Wikipedia:Reference desk/Archives/Computing/2015 May 12

= May 12 =

Android apps for learning English Grammar
Hi, Can anyone suggest best free android apps for learning English Grammar?-- Jos   eph   11:42, 12 May 2015 (UTC)

Why didn't Star Trek style unique tones ever catch on for computing/mobile devices?
A cute feature of the original Star Trek series was that there were certain control panels which would emit a series of distinctive chirps as technicians would go through a sequence of commands. This once seemed like a very straightforward future tech, so why haven't computing or mobile phone applications followed that path?

I'm by no means an expert with these things, especially "smart" phones, but some things I haven't encountered:


 * A whoosh sound when the Caps Lock key is pressed, and a sort of reverse whoosh when it is turned off.
 * An alarm sound when the keys are unlocked on a cell phone.
 * A noticeable sound to confirm when a call is ended on a cell phone - and another special sound to call attention when a call is dropped.
 * A "ship's phasers" sound when you hit the button to post an edit to Wikipedia. :)

I understand that such sounds, unless easily disabled, could be seriously annoying, but at times they would have their advantages, and if a good set of special effects were chosen, it would really let a company show its style, much as in the Star Trek episodes. Wnt (talk) 13:50, 12 May 2015 (UTC)


 * AOL seemed to do a fair bit of this, such as a squeaky door opening when somebody entered the chat room and a door shutting when they left. StuRat (talk) 14:21, 12 May 2015 (UTC)


 * I think you just aren't noticing a lot of what's out there. An iphone has a little click sound when you lock it, it was inspired by the sound of a vice grip closing. Here's a nice Radiolab/ 99% Invisible episode that discusses sound design on modern gizmos. I really recommend it, they talk at length about how they use sounds and design the "right" ones. Facebook on a smart phone also plays little chirps when you do things like refresh the screen or new posts appear. Some people customize their rings and alerts, so that they can tell by sound "that's a text from bob" or "that's a tweet from the president" - etc etc. On a Mac, the Mail.app plays a little 'whoosh' when you send an email, and chimes when you get one. It does seem to me that this type of sound design is used more on mobile devices than desktop computers. I suspect there might be a browser plugin that could play custom sounds for certain types of actions like "save page" on WP, but I haven't been able to find one so far. Here's some discussion on how to do that on the designer end, rather than the user end  .  We have an article on Notification_system, but it doesn't say anything about sound, nor have any good sources. SemanticMantis (talk) 14:36, 12 May 2015 (UTC)


 * Audio feed back is only of use if it conveys useful information to the operator. In cinematography, the sound was useful to convey -to the watching audience- that control panel directives where initiating a response. Watch an you will notice, the-actors-had-to-perform-multiple-commands before anything happened.  It heightens the suspense. IE.  will Uhura (the communications officer perform) perform the right sequence in order to communicate to the Iotas  that, Captain Kirk may be  an idiot but planet earth should not be annihilated etc..  Now that we (including my cat) use computers everyday, We do not use OS's that need a sequence before anything happens. Every input gives an immediate response. So no audio feed back  required. P.S. Who was Captain Slog- that kept going on about Star Dates? Jennifer Aniston et. al. were not even  friends in  in those days -so how did he know, where in the universe one had to travel to,  in search one of  these heavenly bodies for a Star Date? --Aspro (talk) 14:44, 12 May 2015 (UTC)
 * All well and good, but our computers also do a lot of stuff without us explicitly telling them to. Or at least it's been told and scheduled by design. E.g. email - while you can set it to never check unless you tell it to, most people have their application check every so often. In that case, audio feedback is informative, and again, I think most of the modern mail applications (e.g. Outlook, Thunderbird, Apple Mail, not Pine) will usually play an informative chime by default when mail is received. SemanticMantis (talk) 14:51, 12 May 2015 (UTC) P.S. now I want to set up pine (I guess now Alpine_(email_client)) on my local machine, it would help me rekindle that oldschool bleepy, ASCII feel :)
 * If you want a version of Alpine that will compile on OS X, with working libpam / kerberos / core cryptographic services, let me know. I had to make a few minor patches to the open source software provided by University of Washington.  If I recall, the distributors emplaced a few work-arounds for older versions of OS X, and I actually needed  to "undo" their work-arounds.  Nimur (talk) 16:12, 12 May 2015 (UTC)


 * Pine (Alpine) can play a sound when an email arrives. It can do it on a per-folder basis, playing a unique sound per folder. There is a command-line argument for each folder that is usually not set. Also, it can play sounds per email based on anything you like because there is a command-line argument for handling new emails. As far as know, nobody uses these arguments to make the computer play sounds. It is used for parsing emails. For example, I can have all new emails in a folder be parsed by a program that looks for certain keywords and then returns automated emails back to the sender. That is useful - but computers don't have to be useful. Technically, I could have a program parse emails and look for song titles. Then, if I have the song in my library, it could start playing the song. That would get annoying rather fast and I'd have to quickly start cleaning out old things that have collected in the past before I have to keep closing Deeelite over and over. 209.149.114.86 (talk) 12:28, 13 May 2015 (UTC)


 * For a long time, I've normally disabled audio alerts for most things on my computers because of the volume that those things have. It's especially annoying if you're playing music and then have a 'bloop' or 'whoosh' at the same volume as the music come out.  Worse yet is when there is no music playing any more but the volume is still up because then during the silence of most of the day you get a deafening 'whoosh' that makes you jump because it was unexpected.  Dismas |(talk) 03:04, 14 May 2015 (UTC)

Gmail and "less secure apps"
For a bit of a lark (see comments in previous question), I decided to install Alpine_(email_client) to use with my Gmail account. After attempting to set this up (following these instructions ), I got an email from Google saying that they had blocked access to Gmail from this client. See "description" here. Other than claiming that some apps "do not use modern security standards", they really don't explain what is lacking or what they expect. So: what security protocols or standards is Alpine not using, that Google thinks it should? Any references for the actual risks of not using said security standards? I'll probably just tell Google not to worry about it and allow Alpine access, but I'm curious as to what's going on here. Thanks, SemanticMantis (talk) 15:55, 12 May 2015 (UTC)


 * Standard email authentication systems still exchange the password (over an encrypted channel); Google's problem is that it's the same password for Gmail as for lots of other services. So they have developed a number of solutions:
 * XOAUTH2, an OAuth 2.0 based authentication extension (that's what they consider "modern security standards") - they know this will break existing email clients. Thunderbird's bug discussion about the same support is here. If I understand it correctly, this will allow the server to issue a challenge (which results in a dialog popup on the email client) into which you have to then put in the running code from Google Authenticator or another enrolled device.
 * Per-app passwords, so you create a special password that's only used for (and can only be used by) email clients. This isn't a bad idea anyway.
 * Allowing users to disable the additional protection.
 * While OAuth is a standard, XOAUTH2 is Google's own thing, so it's not really a "standard". As you can see from the Thunderbird bug, and this mozillazine.org discussion, not everyone thinks Google has clean hands in this regard. -- Finlay McWalterᚠTalk 16:25, 12 May 2015 (UTC)


 * Alpine will send plaintext passwords by default unless you configure it not to do this. (Alpine prefers to use "the most secure" method available, but you might need to build and link against your system's cryptographic libraries before it even sees the option for secure authentication).  Nimur (talk) 16:31, 12 May 2015 (UTC)
 * (The good news is, alpine also provides source for a free software IMAP server: in other words, if you are willing to host your own server, you do not need to use Google's servers for authentication, or for email, at all. Nimur (talk) 16:51, 12 May 2015 (UTC))


 * Thanks Finlay and Nimur. I think I am happy to "allow less safe apps" in this case, and I don't really care about (X)OATH2; IMAP security is good enough for me (and UW, and Thunderbird users, etc). But, Nimur's point about plain text passwords is a bit troubling. I've just installed the latest version via Macports, which is "Alpine 2.20 (OSX 67 2015-01-07) built Sun Feb 22 17:45:02 PST 2015 on tenseven-slave.macports.org" - macports seems to think it has kerberos support built in, describing it as "alpine @2.20_0+kerberos+ldap+ssl+without_tcl." So, how can I check to ensure that my password is being sent encrypted? When I was getting blocked by google, Alpine said something like "auth failed, trying PLAIN auth" to indicate that it was falling back to plaintext passwords (which I didn't send). Now, however, I don't get that message, so I assume that I'm not sending passwords in the clear, but I'd like to be sure about that before I start using it much. I've tried to google this, but all I get are threads about how alpine can encrypt passwords for local storage/use. SemanticMantis (talk) 17:32, 12 May 2015 (UTC)


 * You can always look at what you're really sending over the network using Wireshark or the like. -- Finlay McWalterᚠTalk 17:42, 12 May 2015 (UTC)
 * I do not believe Google Mail works with kerberos or LDAP authentication, but it should work with SSL.
 * I have never used the alpine binary from MacPorts, but if it claims to include SSL, then it should be using secure transport for the password. Even though it is using password authentication, the password is encrypted, which I consider to be nearly as secure as Kerberos, for most practical purposes.  You are, of course, disclosing your password to Google (who I do not trust), but if you are already relying on Google to guard access to your emails, it's moot whether they also have your password.  They've already got your emails, which are unencrypted unless you use application-layer encryption like GNU Privacy Guard.  Ultimately, opinions about how secure the implementation is boil down to exactly that - these are opinions.  Your evaluation of your security risks are different than my evaluation of your security risks; and those are different than my evaluation of my security risks, and so on.  For example, I might have legal obligations not to use Google services for certain purposes: so disclosing my password - any password - to Google is inherently a security risk (even if they guard my credentials and my content very well).  But this is off on a tangent.
 * You can disable Alpine's use of plaintext password - to prevent this from being used even as a fallback - either at compile time or by following the configuration instructions I linked above. Here they are for convenience: Configuration, § disable-these-authenticators.  Nimur (talk) 20:52, 12 May 2015 (UTC)
 * Perfect! I understand and agree completely with your outline of security perspectives and risks, and I appreciate the clear link to the disabling plaintext password instructions. When you offered me your patched code above, I had to chuckle, thinking "Nimur would probably not recommend that I trust modified source code from some pseudonymous user, unless I can clearly identify and understand all changes made (which I would not do)." Indeed I probably would trust the code, but the academic point stands :) SemanticMantis (talk) 00:02, 13 May 2015 (UTC)