Re: open secure socket... using certificate

2021-01-26 Thread Mark Wieder via use-livecode

On 1/26/21 6:05 AM, Bernard Devlin via use-livecode wrote:


Is it really the case that for the past 6 years LC documentation has been
misleading people concerning the implementation of certificates for secure
socket connections?


Sadly, yes.



I notice in the Dictionary the entry for "open socket" in the table of
options for this command has entries for "certificate" and "key", but these
are both empty.  As if these features were meant to be implemented but were
never implemented and the Dictionary was never updated to remove this
misleading information.

I just find that hard to believe.


https://quality.livecode.com/show_bug.cgi?id=13410

although the earliest bug report seems to be from 2006:

https://quality.livecode.com/show_bug.cgi?id=3737

--
 Mark Wieder
 ahsoftw...@gmail.com

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: open secure socket... using certificate

2021-01-26 Thread Tom Glod via use-livecode
super happy to see this, hopefully it will when i need it.
Going to look this up.
Wondering if it will be super hard to create certificate and make it work
on localhost sockets.


On Tue, Jan 26, 2021 at 2:26 PM Brian Milby via use-livecode <
use-livecode@lists.runrev.com> wrote:

> “Using tCertificate and tKey” compiles but I don’t know how to test.  It
> does seem like the parser doesn’t recognize those keywords.
>
> Sent from my iPhone
>
> > On Jan 26, 2021, at 2:13 PM, Bernard Devlin via use-livecode <
> use-livecode@lists.runrev.com> wrote:
> >
> > Thanks for the suggestion Erik, but I don't see from that how one
> specifies
> > the certificate.
> >
> > Regards, Bernard
> >
> >> On Tue, Jan 26, 2021 at 6:03 PM Erik Beugelaar via use-livecode <
> >> use-livecode@lists.runrev.com> wrote:
> >>
> >> Maybe this:
> >>
> >> secure socket "livecode.com:443"
> >>
> >> Examples:
> >>
> >> https://livecode.fandom.com/wiki/Secure_socket
> >>
> >> -Original Message-
> >> From: use-livecode  On Behalf Of
> >> Bernard Devlin via use-livecode
> >> Sent: dinsdag 26 januari 2021 16:40
> >> To: How to use LiveCode 
> >> Cc: Bernard Devlin 
> >> Subject: Re: open secure socket... using certificate
> >>
> >> I did. I tried these too:
> >>
> >> *open* *secure* socket to "localhost:443"  using certificate tc and key
> tk
> >>
> >> *open* *secure* socket to "localhost:443" without verification using
> >> certificate tc and key tk
> >>
> >> When the above lines are entered in the script editor they are flagged
> as
> >> being syntax errors. In both cases it is what comes after "certificate"
> >> that is flagged as a syntax error (flagged as: missing "," near "tc").
> >> There seems to be no combination of command options that works with
> >> certificates.
> >>
> >> The fact that the Dictionary has zero information about what is expected
> >> for certificate/key was not a good sign, which is why I searched the
> >> archive.  I just went to have a look at the code on Github and I can
> seen
> >> nothing to suggest that "using certificate and key" is implemented.
> >>
> >> The server and client certificate are working in a browser, so the
> problem
> >> is definitely on the LC side.
> >>
> >> On Tue, Jan 26, 2021 at 2:34 PM Brian Milby via use-livecode <
> >> use-livecode@lists.runrev.com> wrote:
> >>
> >>> Did you try with “and key tKey”... it does not look like that part is
> >>> optional.
> >>>
> >>> Sent from my iPhone
> >>>
>  On Jan 26, 2021, at 9:07 AM, Bernard Devlin via use-livecode <
> >>> use-livecode@lists.runrev.com> wrote:
> 
>  According to the Dictionary in LC 9.5.1 there is this command:
> 
>  open secure socket [from [localHostName][:localPort]] [to] socketID
>  [with message callbackMessage] [without verification] *[using
>  certificate certificate and key key]*
> 
>  However I can't get it to work.
> 
>  open secure socket to "localhost:443" using certificate
> 
>  throws a runtime error "no handler: using"
> 
>  If I use
> 
>  open secure socket to "localhost:443"
> 
>  I get a socket connection, but all the security of a client
>  certificate does not work
> 
> 
>  This causes a syntax error in the IDE:
> 
>  open secure socket to "localhost:443" using certificate tName
> 
>  Looking through the archives I see that a couple of discussions
>  where people were asking about this variant of the "open socket"
>  command 5 to 6 years ago, *saying that the "certificate" part has
>  not been implemented*, regardless of what the Dictionary says.
> 
>  Is it really the case that for the past 6 years LC documentation has
>  been misleading people concerning the implementation of certificates
>  for
> >>> secure
>  socket connections?
> 
>  I notice in the Dictionary the entry for "open socket" in the table
>  of options for this command has entries for "certificate" and "key",
>  but
> >>> these
>  are both empty.  As if these features were meant to be implemented
>  but
> >>> were
>  never implemented and the Dictionary was never updated to remove
>  this misleading information.
> 
>  I just find that hard to believe.
> 
>  Regards
> 
>  Bernard
>  ___
>  use-livecode mailing list
>  use-livecode@lists.runrev.com
>  Please visit this url to subscribe, unsubscribe and manage your
> >>> subscription preferences:
>  http://lists.runrev.com/mailman/listinfo/use-livecode
> >>>
> >>> ___
> >>> use-livecode mailing list
> >>> use-livecode@lists.runrev.com
> >>> Please visit this url to subscribe, unsubscribe and manage your
> >>> subscription preferences:
> >>> http://lists.runrev.com/mailman/listinfo/use-livecode
> >>>
> >> ___
> >> use-livecode mailing list
> >> 

Re: open secure socket... using certificate

2021-01-26 Thread Brian Milby via use-livecode
“Using tCertificate and tKey” compiles but I don’t know how to test.  It does 
seem like the parser doesn’t recognize those keywords.

Sent from my iPhone

> On Jan 26, 2021, at 2:13 PM, Bernard Devlin via use-livecode 
>  wrote:
> 
> Thanks for the suggestion Erik, but I don't see from that how one specifies
> the certificate.
> 
> Regards, Bernard
> 
>> On Tue, Jan 26, 2021 at 6:03 PM Erik Beugelaar via use-livecode <
>> use-livecode@lists.runrev.com> wrote:
>> 
>> Maybe this:
>> 
>> secure socket "livecode.com:443"
>> 
>> Examples:
>> 
>> https://livecode.fandom.com/wiki/Secure_socket
>> 
>> -Original Message-
>> From: use-livecode  On Behalf Of
>> Bernard Devlin via use-livecode
>> Sent: dinsdag 26 januari 2021 16:40
>> To: How to use LiveCode 
>> Cc: Bernard Devlin 
>> Subject: Re: open secure socket... using certificate
>> 
>> I did. I tried these too:
>> 
>> *open* *secure* socket to "localhost:443"  using certificate tc and key tk
>> 
>> *open* *secure* socket to "localhost:443" without verification using
>> certificate tc and key tk
>> 
>> When the above lines are entered in the script editor they are flagged as
>> being syntax errors. In both cases it is what comes after "certificate"
>> that is flagged as a syntax error (flagged as: missing "," near "tc").
>> There seems to be no combination of command options that works with
>> certificates.
>> 
>> The fact that the Dictionary has zero information about what is expected
>> for certificate/key was not a good sign, which is why I searched the
>> archive.  I just went to have a look at the code on Github and I can seen
>> nothing to suggest that "using certificate and key" is implemented.
>> 
>> The server and client certificate are working in a browser, so the problem
>> is definitely on the LC side.
>> 
>> On Tue, Jan 26, 2021 at 2:34 PM Brian Milby via use-livecode <
>> use-livecode@lists.runrev.com> wrote:
>> 
>>> Did you try with “and key tKey”... it does not look like that part is
>>> optional.
>>> 
>>> Sent from my iPhone
>>> 
 On Jan 26, 2021, at 9:07 AM, Bernard Devlin via use-livecode <
>>> use-livecode@lists.runrev.com> wrote:
 
 According to the Dictionary in LC 9.5.1 there is this command:
 
 open secure socket [from [localHostName][:localPort]] [to] socketID
 [with message callbackMessage] [without verification] *[using
 certificate certificate and key key]*
 
 However I can't get it to work.
 
 open secure socket to "localhost:443" using certificate
 
 throws a runtime error "no handler: using"
 
 If I use
 
 open secure socket to "localhost:443"
 
 I get a socket connection, but all the security of a client
 certificate does not work
 
 
 This causes a syntax error in the IDE:
 
 open secure socket to "localhost:443" using certificate tName
 
 Looking through the archives I see that a couple of discussions
 where people were asking about this variant of the "open socket"
 command 5 to 6 years ago, *saying that the "certificate" part has
 not been implemented*, regardless of what the Dictionary says.
 
 Is it really the case that for the past 6 years LC documentation has
 been misleading people concerning the implementation of certificates
 for
>>> secure
 socket connections?
 
 I notice in the Dictionary the entry for "open socket" in the table
 of options for this command has entries for "certificate" and "key",
 but
>>> these
 are both empty.  As if these features were meant to be implemented
 but
>>> were
 never implemented and the Dictionary was never updated to remove
 this misleading information.
 
 I just find that hard to believe.
 
 Regards
 
 Bernard
 ___
 use-livecode mailing list
 use-livecode@lists.runrev.com
 Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
 http://lists.runrev.com/mailman/listinfo/use-livecode
>>> 
>>> ___
>>> use-livecode mailing list
>>> use-livecode@lists.runrev.com
>>> Please visit this url to subscribe, unsubscribe and manage your
>>> subscription preferences:
>>> http://lists.runrev.com/mailman/listinfo/use-livecode
>>> 
>> ___
>> use-livecode mailing list
>> use-livecode@lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>> 
>> 
>> ___
>> use-livecode mailing list
>> use-livecode@lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your
>> subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
>> 
> ___
> use-livecode mailing list
> 

Re: open secure socket... using certificate

2021-01-26 Thread Bernard Devlin via use-livecode
Thanks for the suggestion Erik, but I don't see from that how one specifies
the certificate.

Regards, Bernard

On Tue, Jan 26, 2021 at 6:03 PM Erik Beugelaar via use-livecode <
use-livecode@lists.runrev.com> wrote:

> Maybe this:
>
> secure socket "livecode.com:443"
>
> Examples:
>
> https://livecode.fandom.com/wiki/Secure_socket
>
> -Original Message-
> From: use-livecode  On Behalf Of
> Bernard Devlin via use-livecode
> Sent: dinsdag 26 januari 2021 16:40
> To: How to use LiveCode 
> Cc: Bernard Devlin 
> Subject: Re: open secure socket... using certificate
>
> I did. I tried these too:
>
> *open* *secure* socket to "localhost:443"  using certificate tc and key tk
>
> *open* *secure* socket to "localhost:443" without verification using
> certificate tc and key tk
>
> When the above lines are entered in the script editor they are flagged as
> being syntax errors. In both cases it is what comes after "certificate"
> that is flagged as a syntax error (flagged as: missing "," near "tc").
> There seems to be no combination of command options that works with
> certificates.
>
> The fact that the Dictionary has zero information about what is expected
> for certificate/key was not a good sign, which is why I searched the
> archive.  I just went to have a look at the code on Github and I can seen
> nothing to suggest that "using certificate and key" is implemented.
>
> The server and client certificate are working in a browser, so the problem
> is definitely on the LC side.
>
> On Tue, Jan 26, 2021 at 2:34 PM Brian Milby via use-livecode <
> use-livecode@lists.runrev.com> wrote:
>
> > Did you try with “and key tKey”... it does not look like that part is
> > optional.
> >
> > Sent from my iPhone
> >
> > > On Jan 26, 2021, at 9:07 AM, Bernard Devlin via use-livecode <
> > use-livecode@lists.runrev.com> wrote:
> > >
> > > According to the Dictionary in LC 9.5.1 there is this command:
> > >
> > > open secure socket [from [localHostName][:localPort]] [to] socketID
> > > [with message callbackMessage] [without verification] *[using
> > > certificate certificate and key key]*
> > >
> > > However I can't get it to work.
> > >
> > > open secure socket to "localhost:443" using certificate
> > >
> > > throws a runtime error "no handler: using"
> > >
> > > If I use
> > >
> > >  open secure socket to "localhost:443"
> > >
> > > I get a socket connection, but all the security of a client
> > > certificate does not work
> > >
> > >
> > > This causes a syntax error in the IDE:
> > >
> > >  open secure socket to "localhost:443" using certificate tName
> > >
> > > Looking through the archives I see that a couple of discussions
> > > where people were asking about this variant of the "open socket"
> > > command 5 to 6 years ago, *saying that the "certificate" part has
> > > not been implemented*, regardless of what the Dictionary says.
> > >
> > > Is it really the case that for the past 6 years LC documentation has
> > > been misleading people concerning the implementation of certificates
> > > for
> > secure
> > > socket connections?
> > >
> > > I notice in the Dictionary the entry for "open socket" in the table
> > > of options for this command has entries for "certificate" and "key",
> > > but
> > these
> > > are both empty.  As if these features were meant to be implemented
> > > but
> > were
> > > never implemented and the Dictionary was never updated to remove
> > > this misleading information.
> > >
> > > I just find that hard to believe.
> > >
> > > Regards
> > >
> > > Bernard
> > > ___
> > > use-livecode mailing list
> > > use-livecode@lists.runrev.com
> > > Please visit this url to subscribe, unsubscribe and manage your
> > subscription preferences:
> > > http://lists.runrev.com/mailman/listinfo/use-livecode
> >
> > ___
> > use-livecode mailing list
> > use-livecode@lists.runrev.com
> > Please visit this url to subscribe, unsubscribe and manage your
> > subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
> >
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
>
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: OT Friendly customers....

2021-01-26 Thread doc hawk via use-livecode

Bob bumbled,


> WAIT… THAT was a SCAM???

Definitely.

He actually sent the money to me.


There was a great website years ago that I can no longer find, in which a women 
strung along one of these guys, posting what she was doing and the 
correspondence.

She became increasingly salacious, eventually asking about playing games like 
“hide the salami” when they met, and watched these fly over his head.

She also insisted on a personal meeting, and that he come alone.  She found a 
location in Amsterdam, iirc, with a webcam, and watched him arrive to collect 
the money—from her home in the US.

To his indignation that she wasn’t there, she pointed out that she said to come 
alone.

Eventually, she emailed him the address of the website, but his actual English 
was to poor to understand.

And he continued trying to run the scam on her!

He even slipped up and used one of his other identities in onej email, and 
tried to explain it away when she called him on it.

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


RE: open secure socket... using certificate

2021-01-26 Thread Erik Beugelaar via use-livecode
Maybe this: 

secure socket "livecode.com:443"

Examples:

https://livecode.fandom.com/wiki/Secure_socket

-Original Message-
From: use-livecode  On Behalf Of Bernard 
Devlin via use-livecode
Sent: dinsdag 26 januari 2021 16:40
To: How to use LiveCode 
Cc: Bernard Devlin 
Subject: Re: open secure socket... using certificate

I did. I tried these too:

*open* *secure* socket to "localhost:443"  using certificate tc and key tk

*open* *secure* socket to "localhost:443" without verification using 
certificate tc and key tk

When the above lines are entered in the script editor they are flagged as being 
syntax errors. In both cases it is what comes after "certificate"
that is flagged as a syntax error (flagged as: missing "," near "tc").
There seems to be no combination of command options that works with 
certificates.

The fact that the Dictionary has zero information about what is expected for 
certificate/key was not a good sign, which is why I searched the archive.  I 
just went to have a look at the code on Github and I can seen nothing to 
suggest that "using certificate and key" is implemented.

The server and client certificate are working in a browser, so the problem is 
definitely on the LC side.

On Tue, Jan 26, 2021 at 2:34 PM Brian Milby via use-livecode < 
use-livecode@lists.runrev.com> wrote:

> Did you try with “and key tKey”... it does not look like that part is 
> optional.
>
> Sent from my iPhone
>
> > On Jan 26, 2021, at 9:07 AM, Bernard Devlin via use-livecode <
> use-livecode@lists.runrev.com> wrote:
> >
> > According to the Dictionary in LC 9.5.1 there is this command:
> >
> > open secure socket [from [localHostName][:localPort]] [to] socketID 
> > [with message callbackMessage] [without verification] *[using 
> > certificate certificate and key key]*
> >
> > However I can't get it to work.
> >
> > open secure socket to "localhost:443" using certificate
> >
> > throws a runtime error "no handler: using"
> >
> > If I use
> >
> >  open secure socket to "localhost:443"
> >
> > I get a socket connection, but all the security of a client 
> > certificate does not work
> >
> >
> > This causes a syntax error in the IDE:
> >
> >  open secure socket to "localhost:443" using certificate tName
> >
> > Looking through the archives I see that a couple of discussions 
> > where people were asking about this variant of the "open socket" 
> > command 5 to 6 years ago, *saying that the "certificate" part has 
> > not been implemented*, regardless of what the Dictionary says.
> >
> > Is it really the case that for the past 6 years LC documentation has 
> > been misleading people concerning the implementation of certificates 
> > for
> secure
> > socket connections?
> >
> > I notice in the Dictionary the entry for "open socket" in the table 
> > of options for this command has entries for "certificate" and "key", 
> > but
> these
> > are both empty.  As if these features were meant to be implemented 
> > but
> were
> > never implemented and the Dictionary was never updated to remove 
> > this misleading information.
> >
> > I just find that hard to believe.
> >
> > Regards
> >
> > Bernard
> > ___
> > use-livecode mailing list
> > use-livecode@lists.runrev.com
> > Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
>
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your 
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: OT Friendly customers....

2021-01-26 Thread Bob Sneidar via use-livecode
WAIT… THAT was a SCAM???

Bob S


On Jan 26, 2021, at 9:45 AM, Paul Dupuis via use-livecode 
mailto:use-livecode@lists.runrev.com>> wrote:

Honestly with all the SCAM email out there from Nigerian Princes to "I am dying 
and wish you to manage my million as I have no heirs"

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: OT Friendly customers....

2021-01-26 Thread J. Landman Gay via use-livecode
Can you contact him on LinkedIn to verify he sent that email? If it isn't 
fraudulent he may be looking for a free copy by requesting a refund and 
then using the app anyway. But it sounds like a fake email to me.

--
Jacqueline Landman Gay | jac...@hyperactivesw.com
HyperActive Software | http://www.hyperactivesw.com
On January 26, 2021 11:18:25 AM matthias rebbe via use-livecode 
 wrote:



Hi all,

today i had a really unfriendly email from a customer
and i would like to show what independent developers sometimes have to deal 
with.


First some information...
i am selling a Win/Mac/Linux tool through Fastspring for years.
The software is protected using Zygodact from Jacqueline Landman Gay.
Btw. a really great tool.

The purchase process is quite easy. After successful purchase/payment 
Fastspring contacts post some data to a Livecode Server Script. If the 
Fastpring call contains all needed information the Livecode Server scripts 
call the Zygodact stack to generate the registration data for that order  
and then returns that information. T he customer then get's an automated 
email from Fastspring which contains the details to unlock the software 
from demo mode to full mode. This works for years now and worked before 
Fastspring for years with KAGI.


Today this email arrived:

<
I plugged in the registration code and received a message that it was not 
valid for the current version that I had downloaded and that I had to send 
more money.


Either send me a valid code or refund my money.

Unless I hear from you today I will contact my bank and my credit card 
company and report this as a fraudulent charge.


Let me know what are your intentions.





The funny part is, my software does not return such a message. If the code 
is not accepted because email address and key code do not match, it just 
returns the message "Name or Key incorrect."


So what should i conclude from this? Did the customer try to unlock a wrong 
program? Or did he just interpret the message "Name or Key incorrect" as 
"You have to send more money"?


But what annoys me the most is the way he wrote the support request.

As the friendly person i am, i tried his unlock data here w/o problem. I 
replied to him that the unlock data is definitely working and if that is 
not the case at his side, then i would assume that he either tried to use 
the unlock details with an other program not mine or that he did not 
exactly enter the unlock details.

I even offered a free one2one remote session to do the unlock process for him.

Until now i did not receive any answers.

Btw. according to his LinkeIn profile he is a Digital Journalist and Web 
Designer and is working for a US University


Anyway.

Regards,

Matthias








-
Matthias Rebbe
Life Is Too Short For Boring Code


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your 
subscription preferences:

http://lists.runrev.com/mailman/listinfo/use-livecode





___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: OT Friendly customers....

2021-01-26 Thread Paul Dupuis via use-livecode
When  people buy our software an email with a license key is sent to 
them. We probably get a handful of people contacting support each MONTH 
with problems - in most cases they are polite and just want the problem 
solved, which is usually that they are using the wrong license key with 
the wrong software version or the email with the license key went into 
some SPAM filter and they never saw it (or they just never saw it or 
noticed it).


Out of that, we probably get a handful per YEAR that are like your email 
- where the customer thinks that the issue must be we're a fraudulent 
company trying to scam them. In most all of that handful per YEAR it 
ends up being that the customer was also using the wrong key with the 
wrong version or missed the email with the key, but their first 
assumption is that it is some kind of SCAM.


Honestly with all the SCAM email out there from Nigerian Princes to "I 
am dying and wish you to manage my million as I have no heirs" to the 
"You email account is shutdown until you click here" and on and on, you 
should not be surprised some people assume SCAM first. Don't take it 
personally. It is also possible they have fallen for some scam or other 
in the past and are now especially gun shy.



On 1/26/2021 12:16 PM, matthias rebbe via use-livecode wrote:

Hi all,

today i had a really unfriendly email from a customer
and i would like to show what independent developers sometimes have to deal 
with.

First some information...
i am selling a Win/Mac/Linux tool through Fastspring for years.
The software is protected using Zygodact from Jacqueline Landman Gay.
Btw. a really great tool.

The purchase process is quite easy. After successful purchase/payment 
Fastspring contacts post some data to a Livecode Server Script. If the 
Fastpring call contains all needed information the Livecode Server scripts call 
the Zygodact stack to generate the registration data for that order  and then 
returns that information. T he customer then get's an automated email from 
Fastspring which contains the details to unlock the software from demo mode to 
full mode. This works for years now and worked before Fastspring for years with 
KAGI.

Today this email arrived:

<
I plugged in the registration code and received a message that it was not valid 
for the current version that I had downloaded and that I had to send more money.

Either send me a valid code or refund my money.

Unless I hear from you today I will contact my bank and my credit card company 
and report this as a fraudulent charge.

Let me know what are your intentions.

The funny part is, my software does not return such a message. If the code is not 
accepted because email address and key code do not match, it just returns the message 
"Name or Key incorrect."

So what should i conclude from this? Did the customer try to unlock a wrong program? Or did he just 
interpret the message "Name or Key incorrect" as "You have to send more money"?

But what annoys me the most is the way he wrote the support request.

As the friendly person i am, i tried his unlock data here w/o problem. I 
replied to him that the unlock data is definitely working and if that is not 
the case at his side, then i would assume that he either tried to use the 
unlock details with an other program not mine or that he did not exactly enter 
the unlock details.
I even offered a free one2one remote session to do the unlock process for him.

Until now i did not receive any answers.

Btw. according to his LinkeIn profile he is a Digital Journalist and Web 
Designer and is working for a US University

Anyway.

Regards,

Matthias








-
Matthias Rebbe
Life Is Too Short For Boring Code


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode



___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: OT Friendly customers....

2021-01-26 Thread matthias rebbe via use-livecode
Hi Bill,

then of course i could be happy to get such emails not so often. ;) 

Regarding your concerns, i don't think that it is scam. The customer really 
purchased the software and if i would refund the purchase no one else as the 
customer himself had an advantage of it.

But i keep that in mind. Thanks.

Regards,

Matthias

-
Matthias Rebbe
Life Is Too Short For Boring Code

> Am 26.01.2021 um 18:29 schrieb ELS Prothero via use-livecode 
> :
> 
> Matthias,
> I regularly get emails that threaten to do financial harm if I don’t do some 
> kind of payment to them. If it’s a scam, the return email may be spoofed 
> also. Once I got an email from a known friend requesting assistance during a 
> travel problem, but the email had been hijacked. From that email address, I 
> got sincere sounding requests for emergency assistance. When I checked a 
> Facebook account, I found postings about her hijacked email.
> 
> If you can find an alternative email address to contact, for the person you 
> found on the internet, you could contact him that way. However, the request 
> sounds very suspicious to me.
> 
> Good luck,
> Bill
> 
> William Prothero
> http://es.earthednet.org
> 
>> On Jan 26, 2021, at 9:17 AM, matthias rebbe via use-livecode 
>>  wrote:
>> 
>> Hi all,
>> 
>> today i had a really unfriendly email from a customer 
>> and i would like to show what independent developers sometimes have to deal 
>> with.
>> 
>> First some information...
>> i am selling a Win/Mac/Linux tool through Fastspring for years.
>> The software is protected using Zygodact from Jacqueline Landman Gay.
>> Btw. a really great tool.
>> 
>> The purchase process is quite easy. After successful purchase/payment 
>> Fastspring contacts post some data to a Livecode Server Script. If the 
>> Fastpring call contains all needed information the Livecode Server scripts 
>> call the Zygodact stack to generate the registration data for that order  
>> and then returns that information. T he customer then get's an automated 
>> email from Fastspring which contains the details to unlock the software from 
>> demo mode to full mode. This works for years now and worked before 
>> Fastspring for years with KAGI.
>> 
>> Today this email arrived:
>> 
>> <
>> I plugged in the registration code and received a message that it was not 
>> valid for the current version that I had downloaded and that I had to send 
>> more money.
>> 
>> Either send me a valid code or refund my money.
>> 
>> Unless I hear from you today I will contact my bank and my credit card 
>> company and report this as a fraudulent charge.
>> 
>> Let me know what are your intentions.
>>> 
>> 
>> 
>> The funny part is, my software does not return such a message. If the code 
>> is not accepted because email address and key code do not match, it just 
>> returns the message "Name or Key incorrect."
>> 
>> So what should i conclude from this? Did the customer try to unlock a wrong 
>> program? Or did he just interpret the message "Name or Key incorrect" as 
>> "You have to send more money"?
>> 
>> But what annoys me the most is the way he wrote the support request. 
>> 
>> As the friendly person i am, i tried his unlock data here w/o problem. I 
>> replied to him that the unlock data is definitely working and if that is not 
>> the case at his side, then i would assume that he either tried to use the 
>> unlock details with an other program not mine or that he did not exactly 
>> enter the unlock details.
>> I even offered a free one2one remote session to do the unlock process for 
>> him.
>> 
>> Until now i did not receive any answers.
>> 
>> Btw. according to his LinkeIn profile he is a Digital Journalist and Web 
>> Designer and is working for a US University
>> 
>> Anyway.
>> 
>> Regards,
>> 
>> Matthias
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> -
>> Matthias Rebbe
>> Life Is Too Short For Boring Code
>> 
>> 
>> ___
>> use-livecode mailing list
>> use-livecode@lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription 
>> preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
> 
> 
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: OT Friendly customers....

2021-01-26 Thread ELS Prothero via use-livecode
Matthias,
I regularly get emails that threaten to do financial harm if I don’t do some 
kind of payment to them. If it’s a scam, the return email may be spoofed also. 
Once I got an email from a known friend requesting assistance during a travel 
problem, but the email had been hijacked. From that email address, I got 
sincere sounding requests for emergency assistance. When I checked a Facebook 
account, I found postings about her hijacked email.

If you can find an alternative email address to contact, for the person you 
found on the internet, you could contact him that way. However, the request 
sounds very suspicious to me.

Good luck,
Bill

William Prothero
http://es.earthednet.org

> On Jan 26, 2021, at 9:17 AM, matthias rebbe via use-livecode 
>  wrote:
> 
> Hi all,
> 
> today i had a really unfriendly email from a customer 
> and i would like to show what independent developers sometimes have to deal 
> with.
> 
> First some information...
> i am selling a Win/Mac/Linux tool through Fastspring for years.
> The software is protected using Zygodact from Jacqueline Landman Gay.
> Btw. a really great tool.
> 
> The purchase process is quite easy. After successful purchase/payment 
> Fastspring contacts post some data to a Livecode Server Script. If the 
> Fastpring call contains all needed information the Livecode Server scripts 
> call the Zygodact stack to generate the registration data for that order  and 
> then returns that information. T he customer then get's an automated email 
> from Fastspring which contains the details to unlock the software from demo 
> mode to full mode. This works for years now and worked before Fastspring for 
> years with KAGI.
> 
> Today this email arrived:
> 
> <
> I plugged in the registration code and received a message that it was not 
> valid for the current version that I had downloaded and that I had to send 
> more money.
> 
> Either send me a valid code or refund my money.
> 
> Unless I hear from you today I will contact my bank and my credit card 
> company and report this as a fraudulent charge.
> 
> Let me know what are your intentions.
>> 
> 
> 
> The funny part is, my software does not return such a message. If the code is 
> not accepted because email address and key code do not match, it just returns 
> the message "Name or Key incorrect."
> 
> So what should i conclude from this? Did the customer try to unlock a wrong 
> program? Or did he just interpret the message "Name or Key incorrect" as "You 
> have to send more money"?
> 
> But what annoys me the most is the way he wrote the support request. 
> 
> As the friendly person i am, i tried his unlock data here w/o problem. I 
> replied to him that the unlock data is definitely working and if that is not 
> the case at his side, then i would assume that he either tried to use the 
> unlock details with an other program not mine or that he did not exactly 
> enter the unlock details.
> I even offered a free one2one remote session to do the unlock process for him.
> 
> Until now i did not receive any answers.
> 
> Btw. according to his LinkeIn profile he is a Digital Journalist and Web 
> Designer and is working for a US University
> 
> Anyway.
> 
> Regards,
> 
> Matthias
> 
> 
> 
> 
> 
> 
> 
> 
> -
> Matthias Rebbe
> Life Is Too Short For Boring Code
> 
> 
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


OT Friendly customers....

2021-01-26 Thread matthias rebbe via use-livecode
Hi all,

today i had a really unfriendly email from a customer 
and i would like to show what independent developers sometimes have to deal 
with.

First some information...
i am selling a Win/Mac/Linux tool through Fastspring for years.
The software is protected using Zygodact from Jacqueline Landman Gay.
Btw. a really great tool.

The purchase process is quite easy. After successful purchase/payment 
Fastspring contacts post some data to a Livecode Server Script. If the 
Fastpring call contains all needed information the Livecode Server scripts call 
the Zygodact stack to generate the registration data for that order  and then 
returns that information. T he customer then get's an automated email from 
Fastspring which contains the details to unlock the software from demo mode to 
full mode. This works for years now and worked before Fastspring for years with 
KAGI.

Today this email arrived:

<
I plugged in the registration code and received a message that it was not valid 
for the current version that I had downloaded and that I had to send more money.

Either send me a valid code or refund my money.

Unless I hear from you today I will contact my bank and my credit card company 
and report this as a fraudulent charge.

Let me know what are your intentions.
>


The funny part is, my software does not return such a message. If the code is 
not accepted because email address and key code do not match, it just returns 
the message "Name or Key incorrect."

So what should i conclude from this? Did the customer try to unlock a wrong 
program? Or did he just interpret the message "Name or Key incorrect" as "You 
have to send more money"?

But what annoys me the most is the way he wrote the support request. 

As the friendly person i am, i tried his unlock data here w/o problem. I 
replied to him that the unlock data is definitely working and if that is not 
the case at his side, then i would assume that he either tried to use the 
unlock details with an other program not mine or that he did not exactly enter 
the unlock details.
I even offered a free one2one remote session to do the unlock process for him.

Until now i did not receive any answers.

Btw. according to his LinkeIn profile he is a Digital Journalist and Web 
Designer and is working for a US University

Anyway.

Regards,

Matthias








-
Matthias Rebbe
Life Is Too Short For Boring Code


___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: open secure socket... using certificate

2021-01-26 Thread Bernard Devlin via use-livecode
I did. I tried these too:

*open* *secure* socket to "localhost:443"  using certificate tc and key tk

*open* *secure* socket to "localhost:443" without verification using
certificate tc and key tk

When the above lines are entered in the script editor they are flagged as
being syntax errors. In both cases it is what comes after "certificate"
that is flagged as a syntax error (flagged as: missing "," near "tc").
There seems to be no combination of command options that works with
certificates.

The fact that the Dictionary has zero information about what is expected
for certificate/key was not a good sign, which is why I searched the
archive.  I just went to have a look at the code on Github and I can seen
nothing to suggest that "using certificate and key" is implemented.

The server and client certificate are working in a browser, so the problem
is definitely on the LC side.

On Tue, Jan 26, 2021 at 2:34 PM Brian Milby via use-livecode <
use-livecode@lists.runrev.com> wrote:

> Did you try with “and key tKey”... it does not look like that part is
> optional.
>
> Sent from my iPhone
>
> > On Jan 26, 2021, at 9:07 AM, Bernard Devlin via use-livecode <
> use-livecode@lists.runrev.com> wrote:
> >
> > According to the Dictionary in LC 9.5.1 there is this command:
> >
> > open secure socket [from [localHostName][:localPort]] [to] socketID [with
> > message callbackMessage] [without verification] *[using certificate
> > certificate and key key]*
> >
> > However I can't get it to work.
> >
> > open secure socket to "localhost:443" using certificate
> >
> > throws a runtime error "no handler: using"
> >
> > If I use
> >
> >  open secure socket to "localhost:443"
> >
> > I get a socket connection, but all the security of a client certificate
> > does not work
> >
> >
> > This causes a syntax error in the IDE:
> >
> >  open secure socket to "localhost:443" using certificate tName
> >
> > Looking through the archives I see that a couple of discussions where
> > people were asking about this variant of the "open socket" command 5 to 6
> > years ago, *saying that the "certificate" part has not been implemented*,
> > regardless of what the Dictionary says.
> >
> > Is it really the case that for the past 6 years LC documentation has been
> > misleading people concerning the implementation of certificates for
> secure
> > socket connections?
> >
> > I notice in the Dictionary the entry for "open socket" in the table of
> > options for this command has entries for "certificate" and "key", but
> these
> > are both empty.  As if these features were meant to be implemented but
> were
> > never implemented and the Dictionary was never updated to remove this
> > misleading information.
> >
> > I just find that hard to believe.
> >
> > Regards
> >
> > Bernard
> > ___
> > use-livecode mailing list
> > use-livecode@lists.runrev.com
> > Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
>
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


Re: open secure socket... using certificate

2021-01-26 Thread Brian Milby via use-livecode
Did you try with “and key tKey”... it does not look like that part is optional.

Sent from my iPhone

> On Jan 26, 2021, at 9:07 AM, Bernard Devlin via use-livecode 
>  wrote:
> 
> According to the Dictionary in LC 9.5.1 there is this command:
> 
> open secure socket [from [localHostName][:localPort]] [to] socketID [with
> message callbackMessage] [without verification] *[using certificate
> certificate and key key]*
> 
> However I can't get it to work.
> 
> open secure socket to "localhost:443" using certificate
> 
> throws a runtime error "no handler: using"
> 
> If I use
> 
>  open secure socket to "localhost:443"
> 
> I get a socket connection, but all the security of a client certificate
> does not work
> 
> 
> This causes a syntax error in the IDE:
> 
>  open secure socket to "localhost:443" using certificate tName
> 
> Looking through the archives I see that a couple of discussions where
> people were asking about this variant of the "open socket" command 5 to 6
> years ago, *saying that the "certificate" part has not been implemented*,
> regardless of what the Dictionary says.
> 
> Is it really the case that for the past 6 years LC documentation has been
> misleading people concerning the implementation of certificates for secure
> socket connections?
> 
> I notice in the Dictionary the entry for "open socket" in the table of
> options for this command has entries for "certificate" and "key", but these
> are both empty.  As if these features were meant to be implemented but were
> never implemented and the Dictionary was never updated to remove this
> misleading information.
> 
> I just find that hard to believe.
> 
> Regards
> 
> Bernard
> ___
> use-livecode mailing list
> use-livecode@lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription 
> preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode

___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode


open secure socket... using certificate

2021-01-26 Thread Bernard Devlin via use-livecode
According to the Dictionary in LC 9.5.1 there is this command:

open secure socket [from [localHostName][:localPort]] [to] socketID [with
message callbackMessage] [without verification] *[using certificate
certificate and key key]*

However I can't get it to work.

 open secure socket to "localhost:443" using certificate

throws a runtime error "no handler: using"

If I use

  open secure socket to "localhost:443"

I get a socket connection, but all the security of a client certificate
does not work


This causes a syntax error in the IDE:

  open secure socket to "localhost:443" using certificate tName

Looking through the archives I see that a couple of discussions where
people were asking about this variant of the "open socket" command 5 to 6
years ago, *saying that the "certificate" part has not been implemented*,
regardless of what the Dictionary says.

Is it really the case that for the past 6 years LC documentation has been
misleading people concerning the implementation of certificates for secure
socket connections?

I notice in the Dictionary the entry for "open socket" in the table of
options for this command has entries for "certificate" and "key", but these
are both empty.  As if these features were meant to be implemented but were
never implemented and the Dictionary was never updated to remove this
misleading information.

I just find that hard to believe.

Regards

Bernard
___
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription 
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode