Do The Right Things

A site devoted to discussing techniques that promote quality and ethical practices in software development.

Wednesday, May 24, 2017

The way to suppress Mono's "WARNING: The runtime version supported by this application is unavailable"

Many people would have encountered following dreaded Mono runtime warning,

WARNING: The runtime version supported by this application is unavailable.
Using default runtime: v4.0.30319


when one runs a console application in Mono.

This is caused by the fact that machine running this program does not have the version of the framework used to build the program. The only version of the framework available in this machine is v4.0.30319.

Sadly this warning is written to stdout and hence you can't redirect it to elsewhere if that were written to stderr.

The proper way to deal with this is to tell Mono that your application can also run in whatever version of the framework it has been installed in the machine. To do so you simply add a <startup><supportedRuntime> element into the application configuration file. If your application does not have one, create one containing the following lines:

<?xml version="1.0" encoding="utf-8"?>
<configuration>
    <startup>
            <supportedRuntime version="v2.0.50727"/>
            <supportedRuntime version="v4.0.30319" />
            <supportedRuntime version="v4.0"/>
    </startup> 
</configuration>

This config file also says that if you have version 2 framework installed, it will use that, the one the application is built. The order of the supportedRuntime elements are important.

With that if the only framework version 4.0.30319 is installed, your application will not cause that warning message. Of course as a recommended practice you must also test your application in the framework that is NOT the one you use to build it to ensure no subtle difference in reaction creeps in.

Saturday, March 18, 2017

This is the way to add bi-weekly repeats into Samsung S Planner.

For some obscure reason that only Samsung's Android developers would know, it has never have the ability to define bi-weekly or fortnightly repeat event or let along repeating task.

My latest NoteEdge (SM-N9150) running Android 6.0.1 still does not have it. In the process of finding a third party reminder app to supplement the deficiency in S Planner, I have discovered a very simple way to do this.

To allow you to define custom repeat, you install the "To-Do Calendar Planner" which install the isoTimer app into your handset.

When you start the isoTimer for the first time grant it permission to access your Calendar. You can deny it permission to your Contact just as I do.

Then you use the isoTimer's interface, albeit a bit unusual, to create an event or task and to set bi-weekly repeat use the "Repeat every X Days" option.

What this program does is to inject those repeats into the S Planner's Calendar. I am using a localised calendar as the default and that is where the isoTimer injects the repeat event/task into.

So it seems Samsung has stubbornly refused to implement an user interface to support bi-weekly repeat, which is surprisingly a very common requirement.

Now you have a simple way to overcome Samsung's deficiency.

Tuesday, November 22, 2016

Signal Messenger vs Wire Messenger - private voice communication

I am a frequent user of Signal but I met a situation where a friend, let's call this Bob, also a Signal user, wanting to talk with me using Signal. We could chat but we could not talk to him. I have no trouble with have a voice conversation using Signal with other users using public Internet services. Attempts to connect to or from Bob always fail. He was using Signal in a campus network and I suspect the reason for these failure was due to certain ports required by Signal calls to go through being been blocked. Bob also uses Skype and there is no problem of striking up a crystal clear voice conversation with him using that.

So I am wondering whether other so called private messengers supporting E2EE on voice call will suffer from the same problem?

After waiting for Bob to upgrade his Android machine from his old Android 4.0 machine, as an experiment he installed Wire Messenger, one that I also use, showing great promises, and I have great respect for it. This messenger also uses the Signal protocol to perform E2EE and it has far more features than Signal. However, it is not as widely known as Signal and definitely less than WhatsApp.

Finally, Bob and I successfully managed to talk securely using Wire protected by Signal protocol transversing the same tightly protected network. We've decided to give Signal a miss because the new phone is now a full populated due SIM, see comments below.

So if anyone having trouble talking with Signal, give Wire a try and you even can test it using your web browser. For those not familiar with Wire, Wire has several great benefits that Signal and WhatsApp fail to offer:

Benefits
✔ Work without dependent of SIM or phone number

Unlike Signal & WhatsApp, it uses an e-mail address as the identifier with name and phone number as optional identifiers. These optional identifiers can be change at will; the phone number you enter can be different from that in the SIM.

Moreover, the e-mail is only used during account registration for receiving the verification code. After that it is just a pure identifier, like the mobile number used in WhatsApp or Signal.

You can look up friends base on e-mail address, name, or number.

✔ Because of its independence on SIM, its desktop version is a totally stand alone program, unlike Signal and WhatsApp where theirs are appendages to their smart phone siblings.

✔ Because of that, you can run Wire totally from a web browser without having to establish an account in a smart phone. No need to install anything. It is a great bonus for being able to walk up to the airport kiosk and start chatting.

✔ Access to your phone's Contacts is totally optional because its primary identifier is the e-mail address and not phone number. However, if you grant it access to the Contacts, it can use the Contacts data to look up friends.

✔ Its oblivion of a SIM is a great bonus for those operating a dual-SIM phone. Because it does not rely on the SIM, it can be used in a dual-SIM phone without the usual chaos associated with SIM dependent messengers.

If you are in a situation with a dual SIM phone, switch over to Wire and you can use the phone to the fullest rather than carrying two phyiscal phones just to escape the madness.

✔ Because it does not care about the SIM, it is a great tool for travelers who likes to use local SIM. One does not have to do anything to continue the conversation.

✔ At the time of writing and testing (Signal 3.22.2 and Wire 2.22.298) Wire is the only one with encrypted video conferencing and file attachment.

Disadvantages
❌ Since most private messengers use encryption using various schemes to provide content integrity and safest, the degree of its privacy is now measured based solely on how much meta data the messenger retains, for how long and its purpose. Meta data are essential for the system to operate correctly. It is the system retention policy of these data or portion of them that have effect on its degree of privacy.

According to this measure, Signal ranks supreme and as the ultimate private messenger. A recent grand jury demand in US lay bare the amount of data retained by Signal - the date the user first registered and the last time the user contacted the system (it does not even record the participant of the conversation).

No messenger so far has ever published verifiable data to surpass Signal or even dare to challenge its supremacy. If you do not hold data how can one be forced to hand over the data? The best defense against authority demanding to hand over data as opposed to data retainer's expensive court fight.

While Wire has declared what kind of meta data (Creator, Timestamp, Participants list, and Conversation name) it records, it has not declared the retention period and the purpose of retaining them. As can be demonstrated, Wire collects tons of data by comparison to Signal and as a result less private and thus secure than Signal.

In fairness, what Wire collects is probably small by comparison or typical of what other messengers, such as WhatsApp, Wickr, etc, collect. At least Wire declares precisely what are being collected without explanation of the purpose rather than some general non-specific statement from WhatsApp, who even attempts, but aborted, to share data with its master.

❌ Small user base.
This can be a bonus if you really want a private private messenger without being bombarded by tons of conversations. This is not a reflection of Wire's lack of technical excellence but more human inertia to change - a Network Effect. It also demonstrates the bulk of messenger users pay little attention to encryption and meta data retention.


Monday, August 22, 2016

Remove Nagware from Foxit Reader (Linux) version 2.1.0805

It is disappointing to see a perfectly good, useful, and feature rich PDF viewer damaging its reputation by engaging nagware in the latest version of Foxit Reader for Linux.

The nagware is very persistent trying to force user to use ConnectedPDF every time one launches Foxit Reader. There is no way to tell it to stop pestering me.

Furthermore, in the preference dialog box, the settings for ConnectedPDF fails (possibly deliberately) to remember my change in the setting for "Use ConnectedPDF Format". I unchecked the "Automatically save PDF files in ConnectedPDF format" but the dialog box failed to record my change.

If you are annoyed by this nagware or pester-ware and have no intention of using ConnectedPdf, you can get rid of it easily.

Just go to the foxit reader's installation directory, typically in ~/opt/foxitsoftware/foxitreader, and either rename or delete the fxplugins folder to summarily dismiss the pesterware. You may have to elevate your privilege in order to accomplish that. Once this is done, you will not see the nagware again. Peace at last.

Shame on you Foxit and that is a good way to drive away users.

Saturday, May 21, 2016

Dumb algorithm in Yahoo Mail is a laughing stock

I tried to send an e-mail to a Yahoo mail recipient warning him about not to use the e-mail account's password as the password when registering on site that asks him for his e-mail address. I cited the case of LinkedIn. I told him site other than his e-mail account has no right to know his e-mail account's password.

The e-mail was blocked with the "554 Message not allowed - [298]" and Yahoo is the only mail server blocking that message as the other recipients in other mail services have no problem. Clearly their services are smarter than dumb Yahoo.

Not deter and to demonstrate how easy to by-pass Yahoo's so-called algorithm and automatic scanning of the mail content to block offending materials, I simply use the Windows' Snipping tool to convert the content to a bitmap and embedded that into the content of the message.

The exact content is preserved and the dumb Yahoo algorithm is by-passed!! If it was objectionable to Yahoo, the same objectionable content is being waved past as it totally lacks any intelligent. It is not even steganography.

What Yahoo has done is nothing but a theatrical. What a joke their implementation is.

Tuesday, March 29, 2016

Which of the 10 URL Shorteners are not hostile to Tor?

I examine 10 URL Shortener Services one by one to evaluate its hostility towards Tor Browser.

Those that put road blocks in the way such as using CAPTCHA or other techniques are classified as hostile services. Another requirement is that it should also operate properly in Android's Orfox, the Android's kind of equivalent to Tor Browser.

If it works in laptop/desktop Tor Browser and not in Orfox, it is still classified as hostile. Any service that requires log in etc. even though not presenting any hostility road blocks is placed in the "Useless" category. Too much trouble.

Tor Browser users should black list those hostile services as they do not possess any uniqueness as the review below shows there are friendly alternatives. In that way the Tor community can deny them of visits and advertising dollars, much like AdBlock Plus.

Tor users can refer to this Tor Project sites for more comprehensive list of Tor hostile sites.

Only 5 out of 10 are Tor friendly. Naturally Google is one of the hostile one.

Tor Friendly site

Bitly
In Orfox, one needs to add cloudfront.net and Googleapis.com to NoScript's whitelist.

TinyURL.com
There are times that this site demands CAPTCHA validation and need more experiment to determine its friendliness.

AdF.ly
One needs to add this to the whitelist in the NoScript in Orfox.

Bit.do

Mcaf.ee
Given this is in beta, it loads slowly but still works in a no-nonsense manner. Hope it will not be hostile to Tor as it matures.


Hostile Services

Goo.gl

Ow.ly

Is.gd

Useless

Is.gd

X.co

Monday, March 14, 2016

Way to by pass Tor Browser hostile web sites

It is really a form of anti-Net Neutrality for web sites, most notably web hosting sites like CloudFlare, to discriminate Tor Browser users by putting all sort of childish barrier in an attempt to prevent Tor Browser users from gaining access to the materials.

Perhaps by comparison, CloudFlare is not as anti-Tor as Akamai which simply greeds Tor users with 404.

It is an easy way out to treat all Tor Browser users in the same boat as those using the tool to abuse the system. If that kind of thinking prevails, may be we should all shut down the Internet as not a day gone by without seeing an attack being carried out on the Internet. Any other way would require intelligence that they have not got and it is also a good sales material of telling their customers that they could block all those abusers using Tor.

Thankfully, there is a way to get past playing their childish game. I simply route the access through Start Page's proxy from Tor Browser. Just do a search on the link from Tor Browser and then uses the proxy to access it.



Blog Archive