I've tried Firefox 2.0, Netscape 9, and Opera 11.01 (all running under
Win-98) but the results are the same.
I can't seem to type anything (anything visible anyways) in the
file-upload entry box.
The "Choose File" button works, insofar as it brings up a file explorer
window and I can choose a file, but the chosen file name / path doesn't
appear in the box, and the "Scan it" button does nothing.
What sort of web-coding are they using that would break this file-upload
interface when using an older browser?
I would have thought that Opera 11 would have worked...
============
Testing for Frontend Single Points Of Failure
For the purposes of this example I'll be "breaking" the twitter,
Facebook and Google buttons as well as the Google API server (jquery,
etc) and Google Analytics.
(...)
Congratulations, you just experienced a Frontend SPOF - now go fix it so
your users don't have to feel the same pain (assuming it is a site you
control, otherwise just yell at the owner).
=============
>============
>Testing for Frontend Single Points Of Failure
>For the purposes of this example I'll be "breaking" the twitter,
>Facebook and Google buttons as well as the Google API server (jquery,
>etc) and Google Analytics.
>(...)
>Congratulations, you just experienced a Frontend SPOF - now go fix it so
>your users don't have to feel the same pain (assuming it is a site you
>control, otherwise just yell at the owner).
Forcing users to allow javascript is strange, on an
anti-malware site
[]'s
PS Even Jotti has a hxxp://pagead2.googlesyndication.com/pagead/show_ads.js, but
it's not mandatory.
You can't send anything without allowing Google on Virustotal.
I suppose it all comes down to funding.
"Shadow" wrote:
> Forcing users to allow javascript is strange, on an
> anti-malware site
Unfortunately it's all too common these days that sites depend on
scripting instead of it being an enhancement.
> You can't send anything without allowing Google on Virustotal.
They're using jQuery via the Google Libraries API. I'm not sure what
the point of this API is other than to gather all the popular script
libraries in one place. VT could just as easily host their own copy
of jQuery as they have done with some other scripts.
> I suppose it all comes down to funding.
I detest these script libraries because they add bloat and bugs. VT
only needs a simple submission form and a possibly a little script to
upload samples. I've never been able to get their page to play nicely
and use the email submission option instead.
>> Forcing users to allow javascript is strange, on an
>> anti-malware site
| | Unfortunately it's all too common these days that sites depend on
| scripting instead of it being an enhancement.
|
>> You can't send anything without allowing Google on Virustotal.
| | They're using jQuery via the Google Libraries API. I'm not sure what
| the point of this API is other than to gather all the popular script
| libraries in one place. VT could just as easily host their own copy
| of jQuery as they have done with some other scripts.
|
>> I suppose it all comes down to funding.
| | I detest these script libraries because they add bloat and bugs. VT
| only needs a simple submission form and a possibly a little script to
| upload samples. I've never been able to get their page to play nicely
| and use the email submission option instead.
|
But Ant you could use the VirusTotalUploader2 utility instead.
"David H. Lipman" wrote:
> From: "Ant"
>| I detest these script libraries because they add bloat and bugs. VT
>| only needs a simple submission form and a possibly a little script to
>| upload samples. I've never been able to get their page to play nicely
>| and use the email submission option instead.
>|
> But Ant you could use the VirusTotalUploader2 utility instead.
I didn't know about that. Actually I prefer email because they send me
the results and I don't have to visit the web page. There's another
reason I use mail which applies to members of our forum.
The only time I visit is to pull down results when others post a link.
Even that fails sometimes and I get a submission page or "this has
already been submitted" - quite bizarre.
Ant wrote:
> They're using jQuery via the Google Libraries API. I'm not sure what
> the point of this API is other than to gather all the popular script
> libraries in one place. VT could just as easily host their own copy
> of jQuery as they have done with some other scripts.
Is it possible for your own computer (ie - localhost) to operate it's
own web-server, such that you could obtain a copy of these google
libraries and host them on your own computer?
"Virus Guy" wrote:
> Is it possible for your own computer (ie - localhost) to operate it's
> own web-server, such that you could obtain a copy of these google
> libraries and host them on your own computer?
Sure you can. Microsoft's FrontPage web authoring tool had a mini
server you could set up for testing web pages. I've done this in the
dim and distant past at a place I worked. Presumably you'd put the
google host names you wanted to emulate in the hosts file and point
them at your local server. Don't ask me for details though; I've long
forgotton and it's not my area of expertise or interest.
"Virus Guy" wrote:
> Ok, so I've installed the "Personal Web Server" that came with Windows
> 98 (something that, apparently, didn't come with Windows XP - ah ha!)
One possible problem - the script links are using SSL (https) so the
server must be able to handle that.
> Any ideas what file I need to grab from ajax.googleapis.com and host
> locally so that VirusTotal's file-submission form works?
The first, jsapi, is script which references many other google files
as you can see from the variables ServiceBase and GoogleApisBase which
give the base URLs. They are all the script libraries and goodness
knows what else (I don't know what "uds" is). I could be wrong but
it's not obvious that VT uses anything in this file. Perhaps you can
get away without it. Look for the Google Libraries API developer's
guide for more info.
The second is the jQuery script library which does not reference any
external stuff as far as I can tell.
VT also uses the google-analytics domain but that shouldn't affect the
functionality.
I apparently downloaded the free/limited-functionality commercial
version from the cnet link.
This web server (this free version) can do http and https - but not at
the same time. I have to choose one or the other in the config
settings.
So I've got it working as an https server on port 443, and the link to
googleapis.com jquery.min.js works fine (but I did have to create a
dummy self-signed SSL certificate and tell my browser to accept it).
I guess I'll still have to have the Microsoft Personal Web Server
running for any http port-80 stuff I want to serve.
So I try out VT with this new setup, and I get this:
===============
You have attempted to establish a connection with
"ajax.googleapis.com". However, the security certificate presented
belongs to "test". It is possible, though unlikely, that someone may be
trying to intercept your communication with thie website. If you
suspect the certificate shown does not belong to "ajax.googleapis.com",
please cancel the connection and notify the site administrator.
===============
I click "OK" (to accept this situation) and I get another similar
message, but this time instead of ajax.googleapis.com I get
ssl.google-analytics.com. I don't know what file it's looking for in
this case. I just continue by hitting OK.
The VT website continues normally and I'm able to submit a file for
analysis.
So, can I create many different certificates, and just make sure that I
replace "test" with the appropriate host-names?
>> > Is it possible for your own computer (ie - localhost) to operate
>> > it's own web-server
>> Sure you can. Microsoft's FrontPage web authoring tool had a mini
>> server you could set up for testing web pages.
> Ok, so I've installed the "Personal Web Server" that came with Windows
> 98 (something that, apparently, didn't come with Windows XP - ah ha!)
If you installed the older office with frontpage,it would have. HAH! Winshit98 didnt come with it either. The fact you asked such a stupid question tho and your supposed to be some kind of expert, yes, that was good for a laugh or two.
> Any ideas what file I need to grab from ajax.googleapis.com and host
> locally so that VirusTotal's file-submission form works?
At what point will you show iniative and figure things out on your own?
-- Character is doing the right thing when nobody's looking. There are too many people who think that the only thing that's right is to get by, and the only thing that's wrong is to get caught. - J.C. Watts
>> > One possible problem - the script links are using SSL (https) so
>> > the server must be able to handle that.
>> Yea, that's the problem.
> So I downloaded this (Abyss Web Server)
Why not Apache?
> This web server (this free version) can do http and https - but not
> at the same time. I have to choose one or the other in the config
> settings.
When you grow up and join the NT world, this will no longer be any
issue for you. Youd be able to run more standard software.
> I guess I'll still have to have the Microsoft Personal Web Server
> running for any http port-80 stuff I want to serve.
Not a very bright idea.
> I click "OK" (to accept this situation) and I get another similar
> message, but this time instead of ajax.googleapis.com I get
> ssl.google-analytics.com. I don't know what file it's looking for in
> this case. I just continue by hitting OK.
Just what sort of administrator or expert are you?
> So, can I create many different certificates, and just make sure that
> I replace "test" with the appropriate host-names?
Dont really have a clue, eh? :)
I'm sure someone with good intentions who doesn't know any better will
be along to educate you soon. I won't, but I have little doubt someone
will feel sorry for you.
-- Character is doing the right thing when nobody's looking. There are too
many people who think that the only thing that's right is to get by,
and the only thing that's wrong is to get caught. - J.C. Watts
> If you installed the older office with frontpage,it would have. HAH!
> Winshit98 didnt come with it either. The fact you asked such a stupid
> question tho and your supposed to be some kind of expert, yes, that was
> good for a laugh or two.
Must you be so demeaning. I'll bet measuring his overall level of intelligence compared yours, (considering your behavior) he would win hands down.
-- Bear
http://bearware.info The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail
> I'm sure someone with good intentions who doesn't know any better will
> be along to educate you soon. I won't, but I have little doubt someone
> will feel sorry for you.
Why bother responding then? Just to boost your demented ego!
-- Bear
http://bearware.info The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail
Bear <bearbottoms1+...@gmail.com> wrote in news:4f2ef4c4$0$292$14726298
@news.sunsite.dk:
> On 2/5/2012 12:47 PM, Dustin wrote:
>> I'm sure someone with good intentions who doesn't know any better will
>> be along to educate you soon. I won't, but I have little doubt someone
>> will feel sorry for you.
> Why bother responding then? Just to boost your demented ego!
Hi Bear.
I realize you're new here and don't know the regulars yet. Virus_Guy has been posting here for several years now. Like yourself tho, he often has a
habit of talking shit and every so often, someone (me this time) calls him out on it.
Have a good day Bear.
-- Character is doing the right thing when nobody's looking. There are too many people who think that the only thing that's right is to get by, and the only thing that's wrong is to get caught. - J.C. Watts
Bear <bearbottoms1+...@gmail.com> wrote in news:4f2ef45a$0$292$14726298
@news.sunsite.dk:
> On 2/5/2012 12:40 PM, Dustin wrote:
>> If you installed the older office with frontpage,it would have. HAH!
>> Winshit98 didnt come with it either. The fact you asked such a stupid
>> question tho and your supposed to be some kind of expert, yes, that was
>> good for a laugh or two.
> Must you be so demeaning. I'll bet measuring his overall level of > intelligence compared yours, (considering your behavior) he would win > hands down.
When it's necessary, yes. Measure whatever you like.
-- Character is doing the right thing when nobody's looking. There are too many people who think that the only thing that's right is to get by, and the only thing that's wrong is to get caught. - J.C. Watts
> Bear<bearbottoms1+...@gmail.com> wrote in news:4f2ef4c4$0$292$14726298
> @news.sunsite.dk:
>> On 2/5/2012 12:47 PM, Dustin wrote:
>>> I'm sure someone with good intentions who doesn't know any better will
>>> be along to educate you soon. I won't, but I have little doubt someone
>>> will feel sorry for you.
>> Why bother responding then? Just to boost your demented ego!
> Hi Bear.
> I realize you're new here and don't know the regulars yet. Virus_Guy has
> been posting here for several years now. Like yourself tho, he often has a
> habit of talking shit and every so often, someone (me this time) calls him
> out on it.
> Have a good day Bear.
And your just the asshole to dish it out eh. Gotcha.
WTF are you calling him out on? Asking questions? WTF do you think newsgroups are for.
BTW, I'm /not/ new here. I just never felt interested enough to post here, though I did a few years back...I believe that is where I first met you...you were an asshole then. Guess you'll die one unless someone relieves you of it.
Ever so often, someone (me this time) calls you out on it.
-- Bear
http://bearware.info The real Bear's header path is:
news.sunsite.dk!dotsrc.org!filter.dotsrc.org!news.dotsrc.org!not-for-mail
"Virus Guy" wrote:
>>> One possible problem - the script links are using SSL (https) so
>>> the server must be able to handle that.
>> Yea, that's the problem.
> So I downloaded this (Abyss Web Server)
[experiments with SSL]
> The VT website continues normally and I'm able to submit a file for
> analysis.
> So, can I create many different certificates, and just make sure that I
> replace "test" with the appropriate host-names?
As I said, web serving is not my area and particularly when secure
comms is involved. I'm not surprised you're having problems but at
least it works after a fashion.
I'm not sure why you're going to so much trouble over Google. Why not
just remove their script library servers from your hosts file and
leave in the analytics or whatever you're concerned about? It's a bit
over the top to set up a web server to supply selected content of a
domain you'd rather have blacklisted.
