If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
MSFN down?
Mayayana wrote:
In my experience, userAgent sniffing for no good reason has become an increasing problem, so it's a good idea to spoof that. It was a quick and very easy way to determine if the client supported functionality the site needed, or would prefer to use, to present the content how they wanted. Say you want to use VP9 on your site (see https://en.wikipedia.org/wiki/VP9). That didn't get support in a released version of Google Chrome until 25. Maybe something in VP9 was needed that wasn't supported back in VP8 when support got added back in Chrome 15. Even if it was, VP support wasn't added until Chrome 15. If the visitor was using Chrome 14, the UA would quickly tell you that you either had to adapt to the client (present the content somehow differently), or tell them then needed a newer or minimally versioned web client. It would take more code, testing, and debugging to add code to test the feature set of the client than go by a table of client versions knowing when a function got supported. It's easier driving down the street to use the house numbers to find an address then have to stop by each house, ring their doorbell, and ask them their address. I don't see the UA header was a bad idea. It was simply a lookup table. However, it was when web clients were allowed to lie (spoof) the UA header that the visitors ****ed up the table lookup, so something else was needed, and that something else is more complicated. Sometimes you can query the client as to which features they support, but that's more code than looking at the UA header already sent to the server. Sometimes you have to figure out how to write code to test if the web client will support a feature. Sure, if web browsers never changed then the UA header would've never been needed, and we'd be back on Mosaic 0.5 of 27 years ago. That didn't happen. Because web browsers added more features along with support with new standards that the UA header became necessary. Perhaps you forgot how Microsoft attempted to wrest users to using their Internet Explorer and force web authors to either develop their site for other clients, only for IE, use the UA header to let the server select which version of a document to deliver to the client, or create a ****ing mess in the web document's scripting trying to query the web client as to who it is which is making the web document try to adapt to multiple different web clients (but not compliant to all of them). Microsoft wasn't the only one doing it their way making it necessary to determine which version of a web document to deliver to the web client or using scripting to adapt a web document to the client. It wasn't just about a difference in features between clients, but also differences in how they behaved for the same HTML tag. Without the UA header, the growing pains would've been far worse and the Web would've floundered a lot longer while not yet ready for mass consumption. So, instead of making it easy by enforcing clients to correctly identify themselves via the UA header, we end up with web documents using scripting to identify the client after delivery, like using javascript:alert(navigator.userAgent) and then a code block to select which part of the web document gets rendered. Of course, those that disable Javascript in their web client thwart the document-centric discovery method, and hope the site hasn't fully deprecated the abused UA header as to completely ignore it. Back then, web clients did not respond to inquiries regarding their feature set, so the UA header afforded that identification. It is still far easier to use the UA header (that all web clients send, anyway) to use a lookup table to determine if the client will support some or all functionality employed at web sites. Sites tend to grow into newly standardized functionality. Users can be slow to update, especially if still lingering on old versions of an OS. The UA header, something required (well, strongly recommeneded) by RFC for the client to send to the server, means the server can use a lookup table to detemine which version of a web document to deliver to the client. Too bad web clients were allowed to subvert client identification by allowing those web clients to lie. If web clients were not allowed to lie in the UA header, the UA header would've remained an easy way to identify the client to know what the server should deliver. A good thing based on a trust model will get abused making necessary other measures to identify the web client. If everyone down the block removing their house numbers and all used the same house number, how would you find a particular person on that block? With the home owners are allowed to lie about their address, something else and more complicated is needed for identification. Yep, a trust model that would've been sufficient if not for the abuse. Yes, there have been problems when a new version of a web client gets released whose UA string has not been known before. Same for new web clients that get introduced that have their own UA header. Takes time for sites to update UA tables to include changed strings for new versions or new clients. Almost seems a UA string authority is needed to which every web client author must register their UA string for every old and new version of their product. Uh huh, like that would happen. Web client authors would bitch their release gets slowed because they have to wait for UA registration, and someone else is involved in the release of their product. Imagine what would happen with the same attitude toward domain registration or site certificates. Those would become worthless. That's what happened with the UA header because there no authority regulating and recording the UA headers, but just a bunch of independents trying to provide tables of UA strings for what they know about at the time. For a little history, see: What a ****ing mess from each wanting to do it their own while impersonating others, and all because there was never an UA authority regulating the definition of UA strings. |
Ads |
#17
|
|||
|
|||
MSFN down?
On Sat, 19 Sep 2020 at 10:35:58, VanguardLH wrote:
"J. P. Gilliver (John)" wrote: [] I wasn't suggesting that as the first step; I'd want to know more about what the problem is. I was just saying that if you _do_ get to the stage where disabling extensions is the next thing you're going to try (and I agree on the whole with Mayayana that that tends to be a shot-in-the-dark exercise, like reboot-your-machine or reboot-your-router), I _wouldn't_ disable them all, then turn them back on one at a time: I'd disable _half_ of them, and proceed with a binary search. _If_ the problem _is_ an extension, a binary search (for which one it is) needs fewer tries than doing them one at a time. (And I added that you should note which ones you've disabled, as Firefox at least changes the order they're listed in if some are disabled.) The problem could be conflicting extensions. With a binary approach, you may not end up testing the two conflicting extensions together until late, and then you have to start a binary test with different sets starting with most of them until you found the two that conflict. I did wonder about mentioning the case of extensions that interfere with each other; I decided not to complicate things at that point. Binary sounds great if you have dozens of extensions. I only have 5: [] use with a bookmark's keyword), and uBlock Origin. How many do you have? If you only have 5, then a binary search won't save much time (or any if some interact). How many do I have? Let me look: in my Firefox 27, 61 plus 6 disabled (I had no idea I had that many!); in my self-updating Chrome, 13 (most of which are fairly trivial, like one to give me the title bar information that Chrome decided to kill, a Javascript toggle, and so on). However, I can't remember the last time I investigated a problem by playing with disabling extensions (certainly not for some years): if something doesn't work in Firefox 27, I just assume it wouldn't work in it even with no extensions because it's so old, and try in Chrome instead. (And I don't think I've ever tried messing with them in Chrome; if something doesn't work there, I generally give up.) One of the reasons I went with Firefox is it has options that are not available in Google Chrome unless you add extensions to cover the deficiencies. For example, in Firefox, you can configure new tabs get immediate focus, not loaded in the background. With Google Chrome, you need an extension (e.g., Tabs to Front) for that. Sounds fair. If testing is to check if one, *or more* (might not just be one), extensions are causing a problem, seems obvious the first step in that process is to disable them all instead of hunt them down halved at a time. If nothing changes after disabling all the extensions, you don't have to waste any further time on binary or linear testing of Agreed, if I _was_ trying that as a diagnostic aid, I probably _would_ try all-off first, just to prove to myself that it _was_ an extension that's the source of the problem. (Though as Mayayana says, "the problem is one of your extensions" has elements of laziness on the part of the "helper".) If turning all off _did_ clear the problem, I might re-enable them in a binary manner, though - assuming I actually wanted enough to find the cause; if it was just a matter of making one particular webpage work, it would depend if I just wanted to use that page once, or frequently. extensions. If the problem disappeared after disabling all extensions, then how you test further each extension depends on how many you have. I can't see a binary search (that you'll have to track which sets you tested) is going to be much faster testing one at a time unless you're a whore for extensions (wink wink). I seem to be (-: -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf Enjoy life now - it has an expiration date |
#18
|
|||
|
|||
OT - the "too solid goof" or bing the 2% occurance was MSFN down?
"Mayayana" on Fri, 18 Sep 2020 20:39:40
-0400 typed in microsoft.public.windowsxp.general the following: MS people are even worse in their groups. Profuse thank yous, followed by a request to restate the question, followed by more nonsense, then eventually an answer that the question must be asked in a different group.... But have a super day and thank you so much for your question!! On a tangent, I went round and round with MS tech support because I couldn't establish a new user account on my computer. Wound up downloading the 3.3 gigs of ISO image. Checking the registry HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CurrentVersion\ProfileList. I only had five entries, and was I was missing Default. I had (Default) Reg_SZ (value not set) but not Default Reg_Expand_SZ %SystemDrive%\Users\Default added that entry and It Works! As I noted then "A too Solid Goof". When a complex appearing problem can't possibly because of something so simple as a missing registry entry. Or an unplugged power cord / cable. Arrgle bargle - I spent to much time trying to find my notes, I forgot the rest of the point I was after. But it does seem that anything out of the ordinary, out of the 90%, leave the script readers or algorithms verklempft. -- pyotr filipivich Next month's Panel: Graft - Boon or blessing? |
#19
|
|||
|
|||
MSFN down?
"VanguardLH" wrote
| | It was a quick and very easy way to determine if the client supported | functionality the site needed, or would prefer to use, to present the | content how they wanted.... I think you need to get out more, V. You go on and on with these arguments. And what are you arguing about? That I shouldn't spoof UAs? Suit yourself. I find it very practical. It's very unlikely that a page that works in FF 70 won't work in FF 52. I've seen it over and over again. A site complains. I update my spoof. The site works fine. But I don't just pick something willy nilly. I don't say FF 52 is IE or Chrome. |
#20
|
|||
|
|||
MSFN down?
Mayayana wrote:
"VanguardLH" wrote | | It was a quick and very easy way to determine if the client supported | functionality the site needed, or would prefer to use, to present the | content how they wanted.... I think you need to get out more, V. You go on and on with these arguments. And what are you arguing about? Seemed you intended to insult me with my mention of [disabling] extensions, yet you never did show what troubleshooting steps you would take to start working on the problem (when it was present) for the OP. As for spoofing the UA header, the only reason it got deprecated was due to abuse by users. However, the history of the UA header had web client authors abusing it first, so users saw that and wanted it, too, to lie to a server what client was visiting them. Instead of using a compatible client, they continue to use a deficient one and pretend it's something else. |
#21
|
|||
|
|||
MSFN down?
On Sun, 20 Sep 2020 at 01:14:59, VanguardLH wrote:
Mayayana wrote: [] I think you need to get out more, V. You go on and on with these arguments. And what are you arguing about? Seemed you intended to insult me with my mention of [disabling] Come on you two. I consider the major sources of both information and advice on this and some other newsgroups to be Paul, then Mayayana and VanguardLH, then a few others. I enjoy (though may skim) a good Mayayana rant (though VLH had one in this thread), but I don't want to see you two fighting! Normally, I know your views on a range of subjects, and you know each others', and usually you don't respond much when you disagree on something, or only do so briefly. extensions, yet you never did show what troubleshooting steps you would take to start working on the problem (when it was present) for the OP. (I'm also guilty on that one - I jumped in with _my_ hobby-horse without actually having much positive to suggest. [I imagine the OP has abandoned the thread by now, anyway.]) As for spoofing the UA header, the only reason it got deprecated was due to abuse by users. However, the history of the UA header had web client authors abusing it first, so users saw that and wanted it, too, to lie to a server what client was visiting them. Instead of using a compatible client, they continue to use a deficient one and pretend it's something else. IMO, the real villains are the browser developers and script writers who kept introducing things on the one side, and using them on the other, at such a high rate. While not against progress - as one of you said, we'd still be on mosaic 0.5 without progress - I do feel to some extent that the rate is too high, especially where it _breaks_ things, and mainly that the coders are at fault for (a) using the latest toys as soon as they appear without providing any graceful fallback, and/or coding to demand the latest when what they want to achieve has no need of it. [Sometimes, of course, these days, they don't know they're doing that, as they don't code, they use tools that make the code; the villains then are the tool creators who do (b).] I find, for example, surveys are among the worst offenders; when I find one that doesn't work in an older browser, and do it in a new one, I see nothing that couldn't have been implemented perfectly satisfactorily on the older one. (With the possible exception of eye-candy, such as floating radio buttons that follow the mouse pointer, which are not needed for the purpose of the survey.) -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf "He hasn't one redeeming vice." - Oscar Wilde |
#22
|
|||
|
|||
MSFN down?
"Mayayana" wrote in
: "J. P. Gilliver (John)" wrote | | By the time I saw this thread, the description of the problem - | assuming Lu Wei was even the OP - had been snipped to what is | shown above, so I have no idea what the problem actually was. Lu Wei couldn't open https://msfn.org/board/forum/34-windows-xp/ Surprisingly, my New Moon with just about everything disabled shows a fully functional website that doesn't even seem to need script to follow the discussions. Lu Wei later found he could access it. In the meantime, I suggested he could get New Moon if he keeps having trouble. In my experience, userAgent sniffing for no good reason has become an increasing problem, so it's a good idea to spoof that. But perhaps in second place is the problem of people writing webpages to depend on the very latest functionality. And many people don't realize that they can get a recent version of Mozilla browser for XP by using New Moon. So it's a bad combination: Webmasters who often don't even realize what they've done, produce webpages that fail with no information when using a browser that's not fairly new. Meanwhile, XP users use old browsers because they don't know they can get a new one. More often than not, the pages will work just fine once the site is tricked into thinking you have the latest browser on 7, 8, or 10. A follow-up note on that: New Moon seems to be made in several versions that are updated concurrently. I don't know why or what the differences are. But I found that one of them (v. 27, if I remember correctly) broke my CSS toggle button extension. Yet the current version I have, 28.10.2a1, breaks nothing.... Life's little pleasures. Thank you for your post with instructions on spoofing the UA. I changed mine in Firefox 52, and it has helped with a few sites already. I downloaded the New Moon version you mentioned. I would like to use it but NoScript extension does not work with it. What do you use to disenable/enable scripts? Thanks, Dee |
#23
|
|||
|
|||
MSFN down?
"VanguardLH" wrote
| Seemed you intended to insult me with my mention of [disabling] | extensions, Not you personally. As I described, I think it's inconsiderate to tell people to do all these stock things first when it's rarely the problem. The trouble is that it's time consuming. What do I do when a page doesn't work? Usually the first thing I try is disabling CSS. Then I might look at the source code. (I realize that not everyone can do that.) If I *must* access the page I'll try enabling javascript in stages. I also noted that one can have an up-to-date browser for XP, so that doesn't need to be an issue. But the most common problem I see when a page won't work with script is unnecessary UA sniffing. I should note, though, that I don't normally enable script and I don't do online banking, shopping, etc. So my needs are limited. But the woman I live with repeatedly runs into UA problems that result from sniffing, not actual incompatibility. Unlike you, I have no religious beliefs about UA. If I'm using FF52 or New Moon on XP there's no reason that calling it FF79 on Win7 shouldn't work. If there's a rare case where it still won't work then I haven't lost anything. I also do it for better anonymity. I don't want to be the only XP/New Moon visitor they've seen all month. Lately, the biggest problem I see is sites trying to force script for spying and ads. They do things like cover links with a transparent DIV so you can't click them. Or they cover the whole page with a white DIV that's only removed by script. Devious stuff. So I use my trusty CSS toggle button on the toolbar. But script has become so standardized now that I sometimes find it's better to block it. For example, my friend can't access some newspaper sites that work fine for me with script disabled. The other day I had a link to an imgur page that I couldn't see. When I looked at the source code there was no image link. It looked like the page required script to call back to some kind of backend process to load the image. Yet they had also put in a NOSCRIPT tag to make sure Google could still spy on me, even if I saw a blank page! Do people even understand what they've done? I doubt it. Most webmasters today don't know how to code. They're lackeys who run WYSIWYG frontends in corporate offices. Even the people writing the code are typically just pasting together snippets of script that they don't understand. Their friends are using lazyload images so they use lazyload images. Why? Because with only 1 MB of script libraries they can reduce the image loading on webpages by a whopping 200 KB, saving gobs of traffic. Do I try disabling extensions? No. That's generally irrelevant. But I guess if you use uBlock Origin then that's relevant. That actually will alter the rendering. My extensions, except for NoScript, are mostly just GUI stuff. So I would say *if you have extensions that edit webpages* then you might try disabling those. As it happens, though, I actually sniff UAs on my own site. But for good reason. I go by the now-outdated standard that a webpage should work without special requirements in as many browsers as possible. Older IE versions don't render the same way as other browsers and were very slow to acommodate CSS. My webpages are designed to be completely free of script, but the flyout menus won't work in older IE versions. So I have one code version for menus and layout issues in IE and another for all other browsers. Then MS came out with IE11 and broke quirks mode/ compatibility view. And they came out with Edge, which I couldn't even test without buying Win10, and which broke IE compatibility. Then they came out with Chrome Edge. So my pages are designed to work on any browser from IE6 to IE10 and all other popular browsers, with virtually any version. If someone visits with original Edge or IE11 they get instructions on the myriad ways they can see my pages Either set compat mode for IE11 or if it's Edge, then use **any** other browser. So I'm using UA sniffing to help visitors see my pages with minimal requirements on their part. That's very different from the current epidemic of demanding the latest browser, which is more like the teenage hotshots in the 90s who would load their site with ActiveX and Flash, then on the home page they'd put a note like, "This site best viewed with Internet Explorer version 4.093.21443.8" But at least the teenagers told you why you couldn't see their webpages! Which is an interesting point. The attitude today is a kind of non-existent standardization. You're responsible for the rendering as the viewer. It's expected that you have the decency to be a non-techie person who's getting constant dripfeed updates on a cellphone and has no understanding of security or privacy. So they can do as they like with you once you load their URL. The commercial, spyware, ad-infested Internet depends on that. And now they're cracking down. If you don't comply they'll do their best to break the page so you can't see it. |
#24
|
|||
|
|||
MSFN down?
"J. P. Gilliver (John)" wrote
| | Come on you two. You know what your problem is? You can't tolerate discord. But I try to give you a wide berth for your peculiar neurotic style because Brits can't be expected to understand honest argument. The British way is always to be indirect. The more ambiguous the insult, the classier it is. If an American sees someone with a spot of mustard on their shirt they'll say, "Hey! You know you've got mustard on your shirt?" A Brit will say something like, "How's your dry cleaner enjoying his vacation?" |
#25
|
|||
|
|||
MSFN down?
"Dee" wrote
| Thank you for your post with instructions on spoofing the UA. I | changed mine in Firefox 52, and it has helped with a few sites | already. | | I downloaded the New Moon version you mentioned. I would like to use | it but NoScript extension does not work with it. What do you use to | disenable/enable scripts? | Are you getting the v. 28 variety? I'm using NoScript 5.1.9. It gets complicated. New Moon compatibility varies in general. I don't know why. As I mentioned, my CSS toggle button didn't work with v. 27 but does with 28. Makes no sense to me. One thing that's good to do: Set xpinstall.signatures.required to false Another detail is that newer FF extensions are the newer locked-out variety. NoScript went from v. 5 in the old design to v. 10 in the new design. So the newer NoScript won't work. (I use the same 5.1.9 in FF52.) In NM 28 I have NoScript 5.1.9, Disable Style Button, DOM Inspector, Restore View Source, Secret Agent 1.35, SettingsSanity .8. Some signed, some not. NoScript has a mark indicating it directly targets New Moon. I don't know why. I always save all extensions and keep backup copies. I don't know if there's a place to still get older ones. Mozilla have been rather nasty about that, trying to prevent support for older browser versions. I did find this: https://github.com/JustOff/ca-archive/releases There seems to be a package to provide a webpage, script, and an SQL database that apparently holds lots of old extensions. I haven't figured out yet how it works. I just found it. |
#26
|
|||
|
|||
MSFN down?
"J. P. Gilliver (John)" wrote:
I don't want to see you two fighting! Normally, I know your views on a range of subjects, and you know each others', and usually you don't respond much when you disagree on something, or only do so briefly. Make us some mac 'n cheese. Works in the commercials. IMO, the real villains are the browser developers and script writers who kept introducing things on the one side, and using them on the other, at such a high rate. While not against progress - as one of you said, we'd still be on mosaic 0.5 without progress - I do feel to some extent that the rate is too high, especially where it _breaks_ things, I've tried using the Help - Feedback menu in Firefox. I've never seen any effect from sending them feedback. Their bugzilla community has way too much control over the direction that Firefox takes. I've seen users wonder why something changed in Firefox, and traced it down to *ONE* regular in bugzilla not only making the suggestion but also implementing it (i.e., a developer who decided what was best for us that merely used bugzilla to track his code changes). The Nightly folks also wrest too much control. While bugzilla and Nightly channel attempt to be proactive in fixing the program and adding or changing features, users should have some effective reactive venue to undo changes or vote on which they want. Right now, the Feedback link in Firefox is like repeatedly hitting a crosswalk button that isn't connected. As for Google, I don't think they listen to anyone other than perhaps web designers that push for what they want. At one time, we users got misled that web browsers were for us. Eventually they became clients under the influence of the site admins. For Mozilla and Google, their audience is not us users. I find, for example, surveys are among the worst offenders; when I find one that doesn't work in an older browser, and do it in a new one, I see nothing that couldn't have been implemented perfectly satisfactorily on the older one. Yep, site admins & web designers pushing features they want, not what is useful to the users. There was some programming/scripting framework that got adopted over a couple decades ago supposedly to standardize coding of web pages. I think it started with "A". Then a newer version came out (A...2) that was the rage, and the coders jump on it. A wasn't good enough, but, gee, A...2 was super duper, so it got quickly adopted. When I looked at it, I wondered what the **** was the difference. Microsoft attempted to wrest the web browser marketshare due their pervasive presence (bundling IE with Windows) by introducing Jscript instead of adopting Javascript. Microsoft surely could not use someone else's scripting engine. They had the same fiasco when they tried to use XPS as an alternative to PDF. Have you ever gotten an XPS document, or created one? As with many of Microsoft's attempts to invade or takeover but far too late, they caused confusion and lost (as well as any users that adopted Microsoft's stab). Windows Phone has a whopping marketshare of 0.03% compared to Android at 74%, and Windows has 0.08% marketshare on tablets compared to 59% for iOS. Failed experiments by Microsoft, but Microsoft shall not be deterred (no learn). OAUTH was a security protocol to protect logins. Google destroyed that in OAUTH2 by changing from a security protocol to a generally described framework for "security" by tracking (via token) which host was making the login (to trigger security alerts when a different host was logging into the same account). Google loves tracking. OAUTH2 afforded no more protection to the *USER* than do strong login credentials (I have no pity for boobs that use simpleton passwords or reuse them at multiple sites). None of this **** was for us users. It's more like some joker gets control and decides to make their mark. It's a ****ing contest, and we users are the ones getting urinated upon. |
#27
|
|||
|
|||
MSFN down?
Mayayana wrote:
So my pages are designed to work on any browser from IE6 to IE10 and all other popular browsers, with virtually any version. I've seen some privacy fanatics that never want to reveal which web browser they use. They use a UA header that doesn't identify either the web client nor attempts to pretend to be someone else's. What do you do then? Presumably you use a catch-all clause to provide some minimal functionality. Some are smart enough to disable Javascript, too, because a web page's script can discover which web client into which it was loaded and send that info back to the server. The attitude today is a kind of non-existent standardization. You're responsible for the rendering as the viewer. It's expected that you have the decency to be a non-techie person who's getting constant dripfeed updates on a cellphone and has no understanding of security or privacy. On hitting of security, it's a bit comical to me how nowadays so many people are trying to secure their credit card data (virtual cards, VPNs, alternate pay schemes, instant notifications of use, etc), yet they'll readily hand over their credit card to a minimum wage table jockey at a restaurant to pay their bill. Tis like dead bolting all the reinforced steel exterior doors of your house, but leaving open the windows. |
#28
|
|||
|
|||
MSFN down?
"VanguardLH" wrote
| | So my pages are designed to work on any browser from IE6 to IE10 and | all other popular browsers, with virtually any version. | | I've seen some privacy fanatics that never want to reveal which web | browser they use. They use a UA header that doesn't identify either the | web client nor attempts to pretend to be someone else's. What do you do | then? Presumably you use a catch-all clause to provide some minimal | functionality. | ?php $suser = getenv("HTTP_USER_AGENT"); if (stristr($suser, "MSIE")) { $smenu = "menuie2.inc"; } elseif (stristr($suser, "Trident")) { $smenu = "menuiex.inc"; } elseif (stristr($suser, "Edge")) { $smenu = "menuiex.inc"; } else { $smenu = "menumoz2.inc"; } ? It filters for IE or Edge. Chrome Edge udses a UA with "Edg", so that gets treated as all other browsers. As you can see, I'm not sorting browsers. I just have 3 options: IE pages, error page for Edge/IE11, and normal pages with no script for all other browsers. If it can handle CCS2 it can handle my menus. I usually just test in FF and IE, but when I've tried testing in other browsers they seem to be very consistent -- except IE. | On hitting of security, it's a bit comical to me how nowadays so many | people are trying to secure their credit card data (virtual cards, VPNs, | alternate pay schemes, instant notifications of use, etc), yet they'll | readily hand over their credit card to a minimum wage table jockey at a | restaurant to pay their bill. Tis like dead bolting all the reinforced | steel exterior doors of your house, but leaving open the windows. I don't think so. There is a risk in stores. (Oprah Winfrey once got her card stolen by another woman watching from behind her in a store.) But that's a different situation. It's personal. And there's a better chance of tracing it back. And the restaurant waiter/waitress probably doesn't want to risk their job. With online it's faceless. Data gets taken from insecure storage and sold on a regular basis. No one cares because they figure the issuing bank will foot the bill. Then of course there's also the risk of malware getting onto your system and stealing typed data. If I have to even allow script online I usually use one of my sacrificial computers -- not one that I keep personal files on. An interesting example of a hybrid situation is Home Depot. They got hacked by inserted hardware in their automatic checkout card readers, if I remember correctly. So it was risky to auto-checkout but the clerks' card readers weren't hacked. So there are risks. ATMs to some extent. Gas stations, especially. But online is a whole different category. I avoid credit cards for most things. I like to use cash for gas, groceries, clothing, etc. I rarely go to restaurants. Why buy worse food for 3 times the price and have to sit 2' from the next table? (pre- covid, of course) In general, I increasingly avoid credit cards due to both privacy and security issues. I shop at Whole Foods. I'm not interested in telling Bozo Bezos what I eat. If I'm going to order from an online company I like to call. If they don't have a phone # then they don't really have customer service, anyway. |
#29
|
|||
|
|||
MSFN down?
On Sun, 20 Sep 2020 at 10:26:57, Mayayana
wrote: "J. P. Gilliver (John)" wrote | | Come on you two. You know what your problem is? You can't tolerate discord. But I try to give you a wide berth for your peculiar neurotic style because Brits can't be expected to understand honest argument. Oh, I tolerate discord - some of my social interactions thrive on it; I like a good argument! But that's the key word: it has to be a _good_ argument. When it degenerates, the excess heat can be more counterproductive than the argument is productive. But I sense you two are back on speaking terms, judging by the later posts in this thread; disagreeing with each other, but either giving valid arguments, or just avoiding certain areas. (You're actually agreeing on some things. But I won't tell anyone.) The British way is always to be indirect. The more ambiguous the insult, the classier it is. If an American sees someone with a spot of mustard on their shirt they'll say, "Hey! You know you've got mustard on your shirt?" A Brit will say something like, "How's your dry cleaner enjoying his vacation?" (-: Except we'd say holiday. I think the most amusing version of the above - which might have been peculiar to my school - was "it's nice out, isn't it?" as a way of saying "your flies are open" ... (-: -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf every time Trump says "Failing New York Times" the number of digital subscribers rises. - NYT CEO quoted by Jon Sopel in RT 2018/6/23-29 |
#30
|
|||
|
|||
MSFN down?
"Mayayana" wrote in
: "Dee" wrote | Thank you for your post with instructions on spoofing the UA. I | changed mine in Firefox 52, and it has helped with a few sites | already. | | I downloaded the New Moon version you mentioned. I would like to | use it but NoScript extension does not work with it. What do you | use to disenable/enable scripts? | Are you getting the v. 28 variety? I'm using NoScript 5.1.9. It gets complicated. New Moon compatibility varies in general. I don't know why. As I mentioned, my CSS toggle button didn't work with v. 27 but does with 28. Makes no sense to me. Yes, version 28.10.2a1 (32-bit). Maybe I don't know how to load NoScript with it, then. I went to Tools / Add-ons, then Get Add-ons, and NoScript is not listed. How do I install NoScript with it? I will try searching the web. One thing that's good to do: Set xpinstall.signatures.required to false Looks like that is the default in mine. Another detail is that newer FF extensions are the newer locked-out variety. NoScript went from v. 5 in the old design to v. 10 in the new design. So the newer NoScript won't work. (I use the same 5.1.9 in FF52.) In NM 28 I have NoScript 5.1.9, Disable Style Button, DOM Inspector, Restore View Source, Secret Agent 1.35, SettingsSanity .8. Some signed, some not. NoScript has a mark indicating it directly targets New Moon. I don't know why. I always save all extensions and keep backup copies. I don't know if there's a place to still get older ones. Mozilla have been rather nasty about that, trying to prevent support for older browser versions. I did find this: https://github.com/JustOff/ca-archive/releases There seems to be a package to provide a webpage, script, and an SQL database that apparently holds lots of old extensions. I haven't figured out yet how it works. I just found it. Thanks again, Dee |
Thread Tools | |
Display Modes | |
|
|