Sfor

I was able to get the "Custom UserAgent String" working in the Firefox 51. The trick was to use the 0.1.6 version, instead of the current one. The old version is a bit more difficult to use, as there is no possibility to change the order of the user-agent string rules. Also the order of rule processing is different, as the last rule has the highest priority.

So, the problem may be related to Primetime Content Decryption Module, somehow. I wonder if the upgrade to 52 messed it's settings.

I did test the problematic site https://www.tvn24.pl/ on a different computer. It had a copy of my "main" system made quite a few years ago, there. At first everything worked OK. Then I updated the Adblock rules to match the "main" system. Then everything started to show the same symptoms from the "main" system. The funniest thing is, symptoms did not rescind after disabling or removing Adblock. So Adblock rules were some sort of a one way switch, which made everything very difficult to analyze. It could be difficult to reproduce the effect, as Lack of symptoms is not enough to get a definite conclusion, I'm afraid. I had an opportunity to observe some sort of the profile data corruption during an upgrade from 51, before. Reverting to 51 rescinded the symptoms. Since my Firefox profile accumulated a lot of passwords, bookmars, tweaks and such, I would have to invest quite some time in resetting the profile. I'm planning to do it, if the idea with improving the 51 fails. Getting the same funcionality with 51 seemed to be faster and safer route.

Test on a different computer with updated plugin produced the same results. Always activate is selected. The notification states the plugin is active. If I select the button to deactivate it, I have to activate it in the next visit at the site. Then everything gets back to how it was before. I mean, the flash does not work. Firefox 51 seems to be the last version with fully active NPAPI. Later versions do have just the Adobe Flash NPAPI support. All other NPAPI plugins are blocked there. In the 69 the NPAPI was disabled for good, as far as I remember.

Well. On some sites, it does not play flash content. It just displays notification, the Adobe Flash plugin is enabled with two buttons: 1. to disable it 2. to let it be enabled. After letting it be enabled the same notification pops up again. On other sites everything works, but the same notification appears randomly. It comes from plugin manager, or something like that. I did many experiments, and it looks like everything works fine, but after updating Adblock rules the particular site gets locked somehow. Disabling Adblock does not unlock it, however. In order to make it work again I have to restore the Firefox profile or create a new one. My profile was created long time ago in some old Firefox version. It could be possible, the settings were messed up somehow, with some upgrade on the way, I suppose.

According to the specifications it should work with firefox 48 and newer. But for some reason it does not work with 51. And no, I did not try any older version. My goal is to get it working with 51, as this version is working very well. Also it seems to be the last one with plain old Java support.

The Firefox 52 ESR seems to be problematic with the flash support. So, it looks like the best choice is 51. But, I'm encountering more and more problems related to the accessing different sites. On one site I have to spoof the user agent string to Firefox 69. On other it works if the string is not spoofed, but does not work correctly with 69. So, it would be good to have an user agent string switcher, able to switch the string depending on the site. I found Custom UserAgent String to be working well, but only on Firefox 52. With the older 51 it installs, but does nothing. So I'm looking for some user agent string switcher able to work with Firefox 51.

If a browser complains about problems with https certificates, the first thing to check is the system date. I had quite a few issues with clients complaining about not being able to browse the Internet, when the system date was not right. The change to a different OS would do no good, in such a case, of course. I assumed Windows 10 is on different computer. But, if not, then it is not a case of wrong system date, certainly.

Well. For now I'm using Explorer++, instead of the Windows Explorer. After reading the thread it seems, there is no simple way to force Windows Explorer to change the row height in list view. - It is possible to modify ExplorerFrame.dll, but the Windows Update can overwrite the modified file. - There is a registry hack to disable auto arrange in folders. A side effect is change in row height. Not all types of folders are affected, as well.

I moved the hard drive from HP dc7900 CMT E8500 to HP 8000 Elite CMT E8600. After installing the missing drivers it appeared the video playback from MPC-HC became very unstable. The video and audio are out of sync quite often, the playback is not smooth, as it should be. The lower the video resolution the higher the display couner goes. It looks like the GPU always works with full throtlle adding frames, when the monitor works at just the 60Hz. The presentation glitch couner is constantly rising, even with the video playback paused. I tried many things: - I did replace graphic cards with GeForce 8600 GTS, GeForce 9500 and GeForce 6600. - I did fall back to old NVidia drivers along with GeForce 6600 - I did try to move to MPC-BE. - I did the clean Windows XP install with all the drivers and applications. - I did tests with the built in motherboard Intel graphics adapter. - I did replace the E8600 with E8500 But, I failed to solve the problem. Everything works perfectly on Windows 7. When it comes to Windows XP, I had no problem with HP dc7800 and HP cd7900. So it appears HP 8000 Elite with installed Windows XP is the cause, somehow. On HP dc7900 everything works fine with display counter at 59,9xxHz with clock deviation below 0.1%. On HP 8000 elite, the display couter shows 60Hz, at first. Then the couter jumps higher at the next second always showing above 200% of clock deviation. The Repacement of E8600 with E8500 improves everything. I mean, the clock deviation stays below 100%, and the presentation glitch counter rises 100 times slower. It could be some kind of a bug in MadVR making it go crazy with E8600 onboard. But this is the case only when there is a problem with syncronizing. On a different computer or a different OS there is no problem with E8600 at all. So, I'm out of ideas. What's so special about the HP 8000 elite CMT, besides the obvious use of the nonstandard PSU. (The PSU is connected to the motherboard with 3 slots. All the hard drives, optical drives and other devices are powered by SATA power plugs connected to two slots on the motherboard. So there is no direct power cable connection between PSU and SATA drives)

I'm trying to get the Explorer file list view with very large font (17 or so). The problem is the rows are not scaled along with the font. In case of Windows XP rows are getting bigger if the font is lagrer than the icon. In case of Windows 7, the rows are set to icon size, if the font gets bigger than the icon the text gets clipped at the bottom. The function of scaling the fonts in general, is not a solution for me. The idea is to get very large font in explorer, while leaving the screen vertical resolutution at just 720 points. Increasing the font above 100% makes a lot of dialogs too big to feet the screen. So, I'm increasing just the icon font, but the result is somewhat disappointing, when compared to what I was getting in Windows XP. The file names to be displayed are long, so the small icon view does not do the job, as well.

According to my research the SMB vulnerability is related to remote procedure call over SMB. The Microsoft patch should solve the problem, but I wonder if there is a way to disable RPC over SMB, without losing the whole SMB.

I have an opportunity to play a bit with an application Insert GT. It is capable of checking customer data within online goverment public database. The application developer provides such a service on it's own servers running Microsoft Azure. Yesterday the service connection stopped working in Windows XP. I tested the issue with both ProxHTTPSProxy and Burp Suite Free Edition. The service worked with both of them, but... The Insert GT does not use the system HTTPS proxy setting. I had to use the global proxy for all protocols for the application to use the proxy. As expected ProxHTTPSProxy did the job for https, but the http connections stopped working. In case of the Burp Suite Free Edition both http and https are working correctly.

SMB (NetBios) does work without TCP/IP, as well. The problem is the Windows XP does not install it by default. So it is necesary to install the files by hand. So, it is possible to use SMB without TCP. The plain NetBios will not go trough the internet, as it is not possible to be be routed. That's why, back in the Windows 98 days I used to link the Microsoft Networking with just the NetBios leaving TCP/IP unlinked. Unluckily, Linux systems are unable to use SMB without TCP/IP. So, no connection to Linux SMB shares with just the NetBios. Still, having both NetBios and NetBios over TCP/IP linked to Microsoft Networking is a good thing to have, when DHCP server is down. Also I was not interested in NetBios without TCP/IP on newer than XP systems, so I do not know if Vista and 7 can use plain old NetBios without using TCP/IP. Im working with mixed Linux and Windows networks, so I lost my interest with windows 9x style NetBios years ago.

I'll add my two cents, as well. I'm sticking with SystemRescueCD, Partimage and BackupPC. Advantages of Partimage: - free - can do bare bone recovery - does copy only used parts of partition, so the resulting image is small. The built in commpression makes it yet smaller. - does make a copy of the MBR, and is able to restore it. - copies can be made through network connection and stored on another computer Disadvantages of Partimage - it is not as simple to use as other tools With a bit of tweaking I made a PXE botable image of SystemRescueCD with network support. Now I can remotely power on a computer, boot a SystemRescueCD on it through PXE then make a copy, or restore a partition. So, I can make backups of workstations, while being at home. I know the FOG can do all that, and do it in a simpler and more automated way, but the FOG is not particulary convenient when dealing with FAT32 or multiple partitions. So, my solution is to manualy make copies of system partitions once a few months or less often, while the data are kept safe by BackupPC servers in a complete automated manner.

Well, the IE proxy setting just for https was enough to solve the problem. It was not necesary to add the passtrough entry.

But the IE does not connect to http://www.google.pl/ in such a case. With Proximitron in the middle, the http connection is redirected to https without problems, so there is no "Bad Request" message, then.

It seems the ProxHTTPSProxyMII teamed with The Proximitron can add the TLS 1.2. I was able to confirm it with IE 8. While trying to get the thing working I noticed an interesting option in the The Proximitron version Naoko 4.5. In "config" - "HTTP" section there is "Use SSLeay/OpenSSL to filter secure pages (requires ssleay and libeay23 DLL files)". It seems there is option to filter the HTTPS without ProxHTTPSProxyMII. But, I was unable to provide The Proximitron with the DLL libraries it would be satisfied with. So, perhaps just The Proximitron could do the TLS 1.2 conversion.

Well, I'm unable to install the Chrome 36, as it is always updating itself to 49. So, I can not test how it behaves with TLS. I think the first thing to test is if Chrome is able to work without schannel.dll. There is a chance, the Chrome prior to 37 does have it's own TLS support (without TLS 1.2, however). Without knowing that there is a chance of wrong understanding of what is going on with the Chrome and schannel.dll.

Well, using the site https://www.ssllabs.com/ssltest/viewMyClient.html I found the both Firefox and Chrome are supporting TLS 1.2 with the schannel.dll provided with the XP. So, I strongly doubt the Chrome is using schannel.dll. So, replacing the file to the React OS version should not affect both Chrome and Firefox. On the other hand the ChromeSetup.exe does not work with the React OS schannel.dll. So, the Chrome setup does use the schannel.dll, after all.

Unfortunately the applications I wish to test against TLS 1.2 support are not browsers. They are mostly goverment tax declaration form senders and managers. The goverment tax service will not work with just a browser, as the protocol is not user friendly. I did play a bit with schannel.dll. After replacing it with a file taken from Windows 7, the IE 8 stopped working with https, completely. There were no visible error messages, the IE just did not make any connection. ------------------------------------------------------- I did the same experiment with schannel.dll and mbedtls.dll from ReactOS. The result was almost the same as with Windows 7 schannel.dll file. The difference is, with some sites IE 8 crashes, with most of thei it does not connect. It seems the ReactOS is using mbed TLS 2.3.0 and schannel.dll is just a wrapper for mbedtls.dll. mbed TLS 2.3.0 should support the TLS 1.2. Another question is, if Microsoft added TLS 1.2 support with updates for Windows XP Embedded. If so, it would be logical to use them instead. Another task is testing if a particular application is gaining TLS 1.2 support. To do so it would be necesary to redirect connections to some other server. Well, redirecting to a different IP through DNS is a simple task, but I have no experience with HTTPS servers. I would be good to have a server with an ability to switch between TLS 1.0 and 1.2. On the other hand, perhaps it would be a better choice to use a proxy, instead. While using the original server, to switch on and off TLS 1.0 with the proxy. Yet another idea is to leave Windows TLS support as is, and to use a TLS 1.2 capable proxy to make the connection, instead.

Well, since some sites (like Google Maps for an instance) are not giving all options to Windows XP users, I'm using masking agent with Windows XP and Firefox. So, my Internet activity adds to Windows 7 share. Im a bit curious, how many Windows XP users are masking their user agent strings. The Windows XP share could be bigger than expected, because of that. Recently, I encountered a problem which can significantly decease the Windows XP usefulness. The world wide TLS 1.0 to TLS 1.2 migration can affect many Windows XP based activities. The simple web browsing will be ok thanks to Firefox, because it has own system independent TLS implementation. But most of the Internet based utilities use the system support for TLS.

More and more web sites are turning the TLS 1.0 off. There is no big deal with the web browsing, because the Firefox handles the TLS 1.2 just fine. But, some other applications will be affected. A nice example are the utilities made to send XML based electronic goverment declarations. The Polish goverment servers will turn off TLS 1.0 in the middle of 2017. I strongly doubt the utilities used to send the declarations do have own TLS 1.2 support as the Firefox does. The declarations can not be sent through the browser, so Firefox will not do. Is there a way to check if an application has it's own TLS support? Is there a way to add TLS 1.2 support to Windows XP?

On the affected computer the Security center seems to be working correctly. But the "Change the way Security Center alerts me" link is disabled. How to get this link working? --------------------------- Oh, well. ComboFix did the job.

The network connection status icon (the one with two computers and their screens flashing when the connection is active) is a valuable help, when there are problems with network connection. So, I'm always living it as always visible on my clients computers. In case of a problem, when I'm unable to access a particular computer remotely, I can always ask the user if everything is right with the icon. But, there is a downside. Sometimes users are mistaking the network connection icon with some other, shuting down the network connection by mistake. I'm trying to find out a way to keep the icon displayed, while disabling the possibility of shuting down the network connection with it. Perhaps it could be possible to replace the system icon with some other? Or, perhaps, it is possible to restrict the user rights, so it will be not possible for him to shut down the network connection?