Markus Tenghamn

Programmer and Entrepreneur

.xyz domains fail for IDN domains with åäö

Error with åäö .xyz IDN domains for a majority of registrars

19th of June, 2016

So lately I tried registering a few .xyz domains containing the swedish characters åäö over at NameCheap which failed, NameCheap is one of my favorite registrars (See my review of the best and worst registrars here). The fact that my order failed surprised me since I had previously registered swedish domain names with åäö characters without a problem. I would get an error that said “IDN table ‘swe’ is not supported by this server.”. I contacted NameCheap support regarding the problem and they stated that the Swedish language was not supported for .xyz domains.

However I felt that this was wrong as the .xyz website NameCheap refers to mentions languages and scripts, I believe Swedish would fall under Latin. In addition to that, I had already registered Swedish .xyz domains that contained åäö without any issue previously and they would resolve to my server without a problem. So I went ahead and tested an order at name.com which worked without a problem.

IDN table 'swe' is not supported by this server.

You can also check the domain Företag.xyz and see that it resolves without an issue. So clearly something was wrong but it seemed hard to get my point across to NameCheap, I went on a bit of a twitter rant but oh well 🙂

I also decided to test registering domains with other registrars that had discounted pricing for .xyz domains at the time.

Godaddy fails to register .xyz domainsI tested with Godaddy (please note that Godaddy has received some vary bad reviews in my previous posts) and they also seem to have the same issue but it does not say exactly why it occured.

Next I headed over to Gandi.net and tried registering a few domains, same problem there as you can see below.

Gandi orders fail for .xyz idn domains with åäö.I also headed over to another registrar called Hover and they also seem to be facing the same issue as you can see in the image below.

idn domain registrations fail for .xyz on hover.comMy orders were refunded so not a problem but I would like to register my domains and take advantage of the discounts offered by registrars currently.

Since this error affects multiple registrars it seems like this issue is related to a problem with the .xyz registry and we are waiting for an answer, I know that multiple registrars have sent support requests and NameCheap has been great in helping me get to the bottom of this issue.

Update June 20th

It’s monday and .xyz finally responded confirming that Swedish domains are supported by .xyz and fall under Latin.

Convert Punycode IDN domains to UTF-8 and back again with PHP

18th of June, 2016

So I am sitting here late at night and I registered a few swedish .xyz domains that contain characters åäö. For example you may have the domain for horse in swedish, häst.xyz, this domain is actually written as xn--hst-qla.xyz. Now I wanted to create a  temporary catch-all page for these swedish domains until I can build a site for them. What I did was to get the domain name as a variable which I echo in the title and body of the page using the following server variable:

$_SERVER['HTTP_HOST']

this works ok but for domains with äåö it will output the weird looking punycode which is not really seo or user friendly. To solve this we can use the idn_to_utf8() function in PHP which takes the punicode and converts it to UTF-8 characters which will show the åäö characters. For my site I also wanted to make the first character upper case so I used the ucfirst() function. My page ended up looking like this.

<html>
<head>
    <title><?php echo ucfirst(idn_to_utf8($_SERVER['HTTP_HOST'])); ?> - Coming soon!</title>
</head>
<body>
<center>
    <br/>
    <br/>
    <br/>
    <h1><?php echo ucfirst(idn_to_utf8($_SERVER['HTTP_HOST'])); ?></h1>
</center>
</body>
</html>

That takes care of that. Now the opposite function of idn_to_utf8() is the idn_to_ascii() function. This will take the åäö characters and convert them to the punycode.

I hope some of you find this useful.

4 Golden Rules To Keep Your WordPress Site Secure

11th of June, 2016

I have worked with WordPress for about 10 years, with my own websites and clients websites. My sites have been hacked in the past. While working at one of Sweden’s largest web hosts I would fix broken and hacked WordPress sites on a daily basis. Today I work as an IT Security Manager where I do everything from keeping our companys WordPress site secure to securing several servers and networks that we have at more than 5 different physical locations. From all of this experience I have learned a lot and this has led me to create a list of 4 golden rules which will keep your WordPress site safe and secure.

1. Update

Not updating WordPress or the themes and plugins installed in WordPress is by far the most common reason why most users get hacked. Personally I keep a todo list that along with a reminder every two weeks to go through all my installations (it can be WordPress, Servers, other websites, etc.) and just check on things and do all the needed updates. In the past I have also used InfiniteWP to keep track of many WordPress installations at the same time, for its basic features it is free to use.

2. Use popular plugins and themes

This is related to the above point about updating. There are lots and lots of themes and plugins out there that are old and that may be unmaintained. A large user base will keep you safer as it is more likely to be supported (check when the last update was made) and there is a greater chance that if a user finds a flaw it will be widely reported. When getting a new plugin or theme I always recommend googling the plugin or theme name like “Woocommerce WordPress” to see if there is anything negative that I should know about before I install it.

3. Only use the plugins or themes that you need

Think of your WordPress installation as you think of your computer. The WordPress.org repository of plugins and themes (along with third party websites) is the internet and whenever you install something you are taking a risk that it could be something malicious. This goes with #2, popular themes and plugins are generally less risky. Also keep in mind that there are malicious users who upload bad plugins and themes on purpose to hack websites or steal data (these usually get reported but there is always a chance with plugins or themes that nobody else has looked at). Another reason why you don’t want a bunch of themes and plugins clogging up your WordPress site is that it gives you more things to update and more ways that things could go wrong, more doorways that an attacker could use to get into your system. Security plugins for WordPress is an example of an extra plugin you don’t need, all these do is make it harder to find login pages and what not but in reality you are most likely taking more of a risk installing this addon as it could have potential vulnerabilities. WordPress is used by companies like Spotify, if you keep it updated there is no need for silly security plugins which are just a waste of time and money.

4. Remove the admin user

A simple way to attack a WordPress site is to brute force by guessing the administrator username and password. Having a username like admin and a password like “strongpass1234” is not really that safe. I highly recommend using a long username that is not admin or administrator, and preferably a username that contains a space. So for my WordPress site I might use the username “Markus Tenghamn” as it is long and then I like to generate a random password which is 15-20 characters long via this password generator website. Most of these bruteforce attacks are automated using the most common usernames, having a uncommon username along with a strong password makes your site extra safe. Keep in mind that I put this as my 4th rule, keeping your WordPress site updated is more important.

Stick to these 4 golden rules and you will have a safe and secure WordPress site. I hope the article was useful and I would love to hear your feedback in the comments section below.

How to automatically post emails to Slack

10th of June, 2016

Slack is an amazing service, it is basically a dumbed down (in a good way) and simplified IRC client which may sound bad but it makes it super efficent and great for work. It is also an easier sell to non-IT coworkers who may laugh at the idea of using an IRC server for work. Anyways, sometimes it can be a great idea to post email updates directly to Slack. I have done this for a server which runs CSF & LFD (our server firewall) which sends out notifications when ips get banned, suspicious files are found or if something is just not right with the server.

Anyways, to begin you will need to install the email app for your Slack team which can be found here https://slack.com/apps/A0F81496D-email. This app is part of slack and will basically create an email like something@yourteam.slack.com which you then can send email to. The email app will work like a bot, so once configured you can set a name and even upload an image for your bot.

Once you have your email you can either change the email in the settings of whatever you are sending from or you can go to your email client, preferably the web based version if you have gmail or outlook or something like that. Here you will want to configure a filter or rule that says if these conditions match then I want to forward this email to Slack. For me the conditions was the email that these emails were being sent from. I decided to forward those emails coming from LFD but also keep a copy in the mailbox just in case.

If you have attachements like images and what not it should also work as long as the files are not more than 25mb.

Now, try sending an email. The email will appear as a snippet usually along with any files you have attached.

Now keep on slacking! Hope you enjoyed the post.

Getting started with Ionic framework for building apps on OSX El Capitan

9th of June, 2016

First thing you need to do if you haven’t already done so is to download and install Node.js. You will find Node.js via their website here: https://nodejs.org/en/. I picked the recommended option as it is most likely more stable but you are free to try either one. Both will probably work with Ionic framework.

Once Node.js is installed you will need to open terminal, cmd + space and then type “terminal” to open it quickly. After this I will be following the getting started guide from the Ionic website which can be found here http://ionicframework.com/getting-started/.

So first thing we need to do is install the Cordova and Ionic command line tools, simply type “npm install -g cordova ionic” in the terminal and you should see a spinning line and then a loading bar which means it is loading.

If you run into an error here: You may get an error like “Error: EACCES, permission denied” and then it tells you to try running the command as an administrator. Usually the error is related to moving files or not being able to create symlinks. You could do sudo but I prefer to run this as a regular user. So this error basically means we have a permission issue. To fix the issue start by running “sudo npm update -g”, this will ask for your password, just type it in and it will update node. Then we clear the cache so we start of nice and cleanly using the command “npm cache clean”. Now let’s update our permissions, let’s run “sudo chown -R $USER:$GROUP /usr/local/lib/node_modules/” and also for the symlinks run “sudo chown -R $USER:$GROUP /usr/local/bin”. Then run “npm update -g” to see if things work and finally run “npm install -g cordova ionic” and things should now install without errors.

Now we can create a project, simply cd to the directory where you want your project, im just going to put it in my users folder so I type “cd –“. Then run “ionic start myApp tabs” to start our first project. You may get a promt to install command line tools, if you get this then you should install it. It may also ask if you want an ionic.io account, you can create one if you want.

Now that your project is created we can cd to your app directory using “cd myApp“. Add the ios platform to ionic using “ionic platform add ios“.

If you get an error: You may get an error like “xcode-select: error: tool ‘xcodebuild’ requires Xcode, but active developer directory ‘/Library/Developer/CommandLineTools’ is a command line tools instance” which basically means you need to install xcode to run the app. Luckily Xcode is completely free to download, simply go here and proceed to download and install: https://developer.apple.com/xcode/download/. Once this is done you are ready to run “ionic platform add ios” again and follow the next step in the guide.

Now we are ready to run our sample app. Simply type “ionic emulate ios” and the app will launch. You can navigate to the myApp folder in finder to view the files. Since Ionic uses Angular the functions are javascript based which you will find in the .js files. You can actually launch pages in the app by opening the .html files in your browser. This allows you to inspect css elements and make changes quickly with a visual guide before you actually build the app. When you need to make a new project simply open terminal, cd to your projects directory and then run “ionic start myApp2 tabs” where myApp2 is the name of the folder or project and tabs is the base build. You can change out tabs with blank or side menu depending on what type of app you want to create.

I hope this guide has helped you to get started with the Ionic framework!

Upgrade rsyslog on Centos to version 8

8th of June, 2016

So for some reason you would like to upgrade rsyslog to version 8. For me it was some issues with the logging, I wasn’t getting anywhere debugging version 5.8 and almost nothing was writing to /var/log/messages which is not good. So I decided to figure out how to make the upgrade.

First thing you need to do is to ssh to the server or if you have physical access just open a terminal and cd to the repo directory with “cd /etc/yum.repos.d/”.

Now me need to get the latest repository version which can be found here http://rpms.adiscon.com/

Version 8 is the latest version while I write this so I simply download the repo using wget. Like so “sudo wget http://rpms.adiscon.com/v8-stable/rsyslog.repo”

Then you can proceed to update rsyslog using “yum install rsyslog”.

Now you are done, you should be running the latest version of rsyslog! This was quick and simple and worked flawlessly for me but I know that it may not work so well for everyone. While searching I had this guide to help me from the rsyslog website which also helps with debugging: http://www.rsyslog.com/rhelcentos-rpms/. It can also be a very good idea to check that what you downloaded was actually what you wanted, the link above explains this part in more detail as well.

As always, be careful when making changes to your system, make a backup and read things 3 times before trying them, something could go wrong very easily if you don’t know what you are doing.

Hope the guide helped, thanks for reading!

 

Change Memory Limit on OSX running PHP 7

7th of June, 2016

Every now and then when testing local applications you may run into an error that says something like “Allowed memory size of xxxxx bytes exhausted (tried to allocate xxxx bytes)”. Now, sometimes this may be caused by a coding issue such as a loop that gets stuck which is way you may not want to set this limit too high. In my case I felt that I needed to raise this limit as I am working with parsing large excel files which require a lot more than the standard 128M of memory.

First thing you can do is check the memory limit php is currently set to by typing “php -i | grep memory” in the terminal. It will say something like 128M which is 128 megabytes.

Then type “php -i | grep php.ini” in the terminal, this will show you the path to the php.ini file. In my case the path is /usr/local/etc/php/7.0/php.ini. You can then use your favorite editor to change the file, you will probably need to use sudo. I prefer using nano to edit files.

Simply type “sudo nano /usr/local/etc/php/7.0/php.ini” to begin editing the file. You can use ctrl+w to search for memory_limit or 128M in order to get to the right line. I changed the value to 4G which is very high, you could try doubling the value to 256M to see if that is enough to get you going, Once you have changed the value press ctrl+x to close, press y and enter to save the changes.

All we have to do now is restart apache and we should be good to go, type “apachectl restart” in the terminal. Then you can check the memory limit again using “php -i | grep memory”.

Fight Piracy With Marketing!

27th of March, 2016

If you are a publisher like me you will notice that the things you create will appear on torrenting sites every now and then which allows anyone to download your addon for free. Personally I don’t fight piracy by filing DMCA notices, asking to have it removed and such. I believe that doing something like that is only a waste of my time and someone will probably upload everything again once it is taken down. By letting it be it allows users to test my creation and I believe that those who truly like what I do will purchase what I have created.

Now building on this idea that people want to test my creation, what if I give out free samples or test versions? What if I do this via torrents? There is nothing illegal about torrents themeselves and you are free to distribute your own work. This will also flood the torrents with real versions and test versions making it harder to actually steal your creation but still allowing those who want to test your creation to test it in a way that you can control it without it costing anything for the user.

A while back I created a simple addon which has had a few small sales and I decided to use this as an example to show you how to do marketing with torrents to fight piracy. So to get started, my addon is called MyMail Better Export which is a WordPress addon for the plugin called MyMail which is used to send out newsletters.

So let’s begin, I will take the files for my addon and make some modifications. The main aspect is the export function of my addon, for this example I am completely going to remove that page and instead show a promt that thanks the user for trying my addon and encourages the user to buy the addon from my CodeCanyon page.

MyMail Better Export test versionIf you create videos or something like that you could cut out important parts of a video and show the user where to pay for the video. Another option if you want to support learning for those who can not afford your videos is to simply heavily water mark the free version but still allow users to see the material and learn from it.

Anyways, after my changes I put everything in a zip file and downloaded BitTorrent which is completely free to use to upload and download torrents. We will use this to create our torrent file. Simply go to File->New torrent in the menu in the top left corner. This should bring up the following page.

Create a Torrent With BitTorrentSo here you need to select the file or directory which contains all of your creative work. In my case this is a simple zip file. For the trackers section i used a list of public trackers which can be found here: Torrent Tracker List 2016. I also added a comment that described what this was, “MyMail Better Export WordPress Addon”. I don’t make a mention of a test version as we want to make it hard to tell a difference between our test version and the illegal versions uploaded by others (the piracy we want to fight). Check the box “start seeding” and you will automatically start sharing your test version. If you want you can also register an account with some of the popular torrent sites that are out there and add your torrent to their trackers.

There is your free marketing and it is not a completely original idea by me, many have done it before I published this post such as this game development company called Greenheart games. They make a game where you run your own game development company and they created a different version of the complete game and uploaded it to torrent sites, the only difference being that the torrented version had a hidden feature causing the player to go bankrupt towards the end of the story because so many users would pirate their games. You can read more about this story here: What happens when pirates play a game development simulator and then go bankrupt because of piracy?

Some things to keep in mind when you are uploading your test version is to keep it the same file size as your original version or at least very close. No one is going to download a full hd movie which is smaller than a short mp3 file. Also keep the same names of files and the same structure as your original, you should simply be changing the content.

I wish that more companies would take this approach rather than pursuing huge lawsuits and DRM which sometimes makes pirating easier and faster than buying the actual creation. I am definitely not saying pirating is ok but I believe there is a middle ground that can be reached in order to make things better for everyone.

Voice calling is now available in Slack (beta)

20th of March, 2016

If you didn’t already know, Slack is this awesome piece of software which lets you message, share files with and now call other members of your team and you can use it for free if you are unsure about it’s benefits. After Slack aquired Screenhero they began integrating Screenhero’s features into slack. Voice calling is the first of those features and hopefully we will see video and screensharing services coming to Slack in the near future. Voice calling is available in DM conversations for free, paid teams can use the calling feature in channels. So let’s take a look at how it works.

Testing the voice calling features in Slack

To start a call simply go to the conversation or channel which you would like to start a call for and click the phone icon at the top of the screen. Members of that channel or conversation will see the notification as a message in the slack channel. If you are starting the call with a single person they will see it as a call and can answer it via slack as a normal phone call.

Voice calling in slack allows for emojis/reactionsOnce a call has started you can invite more users by clicking the “+” sign in the top right corner. As someone is talking other users can show their reactions by simpy clicking emojis. This may seem a bit silly at first but is a pretty good way to show approval or disapproval of someone who is speaking without interrupting them. Simply click the smiley to bring up the available emojis, clicking on one of these will display the amoji on top of your profile picture inside the call. In the top left corner you have a share button to invite users who are not part of the team to the call. You could post this in an email or perhaps on twitter if you would like to allow for a more public conversation.

I love what Slack has done, simple improvements that may become standard practice in future chat applications and I can’t wait to see what they will do with video calls and screen sharing. And as I mentioned before, you can try Slack for free for an unlimited time.