Update News for April 2025

Here is a quick run-down on what you will find in this bulletin:

• • API Problem in March

  • Newest GOWIN.EXE

  • Avoid Compulife’s Email Spam Filter (Me)

  • Our Current Programming Plans for 2025

These topics will be dealt with in more detail throughout this bulletin.

API Problem in MarchNOTE:   Our programmer read this and thought it was TOO technical and that I would lose readers. If you are NOT an API user, you can skip the first story in the bulletin, and move to the next.

Last month we told you that we thought that we had resolved all the bugs with respect to our new Internet Engine, which is our latest revised software code compiled with the latest language compiler. We had been having some problems, which we believed had all been addressed.

Everything was working VERY well and then we had a sudden stoppage of our Term4Sale website; one of the users of the site called to let us know. Within an hour we also had an email from one of our API customers telling us that the API was no longer working.

NOTE:   Term4Sale uses Compulife’s API system to produce quotes.

We then determined, fairly quickly, that the engine itself was running and producing quotes and so the internet engine was NOT the problem. It turned out that the problem was the API system that was not returning values; therefore it was something on the server. This was strange because we had NOT changed anything.

Jeremiah then contacted our IP (Internet Provider) to learn that they had just done a “security upgrade” to our server that now required something that it had not required before, in order to work. Once we got the server provider to “roll back” the upgrade, our Term4Sale site began working just fine (about 2 hours after it was down). Our customer that was having the issue was also back up and running.

After Jeremiah discussed it with our IP, here’s the email that he sent to explain what happened:

• The issue with the API server (Inmotion Hosting) was fixed by Inmotion tonight. They had a ModSecurity update last night that caused our PHP calls to the API to stop working for www.term4sale.com. The Inmotion tech support said that ModSecurity Rule 990011 was added to our server last night with a security update. They have toggled off that ModSecurity Rule and it should stay off. Their tech support guy said it has to do with passing a User-Agent in the apache header (see the Google search below).

• The browser will return 406 error when ModSecurity rules are triggered, which is what one API subscriber reported this evening.

• Chris [our programmer], as an aside, we recommend passing a user-agent in the API documentation (https://docs.compulife.com/) but as I mentioned on the phone, it appears that our default php code (https://www.compulife.com/compulife-api-samples/quoter-sample.php) and www.term4sale.com does not pass a User-Agent. This is why that sample page gave us an error message (check the log file) and Term4sale.com stopped working. Bob and I discussed that we should probably not fix anything in the code right now because if some API subscribers are not passing a User-Agent they would have also have had the same trouble, which we can mirror when we test Term4Sale.com or our quoter-sample.php page. If most API subscriber’s were passing a

User-Agent

•  in their code, based on our Postman documentation, they would not have had any trouble getting results from the API in their code, so they would not have noticed anything.

• Here is the documentation I found in the AI section at the top of Google when I searched for “ModSec rule 990011”

• ModSecurity rule 990011 is a rule that warns when a request indicates an automated program has accessed a website. [1, 2]

What does it do?

•  [1, 2]

• • * Warns when a request indicates an automated program has accessed a website [1, 2]

• • * Checks the User-Agent header for the string “^apache.*perl” [2, 3]

When might it be an issue?

•  [1]

• • * It might interfere with a Drupal update script

How to disable it?

•  [1]
  • * You can disable a rule based on its Rule ID and location [1]

• • * To disable a ModSecurity rule in cPanel, you can: [4]
    • 1. Go to Home / Security Center / ModSecurity Tools [4]

• • • 2. Click the pencil icon next to the rule you want to disable [4]

• • • 3. Deselect the Enable Rule option [4]

• • • 4. Click Save [4]

What is ModSecurity?

•  [5]
  • * ModSecurity is a security tool that checks page requests against rules to filter out malicious requests [5]

• * It can help protect against credential theft, code injection, brute force attacks, SQLi, XSS, CSRF, malware, ransomware, and denial of service (DoS) [6]

IMPORTANT:   If you are subscriber to the API service, we strongly recommend that you pay attention to the need for passing a “User-Agent” variable when calling the API.

As Jeremiah explains in his above email, our server has been changed back to NOT require this (at the moment). Even so, we want to underline that we do NOT ultimately control the server. The Internet Provider that we use, has many servers and customers. Most of the upgrades and changes that they make are automated. You can rightfully expect that they could spring this change on us again at some point, and if you are NOT passing the User-Agent variable you may have the same problem of your site suddenly not working.

As Jeremiah pointed out, we are leaving Term4Sale WITHOUT that “User-Agent” code for now, to ensure that we are warned ASAP if we have been hit with this change again. That way, we can act quickly to solve it. But the important thing is to make sure that ALL our API subscribers check to ensure their code (which we don’t control) have the “User-Agent” as part of their call to our API service. You don’t need to have it now, but you might in the future. Best to fix this before it creates a problem in the future.

During his discussion with our IP, Jeremiah was also told that they will be moving us to a new server at some point, so that our service is running on the newest and latest version of the Linux operating system (Linux servers are what we use for our web quoting services).

This server transition must happen by the end of this year. We are planning to do this very early in a morning where we can do some testing to ensure that the upgrade has NOT caused a problem for those services that we have on that server. If there is a problem, the IP can undo the change until we resolve the issue.

NOTE:   This upgrade will NOT require ANY changes to be made by our customers. The web address for the API access will remain the same.

All of this to say that we are doing our VERY best to ensure that our web based services continue uninterrupted, but we want to also underline that there are some things outside our control. And that is why I personally continue to prefer PC software, where problems are based upon local machine issues (your PC) and where NOT everyone is impacted at the same time with a problem.

Newest GOWIN.EXEDuring March we released a new version of our current Windows program to both Canada and the U.S. (it was released in Canada in very late March). This version of the program did contain a number of minor changes, but continues to be the GOWIN.EXE that is compiled with our OLD language compiler.

We intend to move the current GOWIN.EXE to the NEW language compiler and release that, before moving full speed ahead with the new CQS.EXE. However, we will be releasing our new CQS.EXE earlier than later, in order to have you test for a problem that appeared in the GOWIN.EXE that we released a few months ago, which had been created with the NEW language compiler.

The problem we are talking about has been nicknamed by us as the “tiny font bug“.

Some subscribers, when attempting to print a Pick 12 quote, or trying to create a PDF file of the Pick 12 quote, ended up with VERY tiny fonts (illegible) in their printout. The frustration with that problem is that NOT all computers did it, only a minority. We were really struggling with it because it was not doing it on any of our computers.

About Christmas we were able to see the problem on a new laptop that my son had purchased, running Windows 11. And the problem only appears on that computer when we ran the new CQS.EXE problem (the GOWIN.EXE compiled with the NEW compiler did not act up on that computer). Knowing that combination was demonstrating the problem so we could see it, our programmer ran around quickly and found a computer where he could duplicate the problem.

As the problem on the new computer was found when testing the new CQS.EXE program, we decided to first fix the problem there, and that we would ship CQS.EXE to our customers (we will do that in May) and ask you to run a test for us.

The test will be to use GOWIN.EXE to build a pick 12 spreadsheet. After you do that, we will ask you to run CQS.EXE and go into the Pick 12 option (now called “Spreadsheet” in the new program), and print the quote to a PDF to see if you get the same printout as you did with the Pick 12 in the GOWIN.EXE. Assuming that we have no problems with that test, then we will take the fixes that we made to correct the problem, and put those back into GOWIN.EXE. Once that is done, GOWIN.EXE will be built using the NEW compiler and we will put it out in a general release.

In order to make the testing simple, we have done a couple of things in the interim. In the March midmonth update everyone received a CQS.EXE program that we are referring to as a placeholder program. It essentially has two, very simple functions. First, if you run CQS.EXE it will call and run the GOWIN.EXE program. Second, if you make an icon for it, you will get a new, second icon on your desktop that is the letter “C” (black on white which a red underline). Below the icon it will says “Compulife” (NOT Compulife Quotation System). This is the new icon for CQS.EXE.

When we released this in March we did NOT force the creation of that new icon. You can certainly do it manually by making an icon for the new CQS.EXE. The other way to do it is to use “options” in the GOWIN.EXE program. The “Create Desktop Shortcut” option now creates BOTH a “CQS” icon (that runs GOWIN.EXE directly) and a “C” icon that runs CQS.EXE which then runs GOWIN.EXE. For now, both icons do the same thing, but they won’t in May.

These two new programs are now part of your monthly update. They have already been provided in midmonth updates. Sometime in mid April we will be FORCING the creation of the new icon with one of our midmonth updates; this is done automatically. When we do that we will be asking you to check your desktop for the new “C” icon. If you do not see the “C” with Compulife below it, then you will know you have an issue that will need to be resolved. You will be told to call us at that time.

To summarize, this is to prepare the way for the release of the new CQS.EXE which we will then need you to run to do the VERY specific test in May.

Avoid Compulife’s Email Spam Filter (Me)IMPORTANT:   I do NOT use a spam filter for emails; I MANUALLY delete what I believe to be spam.

Two tips to make certain that when you email Compulife, your email is read and that we respond to it.

First, send your email to service@compulife.com. Emails that are sent to service@compulife.com go to BOTH Jeremiah and Bob which DOUBLES your chances of not getting missed.

Second, if you are emailing Compulife, start your email SUBJECT with the word “Compulife“. When I receive and start reviewing my emails, I sort the emails by subject line.

NOTE:   I have two inboxes. Like you, I have an inbox that is the default email folder in which new emails show up. That default inbox is EMPTIED by me after each time I review new emails. Emails I want to keep are moved to an email folder that I have called “2025inbox”. 2025inbox is the inbox with the emails that I want to keep.

To summarize, when I get new emails, the inbox has ONLY new emails, not older emails that I have already reviewed.

That means when I sort emails by subject line it makes it SO MUCH EASIER to find the spam because many spam emails share the same subject lines and they end up being grouped together which means I can deal with them as a group (to delete) more easily.

The problem with spam filters is that they often throw out the good with the bad. I know that when I first send an email from my Compulife email address, to someone with a gmail address, I also have to send a gmail email to say check your spam folder for the email that I just sent you from Compulife. I have to believe it is NOT just Compulife that ends up in a lot of spam folders, it means a lot of important emails end up in spam folders.

Therefore, if I used a spam filter, it would mean I would end up having to check two folders, inbox and spam. That is why I prefer to not use a spam filter and I just check ALL the emails in my inbox (and there are usually a hundred or two).

I often read nothing more than the subject line, so if you don’t get my attention in the subject line, you get deleted. My deletions are NOT permanent deletions until an email is more than 60 to 90 days old. I tend to clear out my deletions each quarter, as they suck up a lot of disk space (usually about 20 to 30,000 emails).

By putting Compulife as the first word in the subject line, you have a 98% better chance of NOT getting accidentally deleted.

Our Current Programming Plans for 2025The following is the current order for new work that we will be doing in 2025:

• • Introduction of New PC Version: CQS.EXE.

• • Overhaul Of Current Product Data Files.

• Introduction of Compulife Mobile* Plus (with Pick 12).

Anyone with questions about any of these upcoming projects can call Bob Barney to discuss:

Please don’t email me essay questions; just call. If I’m not in, email me your phone number, I’ll call you.

These planned objectives will easily consume our programming time during the balance of this year and throughout 2025. The good news is that once the product data files have been converted, and we have introduced the new CQS.EXE and upgraded our internet engine to use the new data files, Compulife will be turning its full attention to our web based, Compulife Mobile software. The long term goal is to have a web based product that does everything our PC based software does.