Jump to content

Mathwiz

Member
 View Profile  See their activity

  • Posts

    1,731

  • Joined

  • Last visited

  • Days Won

    49

  • Donations

    0.00 USD 

  • Country

    United States

 Content Type 

Everything posted by Mathwiz

  1. Mathwiz
    I tried 2023.10.12 today and it too works fine. So that narrows the issue down to one of the last two versions. I'll try the remaining version as time permits.
  2. Mathwiz
    @roytam1: I seem to have encountered a small bug in Serpent 55, version 2023.10.26. File downloads never complete when using the "open file" option. The file seems to download, but once it "should" be completely downloaded, the download freezes. The downloaded file shows 0 bytes in the temporary directory. You can't even cancel the download except by closing the browser. "Open file" is one of the conveniences FF-derived browsers like Serpent provide over Chromium-based browsers. It downloads to your temporary directory, opens the file, then (if the file isn't still open) deletes it for you when you close the browser, so it would be nice if this worked. Downloads via an add-on, such as DownThemAll, work fine. Serpent 55 version 2023.10.06 also works fine, so the bug seems to have crept in quite recently. Trying to download the 7-Zip installer is a simple way to reproduce the bug. On 2023.10.06 the installer downloads, runs, and installs 7-Zip. On 2023.10.26 the installer downloads, but then the download freezes as described above.
  3. Mathwiz
    I'm no Javascript expert, but I think all that code does is write out an HTML page. The key, I think, is in these snippets from the HTML page it writes: <OBJECT CLASSID="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" WIDTH="200" HEIGHT="16" CODEBASE="http://www.apple.com/qtactivex/qtplugin.cab"> <embed src=',Sound,' height="16" width="200" autoplay="true" PLUGINSPAGE="http://www.apple.com/quicktime/download/"> That looks to me like it uses Apple's QuickTime plug-in to play the audio - hence the message you reported getting. (It's also very old code: http: not https:.) At one time, QuickTime was very popular, but I haven't seen it used in years. Seeing this today is about as surprising as seeing a site that still uses Adobe Flash. Apple still provides QuickTime but no longer supports it, and the latest version requires Windows Vista or 7. If you have XP, I'm not sure where you might find the last XP-compatible QuickTime version appears to be version 7.6: https://support.apple.com/kb/dl762?locale=en_US Now, why VLC works, I have no idea, unless it emulates the QuickTime plug-in somehow. Nevertheless that sounds to me like your best option.
  4. Mathwiz
    Something I've long advocated for official Firefox, Chrome/ium, Edge, etc. Enough already with these silly "my version number is bigger than yours" wars! All it accomplishes is a "new" version every few weeks that barely differs from the previous one, except of course for whatever Googlisms or Mozilla-isms someone decided CSS or Javascript just had to have added this month.
  5. Mathwiz
    To be clear, "Xitter" was just a mashup of X and Twitter. I didn't intend to bring up geopolitics; only to use President Xi's name as a pronunciation guide Meanwhile, back in Serpentland: I wonder if a FF 52.9 user agent is all that's needed to dissuade Facebook from sending all the Googlescript that slows UXP down so badly? I've seen this elsewhere; e.g., office.com runs much faster, although you lose some features (and Micro$oft will show you an annoying "update your browser" banner )
  6. Mathwiz
    So I take it you're still working on "1030 rebuild 9?"
  7. Mathwiz
    I just call it Xitter now. "Xi" pronounced as in Xi Jinping, President of China.
  8. Mathwiz
    Yes, I think that's the case; that's why I limited my polyfill to chase.com. Everyone else gets the built-in support, which I assume handles object types that JSON.stringify doesn't.
  9. Mathwiz
    Done. But there's so much output in the js console, including many from the console.log added to the structuredClone polyfill, it's really hard to know which one is the problem. And oddly, I can't seem to find the [Circular ~] part anywhere in the output. Perhaps try cloning this simple self-referencing array and see if it triggers a failure. I'm pretty sure @UCyborg's version looped on cloning an array: var arr = []; arr[0] = arr;
  10. Mathwiz
    One more polyfill from the 360EE threads: // ==UserScript== // @name Inject Object.hasOwn Polyfill // @version 0.0.1 // @match *://*/* // @run-at document-start // @grant none // ==/UserScript== if (!Object.hasOwn) { Object.defineProperty(Object, "hasOwn", { value: function (object, property) { if (object == null) { throw new TypeError("Cannot convert undefined or null to object") } return Object.prototype.hasOwnProperty.call(Object(object), property) }, configurable: true, enumerable: false, writable: true }) }
  11. Mathwiz
    Warning: this version predates the WebP buffer overflow bugfix by nearly two months. I tried running later versions (known to run on Win 8.1) with the help of VxKex, but had no luck. As a result, I'm sticking with 115 ESR. Of course, if someone's willing to download the source code, apply the WebP fix, and rebuild this nightly release, I'd have no objection to that.
  12. Mathwiz
    That's helpful. I had forgotten that the WebP bug wasn't even publicly acknowledged until 9/11. That makes 117.0a1 even less desirable, even if it (technically) runs. Sorry for the OT; we now return you to your regularly scheduled @roytam1 browser coverage....
  13. Mathwiz
    OT: MSFN's Win 7 forum has a link to a Nightly version of FF 117 that runs on Win 7. Presumably, it has the WebP fix, but I don't know how to confirm that for sure. 117 Nightly might not be worth keeping anyhow, though, by the time we get to 115.9 (or wherever the ESR release tops out), unless it happens to support some new Googlism or Mozilla-ism that becomes ubiquitous. Probably won't know either way for a few years.
  14. Mathwiz
    Well, I stand corrected. Chase is fine with SMS (or even a browser cookie, which isn't actually all that secure, since it can be moved from one machine to another relatively easily, at least on Firefox-based browsers) being the second "factor," and I think most US banks are similar. They want security, but not at the expense of convenience for their customers, and this is the compromise they arrived at. But it probably varies from country to country since banking regulations would also vary. Chase is also not very consistent. I have an old Android 6 phone. Chase long ago blacklisted their Android 6 app (presumably because Android 6 was deemed "not secure enough") but they're perfectly fine with Chrome 106 on that same phone. All that said, I still believe that making it a hassle to sign out and back in was a motivating factor behind Github's decision to require what I call "burdensome" 2FA. Yes, I get that message too, plus "caches is not defined." (At least it's not "define is not defined" as I was getting for a time at Chase!) But isn't that the M$ app store? Yeah, it'd be nice if it worked, but not much use for it on XP or Vista (or even Win 7, for that matter). OT: M$ "apps" are yet another step in the "Androidification" of Windows. So much of Windows 11 was redone to resemble Android (e.g., the new "Open With" dialog), I'm just wondering when Google and Micro$oft will officially announce the merger. Since I'm the one who raised the issue, I'll perform the test, although it appears @tvholic already tried without success. But maybe I can shed more light on the issue. Edit: Looks like the same message as before: Those fixes didn't seem to cause any harm, although they didn't fix the Chase issue. So they still may be worth including in the next release. OTOH, they may complicate things if upstream actually does fix the Chase issue at some point.
  15. Mathwiz
    Wow - I'm famous! It is admittedly odd that to date, no one has encountered this issue at another site. Self-referential Javascript objects can't be that rare; otherwise Andri Möll wouldn't have felt the need to create the code necessary for the fix in the first place. Since their merger with JP Morgan, Chase has been one of the biggest banks in the US, so I'd be surprised if no one with the necessary expertise has an account there. (Internationally, I understand, is a rather different issue.) Perhaps the polyfill I cobbled together from Möll's and @UCyborg's code, or at least the ideas behind it, could be rewritten in C++ for a native structuredClone implementation, and then tested by other Chase account holders who frequent the official PM forums.
  16. Mathwiz
    I suspect that may be the true reason for GH's particularly burdensome form of 2FA: to increase the "hassle factor" of signing in so much that folks just stay signed in, and as a result, any GH link you click is logged to your user ID. I never bought the excuse that 2FA using email or (especially) SMS just wasn't "secure enough." They're secure enough for banking and Web mail sites! But this is the sort of thing Serpent's container support can help with. You can have a GH container, with those signed-in GH cookies, while your "regular" Web browsing is signed out and GH-cookie free. (Just don't make the mistake of signing in to GH while not in a GH container tab - you'll have to go through 2FA - then it will mess your cookies up! If you need to sign into GH, right-click the GH link and open it in a GH container tab, and you'll already be signed in.)
  17. Mathwiz
    Finally, here's my stucturedClone polyfill specifically for chase.com. Should be good on both Chrome (prior to version indicated) and FF-derived browsers. // ==UserScript== // @name Inject structuredClone() Polyfill [98] // @version 0.0.1 // @match *://*.chase.com/* // @run-at document-start // @grant none // ==/UserScript== function stringify(obj, replacer, spaces, cycleReplacer) { return JSON.stringify(obj, serializer(replacer, cycleReplacer), spaces) } function serializer(replacer, cycleReplacer) { var stack = [], keys = [] if (cycleReplacer == null) cycleReplacer = function(key, value) { if (stack[0] === value) return "[Circular ~]" return "[Circular ~." + keys.slice(0, stack.indexOf(value)).join(".") + "]" } return function(key, value) { if (stack.length > 0) { var thisPos = stack.indexOf(this) ~thisPos ? stack.splice(thisPos + 1) : stack.push(this) ~thisPos ? keys.splice(thisPos, Infinity, key) : keys.push(key) if (~stack.indexOf(value)) value = cycleReplacer.call(this, key, value) } else stack.push(value) return replacer == null ? value : replacer.call(this, key, value) } } self.structuredClone = function (value) { return JSON.parse(stringify(value)); } This correctly deals with self-referential arrays and objects, but has other restrictions, so I use it only when a site (like chase.com) needs it.
  18. Mathwiz
    And here's @UCyborg's polyfill for structuredClone (Chrome before v.98; K-Meleon, New Moon 27, FF 45; not needed on UXP-based browsers or Serpent 55) // ==UserScript== // @name Inject structuredClone() Polyfill [98] // @version 0.0.1 // @match *://*/* // @run-at document-start // @grant none // ==/UserScript== if (typeof self.structuredClone !== "function") { self.structuredClone = function (value) { if (Array.isArray(value)) { const count = value.length; let arr = new Array(count); for (let i = 0; i < count; i++) { arr = self.structuredClone(value); } return arr; } else if (typeof value === "object") { let obj = {}; for (const prop in value) { obj[prop] = self.structuredClone(value[prop]); } return obj; } else { return value; } } } This will fail if an array or object property references itself, but works well in most cases.
  19. Mathwiz
    What - no polyfills? Here are a few contributed by n16s. Should be good on both Chrome (prior to version indicated) and FF-derived browsers. // ==UserScript== // @name Inject findLast() Polyfill [97] // @version 0.0.1 // @match *://*/* // @run-at document-start // @grant none // ==/UserScript== if (!Array.prototype.findLast) { Object.defineProperty(Array.prototype, "findLast", { value: function (predicate, thisArg) { let idx = this.length - 1; while (idx >= 0) { const value = this[idx]; if (predicate.call(thisArg, value, idx, this)) { return value; } idx--; } return undefined; } , writable: true, enumerable: false, configurable: true }); } // ==UserScript== // @name Inject findLastIndex() Polyfill [97] // @version 0.0.1 // @match *://*/* // @run-at document-start // @grant none // ==/UserScript== if (!Array.prototype.findLastIndex) { Object.defineProperty(Array.prototype, "findLastIndex", { value: function (predicate, thisArg) { let idx = this.length - 1; while (idx >= 0) { const value = this[idx]; if (predicate.call(thisArg, value, idx, this)) { return idx; } idx--; } return -1; } , writable: true, enumerable: false, configurable: true }); } // ==UserScript== // @name Inject randomUUID() Polyfill [92] // @version 0.0.1 // @match *://*/* // @run-at document-start // @grant none // ==/UserScript== if (!('randomUUID' in crypto)) crypto.randomUUID = function randomUUID() { return ( [1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g, c => (c ^ crypto.getRandomValues(new Uint8Array(1))[0] & 15 >> c / 4).toString(16) ); };
  20. Mathwiz
    SOLVED!! Both UXP's built-in structuredClone implementation and @UCyborg's polyfill kept blowing up on a circular reference, so neither works on chase.com. I had to go hunting for a fix; finally found one at https://github.com/moll/json-stringify-safe Here's my (chase.com only) polyfill incorporating that code. I don't fully understand what I did, but it works: // ==UserScript== // @name Inject structuredClone() Polyfill [98] // @version 0.0.1 // @match *://*.chase.com/* // @run-at document-start // @grant none // ==/UserScript== function stringify(obj, replacer, spaces, cycleReplacer) { return JSON.stringify(obj, serializer(replacer, cycleReplacer), spaces) } function serializer(replacer, cycleReplacer) { var stack = [], keys = [] if (cycleReplacer == null) cycleReplacer = function(key, value) { if (stack[0] === value) return "[Circular ~]" return "[Circular ~." + keys.slice(0, stack.indexOf(value)).join(".") + "]" } return function(key, value) { if (stack.length > 0) { var thisPos = stack.indexOf(this) ~thisPos ? stack.splice(thisPos + 1) : stack.push(this) ~thisPos ? keys.splice(thisPos, Infinity, key) : keys.push(key) if (~stack.indexOf(value)) value = cycleReplacer.call(this, key, value) } else stack.push(value) return replacer == null ? value : replacer.call(this, key, value) } } self.structuredClone = function (value) { return JSON.parse(stringify(value)); } I think what it does is convert the object to a JSON string then convert it back to a new object. If any circular references are detected, a special value is placed in the JSON string instead of going into a loop and blowing up on a stack overflow. There are probably a lot of things this won't work on, so I limited it to chase.com, leaving the native implementation for everything else. Perhaps someone more skilled than I (@UCyborg?) can apply the same idea to UXP's native implementation and submit a pull request upstream.
  21. Mathwiz
    No. I'm adding the suggested polyfills to Serpent via the Violentmonkey add-on. Chrome was just used to narrow down which polyfills might be needed. Knowing that version 98 includes the needed functionality means that all missing functionality was added between Chrome versions 88 and 98. Unfortunately, no luck so far....
  22. Mathwiz
    Appears there's more to this than structuredClone. Installed the user script, but still no joy. I'll give it a closer look from home; I'm at work now.... That index only appears to go through the year 2016. But it was only for test purposes anyhow. Sure enough, Chrome 98 did the trick.
  23. Mathwiz
    OK, that's even more surprising! It proves you can access the site from your PC, but only from Chrome, not Serpent... (And you tried a clean profile, so it's not a browser extension interfering.) But the rest of us can access it from Serpent just fine. Sounds like a firewall rule. Perhaps port 80 is blocked, with an exception for Chrome? Or perhaps a different proxy configuration? (Chrome uses Windows Internet settings; Serpent has its own, which would default to "direct connection" on a clean profile.)
  24. Mathwiz
    So far, so good; but I don't expect that situation to continue for long. As mentioned in @Humming Owl's 360EE thread, Chase finally lowered the boom. So far I haven't found an XP-compatible browser that works, even with an "acceptable" (to Chase) UA. 360EE and MiniBrowser (based on Chromium 86/87 respectively) let you sign in, but only the page header appears. St 55 and IceApe (UXP) seem to get a little further; it briefly looks like it's going to build the rest of the page, but then it goes away and the message We’re having trouble showing this page right now. Please try again later. appears. I get the following Javascript errors: DataCloneError: The object could not be cloned. https://static.chasecdn.com/web/library/@webchan/cxo-host-app/1.15.41/33.d848b99ac7fbd9417767.js:1 {} https://static.chasecdn.com/web/library/@webchan/cxo-host-app/1.15.41/3935.94d28eeeaa747c5a1efa.js:16 ["[@webchan/overview-dashboard-microapp]",{}] https://static.chasecdn.com/web/library/@webchan/overview-dashboard-microapp/2.10.200/995d6cce2cb94409d19a.js:1 I'm not sure what any of that means. I can install a Win 7 browser, so all is not lost for me; but others with only Win XP won't be so fortunate. Edit: Trying to narrow down the Googlism that caused this breakage, I experimented a bit with portable versions of UnGoogled Chromium. It appears the minimum version that works is Chromium 98-100. (I can't be more exact because PortableApps didn't have versions 98 or 99. 100 worked but 97 did not.) I assume official Pale Moon and Basilisk fail as well, but I haven't yet tried them to be certain of that. I haven't yet tried MyPal 68 either, but I'm not optimistic.
  25. Mathwiz
    Sorry; I'm not trying to ghost you. Since you can ping that site (and the IP address you get matches mine), I couldn't think of any other obvious reason why you alone can't access it with your browser, so I didn't have anything to say that was worth saying when I read your reply! Then the thread went on to other topics, and I just forgot. The only other thing I can think of is that Web access to that site is blocked downstream, perhaps by a firewall or router setting. Clearly ICMP messages are getting through, though, so it's not a complete block.
×
×
  • Create New...