Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


roytam1

My build of New Moon (temp. name) a.k.a. Pale Moon fork targetting XP

Recommended Posts


You can enable or disable SSL/TLS ciphers according to your own security preferences. Go to about:config and filter for security.ssl3 and you'll see all available cipher suites for SSL 3.0 through TLS 1.2. Filter for security.tls13 to see the available cipher suites for TLS 1.3. Set to true to enable or false to disable. Changes are stored in your profile so they'll "stick" between browser updates; but you have to do this for every browser profile you use.

A few Web sites may not yet use newer, more secure ciphers; if you visit any of those, you'll need to leave a less secure cipher enabled to access it. If you disable some ciphers, then can't connect to a site, that's probably the reason. Create a new, "clean" profile, restart the browser specifying it, and try again. If it works, check which cipher your browser uses with a particular site by clicking the padlock, then the right arrow, then "More Information." Then restart your browser with the default profile, and re-enable the cipher your browser used with that site. Your communications with that site are probably still reasonably secure, but be aware that they could eventually be decrypted by someone determined enough; perhaps even years later, and act accordingly. Ideally, you should contact the Webmaster and ask them to enable newer, more secure ciphers. (The Web site may choose to leave some older ciphers enabled as well, for compatibility with older browsers. That's fine as long as the newer ones are preferred.)

  • Upvote 1

Share this post


Link to post
Share on other sites
Posted (edited)

Offtopic: I still don't particularly understand why HTTPS was so encouraged by Chrome and its derivatives (including of course Firefox since they ran out of ideas) all of a sudden everywhere since the middle of 2015, especially given the big countries will always find a way to decipher whatever's being passed through somehow via ISP co-operation or whatever...

(The UK for example has banned end-to-end encryption on IM and some other platforms, so anything that claims to use it here actually isn't, they have to disable the encryption on the UK users' end so the government and such alliances can read it and not have to say anything about that.)

Understandable if you're trying to protect against say a bank card interception of details by some nolife sitting in a basement intercepting it, but not everywhere should have to be forced to use it or be forced to drop lower. The only place it's needed is when submitting data since ISPs usually end up logging history/etc anyway...

Edited by hydro2duo

Share this post


Link to post
Share on other sites

The about:support page is broken for me in UXP, the addon information or the user string no longer shows, is this intentional? Tried and confirmed with a fresh profile so I don't know of any pref setting to fix it if it can be. 

Share this post


Link to post
Share on other sites
Posted (edited)

You beat me to it.. same here with the:

Help>Troubleshooting Information

Shows all blank places - so for now, went back to the previous build.

Edited by sal here
typo

Share this post


Link to post
Share on other sites

Sorry for the delay, but my installer will now download the latest builds.
:)

 

Share this post


Link to post
Share on other sites
Posted (edited)
7 hours ago, DanR20 said:

The about:support page is broken for me in UXP, the addon information or the user string no longer shows, is this intentional? Tried and confirmed with a fresh profile so I don't know of any pref setting to fix it if it can be. 

just found a typo in my modified code, archives are updated to fix this bug.

Edited by roytam1
  • Like 2
  • Upvote 1

Share this post


Link to post
Share on other sites
33 minutes ago, roytam1 said:

just found a typo in my modified code, archives are updated for fix this bug.

Good to hear, I'd be lost without that. 

Share this post


Link to post
Share on other sites
On 7/14/2019 at 11:47 AM, hydro2duo said:

I still don't particularly understand why HTTPS was so encouraged by Chrome and its derivatives (including of course Firefox since they ran out of ideas) all of a sudden everywhere since the middle of 2015, especially given the big countries will always find a way to decipher whatever's being passed through somehow via ISP co-operation or whatever...

(The UK for example has banned end-to-end encryption on IM and some other platforms, so anything that claims to use it here actually isn't, they have to disable the encryption on the UK users' end so the government and such alliances can read it and not have to say anything about that.)

Well, the best encryption today is so strong that not even the US NSA can crack it. Of course, that just means they turn to hacking techniques; i.e., finding vulnerabilities in OSes and ways to exploit them, which naturally cause havoc when they get leaked, as with the WannaCry debacle.

I believe the idea of universal HTTPS was a good one: if everyone uses it, then its use won't be looked on with suspicion, so we paranoid types won't be targeted by the likes of the NSA or MI5/6 as "potential terrorists" just for trying to protect our privacy. That's also why the UK took the extreme (IMO) step of banning end-to-end IM encryption: if they could crack the encryption, they wouldn't have bothered; but if, instead, encryption is outlawed, they can just "assume" anyone using it is up to no good and investigate them. (It won't work though: the "real" terrorists will just use steganography to conceal encrypted messages in innocuous-seeming images, audio files, etc.; the ones that'll get busted are folks just trying to conceal an affair or something.)

What does annoy me, though, is the way Web sites keep disabling older, less secure protocols and ciphers. Sure, the newest protocols and ciphers should always be the first choices, but there's no good reason to lock folks out of your Web site just because they're still on Android 4.0 or XP or whatever. But at least we have @roytam1's browsers with the latest NSS versions to handle those sites that require the latest security.

  • Upvote 1

Share this post


Link to post
Share on other sites
Posted (edited)
On 7/13/2019 at 7:21 AM, roytam1 said:

New regular/weekly KM-Goanna release:
https://o.rths.cf/kmeleon/KM76.2-Goanna-20190713.7z

snipped

Really impressed by the speed and the rendering of this browser. Unfortunately there are missing features in his building (almost present in modern browsers) such as the ability to duplicate, or close a card with a dedicated cross (unless you're a pianist with CTRL + F4) or navigation incongnito, or copy and search on web but does his job admirably with an easy costumization.

Edited by Vistaboy

Share this post


Link to post
Share on other sites

vistaboy wrote about KG76.2:


Really impressed by the speed and the rendering of this browser. Unfortunately there are missing features in his building (almost present in modern browsers) such as the ability to duplicate, or close a card with a dedicated cross (unless you're a pianist with CTRL + F4) or navigation incongnito, or copy and search on web but does his job admirably with an easy costumization.


Please elaborate, to figure out solutions?
The prob is, K-Meleon may be missing some essential things, but it also has lots of hidden features which simply aren't visible to unexperienced users.
For example most buttons have a handy right-click menu, which most people never discover just because they have no little-arrow as indication (example Home or Go-buttons)
A killer feature is the hidden privbar (View > Toolbars) with buttons for 1-click toggle of javascript, cookies etc.
Or the "about:about" page has lots of working links to more settings, incl. about:addons, which are not found anywhere in the menus, just because the GUI hasn't been updated in the last ten years or so, only the engine (install macro aboutabout to get at least a makeshift-menu)
Copy+search: select a text in a webpage and hit the search button (or similarly: select a text LINK and hit the Go-button)
Duplicate a tab: pull the tab into an empty space on tab bar (if any left ;-), or right-click on Go-button
If you want a closing cross on tabs: guess for this there's actually a GUI somewhere, perhaps in F2... (would have to look it up, am myself stuck on old version)
There are also macros for easy useragent-toggling, I recommend my "useragents2018" which also helps for easier managing site-UAs.
  • Like 2

Share this post


Link to post
Share on other sites
On 7/13/2019 at 11:49 AM, Sampei.Nihira said:

QhLNCxBq_o.jpg

The link highlighted by the arrow leads to the web page:

http://binaryoutcast.com/

How does this compare to Thunderbird?  Is it like earlier 1x and 2x versions?  Or even like SeaMonkey Mail?

How is it different than Matt Tobin's Interlink application?

Share this post


Link to post
Share on other sites

MailNews is basically an XP/Vista-compatible build of Interlink, which explains the link in the about: window seen above going back to Tobin's site.

With browsers (particularly Serpent), @roytam1 occasionally reverts some changes to retain useful features removed in "official" builds, so even users of newer Windows versions may prefer his builds to the official ones. That's not really the case with MailNews; there's little reason to deviate from an official build of an email client, other than branding.

@VistaLover found the source code for the about: window. It's an .xul file. I made a trivial change in my copy of the Interlink repo, pointing to @roytam1's page vs. Tobin's (roytam1 is free to incorporate this change in his builds if he wants); unfortunately the link destination isn't controlled by a pref, so it's not so easily moved to the "branding" folders of the source tree as the Help menu links were.

  • Like 3

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   1 member

×
×
  • Create New...