Detect email sharing

When you give your email address everywhere for marketing subscription, product trial, small games, you don’t know if one of them is selling your email to spammers.  Or, if they were hacked.

These are 2 solutions you can use to detect where your spam came from.

First method: The “+” Sign

First, you need to know that:  Email addresses usually looks like that:
yourname @ yourdomain.com.  What you don’t know, if you can add some meta data inside your address, and it will works as usually, because all you type between the “+” and “@” sign are ignored.

When you subscribe to a service who needs your email address, you can try to type: yourname+servicename@yourdomain.com.  The part “+servicename” is ignored from smtp servers, and you will receive your mails as usual.  But, in the address, you will be able to see what’s after the + sign.

Then, if you receive a suspicious email, just look at the recipient email address. If it contains the “+servicename”, it means that “servicename” sold your email address!

  • Pros: very easy to use, just add +xyz to your email address.
  • Cons: the “+” sign can be see as invalid email address in some email validation system, so you can’t use it everywhere.

Second method: catchAll Account

The second one is more complicated.  It requires to have full control of your domain name and email configuration.

That method is by using a “catchAll” address.  A catchAll, is an email configuration that allow any email addressed to your domain name, to be redirected to the same inbox.  If someone try to contact any address of your domain, instead of receiving an error with “bad recipient”, every email will reach an inbox.  The catchAll inbox is used to receive all messages without specific account configured in your email system.

You need to have at least one real inbox account, like yourname@yourdomain.com.  Then you set it as a “catchAll” account.  Then, any incoming email to your domain, like “anything@yourdomain.com”, is sent to the inbox  “yourname@yourdomain.com”.  That way, when you subscribe to a service, you can use an email like thatservice@yourdomain.com.  If you create a twitter account, just set the email address to twitter@yourdomain.com.

Now, when you receive a suspicious email, you only need to look at the recipient “to” header.  If that mail is addressed to twitter@yourdomain.com, but that mail is not from twitter, you will know that they have sold your email! (twitter only used as example…)

  • Pros: email addresses used are all valid, without the “+” sign of the first method
  • Cons:
    • difficult to configure, you must have full control of your inbound email configuration and own your own domain name.
    • Sometimes, recipients will find suspicious that you use their domainname in your email address!

Example: how to configure a catchAll account at godaddy

 

How to test IE8 to 11 on windows 10

Sometimes, because your customers uses old versions of Internet Explorer in enterprise, you may have undiscovered issues with your web app, and need to reproduce these bugs.

BrowserStack offers a good solution, with tons of different virtual machines available in multiple versions to run your tests.  But, if you need to do some debugging in the development console (F12), that service is extremely slow, even unusable.

If you need to run IE versions 8 to 11 without performance issues, I suggest to download these Virtual Machines made by Microsoft.  You can get them there (link).

You can choose between IE8, IE9, IE10, IE11 on Win7 and Win8.1, and Edge.
Each of these machines are offered to these architectures:

These virtual machines are already configured and ready to run, with a limited windows licence available for 90 days.  After that delay, you may need to re-download a new VM.

My favorite vm engine was vmware, because I can run it for free using VMware Player.  But, they recently changed their licencing for these machines, so I discovered that other product, that is as good as vmware.  I now use Oracle VirtualBox, a totally free solution even for enterprise.

One thing I must do on these VM before running them, is changing the network adapter setting (of the VM), and choose Bridged network instead of the default option already selected.

Once they are configured and running, instead of using them in the native Player UI, I like to install them as a service (using that method), because I can connect to them using Remote Desktop, from my computer, or from any other computer of the Local Area Network.

Then at work, any developer of our team can connect to these VM, we only need to install them once, and they are always running.

How to run any program as a service on Windows

Sometimes, you want an application to always run.  Even if you are not logged on.  You want the app to start automatically with Windows.

You know that Windows Services are kind of software that do that.

But, what if you want a non-service app to run automatically, like a service, even notepad.exe?

You may have found softwares like AlwaysUp, FireDaemon, or srvany (from Windows Resource Kit) that can help you achieve that goal.

But, did you know that you can do that, directly inside windows, without any third party software?

The solution is to simply use the windows integrated Task Scheduler.

  • You can use it, to launch any app.
  • You can make it run on any username.
  • You can set it to run even if you are not logged.
  • And, the best of all, you can set it launch trigger to “Windows Startup”!

That’s all you need, to launch any app with windows start, like a windows service.

Ok, it’s not a real windows service, you can’t see it in the services area, but you will see them running in the Task Scheduler console, where you can stop it, restart it, etc.

Getting Started with Amazon Web Services (AWS)

You have heard about Cloud Computing.  You looked at Amazon AWS, Microsoft Azure, Google Cloud Services, and maybe others.  But, where to start?

If you choosed AWS, as I did, I’ll try to make it easier for you to start your experience. Because, their documentation can be difficult to understand.  In fact, most of their services are easy to use, but sometimes, they use words or services names that are not related to our own vocabulary.

You know firewall.  That’s clear to your mind what it means.  But, they call it a Security Group.

AWS contains lots of services, that allows you to run a virtual machine (linux / windows), Database, API, nosql, data storage, queue, mail, etc … You looked at the service list, but there is tons of them, and it’s unclear which one is what you need.

And, sometimes, multiple services can do almost the same job.  Data Storage, for instance, is available from these 3 services: S3, EBS and EFS.

Let’s try to define some of the most popular services.

  • EC2 (Elastic Cloud Computing)
    • These are virtual machines, like you may have used with products like vmware, virtualbox, running Windows or Linux.
  • EBS (Elastic Block Store)
    • These are your Disk Drive Storage from EC2 service.  When linked to a Windows EC2 instance, it can be formatted, and mapped to a drive letter.  Your “C:\” drive, is a ntfs partition an EBS entity.  So an EBS is a virtual disk drive.  They are all based on SSD technology, but for a lower cost, you can still get magnetic drives.
  • Route 53
    • This is where all your domain name are managed.
    • You can buy a domain name, (Domain Name Registration), and you can also manage your DNS.  The DNS you manage can have been bought from AWS, or somewhere else like GoDaddy.
      • You just need to configure your NameServer to use Route53 as your primary DNS service.
  • S3 (Simple Storage Service)
    • This allow to stock “blobs” of information, usually files.  You can then access them from API, or url.  You upload these files using API, or you can use helper aplications like TNTDrive.
    • You can also store a web site on this service, if your site contains static files.  You can map an “end point” (url) to one of your S3 container (bucket).
    • Also, it’s the least expensive of the 3 storage services available, but it’s not meant to be used like EBS or EFS.  You can’t directly “mount” a drive letter from Windows to S3, without a third party app.
  • Cloudfront
    • It a “proxy”, used to serve your web site files all over the world.  See it as a CDN (Content Delivery Network).  They keep a copy of your files all over the world, and serve them to your visitors on the nearest available proxy.  Usually, you put your static files to a S3 bucket, and use cloudfront to serve them.  I don’t recommend to use that service immediatly, you should start serving your files directly from S3 instead.
    • It can be compared to other services like Cloudflare or Akamai.
  • RDS (Relational Database Service)
    • They are like EC2 virtual machine, but you can’t login directly on them. They are already configured with a database of your choice, and amazon take care of updating these machines.  You manage your databases with the tool you used normally, like SQL Server Management Studio, MySQL Workbench, etc.
    • If you’re a MySQL fan, take a look at Aurora.  It’s a RDS service built by Amazon, compatible with MySQL, but it can be up to 5 times faster.
  • EFS (Elastic File System)
    • It works like a “NAS”.  If you need a disk drive shared between multiple instances of EC2, that’s the service to use.  It is accessible as a “network drive” in Windows.  The price is based on amount of data stored on it, unlike EBS, that is charged on the maximum capacity of the drive.
  • Cloudwatch is used to diagnose all your AWS services
    • Scan your current and past CPU and Memory usage
    • Receive an alert if your monthly usage is over a defined amount
    • Detect if you lose all your “cpu credit” and get alert of it
    • etc

 

Watch out for IndexedDB + [Date] format

You may have read that post from Raymond Camden about using [Date] format object in indexedDB.

Following that advice, we used it in our application.

Everything was fine, until we got customers using IE11 on windows 7.  IE11 on win8.x, and Win10 were OK, but, only on windows 7, we had errors.

After some investigations, using the Microsoft provided Virtual Machine to test IE11 on Windows 7, we found that all our “Date” used in index, were converted to ISO String!

So, we had to change our app, and use ISO string everywhere for dates we need to use as index, just in case we got customers with Internet Explorer 11 on Windows 7.

P.S. we are using db.js, so we’re not sure if the browser itself modify our date variable to string, or db.js, but it just happen.

How to setup Free SSL / HTTPS in EC2 IIS

More and more, all sites are running over HTTPS / SSL.  I personnally think that, in the near future, port 80 / http will die, and all pages will be served in SSL.

One reason for that, is the work done by the “Let’s Encrypt” team.
Look at their sponsors, it’s all the major names of the industry.  And, beginning January 2018, they will also offer free “wildcard” certificates!

So, i’ll explain you how to configure that ssl certificate on your Windows EC2 server running IIS.

The LetEncrypt protocole can be a little difficult to setup.  But, one person did a tool that make ssl certification very easy.

That tool is called “letsencrypt-win-simple“, (now win-acme)hosted on github.

First, you need to configure your site in IIS in standard http.  (look at others chapters to configure IIS and get a fixed IP).

Then, download letsencrypt-win-simple, open a command prompt in administrator mode.  Start the executable, and it will list all your sites in IIS.  Choose the site you want to secure.  The tool will create a file in your site root folder, some communications will be done between your server and the letsencrypt api.  Your site needs to be reachable from its public IP and domain name.

Then, that’s all, the certificate is added to IIS, and the binding is also linked to your site.

These free certificates are valid for 2 months, but the letsencrypt-win-simple app auto-add itself to your “windows task manager”, and it’s running every day to automatically renew all your expired certificates.  So, you don’t need to re-run that procedure, everything is automated and works very fine.

I suggest run that on an empty site (with a simple empty default.aspx / index.htm page), before installing WordPress, because you want to configure your wordpress in https.  It can be hard to move from http to https in wordpress after the initial setup, if you have some content that includes your absolute url with “http://” hard-coded url.

DIY Guides for AWS

These how-to guides that will help you start an create a simple and cheap server solution that will cost around $20/month. These guides includes:

  • Introduction
  • Domain Name
    • Purchase
    • Configuration (DNS)
    • Transfer from GoDaddy
  • Create and configurure your personal virtual server
    • Remote desktop access
  • Hosting web sites / apps on a virtual machine (Windows Server / IIS)
  • Configure your first small business or personal web site
    • WordPress
      • PHP
      • MySQL
  • Host ASP.NET Web Application
    • IIS
    • SQL Server
  • Send-Receive Emails
    • Outgoing (local smtp / IIS), using:
      • Integrated Windows SMTP Relay Service IIS
      • or hmailserver (preferred)
        • Configuring DKIM for hmailserver
      • or AWS SES (Simple Email Service)
    • Outgoing alternative
    • Incoming (MX, txt, spf, pop, accounts, catch-all, …)
  • SVN Server
  • FTP Server
  • Network and Security
    • Firewall
    • private and public IP
  • Monitoring
  • Troubleshooting
  • etc

You can get all that running, for about $20/month, on a EC2 T2.Micro Virtual Machine.

Let’s begin with…

Getting Started with Amazon AWS.