Mathwiz

Excellent detective work: So, I had to know: since versions prior to 1.4.0 work in FF 52, could, say, 1.3.0 (which I agree has superior functionality) be "fixed" to run in Serpent, simply by adding the above block to its manifest.json file? Yes! I just tried it; of course changing manifest.json invalidates the sig, but unlike FF, Serpent doesn't care about that (actually my copy of FF has been set not to care about it either, but you don't need to "fix" Tab Tally for FF anyhow); and with that change, Tab Tally 1.3.0 installs and runs in Serpent fine! Not a huge deal, but I wonder why the heck that function was removed? Was this just another case of MCP getting rid of code they didn't think the browser needed, as they did with all WE add-ons later?

I don't use Gmail. I pay for email services I trust to keep my email private and secure. There was a time when I unknowingly used gmail though. For a hot minute there was a wireless ISP called ClearWire. (Sprint eventually bought them out just to shut them down, but that's another story.) Anyhow, like many ISPs at the time, ClearWire provided free email at their clear.com domain. Little did I know it was actually just Gmail in disguise! Moral: beware of your ISP's "free" email accounts! BTW, I've discovered it's possible to configure Serpent 55 to get a score of 514, which I'm guessing would put it in second place behind Chrome 360. However, enabling Web components breaks Github, and I disabled beacons and geolocation for privacy reasons, leaving my copy with a final score of 491, very close to Chrome 49. (Geolocation alone costs a whopping 15 points; html5test.com really wants you to enable that one!)

I have to go through a rather slow proxy, so it takes me longer. Using a proxy may also explain why Serpent kept failing; IDK. I finally did get the big .rar file though. Curiously, I have another version! I believe mine is the newer version, but modified to run on Win98: the signatures and version info are missing! The file size is 38.303.202 bytes. I wish I could track down where I got it from, but it's probably long gone.

OK I officially hate OneDrive. DownThemAll won't work at all (just downloads an .html telling me to "sign in to my OneDrive account" ), and a "regular" download has failed twice thrice, each time after like 15 minutes. Do I have to use IE to download these? Edit: Apparently so. Downloads consistently fail about 80% of the way through when using Serpent. With IE the downloads seemed to freeze at one point, but clicking Pause and Resume got things going again. Also appears M$ throttles the throughput to any one IP, so you can't even gain a speed advantage by trying two downloads at once. Edit: Using IE appears to get around the throttling, at least. But I sure hope the downloads complete this time.

I don't have 5-8 on my XP system, but I don't think I'm missing anything. I think 10-13 replace 5-8.

I don't think it adds any features; just bug / security fixes

(From another thread, but relevant to the topic of this one) I don't think the situation is that awful. Not that it's good; but there are differences among those nations: AIUI the Chinese government requires all Web browsers made available in that country to spy on their users, while Western agencies (e.g., NSA, MI6) prefer to concentrate on hacking, cryptanalysis, and massive data collection. So I can't discount @Bersaglio's concerns about Chrome 360 so easily. Not sure where Russian browsers stand, but American-authored browsers wouldn't seem to be riskier than those from other nations just because the NSA does what it does. But I do worry about Google; like many privacy-conscious Internet users, I have a love/hate relationship with them. They really do have the best search engine (still), and if you avoid Google Sync, I don't think Chrome is significantly worse from a privacy standpoint than other browsers. Yet their data collection overall would make the NSA blush. "Why don't you use our 'free' email service, 'free' online appointment calendar, and watch a few 'free' videos in your 'free' time?" I avoid Google (even Chrome) if reasonable alternatives exist, just to send them a message that I disapprove of their business model. So where does that leave Chrome 360? Well, to me it seems more Chinese than Google. It replaces Google Sync with its own accounts, so I see no risk of the data it collects being Hoovered up into the Googleplex. It will, of course, be Hoovered up into China, but I'm personally less worried about what President Xi might do with my browsing habits than with all the unnecessary Internet traffic it generates. (Methinks my Internet connection might take a performance hit if my browser insists on connecting to China, or even a local proxy, every time I click on a link.)

Didn't mean to imply otherwise. But I figured it was worth a try anyway....

Yes; I think what happened (@Roytam1 can either confirm or correct me) is that after the crash was reported @roytam1 reverted to NSS 3.43 and re-uploaded the 20190427 builds. Thus I think all NM 27 builds on his Web site are crash-free. I think both the original 20190427 and the previous 20190419 builds were based on beta builds of NSS 3.44, but there were changes between the two; presumably one of those changes accounted for the NM 27 crash.

Just scored one for $7.75 ($5 + $2.75 shipping). Even included a valid product key! I'm gonna try upgrading my old Win 98 PC from Office 2000.

Not sure what's going on with 'pip install theano'. It worked for me (or seemed to). Maybe a Python expert can chime in? On the second screen shot, try executing each 'pip install' command separately; i.e., 'pip install -U conda', 'pip install numpy', etc. Some of these don't seem to exist, but others installed fine for me.

Doesn't seem to matter though. @roytam1 rolled back to 3.43 in the 2019.04.27 builds due to the 64-bit version of NM 27 crashing on startup, so I downloaded the Serpent 52.9.2019.04.19 build, which AIUI has an earlier NSS v3.44b, to test with; unfortunately it still fails to open https://tls13.1d.pw with the SSL_ERROR_RX_MALFORMED_SERVER_HELLO error code. That version does open the other TLS 1.3 test sites just fine though. Edit: By the way it looks like NSS v3.44 is stable as of May 10, but I have no idea whether the issue causing NM 27 to crash was fixed at the last minute.

Very first post: These prefs don't really matter when running FF 52.9 on WinXP, since it's been coded to block e10s on XP unless browser.tabs.remote.force-enable is set to true - in which case e10s is enabled irrespective of these other prefs. These prefs do matter on later Windows versions (and are the preferred method of enabling e10s) but let's stick with FF 52.9 on XP for now. Once e10s is enabled, this controls how many additional processes you can have. There's one "core" process plus one process per open tab up to the limit set by this pref. Personally, I set dom.ipc.processCount to 2. The default of 1 gives me little benefit, but larger values just waste RAM while providing little additional benefit, at least in my experience. But as usual, YMMV.

Well, wouldn't you know: TryAcquireSRWLockExclusive requires Win 7. Sounds like he's way ahead of you....

AcquireSRWLockExclusive was introduced in Vista, so perhaps it will at least run in Vista? As for converting to run on XP, perhaps it and related SRWLock calls could be replaced with a mutex or critical section, at the expense of performance.

Good to hear. It sounds to me like 360 Extreme Explorer includes its own TLS code a la Firefox. Older Chrome versions relied on XP's built-in code.

BTW for anyone needing/wanting to install Shockwave, here's the download link:

IIRC it didn't even come with PIP installed. So you'll need to install it if you haven't done so already. (If you need to install it, there's a Python script get-pip.py that will do the job at https://bootstrap.pypa.io/get-pip.py. Download it and type py get-pip.py to run it.) Once installed, I'm pretty sure you run commands like 'pip help' from the Windows command line, not the Python command line:

It wouldn't have to open a window to do that! It could just slip the .exe into your Startup folder invisibly, and be done with it. In fact, opening a window would be counterproductive from the malware's point of view: you might notice the rogue .exe in there and delete it. At the very least, having an Explorer window open up unbidden would be a tip-off that something was amiss. I mean, security I dig, but you guys are taking it to an extreme if you think it's a risk to let your browser ever open an Explorer window! But, whatever. As I thought I made clear, it's not that big of a deal, especially since running your browser with limited privileges has other benefits. I just thought I'd point out that side-effect in case someone else tries this trick, then later notices they can't open their download folder from the browser any more. Just trying to save some time troubleshooting why that was happening; didn't realize pointing it out would become so, um, controversial....

That wouldn't affect ... ... which doesn't even run on XP. Outlook 2010 was the last version that runs on XP. Not that I'd put that sort of thing past Microsoft; that's basically what they did with Skype Web (although you can get around it with a SSUAO). But this sounds to me more like just a screw-up, so it will probably be fixed soon. Until then, at least it still works in New Moon (and probably MyPal & Serpent).

Yes, of course; but what's the point? The only file updated by KB4462223 is mso.dll, so you're just installing the update then essentially uninstalling it again. Might as well just hide it and not install it to start with.

They're mostly making an argument similar to @Jody Thornton's: if you have PCs with older, unpatched OSes on a corporate network, an attacker can use those as "anchors" to gain access, then spread malware to other, newer PCs. Therefore keeping those PCs on your network can pose a security risk. In that environment, it would make sense to minimize the number of different Windows versions you're using, so as to reduce opportunities for hackers. But I found the article's concentration on XP troubling. After all, the same vulnerability is found in Win 7, which is found even more often than XP and is still in support (at least until January). But the article didn't bash Win 7 users; only XP users. I suspect the not-so-secret agenda was to try once again to kill off that 2-3% of the market still running XP with yet another dose of FUD. It hasn't worked so far, but why not give it another try? Indeed, it's major point seems totally irrelevant: XP is old. So? Software doesn't "age;" in fact, unlike living things, it often gets better with age, as bugs are found and patched. If the bug is particularly serious, as in this case and the Wannacry case, you may even get a patch after the official EoS date. For individual XP users, though, the time to worry will be the day a major vulnerability is found but not patched. Hmm.... I wonder if the recently-discovered vulnerability exists in Win2K? There's no patch for that OS (although I suppose you could just disable the probably-unneeded Remote Desktop service).

Pale Moon 27 and up don't run on Windows XP, but you've been running FF 52, so I can't think of any reason New Moon 28 won't work for you. Try i430vx's installer: https://msfn.org/board/topic/177125-my-build-of-new-moon-temp-name-aka-pale-moon-fork-targetting-xp/?do=findComment&comment=1163175

Oh, I do that already! Google is never my first choice. But most of us will have to use Google's services from time to time, and some folks prefer their search engine too; so we have to take additional countermeasures against their data collection.

Preventing the writing of registry keys is one thing, but why would malware want to open a folder window, and what possible security exposure would that pose if it did?