Thursday, 27 December 2018

Boggle - Online Game

Playing Boggle Online - A Game For XMAS In Pure JavaScript, CSS and HTML

By Strictly-Software

I made this online version of Boggle, the shake letters and make words from letters that join together as my Dad was learning JavaScript, HTML and CSS. So I made it purely in those languages.

You too can play the game if you want online on any up to date browser that is standard compliant and runs JavaScript on my site at https://www.strictly-software.com/games/boggle.html

The version I made uses a single Boggle object with a number of settings, properties and timers. I have split all the functions out into their own methods and added some features that let you edit the game such as:

-The time the game plays for. It defaults to 03:00 minutes but you can change it to any time in the 00:00 format.
-There is a drop down box with Easy, Medium and Hard for you to select. Each option has a different array of letters that are randomly picked for the game. You are more likely to get multiple X, Z and Qu's in the hard level than the easy one.
-There is an option to select the MAXIMUM red letters than appear in a game. It defaults to 3. You might not get 3 but you won't get over 3. You can change this to another numerical value up to 9. When you pick a word containing a red letter you get double points.
-There is a random tick box which means that the letters chosen for the game are purely picked at random from the alphabet array defined in the Boggle object.

If your browser is working (I have tested it on my TV, Laptop, Tablet and phone) then the countdown timer should turn from green to yellow after 90 seconds and then start flashing red during the last 30 seconds before beeping at the end.

If your TV doesn't do all this then it is down the the TV's browser. Test it online on a PC/Laptop first to ensure it all works.

We played a few games of it at Christmas and it worked perfectly.

It is an ideal way for someone learning HTML, JavaScript and CSS to understand the code, tweak it and learn about selectors, short cuts, regular expressions and so on.

It makes use of my lightweight framework which supports chaining, setting HTML, removing nodes callbacks, CSS selectors and much more

You can read about the Getme.js framework and how I made it here > http://blog.strictly-software.com/2009/10/build-your-own-framework.html.

I use SS instead of $ like jQuery and other frameworks and I am of the mindset that pure JavaScript should be used as much as possible. 

An example of chaining is joining multiple functions together with one initial selector to pick the array of nodes to work on.

SS("DIV .mycontrols input).setAtts({style:"color:black;"}).setHTML("Game Over!);

Where the node list (array) from the first selector is passed into the second function so that only those relevant nodes/elements are acted upon. Read the Getme.js article for more details.

All the files can be downloaded to your local machine to play offline and In Chrome to see the code in action go to More Tools > Developer Tools and open the Console in the bottom part of the screen.

Turn the debug variable in the Boggle.html file to true and you will see all the debug to help you understand which functions are being called and if any errors are shown they will appear in red. 

Play around and make the CSS, HTML different and add extra functions or features with JavaScript.


Enjoy the game, we did!

Wednesday, 28 November 2018

ShowBox Has Stopped Working - Getting Popcorn Time to install on a Kindle Fire Tablet

ShowBox Has Stopped Working! Get a replacement application onto your Kindle Fire or Tablet

By Strictly-Software

Showbox has stopped working.

Hopefully this is a temporary situation but as it provides great TV and Films I needed a replacement. This is how I got Popcorn Time onto my Kindle Fire, a tablet that didn't seem to want to take any .APK file from the web in the first place.

If you have a standard tablet then you should just be able to do a search for the Popcorn time APK and download and install the APK file on your tablet as long as you have turned on the ability to install applications from unsafe locations (e.g the web and not Playstore/Amazon store).

Remember to go to Settings -> Security -> Install Unknown Apps and enable whilst trying to install from a website.

If you want an easy way you can just go to the website https://watch.popcorntime-online.tv and then you can select films or TV shows and watch them directly on your laptop.

If you have a Chromecast you can stream the content to a TV that its plugged into OR if you have a WiFi enabled TV you should be able to select the TV of your choice.

Another way would just be to connect your laptop to your TV with an HDMI cable and get the picture that way. However I wanted the application on my Kindle Fire as its easy to hold and I can take it from room to room and stream it from that device to the main TV or bedroom TV or just watch it on the tablet.

If you want to use a tablet try using the USB cable and connect it to your laptop first and see if it shows as an external device. If it does then just copy the Popcorn APK file across and install it.

I tried this but the Kindle didn't show up despite updating drivers. However try this before the FTP steps below.

Full Requirements for these steps to work...
-A Wifi enabled TV or Chromecast that can handle streamed content
-Kindle Fire or another tablet
-ES File Explorer application working on your tablet (download from PlayStore or web)
-TOR Browser (download from Google to get around blocked sites)
-FileZilla FTP App (or another FTP app - free to download

So to get Popcorn TV onto my Kindle I had to do the following steps...
1. Use TOR Browser and go to https://popcorn-time.en.uptodown.com/android/download (other sites I checked wanted payment for download or had dead links)
2. Download the file to your laptop/PC and remember the location
3. Open the ES File Explorer on Kindle/tablet
4. Go to Remote Manager
5. Press the "Turn ON" button
6. You will be given a local IP address for viewing your tablets files by FTP e.g ftp://192.168.1.125:3725. If you enter that into a web browser you should see the contents of your Kindle however to transfer the downloaded file I used FileZilla a free FTP app for transferring files.
-Open Filezilla and select "New Site"
-Enter the IP address and port number into the boxes
-Chose FTP Plain Insecure
-Chose Anonymous login
-Select the Transfer Settings tab and ensure "Passive" is selected
-Hit connect and as long as the "TURN ON" button is still enabled on your Kindle/Tablet in ES FIle Explorer you should get to see your tablets Hard Drive
-You can then copy the popcorn-time-3-2-2.apk file from the file you downloaded it to on your computer to the downloads folder on your Kindle/Tablet.
-Select the Download folder in ES File Explorer once copied and select "Install"
-It should install the APK
-You can then open it, select a file and hit the Cast button to stream it to your TV or ChromeCast
-I had to open the app a couple of times at first as it was a bit shaky but it is now playing a movie on my TV okay.

Hope this helps people out ....

© 2018 Strictly-Software

Monday, 26 November 2018

Obtaining an external IP address in memory for use in a Firewall Rule

Obtaining an external IP address in memory for use in a Firewall Rule

By Strictly-Software

As I am currently using an ISP which constantly changes my external IP address due to excessive use of DCHP, I have to regularly update external firewalls on servers to allow my computer remote access.

This is obviously a right pain to do and I have no idea why my ISP changes my IP address so much when my old ISP used DCHP and kept it for months at a time.

Therefore I created this little noddy VBScript to sit on my desktop to obtain my IP address and hold it in my clipboard memory ready for me to just open up my firewall and paste it in.

The code uses the MSXML2.ServerXmlHttp object to obtain the IP address from an external website which just prints it on the page and I store the Response.Text into a variable.

I then use WScript.Shell object to open a new Notepad window and write the IP address out into it.

Then I use SendKeys to select the IP address and copy it into the clipboards memory before shutting down Notepad.

This means I can just quickly double click my desktop shortcut icon to obtain the IP address ready to paste it straight into a Firewall rule.

Check this script out and when you are ready and can see that hitting CTRL + V pastes the IP address out elsewhere you should remove the "TEST SECTION" and uncomment the part above it that closes down Notepad. This ensures you are not leaving empty objects around in your computers memory.

It's not exactly amazing code but it's very helpful at this time and saves a lot of time visiting a website manually to get my external IP address.

You might find this useful yourselves!


Option Explicit

Dim IPAddress, objShell
Dim objHTTP : Set objHTTP = WScript.CreateObject("MSXML2.ServerXmlHttp")

'* Obtain external IP address and store it in a variable
objHTTP.Open "GET", "http://icanhazip.com", False
objHTTP.Send
IPAddress = objHTTP.ResponseText

'* Open Notepad
Set objShell = WScript.CreateObject("WScript.Shell")
objShell.Run "notepad.exe", 9

WScript.Sleep 1000

'* Write out the IP address to a blank notepad file
objShell.SendKeys IPAddress

'* select the IPAddress and copy it into memory
objShell.SendKeys "^{a}"
objShell.SendKeys "^{C}"

'* uncomment the following section and remove the "TEST SECTION" when you are ready

'* Close notepad with the IP address in clipboard ready to be pasted
'* Open Save Dialog
'* objShell.SendKeys("%{F4}")
'* Naviagate to Don't Save
'* objShell.SendKeys("{TAB}")
'* Exit Notepad
'* objShell.SendKeys("{ENTER}")

'* TEST SECTION - Proves that the IP address can be pasted elsewhere
WScript.Sleep 1000

'* Proof that the IP address is in the clipboard and can be pasted out
objShell.SendKeys "Test Paste Works"
objShell.SendKeys "{ENTER}"
objShell.SendKeys "^{V}"
objShell.SendKeys "{ENTER}"
objShell.SendKeys "Try a manual CTRL and V to check the IP address is still in memory"
objShell.SendKeys "{ENTER}"

'* Kill objects - DO NOT REMOVE!!
Set objShell = Nothing
Set objHTTP  = Nothing

By Strictly-Software

© 2018 Strictly-Software

Wednesday, 31 October 2018

Invalid File Handle - Movie Downloads Beware!

Invalid File Handle - Movie Downloads Beware!

By Strictly-Software

Recently I downloaded a film, Con Man (2018), however when I try to do anything with the file such as open, run, copy, move or delete it I get a Windows "Invalid File Handle" error message.

I did some research and found that on certain file systems such as NTFS, CDFS, exFAT, UDFS, FAT, and FAT32, there are some reserved file names that you should never use which causes this error. One of these is con. Others include: PRN, AUX, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, and LPT9.

I checked the filename of the movie and the person had only named it Con.Man.2018.1080p.mp4, meaning that Windows saw the filename as Con preventing me doing anything with this file.

At the moment it is permanently stuck on my file system as I cannot remove the files containing folder either.

I did have a copy of this file on a USB stick however which I could remove, obviously due to the different format of the USB disk drive. If I had used uTorrent to download the file directly to the USB drive instead of first to a folder on my Windows drive I wouldn't have had this issue.

I am basically looking for ways to remove this file as I cannot rename it to something else, either from Windows or the Command Prompt, to enable deletion.

I saw someone suggest renaming the file to \\.\Con.xxx but this does not work as I cannot get a file handle to rename it in the first place.

Therefore this is more of a warning write up than a "How To Guide", although you can be sure I will update this when I find a solution.

So if you are downloading files such as movies to your computer be careful and check the filename first and if you are using a tool such as a Torrent downloader ensure the downloaded file name is changed to something an NTFS or FAT type disk can handle, or download it straight to a USB drive with a different disk format which will allow file deletion.

For more information you can read this MSDN article, called "Naming Files, Paths, and Namespaces".

It states: Do not use the following reserved names for the name of a file: CON, PRN, AUX, NUL, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, and LPT9. Also avoid these names followed immediately by an extension; for example, NUL.txt is not recommended.

I will update this when I get a solution.

Sunday, 7 October 2018

Premium Plugins Cut Half In Price!

Premium Plugins Cut Half In Price!

By Strictly-Software

Just to let you know the Premium Plugins for Wordpress, Strictly AutoTags and Strictly TweetBOT have been cut in price, by HALF!

These two plugins which can be used in conjunction with each other to fully automate a site are now only £20 each and can be purchased from my main sites secure payment page.

With both of these plugins together (both for PHP 5 and 7), feed content can be automatically loaded with a feed loading plugin before tags automatically being added to the articles with Strictly AutoTags.

Then you can Tweet out to one or more accounts different Tweets, with different content, shortened or not, with a time delay to stop Twitter Rushes with Strictly TweetBOT.

The premium plugins have many more features than the free versions and since Wordpress has taken them off their site, despite over half a million downloads, you can only get them from my site.

Try the free versions first if you want, however the options in the premium versions are there for performance, extra functionality and speed.

HALF PRICE PLUGINS TO AUTOMATE YOUR WORDPRESS SITE!

What more can you want if you work with Wordpress and feeds to give yourself good SEO, tagging and social media presence automatically?

Link your Twitter account up with a Facebook page and you can post from your site to Twitter to Facebook all whilst you work or relax.

Safely knowing you will grow your site with new tags, limit the number of deeplinking to prevent single new tags creating pages, and get your tags turned into Twitter #hashtags!

What more can you want?

Check out my Facebook page for more info!


Friday, 11 May 2018

Don't Fall For Trick Links - Use REL = NOOPENER and NOREFERRER in Browsers

For the XSS Hole In Browers use NOOPENER and NOREFERRER

By Strictly-Software

As some of you might know the rel attribute in anchor tags can be used for more than just nofollow or as some stupid SEO gurus think "follow" which doesn't exist.

It can also be used to trick users who click links that open pages and then run code that uses the window.opener object to change the page's HTML that you have just come from before closing.

For example Chrome is good at protecting XSS attacks even from the same origin, however even it can fall victim to trick links. Adding into your rel attribute rel="noopener" should stop the opened page from being able to modify code on the page that opened it through the parent page through the window.opener object.

However in some browsers this does not work too well, and you should be aware of this as some browsers like FireFox sometimes need an extra noreferrer value added to prevent the opened page from modifying your initial page.

If you want to see an example of this in action then go to this link on my website www.strictly-software.com/test1.html.

Try this in FireFox first as that is the browser which doesn't seem to respect the noopener attribute.

Try it in your own personal browser of choice as well and play around with the code (copy and paste it to your local machine to tamper and run), to see if taking noopener or noreferrer out of the links work or not or whether a blank link with no rel attribute passes the object reference along at all.

There are two links on the page, the first when clicked should change the page you are looking at to the top part of a Facebook login screen.

If you can imagine getting a link in your messages, emails or on Facebook itself and clicking it to find that it seems you have been logged out.

So you login again.

Only now that the page is not Facebook but a page my trick link or window.open() page has made you think is Facebook. The link or window.open('tamper.html','win') has had it's HTML changed and the hacker is logging your email and password.

In this example I have just used an image so their is no danger of having your details stolen.

What the first page does is just offer the user a link to click. It might be from a friend or hacker but once clicked it will use target="_blank" to open a new window.

As soon as the window is open an onload event is fired that uses the window.opener object to gain access to it's parent and change the HTML.

I have used a basic example here and an image of Facebook but you can see the code in action.

function RunScam(){
 window.opener.document.documentElement.innerHTML="<html><body><img style='width:1000px' src='FBTest.png' alt='Fake Facebook Page Example' /></body></html>";
 window.close();
}


I use an onload="RunScam()" function to call that code above.

This function uses the window.opener object to reference the document.documentElement object and then innnerHTML to reformat the page before closing the new window.

Remember I am just using an image here so there is no risk but the function could be extended to load in stylesheets, real inputs that record your passwords and look just as real as the site it is faking. It could be a bank, a social media site or any other kind of site people would want to get passwords for.

Once you have checked the fake link out try the next one.

It shouldn't do anything but open a blank window.

Remember the link is at www.strictly-software.com/test1.html as you may have to go back from the fake Facebook page.

So try this out in FireFox and then you will see the importance of adding noopener and the older workaround when FF didn't support noopener, noreferrer.

Monday, 15 January 2018

Quickly Grab Generated Source Code With One Click

Quickly Grab Generated Source Code With One Click


By Strictly-Software

Now that my broken arm is getting better I will be doing more code. It still hurts like mad though, the arm bone didn't even look like it belonged anywhere near the shoulder where it was dislocated.

If you want WordPress plugins then go and check out the main site which I need to do some work on. I am also thinking of building an alternative search engine to get round Google's/CIA/NSA's de-ranking and demonetisation.

I used to have a Super Search Engine years ago, that took the top 10 items from Google, BING and Yahoo, however they kept changing the source code until it all became AJAX loaded in on the fly and too hard to scrape.

I think with the push or deletion of alternative news down the rankingsand pro-establishment news gaining viewers they would never had got a year ago due to Facebook's subservience to the USA and Israeli governments. More and more people will move to new decentralised social media platforms and once that happens Facebook and Google, who are already losing out to duckduckgo.com  due to privacy concerns will lose money in their share price as well as many members.                                 

The problem is money of course and too few people click on adverts or donate out the kindness of their heart.

I think, like search.darkpolitriks.com, that has a starting page of core main #altnews websites and podcasts, I could write my own one and charge £10 for a relevant #altnews blog or channel to be added to the SERP, just so that small alternative sites have the same chance of being found in results and sites like CNN and the BBC are weeded out.

Easiest way of creating a SERP. Just ensure the site is relevant and not mainstream.

Anyway I was fixing a bug today when I realised that it was a bookmark with an http source on an https site that prevented the lock from showing.

Sometimes I don't think people realise how dangerous loading third party scripts can be.

Just loading in a CSS stylesheet could cause nightmares.

For example say your site loaded in a stylesheet from www.SomeSiteIDontControl1.com which loads in a background PNG image which in turn loads in another remote 3rd party stylesheet from www.SomeSiteIDontControl2.com.

Then one day the person in control of that site changes that 2nd image to a dangerous .js file or .exe that loads in an XSS attack.

You are so far removed from the actual cause of the problem that with minification and compression you might have no hope in finding the dangerous file.

So one day the 2nd CSS file that you are loading looks something like this:


background:url(http://www.somesiteIdontcontrol2.com/images/background.png) no-repeat 16px 0;


Then one day this site owner changes his background image to be an .js file e.g


background:url(http://www.somesiteIdontcontrol2.com/images/dodgyscript.js) no-repeat 16px 0;


And when the page loads, and after your onDOMLoad event loads in these scripts it hits your user with the JavaScript sites code.

A recursive script might be handy to run every day to check diagnostics by referencing every URL it finds in any style-sheet or JavaScript on your site.

Follow it backwards and check every other URL it finds.

Another way, if you are perfectly happy with your code is to create local versions of the files and images and keep it all on a server you control so no-one could malform the objects being loaded.

This is a bookmarklet script I wrote years ago that shows me the DOM loaded afterwards and not before.

I wanted to see what scripts and files had been added since I pressed the View Source button that shows the HTML and JS/CSS before any code is run on the page.

I use it all the time. I created a bookmarklet and added it to my bookmark bar so it's within easy reach with a URL to www.google.com and save it.

I then edit it and change the location of the JavaScript I want from www.google.com to the code so that it runs. This might not be necessary anymore but I had add a real URL in the old days.

This code basically takes a snapshot of the DOM once all 3rd party objects have modified the code, loaded videos, changed images and anything else sites like to do when onDOMLoad (not onWindowLoad, which only fires once every image and external object has been loaded.

As you are loading the code with a press of a button there is plenty of time for the onDOM onWindow and onFrame load events to fire, plus many others.


javascript:(function()%7b function htmlEscape(s)%7bs=s.replace(/&/g,'&amp;');s=s.replace(/>/g,'&gt;');s=s.replace(/</g,'&lt;');return s;%7d x=window.open(); x.document.write('<pre>' + htmlEscape('<html>\n' + document.documentElement.innerHTML + '\n</html>')); x.document.close(); %7d)();


As the HTML 5 spec still allows for href="javascript: ..... " then a link or button can run JavaScript when it really should be running external document.addEventListener events to each object needing code to fire when hit.

The code just creates a URL encoded function called htmlEscape which replaces brackets and ampersands and opens a new window writing this new code out into the document.documentElement.innerHTML.

Not hard to do but very useful.


By Strictly-Software

© 2018 Strictly-Software