VistaLover

Hi dencorso ; I suppose a "High Court Appeal" is out of the question then, am I right? Best regards from Greece (wait; you, too, can see the flags ... ) !

But doesn't security.csp.enable;false mean that for the sake of just blocking CSP reports, the whole CSP browser feature is being turned off? Having a read of the Content Security Policy (CSP) documentation, I think CSP is something we should keep enabled ; of course, I am not a security authority like yourself , so please share some extra knowledge on this... Kindest regards, keep safe and healthy (Saturday I'll get my first anti-Covid19 jab ) !

This depends solely on MCP (as I don't expect roytam1 to take this up on his own ), going by what is already known about them, they won't be jumping on that bandwagon very soon/if ever... Personally, I'm not that worried TBH, the article you linked to says:

Do you actually mean FirefoxESR 68 (I've never known a 64esr version to have existed; 60esr -> 68esr -> 78esr -> 91esr) ?

Sorry again, @Dave-H ; under latest Serpent 52.9.0/Vista SP2 32-bit, the "Country" section of Account Settings displays as below: Perhaps "View Members Flags" is only reserved for Mods now?

... Yes, thank you for the legible screenshot of Panda Dome's "about" window...

Sorry Dave, haven't seen the "flags" myself since many moons ago... They are certainly MIA on latest Serpent 52: I accept further discussing this here is OT ; there exists a now LOCKED thread I started in Feb 2020 in the Site & Forum Issues sub-forum where I pointed out last January that the flags had again vanished for good, but, as said, the thread was locked by a mod... If the flags are there for you (BTW, on which browser?) and you know of a way to bring them back for the rest of us, please come forth... Cheers

... Those of us here long enough still remember the "Country Flag" displayed under a user's avatar; so, I have always associated @roytam1 with Hong Kong and @luweitest with PRC... But the flag feature didn't survive the last major forum overhaul... But I, too, digress... I actually share the same thoughts... I have long ago realised that "no-one is without sin" (I refer to major application companies irrespective of nationality), so I treat them all alike... For the most part, I don't think I do any thing in particular that would interest NSA/CIA (Google Chrome and related services telemetry), FSB (Yandex Browser and related Russian services telemetry), or President Xi Jinping's agencies (360EE and related Chinese services); now, if I were an industrial or state spy , well, that would change things, but, if you'd believe me, I am simply not! St52 by Roy is my main browser here, but I do use 360EEv12 (Russian portable re-pack) for those Chromium-only sites... uBlock0 & Privacy Badger are used to minimise tracking (somewhat); for those feeling really uncomfortable with that browser, there's a dedicated thread in our Forum with many additional tips and a (rather long) list of IPs to block for "better" privacy... While I do appreciate your concerns about the browser, seeing the term malware attributed to it made me smile , considering 360 Qihoo are primarily a Security and AV firm... Best regards

7-zip can do it (provided you know your way to a Win98 compatible version of 7-zip); on Vista SP2 32-bit with latest 7-zip alpha (21.02a), I opened file mso2010-kb4504738-fullfile-x86-glb.exe with 7-zip and then proceeded to open (still in 7-zip) file mso-x-none.msp; of its contents, there's a file named PATCH_CAB; once you open that, too, you're presented with file MSO.DLL.x86; choose "copy" and save it to a location on your disk; once extracted, simply rename to mso.dll and Bob's your unkle!

Many thanks for your explanation! Perhaps it was just me, but my initial distinct impression was that "upstream" had somehow "goofed up" - period (and it wouldn't be the first time ... ); since "we" were the first to compile that "new" code, "we" were the ones to first discover the AOM's breakage... When "they", in turn, compiled the official UXP/PM master branches (latest Pale Moon 29.3.0a1), I searched the official forums for reports of broken AOM in 29.3.0a1, but I couldn't find any... I then did a check myself, as reported here... To cut a long story short, only "our own" version of UXP was "messed up", due to existing differences compared to upstream UXP... This is understandable, but yet another lesson why "upstream" code shouldn't be merged lightheartedly... Thanks again, keep up the excellent efforts! Hi ; I don't use Zoom myself, but just to humour you, I decided to follow the procedure required on: https://zoom.us/test Of course, I did reproduce your findings in latest Serpent 52.9.0, but then decided to also test on EOL'ed FirefoxESR 52.9.x, which is the immediate ancestor to St52, with even more WebAPIs present compared to the ones left (by MCP) in St52 ... ; perhaps unsurprisingly, the same story goes there, too: I think I've said it before elsewhere, but we should be really glad for all the sites we can visit and all services we can use with these MCP browser forks;, for the latest "fancy" things of Web 2021 that don't work, well, learn to live with it or find workarounds (when available...). MCP ("upstream") themselves advise their users to have an alternate, Chromium-derived, browser handy for these "non-working" cases; of course, "their" users are already on Win7+, switching to the latest Chromium-derivative there is easy ; sadly, not the case for us still on XP/Vista... The Zoom staff do currently support XP+Vista , if you visit their site with an XP/Vista useragent, you are offered file ZoomInstallerXP.exe (SHA-1 signed on June 2nd 2020); so I kindly advise you to take their offer if you're inclined to use Zoom Meetings on XP... I highly doubt (but can't test now) official Basilisk's ability to use "in-browser" Zoom; it still is FxESR 52 based and MCP haven't done much to update its WebRTC implementation... OTOH, Zoom mandate you use the "latest" version of a Chromium-based browser (Google Chrome, MS ChrEdge) or Firefox (aping Chromium in its web compatibity), so, as has been already discussed, modern web applications are being developed with Chromium in mind... As a last thing, I decided to put on "Zoom" test the 3 flavours of 360EE I have available here; v11 (Chromium 69 based) demands I first grant permission to zoom.us to access my cam and mic: Once I OK'ed to that and joined, I only get a prompt to update my browser for better audio quality, not that the computer's audio device is inaccessible (the case with St52+FxESR52): v12 (Chromium 78 based) exhibits the exact same behaviour as v11; lastly, v13 (Chromium 86 based), as it's based on a fairly recent version of Chromium, doesn't even display the prompt to update browser: Since my tests were done on Vista SP2 x86, YMMV on actual XP... Regards

Apologies accepted, but don't you have a working implementation of PRTSC (PrintScreen keyboard button) and Paint in your Vista install? 1. Press PRTSC (screengrab is copied to memory as bitmap) 2. Open Paint, Edit -> Paste (screengrab is loaded), File -> Save as (PNG or JPG) and tada! No special screenshot tools needed... : FTR, I couldn't read any of the characters in the image you uploaded...

On sister's Win7 SP1 64-bit laptop, I updated official Pale Moon unstable to the latest 32-bit build: Version: 29.0.3a1 (32-bit) (2021-05-07) [buildID=20210507130743] and that build was compiled from following sources Platform module: uxp-master-git-20210506-ge7e6356 Pale Moon source: pm-master-git-20210507-g2ad022d The platform (official UXP) source does include 6f707bd which is equivalent to a4b0f33 in the custom branch of your UXP fork... The thing is, the AOM (about:addons) in the above official PM unstable build works as intended, i.e. no additional patching of 6f707bd is required, whereas to get AOM working in latest NM28 you had to patch a4b0f33 according to 8eb3a27 ; @roytam1 : Why was NM28 (and several other UXP forks) affected by "upstream" changes, while their own app was "not messed up" ? Just wanting to get a clearer understanding of things in a somewhat deeper level, nothing more... As always, thanks for your on-going efforts into supplying browsers that still keep XP and Vista kicking for a tad longer ...

FTR, it's in: https://github.com/roytam1/UXP/commit/8eb3a27

Actually, the very URL you referenced (SSL Labs Server Test) suggests that only TLS v1.2 is supported, period:

I haven't checked myself @i430VX 's "installer" to ascertain whether it offers one the choice of setting Serpent 52 as the default OS browser, but in case one did so manually post "installation", Tools -> Preferences -> General -> Startup -> Serpent is not your default browser -> Make Default the Serpent shell integration must be reverted prior to "uninstallation"; e.g., if you want to set again FxESR 52 as your default OS browser, do so (from within Fx, preferably rebooting afterwards) before you start deleting Serpent-related directories/files... A registry clean-up post removal is also recommended (since no "proper" Serpent uninstaller exists that would take care of this...); this scenario, of course, is for when one simply "tried" Serpent and then wants to purge his/her system off it...

Only official Mozilla applications are entitled/authorised to use the Mozilla (Firefox) Sync infrastructure (and are thus allowed to carry the Mozilla-specific "authentication key" that enables connections with MozSync servers) ... In its initial life, Basilisk 52/UXP by MCP did have that auth-key, so its users could (ab)use Mozilla Sync servers (and sync between mobile Fx, too); but at a later point, Moonchild decided to "right the wrong" (basically, to keep Mozilla out of his back yard ) and newer Bk52 builds lost the ability to connect to MozSync... In any way, as Bk52 progressed further away from FxESR 52.9 (while Fx itself was moving quickly into its "Quantum" days), what could be synced safely between the two applications (via MozSync) was reduced to bookmarks, browsing history, browsing session, perhaps passwords; full profile sync (e.g. include installed extensions) was not possible, what was indeed probable was profile corruption if a user did not pay attention... As Basilisk 52 was eventually transformed into a "clone" (minus a few bits) of Pale Moon (but with the Australis interface), the two MCP apps now use Pale Moon Sync (MCP-maintained/owned) and can sync data between them; since mobile versions of the two do not exist, that leaves out syncing between a mobile device... UXP-based @roytam1's browsers, like NM28/Serpent52, also use the Pale Moon Sync infra (I suspect MCP aren't that enthused), but there exist at least two other "roytam1's browsers" that, AFAICT, are able to use Mozilla Sync: His Firefox 45esr fork, aimed at old hardware (CPU without SSE2) users, and his Serpent 55 fork ! Serpent 55 was initially based on MCP's Basilisk 55/Moebius project, later abandoned in favour of Basilisk52/UXP; despite the "55", it was forked off a Mozilla Firefox 53.0a1 code snapshot... St55 currently is a "test" application, code from UXP and a few other projects is being applied to it; is updated by Roy at least once every month... It currently has better features compared to Fx 52esr, especially in the TLS/HTTPS section (has support for final TLS v1.3), has more Web Extension APIs compared to Serpent 52, but doesn't carry many of the recent WebAPIs St52 does; e.g. , https://d3ward.github.io/toolz/src/adblock.html doesn't work in St55 (because of missing AbortAPI) ... And since Bk55 was "touched" () by MCP, St55 has been "optimised" to work as single-process application (I say this in case you are running FxESR 52 under XP with the "e10s hack"...). So, you can at least "trial" Serpent 55 on your XP partition without (hopefully) losing your Mozilla Sync "workflow" . In the longer run, you should definitely consider migrating to Serpent 52, sooner rather than later... A member in the official PM forums has recently posted that Basilisk 52 supports the third-party Sync solution called "EverSync", and the same stands true for St52: https://www.everhelper.me/synchronizer.php https://www.everhelper.me/everhelperplans.php https://addons.mozilla.org/en-US/firefox/addon/fvd-synchronizer/ Their "For Firefox" extension is compatible with St52, you have to register an account with them (but the same is true for MozSync); they advertise that you can sync data between "any computer and any browser"; the same, supposedly, is true for mobile devices, once you install there their Android app - their free plan looks promising... BTW: I have no affiliation with them in the slightest, nor do I use any of their offerings (); just pointing out that Sync "solutions" do exist outside of MozSync... My best regards

... I doubt it; you wrote: so the extension would have no compatibility issues installing in a FxESR 52, WE supporting, derived fork ... I just added the "strict_min_version": "52.0" condition in the manifest to stress the fact it is targeting Serpent 52.9.0 ... JSON files (a subset of JS) are very "sensitive" to syntax errors; a missing/redundant opening/closing bracket (of all types), a missing/redundant comma, etc. is enough to render the file non-valid when parsed by the add-on manager's code... If in doubt, you'd better validate the edited file with specialised tools, e.g. https://jsonformatter.curiousconcept.com/# When I fed it "my" edited manifest.json, it returned "Valid (RFC 8259)"

@athlonxpuser : No doubt you either messed up while editing the manifest.json file or, perhaps, when repackaging back to XPI... : FWIW, you can use the following manifest.json : { "name": "YouTube Redux", "version": "2.0.3.1-unsigned", "description": "Bring back old YouTube layout styles and features within the Polymer (modern) layout!", "permissions": ["activeTab"], "browser_action": { "default_popup": "popup.html", "default_icon": { "16": "images/16.png", "32": "images/32.png", "48": "images/48.png", "128": "images/128.png" } }, "icons": { "16": "images/16.png", "32": "images/32.png", "48": "images/48.png", "128": "images/128.png" }, "content_scripts": [ { "matches": ["*://*.youtube.com/*"], "exclude_matches": ["*://*.youtube.com/embed/*"], "css": ["styles.css"], "run_at": "document_start" }, { "matches": ["*://*.youtube.com/*"], "exclude_matches": ["*://*.youtube.com/embed/*"], "js": ["initial-setup.js"], "run_at": "document_start" }, { "matches": ["*://*.youtube.com/*"], "exclude_matches": ["*://*.youtube.com/embed/*"], "js": ["main.js"] } ], "web_accessible_resources": [ "images/classicLogo.png", "images/classicLogoDark.png", "images/sub-icon.png", "images/favicon1.ico", "images/favicon2.png", "images/favicon3.ico", "images/verified1.png", "images/verified2.png", "images/plus.svg" ], "manifest_version": 2, "applications": { "gecko": { "id": "YouTubeRedux@omnidev0", "strict_min_version": "52.0" } } } Disclaimer: I haven't checked whether the extension works as advertised, only the "installing" part of it is addressed here...

@dmiranda : If a HTTPS "proxy" is being involved, then check in Serpent 52 that: "Tools -> Preferences -> Advanced -> Network -> Connections -> Settings -> Connection Settings (popup) -> Configure Proxies to Access the Internet" is set to "No proxy" ; the default setting in a new/clean profile is "Use system proxy settings", i.e. the proxy configuration inside IE8 is being used for Serpent 52, too...

Many thanks, Dave, for your swift reply... As I feared, it doesn't see at all the SHA-2 file signature... I don't exactly know how the tool works, but if it's reliant on OS libs, this is no surprise at all, since XP itself doesn't have support for SHA-2 (You could also test sigcheck-v2.30 on your Win10 partition, if SHA-2 data are printed there, we'll be sure sigcheck uses OS level libs/functions... ) ... However, we are back at square one ; both sigcheck-v2.80/Win10 and sigcheck-v2.30/WinXP do see the SHA-1 file sig (which is the one validated under XP), so the mystery about the July 2020 wsusscn2.cab file doesn't seem related to file signatures... If only a "digital" Miss Marple could help on this...

... What do you mean exactly? If you mean (latest) Serpent 52.9.0 (2021-04-23) (32-bit), I have no issues loading either http://www.malsmith.net/yori/ or http://kmext.sourceforge.net/ , in both my dirty profile and in a new pristine one: Since both URIs are over plain HTTP, TLS versions/cipher suites/certificates shouldn't be involved...

I got mixed reports as to what was the last version of sigcheck to run on XP; this post from 2015 suggests XP support was dropped starting with v2.30, but another post from 2016 has v2.40 as the first one requiring Vista as minimum (???) ... To make matters worse, the official source only links to the most recent version of sigcheck, v2.80, which, as stated, doesn't run under XP ... It is quite hard now to find previous versions of sigcheck, I hope it's OK to mention here that a third party site has archived old versions of the SysInternals Suite bundle, the one entry named "Sysinternals Suite October 26, 2015" does include sigcheck-v2.30-x86 ; can a kind soul on XP solve the riddle for me? And, perhaps more importantly, does it support SHA-2 signatures? Thanks in advance !

Hi @Dave-H ; the d3ward test, hosted on GitHub, requires browser APIs that Firefox ESR 52.9.1 simply lacks, because it has been left to rot after its EOL in Sept 2018 (two and a half years already ) ; I won't even touch the security aspects of still using it, but the web itself has evolved greatly since then, usually for the worse, mostly according to what is being dictated by Google Chrome devs (which has been the topic of another recent post of mine...). After Microsoft acquired GitHub, one of the first things they did was to fire the old GH devs, who were more "willing" to keep GH backwards-compatible with non-Chromium/older browser engines; the M$ team that stepped in soon abandoned support for older browsers and quickly introduced "new" web technologies (read Chrome-isms), since their new and shiny toy browser, ChrEdge/Win7+, uses now the Chromium engine... One of these APIs is the AbortAPI (aka abortController) and it is now required for that adblock test to work successfully... I loaded the test URI in my portable copy of FxESR 52: and the error is generated because of //Function to check an url and set red/green result async function check_url(url, div, parent, np) { // Lets set up our `AbortController`, and create a request options object // that includes the controller's `signal` to pass to `fetch`. const controller = new AbortController() const config = { ...{ method: 'HEAD', mode: 'no-cors' }, signal: controller.signal } failing... OTOH, UXP-based browsers after October 2020 do have support for abortController API, hence the test loads and completes successfully there... I know you are very much entitled to your choice of FxESR 52 as your "main" browser in your XP-partition, but perhaps you should seriously consider migrating to latest Serpent 52.9.0 (it isn't such a huge leap from FxESR 52, but it is a maintained application with considerably better response to "current" web than the now deprecated browser it was forked off... ) . Just my 2p, of course ... Cheers

... It's the latest offering from the Canadian makers of Windscribe VPN and related browser extensions (they currently only offer WEs for Chrome/Firefox/etc., but JustOff has also made an unofficial "legacy" fork that works in NM27/NM28/St52/St55 ! It's too bad the free ControlD DNS servers do not offer geo-block circumvention features, because that is the main reason I currently use Windscribe for (with "privacy" protection as an added bonus... ) . Saluti

A cursory Google/Microsoft search didn't yield any... Of course, I did find https://download.microsoft.com/download/2/0/E/20E90413-712F-438C-988E-FDAA79A8AC3D/dotnetfx35.exe (full standalone installer), but it's only SHA-1 signed...