Blog

Online Tool of the Month – converter.telerik.com

Telerik shouldn’t be a new name to you but if it is then I suggest you head on over to their main site, https://www.telerik.com, and have a look.

This post relates to there Code Converter utility which I found a need for recently while maintaining a clients VB.NET application.

Although I used to develop mainly in VB.NET I am now predominantly working in C# and as anyone who has used both languages will tell you, flipping between one and the other is not exactly painless.

On this particular occasion I had an idea how I could fix the issue with the clients application code – but my idea was in C# – enter the Telerik Code Convertor.

The UI is simple – two text panes, one on the left for the language you want to convert and the other for the convertion output, a button to switch between converting from C# or VB.NET and a button to perform the conversion.

Simply set the appropriate ‘from’ language, enter the code to convert and then click the big red ‘Convert Code’ button. The converted code is displayed in the left-hand pane.

The tool is quite forgiving and won’t complain about missing brackets or semi-colons but remember – ‘Garbage In – Garbage Out’.

The Scourge of Email Click-Bait

We all get some SPAM in our Inboxes – despite the best efforts of our email hosts, be they Google or otherwise. But another type of message is starting to gain traction and I receive a number of these a week now – normally from recruiters is has to be said – and they are akin to the Click-Bait links you see all over the web (you know, the ones that normally end with ‘you’ll never guess what happens next’).

So, what am I talking about? Well, from this mornings Inbox we have ‘Exhibit 1’;

I’ve blurred the sender (although as I type I don’t really know why) but the subject line starts ‘Re:’ which would indicate that this is a reply to an email that I’ve sent – standard email client functionality. But I’ve never emailed (or even heard of) the sender or their company.

It’s just a rouse to get me to click on the message and read what they have to say – because the premise is that we have done business in the past.

Now, I may be getting old but I know if I don’t know someone and I’ve never heard of this guy. Add to that the fact that I can see the initial content of the email and that I have never, ever hired C# developers and it was pretty clear what this was – basically just SPAM sent by a low-end recruiter (not tarring all with the same brush here, I deal with many good ones) in an effort to appear to be known to me and to have an understanding of my requirements – neither of which is true.

It’s really no better than the email below it – which did slip though the SPAM filter.

The thing is this is not limited to low-end recruiters, I’m seeing this all the time now. Is this how people and companies think they can get an edge these days?

OK, maybe it’s not really a scourge but certainly a bit on the sly and under handed side of the wire.

Online Tool of the Month – base64-image.de

I recently had a need to create HTML email templates for a project which needed to include a couple of images, e.g. the company logo and feature image. I have of course done this in the past and just linked to the required assets on the hosting website – but this time is was different.

This time the website was potentially not accessible from outside of the local intranet and the requirement was to embed the images directly into the message.

One way to do this is to encode the images to a base64 string and use the resulting text, with a ‘data:image/jpeg;base64,‘ prefix in the src attribute of the image tag – something like this;

<img src="data:image/jpeg;base64,/9j/4AAQSkZJRgABAQEAYABgAAD/4QBoRXh....." />

Now all I needed to do was encode the images.

I could of course have written a quick app to get the image bytes and encode them as a base64 string – but why reinvent the wheel.

A quick Google search took me to https://www.base64-image.de/ where you can simply drag and drop your images and it will generate the base64 string for you – even providing options to copy preformatted text to use in image tags and CSS background urls.

When it comes to using these encoded strings there is something that you should be aware of and that is file size.

I ran into problems with some email clients not rendering properly because the message, with the additional embedded images, was too large. I had to use resize the images a bit and then ensure that I enabled ‘Image Optimisation’ during the encoding process to get them as small as possible without losing too much quality.

FillLPG for Android is dead .. long live FillLPG for Android

TLDR; The FillLPG for Android app has reached end of life and no further development or maintenance will be undertaken. It will remain in the Play Store for as long as the third-party FillLPG website remains online but I have no control over that.

The FillLPG for Android app was initially developed to scratch an itch – I had an LPG powered vehicle (I don’t anymore) and had stumbled on to the FillLPG website. I responded to a request from the website owner for someone to write a mobile and thought it would be a good little project to get started in this arena.

It has proved itself to be just that, initially written in Java and then migrated to C# using Xamarin this little app has helped me keep my skill levels up – or at least it did.

Background

First, a little background on how the app actually works (don’t panic, nothing too technical).

One thing to bear in mind here is that the FillLPG website is nothing to do with me or On The Fence Development. I have no access to the source code, database or server it is running on. I only have access to a specified data feed from the site.

The Android app contacts the FillLPG website for all its data and also sends updates back to the main website. The website database is what we call ‘the single source of truth’ and does not, in any way belong to me or On The Fence Development Ltd.

The app cannot display data that may exist on the website but which the website does not expose via the data feed, e.g. opening hours. This feature has been requested many, many times and I have passed these requests to the FillLPG website developer but the data has never been included in the payload sent to the app. If it’s not in the payload, the app can’t display it – simple as that.

So, basically the app is just a portal into selected data from the main website – that’s it. It fetches data from it and posts data back to it.

Now, the FillLPG website also has an ‘Ideas’ board where users can send feature requests etc and this was quite active with some useful ideas coming in, including the ability to indicate stations that were Disabled Friendly or had ‘Safefill’ facilities. Great ideas but unfortunately they were never implemented by the website so the app cannot display this information.

Previously Planned Development

In a previous post I mentioned starting development a new version of the app and even an iOS version being in the pipeline. Well I’m sorry to say that the investigations into this have partly led me to the decision to cease development altogether.

The problem is that I do not control the data or the service that provides it. On top of that there have been numerous unsuccessful attempts to contact the FillLPG website developer over the past year or two. How can I commit time to the development of apps which is heavily reliant on a system I have no control over and could shut down at any time?

I was considering the creation of an ‘intermediate’ webservice that would pull data from the FillLPG website in the same way that the app currently does. This would be stored in a new database under my control. I could then add new data fields for the features requested on the Ideas board. The app would then connect to this new webservice for it’s data.

The problem here is that this is not my data to do as I please with – that’s not the agreement I have with the developer of the FillLPG website. I also would not have user data so if the FillLPG website went away then I’d still have problems.

The straw the broke the camels back

My decision to cease any further development and maintenance was reinforced last night when I received an email from a disgruntled user:

Hi, now 6 weeks or so since I last contacted you regarding FillLpg app, and nothing seems to have changed, still “unable to connect to FillLpg Web Servers” whenever you try to update. Seems that the app is getting useless as it now quite out-of-date given the number of lpg stations closing down, shame really, it WAS pretty good and useful.

Update [22/12/2018]: I think it is only fair to point out that this user subsequently contacted me to let me know that he had located the problem and that it was nothing to do with the app. It turns out it was AdGuard which was blocking the apps access to the internet. A quick configuration update and he was back up and running.

This is typical of the emails I receive regarding the app and reviews submitted to the Play Store – although some of the 8500+ active users do take the time to leave a positive review (but not many).

Receiving 1 star reviews for problems that I have no control over is very frustrating but then I suppose the app is out there and the Play Store has a mechanism for review/feedback so it takes the hit, not the website that is feeding it or the FillLPG community that is maintaining the data.

Going forward

Consider what would happen if the FillLPG site was taken offline – permanently or temporarily. The app would have no access to the database to fetch or update station details.

As it stands the domain registration only runs until mid-June next year so if the current owner doesn’t renew it then the site will essentially fall off the internet. If that comes to pass then I will pull the app from the store as there would clearly be no point in its existence.

For now there are over 1700 stations reaching from the UK into Europe and beyond and over 500 prices have been updated in the last 30 days. People are clearly finding the app useful. So the app will remain in the Play Store and any future reviews will just get a link to this post. Whether they read it or not is down to them.

Your app does not support Andorid Pie!

I receive a lot of SPAM regarding the FillLPG mobile app, mainly offering to increase my install numbers and ratings, but today new approach appeared in my Inbox.

Screenshot showing email in mobile client

Hi there,

I was reviewing your app FillLPG – LPG Station Finder, and it looks great. But it appears the app does not support new Android Pie.  Without it, more than half of the users cannot use the app properly. I am an app developer and I can update your app in a couple of days if you want.

Thanks

Jon

It may not be obvious but this is just SPAM, sent by a bot and I doubt that anyone called ‘Jon’  is actually involved in the process, let alone reviewing my app.

The reason I can be so sure of that is threefold:

  1. The app does support Android Pie – or rather Android Pie supports it! As it stands the app doesn’t use any features that require this level of the SDK so doesn’t need any special coding. I have a Google Pixel 2 XL, running Android Pie, and it’s been running the app fine for months.
  2. The claim that ‘more then half of the users cannot use the app properly‘ is obviously targeted at people who are not in the mobile development space. Looking an the Android distribution dashboard it is clear the Android Pie is still in it’s infancy – with a distribution of less than 0.1% it doesn’t even make it onto the chart! Not surprising when only a small handful of phones, including the Pixel 2/XL, are actually running it.
  3. Finally, the email says that the app ‘looks great’ – which, I’m afraid to say, it doesn’t! It looks dated and is in need of an overhaul (which is on the cards in the New Year). Maybe the email is just trying to appeal to my ego – but then again I doubt it.

So yet another scam email trying to fleece the unwary of ‘a couple of days’ of development time for some questionable updated along with, undoubtedly, the loss of control of their source code and God only knows what hidden costs.

I obviously didn’t respond but there are plenty of apps out there that have been written for companies with no internal development resource and these are the real targets of this type of scam. I’ve written apps for a number of clients in this situation.

Using the ‘scatter-gun’ approach they are bound to find a few unwary app owners out there who may just be taken in by this. And herein lies the problem – to make this kind of thing worthwhile when the response will be quite low, the returns need to be high from each victim!

Caveat Emptor!

PersonalEncrypter – New and Improved

A couple of months ago I updated the PersonalCLI project to remove information leakage in the form of the original filename of the encrypted data. In my original post about this project I eluded to updating it to move away from the Microsoft encryption libraries and to implement the libSodium library instead.

Well, I’m happy to say that I’ve found some time to do this and moved to .NET Standard at the same time – yep, the future is here.

The initial project was really a quick and dirty exercise to demonstrate the ease with which these applications can be developed. It didn’t really lend itself well for extension – it was only meant to be a proof of concept after all.

In the new project I have created a class library to handle the mechanics of the encryption and a separate project for the CLI. There is also a skeleton project for a UWP desktop application which I’m currently working on (and committed in error – but hey, I’m only human). The UWP application will be initially aimed at Windows 10 but the ultimate aim to for a version of this project to be installable on just about any platform, e.g. Mac, Linux, iOS and Android.

Note: The libSodium project uses a different encryption algorithm to the Microsoft libraries so it will require a new key pair to be generated.

So, I’m now working on the UWP application which may even find it’s way onto the Microsoft Store (if they’ll have it) – afterall, that’s the aim isn’t it – to get encryption into the hands of the masses so that they can have some semblance of privacy.

I’ll be pushing updates to the public Github repo and announcing major milestones here so …… watch this space!

Online Tool of the Month – FakeNumber.org

I don’t know about you but I get a little hacked off when I want to sign up for a simple something but have to give up so much of my personal data that I sometimes just look elsewhere.

Now I’m not talking about my name or even my email address, but why would a service want my home address when I’m not going to be sent any physical goods or my telephone number …. at all? Depending on the service/company I may see the need for this information and will provide it if it is really needed – but a lot of the time this information is just going to be sold on or used for sales calls that I neither signed up for or wanted.

With email it’s quite easy and like many people I may use email aliases on my domain, e.g. randomname@onthefencedevelopment.com when I know I’m going to receive relevant emails and randomname@mailinator.com when I know it’s pretty much just an activation email or whitepaper link that will be sent.

I can make up a postal address which will actually go nowhere (I have actually used the address of the company I’m subscribing too in the past) but what about the phone number?

Well, I could just spin one of the top of my head but what about the poor devil who may be at the end of that random, but valid, number?

Well, that’s where Fake Number comes in.

Using this simple tool you can generate numbers which are guaranteed to be non-working (but will pass any format validations that a site may implement).

You can generate numbers for US, UK, Canada, Australia, Hungary and Iceland.

Depending on the country you can generate landline, mobile or freephone numbers and know that they are not going to end up with someone being swamped with called because your data was sold on.

On The Fence Development – What’s All That About Then?

I’ve been contracting for over seven years now and during that time I’ve had  a number of clients, friends fellow contractors ask me “…why ‘On The Fence‘? What’s that all about??”.

Ignoring the fact that the blog I initially hosted on this domain was about my experiences with Linux and Open Source while working day to day as a .NET Developer using Windows, I think that the name fits – it’s all about not putting all your eggs in one basket as it were.

I think that there is quite a wide line between trying to be a ‘Jack of All Trades’ and a ‘One Trick Pony’ and as a Contractor I think that this is a good place to be.

Some will disagree, Jon Sonmez of Simple Programmer certainly advocates specialising and he’s retired in his 30’s so maybe I’m the one who’s wrong here. But while I can see the merits in this approach and it worked out well for Jon, I don’t think that being ‘the expert in the Xamarin.Forms Grid control‘ is going to get me that far (that’s not to say that the Grid control is a trivial thing of course).

I also don’t think that trying to be a Guru in Desktop, Web and Mobile development  is viable either. We all know that this would be virtually impossible to achieve with the technology shifting under us all the time.

I do however think that to be a viable option as a contractor you need a good foundation knowledge, spread of skills across various technologies and a desire to learn as you go (let’s face it – nobody can know it all).

So that’s what I aim for.

I have experience with Desktop development using WinForms, WPF and am starting to look at UWP.

On the Web development front I am currently working with a client who has an ASP.NET WebForms application and another using MVC while a freelance project has me ramping up on ASP.NET MVC Core development on a Linux host.

With Mobile development I am all Xamarin, whether it’s the native flavours for Android and iOS or Xamarin.Forms. Hooking these up to Azure (or ASP.NET WebAPI Core) backend is also within my skillset.

I’m always looking to keep my skills up to date, while able to support existing deployments using older technologies – and even migrate them forwards should that be the desire.

Online Tool of the Month – unminify.com

Minification and bundling of Javascript and CSS files is obviously a good idea when you are deploying your websites to production – but if you want to use a third-party, minified, resource and want/need to look at the unminified version – it can be a bit of a pain.

I recently purchased a theme for a website which came as a set of CSS, Javascript and image files. There were a number of pages which demonstrated the theme and it was pretty much what I wanted – but not quite, I needed to make a few very minor changes.

These changes were limited to styles which specified ‘hero blocks’ with image backgrounds. I didn’t need a block with an aircraft in the background – I needed one with a camper van.

Now I could have simply renamed my images to match the existing assets, but when they are called something like ‘airplane_x500.png‘ I don’t think that’s a great idea. I certainly would not do it in code – create a class file called airplane.cs and implement a camper van inside it!

So, I needed to update the CSS – and herein lies the rub. The CSS file in question was minified (others did have the original version in the bundle – this one did not).

I could have contacted the designer and request the unminified asset but I really didn’t want to go through the hassle of this with no guarantee of receiving the file.

Enter Unminify.com, a simple website which does exactly what it says it’s going to to – take minified resources and reverse the minification process.

The UI is pretty simple and self explanatory – simply paste your minified text into the central text area….

… click the Unminify button …

Job Done 🙂

Online Tool of the Month – SelfSignedCertificate

In this day and age everything needs to be encrypted to prevent nefarious access to our data. Whether it’s our banking or medical records, our online email inboxes or our browsing and searching habits.

So, when developing websites or APIs I always start with an SSL enabled configuration – and in Visual Studio that’s a pretty easy thing to do, it’s just a checkbox really.

When deploying websites to production servers I, like millions of others, use LetsEncrypt to generate and renew my SSL certificates.

But what about that gap between Development and Production? I am of course talking about ‘Test Servers’.

I’m currently working on a few ASP.NET Core projects that will ultimately be deployed to Linux servers and in order to test this type of deployment I normally like to use a Virtual Machine (VM). This give me good flexibility and allows me to deploy to locally hosted systems with the ability to easily rollback configuration changes etc through the use of snapshots.

But what about the SSL certificate? I can’t use LetsEncrypt because the VM won’t be externally accessible for their system to interogate and validate. What I need is a Self Signed Certficate that I can install on my development system and the VM.

With a Self Signed Certificate in place I can deploy and test my software using SSL thus ensuring that the Test environment matches Production and that there are no sneaky bugs loitering around.

Now – you can use a Powershell command like this:

New-SelfSignedCertificate -DnsName "www.onthefencedevelopment.com" -CertStoreLocation "cert:LocalMachineMy"

Or an OpenSSL command like this (if you have OpenSSL installed):

openssl req -x509 -newkey rsa:4096 -sha256 -keyout mysecurecerti.key -out mysecurecertificate.crt -subj “/CN=onthefencedevelopment.com” -days 600

But do you really want to have to look up all the command line parameters every time you need a certificate? Of course not.

Enter the Self Signed Certificate Generator (https://www.selfsignedcertificate.com/) which will generate a suitable certificate with a single click on the mouse.

Simply navigate to https://www.selfsignedcertificate.com and enter the domain you want to generate the certificate for and click the big green Generate button.

The tool will then display a page allowing you to download the certificate and key files as well as providing additional information about configuring the Apache web server to use the new certificate and how to generate the same certificate from the command line (if you really wanted to).

Now, assuming that you have configured your system recognise the domain, e.g. edited your hosts file, and even though your web browser will complain that it cannot verify the origin of the certificate you should be able to navigate to your website using HTTPS, e.g. https://mytestsite.onthefencedevelopment.com, and it should work just fine.

If you really wanted to keep your browser happy you can export the certificate via the browser and import it into your local certificate store. There are plenty of tutorials out there on how to do this but this one is as good as any other I’ve found.

So there you have it – generating Self Signed Certificates the easy way.