things that seem so obvious does not work, and ask me if I bump into similar things.
I do, and often wonder why banks do not pay users to do testing for them instead of the other way around.
Below the fold a few Twitter threads. They might be mainly involving ING, but that’s just because I use their business and consumer portals more than those of other banks.
Here are the summaries:
Read the rest of this entry »
Posted in Development, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2021/12/14
A page with IPv4 and IPv6 network blocks and addresses [Wayback] Locations and IPs for whitelisting | UptimeRobot:
If you need to whitelist these IPs so that any requests that Uptime Robot send are not blocked.
Or in [Wayback] text form (with Wayback history):
216.144.250.150
69.162.124.226
69.162.124.227
69.162.124.228
69.162.124.229
69.162.124.230
69.162.124.231
69.162.124.232
69.162.124.233
69.162.124.234
69.162.124.235
69.162.124.236
69.162.124.237
63.143.42.242
63.143.42.243
63.143.42.244
63.143.42.245
63.143.42.246
63.143.42.247
63.143.42.248
63.143.42.249
63.143.42.250
63.143.42.251
63.143.42.252
63.143.42.253
216.245.221.82
216.245.221.83
216.245.221.84
216.245.221.85
216.245.221.86
216.245.221.87
216.245.221.88
216.245.221.89
216.245.221.90
216.245.221.91
216.245.221.92
216.245.221.93
208.115.199.18
208.115.199.19
208.115.199.20
208.115.199.21
208.115.199.22
208.115.199.23
208.115.199.24
208.115.199.25
208.115.199.26
208.115.199.27
208.115.199.28
208.115.199.29
208.115.199.30
208.115.199.30
46.137.190.132
122.248.234.23
188.226.183.141
178.62.52.237
54.79.28.129
54.94.142.218
104.131.107.63
54.67.10.127
54.64.67.106
159.203.30.41
46.101.250.135
18.221.56.27
52.60.129.180
159.89.8.111
146.185.143.14
139.59.173.249
165.227.83.148
128.199.195.156
138.197.150.151
34.233.66.117
2607:ff68:107::3
2607:ff68:107::4
2607:ff68:107::5
2607:ff68:107::6
2607:ff68:107::7
2607:ff68:107::8
2607:ff68:107::9
2607:ff68:107::10
2607:ff68:107::11
2607:ff68:107::12
2607:ff68:107::13
2607:ff68:107::14
2607:ff68:107::15
2607:ff68:107::16
2607:ff68:107::17
2607:ff68:107::18
2607:ff68:107::19
2607:ff68:107::20
2607:ff68:107::21
2607:ff68:107::22
2607:ff68:107::23
2607:ff68:107::24
2607:ff68:107::25
2607:ff68:107::26
2607:ff68:107::27
2607:ff68:107::28
2607:ff68:107::29
2607:ff68:107::30
2607:ff68:107::31
2607:ff68:107::32
2607:ff68:107::33
2607:ff68:107::34
2607:ff68:107::35
2607:ff68:107::36
2607:ff68:107::37
2607:ff68:107::38
2607:ff68:107::39
2607:ff68:107::40
2607:ff68:107::41
2607:ff68:107::42
2607:ff68:107::43
2607:ff68:107::44
2607:ff68:107::45
2607:ff68:107::46
2607:ff68:107::47
2607:ff68:107::48
2607:ff68:107::49
2607:ff68:107::50
2607:ff68:107::51
2607:ff68:107::52
2607:ff68:107::53
2607:ff68:107::54
2607:ff68:107::55
2a03:b0c0:0:1010::832:1
2a03:b0c0:1:d0::e54:a001
2604:a880:800:10::4e6:f001
2604:a880:cad:d0::122:7001
2a03:b0c0:3:d0::33e:4001
2600:1f16:775:3a01:70d6:601a:1eb5:dbb9
2600:1f11:56a:9000:23:651b:dac0:9be4
2a03:b0c0:3:d0::44:f001
2a03:b0c0:0:1010::2b:b001
2a03:b0c0:1:d0::22:5001
2604:a880:400:d0::4f:3001
2400:6180:0:d0::16:d001
2604:a880:cad:d0::18:f001
2600:1f18:179:f900:88b2:b3d:e487:e2f4
–jeroen
Posted in Development, LifeHacker, Power User, Web Development | Leave a Comment »
Posted by jpluimers on 2021/12/14
From a while back, so I hope it has been fixed by now on the SVB PGB site.
The Dutch SVB (sociale verzekeringsbank, the [WayBack] organisation that implements social security schemes in The Netherlands) has a web-site to submit declarations for PGB ([Wayback] individualised subsidy for care, or personal care budget).
Authentication for the site goes through DigiD, the identity provider through which government related web-sites can verify the identity of Dutch residents on the internet.
In from somewhere in the mid 2010s until somewhere in 2020, the SVB PGB site would log you out when the 15-minute inactivity count-down in the lower right of the screen would reach zero.
After that, the behaviour changed: you would be logged out 15 minutes after logon, forcing one to login way more often. Each logoff/logon cycle had these effets:
- loosing the data you entered on the current page
- a cost to SVB of about EUR 0.15 excluding VAT for the logon
- loss of time and convenience for the end-user
Note that due to site stability reasons in the years before, I already printed each web-page to PDF before submitting, as there was no way to use the “back” button to see what information you had entered.
That way at least I had the information at hand when re-entering the same information. It also provided me of a “paper” trail of site navigation and entered data.
That’s why I reported it early March 2021:
Read the rest of this entry »
Posted in Authentication, Development, DigiD, Power User, Security, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2021/12/08
Some sites manage to disable various printing options (including layout, so you cannot choose between landscape and portrait any more, or force landscape when portrait works better or vice versa).
Googling this got me into a web of things that didn’t help me (see links below), but those led me to this query [Wayback] chrome save as pdf layout missing portrait landscape – Google Search.
That returned a helpful result at [Archive.is/Wayback] Chrome Print dialogue not offering fit to page, landscape, other printing options – Google Chrome Community:
I found a solution.
1. Install the
Stylus Extension.
2. Go into the Stylus extension and click on “Write new style”.
3. Put the following code in:
@page {
size: auto;
}
4. Give it a name (I called mine “Fix Orientation”) and save it.
5. Reload the page you’re trying to print and the print dialogue should now have the “Layout” option and you should always get it for any page you print from now on.
It’s about the extension [Archive.is] Stylus – Chrome Web Store
Redesign the web with Stylus, a user styles manager. Stylus allows you to easily install themes and skins for many popular sites.
I reconfigured the OHRA Mijn Zorg site to force re-enabling of layout by adding @page { size: auto !important; } for https://mijn.ohrazv.nl/ (click the Save button to save this change permanently):
Read the rest of this entry »
Posted in Chrome, CSS, Development, Google, HTML, Power User, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2021/12/01
Some notes, as I’m looking to a stable, simple to maintain email forwarding system that is also secure and – yes – can cost money.
I need to leave IT-infrastructure behind that is easy to maintain for my heirs.
Some links:
- [Archive.is] mausdompteur 💉 on Twitter: “Email! Yes, Email. Need to Set Email for a domain, basically forward only. Has anyone ever heard of https://t.co/v29TbMXrrl? Is it good? Any alternatives I should consider?”
- [Wayback] The Best Free Email Forwarding Service for Custom Domains | Forward Email
The best open-source and free email forwarding service for custom domains. We do not keep logs nor store emails. We don’t track you. Unlimited aliases, catch-alls, wildcards, API access, and disposable addresses. Built-in support for DKIM, SRS, SPF, ARC, DMARC, and more. No credit card required.
- [Wayback] FAQ | Forward Email has a truckload of information, but the main points for me are these:
What is the max email size limit
We default to a 50MB size limit, which includes content, headers, and attachments. Note that services such as Gmail and Outlook allow only 25MB size limit, and if you exceed the limit when sending to addresses at those providers you will receive an error message.
An error with the proper response code is returned if the file size limit is exceeded.
…
What is the difference between Free and Enhanced Protection
The Free plan requires you to use public DNS records to store your forwarding configuration. Anyone with a computer can lookup your forwarding configuration in a terminal if you are on the Free plan. Unlike the Free plan, the Enhanced Protection plan uses a cryptographically generated random string to store your forwarding configuration privately.
| Free Plan |
Enhanced Protection Plan |
forward-email=user@gmail.com |
forward-email-site-verification=m8d7o8K4Il |
- [Wayback] About | Forward Email with this very important point for me:
Privacy
We have a “zero tolerance policy” privacy policy, which states that we don’t store logs nor emails, and we don’t track users. Our statement clearly states that we do not collect nor store forwarded emails, metadata, server-side nor client-side logs, IP addresses, or browser information.
Only an email address is required to create and configure the Enhanced Protection Plan, which hides DNS email alias information on the free plan through a managed and hosted service.
User’s accounts, domains, and all related information can be permanently deleted at any time by the user.
- [Wayback] Pricing | Forward Email (levels: free / enhanced protection / team / enterprise)
Free email forwarding for domains with features including Custom Domain Email Forwarding, Disposable Addresses, Multiple Recipients, Wildcards, and more!
- It’s open source too (written in JavaScript using Node.js), but running it requires you to keep up with versions and security: [Wayback/Archive.is] forwardemail/free-email-forwarding: The best free email forwarding for custom domains. Visit our website to get started (SMTP server)
–jeroen
Read the rest of this entry »
Posted in Development, eMail, JavaScript/ECMAScript, Node.js, Power User, Scripting, SocialMedia, Software Development, Web Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 