A site devoted to discussing techniques that promote quality and ethical practices in software development.

Saturday, December 16, 2017

www.kproxy.com uses your resource to perform in-browser mining code

I was shock to see a prompt seeking my consent to run some calculation in my machine when I loosen my Tor Browser's security level using www.kproxy.com to reach another site.

Naturally that rings a bell that the "calculation" is referring to in-browser mining code.

So I set about to examine the page and through inspection and experimentation to identify that it is KProxy that is loading the in-browser mining code and not the target site, which happens to be https://www.google.com

The in-browser minining code is not on the landing page of KProxy and they are only injected when you surf to the target site. Shame on you KProxy for not even stating that your user's resources could be used for mining purposes.

KProxy has 10 public servers and here are what they are loading:
Server 1, 2, 3, 10: https[:]//coinhive.com/lib/coinhive.min.js

Server 4, 5, 6, 7, 8, 9: https[:]//authedmine.com/lib/authedmine.min.js

The heading comment in authedmine.min.js declares that it will only run the in-browser mining code if you opt-in.

You be the judge if you can believe such declaration. As for my money, stay away from KProxy and if you are running "uBlock Origin" add these two domains into your filter to block them.

My Tor Browser is now reset to the maximum security.

Tuesday, September 19, 2017

An advice from a long time Skype user - It is time to ditch Microsoft Skype

Recently, a Skype user told me that when he tried to sign into his Skype account with his Android phone, he was pestered by Microsoft Skype that detected his mobile number on his SIM card was different from the number he recorded in his account (It is a big mistake for being too complete in the profile) and demanding some form of verification. Of course it is different as he was in some overseas country using their local SIM.

Now I have heard of 2 persons who have just returned to US from an extended overseas stay being hassled preventing them to use Skype to convey their message of arrival. They were using Skype without trouble or hassle when they were overseas. They told me their experience using Wire messenger.

As a long time user - I used Skype it was first developed and released and way way before Microsoft has acquired it - I am furious to hear this kind of hassle.

Initially I thought they might have used a wrong version of Skype (Remember Microsoft the stupid saga in Windows 8? When your Metro style Skype was half baked while everyone had to uninstall it and install the full-feature Desktop version).

I have always recommend Skype to others as a messenger that does not link to any mobile phone numbers and it seems Microsoft has decided to impose draconian imposition as stated in their FAQ to hassle their users demanding this.

While Skype is a property of Microsoft and Microsoft can do all sort of stupid things, Microsoft is reminded that the messengers space is full of competitors with more features than your aged product. Microsoft seems to still living in the past when Skype was the only messenger. Now in fact Microsoft Skype is known as a laggard and not even in the race.

It is disappointing to see Microsoft decides to spend their time and energy to implement childish snapchat style feature and then hassling their user as if Microsoft wanting to drive them away to its competitors, which are numerous, by imposing all these ridiculous demand and act of invasion of privacy.

I have yet seen a messenger asking for DOB except now Skype with the weakest excuse like "Microsoft Account requires your date of birth to give you the best experience" Please note the user's DOB is none of your business.

If you are being hassled by Microsoft Skype, from this long time Skype users something that I have found hard to say but is driven by Microsoft's draconian imposition, switch to Wire or other messengers. It is time to ditch Microsoft Skype.

Wire does not ask you for DOB, does not link you to the mobile phone number in the SIM (phone number is optional can even be your land line), and definitely do not ask you all sort of unnecessary and intrusive questions in the profile. In fact Wire does not have any profile at all.

Wire is open source and audited while Skype is close source and no one has seen its code. You use Skype with a good dose of trust, something that I have found hard to award to Skype. Wire has end to end encryption while Skype does not publish what it does. Requiring your DOB is a clear unnecessary invasion of privacy that Microsoft tries to hide behind some weak irrational excuses.

Don't waste your time with meeting Microsoft Skype's unreasonable imposition, switch to Wire, Signal or other more features messengers that are designed to be secure and private.  I have already done the switch.

Sunday, September 3, 2017

Firefox Focus - simple effective way to stop auto-completion on entering URL

Firefox Focus running on Android & iOS is highly recommended to protect your online privacy. It is fast and safe.

However, there is one annoying feature (still there in version 1.3 Build #10 for Android) when entering the URL into the address field. After you have type several alphabets, it then attempts to offer suggestion and perform auto-completion for you. All the time it is producing gibberish and then one has to use backspace to get rid of it and to start again.

There is no settings to turn this off and people have reported this bugs to Mozilla.

In the meantime, there is one simple effective way to stop this unintelligent auto-completion. To do this, before you enter the URL, type a space character first.

The space seems to stop Firefox Focus from trying to guess what you want to enter and you are then left alone entering the URL properly. Give that a try.

Wednesday, May 24, 2017

The way to suppress Mono's "WARNING: The runtime version supported by this application is unavailable"

Many people would have encountered following dreaded Mono runtime warning,

WARNING: The runtime version supported by this application is unavailable.
Using default runtime: v4.0.30319

when one runs a console application in Mono.

This is caused by the fact that machine running this program does not have the version of the framework used to build the program. The only version of the framework available in this machine is v4.0.30319.

Sadly this warning is written to stdout and hence you can't redirect it to elsewhere if that were written to stderr.

The proper way to deal with this is to tell Mono that your application can also run in whatever version of the framework it has been installed in the machine. To do so you simply add a <startup><supportedRuntime> element into the application configuration file. If your application does not have one, create one containing the following lines:

<?xml version="1.0" encoding="utf-8"?>
            <supportedRuntime version="v2.0.50727"/>
            <supportedRuntime version="v4.0.30319" />
            <supportedRuntime version="v4.0"/>

This config file also says that if you have version 2 framework installed, it will use that, the one the application is built. The order of the supportedRuntime elements are important.

With that if the only framework version 4.0.30319 is installed, your application will not cause that warning message. Of course as a recommended practice you must also test your application in the framework that is NOT the one you use to build it to ensure no subtle difference in reaction creeps in.

Saturday, March 18, 2017

This is the way to add bi-weekly repeats into Samsung S Planner.

For some obscure reason that only Samsung's Android developers would know, it has never have the ability to define bi-weekly or fortnightly repeat event or let along repeating task.

My latest NoteEdge (SM-N9150) running Android 6.0.1 still does not have it. In the process of finding a third party reminder app to supplement the deficiency in S Planner, I have discovered a very simple way to do this.

To allow you to define custom repeat, you install the "To-Do Calendar Planner" which install the isoTimer app into your handset.

When you start the isoTimer for the first time grant it permission to access your Calendar. You can deny it permission to your Contact just as I do.

Then you use the isoTimer's interface, albeit a bit unusual, to create an event or task and to set bi-weekly repeat use the "Repeat every X Days" option.

What this program does is to inject those repeats into the S Planner's Calendar. I am using a localised calendar as the default and that is where the isoTimer injects the repeat event/task into.

So it seems Samsung has stubbornly refused to implement an user interface to support bi-weekly repeat, which is surprisingly a very common requirement.

Now you have a simple way to overcome Samsung's deficiency.

Blog Archive