Jump to content

My Browser Builds (Part 4)

roytam1
 Share

Recommended Posts


Mathwiz

Mathwiz

Posted
Posted
2 hours ago, VistaLover said:

the @Mathwiz solution has already made it there

Wow - I'm famous! :lol:

It is admittedly odd that to date, no one has encountered this issue at another site. Self-referential Javascript objects can't be that rare; otherwise Andri Möll wouldn't have felt the need to create the code necessary for the fix in the first place.

Since their merger with JP Morgan, Chase has been one of the biggest banks in the US, so I'd be surprised if no one with the necessary expertise has an account there. (Internationally, I understand, is a rather different issue.) Perhaps the polyfill I cobbled together from Möll's and @UCyborg's code, or at least the ideas behind it, could be rewritten in C++ for a native structuredClone implementation, and then tested by other Chase account holders who frequent the official PM forums.

2
Link to comment
Share on other sites
MilkChan

MilkChan

Posted
Posted

I've tested Discord. I tried to enter Voice Chat, but I can't seem to get in, and the official version seems to have issues as well.
And I try to unmute Discord and it says unsupported browser
A friend of mine got this problem as well on Mypal68.

spacer.png

Is there currently a workaround?

 

Link to comment
Share on other sites
UCyborg

UCyborg

Posted
Posted (edited)
On 10/20/2023 at 4:44 AM, Mathwiz said:

I never bought the excuse that 2FA using email or (especially) SMS just wasn't "secure enough." They're secure enough for banking and Web mail sites!

My bank requires dedicated 2FA app, either HID Approve or bank's own Android app. HID Approve is available for Windows 10+ in addition to Android version. You have to confirm login with the code you've set when you've setup the app after you try logging in with user name and password.

Another bigger bank here only has a smartphone app as an option to access the web interface and consequentially to do any online banking at all. Accessing the web interface is super convoluted from what I've seen, after you enter user and pass, you put in the one-time password generated by the app, then you have to confirm with two other codes...at least I think there were two. What I remember the app has two types of code, normal OTP and another signing code, which works by the principle of challenge-response, get one code on one end and enter it in the app to get the final code.

But you only have to deal with one numeric code (password) you've set at the beginning if you do everything from the smartphone app.

Edit: I'll just add correction here about the bigger bank instead of editing inaccurate original writing due to not remembering exact details, on the website, you're prompted for a user name and one-time password (no normal password here) from the mobile app, when you're in, the site gives you a numeric code, which you input into the app to get the final code. The only caveat, each time the mobile app is about to give you any code, you have to confirm with the code you normally login to the app.

Edited by UCyborg
Link to comment
Share on other sites
UCyborg

UCyborg

Posted
Posted (edited)

Yay, another broken website: https://apps.microsoft.com/

SyntaxError: await is a reserved identifier

Edit: So much issues reported on the Web Compatibility forum on Pale Moon. You know, people on these rotten planet really should slow down and take a good look at where bloody hell they are. But no, they're like hamsters on the spinning wheel. Just keep on spinning and spinning. They smell the cheese and keep chasing it.

Edited by UCyborg
Link to comment
Share on other sites
roytam1

roytam1

Posted
  • Author
Posted
52 minutes ago, UCyborg said:

Yay, another broken website: https://apps.microsoft.com/

SyntaxError: await is a reserved identifier

Edit: So much issues reported on the Web Compatibility forum on Pale Moon. You know, people on these rotten planet really should slow down and take a good look at where bloody hell they are. But no, they're like hamsters on the spinning wheel. Just keep on spinning and spinning. They smell the cheese and keep chasing it.

because it is hard to implement in current codebase: https://repo.palemoon.org/MoonchildProductions/UXP/issues/2229

3
Link to comment
Share on other sites
VistaLover

VistaLover

Posted
Posted
11 hours ago, MilkChan said:

I've tested Discord. I tried to enter Voice Chat, but I can't seem to get in, and the official version seems to have issues as well.
And I try to unmute Discord and it says unsupported browser
...
Is there currently a workaround?

Personally, I avoid Discord with a passion, because it really is unsuitable for old/under-resourced H/W like the one I'm currently on :( ... Additionally, all these Chrome-targeting chat services run sub-optimally on UXP, even on recent/supported H/W...

Your main query has been answered here many a times, and (besides Discord) also encompasses similar services - Discord uses WebRTC for its audio and/or video features:

https://sukhadanand.medium.com/how-does-discord-scale-to-5-million-concurrent-users-ed0874063fd

but WebRTC, since the very beginning, was never supported by upstream in their PM browser (the same stands true for NM28); Serpent 52/55 do come with WebRTC enabled but, the last time I heard, their implementation is still eons behind the current iteration Discord etc. feel comfortable with... TL;DR: Discord are right from the start: Unsupported browser :( (you can still use text-based functionality, though) ...

Since you appear to be on Win11, plenty of "workarounds" are available to you, just not for a UXP-based browser...

3
Link to comment
Share on other sites
MilkChan

MilkChan

Posted
Posted
38 minutes ago, VistaLover said:

Personally, I avoid Discord with a passion, because it really is unsuitable for old/under-resourced H/W like the one I'm currently on :( ... Additionally, all these Chrome-targeting chat services run sub-optimally on UXP, even on recent/supported H/W...

Your main query has been answered here many a times, and (besides Discord) also encompasses similar services - Discord uses WebRTC for its audio and/or video features:

https://sukhadanand.medium.com/how-does-discord-scale-to-5-million-concurrent-users-ed0874063fd

but WebRTC, since the very beginning, was never supported by upstream in their PM browser (the same stands true for NM28); Serpent 52/55 do come with WebRTC enabled but, the last time I heard, their implementation is still eons behind the current iteration Discord etc. feel comfortable with... TL;DR: Discord are right from the start: Unsupported browser :( (you can still use text-based functionality, though) ...

Since you appear to be on Win11, plenty of "workarounds" are available to you, just not for a UXP-based browser...

This is the main computer. which I use to write patches for xp/2k/2003/x64
Thank you for your help.

2
Link to comment
Share on other sites
roytam1

roytam1

Posted
  • Author
Posted
13 hours ago, roytam1 said:

by the way regarding to structruedClone() there is some changes coming up in mind:

https://bugzilla.mozilla.org/show_bug.cgi?id=1441141#c17

https://bugzilla.mozilla.org/show_bug.cgi?id=1476955#c9

https://bugzilla.mozilla.org/show_bug.cgi?id=1538622#c4

I wonder if applying them may help or not.

later 2 are applied to my custom branch, structuredclone() of circular referencing object seems working (object taken from https://stackoverflow.com/a/1493501 for testing)

I need someone to test chase with http://o.rthost.win/basilisk/basilisk52-g4.8.win32-git-20231021-3219d2d-uxp-dd9eca1b39-xpmod.7z and replace mozjs.dll with http://o.rthost.win/basilisk/mozjs52-custom-20231022-rev-88e66e9b.7z to see if it can solve the problem.

3
Link to comment
Share on other sites
Mathwiz

Mathwiz

Posted
Posted (edited)
8 hours ago, UCyborg said:

My bank requires dedicated 2FA app, either HID Approve or bank's own Android app. HID Approve is available for Windows 10+ in addition to Android version. You have to confirm login with the code you've set when you've setup the app after you try logging in with user name and password.

Well, I stand corrected. Chase is fine with SMS (or even a browser cookie, which isn't actually all that secure, since it can be moved from one machine to another relatively easily, at least on Firefox-based browsers) being the second "factor," and I think most US banks are similar. They want security, but not at the expense of convenience for their customers, and this is the compromise they arrived at.

But it probably varies from country to country since banking regulations would also vary.

Chase is also not very consistent. I have an old Android 6 phone. Chase long ago blacklisted their Android 6 app (presumably because Android 6 was deemed "not secure enough") but they're perfectly fine with Chrome 106 on that same phone.

All that said, I still believe that making it a hassle to sign out and back in was a motivating factor behind Github's decision to require what I call "burdensome" 2FA.

7 hours ago, UCyborg said:

Yay, another broken website: https://apps.microsoft.com/

SyntaxError: await is a reserved identifier

Yes, I get that message too, plus "caches is not defined." (At least it's not "define is not defined" as I was getting for a time at Chase!)

But isn't that the M$ app store? Yeah, it'd be nice if it worked, but not much use for it on XP or Vista (or even Win 7, for that matter).

OT: M$ "apps" are yet another step in the "Androidification" of Windows. So much of Windows 11 was redone to resemble Android (e.g., the new "Open With" dialog), I'm just wondering when Google and Micro$oft will officially announce the merger.

3 hours ago, roytam1 said:

I need someone to test chase with http://o.rthost.win/basilisk/basilisk52-g4.8.win32-git-20231021-3219d2d-uxp-dd9eca1b39-xpmod.7z and replace mozjs.dll with http://o.rthost.win/basilisk/mozjs52-custom-20231022-rev-88e66e9b.7z to see if it can solve the problem.

Since I'm the one who raised the issue, I'll perform the test, although it appears @tvholic already tried without success. But maybe I can shed more light on the issue. Edit: Looks like the same message as before:

Quote

Timestamp: 10/22/2023 1:54:25 PM
Error: DataCloneError: The object could not be cloned.
Source File: https://static.chasecdn.com/web/library/@webchan/cxo-host-app/1.15.43/33.d848b99ac7fbd9417767.js
Line: 1

Those fixes didn't seem to cause any harm, although they didn't fix the Chase issue. So they still may be worth including in the next release. OTOH, they may complicate things if upstream actually does fix the Chase issue at some point.

Edited by Mathwiz
2
Link to comment
Share on other sites
Mathwiz

Mathwiz

Posted
Posted
On 9/18/2023 at 5:51 PM, VistaLover said:

FWIW, Fx-116.0.3, launched via its "zip" version (extracted from its EXE installer), runs fine on my sister's Win7 SP1 x64 laptop - but, most sadly, 116.0.3 doesn't contain the libwebp patch, so I had her back on 115.2.1

OT: MSFN's Win 7 forum has a link to a Nightly version of FF 117 that runs on Win 7. Presumably, it has the WebP fix, but I don't know how to confirm that for sure. 117 Nightly might not be worth keeping anyhow, though, by the time we get to 115.9 (or wherever the ESR release tops out), unless it happens to support some new Googlism or Mozilla-ism that becomes ubiquitous. Probably won't know either way for a few years.

Link to comment
Share on other sites
VistaLover

VistaLover

Posted
Posted (edited)
1 hour ago, Mathwiz said:

has a link to a Nightly version of FF 117 that runs on Win 7. Presumably, it has the WebP fix, but I don't know how to confirm that for sure.

OT: I seriously doubt that Firefox Nightly 117.0a1 build you reference has the "WebP patch"; 

https://thehackernews.com/2023/09/mozilla-rushes-to-patch-webp-critical.html

CVE-2023-4863 landed on Mozilla Firefox 117.0.1, this is the stable/release channel of the browser, coming after initial stable release 117.0; 117.0.1 was what's "affectionately" called by Mozilla a "chemspill" release,

https://wiki.mozilla.org/Release_Management/Chemspill

i.e. the patch wasn't extant in the "upper" unstable channels (beta/dev, nightly) when it was first applied in their trees; at the time Fx stable was on v117.0, beta/dev was on v118.0b and nightly was on v119.0a1 - too late for deprecated 117.0a1 builds, which had served their purpose when the WebP vulnerability was made public...

Last moment (before submission) addition:

I located the post you mentioned:

https://msfn.org/board/topic/185870-i-found-the-latest-build-of-firefox-nightly-that-works-on-windows-7/?do=findComment&comment=1253973

If you notice the Mozilla FTP link contained there, the Nightly 117.0a1 build you talked about has a build date of 2023-07-14, thus it doesn't contain the WebP fix, which was only applied on 2023-09-12 (two months after :P that build was compiled+uploaded) ...

Edited by VistaLover
2
Link to comment
Share on other sites
Mathwiz

Mathwiz

Posted
Posted

That's helpful. I had forgotten that the WebP bug wasn't even publicly acknowledged until 9/11. That makes 117.0a1 even less desirable, even if it (technically) runs.

Sorry for the OT; we now return you to your regularly scheduled @roytam1 browser coverage....

1
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...