Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


  • Content Count

  • Donations

  • Joined

  • Last visited

  • Days Won


Everything posted by Mathwiz

  1. I'd been using that myself, but decided to stop in favor of the "Canvas Defender" add-on. The purpose of the canvas.poisondata pref is to randomize canvas data to avoid fingerprinting. However, there's a problem with this approach: most browsers don't have that feature. Even NM/Basilisk don't enable it by default. So all Facebook, Google, etc. have to do is to run the fingerprint twice, observe that the browser returns different results each time, and they'll know that the user belongs to the small subset who have browsers or add-ons that poison canvas data. Then other, less precise fingerprinting techniques can still uniquely identify users within that small subset. Canvas Defender, in contrast, changes canvas data periodically rather than every time a fingerprint is attempted. The rate of the periodic changes can be set anywhere from once per minute to once per week (or turned off completely so you can change it manually as desired). The idea is to look like one of the "unwashed masses" who don't poison their canvas data (thus allowing tracking for a while), while in reality poisoning canvas data often enough to render said tracking useless.
  2. Mathwiz

    Latest Version of Software Running on XP

    Yes, it's there and set to Always Activate. Edit: Turning off e10s didn't help. It runs in Safe Mode though, so it's probably conflicting with some add-on. Edit 2: Found it! It was Canvas Blocker.
  3. Mathwiz

    Latest Version of Software Running on XP

    Interesting. Runs fine in IE8, Advanced Chrome (NPAPI support restored), and NM 28, but not Seamonkey 2.49.5 or Basilisk/UXP (neither official on Win 7 nor Roytam's build on XP). On those I just get prompted to install Silverlight Anyway, it's clearly XP-compatible.
  4. If @rockmaster113 is lucky, Slack is just blocking older browsers so that they have fewer configurations to test, and fewer variables to contend with when they take support calls. I'm hopeful that a spoof will let Slack work, if not with FF 47, then at least with FF 52 or one of @roytam1's Basilisk builds, which were forked from FF 52 & 53 with few changes. It may look different when rendered by Gecko or Goanna vs. Quantum or Chromium but hopefully it'll still be usable. Anyway, we'll find out in March.
  5. I'm not sure, but if you only install kb4019276, you may need to make some registry changes to enable it. More info here: https://support.microsoft.com/en-us/help/4019276/update-to-add-support-for-tls-1-1-and-tls-1-2-in-windows I included those registry changes in my .reg file to disable insecure algorithms, posted right after the post I linked to.
  6. I guess there's no way to know for sure until 3/15, but even if spoofing doesn't work for FF 47, there's probably an XP browser it will work with. Whether FF 47 will still work (with a spoof) probably depends on what Web technologies Slack relies on.
  7. Scribd.com only supports TLS 1.2 with AES now. Make sure you have the updates listed here (you can ignore the references to Skype): KB4019276 adds TLS 1.1 & 1.2 support to XP; KB4230450 (or any subsequent cumulative IE8 update) adds them to IE8 (which may or may not be necessary for Internet Download Manager).
  8. Mathwiz

    Newest Adobe Flash and Shockwave, and Java, too!

    Yes, @Dave-H & I both decided to post about today's Silverlight update at around the same time. He picked this thread & I picked another
  9. Mathwiz

    Newest Adobe Flash and Shockwave, and Java, too!

    It is - if you spoofed 32-bit Win 7 or later in your browser's user agent string. (Actually, spoofing a 32-bit browser on 64-bit Windows would probably work too, but I didn't try that.) Vista and XP are offered older versions. 64-bit Win 7 is offered a 64-bit version, of course. BTW, on Firefox or its derivatives (NM/Serpent/MyPal/Seamonkey/etc.), make sure to use/spoof version 52, since later versions don't permit any plug-ins besides Flash. Edit: BTW, does anyone know of a good Silverlight test page (other than Amazon Prime)?
  10. Mathwiz

    Latest Version of Software Running on XP

    Believe it or not, 5.1.50907 may not be the final release. On Win 7, WU just today updated Silverlight to 5.1.50918! Edit: It looks like one of those updates to handle the new Japanese era (like the Office 2010 updates M$ keeps fouling up), so it may or may not be compatible with XP. I checked MU on my XP VM. The update wasn't there, but since POSReady '09 is still supported, it still might appear in a day or two. Edit 2: Downloaded the new Silverlight to my XP VM and installed it. Does anyone know of a good Silverlight test page?
  11. Mathwiz

    Newest Adobe Flash and Shockwave, and Java, too!

    I realize this is several months late, but Shockwave for Director was released on June 6, 2018. I just found out! Edit: Here's the download link. http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/sw_lic_full_installer.exe
  12. That's fine, especially if you don't use it. Just turn it off and forget about it; there's no need to bother with add-ons. The add-on I found just toggles the same preference in about:config. It's strictly a convenience for those who use WebRTC but want it off during general browsing for greater privacy protection
  13. Mathwiz

    Latest Version of Software Running on XP

    Still available via the Classic Add-Ons Archive also.
  14. Specifically, WebRTC leaks two bits of info that may compromise your privacy: Device ID hashes for your microphone & camera The IP address on your local network #1 can be used for browser fingerprinting, allowing the likes of Google and Facebook to secretly track your online activities; luckily it's mostly a problem for Chromium-family browsers, not for Firefox-family browsers like Basilisk. The latter browsers randomize the "salt" used in the hash whenever the browser is started, so unless you leave your browser session running for weeks at a time, the ability of anyone to use #1 as a secret tracking cookie is limited. #2 is more problematic though. It can reveal your "real" address behind a VPN, which could be used for censorship, or alert the authorities that you're accessing "banned" material. More commonly, it will reveal one of those non-routeable local IP addresses starting with 10. or 192.168 assigned by your (real or virtual) router. That's less worrisome, but if it doesn't change often, it too can be used in conjunction with your public IP for browser fingerprinting. If you don't need/use WebRTC, the website linked above contains instructions for disabling it and preventing those info leaks. But what if you do use it? One solution might be the WebRTC Control add-on. This adds a toolbar button that simply toggles WebRTC on or off, a la the popular Flash Disable add-on. So you can leave it off for normal browsing, but turn it on before going to a site that requires it. Edit: Should have checked first. Couldn't install WebRTC Control linked above. All three versions download OK but Basilisk reports that they all appear to be corrupt. Must be a bad hash somewhere Try the "classic" version of Disable WebRTC instead. I think a better solution would be an add-on with a white-list, which would enable WebRTC automatically, but only for sites like Discord and Skype. But I haven't yet found a Basilisk-compatible add-on that has such a white-list
  15. Well, over the weekend CAA updated itself to version 1.2.3, overwriting the change you suggested. I reapplied the change and of course it works again, but obviously will have to do that every time CAA gets updated ... oh, well ....
  16. I've heard of that problem before. KB4480077 updates .NET Framework 4 Client Profile; yet it may refuse to install unless .NET Framework 4 Extended is also installed. Looks like KB4470490 updates both Client Profile and Extended.
  17. Mathwiz

    Latest Version of Software Running on XP

    Well, that didn't take long. They're already up to 3.0.6.... Oooh ... High Dynamic Range ... wish I had an HDR monitor to try it on.
  18. Yes, updating the .NET frameworks (especially .NET 4.0) always seems to take forever and a day.
  19. Thanks! I have the legacy version, 1.1.2. I'll test 1.4.0 but I'm pretty sure it'll work since it works on @roytam1's version. Edit: It does work. I would have been surprised if it didn't. The WebExtensions API is inherently compatible with multiprocess mode; the next question was whether Basilisk 52 supported enough of the API, but since it works on the XP build that was all but certain to be true as well. Still, you never know about these things until you try them - especially when using an unsupported feature of the browser
  20. Admittedly a kludge, but it does seem to work! I can now add Classic Add-Ons Archive back to my default profile, although Markdown Viewer must remain consigned to a separate Single-process mode profile. I'm still surprised multiprocess mode works in the first place. On my XP VM I could have just gone back to single-process mode and it would have been fine; but on Win 7 Basilisk kept freezing anytime another tab auto-updated in the "background" (until I discovered multiprocess mode works). So this kludge will still help me. Thank goodness for 7-zip too; it makes it easy to update files (like bootstrap.js) within .xpi files (like ca-archive@Off.JustOff.xpi).
  21. Those values used to be there - I've seen them - but installing the latest IE8 update may have removed them. If they aren't there (they're gone from mine now too) don't worry about it. They were intended so that IE's registry keys could be configured the same for all OSes, but TLS 1.1 / 1.2 would still show up only on Win 7 and up, so they aren't needed now that TLS 1.1 / 1.2 work on XP.
  22. Mathwiz

    Beware Office 2010 Updates!

    Yep - it's KB4461614, a "security" update to MSO.dll. Same stupid mistake as the one that started this thread: it "secures" Office 2010 (including even free products like PowerPoint Viewer) by making sure it doesn't run at all on XP. 8-) Edit: Removed KB4461614 and PowerPoint Viewer runs OK again. Guess I'll have to hide it....
  23. Mathwiz

    List of unsupported feature by/for Windows XP

    It looked to me like they've made a lot of progress - they have Office 2010 installing now - but there's also a ton of work left. Obviously Windows is a moving target. They have it mimicking XP pretty well, but that's just as XP (embedded at least) is reaching EoS and more vendors are dropping XP support. They really need to be mimicking Win 7 at this point, with an eye toward Win 8.1.... And sometimes they waste resources on side projects, like getting it to boot from btrfs disks ... nice (and they caught and fixed some bugs in the WinBtrfs driver in the bargain), but is that really as important as being able to run current software? If you can't do that, might as well stick with XP
  24. In my case at least, extensions & favorites are stored in my profile folder. To find out where that is, open your old browser and type about:profiles. It will list all your profiles (most folks only have one) along with the paths to each. You can do the same thing in your new browser too. Once you know where both profiles are, you can copy everything from your old browser's profile folder to your new one. (Close both browsers first.) Even after copying everything to your new browser, you may still need to reinstall some add-ons. See post 1 in this thread for instructions on doing that. And of course, if you're changing browser platforms (e.g., from Firefox to NM), some add-ons may not be compatible with your new browser and you'll have to look for alternatives. Note: you don't need to go through all this when updating a browser to a newer version. Just back up the programs folder (e.g., C:\Program Files\basilisk or wherever you put yours) in case you need to revert, then copy everything from the update into the programs folder. No need to touch profiles in this case.
  25. Well, spoke too soon. One of my add-ons has turned out to be incompatible with multiprocess mode: the Classic Add-Ons Archive mentioned by @VistaLover not long ago. Have to disable multiprocess mode and restart in order to use that add-on. Edit: And, just like that, I found another: Markdown Viewer, an add-on for reading .md files, doesn't work in multiprocess mode either; files just open as a blank tab. This one was more annoying since I was trying to set up Basilisk as the default program to open .md files. Ended up having to create a separate profile, which I named "Single-process mode", disable multiprocess mode in that profile, and edit the "open" command in the registry thus: "C:\Program Files (x86)\Basilisk\basilisk.exe" -no-remote -P "Single-process mode" -url "%1" (Took quite a bit of trial-and-error to figure that one out, too.)