textbrowser / lettera Goto Github PK

JavaMail (last version 1.6.2) was part of the Java Enterprise Edition, which has been moved to Eclipse Foundation's EE4J project.
Apparently the name was changed to Jakarta Mail in the process. The release history of Jakarta Mail starts at 1.6.3, indicating this is a continuation of JavaMail's development.

https://projects.eclipse.org/projects/ee4j.mail/releases/2.0.0

I noticed a lot of PNG image files. Many are the same shape but differ only in color, representing various UI states.

Potential benefits of SVG: More control over graphics, scalable regardless of device resolution, easier modifications to images (text editor), single resource file, dynamic effects, smaller size, compatibility to Android 5.0+, backwards compatibility option for 2.1+.

Potential drawbacks: Complex initial setup, individual SVG files for development, extra step to build single SVG file (only if there were SVG changes), potential incompatibilities.

Some basic info found after a quick search.

https://developer.android.com/studio/write/vector-asset-studio

For images, one could manually create optimized SVG to replicate existing files, or locate SVG files with a compatible open license. Automated conversion from PNG to SVG is not recommended unless a tool is found that produces better than manual results.

Good task for beginner to intermediate learning about Android app development. Explore and record observations and experiences relating to benefits and drawbacks.

I've tried using IMAP many times over the past 20+ years. I despise it. Furthermore, despise Gmail's available options and other clients' implementations. Now, I will only ever use POP3.

Conceptually, IMAP seems like a great idea to reduce bandwith consumption and allow multiple client access. But I do not care about either design goal. I want to store mail locally and delete remotely. POP3 allows that, IMAP does not.

Anyways, this is not a debate, just a description of a use case. This is a feature request to accommodate accessibility via POP3 for those who may only want to use POP3 or whose mail provider may only support POP3 or whose IMAP implementation is buggy or otherwise undesirable.

I'll have to look closer at the JavaMail library or something?

I've read in many places [1] over the past 2-3 years that SHA1 is deemed vulnerable and should be deprecated for both file checksums (similar to the way MD5 has been deprecated) as well as with certificates (SSL certs). But I noticed that the certificate generation in Lettera only uses SHA1 hash. Is this introducing a vulnerability? Should this be deprecated and changed to SHA256 as a minimum? Is there any external compatibility limitation that requires SHA1?

[1] https://www.keycdn.com/support/sha1-vs-sha256

Google Mail spreads FUD about "Less Secure Apps" (LSA), but doesn't clearly explain what is wrong. OAUTH2 functionality is what is expected and enforced by Google, for several years now.

While there is a setting buried deep in Google Account Settings to enable LSA access, it has been progressively restricted over the years and I suspect will eventually be removed entirely.

There is an option to manually configure an App Specific Password (ASP), though in my experience this has been tedious and error prone and usually gets blocked anyways, either due to client bugs or server bugs or server side silent account or app blacklisting.

Furthermore, these ASPs are often less secure, limited to 16 digits, possibly alphanumerics, typically no "special" characters, which can be considerably weaker than a strong account password of 16+ alphanum + special chars.

To my understanding, OAUTH2 essentially just streamlines and automates this process of hand-waving and hoop-jumping to give a false sense of security in a more convenient, brittle, and error prone manner.

Anyways, I'd expect nothing less from a monopoly than to invent a protocol of dubious security value and accuse all competitors of being less secure, and furthermore increasingly harass, vex, hinder, inconvenience, and scare the user over a decade long campaign of fear, uncertainty, and doubt.

Besides, all of this is complete nonsense for a service which implements backdoor security keys for "law enforcement" only, which means hackers and foreign governments have access, meaning there is no security at all because Google Mail itself is a Less Secure Service. In fact, maybe Lettera should just flat out forbid using GMail, or at the very least, harass, hinder, vex, confuse, scare, and inconvenience the user with truth.

I know, I know. The familiar taste of vomit in the back of the throat hits you by now.

Installed Lettera (both preview versions previously sent, same result).

After install, dialog pops up indicating app crash.

"Unforunately, Lettera has stopped."

About 2 seconds later, a 2nd crash.

I looked on the home screens but did not see the Lettera icon. I found it in the Apps and dragged to Home screen.

Attempted to run, same result.

It took about 10-15 seconds until I got to the installed apps dialog. There were no subsequent message pop ups during that time.

I forced stop then uninstalled. No apparent issues.

Repeated with the other version, same result.

Android 5.0
Samsung SM-N9005