The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

    Mastodon

  • Twitter Updates

  • My Flickr Stream

    20140508-Delphi-2007--Project-Options--Cannot-Edit-Application-Title-HelpFile-Icon-Theming20140430-Fiddler-Filter-Actions-Button-Run-Filterset-now20140424-VMware-Fusion-6.0.3.-no-reclaimable
    More Photos

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,861 other subscribers

Archive for the ‘Web Development’ Category

« Previous Entries
Next Entries »

Which SMTP Port Should I Use? Learn Ports 25, 465, & 587 (and unofficial port 2525) | Mailgun

Posted by jpluimers on 2021/11/30

When trying to deliver mail, it is important to know which protocols and ports you can use.

On smtp, smtp-submission, smtps (ports 25, 587 and 465) and unofficial port 2525 (which Maingun maps to `smtp-submission): [Wayback] Which SMTP Port Should I Use? Learn Ports 25, 465, & 587 | Mailgun

Quote on why smtps port 465 is hardly used:

Port 465:

IANA has reassigned a new service to this port, and it should no longer be used for SMTP communications.

However, because it was once recognized by IANA as valid, there may be legacy systems that are only capable of using this connection method. Typically, you will use this port only if your application demands it. A quick Google search, and you’ll find many consumer Inbox Service Providers’ (ISPs) articles that suggest port 465 as the recommended setup. However, we do not recommend it, as it is not RFC compliant.

–jeroen

Posted in Communications Development, Development, Internet protocol suite, SMTP, Software Development, TLS, Web Development | Leave a Comment »

Writing desktop apps: use native tools, not web-tools

Posted by jpluimers on 2021/11/24

Despite the Electron framework, you might really want to consider writing desktop applications using native tools as it is extremely hard to write performant desktop applications otherwise.

It isn’t by coincidence that last year, Firefox by default makes the backspace key not go back to the previous web-page: it is still a problem in a truckload of interactive web applications, often even in web-based desktop applications:

I am not alone on this opinion:

In practice, “native” applications based on web-tools are notoriously hard to navigate by keyboard, which essential for swift operation.

I have filed a few bugs, and others many more on this, for example:

Also web-developers tend to love to introduce their own custom UX, like for a 6-digit numeric field, use 6 separate digit fields making it extremely hard to copy/paste numbers.

–jeroen
Read the rest of this entry »

Posted in Development, Software Development, Web Development, Windows Development | Leave a Comment »

The horrors of HTML email where there CSS

Posted by jpluimers on 2021/11/16

[Archive.is] Kat Maddox on Twitter: “Who’s the CEO of emails I need to talk to him… “:

This is why dreamweaver still exists.

[Archive.is] Kat Maddox on Twitter: “You don’t need a time machine to go back to the past. You just need to try to write HTML in emails. If I have to nest one more table, I’ll have gone back far enough to be able to warn people about the dot com bubble. Fuck it. I’m writing this newsletter in markdown”

Markdown with an HTML generator actually is quite a good way to get HTML emails going.

Another route is [Wayback] Foundation for Emails | A Responsive Email Framework from ZURB.

Oh remember this: [Archive.is] StuAngel on Twitter: “rule of thumb “the mail clients are about 5 years behind in HTML support” – that was like 10 years ago and they have never gotten any better… https://t.co/lVAW5YCubm”

–jeroen

Posted in Development, eMail, HTML, SocialMedia, Software Development, Web Development | Leave a Comment »

To bypass a Chrome certificate/HSTS error, you can type ‘badidea’ (previously ‘thisisunsafe’) without quotes (this might change in the future)

Posted by jpluimers on 2021/11/11

For expired or self-signed certificates with an untrusted chain, you might want to by base the Chrome certificate/HSTS error message.

Instead of clicking a few times, you can also type ‘badidea’ (this used to be ‘thisisunsafe’ and might change again someday).

Based on: [WayBack] security – Does using ‘badidea’ or ‘thisisunsafe’ to bypass a Chrome certificate/HSTS error only apply for the current site? – Stack Overflow

Found via [WayBack] KPN-klanten kunnen Experiabox V10A niet benaderen door verlopen certificaat – Computer – Nieuws – Tweakers

Source code that handles this: [WayBack] components/security_interstitials/core/browser/resources/interstitial_v2.js – chromium/src – Git at Google

/**
 * This allows errors to be skippped by typing a secret phrase into the page.
 * @param {string} e The key that was just pressed.
 */
function handleKeypress(e) {
  var BYPASS_SEQUENCE = 'badidea';
  if (BYPASS_SEQUENCE.charCodeAt(keyPressState) == e.keyCode) {
    keyPressState++;
    if (keyPressState == BYPASS_SEQUENCE.length) {
      sendCommand(SecurityInterstitialCommandId.CMD_PROCEED);
      keyPressState = 0;
    }
  } else {
    keyPressState = 0;
  }
}

–jeroen

Posted in Chrome, Development, Encryption, https, HTTPS/TLS security, Power User, Security, Web Browsers, Web Development | Leave a Comment »

I love the way it shows “Duden Offline”

Posted by jpluimers on 2021/11/04

This does not happen often, and I found the way that [WayBack] Duden Offline is indicated hilarious!

It’s just a “basic” HTML page showing the meaning of “Wartung” (German word for Maintenance).

Duden is het German equivalent of the Oxford English Dictionary.

Not all of the huge site was gone. Part of the “Rechtschreibung” was still there, including the Wikipedia entry (:

I wonder what that one shows during maintenance (:

Links:

–jeroen

Read the rest of this entry »

Posted in CSS, Development, Fun, HTML, HTML5, Power User, Software Development, Web Development | Leave a Comment »

Shodan (via SCADA systems accessible through the internet)

Posted by jpluimers on 2021/10/27

Just 2 years ago I bumped into shodan.io through [Wayback] Onderzoekers: zestig slecht beveiligde Nederlandse scada-systemen op internet – Computer – Nieuws – Tweakers and saved the entry [Wayback] Shodan (website) – Wikipedia:

Shodan is a search engine that lets the user find specific types of computers (webcamsroutersservers, etc.) connected to the internet using a variety of filters. Some have also described it as a search engine of service banners, which are metadata that the server sends back to the client.[1] This can be information about the server software, what options the service supports, a welcome message or anything else that the client can find out before interacting with the server.

Shodan collects data mostly on web servers (HTTP/HTTPS – ports 80, 8080, 443, 8443), as well as FTP (port 21), SSH (port 22), Telnet (port 23), SNMP (port 161), IMAP (ports 143, or (encrypted) 993), SMTP (port 25), SIP (port 5060),[2] and Real Time Streaming Protocol (RTSP, port 554). The latter can be used to access webcams and their video stream.[3]

It was launched in 2009 by computer programmer John Matherly, who, in 2003,[4] conceived the idea of searching devices linked to the Internet.

It looked promising, but I was really pressed for time (having impromptu arrange all care for my mom, and became even more so when I got diagnosed with rectum cancer later that year), so did not pay much attention apart from registering.

Last year in the midst of my chemos I noted [Archive.is] Nate Warfield on Twitter: “https://t.co/16969jRfuL The latest Citrix vulnerability looks bad but there might be time to fix them before PoC comes out. The @shodanhq query above might help. (support.citrix.com/article/CTX269106 has more details)… “ (I think via @jilles_com) , so put it on my list of things to look into a bit further.

Since then, I found out a lot of people dislike Shodan and want to blacklist it because they see it as a threat. It feels like people think the internet is like the [Wayback] Ravenous Bugblatter Beast of Traal | Hitchhikers | Fandom

The Ravenous Bugblatter Beast of Traal is a vicious wild animal from the planet of [Wayback] Traal, known for its never-ending hunger and its mind-boggling stupidity. One of the main features of the Beast is that if you can’t see it, it assumes it can’t see you.

(This by the way is one of the reasons for Towel Day – Wikipedia)

Anyway: a few lists of Shodan IPv4 addresses and hostnames, and means to maintain them for the ones interested:

Reality is that the internet is much smarter, so if you block Shodan from seeing you, others from the internet still will and if you have vulnerable services, one day they will be abused. For instance, this personal anecdote:

I forgot I had a port redirection on my router for RDP access a non longer existing Windows system any more. I forgot that this Windows machine had no fixed DHCP-lease while in use (it kept it’s lease as it was always on).

When that machine was long gone, another temporary Windows machine obtained the same internal machine (the router had been rebooted and after reboot hands out previously handed out IP address), and boom: the new Windows machine was bombarded with RDP logon requests.

In the end, the new Windows machine was not compromised, so I was lucky as it could have been.

Back when registering, shodan.io sent SMTP mail via sky.census.shodan.io, so you might want to not blacklist it if you blacklist at all (incidentally, when writing the IP address  servicing that hostname was hosted in The Netherlands: [Wayback] 80.82.77.33 – sky.census.shodan.io – Netherlands – IP Volume inc – IP address geolocation).

It is good to think of you use Shodan, as not all usage might be legal where you live or where you travel to.

Some discussion in Dutch on the risks of using Shodan are in the above Tweakers.net link. It boils down to:

  • Searching should be OK
  • Accessing the devices found can be totally illegal

That’s basically with anything you find on the internet, for instance by Googling, so nothing new here.

I mainly use Shodan to see if I have any known vulnerabilities exposed. There are not that many ports open, but given the anecdote above, I might screw up again and not be so lucky.

This article has a balanced explanation of Shodan, how you use it, and how to stay safe: [Wayback] How to remove your device from the Shodan IoT search engine.

jeroen

 

Posted in Development, IoT Internet of Things, Network-and-equipment, Power User, Security, Software Development, Web Development | Leave a Comment »

HTML cleanup tool & simplifier. For basic & clean HTML 🔧

Posted by jpluimers on 2021/10/21

I have used other on-line HTML cleanup tools in the past (especially for including parts of web-pages in a blog post), but so far none beats HTML Washer: [Wayback] HTML cleanup tool & simplifier. For basic & clean HTML 🔧

An online tool that reduces HTML to basic tags and attributes. Removes scripts, CSS, and other non-basic elements like , , etc… Also, corrects errors and formats the HTML doc or a fragment.

–jeroen

Posted in Development, HTML, Power User, SocialMedia, Software Development, Web Development, WordPress | Leave a Comment »

For WiFi guest networks with a fixed SSID: QR code – Wikipedia

Posted by jpluimers on 2021/10/06

Access Denied

Access Denied

I knew it was possible to generate QR codes to access quest networks (as the QR code has credentials) for WiFi networks having a fixed SSID.

I just never bothered, but did when needed home care with quite a few different people providing the care.

Generating was easier than I anticipated, though I hoped I just could put the parameters in a URL and fire off to get a page including the QR code.

Alas, the pages I found require you to enter the SSID name and key/password phrase.

That’s OK: I have saved the PNG files for our network and my brother’s as images so I can put them on-line, and printed them out so guests can scan and use the network at once.

Here we go:

  • 124 network Access Denied, key 2171TB24
  • 171 network Disconnected, key 1060NP71

Related:

Read the rest of this entry »

Posted in Barcode, Development, Fritz!, Fritz!Box, JavaScript/ECMAScript, Network-and-equipment, Power User, QR code, Scripting, Software Development, Web Development, WiFi | Leave a Comment »

Highly esteemed science: An analysis of attitudes towards and perceived attributes of science in letters to the editor in two Dutch newspapers – Stefan P.L. de Jong, Elena Ketting, Leonie van Drooge, 2020

Posted by jpluimers on 2021/10/06

All my IPv4 addresses seem to be blocked with messages like this (note the odd, but allowed, leading zero in the IPv4 address [WayBack]):

Error

The IP you are accessing the site with (037.153.243.242) has been blocked because it has triggered one of our security measures. Please see the reason below:
Block reason: This IP was identified as infiltrated and is being used by sci-hub as a proxy.
To restore access, please contact onlinesupport@sagepub.com citing this message in full.

A quick [WayBack] “This IP was identified as infiltrated and is being used by sci-hub as a proxy.” – Google Search shows they also block the Google Bot.

I am not not even going to bother with companies that have bad infiltration detection.

Of course I ensured the paper has been archived:

[WayBack/Archive.is] Highly esteemed science: An analysis of attitudes towards and perceived attributes of science in letters to the editor in two Dutch newspapers – Stefan P.L. de Jong, Elena Ketting, Leonie van Drooge, 2020.

Note I do not run sci-hub, though it tempts me doing so. For more info: [WayBack] Sci-Hub – Wikipedia

I checked the router and web-proxy for any suspicious activity. There is none.

I do run the ArchiveBot by the ArchiveTeam to support the WayBackMachine of the InternetArchive and the great team Mark Graham has there providing some bandwidth and CPU/memory resources helping them archive public internet content for posterity.

It that triggers SAGE, too bad for them.

–jeroen

Read the rest of this entry »

Posted in Development, Internet, InternetArchive, LifeHacker, Power User, Software Development, WayBack machine, Web Development | Leave a Comment »

The browser wars that started on iOS (forcing Safari) and Android (forcing Chrome) now are continued on Windows 11 (forcing Edge)

Posted by jpluimers on 2021/10/05

Via:

 

Posted in Awareness, Development, HTTP, Internet protocol suite, Software Development, TCP, TLS, URI, Web Development | Leave a Comment »

« Previous Entries
Next Entries »