02:09:07 <tomman> https://danluu.com/slow-device/ good writeup, sadly Modern Web Developers™ do not care about low-end trash
02:09:25 <tomman> they're all using $1000 iPhones and $2000 ARMacs
02:09:59 <tomman> also, Let's Encrypt just rendered one of my cellphones useless
02:10:34 <tomman> the cross-signing stuff with the long expired DST CA finally died last week, and no app connecting to Let's Encrypt-certified servers work anymore
02:11:28 <tomman> turns out that while you can install the new CAs, starting with Android 7, the OS will ignore them unless apps explicitly opt-in to using user-added CAs, under the disguise of "security"
02:11:49 <tomman> (the other way is by rooting the cellphone, which is a no-fly zone for most devices out there)
02:12:21 <tomman> I can't listen to web radio or check exchange rates using the handy apps from F-Droid on my old Alcatel due to that
02:12:37 <tomman> isn't SSL wonderful? Contributing to the global pandemic of ewaste, how considerate~
03:53:39 <franstam> why do we need ssl for listening to web radi
03:53:44 <franstam> radio
03:53:51 <franstam> whos gonna hack my stream
03:54:00 <franstam> isnt radio by nature public alrady?
03:54:03 <franstam> who cares?
10:25:13 <njsg> tomman: so older android lacks support for crypto algorithms, newer android simply does not understand the concept of certificate store?
10:25:51 <njsg> one would think people screaming that they must have one single centralized store would understand this concept. Or was that Apple?
14:11:48 <tomman> njsg: no, it's not crypto but CAs
14:12:27 <tomman> Remember the Let's Encrypt CA horror show a few years ago when the DST CA was expiring and they were moving to a new one
14:12:39 <tomman> normally on any sane OS the fix is simple: update your CAs
14:13:23 <tomman> sadly you can't do this on Android unless both your device OEM and (if applicable) your telco cooperates, which is not happening for 99% of the devices out there
14:13:39 <tomman> luckily Android allows to install your own CAs, just like in any Real Computer™
14:14:24 <tomman> unluckily, starting with Android 7, any app targeting SDK level 24 (that is, 7.0) will ignore user-registered CAs in the name of Sekuritah™ (and previous versions gave you scary warnings if you DARED adding a custom CA)
14:14:59 <tomman> developers can opt-in for supporting user CAs, but this is not a default setting on project files
14:15:33 <tomman> and I suspect that in some devices, either telcos or OEMs may have crippled the ability to use your own CAs even with compliant applications, because this is Android
14:15:51 <tomman> all the paths lead to e-waste and setting money ablaze in the name of Sekuritah™
14:16:56 <tomman> and LEt's Encrypt only advice (other than "buy a new cellphone lol") is "Install Firefox, which uses its own CA store"... and which is too bloated to run on low-end devices, even more than Chrome (which is already a bloaty pig)
14:17:38 <tomman> The other workaround is to root the phone and add the certs to the system store, but again, this is not an option for 99% of the devices out there
14:18:28 <tomman> (good luck finding a device-specific forum for $FREE_WITH_FRIES prepaid specials with 1GB RAM on XDA, for example)
14:53:20 <njsg> tomman: no, there's also a separate issue where you may have the certificates but you can't establish a connection because the server requires an unsupported cyper
14:53:37 <njsg> might require older android than that, though.
15:25:29 <tomman> haven't experienced that one with Nougat, tho
15:25:49 <tomman> but yeah, on that one you're screwed since it needs more than just a bunch of files
18:54:53 <njsg> happens at least with some "jelly beans"
20:38:33 <njsg> having to root to do a lot of stuff IMHO in itself sums up a lot that makes android less suitable and harder to use. now they could at least make rooting accessible, instead from what I gather that's often not the case