Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


All Activity

This stream auto-updates     

  1. Yesterday
  2. I understand; I too have mixed feelings about signed extensions. It certainly helps users have confidence in who developed the add-on and whether it's been modified, but taken to extremes, it just becomes another closed ecosystem, like the Apple store. (There's also an implied promise: if, say, MCP signs an add-on, the user is likely to believe that MCP has checked the add-on for malware and the like. I think Mozilla tries to do that, but it's probably beyond the means of a smaller organization like MCP.) Probably the best approach would have been something similar to code-signing certificates. When you install an add-on, it would validate any signature, and the certificate used to sign it, and let you know who, if anyone, signed the add-in, and whether anything was amiss. But the certificates wouldn't have to come from Mozilla, MCP, or anyone in particular, so there's no implied guarantee; and the user would have final say on whether any add-on was allowed to run, so if you knew why a signature was invalid, you could override the check for that add-on and let it run anyway.
  3. ... I spent the better part of last hour researching and reading on this ; the ability to install id-less extensions from AMO into Basilisk was lost (what is called a regression) when the MCP devs decided to remove the internal platform mechanism that effectuated extension signature verification; this happened early on during Basilisk's development, when the (experimental at the time) application was "baking" on top of the (now deprecated) Moebius platform... Put very simply, id-less extensions acquire first a temporary (internal) id and then a permanent one, whose strings are derived from their verified signature hash; you need to have a working internal mechanism to process the add-on's signature and then generate valid id strings for the installation to succeed; but the devs in Moebius wanted to remove that mechanism altogether and not just allow the installation of unsigned extensions, because then unsigned installed extensions would produce warnings inside about:addons (Add-ons Manager, AOM); this is indeed what happens when you install unsigned extensions in FxESR 52 with the pref xpinstall.signatures.required set to false (NB that, as I have posted in another thread, extension signature verification - in FxESR 52 - is still performed in the background for already installed signed extensions and will also be triggered when a new signed extension is about to be installed!). There wasn't uniform agreement between the dev team which features inherited from Mozilla should be kept and what regressed functionality should be restored; Moonchild himself wanted to cut-off reliance on Mozilla-issued certificates (in hindsight, he was probably right, given the recent - May 3rd - armagaddon-2.0 Mozilla debacle), that meant removing the signature verification code; an "incomplete" workaround was implemented in PR #279 (see below); in any case, the focus of the team was always on Pale Moon (which, by design and choice, doesn't support WEs at all), as for Basilisk's inherited WE support, it wasn't very high on their agenda at the time (and we all know how that ended! ). If you've got spare time to spend, some Moebius era GitHub issues and pull requests are linked below: Addons - Can't install some addons: https://github.com/MoonchildProductions/moebius/issues/238 Add ID from a signature if it isn't included in manifest.json: https://github.com/MoonchildProductions/moebius/pull/251 Fix signed extension checks: https://github.com/MoonchildProductions/moebius/issues/277 (emphasis should be put on Moonchild's comment below: https://github.com/MoonchildProductions/moebius/issues/277#issuecomment-356231470 ) Get IDs for ID-less WebExtensions without breaking normal libJAR signature checking: https://github.com/MoonchildProductions/moebius/pull/279 Then the Moebius platform was left to rot... When Basilisk was later ported to UXP Take 2 (now just UXP), the issue of id-less WEs resurfaced: https://github.com/MoonchildProductions/UXP/issues/373 but Moonchild decreed: and he "WON'TFIX"-ed that issue... ; moot point now in the case of official Basilisk, still an issue with the Serpent 52/55 forks... =============================================== Disclaimer: Had a rough day today , so I might have not grasped 100% correctly what was contained inside the devs' exchanges in the linked issues/PRs; I have the sense the "general idea" is there, but anyone is free to correct any misunderstandings on my part...
  4. I appreciate all the concern for Windows Vista on page 199 of this thread! You might be interested to know that Microsoft has just revised Customer guidance for CVE-2019-0708, which now advises those running Vista to install KB4499180 for Server 2008. The KB article has also been revised to include Windows Vista.
  5. Excellent detective work: So, I had to know: since versions prior to 1.4.0 work in FF 52, could, say, 1.3.0 (which I agree has superior functionality) be "fixed" to run in Serpent, simply by adding the above block to its manifest.json file? Yes! I just tried it; of course changing manifest.json invalidates the sig, but unlike FF, Serpent doesn't care about that (actually my copy of FF has been set not to care about it either, but you don't need to "fix" Tab Tally for FF anyhow); and with that change, Tab Tally 1.3.0 installs and runs in Serpent fine! Not a huge deal, but I wonder why the heck that function was removed? Was this just another case of MCP getting rid of code they didn't think the browser needed, as they did with all WE add-ons later?
  6. Thanks @actinium! I just tried to open a docx Word file in Office XP on Windows 98SE, and it failed! I'm now just getting an error message which says - "This is a pre-release version of the Compatibility Pack and can only open pre-release Office 2007 files only. Do you want to check for a newer version of the Compatibility Pack?" If I press "Cancel" nothing happens, and if I press "OK" it opens Internet Explorer 6 (!) with a "not-found" page. This is really odd, because I'm sure it used to work! I've tried repairing the installation and uninstalling and re-installing, but the same result. I'm sure it will no longer open files that it used to open, so I don't know what's changed. I did try that Windows 2000 version of the installer you kindly linked me to, but it doesn't work in any KernelEx mode that I tried. It gets past the licence agreement with KernelEx, but then just says the installation failed. I might try extracting the files from it and if there's an msi file and associated cab file in there and try that. It was an msi file I used for the original install, which does still install fine but now no longer actually works. If it now needs SP3 of the Pack I guess I'm stuck, because I never got that to install at all, but it did seem happy without it until now.
  7. I would like an objective discussion/fair criticism on quality too besides piling up all the Start menus in the world. That would help me and Ivo to improve Classic Shell.
  8. During the MainPathBoot phase, most of the operating system work occurs. This phase involves kernel initialization, Plug and Play activity, service start, logon, and Explorer (desktop) initialization. To simplify analysis, we divide the MainPathBoot phase into four subphases, as show in the next picture. Each subphase has unique characteristics and performance vulnerabilities.
  9. I changed to a custom Vista theme for Windows 8, which works perfect. For all of those bells and whistles of the Aero theme, you can just go to the advanced system settings and change performance settings in there. Of course, for features like Media Player
  10. Well i must be the last human being on this planet to run Windows Server 2003 as main server OS to host anything i need to. I've appilied a lot of tweaks, removed unneeded stuff to get MAXIMUM PERFORMANCE!
  11. @heinoganda Thank you so much I have finally got my XP antivirus updated. Last update I got to succeed was 2017!
  12. Sorry I fixed localized problem on v3.0b.
  13. I think newer AMD AHCI storage controllers are dependent on ACPI to manage resources - without ACPI the Advanced Programmable Interrupt Controller doesn't work, so AHCI controller never receives IRQ
  14. Alright so I got a few problems.... So over my long weekend my younger sister decided to take out the headphones the rough way, and all of a sudden it got stuck. I had to uninstall the SmartAudio driver and use the High Definition Audio driver; set Speaker to default and Headphones disabled and the Speaker on my laptop works now. However, on Windows startup, when the Vista orb animation appeared, I couldn't hear the sound. My volume's good, the "Play Windows startup sound" in Sound Preferences is checked and "Speaker" is the default. Is there anything I should change? And also I can't hear the Windows error tones. It's set properly with the appropriate sound effects, with Speaker working, but I don't hear the Windows error tones. But on the Volume Mixer I could hear the Windows Ding just fine.
  15. Is it a bug or not? Try to speed up or slow down some Youtube video (w/o hardware acceleration). When I do this my CPU is running at about 80%. Mypal (Feodor2's) mod v28.4.1 works fine, at almost the same CPU usage. Tested with roytam1's mod v28.5.0a1 and some old builds. Windows XP x86.
  16. ... Let us just revisit Tab Tally, shall we? https://addons.mozilla.org/en-US/firefox/addon/tab-tally/versions/ All versions currently listed on AMO are, of course, of the WE format; version 1.0.0 is advertised as being compatible with Firefox 49.0+, versions 1.1.0 through to 1.3.0 advertised as being compatible with Firefox 48.0+; I was particularly interested in one of those older WE versions, because they duplicate the functionality of the XUL ("legacy") version 0.1.1, now removed from AMO (but is recoverable via the CAA extension). All (WE) Tab Tally versions 1.0.0 to 1.3.0 install and function properly in Firefox ESR 52.9.0[1] ; "properly" is actually the "desired-by-me" way (constant visual display of the number of tabs, updated in real time when that changes...); of course, the latest version 1.4.0 also installs there, but with a slightly degraded (IMHO) functionality... But trying to install any one of Tab Tally versions 1.0.0 to 1.3.0 in Serpent 52.9.0, you'll be met by a failure to install in the form of message: That's because v1.0.0 to 1.3.0 are id-less WEs (one only has to inspect their manifest.json files) and Serpent 52 lacks the API to allow installation of id-less WEs (but FxESR 52 does support that API). In version 1.4.0 of Tab Tally, the author re-introduced the "WE-id" feature inside the manifest.json file: "applications": { "gecko": { "id": "@tab-tally" } } and made it compatible with even older Firefox versions (min version lowered from 48.0 to 42.0) and, probably unbeknownst to him, also restored St52 compatibility; 1.4.0, as discussed previously in this thread, would install fine in St52 (but not v1.0.0-1.3.0, which do install and work fine under Firefox ESR 52.9.0... )
  17. I don't use Gmail. I pay for email services I trust to keep my email private and secure. There was a time when I unknowingly used gmail though. For a hot minute there was a wireless ISP called ClearWire. (Sprint eventually bought them out just to shut them down, but that's another story.) Anyhow, like many ISPs at the time, ClearWire provided free email at their clear.com domain. Little did I know it was actually just Gmail in disguise! Moral: beware of your ISP's "free" email accounts!
  18. He's gonna see whether you are a Winnie the Pooh fan and judge you. xD https://www.theguardian.com/world/2018/aug/07/china-bans-winnie-the-pooh-film-to-stop-comparisons-to-president-xi
  19. Last week
  20. In my opinion in XP Home the file is absent. My PC with XP Home is therefore safe from the exploit.
  21. Gmail???? Have you read this article? https://www.ghacks.net/2019/05/18/gmail-tracks-all-your-purchases-and-it-is-difficult-to-delete-them-and-impossible-to-stop/
  22. I prefer my browsing habits sent to China than to Google anyway. And I never keep logged in to it... just for Gmail, if at all, when needed.
  23. Dave-H I wish you nice holidays. Here in Crete we have holidays all year round I'm thinking of creating a new thread with all the updates for the Office 2003 + Office Compatibility Pack.
  1. Load more activity
×
×
  • Create New...