Error message "www.thepoachedegg.net redirected you too many times."????

I'm getting messages, that I can't 'reach a website.

Palemoon and Firefox both just tell me there is a problem.
Opera gives me the message: "www.thepoachedegg.net redirected you
too many times."

Say what?

(For what it is worth, I went there from he
https://hillfaith.blog/2018/12/06/yes-god-can-even-use-pink-floyd-to-bring-you-to-truth/)

Short of suddenly developing mAd PRogrammer Skillz, is there
anyway to figure out what in the name of Lenodias's Lapdogs might be
going on?
I've tried messing about with Palemoon cookie preferences (use
custom settings, accept all cookies) but nothing seems to change.

Fnord. Another day when the Interwebs lives up to low
expectations.

(Yes, I'm mostly griping about a "minor" problem: I can't read a
particular article.)



--
pyotr filipivich
The question was asked: "Is Hindsight overrated?"
In retrospect, it appears to be.

pyotr filipivich wrote:
I'm getting messages, that I can't 'reach a website.

Palemoon and Firefox both just tell me there is a problem.
Opera gives me the message: "www.thepoachedegg.net redirected you
too many times."

Say what?

(For what it is worth, I went there from he
https://hillfaith.blog/2018/12/06/yes-god-can-even-use-pink-floyd-to-bring-you-to-truth/)

Short of suddenly developing mAd PRogrammer Skillz, is there
anyway to figure out what in the name of Lenodias's Lapdogs might be
going on?
I've tried messing about with Palemoon cookie preferences (use
custom settings, accept all cookies) but nothing seems to change.

Fnord. Another day when the Interwebs lives up to low
expectations.

(Yes, I'm mostly griping about a "minor" problem: I can't read a
particular article.)

FWIW, the given URL works fine (at least for me) in IE11 and Chrome
(70.0.3538.110), both on Windows 8.1. IOW, *my* crap works! :-)

Did you uninstall - or not install - IE?

"pyotr filipivich" wrote
| I'm getting messages, that I can't 'reach a website.
|
I get the same thing. The problem with that is it's
hard to know what they're trying to do because it happens
before the page loads. Since it's encrypted I can't see
in something like Smart Sniffer what the conversation is
with the server.
I think it usually means that they want to snoop and can't,
so it's just looping, but I don't know the details. I generally
find that with very commercial sites.

It probably worked for Frank because he's using IE
and Chrome, thus has no security or privacy. So they're
happy to see him coming.

If you really want to see it, go to Google and do a search,
then load the cached version.

Mayayana wrote:
"pyotr filipivich" wrote
| I'm getting messages, that I can't 'reach a website.
|
I get the same thing. The problem with that is it's
hard to know what they're trying to do because it happens
before the page loads. Since it's encrypted I can't see
in something like Smart Sniffer what the conversation is
with the server.
I think it usually means that they want to snoop and can't,
so it's just looping, but I don't know the details. I generally
find that with very commercial sites.

It probably worked for Frank because he's using IE
and Chrome, thus has no security or privacy. So they're
happy to see him coming.

I *heard* that!? :-)

If you really want to see it, go to Google and do a search,
then load the cached version.

That made this Dutchie think of doing the decent thing and put it [1]
in the archive at web.archive.org:

https://web.archive.org/web/20181206163027/https://hillfaith.blog/2018/12/06/yes-god-can-even-use-pink-floyd-to-bring-you-to-truth

Let us know if *that* works for your broken :-) browsers.

[1] I didn't know that it is so easy to *put* things in the archive!

"Frank Slootweg" wrote

| [1] I didn't know that it is so easy to *put* things in the archive!

I didn't, either. It never occurred to me to submit.

I've been frustrated recently with how much is
missing. I save links and text for articles and then
sometimes want to share the link later, but often
the pages are gone and increasingly they're also
gone from archive.org. I'm assuming the original
host asked for them to be removed.

Microsoft are actually one of the worst in terms of
removing pages and breaking links. Some others
(I think The Register is an example) seem to keep
everything they've ever posted live.

I remember discovering Dark Side of the Moon
while very, very high, coming down out of the
Rocky Mountains in Colorado, with someone
who'd been nice enough to pick up my girlfriend
and I hitchhiking. That would have been '76.
I was impressed. But I think the pot was the main
factor in that. It didn't lead to becoming a born
again Christian.

"Mayayana" on Thu, 6 Dec 2018 11:55:21 -0500
typed in alt.windows7.general the following:
"Frank Slootweg" wrote

| [1] I didn't know that it is so easy to *put* things in the archive!

I didn't, either. It never occurred to me to submit.

I've been frustrated recently with how much is
missing. I save links and text for articles and then
sometimes want to share the link later, but often
the pages are gone and increasingly they're also
gone from archive.org. I'm assuming the original
host asked for them to be removed.

Microsoft are actually one of the worst in terms of
removing pages and breaking links. Some others
(I think The Register is an example) seem to keep
everything they've ever posted live.

I remember discovering Dark Side of the Moon
while very, very high, coming down out of the
Rocky Mountains in Colorado, with someone
who'd been nice enough to pick up my girlfriend
and I hitchhiking. That would have been '76.
I was impressed. But I think the pot was the main
factor in that. It didn't lead to becoming a born
again Christian.

Different strokes for different folks.

Like the story about the guy who fell down a well, and while in
the well "found God", that doesn't make pushing people down a well a
valid form of evangelism. B-)

--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?

On Thu, 06 Dec 2018 15:06:24 -0800, pyotr filipivich
wrote:

Different strokes for different folks.

Like the story about the guy who fell down a well, and while in
the well "found God", that doesn't make pushing people down a well a
valid form of evangelism. B-)

Let us not be hasty in ruling it out, though.

--

Char Jackson

"Mayayana" on Thu, 6 Dec 2018 10:45:48 -0500
typed in alt.windows7.general the following:
"pyotr filipivich" wrote
| I'm getting messages, that I can't 'reach a website.
|
I get the same thing. The problem with that is it's
hard to know what they're trying to do because it happens
before the page loads. Since it's encrypted I can't see
in something like Smart Sniffer what the conversation is
with the server.
I think it usually means that they want to snoop and can't,
so it's just looping, but I don't know the details. I generally
find that with very commercial sites.

It probably worked for Frank because he's using IE
and Chrome, thus has no security or privacy. So they're
happy to see him coming.

If you really want to see it, go to Google and do a search,
then load the cached version.

Nerts. It seemed like an interesting article, but not interesting
enough to go through all that.

--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?

"pyotr filipivich" wrote

| If you really want to see it, go to Google and do a search,
| then load the cached version.
|
| Nerts. It seemed like an interesting article, but not interesting
| enough to go through all that.

It's actually easy. I often do it for Microsoft
pages that they insist on breaking if you don't
enable script. Just copy the URL, without the
https://, paste it into Google's exact phrase
search, and go. It will almost always come up
first and you can select the cached version.

"Mayayana" on Thu, 6 Dec 2018 19:45:49 -0500
typed in alt.windows7.general the following:
"pyotr filipivich" wrote

| If you really want to see it, go to Google and do a search,
| then load the cached version.
|
| Nerts. It seemed like an interesting article, but not interesting
| enough to go through all that.

It's actually easy. I often do it for Microsoft
pages that they insist on breaking if you don't
enable script. Just copy the URL, without the
https://, paste it into Google's exact phrase
search, and go. It will almost always come up
first and you can select the cached version.

Thanks anyway.

I try to remember to get back to that, after I go feed the cat,
load the dishwasher, and see if I can trig out the calculations I
want. B-)



--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?

On Thu, 6 Dec 2018 10:45:48 -0500, Mayayana wrote:

"pyotr filipivich" wrote
| I'm getting messages, that I can't 'reach a website.
|
I get the same thing. The problem with that is it's
hard to know what they're trying to do because it happens
before the page loads. Since it's encrypted I can't see
in something like Smart Sniffer what the conversation is
with the server.


Telerik Fiddler can intercept encrypted connections to show
you the conversation with the web server.

(FYI Telerik Fiddler is not a packet sniffer like Smart
Sniffer; Telerik Fiddler works like a local web proxy.)


I think it usually means that they want to snoop and can't,
so it's just looping, but I don't know the details. I generally
find that with very commercial sites.


--
Kind regards
Ralph

"Ralph Fox" wrote

| Telerik Fiddler can intercept encrypted connections to show
| you the conversation with the web server.
|
| (FYI Telerik Fiddler is not a packet sniffer like Smart
| Sniffer; Telerik Fiddler works like a local web proxy.)
|

Thanks. That looks interesting. I don't think
I care enough to use an adware program that
requires me to give them an email address.

But it's interesting to know. I've been working on a
Bing maps program and was just wondering
yesterday whether any tool can get pre-encrypted
data. If it can really do that then it seems it must
be more a hook than a proxy. I call winhttp.
Winhttp calls bing and intitiates a TLS-encrypted
conversation. It seems something like fiddler would
have to hook in between me and winhttp. Or in
the case of a browser, between the browser and
something like crypt32.dll. Do you know what I
mean? Do you happen to know the details of
how that works?

I was wondering because the REST map apis
for things like Google and Bing require using
a key these days. I'm switching from Google
to Bing because Google just started requiring a
credit card. Bing doesn't, but it does have a
limit. It might be impossible to fully hide the key,
but I'm trying to figure out more. For instance,
someone with a Google account might put the
key in their webpage, have it spread around by
someone in China, and end up being charged
thousands of dollars by Google for going over the
free limit. Similarly, software that doesn't encrypt
would make it simple for anyone to read the key.
Probably a crack of the software could get the
key, but that would likely be more work than it's
worth to hackers.

Mayayana wrote:

"Ralph Fox" wrote

| Telerik Fiddler can intercept encrypted connections to show
| you the conversation with the web server.
|
| (FYI Telerik Fiddler is not a packet sniffer like Smart
| Sniffer; Telerik Fiddler works like a local web proxy.)
|

Thanks. That looks interesting. I don't think
I care enough to use an adware program that
requires me to give them an email address.

But it's interesting to know. I've been working on a
Bing maps program and was just wondering
yesterday whether any tool can get pre-encrypted
data. If it can really do that then it seems it must
be more a hook than a proxy. I call winhttp.
Winhttp calls bing and intitiates a TLS-encrypted
conversation. It seems something like fiddler would
have to hook in between me and winhttp. Or in
the case of a browser, between the browser and
something like crypt32.dll. Do you know what I
mean? Do you happen to know the details of
how that works?

I was wondering because the REST map apis
for things like Google and Bing require using
a key these days. I'm switching from Google
to Bing because Google just started requiring a
credit card. Bing doesn't, but it does have a
limit. It might be impossible to fully hide the key,
but I'm trying to figure out more. For instance,
someone with a Google account might put the
key in their webpage, have it spread around by
someone in China, and end up being charged
thousands of dollars by Google for going over the
free limit. Similarly, software that doesn't encrypt
would make it simple for anyone to read the key.
Probably a crack of the software could get the
key, but that would likely be more work than it's
worth to hackers.

Just a proxy, so it's possible your own proxying could sidestep it. For
HTTPS, it must install a certificate into the global certificate store
(certmgr.msc) to perform a local man-in-the-middle attack, the same way
anti-virus software (e.g., Avast) manage to intercept HTTPS traffic to
look for malicious content. I also use a stream capture program
(Applian Replay Media Capture) that uses the same technique (proxy with
cert), so it can capture video streams from HTTPS sources. If RMC
crashes, I don't get any web traffic until I clear out the proxy
settings in the OS (Internet options - Connections - LAN settings -
Proxy server). I've been nailed by software not undoing the proxy
setting often enough (upon their exit or upon their crash) that I
created a shortcut that loads a .reg file that clears this proxy setting
rather than drill through the Internet Options wizard to check.

As I recall, Google Chrome will use the global Internet Settings in
Windows. Firefox may, too, but Mozilla likes to internalize such
things. For example, Firefox does not use the global cert store in the
OS and instead uses their own. That meant I couldn't use RMC to capture
HTTPS video streams until Applian figured out how to install a cert in
Firefox's private cert store (but the option to re-insert their cert is
overly buried in RMC's settings).

https://www.youtube.com/watch?v=2pTlA3AG4W8
Looks like you have to enable Fiddler to intercept HTTPS.

After enabling Fiddler to intercept HTTPS traffic, look in certmgr.msc
to see if a new certificate got installed. When I do the same in Avast,
it adds an "Avast Web/Mail Shield Root" certificate. Inserting certs
into the local cert store (in a sysprep image for their workstations)
for a MITM interception of encrypted traffic is how many companies can
monitor your traffic using their property (i.e., their workstations and
their network).

I've used Fiddler in the past (which became Fiddler2 and now Fiddler4).
I don't remember any ads in the product to qualify it as adware. I see
they now want an e-mail address and location. Use for
an e-mail address and give them whatever location you (but you'll
probably want to pick something where the official language is the same
as yourself).

"VanguardLH" wrote

| After enabling Fiddler to intercept HTTPS traffic, look in certmgr.msc
| to see if a new certificate got installed. When I do the same in Avast,
| it adds an "Avast Web/Mail Shield Root" certificate. Inserting certs
| into the local cert store (in a sysprep image for their workstations)
| for a MITM interception of encrypted traffic is how many companies can
| monitor your traffic using their property (i.e., their workstations and
| their network).

I didn't know about this. I've written a MIME
filter before, to sit in front of IE and filter the
pages it gets, but I'm not sure whether that
works with encryption. I'm not clear on the steps.
But it would seem that anything sitting in the
middle also has to intercept the full exchange
and perform its own version of decryption.
Maybe that's why it needs a cert?

On Fri, 7 Dec 2018 12:52:11 -0600, VanguardLH wrote:

the same way
anti-virus software (e.g., Avast) manage to intercept HTTPS traffic to
look for malicious content.

Exactly.


As I recall, Google Chrome will use the global Internet Settings in
Windows. Firefox may, too, but Mozilla likes to internalize such
things. For example, Firefox does not use the global cert store in the
OS and instead uses their own. That meant I couldn't use RMC to capture
HTTPS video streams until Applian figured out how to install a cert in
Firefox's private cert store (but the option to re-insert their cert is
overly buried in RMC's settings).


* From Fiddler, I export Fiddler's certificate to a file.
* From Firefox, I import the certificate file into Firefox's certificate store.
Options Privacy and Security View Certificates Import

Fiddler itself doesn't need to figure out how to install a cert in
Firefox's private cert store.


After enabling Fiddler to intercept HTTPS traffic, look in certmgr.msc
to see if a new certificate got installed.

The Fiddler instructions say to manually import the certificate into
the Windows certificate store.

https://docs.telerik.com/platform/knowledge-base/how-to/how-to-trust-fiddler-root-certificate


I installed Fiddler from a non-Admin account, so it would not have been
able to update the Windows certificate store in any case.


--
Kind regards
Ralph