 | Jeroen Wiert Pluimer… on Does Odido (the old T-Mobile N… |
 | Lars Fosdal on Security alarm provider Woonve… |
 | Thomas Mueller on Question got closed in May 202… |
 | Thaddy de Koning on Formulier voor bewindvoerders… |
| Thaddy de Koning on Formulier voor bewindvoerders… |
Posted by jpluimers on 2021/12/28
People around me often wonder why things that seem so obvious does not work, and ask me if I bump into similar things.
I do, and often wonder why banks do not pay users to do testing for them instead of the other way around.
Below the fold a few Twitter threads. They might be mainly involving ING, but that’s just because I use their business and consumer portals more than those of other banks.
Here are the summaries:
Posted in Development, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2021/12/14
A page with IPv4 and IPv6 network blocks and addresses [Wayback] Locations and IPs for whitelisting | UptimeRobot:
If you need to whitelist these IPs so that any requests that Uptime Robot send are not blocked.
Or in [Wayback] text form (with Wayback history):
216.144.250.150 69.162.124.226 69.162.124.227 69.162.124.228 69.162.124.229 69.162.124.230 69.162.124.231 69.162.124.232 69.162.124.233 69.162.124.234 69.162.124.235 69.162.124.236 69.162.124.237 63.143.42.242 63.143.42.243 63.143.42.244 63.143.42.245 63.143.42.246 63.143.42.247 63.143.42.248 63.143.42.249 63.143.42.250 63.143.42.251 63.143.42.252 63.143.42.253 216.245.221.82 216.245.221.83 216.245.221.84 216.245.221.85 216.245.221.86 216.245.221.87 216.245.221.88 216.245.221.89 216.245.221.90 216.245.221.91 216.245.221.92 216.245.221.93 208.115.199.18 208.115.199.19 208.115.199.20 208.115.199.21 208.115.199.22 208.115.199.23 208.115.199.24 208.115.199.25 208.115.199.26 208.115.199.27 208.115.199.28 208.115.199.29 208.115.199.30 208.115.199.30 46.137.190.132 122.248.234.23 188.226.183.141 178.62.52.237 54.79.28.129 54.94.142.218 104.131.107.63 54.67.10.127 54.64.67.106 159.203.30.41 46.101.250.135 18.221.56.27 52.60.129.180 159.89.8.111 146.185.143.14 139.59.173.249 165.227.83.148 128.199.195.156 138.197.150.151 34.233.66.117 2607:ff68:107::3 2607:ff68:107::4 2607:ff68:107::5 2607:ff68:107::6 2607:ff68:107::7 2607:ff68:107::8 2607:ff68:107::9 2607:ff68:107::10 2607:ff68:107::11 2607:ff68:107::12 2607:ff68:107::13 2607:ff68:107::14 2607:ff68:107::15 2607:ff68:107::16 2607:ff68:107::17 2607:ff68:107::18 2607:ff68:107::19 2607:ff68:107::20 2607:ff68:107::21 2607:ff68:107::22 2607:ff68:107::23 2607:ff68:107::24 2607:ff68:107::25 2607:ff68:107::26 2607:ff68:107::27 2607:ff68:107::28 2607:ff68:107::29 2607:ff68:107::30 2607:ff68:107::31 2607:ff68:107::32 2607:ff68:107::33 2607:ff68:107::34 2607:ff68:107::35 2607:ff68:107::36 2607:ff68:107::37 2607:ff68:107::38 2607:ff68:107::39 2607:ff68:107::40 2607:ff68:107::41 2607:ff68:107::42 2607:ff68:107::43 2607:ff68:107::44 2607:ff68:107::45 2607:ff68:107::46 2607:ff68:107::47 2607:ff68:107::48 2607:ff68:107::49 2607:ff68:107::50 2607:ff68:107::51 2607:ff68:107::52 2607:ff68:107::53 2607:ff68:107::54 2607:ff68:107::55 2a03:b0c0:0:1010::832:1 2a03:b0c0:1:d0::e54:a001 2604:a880:800:10::4e6:f001 2604:a880:cad:d0::122:7001 2a03:b0c0:3:d0::33e:4001 2600:1f16:775:3a01:70d6:601a:1eb5:dbb9 2600:1f11:56a:9000:23:651b:dac0:9be4 2a03:b0c0:3:d0::44:f001 2a03:b0c0:0:1010::2b:b001 2a03:b0c0:1:d0::22:5001 2604:a880:400:d0::4f:3001 2400:6180:0:d0::16:d001 2604:a880:cad:d0::18:f001 2600:1f18:179:f900:88b2:b3d:e487:e2f4
–jeroen
Posted in Development, LifeHacker, Power User, Web Development | Leave a Comment »
Posted by jpluimers on 2021/12/14
From a while back, so I hope it has been fixed by now on the SVB PGB site.
The Dutch SVB (sociale verzekeringsbank, the [WayBack] organisation that implements social security schemes in The Netherlands) has a web-site to submit declarations for PGB ([Wayback] individualised subsidy for care, or personal care budget).
Authentication for the site goes through DigiD, the identity provider through which government related web-sites can verify the identity of Dutch residents on the internet.
In from somewhere in the mid 2010s until somewhere in 2020, the SVB PGB site would log you out when the 15-minute inactivity count-down in the lower right of the screen would reach zero.
After that, the behaviour changed: you would be logged out 15 minutes after logon, forcing one to login way more often. Each logoff/logon cycle had these effets:
Note that due to site stability reasons in the years before, I already printed each web-page to PDF before submitting, as there was no way to use the “back” button to see what information you had entered.
That way at least I had the information at hand when re-entering the same information. It also provided me of a “paper” trail of site navigation and entered data.
That’s why I reported it early March 2021:
Posted in Authentication, Development, DigiD, Power User, Security, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2021/12/08
Some sites manage to disable various printing options (including layout, so you cannot choose between landscape and portrait any more, or force landscape when portrait works better or vice versa).
Googling this got me into a web of things that didn’t help me (see links below), but those led me to this query [Wayback] chrome save as pdf layout missing portrait landscape – Google Search.
That returned a helpful result at [Archive.is/Wayback] Chrome Print dialogue not offering fit to page, landscape, other printing options – Google Chrome Community:
It’s about the extension [Archive.is] Stylus – Chrome Web Store
Redesign the web with Stylus, a user styles manager. Stylus allows you to easily install themes and skins for many popular sites.
I reconfigured the OHRA Mijn Zorg site to force re-enabling of layout by adding @page { size: auto !important; } for https://mijn.ohrazv.nl/ (click the Save button to save this change permanently):
Posted in Chrome, CSS, Development, Google, HTML, Power User, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2021/12/01
Some notes, as I’m looking to a stable, simple to maintain email forwarding system that is also secure and – yes – can cost money.
I need to leave IT-infrastructure behind that is easy to maintain for my heirs.
Some links:
The best open-source and free email forwarding service for custom domains. We do not keep logs nor store emails. We don’t track you. Unlimited aliases, catch-alls, wildcards, API access, and disposable addresses. Built-in support for DKIM, SRS, SPF, ARC, DMARC, and more. No credit card required.
What is the max email size limit
We default to a 50MB size limit, which includes content, headers, and attachments. Note that services such as Gmail and Outlook allow only 25MB size limit, and if you exceed the limit when sending to addresses at those providers you will receive an error message.
An error with the proper response code is returned if the file size limit is exceeded.
…
What is the difference between Free and Enhanced Protection
The Free plan requires you to use public DNS records to store your forwarding configuration. Anyone with a computer can lookup your forwarding configuration in a terminal if you are on the Free plan. Unlike the Free plan, the Enhanced Protection plan uses a cryptographically generated random string to store your forwarding configuration privately.
Free Plan Enhanced Protection Plan forward-email=user@gmail.comforward-email-site-verification=m8d7o8K4Il
Privacy
We have a “zero tolerance policy” privacy policy, which states that we don’t store logs nor emails, and we don’t track users. Our statement clearly states that we do not collect nor store forwarded emails, metadata, server-side nor client-side logs, IP addresses, or browser information.
Only an email address is required to create and configure the Enhanced Protection Plan, which hides DNS email alias information on the free plan through a managed and hosted service.
User’s accounts, domains, and all related information can be permanently deleted at any time by the user.
Free email forwarding for domains with features including Custom Domain Email Forwarding, Disposable Addresses, Multiple Recipients, Wildcards, and more!
–jeroen
Posted in Development, eMail, JavaScript/ECMAScript, Node.js, Power User, Scripting, SocialMedia, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2021/11/30
When trying to deliver mail, it is important to know which protocols and ports you can use.
On smtp, smtp-submission, smtps (ports 25, 587 and 465) and unofficial port 2525 (which Maingun maps to `smtp-submission): [Wayback] Which SMTP Port Should I Use? Learn Ports 25, 465, & 587 | Mailgun
Quote on why smtps port 465 is hardly used:
Port 465:
IANA has reassigned a new service to this port, and it should no longer be used for SMTP communications.
However, because it was once recognized by IANA as valid, there may be legacy systems that are only capable of using this connection method. Typically, you will use this port only if your application demands it. A quick Google search, and you’ll find many consumer Inbox Service Providers’ (ISPs) articles that suggest port 465 as the recommended setup. However, we do not recommend it, as it is not RFC compliant.
–jeroen
Posted in Communications Development, Development, Internet protocol suite, SMTP, Software Development, TLS, Web Development | Leave a Comment »
Posted by jpluimers on 2021/11/24
Despite the Electron framework, you might really want to consider writing desktop applications using native tools as it is extremely hard to write performant desktop applications otherwise.
It isn’t by coincidence that last year, Firefox by default makes the backspace key not go back to the previous web-page: it is still a problem in a truckload of interactive web applications, often even in web-based desktop applications:
I am not alone on this opinion:
In practice, “native” applications based on web-tools are notoriously hard to navigate by keyboard, which essential for swift operation.
I have filed a few bugs, and others many more on this, for example:
Also web-developers tend to love to introduce their own custom UX, like for a 6-digit numeric field, use 6 separate digit fields making it extremely hard to copy/paste numbers.
–jeroen
Read the rest of this entry »
Posted in Development, Software Development, Web Development, Windows Development | Leave a Comment »
Posted by jpluimers on 2021/11/16
[Archive.is] Kat Maddox on Twitter: “Who’s the CEO of emails I need to talk to him… “:
This is why dreamweaver still exists.
[Archive.is] Kat Maddox on Twitter: “You don’t need a time machine to go back to the past. You just need to try to write HTML in emails. If I have to nest one more table, I’ll have gone back far enough to be able to warn people about the dot com bubble. Fuck it. I’m writing this newsletter in markdown”
Markdown with an HTML generator actually is quite a good way to get HTML emails going.
Another route is [Wayback] Foundation for Emails | A Responsive Email Framework from ZURB.
Oh remember this: [Archive.is] StuAngel on Twitter: “rule of thumb “the mail clients are about 5 years behind in HTML support” – that was like 10 years ago and they have never gotten any better… https://t.co/lVAW5YCubm”
–jeroen
Posted in Development, eMail, HTML, SocialMedia, Software Development, Web Development | Leave a Comment »
Posted by jpluimers on 2021/11/11
For expired or self-signed certificates with an untrusted chain, you might want to by base the Chrome certificate/HSTS error message.
Instead of clicking a few times, you can also type ‘badidea’ (this used to be ‘thisisunsafe’ and might change again someday).
Based on: [WayBack] security – Does using ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error only apply for the current site? – Stack Overflow
Found via [WayBack] KPN-klanten kunnen Experiabox V10A niet benaderen door verlopen certificaat – Computer – Nieuws – Tweakers
Source code that handles this: [WayBack] components/security_interstitials/core/browser/resources/interstitial_v2.js – chromium/src – Git at Google
/** * This allows errors to be skippped by typing a secret phrase into the page. * @param {string} e The key that was just pressed. */ function handleKeypress(e) { var BYPASS_SEQUENCE = 'badidea'; if (BYPASS_SEQUENCE.charCodeAt(keyPressState) == e.keyCode) { keyPressState++; if (keyPressState == BYPASS_SEQUENCE.length) { sendCommand(SecurityInterstitialCommandId.CMD_PROCEED); keyPressState = 0; } } else { keyPressState = 0; } }
–jeroen
Posted in Chrome, Development, Encryption, https, HTTPS/TLS security, Power User, Security, Web Browsers, Web Development | Leave a Comment »
Posted by jpluimers on 2021/11/04
This does not happen often, and I found the way that [WayBack] Duden Offline is indicated hilarious!
It’s just a “basic” HTML page showing the meaning of “Wartung” (German word for Maintenance).
Duden is het German equivalent of the Oxford English Dictionary.
Not all of the huge site was gone. Part of the “Rechtschreibung” was still there, including the Wikipedia entry (:
I wonder what that one shows during maintenance (:
Links:
The HTML page is interesting because just a minority of it is HTML. The rest is a truckload of CSS and embedded fonts. It is interesting to see how it was built, as the CSS and HTML is very well structured.
–jeroen
Posted in CSS, Development, Fun, HTML, HTML5, Power User, Software Development, Web Development | Leave a Comment »
The Wiert Corner - irregular stream of stuff 