Jump to content

Mathwiz

Member
 View Profile  See their activity

  • Posts

    1,851

  • Joined

  • Last visited

  • Days Won

    50

  • Donations

    0.00 USD 

  • Country

    United States

 Content Type 

Everything posted by Mathwiz

  1. Mathwiz
    I wanted to mention that, since Hotmail has gone OAuth2-only, @roytam1 has tried to implement OAuth2 for Micro$oft in MailNews. However, it's not (yet) working correctly. Leave it to Micro$oft to make OAuth2 even more complicated on their servers than it is on Gmail!
  2. Mathwiz
    The recent problems with Hotmail are actually the very same problem I had with Office 365, which led me to start this thread in the first place! I don't hate OAuth2, but I do hate mandatory OAuth2! As @Dave-H said: So it's a way for email providers to control which email clients work with their service. That isn't foolproof - as Dave-H noted, you can "clone" the token issued to a registered open-source client like Mozilla's Thunderbird - but it does make it tougher for the folks who still write things for Windows versions before 10 to produce an email client that works with M$, Google, etc. IOW, it's planned obsolescence. AFAICS it doesn't add any security: you still sign on with a user ID and password as before, and you can set a cookie letting you get back into the same app without signing in again. Apart from Web browsers, the only XP/Vista email client that's likely to work with Hotmail right now is OE Classic, which I mentioned at the start of this thread. However, it had a number of shortcomings; read the start of the thread for details. I haven't used OE Classic in a couple of years, so some of its problems may have been addressed. (OE Classic did offer a free trial, if you want to see for yourself.)
  3. Mathwiz
    Sounds like @roytam1 has some ideas, but Mailnews just isn't quite there yet. I do the same thing as @AstroSkipper; just use the Web interface. Unlike @AstroSkipper I don't have a choice since it's my O365 work account, not a personal Hotmail one. BTW, I set my user agent for Office 365.com to Firefox 77; this gives me the older UI which I prefer. Unfortunately it also gives me an "update your browser" nag from time to time. Even the older UI is quite machine-hungry, though. A FF 78 UA eliminates the nag but brings up M$'s newer UI, so next time I get the nag, I'll see if I can just block it with uBO. <off topic>OE Classic will probably work since I think the login procedure is the same for Hotmail as O365, and it works for O365. I lost access to OE Classic when my old Win 7 work PC's hard drive crashed, and since I was unhappy with OE Classic for reasons I've given elsewhere, I never bothered to try to recover the license.
  4. Mathwiz
    @AstroSkipper, I just tried MailNews and I'm getting the same thing: Without making me wade through all the YouTube/Vorapis discussion, was a solution to this broken dialog ever found? I'm thinking there must be a solution since the dialog comes up correctly when accessing Outlook on Serpent.
  5. Mathwiz
    Since MailNews is based on UXP, perhaps flipping the new SOP pref would bypass that error. I wouldn't recommend that on a Web browser, but it should be less risky on an email client. Looks like Hotmail users are about to run into the same issue I did, almost two years ago. Shortly after we were "upgraded" to Office 365 at work, M$ forced OAuth2 on us, and MailNews wouldn't work with it. Other MSFN'ers were unsympathetic, since MailNews does OAuth2 fine with GMail and Yahoo Mail, and at the time Hotmail didn't need OAuth2. But now M$ is doing the same to Hotmail, so welcome to my world. I guess users can switch their personal email accounts to one of the working email providers (although it's a hassle to change your email address); but the boss isn't going to switch our entire company's email just because of me!
  6. Mathwiz
    Seems a bit more complicated. AIUI content.cors.disable is the only one of the three that already existed (although it was a "hidden" pref before the changes). As such, it works the way Mozilla designed it, which may seem illogical: Hence the new content.cors.bypass_preflight_request pref, to avoid the issue you ran into.
  7. Mathwiz
    The new Boolean preferences, and their default values, appear to be: security.same_origin_policy.enabled;true content.cors.bypass_preflight_request;false content.cors.disable;false Under normal circumstances I recommend leaving these alone, but I wanted to document them just in case.
  8. Mathwiz
    Beacon lets sites know when you leave a Web page. It's disabled in Serpent, so I think it's safe to disable in r3dfox, but users beware: there are ways to accomplish the same task via Javascript, so don't be fooled into thinking you're protected from this sort of snooping just because beacon is disabled.
  9. Mathwiz
    I think the captive portal detection is pretty harmless, but TBH, it's also unnecessary for a desktop PC. Might be useful for laptops that get taken to hotels, restaurants, and the like. So I'd disable it on my desktop PC or a laptop that never goes anywhere, like my work PC, but I wouldn't stress too much over it accidentally being left enabled either. All it's doing it making a connection to a known site and seeing if it gets the expected response. If it doesn't, there must be a captive portal in the way. I suppose you could consider that "telemetry" but it's pretty darn minimal - all Mozilla knows is that you started their browser (along with the OS and browser version from the user agent, which you could spoof if you wanted to mess with them - tell them your running FF 129 on Win XP and let them scratch their heads!) And yes, they'll know your IP - but any site you connect to will know your IP unless you're using a VPN or external proxy.
  10. Mathwiz
    Indeed they do. So why not do what I do? In Preferences / General set "When Serpent Starts" to "Show your windows and tabs from last time." When Serpent starts to slow down, just close it the "normal" way, with the X in the upper right corner. (I try to avoid multiple windows, but if I have them, I just close them all.) Wait a few seconds, then relaunch. No "Restore Session" dialog - everything just comes back up and Serpent is speedy again! 99% of the time, I have no need to go to the Task Manager and kill Serpent. If I don't wait long enough in step 3, I may get a "Serpent is already running" window (particularly on my slower home Win 7 PC), in which case I just cancel and try relaunching again. P.S. On a different topic, Chase.com has become usable again, at least in the latest Serpent 55. (I haven't tried other versions yet.) I still need to use my Chase-specific StructuredClone polyfill, manually type my password, and switch to the Wealth Management page to get it going, but after that it's fine. Weird.
  11. Mathwiz
    You're not far off. I'm not 4Imprint certain, but I think the current pace is every 4 weeks, which works out to 13 updates/year! I think Web site frameworks and designers typically target whatever versions were current at least a year ago, which is why ESR releases work. I think the ESR model makes a lot more sense: a "major" update about once a year, with interim security-only fixes. From a features standpoint, you probably need to update only once a year, making those 12 additional updates look pretty ridiculous. You may need to update more often for security fixes, but "major" security fixes are thankfully still rare. (FWIW, I'm still on Ungoogled Chromium 118 on my Win 11 work system.) If you're on an older OS, your choices will naturally be more limited. For one thing, it's likely you have a less powerful system; otherwise you would've thrown in the towel and moved to a newer Windows version by now. Among Chrome forks, one of the 360EE versions, plus polyfills, is probably your best bet - but there are a lot of Web sites that just can't be polyfilled to work with Chromium 86 or 87. For those, you probably need a copy of Thorium or Supermium (whichever works best on your system) handy, and just put up with their slowness. Any "modern" browser is going to be pretty heavy, requiring more RAM, CPU, GPU, etc. than 360EE.
  12. Mathwiz
    @Mark-XP: Since @roytam1 does weekly updates, some (most?) of the changes in the new Basilisk release were already in Serpent. With Basilisk, you get less frequent releases, with lots of changes in each one; with Serpent, you get weekly releases with fewer changes each week. For instance, "updated SQLite to 3.46.0" (one I just happened to notice) was in the July 12 Serpent release. All that said, if you (or anyone) happen(s) to find a Web page that renders correctly in Basilisk but not in Serpent, please bring it to our attention by posting the details in this thread.
  13. Mathwiz
    (Long post) First, Chase.com did it again! They made another Serpent-breaking change. I noticed it Friday, and I'm pretty sure it was working Thursday. It was definitely working earlier this week. For some time now, I've gotten the message "We’re having trouble showing this page right now. Please try again later." after signing in, but until Friday I had a workaround: click over to the "Plan & Track" page, then click back. (Sometimes it takes 2 or 3 tries before it works. And my Chase-specific StructuredClone polyfill is required or it won't work at all.) The odd thing now is, the "Plan & Track" page still works, and if I switch back to the "Accounts" page, it starts to work - but just as it starts to show my account balances, everything goes away and the idiotic "We’re having trouble showing this page right now. Please try again later." message comes back up! I see no errors but some warnings in the error console: Timestamp: 7/28/2024 6:02:53 PM Warning: Empty string passed to getElementById(). Source File: https://secure.chase.com/web/auth/dashboard#/dashboard/overview Line: 84 Timestamp: 7/28/2024 6:02:53 PM Warning: unreachable code after return statement Source File: https://static.chasecdn.com/web/marketing-ui/web-fx/2024.07.24-1/web-ui/mktui-cxo.min.js Line: 27, Column: 3196 Source Code: ,u,1,a,s),o=c.base,m&&o!==m&&(m._component=null,Y(m,!1))),o;return}if(te="svg"===i||"foreignObject"!==i&&te,i+="",(!e||! I'm guessing that "return)" is supposed to be conditional but the JS parser doesn't recognize it as such due to some new Googlism it doesn't understand. I don't know if anyone can help with those, but I figured it's worth asking. (I wondered if simply blocking that "marketing-ui" JS code would do the trick, so I tried adding this uBO filter: ! Try to block troublesome Chase marketing scripts ||static.chasecdn.com/web/marketing-ui/web-fx/*$script That got rid of the second warning message, but it didn't fix the problem.) Second, I tried to investigate the issue further by trying official Mo versions to narrow down when things start working. I first tried Mo 69. No luck; I couldn't even get the sign-on page! Then I tried Mo 79 - and I got the "your browser is too Paleolithic" page! Further investigation revealed that, sometime between versions 69 and 79, Mozilla removed (or at least disabled) SSUAO functionality in the browser! So my SSUAO for Chase.com works in Mo 69 but not 79 - I had to put a general UAO in just to test 79. FWIW, Mo 79 doesn't even get to the sign-on page either. So I got discouraged at this point and gave up.
  14. Mathwiz
    Did you intend to link to an ht-tp instead of to an ht-tpS? I don't think it was @Dave-H's intent; it's just how MSFN works. If you type in a host name starting with "www.", MSFN will automatically make it a link, and add http:// (without the s): <a href="http://www.bbcpa.org.uk" rel="external nofollow">www.bbcpa.org.uk</a> No real harm done, since like most modern sites, bbcpa.org.uk redirects to an https: site immediately.
  15. Mathwiz
    Yes, that is best, but it's not really practical! Two of anything, even from the same manufacturer purchased at the same store at the same time, won't always be from the same production run. Just try to get the ratings the same; that's often the best you can do.
  16. Mathwiz
    C'mon; I meant Chrome 110 requires Win 10 OOTB and you know that. 99% of Chrome users wouldn't know how to redirect or stub a Windows API if their lives depended on it. Even Win 7 users turn to Supermium/Thorium where that work has already been done for them. Why do people have to be so argumentative?
  17. Mathwiz
    I couldn't resist (cue basso profundo voice with reverb): 110 is also the first version to require Win 10. Probably not a coincidence.
  18. Mathwiz
    I would try to find out what specific commit was added between 3.0a2 and 3.0a3 that caused the problem. Either start with 3.0a2 and add commits or start with 3.0a3 and revert them. You don't have to rebuild and retest after every individual commit - you could take a "binary search" approach, adding or reverting a bundle of commits, building, then going backward or forward depending on whether the problem is there or not. You'll probably also have some idea of which commits are less likely to be related to the problem and which are more likely. It would take a lot of patience but eventually you should be able to identify the commit that causes the problem. Then you could revert that problematic commit in a release version and see what other issues you need to deal with. (Ideally you might even be able to rewrite the changed code in the problematic commit to work correctly with Win 98.) I fear if you try to jump too far ahead, you'll run into so many problems at once, you'll just be overwhelmed and not have any idea where to start making fixes. But if you're patient, you can eventually work your way up to 3.5 or even 3.6. You could probably omit the commit that removed that support, once you find it.
  19. Mathwiz
    As far as choosing between @roytam1's 32 and 64 bit browser versions goes, my general advice would be to use the "bitness" that matches your hardware. After all, if you have a 64-bit processor, you probably have more RAM anyhow. But not necessarily; I ran my 64-bit PC with only 4 GB until last year. So I usually wasn't giving up much by running 32-bit apps on it. Maybe a little speed, but I scarcely noticed. And browsers can make things more complicated. For example, if you still use old plug-ins, doesn't the "bitness" of the plug-in have to match the "bitness" of the browser? So you may want a 32-bit browser even on a 64-bit PC for plug-in compatibility. (That said, I think that when plug-ins were more of a thing, most were available in both 32 and 64 bit versions.) I'd like to re-frame that a bit. I don't think it's so much that XP (or any OS) just "can't do" certain things; it's more a matter of XP only having "certain ways" to do things, and M$ has added different (arguably better, at least in some cases) ways of doing those things; M$'s development tools now use those new, different ways to do those things, and therefore browsers and other apps built with those tools need access to those new, different ways of doing things. It takes a lot of hard work to bridge the gaps between older OSes, development tools, and application code, as I'm sure @roytam1, @Nicholas McAnespy, and @win32 can all attest; and to be blunt, most developers won't bother. They'll just make it easy on themselves and say "Win 10 required" whether we like it or not.
  20. Mathwiz
    These days, about the only reason for a SSUAO is to avoid "update your browser" pages. YouTube on Serpent works with a Mo 64 override, so St must support enough "modern" crap for YouTube to work, but any SSUAO with a lower version just gives you the "update your browser" page anyway. I brought up the subject here because Serpent has a built-in SSUAO for YouTube, but it no longer lets YouTube work. I expect @basilisk-dev will update the SSUAO in official Basilisk soon, after which YouTube will again work with both Basilisk and Serpent OOTB, but in the meantime, folks need to put in an updated SSUAO themselves. All of that said, YouTube may not work if you use an override that's "too" new either, since it may then expect, and try to use, modern features that Serpent doesn't support. YouTube seemed to come up OK with version 90, but I didn't test it beyond just seeing the correct page come up.
  21. Mathwiz
    BTW, if you follow the YouTube link above in St 55, all you get is a "please update your browser" page. The SSUAO built into St 55 for YouTube is for Mo 60. The St 52 version from Feb. 23 is the same, so I suspect they both need updating. The minimum version YouTube now allows appears to be 64 (which is still surprisingly long ago!) So St users should update the general.useragent.override.youtube.com pref to spoof Mo version 64 or later instead of 60.
  22. Mathwiz
    Another CSS oddity: text at https://freetvnetworks.com/press-releases is barely legible (very light on white, or very dark on black if selected) in St 55. You have to copy and paste to read the text. In Edge it looks like just a normal Web page. There's no clear "cool" CSS factor here that would have required breaking older browsers; the breakage seems to be completely egregious.
  23. Mathwiz
    Since the question was asked as a "philosophical" one, I think the best answer is here: https://en.wikipedia.org/wiki/Parkinson's_law#First_meaning
  24. Mathwiz
    That's the advantage of the 64-bit version: it can actually address all the memory it uses (even if most of that memory is virtual/slow). With the 32-bit version, you just run out, whereupon bad things happen. Serpent adds the option of multiprocess mode. The support is primitive and insecure (especially St 52), and a lot of legacy extensions won't work - but it does keep the browser alive and somewhat responsive even when pressed to the limit. And if a crash does happen, it's often (not always) just one tab instead of the whole browser.
  25. Mathwiz
    If one finds this problem particularly vexing, I think it makes sense to report it to MCP again. If the same problem keeps getting reported, it might get bumped up in priority. Heck, I even identified a probable fix, although porting it to UXP may be tough: ... followed by a rather long digression on just what "upstream" means in the context of UXP....
×
×
  • Create New...