Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


roytam1

My build of New Moon (temp. name) a.k.a. Pale Moon fork targetting XP

Recommended Posts

The man needs to look more at what was posted and less at who posted it. Even misspelled "concerned" - uncharacteristic for him. He must've really lost it. And Feodor2 merely suggested removing some code that's no longer relevant, given what MCP has already removed.

Anyhow, it's interesting that PM (& presumably NM) don't have Web application support either. Serpent seems to, although components like service workers have to be manually enabled - then locked down to prevent abuse. Maybe that's why?

Share this post


Link to post
Share on other sites

 Minutes ago, I tried logging into my GitHub account using New Moon 28.6.0a1 (I'm on a slightly older build with buildID=20190530233318), a process I've successfully completed countless times over the past year or so using NM28; but M$ owned GitHub wouldn't let me in this time :realmad: ; nothing was changed on my part since yesterday, when I had a successful log-in using the same browser version and profile... :dubbio:

To proceed, I had to supply a 6-digit security code, to properly verify my device (??????) :o ; the code was contained in the following e-mail: 

Quote

Hey <username>!

A sign in attempt requires further verification because we did not recognize your device. To complete the sign in, enter the verification code on the unrecognized device.

Device: PaleMoon on Windows
Verification code: <redacted>

If you did not attempt to sign in to your account, your password may be compromised. Visit https://github.com/settings/admin to create a new, strong password for your GitHub account.

For more information, see https://help.github.com/articles/keeping-your-account-and-data-secure/ in the GitHub Help.

To see this and other security events for your account, visit https://github.com/settings/security

If you run into problems, please contact support by visiting https://github.com/contact

Thanks,
Your friends at GitHub

Let me just clarify I don't consider any Microsoft employee as my "friend", but this is obviously a discussion topic for another board/site... :sneaky:

I went ahead and submitted the code and, fortunately, I managed to log in :) ; but what baffles me is why my initial attempt failed? FWIW, I don't employ a SSUAO for GitHub in NM28, because it was not needed (until now?) ...

Any GitHub members here with a similar experience running New Moon 28 on XP/Vista?

  • Like 1

Share this post


Link to post
Share on other sites
12 hours ago, roytam1 said:

there is an override in about:config, you may change "general.useragent.override.web.whatsapp.com" to "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2049.0 Safari/537.36"

This has been taken care of upstream:

https://github.com/MoonchildProductions/UXP/issues/1152

https://github.com/MoonchildProductions/UXP/commit/f46e7a46cc16260d9c346016db43cf920cc6706a

... and speaking of "upstream", the stable PM channel has had a 28.6.0 release

https://github.com/MoonchildProductions/UXP/releases

while the unstable PM channel (from which NM28 is forked) has just had a version bump to 28.7.0a1

https://github.com/MoonchildProductions/UXP/commit/c794a79d87a64425c3c23af78f4234833fb9bd79

(... that version bump may cause language-pack breakage in next Saturday's New Moon 28.7.0a1 builds; as always, you should check out for updated packs at https://github.com/JustOff/pale-moon-localization/releases )

:hello:

Share this post


Link to post
Share on other sites

They actually went overboard, by changing the SSUAO to report Win 10. Reporting Win 8.1 is sufficient, and by the time whatsapp.com actually requires Win 10 they'll need to change it again anyhow.

@VistaLover: it sounds like Github has added the same annoying second-level security that many financial Web sites use: when you successfully sign in, they set a cookie; but if that cookie isn't found you have to go through an annoying "we'll verify this is really you by sending an email to 'your' email account" procedure.

When money's involved, I can understand; it wouldn't take long to steal your bank account and the bank would be liable. But I just don't think Github is that critical; IDK why M$ has implemented this for Github's login.

Share this post


Link to post
Share on other sites
Posted (edited)
On 7/2/2019 at 11:35 AM, Mathwiz said:

The man ('MAT' person) needs to look more at what was posted and less at who posted it.

Just giving again a THANKS to YOU for doing the 'Pulls' needed to FIX the (Menu) 'HELP' URLs
related to RT's Browsers here. It is GOOD to 'head off' further complications related to 'MAT' person.

Added Later: RT observed (below) of 'MAT' person --> "(He is) better (seen) using binoculars"
Okay, I did LOL on this above from RT. :)

Added Later: VistaLover observed (below) of 'MAT' person --> "(He) wants your arm and shoulder too,"
GOOD that my HEAD is attached ... somewhere! ;)

Edited by TechnoRelic

Share this post


Link to post
Share on other sites
5 minutes ago, TechnoRelic said:

It is GOOD to 'head off' further complications related to 'MAT' person.

... I'm sorry to say this (thus slightly disagreeing with you), but whatever "one" (as in an XP fork maintainer ;) ) does will never be sufficient to keep Matt A. Tobin at bay or make him revisit his opinions/change his behaviour towards the XP forks people... Just consider that @Feodor2 has taken the steps to fully rebrand his forks, yet he's still being treated as trash by the Tobin person :angry:; don't be fooled, he's the kind of people that want your arm and shoulder too, when you're simply extending your hand to them... :P

  • Like 1

Share this post


Link to post
Share on other sites
12 minutes ago, VistaLover said:

he's the kind of people that want your arm and shoulder too, when you're simply extending your hand to them... :P

it is always be safe and keep distance from him, better using binoculars to observe him instead.

  • Like 3

Share this post


Link to post
Share on other sites
On 7/3/2019 at 9:00 AM, roytam1 said:

it is always be safe and keep distance from him, better using binoculars to observe him instead.

As I do. There's no point in trying to respond to that vitriolic nonsense (now, the point of separating branding and redirecting help/support links to this forum thread instead of his site is a fair point and makes sense. What isn't fair is his seemingly compulsive need to viciously berate anyone who dares modify and use his product (or a derivative thereof) on an OS he doesn't support.

Just let him do whatever he does, filter out whatever information is actually useful from that which is intended to insult or criticize, and move on.

Some people just don't like to play fair.

c

  • Like 2

Share this post


Link to post
Share on other sites
10 hours ago, cc333 said:

As I do. There's no point in trying to respond to that vitriolic nonsense (now, the point of separating branding and redirecting help/support links to this forum thread instead of his site is a fair point and makes sense. What isn't fair is his seemingly compulsive need to viciously berate anyone who dares modify and use his product (or a derivative thereof) on an OS he doesn't support.

Just let him do whatever he does, filter out whatever information is actually useful from that which is intended to insult or criticize, and move on.

Some people just don't like to play fair.

c

He presumably doesn't really understand the concept of "open source"!
:lol:

Share this post


Link to post
Share on other sites
On 7/4/2019 at 7:05 AM, Dave-H said:

He presumably doesn't really understand the concept of "open source"!
:lol:

Indeed!

c

Share this post


Link to post
Share on other sites
7 hours ago, Sampei.Nihira said:

Hi to all.

Bug in Firefox allows local files to be stolen:

https://bugzilla.mozilla.org/show_bug.cgi?id=1560291

Test:

Type in the address bar:

file:///c:/

It's important to be precise here. The bug isn't that typing file:///c:/ in the address bar shows your C: drive - that's what it's supposed to do.

The bug is that an HTML document in C:\ can access any other file on the C: drive. This isn't easy to fix though, as Mozilla explains:

Quote

Chrome has a very restrictive file:// security policy: every single file is a different origin. This unfortunately breaks a lot of use cases (e.g. HTML documentation). We have a security policy where a file can only access things in the same directory or subdirectories. This works fine as long as you don't dump unrelated things in the same directory... It's hard to restrict the thing you're concerned about with here without breaking a huge number of legitimate things people depend on. :(

A fix would probably involve treating certain locations as special cases: drive root directories, "C:\Program Files," the desktop, etc., which are likely to contain "unrelated things." (Mac/Linux would have different exceptions, of course.) Probably along with a new set of prefs so users could control it on a spectrum from Chrome-tight to "anything goes."

Unfortunately it would take a much better programmer than I to make a change like this. Probably best to just wait and see what Mozilla and/or MCP come up with. In the meantime, just avoid saving Web pages or other HTML documents to the desktop or similar "high-level" directories. Even if you use your browser's or email client's default "downloads" directory, all anyone will be able to steal is your other downloads.

  • Like 1

Share this post


Link to post
Share on other sites

A misbehaving web page:

http://xkctk.hangzhou.gov.cn/yhdl/

The last input field is for verification code that is displayed in the right. Despite how correct your input is, it will mark you a wrong cross and refresh the image, making you fail to log in. IE8 has the same problem. But on my android phone's firefox mobile the page behaves normal.

Share this post


Link to post
Share on other sites
Posted (edited)
59 minutes ago, luweitest said:

A misbehaving web page:

http://xkctk.hangzhou.gov.cn/yhdl/

The last input field is for verification code that is displayed in the right. Despite how correct your input is, it will mark you a wrong cross and refresh the image, making you fail to log in. IE8 has the same problem. But on my android phone's firefox mobile the page behaves normal.

I got no problem here. Did you choose "Firefox compatibility" in preferences?

Linaix9.png

Edited by roytam1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...