Mathwiz

You can enable or disable SSL/TLS ciphers according to your own security preferences. Go to about:config and filter for security.ssl3 and you'll see all available cipher suites for SSL 3.0 through TLS 1.2. Filter for security.tls13 to see the available cipher suites for TLS 1.3. Set to true to enable or false to disable. Changes are stored in your profile so they'll "stick" between browser updates; but you have to do this for every browser profile you use. A few Web sites may not yet use newer, more secure ciphers; if you visit any of those, you'll need to leave a less secure cipher enabled to access it. If you disable some ciphers, then can't connect to a site, that's probably the reason. Create a new, "clean" profile, restart the browser specifying it, and try again. If it works, check which cipher your browser uses with a particular site by clicking the padlock, then the right arrow, then "More Information." Then restart your browser with the default profile, and re-enable the cipher your browser used with that site. Your communications with that site are probably still reasonably secure, but be aware that they could eventually be decrypted by someone determined enough; perhaps even years later, and act accordingly. Ideally, you should contact the Webmaster and ask them to enable newer, more secure ciphers. (The Web site may choose to leave some older ciphers enabled as well, for compatibility with older browsers. That's fine as long as the newer ones are preferred.)

I think you just have to tell palemoon.exe (or whatever browser) where the profile folder is when you start it; e.g., put a one-line .bat file (say, portablemoon.bat) in the palemoon directory of your flash drive, which does this: ... then you can just double-click portablemoon.bat and it will look for the profile in palemoon\profile directory of your flash drive.

Spybot S&D vs. Avast Is Avast spyware? Spybot S&D seems to think so; it adds the following entries to your hosts file to prevent access by name: www.download-avast.com download-avast.com www.telecharger-avast.com telecharger-avast.com Avast, for its part, immediately removes those entries from your hosts file right after Spybot S&D adds them, so it seems to want them to be accessible. However, I haven't seen any connection attempts to those host names in the past couple of days, so it doesn't seem to actively use them Edit: Avast lists download-avast.com as a fraudulent seller: https://support.avast.com/en-ww/article/26, so you'd think they wouldn't want it opened up! Maybe the program just foolishly removes all host names ending in "avast.com" from hosts. I think I'll block these sites via the ProxHTTPSProxyMII config file; Spybot S&D has already configured my "traditional" browsers (IE, FF) to block them. Edit 2: Looks like the above sites have all been taken down anyhow, so I guess it's a moot point.

FWIW, here's what Malwarebytes considers the difference between the two: It appears Malwarebytes is using the term virus to refer specifically to a piece of code that reproduces by incorporating itself into an application program such as Microsoft Word. Thus, the virus gets run (and has a chance to spread again) whenever the infected program (Word or whatever) is run. So I would say that MBAM is complete protection, with one exception: if you are unfortunate enough to be infected by a "traditional" virus, MBAM will remove the infected file (winword.exe) but cannot repair it. You would have to reinstall Word and any other programs that had been infected by the virus. However MBAM would likely stop the virus before it had a chance to spread and damage other programs on your PC. That said, "traditional" viruses are rarer nowadays, as their method of spreading from one machine to another (via an infected program transferred on a floppy disk, email, or a USB thumb drive) has also become rarer, and more difficult for a virus to pull off in any case, due to innovations like digital signatures. Most of what we call viruses today are actually "worms," which spread from machine to machine on their own, without waiting for you to give someone an infected copy of a program on your machine. Mydoom is a worm, not a traditional virus, although since it spreads as an email attachment, it does require the user to click on and run it in order to infect your PC. Since it doesn't incorporate itself into other programs, I would expect Malwarebytes to be able to remove it without requiring you to reinstall any software.

I can confirm that Seamonkey themes work on Serpent 55, so probably all the others too. Interesting given the significant UI differences between: Seamonkey/BNavigator PM/NM FF/Serpent Edit: In Serpent 55 you can set pref extensions.getAddons.themes.browseURL to https://addons.thunderbird.net/EN-us/seamonkey/themes/, then the Seamonkey themes page will come up when you click the "Choose from thousands of themes" link on the Themes / Appearance section of the about:addons page. (Only Serpent 55 seems to have this link or pref.)

A note on Personas Plus and Serpent 55: Serpent 55 will support the new WE versions of Personas Plus (2.01 through 2.03) but the UI is totally different and didn't seem to work, or at least, I couldn't figure it out. The latest legacy version is 1.83 but the preferences dialog was incomplete with that version, so I rolled back to version 1.78, which seems to work just fine. Don't know if Serpent 52 or Firefox 52.9 would have similar issues with Personas Plus or not.

When Mozilla nuked all "legacy" add-ons from AMO, it appears they also nuked all the "legacy" themes for the older browsers too. At least, the only the ones I could find at AMO were for Firefox 53 and up. But while developers have created several repositories of legacy add-ons, I'm not aware of any repository for legacy themes. This has left users of Firefox 52.9 (and @roytam1's Serpent) without a lot of options to change the look and feel of these browsers. For Serpent 52, about the only theme I found besides the default is a "Photon" theme, available at addons.basilisk-browser.com. It does a good job of making Serpent 52 look like the newer Firefox browsers, but "Photon" isn't everyone's cup of tea. Serpent 55 does have a couple of built-in themes besides the default: a "dark" and a "light" theme. The "Photon" theme doesn't work with Serpent 55, but even if it did, that's still not a huge selection of themes. And while Serpent 55 was forked from Firefox 53, none of the Firefox 53 themes I tried would work with it; it just kept saying the downloaded theme "appears to be corrupt." (Digression: I remember having that problem with an "ID-less" add-on not that long ago, and the Firefox 53 themes indeed seem to be "ID-less." But going through the rigamarole of inserting an ID into manifest.json and removing the META-INF digital signature folder still doesn't allow these themes to install. It would be nice if these browsers could provide error messages more meaningful than "appears to be corrupt.") And of course Firefox 52.9 doesn't even have those limited options! So the purpose of this topic is twofold: One, to solicit knowledge about legacy themes that can be downloaded and installed on these browsers; two; to share tricks that might allow more "modern" themes to work. With that in mind, I'll share my first trick. Firefox and Serpent also have a few hidden "developer" themes built in. Unfortunately, to enable them you have to run some Javascript: LightweightThemeManager.addBuiltInTheme({ id: "firefox-devedition@mozilla.org", name: "Developer Edition", headerURL: "resource:///chrome/browser/content/browser/defaultthemes/devedition.header.png", iconURL: "resource:///chrome/browser/content/browser/defaultthemes/devedition.icon.png", author: "Mozilla" }); Ideally, we'd like to run that when the browser starts; but none of the normal tricks for running JavaScript at browser startup (such as an Autoconfig script) seem to work! So I had to resort to an add-on: http://userchromejs.mozdev.org. Click on v2.0 and tell the browser to allow the add-on to be installed. You'll need to restart the browser when prompted to finish the installation. The add-on creates a file named userchrome.js in the "chrome" subfolder of your profile folder and runs any JavaScript you put in there when the browser starts, so you can just paste the above code at the top (or bottom) of your new userchrome.js file, and restart your browser again. Now type about:addons, press Enter, and click on "Themes" or "Appearance" (whichever one your browser uses) and you'll see a new "Developer Edition" theme listed that you can enable. Even better, the "Developer Edition" theme is actually three themes in one! To see them all, press F12, then click the "Gear" icon near the top right of the developer window that comes up. This will bring up a bunch of options; the one you care about is the "Themes" set of radio buttons near the top middle of the developer window. You can select any of the three "sub-themes" listed, then close the developer window with the X at the top right. OK, now it's your turn. Anyone know of any good themes for these browsers that can be downloaded and installed (ideally for free)? What are your favorites? Any tricks for using, say, Firefox 53 themes on these other browsers?

The Autoconfig method seems to work for me. However it's a bit of a PITA; if you get anything wrong the browser refuses to start and tells you to contact your IT administrator (or words to that effect). Here's how it works (if everything's set up right): You need to set two prefs in your "main" pref file to invoke Autoconfig: pref("general.config.obscure_value", 0); pref("general.config.filename", "myuseragents.js"); (As you can tell, I'm using this trick for my SSUAO list, since it lets me override SSUAOs built into the browser, whereas the built-in SSUAOs take precedence if doing this the "normal" way, much like the problem you're having with the prefs you listed.) Then you put the file named above (myuseragents.js) in the same directory as the browser (firefox.exe, palemoon.exe, or whatever.exe), and it has to look like this: // Needs to start with a comment line defaultPref("webgl.enable-draft-extensions", true); defaultPref("webgl.enable-privileged-extensions", true); defaultPref("dom.ipc.plugins.asyncdrawing.enabled", true); Notice the mandatory comment line at the top, as well as the use of defaultPref() vs. pref(). In an Autoconfig file, pref() works like user_pref(), while defaultPref() works like pref(). If you get everything right, the browser will start, and if you check about:config, you'll see the prefs above all default to true now (which you can still override back to false if desired). But since it's so easy to break this with a typo, and since the browser is completely unhelpful in troubleshooting problems, it's still not an ideal solution.

Ironically the above was one of the changes suggested by Feodor2: ... so I guess despite the negativity expressed at the time, MCP decided to go with it and remove that row of info from the about:support page. This latest issue doesn't sound too serious to me. If @roytam1 incorporates the latest change, I don't see it preventing the about:support page from working, even if e10s is forced on. Should be tested, of course, but it looks to me like that row of info will simply disappear from NM 28's and Serpent 52's about:support pages, so language pack compatibility between his builds and the official builds will be maintained. It does have the drawback that, on Serpent, the about:support page will no longer provide an easy way to tell whether e10s is functioning, but I for one could live with that. Nevertheless, I like the suggestion of having separate "custom" branches for NM and Serpent. Actually, it would be possible to just compile NM 28 from the "master" branch, but that would lose the branding customization we recently did for NM, so it's probably best to have two "custom" branches.

Well, we went over the question before: @dencorso replied: That's basically what I understood the words to mean too, so any "anti-malware" would also be an "anti-virus" by definition. But then I saw the posts I quoted above, which implied otherwise.... Maybe the confusion arose because there are programs that are more specialized, like Spybot S&D, and Windows Defender (at least pre-Win 10) that try to protect against spyware (a particular type of malware) but not other types of malware like viruses. These came about because early anti-virus programs ignored spyware, so these programs were developed to fill in the gap. But AFAIK, anti-malware programs try to protect against both spyware and viruses.

What do you two believe is the difference between anti-malware and anti-virus software? Malware is just "bad software you don't want on your PC," and a virus is a type of malware, is it not?

I wonder if the old 16-bit Hearts game from Windows for Workgroups 3.11 will still work over modern networks? If so, will it work over a VPN too?

Well, I figured out why I'd hidden it - it wouldn't install on my system. So rather than hiding it again, I downloaded it and extracted it with the /extract flag. This pulled out a .msp file, which I ran. That did seem to install quite a few updates, although it eventually failed with one of Micro$oft's meaningless error messages - but apparently nevertheless did the trick, as I don't see it offered any more. Now I'm installing today's three updates.

I've now done this: https://github.com/Mathwi/binoc-central At this point I've only touched MailNews. Moved two prefs to branding so I could split official & unofficial builds, and changed the unofficial prefs as follows: app.releaseNotesURL changed, in order to redirect Help / Release Notes to @roytam1's blog. app.support.baseURL changed, in order to redirect Help / Help Contents (as well as the "support website" link found in Help / Troubleshooting Info) to a placeholder page @roytam1 set up, vs. BinOC's IRC. Both changes are consistent with previous changes to NM and Serpent. Yet to do: change the link "The Open Source Community" in the Help / About MailNews pop-up window, which currently points to http://binaryoutcast.com/. I could use some help locating the source of this link.

@dencorso, I wonder if this thread and the "Antivirus for XP" thread could/should be merged? They seem to be covering the same ground, even to the point that posts in one are getting answered in the other.

It's important to be precise here. The bug isn't that typing file:///c:/ in the address bar shows your C: drive - that's what it's supposed to do. The bug is that an HTML document in C:\ can access any other file on the C: drive. This isn't easy to fix though, as Mozilla explains: A fix would probably involve treating certain locations as special cases: drive root directories, "C:\Program Files," the desktop, etc., which are likely to contain "unrelated things." (Mac/Linux would have different exceptions, of course.) Probably along with a new set of prefs so users could control it on a spectrum from Chrome-tight to "anything goes." Unfortunately it would take a much better programmer than I to make a change like this. Probably best to just wait and see what Mozilla and/or MCP come up with. In the meantime, just avoid saving Web pages or other HTML documents to the desktop or similar "high-level" directories. Even if you use your browser's or email client's default "downloads" directory, all anyone will be able to steal is your other downloads.

They actually went overboard, by changing the SSUAO to report Win 10. Reporting Win 8.1 is sufficient, and by the time whatsapp.com actually requires Win 10 they'll need to change it again anyhow. @VistaLover: it sounds like Github has added the same annoying second-level security that many financial Web sites use: when you successfully sign in, they set a cookie; but if that cookie isn't found you have to go through an annoying "we'll verify this is really you by sending an email to 'your' email account" procedure. When money's involved, I can understand; it wouldn't take long to steal your bank account and the bank would be liable. But I just don't think Github is that critical; IDK why M$ has implemented this for Github's login.

The man needs to look more at what was posted and less at who posted it. Even misspelled "concerned" - uncharacteristic for him. He must've really lost it. And Feodor2 merely suggested removing some code that's no longer relevant, given what MCP has already removed. Anyhow, it's interesting that PM (& presumably NM) don't have Web application support either. Serpent seems to, although components like service workers have to be manually enabled - then locked down to prevent abuse. Maybe that's why?

Probably the last one for XP ever since the Windows Update servers XP uses will be shut down this month. Well, I take that back - you might still be able to get Office 2010 updates via the Windows Update Catalog. But I'm not sure they'll install if they change the signature algorithm. Office 2010 updates may become a tedious process of downloading, extracting, and installing the updated files manually.

Bumping this thread to let everyone know I changed myuseragents.js on page 8 to spoof Chrome 49 for web.whatsapp.com, so it will work with FF and Serpent again. Keep in mind Palemoon/New Moon have their own built-in SSUAO for web.whatsapp.com that will take precedence over myuseragents.js; for those browsers you'll have to change the SSUAO manually in about:config to: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2049.0 Safari/537.36

Doesn't seem possible:

This isn't quite the same thing, but NirSoft's WinUpdatesList will show installed updates from Win 98 forward.

Or @roytam1's SSE build of Firefox 45 ESR

Doesn't work in Serpent 55. No luck changing user agents (so far). Works OK in Serpent 52 (on XP) and official Basilisk (on Win 7). Mouse wheel works at https://www.miplo.pl/?c=0#showmap even in Serpent 55.

Instead of trying to perform major surgery on this thread, perhaps we could have a subforum dedicated to Mozilla Firefox and other browsers derived from it. This thread, and the link to it, would then remain the same as now, so the links in NM 28 and Serpent 52 wouldn't be broken; it would just be the first pinned topic in the new subforum. Folks could then create other threads in that subforum to discuss issues with "official" FF, Seamonkey, @roytam1's builds, etc., thus reducing the "clutter" in this thread going forward. (Sometimes folks do that now, but the thread winds up in the larger XP forum, so it can quickly get lost among all the other XP topics being discussed.)