Brave might have changed the domain from a Google server to one that didn't offer a strong guarantee of providing a correct TLS handshake time value. The server they used might have ended up having the wrong time, or it might randomize the field, which I think became permitted.
Conversation
It's important because instead of training the user to accept invalid certificates, they are informed that their system clock is wrong, which they can check themselves, as you did. So, it seems Brave broke this feature, but the feature itself is a useful and important one.
2
They broke it even worse because, due to the wrong determination that system time is incorrect, it won't allow overriding the cert error.
1
1
It's also not possible to override those errors via the standard UI when a site using HSTS. There's a secret way to bypass the screen, which might work for you. You need to type a secret string for bypassing it. I don't know the string for current releases off the top of my head.
2
I wonder if better UX would be allowing easy bypass of the error, but:
1. showing site as insecure
2. disabling all cookies/localstorage for the site
3. disabling form entry/submission for the site
4. severe warning or blocking [executable] file download from site
2
Try typing "thisisunsafe". It's the current bypass for certificate errors on sites with HSTS:
chromium.googlesource.com/chromium/src/+
I think it's part of the HSTS standard that it prevents bypassing certificate errors, but I think most browsers include a secret way to bypass it for devs.
2
1
2
Yes, I don't have configured any way to bring up a keyboard when not in a text entry field though, so no luck there.
1
1
FWIW, Hacker's Keyboard can do this. I don't like it as a default keyboard but it has a few nice features. I think long pressing the menu button does it for the AOSP keyboard and Gboard but phones don't include physical buttons anymore, let alone the menu button.
1
1
Kinda similar to how AOSP has generic support for undo / redo in standard widgets like text fields, but most keyboards don't provide an undo / redo button and the ctrl-z / ctrl-shift-z keybinds aren't exposed via most virtual keyboards in their layout since they don't offer ctrl.
1
1
All the Android keyboards are so bad. I use an abandoned one called multiling. That and hacker's are least-bad. A good one would provide blank keycaps matching compact pc physical layout and let you apply any xkb layout file on top of it.
1
1
It's unfortunate that Google stopped developing their keyboard (Gboard now) as an enhancement to the open source AOSP keyboard project. They've made massive improvements which would have been included in it and it serves as the basis for most of the alternate keyboard projects.
It's so ridiculous that "keyboard apps" (rather than keyboard layouts) are even a thing.
1
It's support for alternate input methods in general. It covers the input method (typing on keys, swipe, more complex methods for other languages), suggestions, spelling correction, clipboard management (no longer allowed to be done by other apps) and approaches to multi-language.
2
1
Show replies
If the sources of Gboard were still published, as they used to be in the past when it was Google Keyboard, it would be a great base for creating a fork aimed at power users. The AOSP keyboard is very dated and it's a lot of work to start over. There are only good paid options.
2