NANY 2012 Release: NoteMe

[justice]

Thanks rgdot! Sorry to hear about windows xp problems, I will post an updated working Windows XP tested release as soon as I have a testing environment ready.

Can you confirm the issue remains after running NoteMe /resetsettings?

[rgdot]

No problem, thanks for your efforts and NoteMe

The issue is fixed after running NoteMe /resetsettings. The email address to send to prompt comes up and NoteMe works

[mouser]

I got the same error after setup too.

However I think there is a much bigger problem, this:
"Privacy Policy: Notes are sent to a serverside script and delivered by GMail for easy of use and reliability. "

While I trust you justice completely -- there is just no way on earth i would ever recommend people use a program for sending email to themselves which routed them through some external server script.  Even if you are trustworthy, you don't have control over who might be trying to snoop into your traffic.  Plus, if your server goes down, the program becomes unusable.

I think the correct thing for such a tool is to directly send the emails, using a mail sending too like sendmail.exe or whatever.

I'm sorry I didn't post this comment earlier but i didn't realize until now how it was sending stuff.

Being able to quickly send an email to yourself is a nice useful idea -- but when i want to send a note to myself, i want it to go from me to my email account, not through someone else's personal server.

[justice]

Thanks for your feedback. The bug after setup will need to be fixed.

I understand you would not recommend people sending messages through noteme, however you do trust the author with admin privs on your computer to install it. So is the problem that people other than me could read the message?
The only weakness in the current setup is that the connection from noteme to the server isn't https yet. Whereas with a direct delivery executable you are saving credentials on your computer, which is more likely to get snooped on.

So could you clarify thus more please? I'm happy to address any concrete issues and look at improving the app.

[mouser]

I think the concern lies in how big of a target the noteme server/account is in this scenario.  It represents a single point of attack that would give someone access to every note sent by every user.  And a single point of failure where if your server script goes down, no one can use the program.

Maybe this is not ever going to have more than a handful of users so the concern is more theoretical than practical,  but i think in principle when there is no *NEED* to send sensitive messages through a middle man server, it should not be done.

There is a definite advantage in not having to configure mail settings, I'll give you that.  Maybe if people only send non-sensitive messages it doesnt matter.  And maybe I'm just old-school when it comes to privacy.. But no matter how much i trust someone, I don't want my email going through anyone's hands that it does not absolutely have to.

[justice]

Let me reply to your points individually:

With regards to single point of attack, the last 30 days of messages could be read, not all messages. I could keep multiple accounts so only some messages are compromised in this wurst case scenario.

If a single point of failure is an worry i am happy to add fallback urls to other hosts. I'll make a note.

There is definitely a need for this central setup though: 1) almost no average user knows their smtp details or knows where to find them. 2) I don't want loads of complaints of non functional smtp configurations due to firewalls, typos, edge cases. It reflects badly on me and the program when it is not working. The current setup works for everyone. 3) entering a bunch of configuration details is not a pleasant experience and is a significant barrier to using the program. I have looked at thinderbirds auto configuration documentation and perhaps mail settings are stored in the registry but implementing this might push auto hotkey too far.

And just as a FYI when delivering your regular unencrypted email, it goes through a bunch of servers that can read it.

That said i agree the setup is not ideal, I'm trying to find a balance between the various factors.

I could add the functionality you asked for and make it optional, and I will be supporting two solutions, add complexity to the program, and any time spent on the central setup will not benefit the other setup and vice versa. Sounds like the worst of both worlds.

I'll think about it.

[justice]

Also want to say having this discussion is helpful

[mouser]

All fair points regarding the disadvantages of smtp configuration.

One solution if you really wanted to keep going with this tool would be to support both methods, smtp configuration for those that cared, and central server script for those that didn't.

[mouser]

Two other concerns:

1. Malicious users sending spam using your script+server+account.

2. While it may be similarly possible for your server or the users server to get hacked.. in the former case, *YOU* are going to have a ton of apologizing to do and take a lot of heat if it happens.. Whereas if an individual user has their computer hacked, you are not to blame.  Something to consider.

[justice]

Well it sounds like due to theoretical issues I'm having to make the app less practical. I'm a bit demoralised.

Regarding your comments, it's trivial to ban ips based on access logs, I can do that right now. There are billions of webpages on the internet, why do you think hackers will spend the time to hack my webhost just to get at mine? I doubt it will become a target just because a bit of php code contains a gmail username and password. There are bigger problems then for my hoster - who is very reliable. Also there are not many users of NoteMe, so the target is tiny.

So, the code is secure. The only weakness in the current setup is that a snooper can read out the outgoing http call and intercept the message (along with all other unencrypted network traffic) before it's being processed. A simple solution is to encrypt it before sending it. I rather work on that then add SMTP configuration, because it's in my opinion the barrier of email configuration is larger than the debated issue.

But I think now some people will have decided against using the program even though it's more likely spyware will read your outlook mail then target NoteMe.

[mouser]

Don't get discouraged.. most of my apps don't get used much if at all either

And I'm sorry if it seems like I am trying to warn people from using it -- I'm not.. I'm much more focused on trying to save you the headaches of having to deal with problems further down the road.

[jgpaiva]

justice: I'm not sure if this problem was raised before, but the fact that you have one account for all users also that the additional trouble that if some of your users start marking the email address as spam (people to strange stuff), everyone's emails might end up in the spam folder.

[mouser]

jgpaiva, that could happen if people use the service to spam others, but i think in this case this isn't a real concern.
but on the other hand if you are just using NoteMe to send email to yourself, it's easy enough to whitelist the email,
so i don't think this is a big concern.  having mail marked as spam is only really problematic if you are mailing it to others.

[justice]

Version 1.0.2 out with the following changes:

* Fixed  alerting incorrectly that %appdata%\NoteMe could not be created, thanks to rgdot

To update, click on the download link in the opening post, or use Help > Check for Updates

[justice]

Version 1.1.0 out with the following changes:

* Reimplemented local mail send component - moved away from central server

To update, click on the download link in the opening post, or use Help > Check for Updates. The server mail sending functionality will be shut down Wed February 1st 2012. Could you please test this release and let me know if you  have issues using it with your mail settings?

This version should resolve any hacking/security/privacy issues mentioned in the topic.

[TaoPhoenix]

Version 1.1.0 out with the following changes:

* Reimplemented local mail send component - moved away from central server

To update, click on the download link in the opening post, or use Help > Check for Updates. The server mail sending functionality will be shut down Wed February 1st 2012. Could you please test this release and let me know if you  have issues using it with your mail settings?

This version should resolve any hacking/security/privacy issues mentioned in the topic.

-justice (January 09, 2012, 08:51 AM)

So how does this work now? I have webmail, not Outlook / other. Will it still send notes?

[rgdot]

Works well for me, however after entering the mail password (test email being sent) I get this.

[justice]

So how does this work now? I have webmail, not Outlook / other. Will it still send notes?

-TaoPhoenix (January 09, 2012, 10:07 AM)

You will need to enter the SMTP (outgoing mail) settings for your webmail service. If you cannot find the information in the help section of your webmail provider, you might be able to find it at the Mozilla ISP Database site (I cannot guarantee the settings listed there are correct).

For GMail I am currently using these settings:

[Select]

[SMTP]
[email protected]
server=smtp.gmail.com:587
[email protected]
password=mypassword

Works well for me, however after entering the mail password (test email being sent) I get this.  (see attachment in previous post)

-rgdot (January 09, 2012, 11:03 PM)

This happens when sendEmail is waiting for the mailserver to respond, I noticed this today as well. I had set the server line for gmail incorrectly to smtp.googlemail.com:465, what is your email domain / mail provider rgdot? sorry for the unhelpful interface dialog.

[rgdot]

Just gmail. When prompted I entered password in mail.ini and it worked (test email was sent). After that the dialog came up.

[hornet]

Version 1.1.0 out ....This version should resolve any hacking/security/privacy issues mentioned in the topic.

-justice (January 09, 2012, 08:51 AM)

Downloaded and install oK on Dell Inspiron running Win 7 /64.

Is there any way it would be possible to set a "Subject" in the email?

Even if it was a default subject we could access in the ini file?

Regards,

Harry.

[justice]

Hi Harry thanks for using noteme.

The first line you type is the subject!
Start a new paragraph for the rest of the message. This keeps things streamlined.

[hornet]

Hi Harry thanks for using noteme.

The first line you type is the subject!

-justice (January 17, 2012, 01:41 AM)

Thanks.

Worked that out by experimenting!

I was also going to try to use it to send sms - via an email-to-sms service that my ISP provides.

The only problem I now have is that the program adds a comment and date after the email message.  Is that removable in any way?

Harry.

 

[justice]

Not at the moment but that bit of the message should be marked as the 'signature' (the double dash) so your SMS tool might have a setting to ignore that. Hth

[hornet]

Not at the moment but that bit of the message should be marked as the 'signature' (the double dash) so your SMS tool might have a setting to ignore that. Hth

-justice (January 17, 2012, 01:51 AM)

Thanks so much.

A little more "digging" and I found another program called smtpmailsender - I find it does that sms duty for me really well.

http://w3.haztek-sof...m/apps/smtpsend.html

Thanks again and good luck.

Harry.

[justice]

The server mail sending functionality will be shut down Wed February 1st 2012.

-justice (January 09, 2012, 08:51 AM)

NoteMe versions before v1.1.0 can no longer send email as of now. Please update to the latest noteme. The Google account and it's Gmail have been deleted.