Jump to content
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble
Strawberry Orange Banana Lime Leaf Slate Sky Blueberry Grape Watermelon Chocolate Marble

MSFN is made available via donations, subscriptions and advertising revenue. The use of ad-blocking software hurts the site. Please disable ad-blocking software or set an exception for MSFN. Alternatively, register and become a site sponsor/subscriber and ads will be disabled automatically. 


roytam1

My browser builds (part 2)

Recommended Posts

Please, write what is under the link so others know if it's worth clicking or not. You're not earning monies on clickbaits, why do you need everyone to click? :)

  • Like 1
  • Upvote 1

Share this post


Link to post
Share on other sites

21 hours ago, siria said:

Machine translation to English for those lacking access to on-line translators

Quote

 Chromium developers have proposed to unify and expire the User-Agent header
(14.01.2020 18:04)

 The developers of Chromium proposed to unify and freeze the contents of the User-Agent HTTP header in which the name and version of the browser are transmitted, as well as restrict access to the navigator.userAgent property in JavaScript. No plans to delete the User-Agent header yet. The initiative is already supported by the developers of Edge and Firefox, and is also already implemented in Safari.

 In accordance with the current plan, access to the navigator.userAgent property will be declared obsolete in Chrome 81, scheduled for March 17, Chrome 83 will stop updating the browser version and unify operating system versions, and Chrome 85 will unify the line with the operating system identifier (it will only be possible to determine the desktop and mobile OS, and for mobile versions, information about the typical sizes of the device will probably be given).

 Among the main reasons for unifying the User-Agent header is its use for passive fingerprinting, as well as the practice of faking the header with less popular browsers to ensure the functioning of individual sites (for example, Vivaldi is forced to present itself to sites as Chrome). At the same time, the fake User-Agent in second-tier browsers is also stimulated by Google itself, as User-Agent blocks the entrance to its services. Unification also allows you to get rid of obsolete and meaningless attributes such as 'Mozilla / 5.0', 'like Gecko' and 'like KHTML' in the User-Agent string..

 As a replacement to User-Agent, the User-Agent Client Hints mechanism is proposed, which implies the selective return of data on specific browser and system parameters (version, platform, etc.) only after a request by the server and giving users the ability to selectively provide similar information to site owners. When using User-Agent Client Hints, the identifier is not transmitted by default without an explicit request, which makes passive authentication impossible (by default, only the browser name is specified).

 As for active identification, the additional information given in response to the request depends on the browser settings (for example, the user may refuse to transfer data at all), and the transmitted attributes themselves cover the same amount of information as the User-Agent string currently. The volume of transmitted data is subject to the Privacy Budget limit, which determines the limit on the amount of data that can be potentially used for identification - if further information can lead to anonymity violation, then further access to certain APIs is blocked. The technology is being developed as part of the previously introduced Privacy Sandbox initiative, aimed at achieving a compromise between users' need to maintain confidentiality and the desire of ad networks and sites to track visitors' preferences.

 

Edited by VistaLover
  • Like 1

Share this post


Link to post
Share on other sites

Thanks!
But the best are the comments, highlighting some consequences, obviously based on plenty experience with Googles hostility already, and in general with getting locked out from websites.

This will be a HUGE prob for all alternative browsers or users on old systems, which today already get Google's threats e.g. on youtube "SOON WE WILL NOT SUPPORT THIS BROWSER ANYMORE" (or similar). In the future much harder to escape them and receive the page uncrippled.
Probably deserves an own topic?

PS: completely shocked again about this translator-block :-( So even if someone in fenced countries has access to free websites outside, it won't help much if they can't translate it. Or only translate with other services, which may take part in the blocking.

(I've been thinking about uploading the translation somewhere, but then again, probably not much interest as this is just one report, and that subject will be covered and discussed on some english sites/forums too, with similar comments)

Edited by siria

Share this post


Link to post
Share on other sites
On 1/7/2020 at 2:05 PM, msfntor said:

So your "Mainboard ... has capacitors plague... some capacitors are ill or dead."

"you see endless problems." but can do nothing now...

I think that your PC is dead, change it then.

Hm haha I get impression that some of your postings sometimes  "doesn't mean anything" to me, and are wroted by an Microsoft "messenger" (no offense, an assumption, supposition only) to laugh, distract and impoverish the valuable content of this forum ...

There were some entertainment on another forum...:

I remember the old forum.sysinternals.com, where there were topics made expressly by people playing senile, who wanted to get the impression that they were technically up to date, but in fact their posts were meant to distract, entertain and increase the good mood of those reading these topics... I laughed a lot reading these "professional" topics in forum.sysinternals.com...

So you too are sent by Microsoft, please?
Perhaps the moderators can make a special topic only for you, with all your posts?...what do you think, please?

waste to reply ignorants. its a reply of someone holding his nose high and telling it to people with less knowledge. aka arrogant.

My 25 Years of pc-knowledge is high enough to judge situations.
2. First memory-slot is dead causing the crashes. running with 2GB.

 

On 12/23/2019 at 11:01 AM, VistaLover said:

He wrote:

... so by "latest" it could only be

firefox-45.9.18-20191207-082eb5b14-win32-sse :whistle:

Yes nothing ESR there. Nightly(not listed) 45.9.-18 SSE. other version: 45.0.3 ESR if present Nightly should be removed.

 

On 12/24/2019 at 5:32 AM, msfntor said:

@VistaLover,

Surely I don't need so many browsers, I must give up the ones that disturb me, it would be wise.
Thank you for posting so many explanations, that way I would be less ignorant, hopefully.

Merry Christmas to you, you all!

But complaining about other halfignorants that is ok.

 

On 1/6/2020 at 6:52 AM, msfntor said:

Maybe problem is in some services (Messenger...)- clean them strongly, look too on ctfmon activity... delete it.

- And your fan?... Clean or change it maybe...dust

I dont listen to you anymore, you who has given this crazy tip of deletion: Forgot to google?
look too on ctfmon activity... delete it.

 

On 1/7/2020 at 12:32 AM, siria said:

@3dreal:
There's often some offtopic stuff in roytam's topic here, but this prob of yours is getting so very long now, LOTS of posts about a completely different subject, please consider making an own topic for it!

And no need to google about safebrowsing, it's all just directly in this very topic already:
on this page and the 2 previous ones, you definitely have just read it, so your confusing starts getting slightly weird...
What safebrowsing is about, by VistaLover:
https://msfn.org/board/topic/180462-my-browser-builds-part-2/?do=findComment&comment=1175789
And Kitaro's screenshot with the prefs, you even quoted this image yourself just 5 hours ago!
https://msfn.org/board/topic/180462-my-browser-builds-part-2/?do=findComment&comment=1175859

By default safebrowsing is OFF anyway, but just in case, open about:config and in the filter line type "safebrowsing". Check that everything is set to "false".

NM 27 SSE. safebrowsing: have 2 entries not safebrowsing-term inside- only string and value(link).
Update: Obsolete for NM 27 SSE

 

  • Like 1

Share this post


Link to post
Share on other sites

Deja vu.... again.... again...
Mods, please, split....

Share this post


Link to post
Share on other sites
On 1/15/2020 at 12:40 PM, looking4awayout said:

It is strange that your system freezes entirely when you load MSFN... Take one of the RAM sticks out, maybe you might have bad RAM.

Did you check out the amount of uncorrectable sectors on your HDD? And the pending ones?

you should have replacement sticks. when i tested my 3 slots and exchanged sticks memtest showing always red errore when first slot was full-since also new sticks used it was clear. defective 1st slot. can now only run 2gb ram instead of 3. or using 1x DS and 2x SS 3 gb total.

 

On 1/15/2020 at 3:44 PM, sukistackhouse said:

I will check the sector today and take one memory stick. Currently use a old basilisik version and is working good
 

what is your opininon about this error with aimp fresh install, the spell freaks me out and activate the paranoia.

 

bC3nph1.jpg

 

clean all memory contacts also all others. Videocard, HDD. use a hard erazor-flat roundshaped or whatever matches. a brush to clean and alcohol to further clean them. had to do this service multiple times over the years. maybe PSU is dying. always have a replacement for every hardware. incl. MOBO. saved me often.  otherwise a lot of lost time. are you affected by capacitor plague? google your MOBO on this respect. check your MOBOs-forum also and ask.

Share this post


Link to post
Share on other sites
On 1/13/2020 at 1:32 PM, siria said:

My *really* old browser version allows blocking JIT since years (and JS by default off anyway, or freezing for lack of RAM):
pref("javascript.options.jit.chrome", false);
pref("javascript.options.jit.content", false);

The latter pref is the one you need for general browsing, and it is supported in current browser versions. (AIUI the "chrome" pref is for the JS in add-ons and such.) Sadly, setting this false results in a significantly slower browsing experience here at MSFN.

On 1/13/2020 at 7:05 PM, VistaLover said:

disabling IonMonkey JIT by setting: 

javascript.options.ion;false

will get you covered ;) , but with a (slight) performance penalty

Even this results in a painful performance penalty on my home PC (not the best, but it is a 64-bit dual-core AMD, so it shouldn't be that horrible).

So I think using @roytam1's latest versions (if you can use them), and leaving these prefs at their default, is the best choice.

  • Like 1

Share this post


Link to post
Share on other sites
15 hours ago, Mathwiz said:

So I think using roytam1's latest versions (if you can use them), and leaving these prefs at their default, is the best choice.

I'm glad Mathwiz brings up the IonMonkey type confusion vulnerability again. My question is about PM/NM 27, which was last patched on January 3 (unless my weary eyes missed it) whereas CVE-2019-17026 wasn't announced until January 8. Moonchild did say, "All versions of Pale Moon prior to v28.8.1" are vulnerable, so I assume that includes Tycho unless someone more knowledgeable corrects my misconception - and Tycho does have the javascript.options.ion setting. What to do? :huh:

Share this post


Link to post
Share on other sites

I tried Basilisk 55/Serpent x64, New Moon 28.9.0a1 x64 and KM-Goanna on XP x64 today, but no matter what, I cannot edit my own issues on github.com. Also, the editor is pretty broken so I can't properly write issues either (e.g. the source code button doesn't work).

The fun part is, that this works flawlessly with Palemoon 28.8.0 on CentOS Linux 64-bit! I have no idea why the OS would make a difference here.

I tried faking my user agent to FF 71.0, but this didn't change it either, it just got rid of the "your browser is no longer supported" message on github. Tried FF 52.9.0 ESR as well, no luck. Ancient Chromium 49.x browsers have the same issue on XP x64.

What could I try?

Share this post


Link to post
Share on other sites
1 hour ago, GrandAdmiralThrawn said:

I tried Basilisk 55/Serpent x64, New Moon 28.9.0a1 x64 and KM-Goanna on XP x64 today, but no matter what, I cannot edit my own issues on github.com. Also, the editor is pretty broken so I can't properly write issues either (e.g. the source code button doesn't work).

The fun part is, that this works flawlessly with Palemoon 28.8.0 on CentOS Linux 64-bit! I have no idea why the OS would make a difference here.

GitHub relies way too much on the UA, and none of our browsers provides GitHub with a suitable UA out of the box (or .7z). Well, Serpent 52 does, but only in "native" move (not in FF-compatible mode). So Iset an SSUAO with Serpent 52's native UA string, Mozilla/5.0 (Windows NT 6.1; rv:52.0) Goanna/4.4 Basilisk/52.9.0, for github.com (to be consistent and safe, I also set the same SSUAO for githubassets.com and githubusercontent.com, although I don't think those are strictly necessary).

Note that FF 60.9 also works, but the MCP's latest browsers now default to FF 68.9, which doesn't work (unless you're running a Quantum browser).

It's nonsense like this that makes me somewhat sympathetic to what Google is proposing to do with user agents. Web sites should base their functionality on the capabilities of the browser, not its version or what OS it's running on.

2 hours ago, Vistapocalypse said:

My question is about PM/NM 27, which was last patched on January 3 (unless my weary eyes missed it) whereas CVE-2019-17026 wasn't announced until January 8. Moonchild did say, "All versions of Pale Moon prior to v28.8.1" are vulnerable, so I assume that includes Tycho unless someone more knowledgeable corrects my misconception - and Tycho does have the javascript.options.ion setting.

I've been wondering the same thing. My first thought was that the vulnerability probably affects versions based on FF 49, when the JS engine was rewritten, or later; if so, then FF 45, NM 27, ArcticFox, etc. wouldn't be vulnerable. But as you say, the javascript.options.ion pref does exist in those older browser versions, so I'm not all that confident about that assessment.

  • Like 2

Share this post


Link to post
Share on other sites

I'm not the least bit worried.

All just a bunch of HYPE and HYSTERIA.

NOT worth ANY of the hassle, if you ask me.

Again, I'll stick with my ~28.2.2.

 

*IF* I were worried, I'd just use a VirtualBox guest to do all my browsing.

Share this post


Link to post
Share on other sites
51 minutes ago, ArcticFoxie said:

I'm not the least bit worried.

All just a bunch of HYPE and HYSTERIA.

NOT worth ANY of the hassle, if you ask me.

Again, I'll stick with my ~28.2.2.

 

*IF* I were worried, I'd just use a VirtualBox guest to do all my browsing.

What is the point of refusing to upgrade? Its the same browser, but with security mitigations. 

Share this post


Link to post
Share on other sites
7 hours ago, Mathwiz said:
10 hours ago, Vistapocalypse said:

My question is about PM/NM 27, which was last patched on January 3 (unless my weary eyes missed it) whereas CVE-2019-17026 wasn't announced until January 8. Moonchild did say, "All versions of Pale Moon prior to v28.8.1" are vulnerable, so I assume that includes Tycho unless someone more knowledgeable corrects my misconception - and Tycho does have the javascript.options.ion setting.

I've been wondering the same thing. My first thought was that the vulnerability probably affects versions based on FF 49, when the JS engine was rewritten, or later; if so, then FF 45, NM 27, ArcticFox, etc. wouldn't be vulnerable. But as you say, the javascript.options.ion pref does exist in those older browser versions, so I'm not all that confident about that assessment.

it is proved unvulnerable, at least on ppc. http://tenfourfox.blogspot.com/2020/01/tenfourfox-not-vulnerable-to-cve-2019.html

and nm27 repo had a big front-end merging with arcticfox devel branch, tested with my preliminary browsing test and hope everything works.

Edited by roytam1
  • Like 1

Share this post


Link to post
Share on other sites
2 hours ago, sparty411 said:

What is the point of refusing to upgrade? Its the same browser, but with security mitigations. 

I don't "care" about the SO-CALLED security mitigations.  I run XP, if I "cared" about security I would not be running XP.

 

Aside from that, I have SEVERAL financial web sites that WORK when using 28.2.2 but do NOT work with anything higher.

Yahoo Finance is one of them, the Historical Quotes date can not be set with "new" Pale Moon versions.

Another is Google Spreadsheets, but this nuance seems to be intermittent with "new" but it *ALWAYS* works with 28.2.2.

 

So NO, I have *no need* to "upgrade"  :D

Share this post


Link to post
Share on other sites

new ArcticFox win32 test build is uploaded: http://o.rths.ml/gpc/files1.rt/arcticfox-27.9.19.win32-20200118.7z

- add missing function of Bug 833943, part 3: implement migrator changes (afe3784b9)
- revert default of showQuitWarning because it exposes a bug which corrupts the profile or session storage (654629d67)
- add missing function of Bug 833943, part 3: implement migrator changes (a01cfc753)
- Merge pull request #53 from rmottola/master (270a63dc0)
- Update win32 arctic fox icon from grey to blue (9b7ec8bbf)
- Merge pull request #22 from wicknix/master-good (108c07611)
- Bug 887167 - Undo global-scope pollution from browser-plugins.js. r=jaws (cc0fd90fb)
- Bug 916276 - Remove dead click-to-play code. r=gfritzsche (fd96f08c9)
- Bug 959061 - Have only one "Chinese, Simplified" item in the Character Encoding menu. r=Unfocused. (f484c2f82)
- Merge remote-tracking branch 'upstream/master' into fix-winbuild (aa8adc078)
- Bug 956657 Share more charset menu code between the view source window and the browser r=Unfocused (b681e424e)
- remove duplicate and obsolete CharsetMenu.jsm (30644c91b)
- also remove CharsetMenu.jsm from browser/modules/moz.build (d986fc2ff)
- Merge remote-tracking branch 'upstream/devel' into fix-winbuild (b8fc75f58)
- Update win32 arctic fox icon from grey to blue (6727e1e24)
- Goanna->Gecko:  GoannaMediaPluginService & GoannaTouchDispatcher (1e10799bf)
- Goanna->Gecko:  GoannaProcess (dd671240a)
- Goanna->Gecko: goannamediaplugin (2a9423ba6)
- Goanna->Gecko: GoannaContentController (62e7c2f5f)
- Goanna->Gecko: GoannaProfiler & GoannaTaskTracer (376c45a3c)
- remove mobile-android (cf8ef1e27)
- remove also android examples (94f68c0e5)
- remove android mozglue (d0114f339)
- Bug 927174 - Add a "More Info..." link to the plugin click-to-activate panel which links to SUMO, r=jaws (3b2bd0364)
- Bug 853694 - Cannot send crash reports for click-to-play plugins. r=jaws (424fee753)
- Fixup for bug 927174 - use the preexisting app.support.baseURL pref instead of a custom one (c256b1dda)
- remove specific Pale Moon plugin show preference (f35b3dcfe)
- Bug 926605 part A - When a plugin is removed from a page, continue showing it in the plugin doorhanger, to deal with the cases where the site removes a plugin immediately after trying to use it, r=jaws (f94ba6aa1)
- Bug 926605 part B - automatically refresh the page if the users chooses to enable a plugin but its no longer on the page, r=jaws (afbe91c00)
- Bug 745187 - Don't introduce a delay notifying the frontend about new plugins added to the document, because script may immediately remove them from the page. To fix the delayed layout of XBL, introduce a separate method to calculate the notification icon visibility, r=jaws (f926e6691)
- Bug 934503 - Activated hidden plugins should not show the hidden plugin notification icon, r=jaws (eda3e525a)
- Bug 943383 - Fix state not being remembered in click-to-play doorhanger. r=jaws (7c0c650ab)
- Bug 919493 - browser-plugins.js should call openUILinkIn rather than openURL. r=gavin (acdbd1f5b)
- Bug 920927 - Fix plugin overlay handling. r=neil (408049b33)
- Bug 853973 - If a plugin is overlayed by other content on the page, then treat it as a hidden plugin: hide the overlay and present the infobar for click-to-play or crashed plugins, r=jaws (c6e05e285)
- Bug 745187 part B - If a plugin is already activated, don't refresh the page. (45c25b4c4)
- Bug 932786 - CTP doorhanger does not update to show the new plugin state after the user clicks allow or block; update pluginInfo.fallbackType with the new state in gPluginHandler._updatePluginPermission, r=keeler (173877a4c)
- Bug 933935 - Strip parentheticals when making nice plugin names, r=dolske (ca864bfda)
- Bug 932854 - when a site uses a hidden plugin, show a notification bar to aid discoverability. This patch, suitable for trunk and branch, uses existing strings which are not ideal. r=jaws (960afd793)
- Bug 932854 - trunk-only patch to use new strings for the buttons, r=jaws (cb7298542)
- Bug 932832 - click-to-play not discoverable for Google Hangouts video plugin because it is positioned at -40000,-40000. Check for positioning and treat this as a hidden plugin, r=jaws (58fcb3630)
- Bug 957922 - aBrowser is null in _setPluginNotificationIcon. r=jaws (b4e9d608b)
- Bug 896418 - Improve naming for CtP popupNotification centerActions. r=jaws (83ccc1249)
- Bug 968762 - Plugin overlays are not displayed if plugin element is not fully in scroll view. r=jaws (d6d9dd6a6)
- Bug 921730 - "The plugin is disabled" placeholder cannot be closed. r=jaws (69fafe078)
- Bug 977543 - CTP overlay is not displayed for iframes/embedded videos. r=jaws (248147557)
- Bug 981237 - Remove DataContainerEvent dependency from Plugin crash handler. r=jst,johns (6f8f2bcd2)
- Bug 914753: Make Emacs file variable header lines correct, or at least consistent. DONTBUILD r=ehsan (24bf47cf5)
- missing part of Bug 914609 Consistently use plugin placeholder anonymous element anonids r=jaws (38e6a8544)
- Bug 1009760 - Support displaying of crash notification for GMP plugins. r=gfritzsche (fb3107e97)
- Bug 1043531 - Let frontend deal properly with PluginCrashed without a browser dump id. r=ttaubert (5a22dce15)
- Bug 1045500 - Skip processing the plugin name for plugin crashes in the front-end for GMP plugins. r=ttaubert (c8b06b515)
- Bug 899347 - [e10s] Make click-to-play work with e10s. Originally written by mbrubeck. r=gfritzsche,felipe,Unfocused. (1a6c3fc20)
- add parts of Bug 839206 - Replace plugin installation notification bar with door hanger -- silences some errors even if it doesn't work (270faecf2)
- Merge remote-tracking branch 'upstream/devel' into fix-winbuild (756326bf2)
- Bug 1161928 - Add assertions to ensure tab restoration methods are used correctly r=billm (ee15e5aa2)
- Bug 1143720 - Remove support for old FormData, PageStyle, and ScrollPosition formats r=smacleod (45b034524)
- Like in FF and TFF, remove browser.sessionstore.max_concurrent_tabs (e28c650d5)
- Bug 1142542 - Use AppConstants in browser/modules (r=gavin) (80d7cc617)
- Bug 942374 - Enable session restore for electrolysis (r=ttaubert) (47dbafef9)
- Bug 1160098 - XULElement::LoadSrc() should check whether we successfully created a new frameLoader before trying to call SetIsPrerendered() on it r=smaug (ca804e437)
- Bug 873556 - Add a timestamp to closedWindows and closedTabs. r=ttaubert (c90c85d09)
- update (7066e48b1)
- Merge remote-tracking branch 'upstream/devel' into fix-winbuild (3938630f3)
- Bug 1132874 - Improve protections against sending a parent plugin protocol shutdown message to the child after the child has torn down. r=aklotz (b80b45fa7)
- Bug 1103036 - Follow-up to initial patch; r=jchen (51337c2dc)
- Bug 1132874 - Simplify PPluginWidget protocol handling, and avoid sending async messages from the parent. Addresses a problem with sub protocols that are torn down randomly from either side of the connection. r=aklotz (3ad936e84)
- Bug 1128214 - Avoid a crash when attempting to render windows titlebar specific theme elements with e10s. r=roc (b6f17da09)
- Bug 1139368 - Set FilterTypeSet dependency in improveThisTypesForCall. r=h4writer (422de7271)
- update (c47679472)
- Bug 864041 - Remove Firefox 2+3 compat code from about:sessionrestore. r=mak (4cfc6fe9a)
- Bug 1009599 - Restoring from about:sessionrestore fails when there is more than one tab in the window r=smacleod (88ca1cfbc)
- Bug 1146052 - Fix empty about:sessionrestore after crash as well as empty about:welcomeback after resetting the profile r=smacleod (211b50396)
- Bug 1043797: extended popup notifications to create a generic doorhanger for all security notifications incl. mixed content r=adw (f7c2d5ded)
- Bug 900845 - We aren't using the NetUtil module in SessionStore.jsm. (3f5ddd133)
- Bug 898755 - Remove _resume_session_once_on_shutdown code from SessionStore; r=yoric (eb159fec9)
- Bug 902727 - [Session Restore] Remove legacy _writeFileEncoder; r=smacleod (8e375c529)
- space cleanup (cbd71ce91)
- delete patch file (9b9215a31)
- Bug 968923 - part 1 - add infrastructure for defining use counters from UseCounters.conf; original-author=heycam; r=heycam,gfritzsche,mshal (d0dea9997)
- Bug 968923 - part 2 - change MappedAttrParser to store a nsSVGElement directly, instead of its nsIPrincipal; r=smaug (4eff86d7f)
- more stuff to do (d5b1b1df5)
- Merge branch 'devel' of https://github.com/rmottola/Arctic-Fox into devel (feb4378e6)
- Merge remote-tracking branch 'upstream/devel' into fix-winbuild (1907417c1)

Edited by roytam1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...