NotHereToPlayGames
Content Type
Profiles
Forums
Events
Everything posted by NotHereToPlayGames
-
Update -- as I dig deeper, POS updates are listed in the IE8 Addon starting with 1.5.31. So it turns out that my XP x86 XP3 does have a very small handful of POS updates.
-
Not sure how this progresses the conversation any, but ALL of those sites listed above show as "secure" for me in v13 360Chrome build 2206, Mypal 27.9.4, NM27, NM28, Basilisk, and BNavigator. And show as "secure" on my XP x86 SP3 and my XP x64 SP2. So something in your "SP4" or your "post-SP4" broke something. I have neither of those installed on my XP x86 SP3. My XP x86 XP3 is built from this -- XPSP3_QFE_UpdatePack for Windows XP Post-SP3 20180109 ... and this -- [Addon] Internet Explorer 8 for 32-bit XP 1.5.42 HOWEVER, my install DVD says that I used IE8 1.5.38 and it has since been updated to 1.5.42. The differences being -- Version 1.5.42 2018-09-17 —5eraph Added KB4457426, replaces KB4343205. Version 1.5.41 2018-08-19 —5eraph Added KB4343205, replaces KB4339093. Version 1.5.40 2018-07-15 —5eraph Added KB4339093, replaces KB4230450. Version 1.5.39 2018-06-13 —5eraph Added KB4230450, replaces KB4103768. KB4230450 == POSReady... I do not install POS... https://www.catalog.update.microsoft.com/Search.aspx?q=KB4230450 KB4339093 == POSReady... I do not install POS... https://www.catalog.update.microsoft.com/Search.aspx?q=KB4339093 KB4343205 == POSReady... I do not install POS... https://www.catalog.update.microsoft.com/Search.aspx?q=KB4343205 KB4457426 == POSReady... I do not install POS... https://www.catalog.update.microsoft.com/Search.aspx?q=KB4457426 I strongly suspect, and I'm not trying to start a lengthy debate, but all the facts seem to point to this -- POSReady2009 is what broke your security certificates! I think that's where we need to start next -- to everyone that is seeing MSFN as "insecure" when using Chromium-based browsers on XP x86 SP3, did you install POSReady2009 hotfixes? Again, I am trying to help, so I hope it is coming across that way.
-
I can't help but be curious (and at the risk of opening Pandora's Box but in the spirit of leaving no stone unturned) - 360Chrome was developed, at its core, to backport browser functionality specifically to XP. So I guess I find myself of little-to-no surprise that 360Chrome is showing sites as "secure" when in XP but "mileage may vary" when that browser, designed for XP, is tested in Vista and 10. So why even run 360Chrome in Vista or 10 when there are "non-backport" browsers available on those platforms? Vista I kinda get, it too is an "expired" OS. Please don't misread, I'm asking because I am curious. Is it because XP has a larger following than Vista and nobody out there is "backporting" specificly for the Vista Audience? Forgive the curiosity, I'm just trying to place myself in your shoes - my shoes are XP so I understand the path that I walk in those shoes. edit - although, having asked that question, I should also disclose this -- I run Mypal 27.9.4 on my work computer and it runs Win10 x64, I do that for RAM/CPU purposes and for "lighter" extensions.
-
And your profile says Win10 x64. Ecosia and Discord both show as "secure" for me (XP x64 SP2, v13 360Chrome build 2206). So this really is just another example of where the same exact browser gives different results in different operating systems. Unless I am missing something, that still points to the OPERATING SYSTEM and not the browser. Let's try a different route (I am trying to be of assistance, honestly!, despite my personal conviction that a brower's "padlock" reveals NOTHING about my level of "security", it's a girl in the forest cyring wolf when there is no wolf or crying fire in a movie theater when there is no fire or a car alarm that is set off by a cat sniffing the tire - to each their own, different strokes for different folks). 360Chrome is based on Chrome v86 and this dated October 2020. So what happens for Vista and Win10 for Firefox version 80.0.1 (released September 2020). ie, does a Firefox version release around the same time as Chrome v86 show the same results?
-
Tracked down and reloaded my Vista VM. It's dated 2019 and official Vista support ended in 2017, so it "should" be fully updated - but I am not 100% on this as I use my Win7 VM much more than my Vista VM. At any rate, here are some findings (these are from v13 360Chrome build 2206 when on Vista VM) -- MSFN == insecure connection Wikipedia == insecure connection Google == insecure connection Roytam's rtfreesoft blog == insecure connection Chromium woolyss (source for ungoogled-chromium) == insecure connection browseraudit.com (a recent test site of recent rave) == insecure connection Base Mark 3.0 (another common test site) == insecure connection microsoft.com (I find this one particularly funny) == insecure connection cloudfare.com == insecure connection mozilla.org (equally funny) == insecure connection linkedin.com == insecure connection adobe.com == insecure connection msn.com == insecure connection reuters.com == insecure connection opera.com (browser download, not a fat lady singing) == insecure connection cnn.com == insecure connection bbc.com == insecure connection nytimes.com == insecure connection bloomberg.com == insecure connection washingtonpost.com == insecure connection ALL of the above show as "secure" in v13 360Chrome build 2206 on XP x64 SP2. ALL of the above show as "secure" in Serpent/Basilisk v52.90 (2021-07-30) when on Vista VM - but as insecure in v13 360Chrome build 2206 when on Vista VM (despite being "secure" on XP x64 SP2). Not sure "where" that gets us, but I offer it to the discussion at hand.
-
You site that MSFN shows up as "insecure" but did you comapare to ANY other browser? Did BOTH browsers say "insecure" or did only ONE? I will try to expand on my view of this issue - I am not always the best at communication "skills" but we all have our days, lol. I seem to be in the minority but that does not make me "wrong", please allow me to explain because SSL has become a GIGANTIC topic of late here at MSFN. So your browser is claiming to be "insecure" on MSFN and the solution isn't some form of "I can not log in because I can not trust MSFN" but rather "What modifications can I make to my operating system or browser for MSFN to 'appear' "secure" "? To the point of users creating "cert-packs" and moderators yanking them for MSFN Rule Violations -- seriously, ponder that for a second. Isn't this the EXACT OPPOSITE of "secure" -- to blindly trust an MSFN forum member that created their own "solution" then publicly distrubuted it for others to install onto their computers? My official XP x86 SP3 and my official XP x64 SP2 both show MSFN as "secure". So if another user on a different XP says "insecure", that basically tells me that the user broke something - installed some "cert-pack" that I did not, installed POS updates that I did not, hacked their kernel that I did not, et cetera. They may have had the best of intentions, but the end result was that they broke something when they inteded to try to fix something. But you still cannot deny that my XP says "secure" and the hacked-with-best-of-intentions version of XP says "insecure". Maybe the hack was to get YouTube to show as secure and the hack fixed that - but broke MSFN. So is that hack to be trusted or not (I'm on the not-side). Your profile cites Vista Business x64 -- can you install a brand spanking new VirtualBox VM and see if it shows MSFN as "secure"? That would reveal that something is "broken" in your host Vista. Generally speaking, to me at least, when a web browser says "insecure", it is NOT the web browser that is "insecure", it is the OPERATING SYSTEM. That is, unless I can show a DIFFERENT web browser on the SAME computer to show "secure" - which I'm not 100%, but I don't think I've ever witnessed that scenario. Hope that helps.
-
It's the dog chasing its tail.
-
I do know that the "anti-tracking" feature (which I do not use) is offset by 24hrs and I have fixed this in my release and pointed it out to Humming Owl for his release. Aside from that, my "history" page is off by ONE HOUR but the month/day/year is correct. Had'nt noticed that ONE HOUR difference until just now.
-
We kind of need an example link to go anywhere with this.
-
We do all need to kinda know our own balance. I personally have never in my entire life installed any "certificates" (well, can't really say "never", I used to create my own certificate for a program called Proxomitron). But at the OS level, if it didn't come from an official Microsoft "KB", then it isn't on my computer! Mileage varies on this one, but I do NOT install POS updates. My balance is along the same lines of @Dixel - he did NOT just install a set of certificates, he extracted them, peaked inside, and knew what portion to install and what portion not to install. NOTHING gets "installed" on MY computer without me extracting them, peaking inside, making a few modifications, and creating my own self-extracting archive to copy files and create the registry keys I want and drop the "bundled" registry keys that the "author" tried to sneak past me, et cetera. I haven't "installed" any software on my computers via the developer's "installer" in somewhere between 15 and 20 years. But at the same time, "that" isn't for everyone. Being self-aware enough to control your mouse-clicks - that IS for everyone. Knowing which web sites are respectable and trustworthy and safe to download from - that IS for everyone. Caveat emptor! What I am trying to drive home is this - YOU are responsible for YOUR security, that "green padlock" should not be your warm-and-fuzzy!
-
I'll concede that "meaningless" is not the best way to "word" my POV, so I shall expand a bit. My POV remains - SSL "security" is MEANINGLESS and should NOT be "relied upon" to indicate your level of "secureness". Fake websites know how to "appear" secure -- https://www.semrush.com/blog/https-a-modern-false-sense-of-security/ YOU the USER must learn how to be "net savvy". If you click on a link that says the website needs to "verify your identity" and you do so because you see a "green padlock" - SHAME ON YOU. If you clicked a link from an unknown sender in an email and the link takes you to a "green padlock" that says to click here to "unsubscribe" - SHAME ON YOU. If a web browser popup claims they detected a virus on your computer, click here to run a full scan and you see a "green padlock" - SHAME ON YOU. If you can't spot the difference between your browser's "auto-update" dialog and a web page with a "green padlock" saying your brower needs updated - SHAME ON YOU. Et cetera...
-
For those wanting to test, it took me quite a while to actually find something out there in the wild that does NOT use HTTPS (in fact, I couldn't find anything for sites that I regularly visit, I just never paid any attention to it). So I found this instead -- https://whynohttps.com/
-
ps - regarding HTTPS Everywhere (which again I don't use but nor do I have the need to visit https instead of http, why do I need a "secure" connection to check the weather or read the news?) <excerpt from Wikipedia> Other criticisms are that users may be misled to believe that if HTTPS Everywhere does not switch a site to HTTPS, it is because it does not have an HTTPS version, while it could be that the site manager has not submitted an HTTPS ruleset to the EFF, and that because the extension sends information about the sites the user visits to the SSL Observatory, this could be used to track the user. </excerpt>
-
That's the way the internet is SUPPOSED to work. Unless you use something like "HTTPS Everywhere" extension -- https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp?hl=en To me that kinda seems pointless, but "to each their own".
-
Mypal is giving me the same thing -- Ecosia is fine but browserleaks has a red exclamation mark. I personally feel that cert warnings are MEANINGLESS. UNLESS you see it on your bank account site!
-
Ecosia shows up fine for me but I get the same as you for browserleaks --
-
I should further point out that I see some forums where some ESET (antivirus and firewall product) users have blocked that "connection" and it fully disabled their Vivaldi, Opera, and Chrome from connecting to the internet. As I mentioned above, it is not an "external" connection. I find it a rolling-on-the-floor-in-laughter read on one of the Vivaldi sites. Several people name-calling other folks and tellilng them to put their tinfoil hat back in the closet. Thanks, that was a very hilarious way to spend my lunch break
-
For you Mozilla-based readers, see "Network Detection" section here -- https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections
-
Oh, also found this -- https://bbs.archlinux.org/viewtopic.php?id=246181
-
That's technically not an "external" address. That connection isn't really a connection, it is a network discovery and Mozilla-based browser perform a "network discovery" also (I'll provide a screencap if you don't believe me). If they concern you, go to chrome://flags, search for media router, and disable the pertinent flag - I'm showing three, please report your findings on which of the three prevents this INTERNAL connection.
-
Oh, I know what you did, you calculated to "today". Microsoft's CVE 2020-0601 security bulletin is ANCIENT, it didn't come out "today". I'm showing CVE 2020-0601 to be announced Jan 14, 2020 (568 days ago... 1 year 6 months 21 days ago... 18 months 21 days ago...)
-
Either your calculator is broken or your calendar is broken, I'll let you decide. I did "round up", which is fairly standard - but I am unable to reverse-engineer whatever math you used
-
The videos on that page plays for me in these 360Chrome versions -- 11, 12, and 13. But does not work in these 360Chrome versions -- 8.5, 8.7, and 9.5.
-
Unable to replicate. That video plays for me in v13 build 2206 and in Humming Owl's v13 build 2250.