Nexus 5X, restore pre-Android 6.0 Mail, News & Weather

Here is how to restore/reinstall prior versions of the Email/Gmail and News & Weather apps running on Android 6.0 "M" or Marshmallow on the Nexus 5X phone.

Nexus 5X (2015-10-21)

Below is my Phone home page now. It includes the older News & Weather app, the older Email (w/Exchange support) and the newer Gmail app.

The News & Weather app version is version 1.3.01 (1301) called the "GenineWidget" it gets its network information from Weather.com and Google News. Both are stable sources of information so the app should continue to function, even if it is unsupported.

It comes from a forum discussion here Android Forums - Google News & Weather

The download link in that Thread is GenineWidget.apk 746.42 KB

To download it use a browser on the phone and then make sure the phone allows installing applications from "Unknown" sources and [Phone > Settings (gear icon) > Security > Unknown sources - "toggle to green"]

Then explore the download folder with something like "ES File Explorer" tap on the downloaded file and click "Install" to install it. You may have to uninstall the "native" app for News & Weather "first" but.. I had already removed the New appt as soon as I unboxed my phone. -- Its interface was unfamilar and I didn't have time to "re-learn" a new application I already relied on.

The old News & Weather app is very clean and contains no "Advertisements" the [Settings] ellipses (vertical dots) are located at the bottom of the News & Weather apps main window.

The old Email app [requires] the new Email "service" be disabled before the old Email "service" will install.

To do that you need to open [Phone > Settings (gear icon) > Apps > Settings (upper right corner veritcal dots)] and select the [Show system] (this is so that the "Google services" that normally do not show up in the Apps list, will show up.. then you can select the hidden Email service).

Scroll down and find one called "Email" press it and click "Disable" after its disabled uninstall and force stop will be disabled.

There are several repackaged Email apks for the old email client, many do not include "Microsoft Exchange" support. For example once they are installed, they only offer IMAP or POP email account support and no option for the Exchange email account support.

The old Email app is composed of [two] Android packages, once for the Exchange service and one for the Email application.

The one discussed here includes links to both pieces and is what worked for me:
AOSP E-mail (Last Active Version) | Nexus 6 | XDA Forums



To download the packages use a browser on the phone and then make sure the phone allows installing applications from "Unknown" sources and [Phone > Settings (gear icon) > Security > Unknown sources - "toggle to green"]

Then explore the download folder with something like "ES File Explorer" tap on the downloaded files and click "Install" to install it.

TWO: Important Tips!!

• The Exchange Services apk needs to be installed "first" (and it will produce an error message after installing) then the Email apk. It's okay.. it will still work.
• You will [Not] be able to click the "Install" button on the Screen!! To click it you will need to pair a Bluetooth keyboard.. like the Microsoft Bluetooth keyboard with Android support - Then hit the [tab] key to bounce from field to field (until) the [--INSTALL--] field lights up as having focus. Then hit the {enter} key and the install will proceed (this is true for both the Exchange Services.apk and the Email.apk).

IF you do not read this WARNING and do not know to [expect] the [--INSTALL--] button to not work from the phone screen, it will not install.


The download links are:

Exchange Services 6.2-1158763.apk - 1.10 MB

Email 6.3-1218562.apk - 5.73 MB

After the install the New Gmail app will continue to function as before, complete with "Roundy Icons" in the app.  Just make sure you do not have an "Exchange" account enabled in the New Gmail app.. I removed a prior Exchange account I set up before, but since the new integrated Exchange email services are disabled [now], it would probably crash the new Gmail app. Just treat them as separate applications and find them in the Application Drawer and long press to put icons for them on the home page.

Finally if you prefer not to install a Third Party Launcher.

You can still change the wallpaper of the home screen to something more neutral to compliment the icons on the home page and make them more accessible than hidden.

I use one from the Play store called "wallpaper" by fiskur.

 

The app installs a Hexagonal  icon in the Applications Drawer.

 

Activating it lets you select a color region and then "fine tune it" using your finger to create a swatch and then automatically apply it to the home page background by pressing the [ picture icon with a "+" ] in the upper right corner. [pic a hue on the vertical bar by touch, then swipe up and down on the main window to fine tune the actual color swatch to be used (the proposed color color swatch will surround the vertical bar and swipe pad in a luminiscent "glow")]

The result is when you return to your home page is the background has been changed to a solid color of your choosing.

The Nexus 5X is larger than the Nexus 5 by "one" icon row and "one" column.

There is also now a primary colored branding logo in the search box that has goofy kerning that says "Google" and the Microphone icon now has changing status colors with a scythe underneath its "neck".

Cacti, SMTP (13) Permission denied

If you install a new instance of Cacti and can't send email, SELinux may be enabled.

 

# setenforcing 0

# vi /etc/sysconfig/selinux 

Exchange 2010 EMS, fail, fail, connect

TIP!

If your Exchange Management Console PowerShell shortcut (EMS) opens and tries to connect to a CAS multiple times, fails, then retries and succeeds.

[Immediately] suspect 'cruft' from add-on modules in the IISAdmin > Content > Explorer for the virtual folder for PowerShell in [web.config]

In this case it was leftover from an uninstalled module for Advanced Logging applications.

Exchange apparently timesout trying to load the module, or has other quality problems with the module and fails, it returns and randomly can eventually 'silently' fail to load the module and continue to provide a prompt.

But this can very confusingly and maddeningly leave you wondering why its taking so long, and there are [no] Event, IIS Logs or any other indications of problems.

I've seen this exact same thing in other contexts.. lesson Exchange depends on IIS but the bridge is very tenuous.. neither side appears to support the other very well with diagnostics.

Javax email, send hello error fix

javax depends on an environment variable to find the hostname when starting an SMTP msg hand-off to another server. The hostname can be set by a java developer so that it doesn't have to look it up, but a developer often skips or overlooks it. The method used to resolve the hostname between java and the os often breaks, especially in new linux distros (deprecation of network tools, refactoring of libraries, tossing things overboard). Under RHEL and Centos using the /etc/hosts file often fails if the hostname is appended to the end of along list of aliases, java only checks the first alias.

Fix:

make sure the hostname is placed at the front of a list of aliases in /etc/hosts

Example:

127.0.0.1 myhostname localhost localhost.localdomain

Internet Explorer 11, updating the user interface

Internet Explorer 11 is difficult to use and difficult to customize. Here is a way to make it easier to use.

The usual methods of customizing the user interface that worked with previous generations of the Internet Explorer browser no longer work. A way to work around this is to make the best of the IE settings available and then disable the components that no longer allow customization, replacing them with an add-on extension.

One such extension is the Quero Toolbar it installs in a fairly confusing default state.

To reach the state as displayed in the first image of this article, first download and install Quero Toolbar then open IE11 and press ALT+Q to get to its configuration menu.

Examine each tab in turn and make sure they are setup as follows:

Tab1 - Settings

Tab2 - Ad Blocker

Tab3 - Appearance

Tab4 - Search Profiles

Tab5 - Security

Tab6 - Advanced

Then right click in the exposed toolbar area of IE11 and change the selcted options to match this:

The default navigational icons will not be the colorful ones in these images, to get those you will need to visit the Quero Themes page and download the Crystal Theme, it consists of one DLL which contains the icons, save it to a place like your Documents directory, then visit the Tab3 - Appearance tab  from the Quero ALT+Q configuration menu and select the Theme by pressing the browse button at the bottom of the tab and selecting the Theme DLL.

All Browsers (IE, FF, Cr) have a hardware acceleration option. In general it attempts to offload some of the rendering to the local GPU.. in general it doesn't work very well and can cause problems and crashes.

If you would like to disable the hardware accelaration feature in IE11, it can be reached by left clicking on the 'gear' icon in the top right and selecting 'Internet Options' then the Advanced (tab) it will be the first item listed,  check it  and press [Apply] and then [OK]

The end result is a browser with a viewing and control profile very similar to what can be acheived in Firefox and Chrome.

Internet Explorer 11.0.9600.17959

Mozilla Firefox 40.0.2

Google Chrome 44.0.2403.155 m

note: while I am aware it is possible to go even further and make them virtually identical, this article was merely a quick demonstration of concept. current browsers are more similar than they are different in form and function, and regardless of their underlying differences can reach broader audiences by conforming to more common user interface elements.

Windows 2008r2, Powershell resuming a Service

The  Event Viewer  in Windows can start a  Task Scheduler  job when a specific  Windows log  entry is detected. The Powershell command language supports 'horizontal' line command scripting as well as 'vertical' line command scripting. So this can be encapsulated into a single line of instructions.

For example:

Start > Administrative Tools > Event Viewer

will start an instance of the Event Viewer discovery program focused on the (Local) binary logs

the categories down the vertical navigation panel to the Left generally indicate the source of a notification, Application (user), Security (kernel), System (system)

the levels in the central panel indicating "severity" more descriptive "source" and specific "event"

right-clicking an event and selecting "Attach Task To This Event"

will open a [Create Basic Task Wizard] window and create a Task Scheduler entry

the Action can be set to :

where the [Add arguments (optional):] field can be used to pass a 'horizonal' command line script

-command &{Start-Sleep -s 50; Restart-Service -displayname "StorageCraft ImageManger"}

in this case the script dictates to enter a sleep cycle for 50 seconds then peform a restart of a registered operating system service daemon with a displayname "StorageCraft ImageManager"

the actual "displaynames" of registered service processes can be obtained from a powershell prompt using the "get-service" command "let" or cmdlet, the displayname is not the same thing as the running process name

Tomcat, err ssl version or cipher mismatch

When using Tomcat  without  a robust web server frontend  ( like Apache or Nginx )  to manage SSL connections and sessions. Java keystore problems can produce several misleading error message in browsers. In addition to that, the imported certificate and private key used per website must have the same password/passphrase as the keystore itself and cannot be "blank".

The browser may display a cryptic error message and refuse to open an encrypted data channel using the certificate, resulting in an open http:// connection with the following message in the browser window:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Keytool does not have a method for importing a third party signed certificate and its private key into a new keystore natively.

The Openssl toolkit can create a Microsoft PCKS12 format cert and private key pair.

The Java keytool tool can then be used to import/convert a PCKS12 storage container into a keystore and set the "keypass" and "storepass" at the same time.

For example, it is common in Red Hat Enterprise Linux to use the /etc/pki/tls directories and genkey utilities from the crypto-utils package to create PEM encoded private key and CSR pairs and receive a signed PEM format CER cert. This is the least friction, most common method known of obtaining SSL certs and is fairly well documented.

The following will produce a keystore that contains the private key and signed cert in a keystore with the private key and keystore pass set to the same value:

# cd /etc/pki/tls

# openssl pkcs12 -export -in certs/www.server.com.cer -inkey private//www.server.com.key -out www.server.com.p12 -name tomcat -CAfile certs/ca_bundle.cer -caname root -chain

# mv www.server.com.p12 /usr/share/jdk1.7.0/bin/ ; cd /usr/share/jdk1.7.0/bin/

# keytool -importkeystore -deststorepass changeit! -destkeypass changeit! -destkeystore tomcat_java.keystore -srckeystore www.server.com.p12 -srcstoretype PKCS12 -srcstorepass changeit! -alias tomcat

 Since this keystore is intended to be used with Tomcat, the alias should be "tomcat"

Also since the server is now expected to provide the certificate chain, and in the correct order the following steps might be wise; It would be wise to also be aware that bundle files often come with multiple certs in one file and the keytool will silently discard and not import more than one certificate at a time, in which case if the file does contain multiple certificates breaking the file into one file per cert and importing them separately would be advised. The root of the chain possibly appearing as the "last" certificate in the bundled "chain file" and might need to be imported "first" in order to avoid problems with mobilty clients.

# keytool -import -trustcacerts -alias AddTrustExternalCARoot -file ca_bundle3.crt -keystore tomcat_java.keystore

# keytool -import -trustcacerts -alias USERTrustRSACA -file ca_bundle2.crt -keystore tomcat_java.keystore

# keytool -import -trustcacerts -alias RSAServerCA -file ca_bundle1.crt -keystore tomcat_java.keystore

And finally to address the ciphers problem.

The Tomcat connector ( server.xml ) needs to explicitly "tip toe" about known Common Vulnerabilities and Exploits (CVE)s, this may work like "magic" but the set is carefully crafted around a balance between known vulnerabilities, the capabilities of a jdk without enhanced cipher capabilties and what browsers will allow a connection to be formed with.

<Connector
port="443"
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150"
SSLEnabled="true"
scheme="https"
keystoreFile="/usr/share/jdk1.7.0/bin/tomcat_java.keystore"
keystorePass="changeit!"
secure="true"
clientAuth="false"
sslProtocol="TLS"

ciphers="
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA256,
TLS_RSA_WITH_AES_128_CBC_SHA
"
/>

Its best to consider carefully whether to forego using the "Free" wisdom and customs gathered and standardized by the more mature and currently very vital and active web server projects like Apache and Nginx. They are constantly being updated and repaired for Zero-Day attacks and exploits.

Java is a "language" and does not prioritize "web services" as a daily updated and maintained feature.. by "definition"

Tomcat is almost certainly "guaranteed" to be  "Exploitable"  the day it is released

To serve the useful purpose of an Example of   "What Not To Do.."   this has been widely and strongly publicized almost from its inception.

The position has not been changed, regardless of less experienced users promoting propaganda that "that's what they used to say.. it is still True Today  .. it is still in the documentation" it speaks highly of programmer experience level to say otherwise.

The AJP and Mod_jk projects explicitly "exist" because of the Java libraries that support them, they are not token projects that serve merely as examples.. they are there for a reason.. whenever "bindings" between projects exist and are maintained for "generations" do be curious and suspicious of why the the High Level of effort is continually put in place to maintain them.. usually unused code would fail over time if it were not actively being used. There Is A Reason.. Be Curious !!

Finally, Java "is a Language" with many aspects that "look like" an operating system, its JVM is not as old or robust.. or as well maintained by "language developers" as dedicated "operating system developers". A person who mows your lawn does not often fix cars as well as they mow lawns.. please keep this analogy in mind.

If "language developers" were to ever devote the same level of energy, effort and accumulated expertise.. you would probably not appreciate the language as much as a language developed by dedicated "language developers" [ Expertise in one area, does not often translate into "Unrelated" Expertise in another area.. to assume so is usually disasterous ]