Jump to content

Mathwiz

Member
 View Profile  See their activity

  • Posts

    1,851

  • Joined

  • Last visited

  • Days Won

    50

  • Donations

    0.00 USD 

  • Country

    United States

 Content Type 

Everything posted by Mathwiz

  1. Mathwiz
    Probably need to contact CloudFlare. Sounds like their network is fouled up somewhere between Rome and wherever o.rths.cf is (Wikipedia says .cf is Central African Republic, but that seems unlikely. More likely, the CAR is letting CloudFlare use their TLD for a fee.)
  2. Mathwiz
    @Sampei.Nihira, did you try a ping? Did you get the same results as @VistaLover? If you did then your DNS is OK. Unfortunately those IPs apparently host several websites, not just o.rths.cf; a frustrating but increasingly common practice. Therefore you must specify the host name, o.rths.cf, to access it. So if your DNS is not OK, your only recourse is to override the bad IP address in your hosts file.
  3. Mathwiz
    That's probably not it; the browser itself detects that condition and produces a different message ("no cipher overlap," as I discovered with Mediafire). Besides o.rths.cf supports a couple of "strong" ciphers (forward secrecy, SHA256, no CBC) that I know NM also supports. Try pinging o.rths.cf at a command line. IP address should be 104.27.136.100 or 104.27.137.100. If not try downloading directly from one of those IP addresses (replace o.rths.cf with an IP address in your browser's address bar) and see if that works.
  4. Mathwiz
    Here's the post with a link to the patch: As noted you must download and install it manually; it was never offered by Windows/Microsoft Update.
  5. Mathwiz
    OK. Reason I asked is that I often notice trouble scrolling in Serpent when multiple tabs are opened. Multiprocess mode (not possible in NM anyhow) helps but doesn't eliminate the issue completely. This sounds like something different though, since it occurs even with only one tab open.
  6. Mathwiz
    @looking4awayout, do you have other tabs open? Or does the scrolling stutter with just a single tab open?
  7. Mathwiz
    One little correction: the UOC Patch for FF 38-based browsers also applies to the K-Meleon browser, but you have to extract it into a different folder. Instead of <browser folder>\defaults\pref, for K-Meleon you should extract the patch into <browser folder>\browser\defaults\preferences. Also, a note for those who have "hardened" their browser by disabling ciphers that don't offer "forward secrecy:" If you've done this, you won't be able to download the UOC Patch (or any files) from Mediafire, as their server doesn't provide any ciphers with forward secrecy. You'll get "no cipher overlap" message from your browser if you try. If this happens to you, I recommend you reset pref security.ssl3.rsa_aes_256_gcm_sha384 to true. It doesn't provide forward secrecy but is otherwise a very strong cipher and is supported by Mediafire. I posted this many moons ago; Mediafire has since updated their server to provide some TLS 1.3 and TLS 1.2 ciphers with forward secrecy, so it should no longer be necessary to enable an older cipher.
  8. Mathwiz
    I do have Firefox 60.8 ESR on my home Win 7 machine; I'll try SSUAOs with it and confirm that they work once again. Edit: It works! The whole thing seems odd to me; usually with these browsers, it's MCP removing some useful feature (like WebExtensions or container tabs), and we're begging @roytam1 to revert the change; but in this case it was Mozilla disabling a useful feature, and it was MCP (and roytam) who reverted the change!
  9. Mathwiz
    Wanted to revisit this issue briefly, but only to point out that the above rigamarole isn't needed with @roytam1's builds of FF 45 ESR (for SSE-only CPUs); SSUAOs work right out of the box (or out of the .7z). Not certain if that's also true of "stock" FF 45 ESR, if roytam incorporated a fix at some point that re-enabled SSUAOs, or if they're only enabled in "Nightly" builds (roytam's builds are based on nightly builds; the Firefox button even reads "Nightly" vs. "Firefox"); but I suspect the latter. According to info gleaned from @Sampei.Nihira's link above, SSUAOs were disabled way back in FF 25 (!) for performance reasons, yet they work in FF 37 beta 4, but not in FF 54 (or 52.9, of course). So I suspect they're enabled in beta and nightly builds, but not in regular release or ESR builds since FF 25. (Info at the link above did hint that they were originally intended for testing.) SSUAOs work in all of roytam's browser builds; the code above is only needed to enable them in "stock" Firefox versions.
  10. Mathwiz
    This may help. I finally buckled down and updated my browser downloader .bat to handle Roytam's FF 45 ESR SSE-only builds. It turned out to be quite a challenge: the file list can't be downloaded the same way as the others (downloading the root directory containing the files only returns a bunch of JavaScript, no file names); the "correct" file list URL had to be parsed differently; and last but not least, there was an issue with version numbers: Edit: Batch file is now included in the .7z downloadable at http://i430vx.net/files/mathwiz/Browser Installer.7z
  11. Mathwiz
    Really it's mostly a matter of taste. The main difference is the UI: BOC looks very much like SeaMonkey; Serpent looks very much like (pre-Photon) Firefox; NM 28 looks like older (pre-Australis) Firefox. They're all based on UXP though. If you have an older, pre-SSE2 PC, you may want to look at @roytam1's Firefox 45 or NM 27 builds instead.
  12. Mathwiz
    According to the official Web site for Interlink that is correct. AIUI the big issue is the JavaScript JIT compiler, which emits SSE2 code. JavaScript may not seem relevant to an email client, but a lot of internal JavaScript is used under the covers. Perhaps an older version of Thunderbird could be forked to produce an SSE-only build....
  13. Mathwiz
    Should be possible - the official version is available in 64-bit form - but I haven't seen @roytam1 post a 64-bit build of MailNews or BNavigator, although he posts 64-bit versions of NM 27/28 and Serpent 52/55.
  14. Mathwiz
    I think you're good! There's no harm in leaving MSE installed along with Malwarebytes (especially considering what a pain it is to remove). Just remember with Malwarebytes free, you have to set aside some time for it to scan your system each day. Perhaps at the end of the day you can start a scan, then see the (hopefully all clean) results the next day.
  15. Mathwiz
    Well, oops.... I think what happened is, I made the change, then started looking for a JavaScript function that I could use to tie it to a pref, didn't find one right off the bat, then forgot that I hadn't committed the change! Sorry about that. It's in there now....
  16. Mathwiz
    MailNews is basically an XP/Vista-compatible build of Interlink, which explains the link in the about: window seen above going back to Tobin's site. With browsers (particularly Serpent), @roytam1 occasionally reverts some changes to retain useful features removed in "official" builds, so even users of newer Windows versions may prefer his builds to the official ones. That's not really the case with MailNews; there's little reason to deviate from an official build of an email client, other than branding. @VistaLover found the source code for the about: window. It's an .xul file. I made a trivial change in my copy of the Interlink repo, pointing to @roytam1's page vs. Tobin's (roytam1 is free to incorporate this change in his builds if he wants); unfortunately the link destination isn't controlled by a pref, so it's not so easily moved to the "branding" folders of the source tree as the Help menu links were.
  17. Mathwiz
    That article addresses using secure Web sites whose certificates were signed using SHA2. We've had that for some time. (The questioner wanted to backport the SHA2 Web certificate support to XP SP2.) Unfortunately, using SHA2 to sign code (e.g., updates) requires support in different parts of the OS, so the support for SHA2 Web certificates doesn't really help.
  18. Mathwiz
    Link is dead.... Edit: I've been using this link, found on page 2 of the nsaneforums link in post 1: https://32767.ga/edge. Can someone vouch for it?
  19. Mathwiz
    True. Luckily, ProxHTTPSProxyMII works with Office apps just as it does with "straight" IE8, Chrome, etc. It's nice that M$ added support for TLS 1.2 (and the AES cipher) while POSReady '09 was in support, but it's just not enough anymore.
  20. Mathwiz
    https://tipsterarea.com/ requires SNI. The server probably hosts several Web sites with various host names. I don't believe IE8 supports SNI.
  21. Mathwiz
    Well, the best encryption today is so strong that not even the US NSA can crack it. Of course, that just means they turn to hacking techniques; i.e., finding vulnerabilities in OSes and ways to exploit them, which naturally cause havoc when they get leaked, as with the WannaCry debacle. I believe the idea of universal HTTPS was a good one: if everyone uses it, then its use won't be looked on with suspicion, so we paranoid types won't be targeted by the likes of the NSA or MI5/6 as "potential terrorists" just for trying to protect our privacy. That's also why the UK took the extreme (IMO) step of banning end-to-end IM encryption: if they could crack the encryption, they wouldn't have bothered; but if, instead, encryption is outlawed, they can just "assume" anyone using it is up to no good and investigate them. (It won't work though: the "real" terrorists will just use steganography to conceal encrypted messages in innocuous-seeming images, audio files, etc.; the ones that'll get busted are folks just trying to conceal an affair or something.) What does annoy me, though, is the way Web sites keep disabling older, less secure protocols and ciphers. Sure, the newest protocols and ciphers should always be the first choices, but there's no good reason to lock folks out of your Web site just because they're still on Android 4.0 or XP or whatever. But at least we have @roytam1's browsers with the latest NSS versions to handle those sites that require the latest security.
  22. Mathwiz
    You can enable or disable SSL/TLS ciphers according to your own security preferences. Go to about:config and filter for security.ssl3 and you'll see all available cipher suites for SSL 3.0 through TLS 1.2. Filter for security.tls13 to see the available cipher suites for TLS 1.3. Set to true to enable or false to disable. Changes are stored in your profile so they'll "stick" between browser updates; but you have to do this for every browser profile you use. A few Web sites may not yet use newer, more secure ciphers; if you visit any of those, you'll need to leave a less secure cipher enabled to access it. If you disable some ciphers, then can't connect to a site, that's probably the reason. Create a new, "clean" profile, restart the browser specifying it, and try again. If it works, check which cipher your browser uses with a particular site by clicking the padlock, then the right arrow, then "More Information." Then restart your browser with the default profile, and re-enable the cipher your browser used with that site. Your communications with that site are probably still reasonably secure, but be aware that they could eventually be decrypted by someone determined enough; perhaps even years later, and act accordingly. Ideally, you should contact the Webmaster and ask them to enable newer, more secure ciphers. (The Web site may choose to leave some older ciphers enabled as well, for compatibility with older browsers. That's fine as long as the newer ones are preferred.)
  23. Mathwiz
    I think you just have to tell palemoon.exe (or whatever browser) where the profile folder is when you start it; e.g., put a one-line .bat file (say, portablemoon.bat) in the palemoon directory of your flash drive, which does this: ... then you can just double-click portablemoon.bat and it will look for the profile in palemoon\profile directory of your flash drive.
  24. Mathwiz
    Spybot S&D vs. Avast Is Avast spyware? Spybot S&D seems to think so; it adds the following entries to your hosts file to prevent access by name: www.download-avast.com download-avast.com www.telecharger-avast.com telecharger-avast.com Avast, for its part, immediately removes those entries from your hosts file right after Spybot S&D adds them, so it seems to want them to be accessible. However, I haven't seen any connection attempts to those host names in the past couple of days, so it doesn't seem to actively use them Edit: Avast lists download-avast.com as a fraudulent seller: https://support.avast.com/en-ww/article/26, so you'd think they wouldn't want it opened up! Maybe the program just foolishly removes all host names ending in "avast.com" from hosts. I think I'll block these sites via the ProxHTTPSProxyMII config file; Spybot S&D has already configured my "traditional" browsers (IE, FF) to block them. Edit 2: Looks like the above sites have all been taken down anyhow, so I guess it's a moot point.
  25. Mathwiz
    FWIW, here's what Malwarebytes considers the difference between the two: It appears Malwarebytes is using the term virus to refer specifically to a piece of code that reproduces by incorporating itself into an application program such as Microsoft Word. Thus, the virus gets run (and has a chance to spread again) whenever the infected program (Word or whatever) is run. So I would say that MBAM is complete protection, with one exception: if you are unfortunate enough to be infected by a "traditional" virus, MBAM will remove the infected file (winword.exe) but cannot repair it. You would have to reinstall Word and any other programs that had been infected by the virus. However MBAM would likely stop the virus before it had a chance to spread and damage other programs on your PC. That said, "traditional" viruses are rarer nowadays, as their method of spreading from one machine to another (via an infected program transferred on a floppy disk, email, or a USB thumb drive) has also become rarer, and more difficult for a virus to pull off in any case, due to innovations like digital signatures. Most of what we call viruses today are actually "worms," which spread from machine to machine on their own, without waiting for you to give someone an infected copy of a program on your machine. Mydoom is a worm, not a traditional virus, although since it spreads as an email attachment, it does require the user to click on and run it in order to infect your PC. Since it doesn't incorporate itself into other programs, I would expect Malwarebytes to be able to remove it without requiring you to reinstall any software.
×
×
  • Create New...