ArcticFoxie/NotHereToPlayGames -- 360Chrome v13.5.2044 rebuild 2

[Dixel]

7 hours ago, NotHereToPlayGames said:

1030 has always been my preference

That's what I always told you! As for the fetching, China and Russia, they all have their own forged certificates - which aren't valid all over the world, obviously.

Of course they are fetched from different sources, not the official ones.

[Cocodile]

9 hours ago, NotHereToPlayGames said:

2044 (and 2036, perhaps even 2022) has been found to occasionally ping (seemingly) "fake" certificate 'updates' via HTTP.

This browser doesn't fetch certificates (don't know the origins of it, China?), it is based on Chromium 92, the name is Brisk Bard 2.6.0 .

it works on Vista without mods or patches, could you try, perhaps it works on XP, too! You will need to update the engine on 360Chrome soon anyways.

As proof, look at the UA, which tells it runs on Vista. 

 

[NotHereToPlayGames]

2 hours ago, Cocodile said:

You will need to update the engine on 360Chrome soon anyways.

That is a matter of opinion and this thread is not about the "age" of the engine, this thread is not about the "age" of the OS, et cetera.

[D.Draker]

3 hours ago, NotHereToPlayGames said:

That is a matter of opinion and this thread is not about the "age" of the engine, this thread is not about the "age" of the OS, et cetera.

He didn't write anything about "OS age", and I think we need to welcome when people take their time to help finding new browsers that would work on XP (which is this thread is about).

"Browsers working on Older NT-Family OSes"

[NotHereToPlayGames]

3 hours ago, Cocodile said:

This browser doesn't fetch certificates

It fetches "something"!  At the very least, it does upon first launch.  Did not check consecutive launches.  Aborted before even lettting it complete the 14 MB download.

Edited October 30, 2023 by NotHereToPlayGames

[NotHereToPlayGames]

1030, 2022, 2036, and 2044 all ping these "certificates".  Upstream, Russian Repack, my releases, and Humming Owl releases (13.0.2250 and 13.0.2310).

The good news is that they are only "pinged", the browser as a "portable" cannot interact with the OS in a way that an "installed" browser would be able to.

Those that do not clear their cache with each and every browser exit may have had these "pings" only upon creating their profile afresh.

These are the pings I've witnessed thus far, likely more -

ht-tp://apps.identrust.com/roots/dstrootcax3.p7c
ht-tp://cacerts.digicert.com/CloudflareIncECCCA-3.crt
ht-tp://cacerts.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crt
ht-tp://cacerts.digicert.com/DigiCertGlobalRootG3.crt
ht-tp://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt
ht-tp://crt.e2m02.amazontrust.com/e2m02.cer
ht-tp://crt.rootca3.amazontrust.com/rootca3.cer
ht-tp://crt.usertrust.com/USERTrustECCAddTrustCA.crt
ht-tp://e1.i.lencr.org/
ht-tp://secure.globalsign.com/cacert/gseccovsslca2018.crt
ht-tp://x2.i.lencr.org/
ht-tp://zerossl.crt.sectigo.com/ZeroSSLECCDomainSecureSiteCA.crt

 

1030 will be fixed first.

[NotHereToPlayGames]

1 hour ago, D.Draker said:

"Browsers working on Older NT-Family OSes"

By all means, create a thread for any-and-all.  Just as Astro likes his threads to stay on point, I fail to see how Brisk Bard 2.6.0 pertains to "360Chrome v13.5.2044 rebuild 2".

Sure, there might be a case to be made for not having a 2044 thread, a 2036 thread, a 2022 thread, a 1030 thread.  But I do that for a reason and forum "activity" will/should roll the old off of "page 1" and keep the "active" at the top.

At least, that's what I'm used to, I have this forum so heavily style-sheeted that I have no clue what it's supposed to look like, lol.

The just-discovered .crt/.cer/.p7c "pinging" does affect *ALL* versions of 360Chrome (mine, Humming Owl, Russian Repack, upstream).

But I maintain that for the most part, issues with 2044 have no bearing on 1030 so issues with 2044 should be contained within the 2044 thread.  Et cetera.

That was the intent at least.  I say that being a "rare user" of Serpent 52 and New Moon 27/28.

Being a "rare" user, I don't read that thread daily/weekly.  And jumping in once a month is a NIGHTMARE to get one's self "caught up" on Serpent 52 when several other browsers are discussed all within the same exact thread.

BOTH approaches are perfectly valid, of course.  We all have our own opinions re: thread-count (and forum trolling, I see them as related due to the "parties" that say "this" versus "that").

"Opinions are like butts.  We all have them, doesn't mean we all want to hear them."

[NotHereToPlayGames]

10 hours ago, NotHereToPlayGames said:

ht-tp://apps.identrust.com/roots/dstrootcax3.p7c
ht-tp://cacerts.digicert.com/CloudflareIncECCCA-3.crt
ht-tp://cacerts.digicert.com/DigiCertGlobalG3TLSECCSHA3842020CA1-2.crt
ht-tp://cacerts.digicert.com/DigiCertGlobalRootG3.crt
ht-tp://cacerts.digicert.com/DigiCertTLSHybridECCSHA3842020CA1-1.crt
ht-tp://crt.e2m02.amazontrust.com/e2m02.cer
ht-tp://crt.rootca3.amazontrust.com/rootca3.cer
ht-tp://crt.usertrust.com/USERTrustECCAddTrustCA.crt
ht-tp://e1.i.lencr.org/
ht-tp://secure.globalsign.com/cacert/gseccovsslca2018.crt
ht-tp://x2.i.lencr.org/
ht-tp://zerossl.crt.sectigo.com/ZeroSSLECCDomainSecureSiteCA.crt

 

FALSE ALARM !!!

I've just witnessed the same pings on another computer that has never had any version of 360Chrome ever installed!

I don't really know "how" XP x64's certificate store is "updated" and it seems these pings are "normal", I've just never seen them before.

[NotHereToPlayGames]

And perhaps more importantly, those are all US DOMAINS.  No need to throw in the geopolitical "speculatives".

[dmiranda]

may be some apps in the system calling back for (system) cert renewal on connection? I used to block digicert systemwide (commented about it in some of the first threads of royatm's browsers). I kept the block until I couldn't hold it anymore: damn thing is like gg, probably a subsidiary.  so I'm nowadays more selective in scope. Those system certificates are a funny thing, to be sure. I once picked a little known thing called omniroot in my system certificate list. Its poor (ludicrous or nonexistent) public credentials made me realize how little it took to be able to monitor the unsuspecting. I don't mind. I use 9.9.9.9 extra secure for DNS calls (as first suggested, that I noticed in these forums, by @nicolaasjan).

Edited October 31, 2023 by dmiranda

[rereser]

maybe this windows setting has something to do with those "pings".
control panel / add or remove programs / windows components / update root certificates.
i remember seeing an error in event viewer with this setting checked.

Edited October 31, 2023 by rereser

[NotHereToPlayGames]

2 hours ago, rereser said:

control panel / add or remove programs / windows components / update root certificates.

Quite possible.

I did have that checked and now have it unchecked.  Will monitor over the next few days and see if those pings are gone, my network traffic is always logged, if the computer is "on", the network is LOGGED.

I can report that this is NOT a 360Chrome issue and these are US DOMAINS.

It also seems to be XP Only.  I've not yet witnessed these in any of my Win10 machines.

I suppose what is happening is that a certificate is trying to update, it FAILS, so it tries again after a set time interval or with the next reboot or something.

I personally feel that the whole cert BS is just as INSECURE these days as HTTP versus HTTPS was in the 90s.

The "padlock" in a web browser address bar is WORTHLESS these days.  Long gone are the days where it was only your BANK that used HTTPS.

These days, MALWARE DISTRIBUTION web sites "miraculously" always always ALWAYS have a "secure padlock", even in XP, but web sites like MSFN do not.  So seriously, why even "look" at that browser padlock?  Hmmm...

[NotHereToPlayGames]

1 minute ago, NotHereToPlayGames said:

I did have that checked and now have it unchecked.  Will monitor over the next few days and see if those pings are gone

That didn't take long.  I rebooted after unchecking and they are still showing up in my logs.  Adding them to my HOSTS file.

[UCyborg]

Your certificate store is outdated, that's why MSFN isn't green, which it normally is, even on XP. Outdated store also means it doesn't have information about revoked certificates, so it could be showing green when it normally wouldn't.

Windows normally pulls CA certificate from MS servers when you visit particular website, since that doesn't work on XP anymore, folks were updating them manually, which has a side effect that you get all CA certificates MS has, while you would only have a fraction of them normally, depending on what sites you visit.

Common sites still seem to use compatible algorithms, so a good chunk of them still show normally.

But when my bank still required certificate for personal identification few years back, all I got in 360Chrome was Chinese error when visiting the site, I couldn't copy it anywhere to see what it means, making the browser useless for banking, so it was Mozilla to the rescue. Back then there was only Russian repack of the 360Chrome if I recall correctly.

This is the big reason why I thought for quite some time in my mind that there are better browsers out there, incomprehensible errors are off-putting to the end user and so are empty error pages with only a numeric code in URL bar.

[NotHereToPlayGames]

I've been reluctant to perform any of the "manual" updates for XP's certificate store.  I kind of remain reluctant.

I guess even moreso now that I don't "rely" on XP nearly as much as I did a year ago.

I guess to me, 360Chrome has served its purpose (ie, buy some time while tweaking Win10 to my satisfaction).