How to recover from Google dropping password support on May 30th 2022

[Andy Burnelli]

Do you have a solution that allows us to keep using a passwd in an MUA?

Did you get this message today in all your Google email accounts?
<https://i.postimg.cc/2yBvxJhJ/gmailpasswd02.jpg>

It implies Google is dropping third-party mail user agent passwd support.
<https://i.postimg.cc/MGfN2Z7r/gmailpasswd01.jpg>

Verbatim:
"On May 30, you may lose access to apps that are using
less secure sign-in technology
To help keep your account secure, Google will no longer support
the use of third-party apps or devices which ask you to sign in
to your Google Account using only your username and password.

Instead, you'll need to sign in using Sign in with Google
or other more secure technologies, like OAuth 2.0."

I'm sure I'm like others in that I do _not_ want to use my phone to
authorize anything (not text, not 2FA, not my IP, nothing). I simply want a
login and a password and I don't want anything more than only that.

I'm not even sure if I want to use OATH2 (only if there is no other way).

I don't use Google applications if I can help it, so I use 3rd party MUAs on
all my platforms (K-9 Mail, Thunderbird, FairEmail, etc.).

Do you have any solution that allows us to keep using a password in an MUA?
--
Usenet is a team sport where each of us pitches in to help all the others.

[Carlos E.R.]

On 2022-03-04 17:57, Andy Burnelli wrote:
> Do you have a solution that allows us to keep using a passwd in an MUA?
>
> Did you get this message today in all your Google email accounts?
> <https://i.postimg.cc/2yBvxJhJ/gmailpasswd02.jpg>

No.

Only in one account that is not associated with a phone. Not all.

>
> It implies Google is dropping third-party mail user agent passwd support.
> <https://i.postimg.cc/MGfN2Z7r/gmailpasswd01.jpg>
>
> Verbatim:
> "On May 30, you may lose access to apps that are using  less secure
> sign-in technology
>  To help keep your account secure, Google will no longer support  the
> use of third-party apps or devices which ask you to sign in  to your
> Google Account using only your username and password.
>  Instead, you'll need to sign in using Sign in with Google  or other
> more secure technologies, like OAuth 2.0."
>
> I'm sure I'm like others in that I do _not_ want to use my phone to
> authorize anything (not text, not 2FA, not my IP, nothing). I simply want a
> login and a password and I don't want anything more than only that.
>
> I'm not even sure if I want to use OATH2 (only if there is no other way).
>
> I don't use Google applications if I can help it, so I use 3rd party
> MUAs on
> all my platforms (K-9 Mail, Thunderbird, FairEmail, etc.).
>
> Do you have any solution that allows us to keep using a password in an MUA?

As you are setting the followup to alt.comp.software.thunderbird (which
I ignored, of course), it means that you are only interested in an
answer for Thunderbird.

So, for Thunderbird, the solution is obvious: Use Oauth2, like it or not.

Alternatively, use application passwords (a different password for each
application). This requires you to active 2FA, which I know you dislike
because it implies using your phone.

Thus you can only stop using Google.

--
Cheers, Carlos.

[The Real Bev]

So let me get this straight... I can keep using Thunderbird38 on my
computer with my gmail accounts as long as I implement Oauth2 (whatever
that is) and delete my stored passwords (which I just saved with an xv
screenshot).

What about uploading photos to google photos? What about using google
maps? What about my saved places in google maps? What about those
things using my phone instead of my linux (or windows or laptop or other
people's computers) computer? Will they send me a text message with a
code to load in every single time I use a google app?

Personally, password security is perfectly acceptable to me -- if I were
plotting to overthrow the world perhaps I'd feel differently, but I
don't say a hell of a lot in email that I wouldn't be willing to post
publicly. I AM unwilling to pay T-Mobile a dime every time I need to
deal with a text message in order to deal with any google product.

Is there a website that deals with the details of this travesty in detail?

--
Cheers, Bev
"If anyone disagrees with anything I say, I am quite prepared
not only to retract it, but also to deny under oath that I
ever said it." -- T. Lehrer

[Andy Burns]

The Real Bev wrote:

> So let me get this straight...  I can keep using Thunderbird38 on my computer
> with my gmail accounts as long as I implement Oauth2

yes

> (whatever that is) and
> delete my stored passwords (which I just saved with an xv screenshot).
>
> What about uploading photos to google photos?

Your phone will be logged in to your google account, so it will Just Work[TM] if
you want to upload to the photos web site, just login with your password.

> What about using google maps?

You might not have any need to login, but if you do, just use your password

> What about my saved places in google maps?

That's an example of when you will want to login with your password

> What about those things using my
> phone instead of my linux (or windows or laptop or other people's computers)
> computer?  Will they send me a text message with a code to load in every single
> time I use a google app?

Depends if you have 2FA enabled or not.

> Personally, password security is perfectly acceptable to me

Then none of this is the end of the world to you, just carry on using your password.

[The Real Bev]

On 03/04/2022 12:49 PM, Andy Burns wrote:
> The Real Bev wrote:
>
>> So let me get this straight... I can keep using Thunderbird38 on my computer
>> with my gmail accounts as long as I implement Oauth2
>
> yes
>
>> (whatever that is) and
>> delete my stored passwords (which I just saved with an xv screenshot).
>>
>> What about uploading photos to google photos?
>
> Your phone will be logged in to your google account, so it will Just Work[TM] if
> you want to upload to the photos web site, just login with your password.

I use bluemail to access my gmail accounts. I do this because I don't
want to download email to my phone automatically, which gmail didn't
seem to offer any way to opt out of. Will this be a problem?

>> What about using google maps?
>
> You might not have any need to login, but if you do, just use your password
>
>> What about my saved places in google maps?
>
> That's an example of when you will want to login with your password
>
>> What about those things using my
>> phone instead of my linux (or windows or laptop or other people's computers)
>> computer? Will they send me a text message with a code to load in every single
>> time I use a google app?
>
> Depends if you have 2FA enabled or not.

Two-factor authentication, right? Is the text-code-to-your-phone method
the only way of doing this?

>> Personally, password security is perfectly acceptable to me
>
> Then none of this is the end of the world to you, just carry on using your password.

BUT google's messages seem to say that passwords will no longer work
with google apps. WTF? Google's website offers no enlightenment.

I resent being made to jump through hoops (opening an account in order
to ask a manufacturer a simple question about one of their products, for
example) in order to do things whose security is irrelevant. This seems
like an even bigger nuisance.

Perhaps I should already know this stuff, but given the fact that most
of what I do I could post on a billboard with no problems, exactly WHO
am I protecting with all this crap? </rant>

--
Cheers, Bev
Polish loan sharks: they loan you money and then skip town.

[Carlos E.R.]

On 2022-03-04 21:40, The Real Bev wrote:
> On 03/04/2022 12:23 PM, Carlos E.R. wrote:
>> On 2022-03-04 17:57, Andy Burnelli wrote:

...

>>> Do you have any solution that allows us to keep using a password in
>>> an MUA?
>>
>>
>> As you are setting the followup to alt.comp.software.thunderbird (which
>> I ignored, of course), it means that you are only interested in an
>> answer for Thunderbird.
>>
>> So, for Thunderbird, the solution is obvious: Use Oauth2, like it or not.
>>
>> Alternatively, use application passwords (a different password for each
>> application). This requires you to active 2FA, which I know you dislike
>> because it implies using your phone.
>>
>> Thus you can only stop using Google.
>
> So let me get this straight...  I can keep using Thunderbird38 on my
> computer with my gmail accounts as long as I implement Oauth2 (whatever
> that is) and delete my stored passwords (which I just saved with an xv
> screenshot).

No.

You need to change to a modern version of Thunderbird that does support
Oauth2, and on the affected gmail account change security settings to

connection security: ssl/tls
authentication method: OAuth2

Alternatively, set up application passwords.

> What about uploading photos to google photos?  What about using google
> maps?  What about my saved places in google maps?  What about those
> things using my phone instead of my linux (or windows or laptop or other
> people's computers) computer?  Will they send me a text message with a
> code to load in every single time I use a google app?

As we are not in the phone forums, and this was posted to Windows and
Linux forums instead, you are thus using a web browser to access any of
that, so you are not affected.

(In an android phone, you are already logged in to Google, so you are
not affected, either)

>
> Personally, password security is perfectly acceptable to me -- if I were
> plotting to overthrow the world perhaps I'd feel differently, but I
> don't say a hell of a lot in email that I wouldn't be willing to post
> publicly.  I AM unwilling to pay T-Mobile a dime every time I need to
> deal with a text message in order to deal with any google product.

Your opinion, as mine, is irrelevant >:-P

Anyway, the rationale is that Google is working for millions of people,
not you, and that for millions of people their email is used to
authenticate to many services remotely (say, Amazon, you bank, etc) and
in those cases it is better to have secure defaults. It is a fact, so
Google claims, that since they forced more secure defaults maybe a year
ago successful attacks have been reduced significantly - but I have lost
the source for this information.

>
> Is there a website that deals with the details of this travesty in detail?
>


--

Cheers, Carlos.

[Carlos E.R.]

On 2022-03-04 21:57, The Real Bev wrote:
>
> BUT google's messages seem to say that passwords will no longer work
> with google apps.  WTF?  Google's website offers no enlightenment.
>
> I resent being made to jump through hoops (opening an account in order
> to ask a manufacturer a simple question about one of their products, for
> example) in order to do things whose security is irrelevant.  This seems
> like an even bigger nuisance.
>
> Perhaps I should already know this stuff, but given the fact that most
> of what I do I could post on a billboard with no problems, exactly WHO
> am I protecting with all this crap?  </rant>

You may know what you are doing, but millions do not. So google enforces
settings for those millions - and you.


--
Cheers, Carlos.

[Andy Burns]

The Real Bev wrote:

> Andy Burns wrote:
>
>> Depends if you have 2FA enabled or not.
>
> Two-factor authentication, right?  Is the text-code-to-your-phone method the
> only way of doing this?

The way google do it, isn't by sending a text message with a code you have to
input; they just pop-up a question "is that you signing in?" on all your
phones/tablets linked to that account, you can answer on any of them

I presume there's a backup method in case all your devices are out of battery of
destroyed in a freak accident ...

>>> Personally, password security is perfectly acceptable to me
>>
>> Then none of this is the end of the world to you, just carry on using your
>> password.
>
> BUT google's messages seem to say that passwords will no longer work with google
> apps.  WTF?  Google's website offers no enlightenment.

I seem to have snipped your Q about bluemail, but yes it supports oAuth2, google
aren't going to break their own apps with this, it might break some 3rd party
apps (whether on phone or PC) that don't support oAuth2, for those the probably
(not checked) then individual app passwords will still work, one "less secure
apps" is turned off.

[Carlos E.R.]

On 2022-03-04 22:26, Andy Burns wrote:
> The Real Bev wrote:
>> Andy Burns wrote:
>>
>>> Depends if you have 2FA enabled or not.
>>
>> Two-factor authentication, right?  Is the text-code-to-your-phone
>> method the only way of doing this?
>
> The way google do it, isn't by sending a text message with a code you
> have to input; they just pop-up a question "is that you signing in?" on
> all your phones/tablets linked to that account, you can answer on any of
> them
>
> I presume there's a backup method in case all your devices are out of
> battery of destroyed in a freak accident ...

The problem is on the accounts that are not associated to any phone or
tablet. I have one such, from times before Android existed. And it is
the only one that got that email notice.

The question gets sent to the gmail account (which can not see it, as it
was blocked) and to the recovery mail accounts. Then I have to use
firefox to login and say "yes, that was me".

Happens to me using Alpine and postfix (Linux), not Thunderbird.

As there is no associated android device, it is not possible to activate
2FA, and thus I can not use application passwords, google doesn't
activate the method.


--
Cheers, Carlos.

[The Real Bev]

On 03/04/2022 01:07 PM, Carlos E.R. wrote:
> On 2022-03-04 21:40, The Real Bev wrote:
>> On 03/04/2022 12:23 PM, Carlos E.R. wrote:
>>> On 2022-03-04 17:57, Andy Burnelli wrote:
>
> ...
>
>>>> Do you have any solution that allows us to keep using a password in
>>>> an MUA?
>>>
>>>
>>> As you are setting the followup to alt.comp.software.thunderbird (which
>>> I ignored, of course), it means that you are only interested in an
>>> answer for Thunderbird.
>>>
>>> So, for Thunderbird, the solution is obvious: Use Oauth2, like it or not.
>>>
>>> Alternatively, use application passwords (a different password for each
>>> application). This requires you to active 2FA, which I know you dislike
>>> because it implies using your phone.
>>>
>>> Thus you can only stop using Google.
>>
>> So let me get this straight... I can keep using Thunderbird38 on my
>> computer with my gmail accounts as long as I implement Oauth2 (whatever
>> that is) and delete my stored passwords (which I just saved with an xv
>> screenshot).
>
> No.
>
> You need to change to a modern version of Thunderbird that does support
> Oauth2, and on the affected gmail account change security settings to
>
> connection security: ssl/tls
> authentication method: OAuth2

The authentication settings are individual for each account. Double
crap. I have 14 mail accounts (not all gmail) and 6 news accounts. The
passwords all seem to be saved in the same file/database/whatever. So
for google's 'security' I have to re-enter all the non-google
information as well as ensuring that the gmail smtp server will still
work with the non-google mail accounts....

My profile, including my stored mail going back to 1990, is 8.7GB. It's
irreplaceable. Assuming I have to give up the extensions and .css
entries that stopped working in versions later than 38, how can I avoid
losing all that? (1) A simple update to whatever the latest POS is or
(2) a completely new thunderbird installation, create a new profile, and
copy over the contents of the old profile? Or something else? I
normally use method #2 with firefox, but I haven't made any changes to
TB since 2015.

> Alternatively, set up application passwords.

Does TB38 allow that? Seems like a better alternative.

>> What about uploading photos to google photos? What about using google
>> maps? What about my saved places in google maps? What about those
>> things using my phone instead of my linux (or windows or laptop or other
>> people's computers) computer? Will they send me a text message with a
>> code to load in every single time I use a google app?
>
> As we are not in the phone forums, and this was posted to Windows and
> Linux forums instead, you are thus using a web browser to access any of
> that, so you are not affected.
>
> (In an android phone, you are already logged in to Google, so you are
> not affected, either)

>> Personally, password security is perfectly acceptable to me -- if I were
>> plotting to overthrow the world perhaps I'd feel differently, but I
>> don't say a hell of a lot in email that I wouldn't be willing to post
>> publicly. I AM unwilling to pay T-Mobile a dime every time I need to
>> deal with a text message in order to deal with any google product.
>
> Your opinion, as mine, is irrelevant >:-P

I've noticed that...

> Anyway, the rationale is that Google is working for millions of people,
> not you, and that for millions of people their email is used to
> authenticate to many services remotely (say, Amazon, you bank, etc) and
> in those cases it is better to have secure defaults. It is a fact, so
> Google claims, that since they forced more secure defaults maybe a year
> ago successful attacks have been reduced significantly - but I have lost
> the source for this information.

It's probably a FALSE lie, as King Mongkut would say. I'm really tired
of a world which is increasingly designed to protect idiots from their
own idiocy.

>> Is there a website that deals with the details of this travesty in detail?

WTF do we need these newfangled "automobiles" for anyway? A horse was
good enough for my pa and it's good enough for me!

--
Cheers, Bev
"...so she told me it was either her or the ham radio, over."

[The Real Bev]

The price is too high.

I did find out something useful, though. oath2whatever can't be
implemented for POP by Thunderbird, but it shows up for the accounts I
marked as IMAP. SOME accounts I marked as both POP and IMAP at the
gmail website, and they seemed to work just fine. I shall investigate
further.

[Carlos E.R.]

On 2022-03-04 23:39, The Real Bev wrote:
> On 03/04/2022 01:10 PM, Carlos E.R. wrote:
>> On 2022-03-04 21:57, The Real Bev wrote:
>>>
>>> BUT google's messages seem to say that passwords will no longer work
>>> with google apps.  WTF?  Google's website offers no enlightenment.
>>>
>>> I resent being made to jump through hoops (opening an account in order
>>> to ask a manufacturer a simple question about one of their products, for
>>> example) in order to do things whose security is irrelevant.  This seems
>>> like an even bigger nuisance.
>>>
>>> Perhaps I should already know this stuff, but given the fact that most
>>> of what I do I could post on a billboard with no problems, exactly WHO
>>> am I protecting with all this crap?  </rant>
>>
>> You may know what you are doing, but millions do not. So google enforces
>> settings for those millions - and you.
>
> The price is too high.

You have no say in the matter :-p

>
> I did find out something useful, though.  oath2whatever can't be
> implemented for POP by Thunderbird, but it shows up for the accounts I
> marked as IMAP.  SOME accounts I marked as both POP and IMAP at the
> gmail website, and they seemed to work just fine.  I shall investigate
> further.
>

I use imap on all my accounts.

--
Cheers, Carlos.

[Big Al]

When the first OAuth2 thing hit last year, I changed every account to IMAP. I have found it a great asset.
Just a week ago I tried something and lost my system. I had morning backups but had done a good amount of emails and responses and received
a lot from my doctors etc.
The reload took only a bit and the instant TB was launch, as much as it was a bit outdated, all the folders got in sync. Fabulous.

[Carlos E.R.]

Oauth2 is interactive.

So, when you configure for oauth, Thunderbird will prompt with a
different window to type your credentials (I think it is done with
javascript).

You can not enter your credentials in a configuration file. Thunderbird
must see you typing the login and password, and gmail must believe you.
AFAIR it can do things like asking you to identify pedestrian crossings
in a bunch of small photos. Yes, just as if you login via web.

>> Alternatively, set up application passwords.
>
> Does TB38 allow that?  Seems like a better alternative.

It doesn't depend on the tool.

You have to login via web, enter certain menu (sorry, I forgot which,
but I can look it up if you want), and ask google to generate the
password for the external tool. And it is a long one.

This only works if you have 2FA enabled.

:-D


--
Cheers, Carlos.

[The Real Bev]

On 03/04/2022 01:26 PM, Andy Burns wrote:
> The Real Bev wrote:
>
>> Andy Burns wrote:
>>
>>> Depends if you have 2FA enabled or not.
>>
>> Two-factor authentication, right? Is the text-code-to-your-phone method the
>> only way of doing this?
>
> The way google do it, isn't by sending a text message with a code you have to
> input; they just pop-up a question "is that you signing in?" on all your
> phones/tablets linked to that account, you can answer on any of them

Is that via wifi or phone? Wifi is OK, but NOT phone.

> I presume there's a backup method in case all your devices are out of battery of
> destroyed in a freak accident ...
>
>>>> Personally, password security is perfectly acceptable to me
>>>
>>> Then none of this is the end of the world to you, just carry on using your
>>> password.
>>
>> BUT google's messages seem to say that passwords will no longer work with google
>> apps. WTF? Google's website offers no enlightenment.
>
> I seem to have snipped your Q about bluemail, but yes it supports oAuth2, google
> aren't going to break their own apps with this, it might break some 3rd party
> apps (whether on phone or PC) that don't support oAuth2, for those the probably
> (not checked) then individual app passwords will still work, one "less secure
> apps" is turned off.

I just discovered (and posted elsewhere) the fact that gmail IMAP
accounts will accept oauth2 from Thunderbird 38, but POP accounts will
not. I have two accounts marked IMAP within Thunderbird, but I marked
them as both POP and IMAP at the gmail website.

Perhaps if I mark my main google account IMAP instead of (or in addition
to) POP the problem will be solved. Or not.

It's a wrench moving from computer to phone and back again :-(


--
Cheers, Bev
"Well to be perfectly honest, in my humble opinion, of course
without offending anyone who thinks differently from my point
of view, but also by looking into this matter in a different
perspective and without being condemning of one's view's and
by trying to make it objectified, and by considering each and
every one's valid opinion, I honestly believe that I completely
forgot what I was going to say." -- S. Kumar

[The Real Bev]

On 03/04/2022 02:51 PM, Carlos E.R. wrote:
> On 2022-03-04 23:39, The Real Bev wrote:
>> On 03/04/2022 01:10 PM, Carlos E.R. wrote:
>>> On 2022-03-04 21:57, The Real Bev wrote:
>>>>
>>>> BUT google's messages seem to say that passwords will no longer work
>>>> with google apps. WTF? Google's website offers no enlightenment.
>>>>
>>>> I resent being made to jump through hoops (opening an account in order
>>>> to ask a manufacturer a simple question about one of their products, for
>>>> example) in order to do things whose security is irrelevant. This seems
>>>> like an even bigger nuisance.
>>>>
>>>> Perhaps I should already know this stuff, but given the fact that most
>>>> of what I do I could post on a billboard with no problems, exactly WHO
>>>> am I protecting with all this crap? </rant>
>>>
>>> You may know what you are doing, but millions do not. So google enforces
>>> settings for those millions - and you.
>>
>> The price is too high.
>
> You have no say in the matter :-p

Unfortunately. Voting is about as useful.

>> I did find out something useful, though. oath2whatever can't be
>> implemented for POP by Thunderbird, but it shows up for the accounts I
>> marked as IMAP. SOME accounts I marked as both POP and IMAP at the
>> gmail website, and they seemed to work just fine. I shall investigate
>> further.
>
> I use imap on all my accounts.

I chose POP because I wanted to download mail to my computer and delete
it from the server. The idea of having it floating around forever in
the cloud is unsettling.

This causes a problem when I take a tablet/phone on a trip and want to
read my mail on it, but download it to my computer when I get back.
This isn't easy, but I never considered the possibility when I
established most of my accounts. IMAP is certainly more practical. I
need to do some experimentation... I don't think anything changed when
I added IMAP to those two existing POP accounts...

[Andy Burnelli]

Carlos E.R. wrote:

> So, for Thunderbird, the solution is obvious: Use Oauth2, like it or not.

But I _already_ have OATH2 set (or so it seems) on my Windows TB setup.
[Tools/AccountSettings/YourGmailAccount/ServerSettings/SecuritySettings/AuthenticationMethod]

Do you see anything wrong with this TB setup I just snapshotted for you?
<https://i.postimg.cc/432zCNgx/gmailpasswd03.jpg> Current Gmail OATH2 setup
--
Usenet isn't for amusement; it's for learning from and helping each other.

[Steve Carroll]

When will Snot / Snit support the accusation she's made copius times
recently about me being a Shadow sock? It was Snot / Snit who was openly
asking how better to improve his flooding. It's a long, drawn out conflict,
and Snot / Snit is simultaneously a master at off-the-cuff trolling remarks,
while posting with socks with a myriad of tells. Snot / Snit expects
people to believe that a poster such as Shadow who he has many times
claimed to be a perjurer is someone to 'respect'? How can he think people
are THAT stupid? Google for 'functionally illiterate fraud' and Dustin
Cook is found: <https://www.bing.com/search?q=Dustin+Cook+the+functionally+illiterate+fraud>.



-
"You'll notice how quickly he loses interest when everything is about
him. He clearly wants the attention"
Steve Carroll, making the dumbest comment ever uttered.

[Andy Burnelli]

The Real Bev wrote:

> I did find out something useful, though. oath2whatever can't be
> implemented for POP by Thunderbird, but it shows up for the accounts I
> marked as IMAP.

I must have switched to OAuth2 long ago (probably when the last warning came
from Google) and I _still_ got the email message from google it seems.

[Tools/AccountSettings/YourGmailAccount/ServerSettings/SecuritySettings/AuthenticationMethod]

[Ant]

In alt.os.linux Andy Burnelli <sp...@nospam.com> wrote:
> The Real Bev wrote:

> > I did find out something useful, though. oath2whatever can't be
> > implemented for POP by Thunderbird, but it shows up for the accounts I
> > marked as IMAP.

> I must have switched to OAuth2 long ago (probably when the last warning came
> from Google) and I _still_ got the email message from google it seems.

> [Tools/AccountSettings/YourGmailAccount/ServerSettings/SecuritySettings/AuthenticationMethod]
> <https://i.postimg.cc/432zCNgx/gmailpasswd03.jpg> Current Gmail OATH2 setup

Check your logged in https://myaccount.google.com/lesssecureapps. Is it
ON? If so, then turn it OFF. I'm pretty sure Google is checking your
Google account's settings.

--
Picard, winter, and Paralympics (good opening ceremony) are back again. A surprisingly quiet Thursday to catch up and watch videos after the slammy hump day (passed out after 10:03 PM PST to unlucky ~4:44 AM PST).
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://aqfl.net & http://antfarm.home.dhs.org.
/ /\ /\ \ Please nuke ANT if replying by e-mail.
| |o o| |
\ _ /
( )

[Andy Burnelli]

Andy Burns wrote:

> I seem to have snipped your Q about bluemail, but yes it supports oAuth2, google
> aren't going to break their own apps with this, it might break some 3rd party
> apps (whether on phone or PC) that don't support oAuth2, for those the probably
> (not checked) then individual app passwords will still work, one "less secure
> apps" is turned off.

I'm mostly using K-9 Mail for Android.
<https://i.postimg.cc/2yBvxJhJ/gmailpasswd02.jpg>
as I do not have Android set to a Google account.

For those who haven't done it, you don't need a Google account on Android
but if you ever use "certain" apps, they _force_ an account to be created!

The GMail app is one of those apps (as is Google Voice).
So I use K-9 Mail.

I remember some time ago they forced this OAuth2 stuff on us, so I changed
"something" but I don't remember what as it was a long time ago.

[Tools/AccountSettings/YourGmailAccount/ServerSettings/SecuritySettings/AuthenticationMethod]
<https://i.postimg.cc/432zCNgx/gmailpasswd03.jpg> Current Gmail OATH2 setup

Even so, Google sent me the nastigram.
I'm confused why.

[Jasen Betts]

I use smtp instead, this meant I has to set up a SMTP server on my
home computer, and organise a domain name for it, then I set my gmail
accout to forward all mail to my SMTP server.

> This causes a problem when I take a tablet/phone on a trip and want to
> read my mail on it, but download it to my computer when I get back.

I use ssh from my phone if I need to read mail that is on my computer.


--
Jasen.

[Andy Burnelli]

Carlos E.R. wrote:

> As you are setting the followup to alt.comp.software.thunderbird (which
> I ignored, of course), it means that you are only interested in an
> answer for Thunderbird.

No. I have Windows, Linux (Ubuntu), Android & iOS.

It's just that the iOS and Linux people get all pissy about cross platform
threads so I figured I'd limit it to the Thunderbird group but I also have
Android and iOS MUAs too. <https://i.postimg.cc/2yBvxJhJ/gmailpasswd02.jpg>

Feel free to followup to whom you think would benefit from the value added.
--
Usenet should consist of courteous kind-hearted people helping each other.

[Andy Burnelli]

Carlos E.R. wrote:

> You need to change to a modern version of Thunderbird that does support
> Oauth2, and on the affected gmail account change security settings to
>
> connection security: ssl/tls
> authentication method: OAuth2

I'm not sure yet _why_ I got the message from Google because I have that set
(probably because of the last scare by Google as it was done long ago).

[Tools/AccountSettings/YourGmailAccount/ServerSettings/SecuritySettings/AuthenticationMethod]
<https://i.postimg.cc/432zCNgx/gmailpasswd03.jpg> Current Gmail OATH2 setup

Maybe it's K-9 mail it's complaining about?
Damn Google should be explicit which MUA they're talking about.

I can't tell from this message, can you?
<https://i.postimg.cc/MGfN2Z7r/gmailpasswd01.jpg>

Maybe it's coming from the fact I'm using K-9 mail on the same account?
<https://i.postimg.cc/2yBvxJhJ/gmailpasswd02.jpg>

[Andy Burnelli]

Ant wrote:

> Check your logged in https://myaccount.google.com/lesssecureapps. Is it
> ON? If so, then turn it OFF. I'm pretty sure Google is checking your
> Google account's settings.

Funny thing is I haven't "logged" into a Google app in years it seems.
I just click Thunderbird in Windows to get my mail, or K-9 on Android.
Logging into Google using Opera, which is a VPN-based browser...

Damn... sends me to 'security'
<https://accounts.google.com/ServiceLogin?service=accountsettings&hl=en-US&continue=https://myaccount.google.com/intro/security>

Oh crap.
Captcha.... (it's the only childish puzzle game I'm forced to play)
Jesus Christ.... damn piece of shit is forcing another email on me.
Now I have to give it a _second_ email just to log into the first.
(Google _hates_ vpn like I hate trolls!)

Anyway, after I set all that up, it gives me this confusing page:
<https://i.postimg.cc/MGs3HSyn/gmailpasswd04.jpg>

Apps with access to your account
Third-party apps with account access
You gave these sites and apps access to some of your Google Account data,
including info that may be sensitive.
Remove access for those you no longer trust or use. Learn about the risks
1 of your apps is secured by Cross-Account Protection.
SRWare Iron Has full access to your Google Account
Email - Edison Mail

Has access to Gmail, Google Contacts
FairEmail, privacy aware email Has access to Gmail
*Mozilla Thunderbird Email Has access to Gmail*

Signing in with Google
You use your Google Account to sign in to these sites and apps.
They can view your name, email address, and profile picture.

1 of your apps is secured by Cross-Account Protection.
Google Account sign-in prompts
Allow Google to offer a faster way to sign in with your Google Account
on supported third-party sites
Email - Edison Mail
JSTOR

Google may also have access to some of your third-party accounts.
Learn more about how to manage those connections.
--
Can you make sense out of that? I can't yet.

[Andy Burnelli]

WaltS48 wrote:

> Perhaps because K-9 Mail is a third party app. No?

I would think so, but notice that when I logged into my Gmail account just
moments ago it showed the following which doesn't even _list_ K-9 mail.
<https://i.postimg.cc/MGs3HSyn/gmailpasswd04.jpg>
Yet K-9 mail works just fine with my google email address for some reason.
<https://i.postimg.cc/2yBvxJhJ/gmailpasswd02.jpg>
As does Windows Thunderbird, which is already set to OAuth2 (a while ago).
<https://i.postimg.cc/432zCNgx/gmailpasswd03.jpg>

I'm not ashamed to admit I'm thoroughly confused what Google wants me to do.
a. Is Google complaining about K-9 Mail?
b. Is Google complaining about Thunderbird?
c. Is Google complaining about something else (like my account settings)?

What?

Is it about some other MUA I don't use as frequently as K-9 and TB perhaps?
<https://i.postimg.cc/cL9r9qFW/gmailpasswd05.jpg>

What the heck is it that Google wants me to do anyway?
<https://i.postimg.cc/MGfN2Z7r/gmailpasswd01.jpg>
--
Only the Lord knows why I allowed SRWare Iron full control though.

[The Real Bev]

I'm confused. SMTP is only for outgoing mail, right? Various mail
servers get kind of pissy if you don't use THEIR smtp servers.

>> This causes a problem when I take a tablet/phone on a trip and want to
>> read my mail on it, but download it to my computer when I get back.
>
> I use ssh from my phone if I need to read mail that is on my computer.

But it wouldn't be on my computer if I weren't there downloading it.

[HHI]

Keep in mind your accusation is based on you not understanding context.
Your game:

* Snit spoke of Dustin Cook having Carroll's flood bot code .
* Dustin Cook does not have Carroll's flood bot code.

Then you insist I lied. But you leave out the context.

1) Snit spoke of Carroll's flood bot code, and what can be known without
the code
2) Dustin Cook responded by speaking of what he can know HAVING THE CODE.
3) Snit spoke of Dustin Cook having Carroll's flood bot code.
4) Dustin Cook does not have Carroll's flood bot code.

You start at step three and then insist that if one starts there it LOOKS
like you were unfairly accused.

In short: you prove yourself a functionally illiterate fraud again.

-
Live on Kickstarter!
https://swisscows.com/web?query=steve%20carroll%20%22narcissistic%20bigot%22
Steve Carroll the Narcissistic Bigot

[Carlos E.R.]

On 2022-03-05 06:20, The Real Bev wrote:
> On 03/04/2022 05:00 PM, Jasen Betts wrote:
>> On 2022-03-04, The Real Bev <bashl...@gmail.com> wrote:
>>> On 03/04/2022 02:51 PM, Carlos E.R. wrote:
>>>> On 2022-03-04 23:39, The Real Bev wrote:
>>>>> On 03/04/2022 01:10 PM, Carlos E.R. wrote:
>>>>>> On 2022-03-04 21:57, The Real Bev wrote:


>>>>> I did find out something useful, though.  oath2whatever can't be
>>>>> implemented for POP by Thunderbird, but it shows up for the accounts I
>>>>> marked as IMAP.  SOME accounts I marked as both POP and IMAP at the
>>>>> gmail website, and they seemed to work just fine.  I shall investigate
>>>>> further.
>>>>
>>>> I use imap on all my accounts.
>>
>>> I chose POP because I wanted to download mail to my computer and delete
>>> it from the server.  The idea of having it floating around forever in
>>> the cloud is unsettling.
>>
>> I use smtp instead, this meant I has to set up a SMTP server on my
>> home computer, and organise a domain name for it, then I set my gmail
>> accout to forward all mail to my SMTP server.
>
> I'm confused.  SMTP is only for outgoing mail, right?  Various mail
> servers get kind of pissy if you don't use THEIR smtp servers.

For a client, yes. But it is actually both, an smtp server both sends
and receives. An smtp server talks to other smtp servers.

Yes, it is tricky to get other smtp servers out there to actually accept
your smtp server. Typically you need a fixed IP with both dns and
reverse dns working, and not being blacklisted.

>>> This causes a problem when I take a tablet/phone on a trip and want to
>>> read my mail on it, but download it to my computer when I get back.
>>
>> I use ssh from my phone if I need to read mail that is on my computer.
>
> But it wouldn't be on my computer if I weren't there downloading it.

For that there is automatics :-)

If downloading is manual, you can also do that via ssh.


--
Cheers, Carlos.

[Carlos E.R.]

On 2022-03-05 00:33, The Real Bev wrote:
> On 03/04/2022 02:51 PM, Carlos E.R. wrote:
>> On 2022-03-04 23:39, The Real Bev wrote:
>>> On 03/04/2022 01:10 PM, Carlos E.R. wrote:
>>>> On 2022-03-04 21:57, The Real Bev wrote:


>>> I did find out something useful, though.  oath2whatever can't be
>>> implemented for POP by Thunderbird, but it shows up for the accounts I
>>> marked as IMAP.  SOME accounts I marked as both POP and IMAP at the
>>> gmail website, and they seemed to work just fine.  I shall investigate
>>> further.
>>
>> I use imap on all my accounts.
>
> I chose POP because I wanted to download mail to my computer and delete
> it from the server.  The idea of having it floating around forever in
> the cloud is unsettling.

But you can use imap also for downloading to your computer. In Linux,
you would typically set this up with fetchmail (which doesn't do Oauth2,
I believe).

But you can also set this up with Thunderbird.

First, you can tell Th to synchronize for offline reading. Or, you can
create a filter that moves instantly any new email to a local folder -
but in this case another machine or tablet can not read the email.

Except that gmail by default doesn't delete anything.

> This causes a problem when I take a tablet/phone on a trip and want to
> read my mail on it, but download it to my computer when I get back. This
> isn't easy, but I never considered the possibility when I established
> most of my accounts.  IMAP is certainly more practical.  I need to do
> some experimentation...  I don't think anything changed when I added
> IMAP to those two existing POP accounts...
>


--

Cheers, Carlos.

[Carlos E.R.]

On 2022-03-05 00:23, The Real Bev wrote:
> On 03/04/2022 01:26 PM, Andy Burns wrote:
>> The Real Bev wrote:
>>
>>> Andy Burns wrote:
>>>
>>>> Depends if you have 2FA enabled or not.
>>>
>>> Two-factor authentication, right?  Is the text-code-to-your-phone
>>> method the
>>> only way of doing this?
>>
>> The way google do it, isn't by sending a text message with a code you
>> have to
>> input; they just pop-up a question "is that you signing in?" on all your
>> phones/tablets linked to that account, you can answer on any of them
>
> Is that via wifi or phone?  Wifi is OK, but NOT phone.

Computerese "or", which is not an exclusive "or" ;-)

--
Cheers, Carlos.

[Carlos E.R.]

If you have one app not using oauth2, it triggers.

Or if on the gmail web page you have enabled "access by less secure
applications".


Google: what is cross-account protection

<https://www.buzzfeednews.com/article/mathonan/google-new-security-feature-will-stop-hacks-from-spreading>

This New Account Protection Feature From Google Is Designed To Stop
Hacks From Spreading
Mat Honan
3-4 minutes

Google announced a new feature to let developers using Google Sign-In
automatically share information about security problems, like account
hacks, to make it more difficult for incidents to spread across
services. A new cross-account protection (CAP) protocol is designed to
send and receive security signals about user accounts, so that a breach
on one service is less likely to allow an attacker to daisy-chain their
way into that person's account on another.

...



--
Cheers, Carlos.

[Gary R. Schmidt]

On 05/03/2022 19:27, Carlos E.R. wrote:
> On 2022-03-05 00:33, The Real Bev wrote:
>> On 03/04/2022 02:51 PM, Carlos E.R. wrote:
>>> On 2022-03-04 23:39, The Real Bev wrote:
>>>> On 03/04/2022 01:10 PM, Carlos E.R. wrote:
>>>>> On 2022-03-04 21:57, The Real Bev wrote:
>
>
>>>> I did find out something useful, though.  oath2whatever can't be
>>>> implemented for POP by Thunderbird, but it shows up for the accounts I
>>>> marked as IMAP.  SOME accounts I marked as both POP and IMAP at the
>>>> gmail website, and they seemed to work just fine.  I shall investigate
>>>> further.
>>>
>>> I use imap on all my accounts.
>>
>> I chose POP because I wanted to download mail to my computer and
>> delete it from the server.  The idea of having it floating around
>> forever in the cloud is unsettling.
>
> But you can use imap also for downloading to your computer. In Linux,
> you would typically set this up with fetchmail (which doesn't do Oauth2,
> I believe).
>

Getmail - the proper getmail, 5, - at
<https://pyropus.ca./software/getmail/>, has a mechanism for using
OAUTH2, I just changed to OAUTH2 from simple login for the three
accounts that I pull down from gmail.

Took maybe 10-15 minutes, most of which was working through the
interminable google setup stuff.

Oh, Getmail is written in Python 2, so if you're limited by what you can
click'n'drool it probably won't work for you.

Cheers,
Gary B-)

[Andy Burns]

The Real Bev wrote:

> oath2whatever can't be implemented for POP by Thunderbird

We had this discussion a few months back, yes it can, pop is what I use with TB
v91 and gmail, it may not be available with your older version?

[Andy Burns]

Andy Burnelli wrote:

> Anyway, after I set all that up, it gives me this confusing page:
> <https://i.postimg.cc/MGs3HSyn/gmailpasswd04.jpg>

K-9 doesn't support oAuth2, so you must be using "less secure apps" or an "app
specific password" with it to gmail. Since I've not received the warning email
from google, I'm not sure if they're only binning the former method or both methods.

[Andy Burns]

The Real Bev wrote:

> Andy Burns wrote:
>
>> The way google do it, isn't by sending a text message with a code you have to
>> input; they just pop-up a question "is that you signing in?" on all your
>> phones/tablets linked to that account, you can answer on any of them
>
> Is that via wifi or phone?  Wifi is OK, but NOT phone.

Any connectivity you have, I suppose. Certainly it works over my home wifi and
over 4G

[Carlos E.R.]

I just looked in the fetchmail manual, and there are references to
oauth2, too. Rather "oaouth2 token"


--
Cheers, Carlos.

[Snit Michael Glasser]

He is obviously flooding, he got caught and he's doing the standard ego
protecting BS learned in Trolling 101 as he knocks himself out to be given
what Snit Michael Glasser already has... but it blew up in his face. Jeff-
Relf.Me is commonly seen alleging "I KNOW BETTER" when it comes to data
on the Internet where info is there multiple times... but Jeff-Relf.Me is
just too thickheaded and lost to grasp any instruction he sees. For all
the crowing Jeff-Relf.Me's done on this topic, the 'Web Developer' doesn't
get how to do this. It seriously takes a couple seconds to click and drag
across a paragraph and 'PDF convert' it.

Is Snit Michael Glasser envious about Jeff-Relf.Me having four zipped doxing
files warning people about what he is, vs the single one he earned? What
were you hoping for?

Too much glue for you, Gluehead.

--
Top Ten Ways Jeff-Relf.Me Trolls
https://www.udemy.com/user/michael-glasser/
https://gibiru.com/results.html?q=%22narcissistic%20bigot%22
https://www.bing.com/search?q=%22narcissistic%20bigot%22
Narcissistic Bigot Steve Carroll

[Andy Burnelli]

Carlos E.R. wrote:

> If you have one app not using oauth2, it triggers.

Thanks Carlos for offering advice as to _why_ Google has triggered it.
a. It could be about Thunderbird or it could be about K-9 or some other MUA
b. Or, it may be only about my settings inside of my Google Account perhaps?

It seems if you're _already_ using OAth2, there's nothing else to do.
Right?
So why would Google trigger a warning when you're already using OAth2?

I don't know, but I appreciate the heads up as I'm just trying to figure out
what Google wants me to do (and I don't want to use my phone to do it!).

For Thunderbird users, Andy Burns kindly told me where to find the settings:
> plus if you look in Tools/Preferences/Privacy/SavedPasswords
> you'll see the token itself corresponding to the username, so TB knows it, it'll
> only ever be sent within a TLS session, google can confirm it, nobody else sees it.

Which helped a lot.

Now I see my Thunderbird setup was last changed on July 7th, 2021, most
likely in response to a nastigram by Google as I don't usually touch it.
<https://i.postimg.cc/RhHkj4gJ/gmailpasswd06.jpg>

Which, transcribed, amounts to the following (I would think typical) setup:
imap://imap.gmail.com (imap://imap.gmail.com) lo...@gmail.com 7/7/2021
oauth://accounts.google.com (https://mail.google.com.com) lo...@gmail.com 7/7/2021
smtp://smtp.gmail.com (smtp://imap.gmail.com) lo...@gmail.com 7/7/2021

> Or if on the gmail web page you have enabled "access by less secure
> applications".

Ant had kindly suggested that, so yesterday I went on VPN as I do every time
I need to log into anything, to log into my Google Account (which is rare).

Predictably, Google first gave me hell for using VPN (but at least Google
didn't disable my computer which is what Apple did to me on my iPads!).

I seem to have "Less secure app access" turned on in my Google Account:
<https://i.postimg.cc/cL9r9qFW/gmailpasswd05.jpg>

Thunderbird is on but not K-9 for "Apps with access to your account".
<https://i.postimg.cc/MGs3HSyn/gmailpasswd04.jpg>
Yet, for now, both TB and K9 (Android) work just fine as far as I can tell.

I'm not sure what to do there, but I'm sure others have the same confusion.
Any advice is welcome as all I want is the minimum invasion & most utility.

Bear in mind I don't intend on using any Google Services other than GMail.

> Google: what is cross-account protection
> <https://www.buzzfeednews.com/article/mathonan/google-new-security-feature-will-stop-hacks-from-spreading>

Thanks for that February 2019 article on CAP, which, I admit, was confusing.
"CAP lets different services send one another major security notifications
about a common user - such as when an account has been hijacked
or disabled, when it has logged a user out of all sessions,
when it forces a password change, and when it detects that an account
is actually a bot. That then gives developers the option of taking
action on the affected account.

It means that for now someone needs to be logged in via Google Sign-In
for the new feature to work as a Gmail address alone isn't enough."

For me that's bad news as I'm never signed into Google for anything other
than to retrieve my email on each of my platforms, and that's it.

To me, Google is email, and there's nothing else that I want from them.
Even my phone doesn't have any account on it, certainly not a Google one.

Nor my PCs. None of my utility apps require an account either.
If any app on any platform requires a login account, I don't need that app.

I can't even think of an app that requires an account that would be useful
that is outside a telecommunication app (and even those usually don't
require an account, but some might).

BTW, Andy Burns provided a shocking video where the author is about as blunt
as I am in saying the truth about himself and about the Oath2 "framework".
[See the video for details why it's a "framework" and not a "protocol".)
--
> Andy Burns: You may be aware that Eran Hammer walked away from it?

I'm never afraid to admit I don't know something (unless it's a cop asking
me if I know how fast I was going and then I'll claim the speed limit).

I am ignorant of who Eran Hammer is, but, luckily, ignorance can be cured...
*OAuth 2.0 leader resigns, says standard is 'bad'*

<https://www.cnet.com/tech/services-and-software/oauth-2-0-leader-resigns-says-standard-is-bad/>
"The standard grew too far away from its roots as a simple Web
authentication technology, author Eran Hammer-Lahav says,
and now is insecure and overly broad."

> I don't know why Vimeo
> wants people to login just to watch, but apparently it can be watched
> anonymously when it's embedded in another page.
> <https://hustoknow.blogspot.com/2012/12/oauth2-road-to-hell.html>

Thanks for that last ever OAuth talk video. "Death by a million cuts".
Unfortunately he can't wear his own Oath branded t-shirt in his own house!

He seems to be much like I am in terms of brutal honesty, both self honesty,
and in unafraid condemnation of the actions by the big powers that control.

[Diesel Kook]

Those who know my posts knows it's not spawned in the sense Shadow is thinking,
and many of them are of course hand written.

Shadow just wiped the floor with Carroll. Yup. Clearly this is what we
have to stop. Trolls who clearly have no reason for being here other than
to flood. Carroll showed himself to be a sophist by pretending to not engage
Shadow by means of veraciously proclaiming 'goodbye forever!' and then
engaging him anyhow via another poster.

That's our Carroll, though, above the law and such. Believes if your computer/port
list is online, they've got the right to use your CPU cycles, whether you
agree or not. And in retaliation you have nothing but a crack to start
something.

--

"You'll notice how quickly he loses interest when everything is about
him. He clearly wants the attention"

Steven Petruzzellis, making the dumbest comment ever uttered.

[Andy Burnelli]

Oh oh... that's bad news that K-9 doesn't support OAuth2 as that means if
they don't support it by the Google deadline, we're all toast who use it.

You are correct though that I currently have less secure apps set as shown:
<https://i.postimg.cc/cL9r9qFW/gmailpasswd05.jpg>

So the question (for Android) would be how to keep K9 working after cutoff.

[Andy Burns]

Andy Burnelli wrote:

> So the question (for Android) would be how to keep K9 working after cutoff.

https://support.google.com/accounts/answer/185833?hl=en

You're probably not going to like that it requires 2FA

[Carlos E.R.]

I concur.


For me the problem is, that the only account where I got the warning
mail, is not associated with any Android device, simply because it
predates them, so AFAIK 2FA is not possible. My Android devices are
associated with another Google account.

--
Cheers, Carlos.

[Andy Burns]

Carlos E.R. wrote:

> For me the problem is, that the only account where I got the warning mail, is
> not associated with any Android device, simply because it predates them, so
> AFAIK 2FA is not possible. My Android devices are associated with another Google
> account.

Can't you add the old account, as a second google account, to one of your
phones/tablets?

[Carlos E.R.]

Hum.

I don't know if I want to do that :-?


It would have to be on my main phone, the only device that is guaranteed
to be near me in every case google wants me to authenticate.

I'll have to think about it.

--
Cheers, Carlos.

[Jasen Betts]

SMTP is also for transferring mail between servers.

> Various mail servers get kind of pissy if you don't use THEIR smtp servers.

no. but SPF and DKIM are something like that.

>>> This causes a problem when I take a tablet/phone on a trip and want to
>>> read my mail on it, but download it to my computer when I get back.
>>
>> I use ssh from my phone if I need to read mail that is on my computer.
>
> But it wouldn't be on my computer if I weren't there downloading it.

SMTP works automatically. you don't need to manually download.

--
Jasen.

[The Real Bev]

TB 38. Definitely older.

I'm wondering about downloading the latest TB version into a separate
subdirectory, letting (requiring?) it to create a new profile, and then
copying over the entire contents of my current profile over the new
profile (cp -arf * I think). This is my normal Firefox update method
and it seems to work fine. Will it work nicely with Thunderbird too?

--
Cheers, Bev
Linux: The penguin is mightier than the sword

[Paul]

Thunderbird has profile migration. It can note the
"version numbers" inside files and deal with them.
For example, if you define a filter (killfile), those
have version numbers, and the file might need to be
migrated. On minor release changes, just the version
number field might change.

Some details might not have changed, simply because
of a lack of developers who understand them. Mork
format for example, a kind of database format, only
a couple people have a good idea how it works. More common
things like .eml format, share details with other email
clients.

Any password scheme, will change between releases.
There's more reason to be tweaking that aspect.
Or maybe the storage of certificates might be messed about.

Seamonkey, a parallel development scheme, their web page
usually has warnings about how "compatible" their migration
is. I don't think Thunderbird has nearly the same level of
warnings.

No tool likes to go "backwards". It's unlikely the tool
will like a request to migrate from 91 to 38. Such as
if you move a 91 profile, to your TB38 installation.

As for the "copying" step, you can edit "profiles.ini"
and add an entry which points to where-ever the profile
is located. For example, right now I have a profile folder
which is in ~/Downloads, where I am more likely to
bump into it, back it up, and so on. On Linux, the
"file system distance", likely isn't that large between
where the profile is normally stored, and the Downloads folder.
On Windows, the path is a bit more obscure (for casual users
who haven't turned off all Hidden features). On Windows,
it might be down in AppData:Roaming (visibility problem).

This is an example of an older format for a profiles.ini . Newer
ones are more of a mess for some reason. I won't put a newer one,
because I couldn't explain what they were thinking :-)

[General]
StartWithLastProfile=1

[Profile0]
Name=default
IsRelative=0 <=== absolute path
Path=C:\Users\Username\Downloads\1234abcd.default <=== absolute path
Default=1 <=== "nominated"

Paul

[Gremlin the Functionally Illiterate Fraud]

Over and over, the refrain is he wants to "talk tech", but Doomsdrzej
spends most of his time whining about "AppleScript".

It was Doomsdrzej who flooded -hh's site dozens of times and pretended
he did not do it. The Linux CD Doomsdrzej mentioned is read-only media.
It's not possible to burn new information to it.

How much more time does Doomsdrzej's very dumb arse (a dumb terminal
knows more than Doomsdrzej and is useful) need to prove their -hh flooding
accusation with message IDs?

--
This Trick Gets Women Hot For You
https://duckduckgo.com/?q=Steve%20Petruzzellis%20narcissistic%20bigot
https://search.givewater.com/serp?q=Steve+Petruzzellis+%22NARCISSISTIC+BIGOT%22
https://duckduckgo.com/?q=steve+carroll+narcissistic+bigot
Narcissistic Bigot Steve Carroll

[Dustic Cook the Fucntionally Illiterate Fraud]

Ha! Give it up, chap... even you have plonked that fool. Given what Shadow
is (and does) not a soul should condemn you for wanting to be rid of his
insane brand of farce. Unfortunately there are too many "all choice is good"
electronics users and not enough power users with the skills to help the
people with Android.

Shadow suffers from neurotic lies so, to him, everything, even treating
him as he treats others, are "slander". Who doesn't know this?

One day, if you bother to pay attention... you would see that Shadow's tactic
is to 'accidentally' incite people and then play 'patsy'. Lines of text containing
this and that, but not what is needed. I have a electronics system I use
as well, but it's a bit different.

-
What Every Entrepreneur Must Know!
https://www.bing.com/search?q=Dustin+Cook+the+functional+illiterate+fraud
Narcissistic Bigot Steve Carroll

[The Real Bev]

No, I want to leave TB38's profile untouched by anything but TB38. The
copy is to see if the latest version can cope with what I regard as
essential.

So far it's worked copying FF82's profile to the FF98(?) nightly, but
when I tried to update the nightly it broke. Just deleted the FF
nightly and haven't tried again. One of these days.

> For example, right now I have a profile folder
> which is in ~/Downloads, where I am more likely to
> bump into it, back it up, and so on. On Linux, the
> "file system distance", likely isn't that large between
> where the profile is normally stored, and the Downloads folder.
> On Windows, the path is a bit more obscure (for casual users
> who haven't turned off all Hidden features). On Windows,
> it might be down in AppData:Roaming (visibility problem).

No reason to move the profiles from where they are. I run a backup
almost every night of my entire working partition.

> This is an example of an older format for a profiles.ini . Newer
> ones are more of a mess for some reason. I won't put a newer one,
> because I couldn't explain what they were thinking :-)
>
> [General]
> StartWithLastProfile=1
>
> [Profile0]
> Name=default
> IsRelative=0 <=== absolute path
> Path=C:\Users\Username\Downloads\1234abcd.default <=== absolute path
> Default=1 <=== "nominated"
>
> Paul
>

--
Cheers, Bev
666øF -- the oven temperature for roast beast.

[Steve Petruzzellis]

At one point, Ixchel said a COLA denizen was "obsessing" over him, which
was nothing more than him posting to himself. Your system will crawl while
downloading the mass of flood posts. And it takes a long time. But Ixchel
feels the need to insult the cult-like herd of convenient friends. How is
failing potential gray matter tied to a random neuron generator in any way
going to lead to reasoned newsgroup dialog?

Tizen, runs on the JavaScript kernel. So yeah, JavaScript is mobile. JavaScript
is a super computer. JavaScript is a server. JavaScript is a desktop. JavaScript
is growing in market share.

--
Live on Kickstarter!!
https://www.walmart.com/browse/books/family-kids-books/cary-fagan/3920_582053_585918/YnJhbmQ6Q2FyeSBGYWdhbgieie
<https://www.whitepages.com/phone/1-423-491-1448>
Steve Petruzzellis the Narcissistic Bigot