topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Sunday October 6, 2024, 1:50 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: NANY 2012 Release: NoteMe  (Read 92016 times)

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #25 on: December 27, 2011, 03:29 PM »
Thanks rgdot! Sorry to hear about windows xp problems, I will post an updated working Windows XP tested release as soon as I have a testing environment ready.

Can you confirm the issue remains after running NoteMe /resetsettings?

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,193
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #26 on: December 27, 2011, 09:06 PM »
No problem, thanks for your efforts and NoteMe

The issue is fixed after running NoteMe /resetsettings. The email address to send to prompt comes up and NoteMe works

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,913
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #27 on: January 02, 2012, 09:12 AM »
I got the same error after setup too.

However I think there is a much bigger problem, this:
"Privacy Policy: Notes are sent to a serverside script and delivered by GMail for easy of use and reliability. "

While I trust you justice completely -- there is just no way on earth i would ever recommend people use a program for sending email to themselves which routed them through some external server script.  Even if you are trustworthy, you don't have control over who might be trying to snoop into your traffic.  Plus, if your server goes down, the program becomes unusable.

I think the correct thing for such a tool is to directly send the emails, using a mail sending too like sendmail.exe or whatever.

I'm sorry I didn't post this comment earlier but i didn't realize until now how it was sending stuff.

Being able to quickly send an email to yourself is a nice useful idea -- but when i want to send a note to myself, i want it to go from me to my email account, not through someone else's personal server.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #28 on: January 02, 2012, 09:57 AM »
Thanks for your feedback. The bug after setup will need to be fixed.

I understand you would not recommend people sending messages through noteme, however you do trust the author with admin privs on your computer to install it. So is the problem that people other than me could read the message?
The only weakness in the current setup is that the connection from noteme to the server isn't https yet. Whereas with a direct delivery executable you are saving credentials on your computer, which is more likely to get snooped on.

So could you clarify thus more please? I'm happy to address any concrete issues and look at improving the app.


mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,913
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #29 on: January 02, 2012, 10:03 AM »
I think the concern lies in how big of a target the noteme server/account is in this scenario.  It represents a single point of attack that would give someone access to every note sent by every user.  And a single point of failure where if your server script goes down, no one can use the program.

Maybe this is not ever going to have more than a handful of users so the concern is more theoretical than practical,  but i think in principle when there is no *NEED* to send sensitive messages through a middle man server, it should not be done.

There is a definite advantage in not having to configure mail settings, I'll give you that.  Maybe if people only send non-sensitive messages it doesnt matter.  And maybe I'm just old-school when it comes to privacy.. But no matter how much i trust someone, I don't want my email going through anyone's hands that it does not absolutely have to.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #30 on: January 03, 2012, 06:32 AM »
Let me reply to your points individually:

With regards to single point of attack, the last 30 days of messages could be read, not all messages. I could keep multiple accounts so only some messages are compromised in this wurst case scenario.

If a single point of failure is an worry i am happy to add fallback urls to other hosts. I'll make a note.

There is definitely a need for this central setup though: 1) almost no average user knows their smtp details or knows where to find them. 2) I don't want loads of complaints of non functional smtp configurations due to firewalls, typos, edge cases. It reflects badly on me and the program when it is not working. The current setup works for everyone. 3) entering a bunch of configuration details is not a pleasant experience and is a significant barrier to using the program. I have looked at thinderbirds auto configuration documentation and perhaps mail settings are stored in the registry but implementing this might push auto hotkey too far.

And just as a FYI when delivering your regular unencrypted email, it goes through a bunch of servers that can read it.

That said i agree the setup is not ideal, I'm trying to find a balance between the various factors.

I could add the functionality you asked for and make it optional, and I will be supporting two solutions, add complexity to the program, and any time spent on the central setup will not benefit the other setup and vice versa. Sounds like the worst of both worlds.

I'll think about it.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #31 on: January 03, 2012, 06:34 AM »
Also want to say having this discussion is helpful

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,913
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #32 on: January 03, 2012, 06:54 AM »
All fair points regarding the disadvantages of smtp configuration.

One solution if you really wanted to keep going with this tool would be to support both methods, smtp configuration for those that cared, and central server script for those that didn't.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,913
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #33 on: January 03, 2012, 07:09 AM »
Two other concerns:

1. Malicious users sending spam using your script+server+account.

2. While it may be similarly possible for your server or the users server to get hacked.. in the former case, *YOU* are going to have a ton of apologizing to do and take a lot of heat if it happens.. Whereas if an individual user has their computer hacked, you are not to blame.  Something to consider.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #34 on: January 08, 2012, 12:58 PM »
Well it sounds like due to theoretical issues I'm having to make the app less practical. I'm a bit demoralised.

Regarding your comments, it's trivial to ban ips based on access logs, I can do that right now. There are billions of webpages on the internet, why do you think hackers will spend the time to hack my webhost just to get at mine? I doubt it will become a target just because a bit of php code contains a gmail username and password. There are bigger problems then for my hoster - who is very reliable. Also there are not many users of NoteMe, so the target is tiny.

So, the code is secure. The only weakness in the current setup is that a snooper can read out the outgoing http call and intercept the message (along with all other unencrypted network traffic) before it's being processed. A simple solution is to encrypt it before sending it. I rather work on that then add SMTP configuration, because it's in my opinion the barrier of email configuration is larger than the debated issue.

But I think now some people will have decided against using the program even though it's more likely spyware will read your outlook mail then target NoteMe. :(

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,913
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #35 on: January 08, 2012, 01:00 PM »
Don't get discouraged.. most of my apps don't get used much if at all either :)

And I'm sorry if it seems like I am trying to warn people from using it -- I'm not.. I'm much more focused on trying to save you the headaches of having to deal with problems further down the road.

jgpaiva

  • Global Moderator
  • Joined in 2006
  • *****
  • Posts: 4,727
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #36 on: January 09, 2012, 04:22 AM »
justice: I'm not sure if this problem was raised before, but the fact that you have one account for all users also that the additional trouble that if some of your users start marking the email address as spam (people to strange stuff), everyone's emails might end up in the spam folder.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 40,913
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #37 on: January 09, 2012, 04:26 AM »
jgpaiva, that could happen if people use the service to spam others, but i think in this case this isn't a real concern.
but on the other hand if you are just using NoteMe to send email to yourself, it's easy enough to whitelist the email,
so i don't think this is a big concern.  having mail marked as spam is only really problematic if you are mailing it to others.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #38 on: January 09, 2012, 06:50 AM »
Version 1.0.2 out with the following changes:

* Fixed  alerting incorrectly that %appdata%\NoteMe could not be created, thanks to rgdot

To update, click on the download link in the opening post, or use Help > Check for Updates

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #39 on: January 09, 2012, 08:51 AM »
Version 1.1.0 out with the following changes:

* Reimplemented local mail send component - moved away from central server

To update, click on the download link in the opening post, or use Help > Check for Updates. The server mail sending functionality will be shut down Wed February 1st 2012. Could you please test this release and let me know if you  have issues using it with your mail settings?

This version should resolve any hacking/security/privacy issues mentioned in the topic.

TaoPhoenix

  • Supporting Member
  • Joined in 2011
  • **
  • Posts: 4,642
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #40 on: January 09, 2012, 10:07 AM »
Version 1.1.0 out with the following changes:

* Reimplemented local mail send component - moved away from central server

To update, click on the download link in the opening post, or use Help > Check for Updates. The server mail sending functionality will be shut down Wed February 1st 2012. Could you please test this release and let me know if you  have issues using it with your mail settings?

This version should resolve any hacking/security/privacy issues mentioned in the topic.

So how does this work now? I have webmail, not Outlook / other. Will it still send notes?

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,193
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #41 on: January 09, 2012, 11:03 PM »
Works well for me, however after entering the mail password (test email being sent) I get this.
2012-01-09_103324.jpg

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #42 on: January 10, 2012, 03:26 AM »
So how does this work now? I have webmail, not Outlook / other. Will it still send notes?
You will need to enter the SMTP (outgoing mail) settings for your webmail service. If you cannot find the information in the help section of your webmail provider, you might be able to find it at the Mozilla ISP Database site (I cannot guarantee the settings listed there are correct).

For GMail I am currently using these settings:
[SMTP]
[email protected]
server=smtp.gmail.com:587
[email protected]
password=mypassword

Works well for me, however after entering the mail password (test email being sent) I get this.  (see attachment in previous post)
This happens when sendEmail is waiting for the mailserver to respond, I noticed this today as well. I had set the server line for gmail incorrectly to smtp.googlemail.com:465, what is your email domain / mail provider rgdot? sorry for the unhelpful interface dialog.

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,193
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #43 on: January 10, 2012, 02:39 PM »
Just gmail. When prompted I entered password in mail.ini and it worked (test email was sent). After that the dialog came up.

hornet

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 28
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #44 on: January 16, 2012, 10:18 PM »
Version 1.1.0 out ....This version should resolve any hacking/security/privacy issues mentioned in the topic.

Downloaded and install oK on Dell Inspiron running Win 7 /64.

Is there any way it would be possible to set a "Subject" in the email?

Even if it was a default subject we could access in the ini file?

Regards,

Harry.

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #45 on: January 17, 2012, 01:41 AM »
Hi Harry thanks for using noteme.

The first line you type is the subject!
Start a new paragraph for the rest of the message. This keeps things streamlined.

hornet

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 28
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #46 on: January 17, 2012, 01:46 AM »
Hi Harry thanks for using noteme.

The first line you type is the subject!

Thanks.

Worked that out by experimenting!

I was also going to try to use it to send sms - via an email-to-sms service that my ISP provides.

The only problem I now have is that the program adds a comment and date after the email message.  Is that removable in any way?

Harry.

 

justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #47 on: January 17, 2012, 01:51 AM »
Not at the moment but that bit of the message should be marked as the 'signature' (the double dash) so your SMS tool might have a setting to ignore that. Hth

hornet

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 28
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #48 on: January 17, 2012, 04:29 AM »
Not at the moment but that bit of the message should be marked as the 'signature' (the double dash) so your SMS tool might have a setting to ignore that. Hth

Thanks so much.

A little more "digging" and I found another program called smtpmailsender - I find it does that sms duty for me really well.

http://w3.haztek-sof...m/apps/smtpsend.html

Thanks again and good luck.

Harry.


justice

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,898
    • View Profile
    • Donate to Member
Re: NANY 2012 Release: NoteMe
« Reply #49 on: February 01, 2012, 08:31 AM »
The server mail sending functionality will be shut down Wed February 1st 2012.
NoteMe versions before v1.1.0 can no longer send email as of now. Please update to the latest noteme. The Google account and it's Gmail have been deleted.