Friday, September 8, 2017

ID-kaart ja Eesti mobiil-ID

Apdeit: Mobiil-ID kuutasu on 1 euro — Tuleb siiski nentida, et tegemist on pideva kuutasuga. Kõnekaartide omanikele, kes oma kõnekaarte tihti ei lae, jääb edaspidigi ID-kaartide kasutamise võimalus. Sest risk on vaid teoreetiline. Aga põhimõtteliselt võiks sellisel juhul kuutasu üldse ära kaotada.

Disclaimer: Kuna ma mobiil-ID-d ise ei kasuta, panin mustandi väheinformeerituna natuke varakult üles, mille pärast tunnen ma ennast nüüd natuke kohmetult. Vähemalt märkisin selle mustandina, aga noh...

Oli: Avalik kiri Eesti mobiilioperaatoritele (mustand, köömes)
Seoses hiljutiste uudistega uuemates Eesti ID-kaartides sisalduvate Gemalto kiipkaartide Gemalto-poolse tarkvara turvalisuse kohta on hüppeliselt kasvanud mobiil-ID kasutajate arv, sest mobiil-ID-d sarnased küsimused ei puuduta.

Spetsialistide tehtud teemakohane kommunikatsioon on igati usaldusväärne.

Küll on mõnede vastutustundetute poliitikute ja parteide avaldused tekitanud ülemäära põhjendamatut ärevust.

Et võimalikke kahtlusi hajutada, saaksid Eesti mobiilioperaatorid ja teised asjaomased asutused võtta ette järgmiseid samme:

* Teha mobiil-ID-ga liitumine septembrist kuni eel- ja e-valimiste perioodi lõpuni maksuvabaks — et see oleks täiesti tasuta, sh. mobiil-ID-d toetav SIM-kaart. Et uue SIM-kaardi järele tuleb tihtipeale tulla operaatori esindusse, tuleb sinna ka rohkem kliente, kes valivad endale äkki uuema telefoni ka.

* E-valimiste perioodil võiks kõik mobiil-ID tehingud olla samuti tasuta, sh digiallkirjastamine. Sellisel viisil oleks mobiil-ID-ga e-hääletamine täiesti tasuta ning teeks hääletamise veelgi ühetaolisemaks (muidu tuleb iga digiallkirjastamise eest maksta operaatorile tasu).

* Niisugust või sarnast kampaaniat saab läbi viia iga kord kui toimuvad valimised; eriti just e-hääletamisperioodil.

Wednesday, September 6, 2017

A small History of browser support for CSS variables

Firefox support for CSS variables began with version 29 (with the var- prefix, released 29.04.2014) and as an option to be turned on in about:config for this to work.

Support without the custom prefix exists since version 31 (22.07.2014) and with the about:config option turned on by default.

The about:config preference to toggle CSS variables was finally removed in Gecko 55 (08.08.2017), which is the current version; it includes Firefox 55 and other browsers that use the current Gecko rendering engine.

CSS variables have been supported in Google Chrome from the outset with the -webkit-var- prefix and when 'Experimental Web Features' were turned on in chrome://flags.

Prefixed variables functionality existed in Chrome until 33.0.1750 (20.02.2014, Blink 537.36, V8 v3.23.17), and was removed in Chrome 34.0.1847 (08.04.2014, Blink 537.36, V8 v3.24.35) because of performance issues. V8, or Chrome V8, is the JavaScript engine used in Chrome.

Un-prefixed variables were implemented in Chrome 49.0.2623 (02.03.2016, Blink 537.36, V8 v4.9.385). The current Chrome version is 61.0.3163 (05.09.2017, Blink 537.36, V8 v6.1.534).

Monday, August 28, 2017

Post-nova planetary hypothesis

I read a post on Google+ referencing an article about a supernova remnant. I looked at the picture, and as it happens, let my mind and imagination have a flight of fancy. Again. In a post comment, most of which I've brought up here, too.

The entire thing does look spherical, but the sphere is broken up, and its gravity—or that of the centre of the sphere—keeps the remnant elements around it.

I could posit, that it's simply a dwarf star or dwarf remnant of a star, apparently containing that shrapnel of silicon, as the title suggests.

As I looked closer, the silicon is right in the middle of the sphere, so this could either be what's left of the star's core, _or_ that surviving core is inside and in the middle of a surviving planet that moved in to take the former place of what's left of the old star. In the latter case — if it begins to gather new matter, then it will develop into a new star. A stellar renewal of sorts.

If it's a surviving planet, then a question becomes about whether it moved in, or was it pulled into the center—to the position of (around) the remnant core. It looks, like other spheres are also close, which suggests, that they have been pulled in, too.

An evolved star before nova contains concentric shells of silicon, so the silicon simply manifests the inner (surviving?) parts of the shell post-nova.
https://en.wikipedia.org/wiki/File:Evolved_star_fusion_shells.svg

The silicon remnant might rejuvenate.

If its gravity remains greater than that of any surviving panets, it will catch a planet with enough size, enough elements, and a sufficiently strong rotating core. Or one or more planets that each carry one such component, or a combination of those.

My best guess is a gas giant, because, for example, movements of Jupiter's atmosphere are not dissimilar to movements in the Sun's atmosphere. All that differs, is the behaviour of elements because of differing parameters involving gravity and pressure, but general movements do not diverge all that much.

If post-nova, the remnant's gravity is lesser than that of the surviving planet with the greatest gravity, then eventually, these two will merge, and the solar system will reconstitute around the new body.

The trick is to find a matching planet to nest in. If my description is ever found to be accurate, then we're seeing a stellar hatchling.

----
As it is, a supernova usually destroys everything. I suppose, mini-novae can also happen, which might then allow for the stellar rejuvenation described above.

Antoher possibility is, that mini nova happened in another—perhaps neighboring or nearby solar system, and that system's nova wiped out much of its sibling's (or siblings'..) planets and it star. We might simply be looking at the remains of that surviving solar system, which might be trying to rebuild after the catastrophe.

So, a more powerful nova in the distance, or a mini- or micronova right there. The destruction must anyway be survivable enough to allow such processes to move forward.

----
(Unless I got the scale wrong, and the spherical remnant is many light-years in size. But what I see, sure looks what I've desribed above.)

Thursday, July 6, 2017

What a simple Nokia 1616 featurephone can do

I have a very sturdy Nokia 1616 featurephone that I got as a present from a sister.

The phone has an FM radio, a flashlight, a 3.5mm headphone jack that supports compatible headsets, and great battery life.

Its built-in software includes a speakerphone (basically an external speaker), an alarm (duh), a talking clock ("Time is..."), a calendar with reminders, a timer, stopper, calculator, converter, an expenses ledger, three games (Sudoku, Forbidden Treasures, and Solitaire), and the possibility to add preset images to favourite contacts.

And, of course, phone calls and SMS messages, including picture messaging (rarely used now, but this is not MMS).

The clock and calendar also work beyond 2016 and 2017, unlike the two Samsung featurephones I have.

Of all things, an FM radio (with RDS) in a phone of any type is a given feature outside the United States (and maybe the entire North America).

I wrote this in response to a post shared in Google+.

Wednesday, July 5, 2017

How to get Skype on the Web to work in Firefox in old Android

As you may already know, Microsoft ceased Skype app support below Android 4.0.3. This covers Android 3.0 and Android 2.3 Gingerbread.

Maybe some of you probably cannot upgrade from these OS versions to Android 4.0.4 or greater, or that you can't upgrade your device. So, I've got a possible solution, but it's very technical, and might not work with every affected device.

If you feel adventurous, then bear with me.

The solution only works on certain devices that have a screen big enough, and a CPU and memory combo that's big enough, too.

What you need

* A reasonably fast device. Slow devices are those with a CPU with 800 MHz or less, and 512 Mb RAM or less. This was my experience, and slow means very slow. In my case, I got Skype on the Web to work, but as it loads in Firefox, the browser takes the entire resources of a device, forces other apps to quit (per Android design), and the entire interface takes three-to-four minutes to load from login to UI.

* The screen resolution must be greater than 320x480 px, because Skype on the Web was not designed for small screens.

Your mileage may vary.

* Another requirement is installation of the NoScript Anywhere extension in Firefox. Technical users already know about this extension. If configured correctly, then NoScript allows reducing overall resource usage while browsing the modern web.

The hardest part is allowing/disallowing sites in NoScript on a subdomain level, because it requires Vim Touch for advanced text editing. (Someone please write an extension to alleviate this issue.)

The soup

Firefox for Android comes with this neat feature, that one can specify site-specific user agent overrides in about:config.
The user agent is a piece of text that a browser sends to a website as identifying information about itself. It contains operating system name and version, and browser name and version. All browsers do that since the first browsers on the web.

about:config is the advanced settings page in Firefox, GNU IceCat, and other browsers that use the Gecko rendering engine. You can access the page by typing about:config in the address bar.
Since Firefox 47 is the most recent version for Android 2.3, you need to modify the user agent string to make Firefox appear like a newer version to allow Skype on the Web to load.

In about:config, create a new setting string by tapping the Plus (+) button; then specify, that the setting is a string, then add the name to the setting:

general.useragent.override.skype.com

For a time, you can leave the string part empty, until you paste the one I suggest here:

The UA string needs to show that the browser is a desktop browser and of a reasonably recent version. The one I use on my device is this:

Mozilla/5.0 (X11; Linux armv7l; rv:52.0) Gecko/52.0 Firefox/52.0
Some of the items mean the following:
* X11 is the platform part, and means X Window System, the most widespread graphical environment in UNIX/Linux.
* Linux is the OS and the OS kernel name. Because Android uses the Linux kernel, stay with X11 and Linux (though Android uses a different graphical subsystem).
* armv7l — the CPU architecture in my device. Most mobile devices running Android 2.3 and 4.0 have that, and it's the one variable that you can change. The letter after number 7 is not 1 (one), but a lower-case L.
If your device is based on ARMv6, then it's more rare and physically less fast, and the most recent supported Firefox for that is version 31.3.0esr (also for Android 2.2 Froyo). You can use ARMv6 in the string, if you know the correct nomenclature naming of the architecture (I haven't looked it up), and it's actually in your device.
* rv: stands for revision;
* Gecko is the name of the browser's rendering engine;
* Firefox is the browser name. Note, that Skype on the Web does not officially support alternative Gecko-based browsers, such as IceCat, so use only Firefox in the UA string. This means, that you can use GNU IceCat, but you'd still need to enter the Firefox-based UA string.
* Firefox/52.0 is the current official extended support release (ESR). As above, the version number must be 52.0 everywhere.

Sample screenshot of how it looks in about:config —

Domains to add for useragent override


You must continue adding UA strings for a number of Skype and Microsoft domains as described above, so here's what I think is the full list of those:

skype.com
skypeassets.com
live.com
microsoft.com
s-microsoft.com
msecnd.net
gfx.com
gfx.ms
trouter.io
bing.com

Domains to whitelist in NoScript


Generally, you can whitelist all of the above domains, and be happy.

But if you want to tinker on a subdomain level, then you must edit the line in about:config at

extensions.nsa.policy

To edit that line, I strongly recommend using VIM Touch, which is available from the F-Droid repository of FOSS apps for Android. For detailed instructions on how to do this, read A primer on whitelisting subdomains in Firefox NoScript. This is compulsory.

I compiled the whitelist with the help of NoScript for desktop Firefox, which lists the below domains for all to see.

then you must edit the JSON string in VIM Touch. So here's what I got what I think is the full list of subdomains to whitelist:

"config.skype.com":1,
"drip.trouter.io":1,
"lw.skype.com":1,
"secure.skypeassets.com":1,
"https://api.asm.skype.com":1,
"https://api.skype.com":1,
"https://apps.skypeassets.com":1,
"https://auth.gfx.com":1,
"https://auth.gfx.ms":1,
"https://browser.pipe.aria.microsoft.com":1,
"https://c1.microsoft.com":1,
"https://client-s.gateway.messenger.live.com":1,
"https://config.skype.com":1,
"https://consumer.entitlement.skype.com":1,
"https://contacts.skype.com":1,
"https://cs.microsoft.com":1,
"https://drip.trouter.io":1,
"https://flagsapi.skype.com":1,
"https://go.trouter.io":1,
"https://apps.skypeassets.com":1,
"https://avatar.skype.com":1,
"https://c.bing.com":1,
"https://i.s-microsoft.com":1,
"https://kes.skype.com":1,
"https://login.live.com":1,
"https://prod.registrar.skype.com":1,
"https://prod.tpc.skype.com":1,
"https://s4w.cdn.skype.com":1,
"https://static-asm.secure.skypeassets.com":1,
"https://static.asm.skype.com":1,
"https://support.skype.com":1,
"https://swx.cdn.skype.com":1,
"https://web.skype.com":1,
"https://www.skype.com":1

The list is in JSON format: domains are surrounded by double quotes, with :1 meaning to allow that domain (:0 is to forbid, but you won't need that with these).

I typically also add the https:// protocol prefix to make sure, that only the secure version of the site is whitelisted. This is useful in case a non-secure version of a domain is compromised, but a secure version isn't, as domains with http:// and https:// can serve different content.

Domains in double quotes are those that use variable subdomains, which makes using the protocol prefix moot. Double-quoted domains support both http:// and https:// versions of a site. Sometimes, these are also made to serve non-secure content. The profuse use of the secure protocol prefix is really for security purposes.

Whitelisting only these domains means, that other Microsoft properties are not script-enabled.

The entire exercize worked for me, but the Skype for Web UI was extremely slow on my device. There are newer, more powerful and better devices with only Android 2.3–4.0.3, so people with those might have more luck.

A primer on whitelisting subdomains in Firefox NoScript

In Firefox or GNU IceCat, go to about:config, look for the

extensions.nsa.policy

settings string. Search for nsa.po to get the correct match.

This configuration line is only one line in JSON format, so it must be edited in VIM Touch.

Vim Touch (stylised as VIMTouch) is a port of VIM to Android, available from the F-Droid repository of FOSS apps for Android. You do need experience with vi/VIM.

First copy the line by long-pressing the setting in about:config and selecting 'copy value'. Paste it into VIM with <"*P>.

(Hereonafter to avoid ambiguity: In places, where other punctuation is also used, I use < > with Vim commands that must be typed with the virtual keyboard. These are not to be typed.)

Save the line for backup:

:w /sdcard/yourfolder/NoScript_Firefox_whitelist_backup.txt

Always be careful with JSON syntax for that line, because a typo might bork it. That's why it's useful to save the original (working) line first as backup.

Then, in order to separate the domains part of the JSON line, break the line where the domains begin, and add a linebreak to separate the right wavy bracket } at the end of that line into a new line.

Then copy the domains line into a new window: <Shift+V> to select the entire line in visual mode, then press <y> to copy (y = yank). To copy outside Vim, use <"*y>.

Then create a new window with <:sp new> in the Vim command line. Tap into the newly-created window, and paste the copied text with <p> or <P>. I usually use the lower-case p (paste) command to save time.

Then break this one long line to separate all the domains each into their own line:

:s/\&,/&^M/g

:s — substitute. This is the find and replace command in Vi/Vim. The basics on how it works here.
\&, — search for commas
&^M — Add a newline. The ampersand & is for adding text, then press Ctrl+V and Enter/Return on the virtual keyboard to get ^M. Use Hacker's Keyboard, because it has the function keys of normal keyboard, such as Ctrl and Alt. Hacker's Keyboard is also available on F-Droid.
g — search through the entire current line

Screenshot:

NoScript Anywhere does not have many domains built in, but there are some added by its developer. The domains, each now in their own line, are formatted like this:

"https://web.skype.com":1,
"https://www.skype.com":1

The very last domain must never have a comma at the end. Upon pasting it into the original file, the wavy right bracket } goes there.

You add subdomains that you like into each new line:

"www.website.com":1,
"ads.website.com":0,

1 is to allow, 0 to forbid. This means, that the website you add has its www part working, but not its ads subdomain.

Generally, you only need to whitelist the www part, and all the other subdomains (such as ads.website.com) are not accepted for running scripts.

That's the entire soup of subdomain-based whitelisting, in that one can whitelist only the subdomains needed for scripting. Suppose m.website.com is script-heavy, but you want to visit www.website.com with scripts allowed, and m.website.com with scripts specifically disallowed:

"www.website.com":1,
"m.website.com":0,

As you add more and more domains, you need to sort the list, too. In Vim, use the

:sort

command. This sorts all the domains alphabetically.

Suppose you have the right expanded collection of subdomains you want to accept:

"ads.website.com":0,
"https://web.skype.com":1,
"https://www.skype.com":1,
"www.website.com":1

Note again, that the last line must be without a comma at the end.

To join the domains into one line, select all text with ggVG and key in gJ to join all text. Note, that case is important.

ggVGgg goes to document start, V selects the entire (first) line, G goes to the very last line, and thus expands the selection to there in conjunction with V.

Select all text again with <ggVG>, then copy it with <y>. Tap into the original Vim window with the pasted JSON settings line. Make sure the text cursor is in the domains list.

Select the entire domains line with <V>, and paste over it with <p>. Join all three lines with <gJ>.

Save the expanded line into a new file:

:w /sdcard/yourfolder/NoScript_new_whitelist_for_Firefox.txt

I usually add the date, and in one word also what I added:

:w /sdcard/yourfolder/20170705_NoScript_whitelist_for_Firefox_(Skype).txt

Copy the expanded settings line to use outside Vim (to be pasted into Firefox) by selecting it with <V>, and use <"*y> to copy it into the external buffer.

Go to Firefox (or IceCat's) about:config page. It should still be open. If it's not, it may reload on its own.

Locate the extensions.nsa.policy setting by using nsa.po to search.

* Tap on the setting to select it.
* Tap into the setting value to focus the text cursor in it.
* Tap into the line again, to get Firefox text editing tools:
* tap the select all (window-like) button to select the entire line,
* tap the paste button to paste the copied line,
* press Enter on the virtual keyboard.
* Go to about:blank in the address bar.

That should do it, and the added configuration line takes effect right away. Go to a website to test it, and the NoScript menu item should reflect the results.

Note, that Firefox/IceCat have a tendency to reload the about:config page from time-to-time, so it's more useful to copy and paste settings names and values instead of separately typing them, as occasional about:config page reloads break the new setting creation.

The basics of VIM find and replace

The basics of VIM find and replace work like this (for one line) —

:s/searchable/replaceable/optional_commands

The slashes separate the searchable and replaceable and the optional commands.

To search/replace for all occurences of searchable in the same line, use the /g option —

:s/searchable/replaceable/g

To search/replace through all the lines in the entire file, use the percentage sign before s

:%s/searchable/replaceable/g

To append (add after text) or prepend (add before text) instead of replacing, use the ampersand, and pay attention to its location relative to replaceable text:

:%s/searchable/&add_after

:%s/searchable/add_before&

If something goes wrong, press the <u> key to undo. Ctrl+R to redo.

Vim uses regular expressions for advanced searches. To test if a match works, use the simple / (slash) command in the Vim command line to find out if the searchable matches what you need to look for:

/searchable\/

looks for the word searchable that has a forward slash appended to it. Because the forward slash / is used in the search and replace syntax with subst, then it has to be escaped with a backslash \, like this: \/

If the searchable is highlighted, type :noh to turn it off for the time being.

Quitting Vim


Unlike strictly text-mode versions of Vim, Vim Touch has a more accessible quit command in the app's Android-native menu.

Some other basics of operating Vim:

Vim uses two modes: editing mode and command mode. The former is used to write text, the latter to manipulate text and files by way of entering commands outside editing mode.

The command mode uses two types of commands —
* those that begin with a colon, followed by additional commands and options :
* those that don't.

Quitting Vim with the virtual keyboard:

:q — simple quit. Uses confirmation.

:q! — quit without confirmation or saving files.

:qa! — quit all open files without confirmation or saving files.

Insert text:

i — before cursor
a — after cursor

I — at beginning of line
A — at end of line

Shift+R — insert text in INS mode (overwrite)

Press Esc to switch away from text insert mode.

Undo/redo:

u — undo
Ctrl+R — redo

:q