Archive for the ‘Web Development’ Category
Posted by jpluimers on 2022/03/18
For my link list as WordPress.com is actively hiding them:
- Posts:
- Categories:
- Tags:
- Comments:
- Pages:
- Blogroll???
- Post:
Notes
You can see the old versus new infrastructure by comparing these branches:
WordPress.com does not have the “Classic Editor” plugin, but just gradually discourages use of the old infrastructure which is far more feature rich, thereby screwing old users.
Some of these features from the old infrastructure that are gone (despite the pretentious name of the Gutenberg editor):
- Posts/Pages/Tags/Categories/Comments overviews are paginated, can be filtered and have bulk-actions
- Classic-Editor has lots of useful keyboard shortcuts and allows for nested quotes
For reference, WordPress – Wikipedia: Gutenberg versus classic-editor:
WordPress 5.0 “Bebo”[edit]
The December 2018 release of WordPress 5.0, “Bebo”, is named in homage to the pioneering Cuban jazz musician Bebo Valdés.[90]
It included a new default editor “Gutenberg” – a block-based editor; it allows users to modify their displayed content in a much more user friendly way than prior iterations. Blocks are abstract units of markup that, composed together, form the content or layout of a web page.[91] Past content that was created on WordPress pages is listed under what is referred to as a Classic Block.[92] Prior to Gutenberg, there were several block-based editors available as WordPress plugins, e.g. Elementor, and following the release of Gutenberg Elementor was compared to existing plugins.[93][94]
Classic Editor plugin[edit]
The Classic Editor Plugin was created as a result of User preferences and helped website developers maintain past plugins only compatible with WordPress 4.9.8, giving plugin developers time to get their plugins updated & compatible with the 5.0 release. Having the Classic Editor plugin installed restores the “classic” editing experience that WordPress has had up until the WordPress 5.0 release.[95] The Classic Editor Plugin will be supported at least until 2022.[96]
The Classic Editor plugin is active on over 5,000,000 installations of WordPress.[97]
–jeroen
Posted in Classic editor, Development, Gutenberg editor, Power User, SocialMedia, Software Development, Web Development, WordPress, WordPress | Leave a Comment »
Posted by jpluimers on 2022/02/24
IoT devices still often use the ‘Basic’ HTTP Authentication Scheme for authorisation, see [Wayback] RFC7617: The ‘Basic’ HTTP Authentication Scheme (RFC ) and [Wayback] RFC2617: HTTP Authentication: Basic and Digest Access Authentication (RFC ).
Often this authentication is used even over http instead of over https, for instance the Egardia/Woonveilig alarm devices I wrote about yesterday at Egardia/Woonveilig: some notes about logging on a local gateway to see more detailed information on the security system. This is contrary to guidance in:
- RFC7617:
This scheme is not considered to be a secure method of user
authentication unless used in conjunction with some external secure
system such as TLS (Transport Layer Security, [RFC5246]), as the
user-id and password are passed over the network as cleartext.
- RFC2617:
"HTTP/1.0", includes the specification for a Basic Access
Authentication scheme. This scheme is not considered to be a secure
method of user authentication (unless used in conjunction with some
external secure system such as SSL [5]), as the user name and
password are passed over the network as cleartext.
Fiddling with those alarm devices, I wrote these two little bash functions (with a few notes) that work both on MacOS and in Linux:
# `base64 --decode` is platform neutral (as MacOS uses `-D` and Linux uses `-d`)
# `$1` is the encoded username:password
function decode_http_Basic_Authorization(){
echo $1 | base64 --decode
echo
}
# `base64` without parameters encodes
# `echo -n` does not output a new-line
# `$1` is the username; `$2` is the password
function encode_http_Basic_Authorization(){
echo $1:$2 | base64
}
The first decodes the <credentials> from a Authorization: Basic <credentials> header into a username:password clean text followed by a newline.
The second one encodes a pair of username and password parameters into such a <credentials> string.
They are based on these initial posts that were not cross platform or explanatory:
- [Wayback] Decode HTTP Basic Access Authentication – Stack Pointer
- [Wayback] Create Authorization Basic Header | MJ’s Web Log
–jeroen
Posted in *nix, *nix-tools, Apple, Authentication, bash, bash, Communications Development, Development, HTTP, Internet protocol suite, Linux, Mac OS X / OS X / MacOS, Power User, Scripting, Security, Software Development, TCP, Web Development | Leave a Comment »
Posted by jpluimers on 2022/02/23
Yesterday I wrote about I consider stealing the user’s time because of a bad UX design among the Dark Patterns.
It was about a site blocking the paste of an e-mail field.
I forgot about an almost Dark Pattern on the same site that might be not obvious for English and French readers, but (though there is little documentation on this) there are a lot of countries having the house number put after the street name.
When filling out forms, it makes a lot of sense to put the house number and street name fields in the order of use for the majority of people living that country.
Not doing so rates a form almost as Dark Pattern, for instance the Dutch “MijnOLVG” site, as this is their account sign-up form:
Read the rest of this entry »
Posted in Dark Pattern, Development, Power User, Software Development, User Experience (ux), Web Development | Leave a Comment »
Posted by jpluimers on 2022/02/08
As a precursor to a post tomorrow showing that serving UTF8 does not mean organisations go without unicode problems, first some statistics.
The first Unicode ideas got drafted some 30 years ago in 1987. In 1991, more than 30 years ago, the Unicode Consortium saw the light. Nowadays more than 95% percent of the web-pages (close to 100% when you include plain ASCII) is served using the UTF-8 encoding.
It means that nowadays there is a very small chance you
will see mangled characters (what Japanese call mojibake) when you’re surfing the web.
Some nice graphs of unicode growth are at these locations are at these locations:
I think especially important are 2008 (when UTF-8 had outgrown all other individual encodings) and slightly after 2010, when UTF-8 alone covered more than 50% of the pages served. These exclude ASCII-only pages. Adding those would make the figures even larger.
Historical yearly trends in the usage statistics of character encodings for websites, June 2021
–jeroen
Posted in Development, Encoding, Software Development, UTF-8, UTF8, Web Development | Leave a Comment »
Posted by jpluimers on 2022/02/01
[Wayback] Jeroen Wiert Pluimers on Twitter: “”Too special” password character password woos at @HORNBACH_NL : [ Het wachtwoord moet minstens acht tekens lang zijn, en minstens een getal en een letter (a-zA-Z) bevatten. De volgende speciale tekens zijn toegestaan: !”#$%&'()*+,.:;?@_|} ] 1/”
I wonder what kind of parser they use, as these printable special ASCII characters are forbidden:
- \-/[\]^`{~
- space (0x20)
- tab (0x9)
- line feed (0xa)
- carriage return (0xb
- vertical tab (0xb)
- form feed (0xc)
Seems no JSON or SQL to me: there I would expect other limitations.
What would break if you use them in other fields or pass them in an HTML POST-request?
I mean: these passwords should be salted and hashed immediately when the HTML-POST request is received, so certainly they would not be stored somewhere or passed many layers into code, right?
Oh, in order to activate an account there, you need to accept some 40+ A4 sized pages of legal stuff. Brave Dutch judge that will put these all in favour of Hornbach.
–jeroen
Read the rest of this entry »
Posted in Development, LifeHacker, Power User, Security, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2022/02/01
Sometimes it is easier to have current and public CA signed TLS certificates for internal servers than to setup and maintain an internal CA and register it on all affected browsers (including mobile phones).
One of my reasons to investigate this is that Chrome refuses to save credentials on servers that have no verifiable TLS certificate, see my post Some links on Chrome not prompting to save passwords (when Firefox and Safari do) about a week ago.
Below are some links for my link archive that hopefully will allow me to do this with Let’s Encrypt (msot via [Wayback/Archive] letsencrypt for internal servers – Google Search):
Read the rest of this entry »
Posted in Cloud, Cloudflare, Development, Encryption, ESXi6, ESXi6.5, ESXi6.7, ESXi7, Fritz!, Fritz!Box, Fritz!WLAN, Infrastructure, Internet, Let's Encrypt (letsencrypt/certbot), Power User, Security, Software Development, Virtualization, VMware, VMware ESXi, Web Development | Leave a Comment »
Posted by jpluimers on 2022/01/20
For quite some time now, Chrome (think years) refuses to prompt for saving passwords whereas Firefox and Safari do prompt and save them, even for site types that it used to save passwords for in the past.
It has been annoying enough for too long now that I tried to do better than the Google searches I used back when I saw this happen first.
Below are some links based on new searches (starting with [Wayback] adding a password in chrome settings – Google Search); hopefully I can try them after I made a list of sites that Chrome does not show the password save prompt for.
Solutions I tried that failed (but maybe useful for others):
Solutions still to try:
Read the rest of this entry »
Posted in Chrome, Chrome, Communications Development, Development, Encryption, ESXi6, ESXi6.5, ESXi6.7, Firefox, Fritz!, Fritz!Box, Fritz!WLAN, Google, https, HTTPS/TLS security, Internet, Internet protocol suite, Let's Encrypt (letsencrypt/certbot), Power User, routers, Safari, Security, TCP, TLS, Virtualization, VMware, VMware ESXi, Web Browsers, Web Development | Leave a Comment »
Posted by jpluimers on 2021/12/29
This option in Chrome has moved around a bit, so here is how it was in Version 89.0.4389.90 (Official Build) (64-bit) when I documented it.
- Browse to
chrome://discards/
- Don’t be intimidated by the many rows and columns; only the rightmost 8 (at the time of writing) are interesting:
- Search for the URL (in my chase
https://web.whatsapp.com/ , so I searched for whatsapp which you see as orange in the screenshots below) for which you want to ensure it will never sleep/hibernate (Chrome calls this “discardable”)
- Click
Toggle under the checkmark ✔ so it changes into a cross ✘️ (so the URL will never be discarded, hence always stays awake)
Do this only for tabs that are not CPU/memory/traffic intensive
I got there via these posts:
When searching for discards, I found this post: [Wayback] How to Prevent Chrome from Reloading Tabs When You Switch to Them
Chrome has built-in memory management that causes inactive tabs to “sleep” as RAM is filled. When you click the tab again, it has to reload the page. It’s annoying.
–jeroen
Posted in Chrome, Development, Google, Power User, SocialMedia, Software Development, Web Development, WhatsApp | Leave a Comment »
Posted by jpluimers on 2021/12/28
People around me often wonder why things that seem so obvious does not work, and ask me if I bump into similar things.
I do, and often wonder why banks do not pay users to do testing for them instead of the other way around.
Below the fold a few Twitter threads. They might be mainly involving ING, but that’s just because I use their business and consumer portals more than those of other banks.
Here are the summaries:
Read the rest of this entry »
Posted in Development, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2021/12/14
A page with IPv4 and IPv6 network blocks and addresses [Wayback] Locations and IPs for whitelisting | UptimeRobot:
If you need to whitelist these IPs so that any requests that Uptime Robot send are not blocked.
Or in [Wayback] text form (with Wayback history):
216.144.250.150
69.162.124.226
69.162.124.227
69.162.124.228
69.162.124.229
69.162.124.230
69.162.124.231
69.162.124.232
69.162.124.233
69.162.124.234
69.162.124.235
69.162.124.236
69.162.124.237
63.143.42.242
63.143.42.243
63.143.42.244
63.143.42.245
63.143.42.246
63.143.42.247
63.143.42.248
63.143.42.249
63.143.42.250
63.143.42.251
63.143.42.252
63.143.42.253
216.245.221.82
216.245.221.83
216.245.221.84
216.245.221.85
216.245.221.86
216.245.221.87
216.245.221.88
216.245.221.89
216.245.221.90
216.245.221.91
216.245.221.92
216.245.221.93
208.115.199.18
208.115.199.19
208.115.199.20
208.115.199.21
208.115.199.22
208.115.199.23
208.115.199.24
208.115.199.25
208.115.199.26
208.115.199.27
208.115.199.28
208.115.199.29
208.115.199.30
208.115.199.30
46.137.190.132
122.248.234.23
188.226.183.141
178.62.52.237
54.79.28.129
54.94.142.218
104.131.107.63
54.67.10.127
54.64.67.106
159.203.30.41
46.101.250.135
18.221.56.27
52.60.129.180
159.89.8.111
146.185.143.14
139.59.173.249
165.227.83.148
128.199.195.156
138.197.150.151
34.233.66.117
2607:ff68:107::3
2607:ff68:107::4
2607:ff68:107::5
2607:ff68:107::6
2607:ff68:107::7
2607:ff68:107::8
2607:ff68:107::9
2607:ff68:107::10
2607:ff68:107::11
2607:ff68:107::12
2607:ff68:107::13
2607:ff68:107::14
2607:ff68:107::15
2607:ff68:107::16
2607:ff68:107::17
2607:ff68:107::18
2607:ff68:107::19
2607:ff68:107::20
2607:ff68:107::21
2607:ff68:107::22
2607:ff68:107::23
2607:ff68:107::24
2607:ff68:107::25
2607:ff68:107::26
2607:ff68:107::27
2607:ff68:107::28
2607:ff68:107::29
2607:ff68:107::30
2607:ff68:107::31
2607:ff68:107::32
2607:ff68:107::33
2607:ff68:107::34
2607:ff68:107::35
2607:ff68:107::36
2607:ff68:107::37
2607:ff68:107::38
2607:ff68:107::39
2607:ff68:107::40
2607:ff68:107::41
2607:ff68:107::42
2607:ff68:107::43
2607:ff68:107::44
2607:ff68:107::45
2607:ff68:107::46
2607:ff68:107::47
2607:ff68:107::48
2607:ff68:107::49
2607:ff68:107::50
2607:ff68:107::51
2607:ff68:107::52
2607:ff68:107::53
2607:ff68:107::54
2607:ff68:107::55
2a03:b0c0:0:1010::832:1
2a03:b0c0:1:d0::e54:a001
2604:a880:800:10::4e6:f001
2604:a880:cad:d0::122:7001
2a03:b0c0:3:d0::33e:4001
2600:1f16:775:3a01:70d6:601a:1eb5:dbb9
2600:1f11:56a:9000:23:651b:dac0:9be4
2a03:b0c0:3:d0::44:f001
2a03:b0c0:0:1010::2b:b001
2a03:b0c0:1:d0::22:5001
2604:a880:400:d0::4f:3001
2400:6180:0:d0::16:d001
2604:a880:cad:d0::18:f001
2600:1f18:179:f900:88b2:b3d:e487:e2f4
–jeroen
Posted in Development, LifeHacker, Power User, Web Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 