Leaderboard

@Dave-H : A check of "cote.co.uk" on SSL Labs Server test page https://www.ssllabs.com/ssltest/analyze.html?d=www.cote.co.uk confirms what has already been reported; just scroll down to the Handshake Simulation section: ... and see that IE11 only works on Win10 ! As to why, I think I have some clues: I couldn't help noticing how that server was configured: Only TLS 1.2 version is enabled, and only 3 cipher suites for that protocol version: Now, IE11 uses the cipher suites available in the OS's "Microsoft Schannel Provider" library; however, different Windows versions support different sets of cipher suites: https://docs.microsoft.com/en-us/windows/win32/secauthn/cipher-suites-in-schannel If one checks the available suites on Win7: https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-7 one cannot find any of the three cipher suites needed for connection to the server in question... OTOH, checking the available cipher suites on Win10 v1903: https://docs.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-10-v1903 one can find the first preferred (by the server) cipher suite, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, as available, hence the TLS 1.2 handshake succeeds and the site loads in IE11/Win10! However, I don't have answers as to why Chrome 49/WinXP[SP3] also succeeds, unless, of course, ProxyHTTPSProxy is used with it... BTW, Chrome 49 does open the site successfully here, Vista SP2 32-bit, but I do have installed WinServer 2008 updates that enable TLS 1.2 support: Perhaps Chrome 49 has native support for that cipher suite and only uses the Windows Store for certificates, NOT using Schannel like IE does (I'm sorry, my Chrome related knowledge is limited, have only been a Firefox fan from the start!) ... Cheers

... When Vista SP2 reached the end of Extended Support on April 2017, the EoS'd OS at the time was left with only TLS 1.0 native support; the same was true for XP SP3 when it reached its ES end in 2014. Both these OSes can be upgraded to have native TLS 1.1+1.2 support using M$ official updates originally prepared for sibling OSes that had/have "End of Extended Support" dates way past the ones for the OSes in question... XP users can get TLS 1.2 support by installing updates for (NT5.1) Embedded POSReady 2009 (which reached EoS earlier this year) and Vista users can do the same by installing update(s) for (NT6.0) Windows Server 2008, to reach EoS next January (2020); for Vista, you might read this ; I'm afraid XP & Vista (and soon Win7) are no longer regarded as new systems; yes, they are newer compared to Win98 but otherwise "deprecated" by today's standards... Regards

@VistaLover Highly interesting info, thanks! Especially this: > Perhaps Chrome 49 has native support for that cipher suite and only > uses the Windows Store for certificates, NOT using Schannel like IE does So far I thought this Certs+Ciphers stuff were somehow 1:1 related, and all non-Mozilla browsers could only use the same pool. But obviously only IE is completely dependent on the OS. Shocking for me to read: even Vista needs MS updates to get TLS1.2 support? I can understand that Win98 is much too outdated for native TLS1.2, but assumed all newer systems like XP had it long since by default, sigh. And will finally have to store those great ssl-test links!

Well, I expressed myself incorrectly. the MBR is not copied, some parts of it are copied and a new MBR is created using some of this data, correcting it when needed - loosely - the MBR is made of three (actually four, please read as five) parts. 1) Bootcode 440 bytes (0-439) 2) Disk Signature 4 bytes (440-443) 2.a) Unused 2 bytes (444-445) 4) Partition table, 4 entries 16 bytes each=64 bytes (446-509) 5) Magic Bytes 55 AA (510-511) The bootcode can in theory be empty, but some BIOSes/OSes might *want* or *need* some leading bytes The DIsk Signature is only used on NT based systems to "ID" the disk uniquely. The unused bytes are - well - unused an they are normally 00 00. The Partition table's entries contain a byte (either 80 or 00 ) for active/bootable, a byte for partition filesystem ID (not really-really, it is actually a "protective ID", but for years it has been used as ID) some data with the CHS addresses of the extents of the partition and the last 8 bytes are the LBA addresses of the extents of the partition. The boot code cannot be "read" (it can be read but it cannot be interpreted), it could be disassembled, but it is not normally needed/useful, set apart some special code (like grub4dos itself, or - say - MBLDR) there are tens of different MBR bootcodes (including those standard for DOS/Win9x and those for the NT family of OSes) that all essentially do the same, i.e. they parse the partition table contents and chainload the bootsector of the (porimary) partition that is set active. In the example I posted the MBR is completely blank (00's) exception made for the disk signature, the two partition table entries and for the Magic Bytes. What grub4dos does is (on the mem mapped disk MBR) 1) insert a few boot code bytes <- these are not a real boot code but rather some bytes that are needed on some particular BIOSes or OSes, it is only a "compatibility" provision, anyway since you are alreasy in grub4dos you will proceed by-passing the MBR code and either boot the PBR or firectly chainload the OS loader or System file (the io.sys in this case). 2) insert a new disk signature (it cannot be the same as the source) 3) copy the size of the chosen partition and maje an active entry for it with a default offset of 63 sectors 4) write the magic bytes Then on the given partition PBR it corrects the "Sectors Before". Of the partition table, even if you haven't got a parser like (shameless plug) this one for grub4dos: http://reboot.pro/topic/17728-release-mbrviewg4b-a-bat-tool-for-grub4dos/ or (even more shameless plug) Tinyhexer with my Structure viewer: http://reboot.pro/topic/8734-tiny-hexer-scripts/ the relevant parts are easy enough to read manually, namely, for each partition entry: 1) the first byte is active if 80 or non active if 00 2) the fifth byte is the partition (protective) ID 3) the last four bytes are the size of the partition in sectors 4) the 4 bytes preceding the last four are the offset to the beginning of the partition (still in bytes). Now, with this info, let's read the data in the partition table in the screenshots I posted: On the mem drive (hd3) (mapped from the whole disk (hd0), first entry: 1) 00 non active 2) 1C Type 1C 3) B8 0B 00 00 = 0x00000BB8 = size 3000 sectors 4) 3F 00 00 00 =0x0000003F = offset (or starting at LBA or "Sectors Before") 63 sectors Second entry: 1) 80 active 2) 01 Type 01 (this means FAT12) 3) 00 3F 00 00 =0x00003F00 = size 16128 sectors 4) C0 0F 00 00 =0x00000FC0 = offsset (or starting at LBA or "Sectors Before") 4032 sectors The above is exactly the the same as the "original" (hd0) MBR. On the mem drive (hd2) (mapped from only the second partition (hd0,1)), there is only one entry: 1) 80 active 2) 0E Type 0E (this means actually FAT16 LBA mapped [1]) 3) 01 3F 00 00 =0x00003F01 = size 16129 sectors [2] i.e. same size (+1 sector) as the second partition on (hd0) 4) 3F 00 00 00 =0x0000003F = offset (or starting at LBA or "Sectors Before") 63 sectors (which is a "default" offset for first partition in any OS before Vista) Now let's see the bootsectors, the interesting parts are (this is a very small FAT volume): 1) at offset 19 or 0x13 "small sectors" 2 bytes 00 3F= 0x3F00= 16128 sectors 2) at offset 28 or 0x01C "sectors before" 4 bytes, respectively: (hd3,1) - same as (hd0,1) C0 0F 00 00 =0x00000FC0 = 4032 sectors (hd2,0) 3F 00 00 00 =0x0000003F = 63 sectors jaclaz [1] this is a little "bug" of grub4dos, see here for the story of this queer bug: http://reboot.pro/topic/21732-windows-for-workgroups-311-grub4dos-and-protected-mode/ (it won't affect you since you are not going to use Windows 3.1/3.11) [2] strangely enough there is a (rather perverted) reason for this, the partition was originally created in XP and as NTFS, so the "backup bootsector" at the end of the partition (but outside the volume) has been "included" in the volume when it was re-formatted to FAT12.

Mathwiz wrote: "The distorted audio issue seems to be rare, but it does still seem to exist. Has anyone encountered it lately? If so, could you post a link to a video exhibiting the problem?" __________________________ I had these problems, the sound on Twitter videos was distorted as in slow motion. This solution to this audio bug I've found, works here: In about:config click New / string to create this user set new Preference name: general.useragent.override.twitter.com - then value in New Moon 28 is: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:4.2) Goanna/4.0 Firefox/55.0 PaleMoon/28.6.0a1 That's the part that does the trick: "Firefox/55.0" but you can put between Firefox/38.0 to Firefox/69.0 ... or Firefox/99.0 or more... The value in Serpent52/ Basilisk I have: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:42.0) Gecko/20100101 Firefox/52.9 The value in Serpent55/ Moebius I have: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Goanna/4.0 Firefox/55.0 ...and set Firefox compatibility in Preferences/Advanced/General tab, or in about:config set to default true: general.useragent.compatMode.firefox Link to test distorted Twitter video: https://twitter.com/josefkenny/status/974587426676117505 So now, the sound on Twitter videos is OK here, no more distorted audio in these browsers, solved. Thank you!

Well, if you want a Chromium 69 based browser that is able to run on XP (and Vista!), we already have it by now: it's 360 Extreme Explorer by QiHoo (11 version recently updated to build 2251, i.e. v11.0.2251.0, official site here).

That isn't a problem only for users of older OSes; it's a problem for anyone who prefers a platform other than Google's Chromium! Opera switched to Chromium long ago. Micro$oft switched from IE to Edge a little less long ago, but the "new" M$ Edge for Win 7/8.1? It's Chromium-based. It's gotten to where Chromium is the new IE monopoly! (But at least M$ wasn't using IE to spy on me or to dragoon me into helping train their AI.) I sometimes wonder if I should have a SSUAO for Google sites, claiming to be Chrome, just so Google's reCaptchas don't bug me quite so much, but then I remember I'd have to update the SSUAO almost as often as @looking4awayout updates the UOC Patch! No, he means New Moon, as the Pale Moon folks will angrily tell you if you ever make that innocent mistake on one of their forums. "Pale Moon" is only one of the browsers officially released by Moonchild Productions. Pale Moon does not run on OSes considered "obsolete," like XP or Vista, and woe to the poor soul that mentions XP or Vista on a Pale Moon forum. Anyone else's build is "New Moon" unless they develop their own branding (e.g., MyPal, Arctic Fox) for their own fork of Pale Moon. Edit: Doggone it, @VistaLover beat me to it again! Foiled by a page break....

No, he's right: Pale Moon (28) is the official browser by Moonchild Productions that targets Win7+; the fork maintained by @roytam1 is a yet unbranded one, with the (interim) name being New Moon, that adds (restores) XP and Vista compatibility to the browser; over the course of development, Pale Moon and New Moon (and certainly Basilisk and Serpent) have diverged even further, beyond the initial point of New Moon being just "Pale Moon for XP"; also, you're kindly asked to refer to the fork as New Moon only, because using the official branding (Pale Moon) when actually meaning the fork tends to aggravate the upstream developers (who then make angry appearances here and lash out at the fork maintainer and users...). I realise you're a new addition to the MSFN forums, I'd like to welcome you, too, but kindly advise you to get some facts straight first by reading existing threads... Regards

I mainly Use @roytam1's K-Meleon, Serpent, and New Moon 28 builds. Some people say they have sites that wont load in these but I have encountered one as of yet. I've never tried the 360 extreme browser, because while I hear some tracking is blocked, it doesn't sound like all is. And I have no real need for a heavy chrome browser anyway.