Firefox bug - something broke.

[The Natural Philosopher]

Wasted an hour of my life tracking down this one - its just appeared on
my linux systems today. One system oddly isn't affected.

Symptoms are that firefox sometimes/always hangs forever on trying to
access (some?) sites.

https://bugzilla.mozilla.org/show_bug.cgi?id=1749908



There is a simple workaround

or more.

Anyway if you are experiencing this, just try some of the fixes.

My browser worked by disabling http3 dns support


--
When plunder becomes a way of life for a group of men in a society, over
the course of time they create for themselves a legal system that
authorizes it and a moral code that glorifies it.

Frédéric Bastiat

[Andrei Z.]

The Natural Philosopher wrote:
> Wasted an hour of my life tracking down this one - its just appeared on
> my linux systems today. One system oddly isn't affected.
>
> Symptoms are that firefox sometimes/always hangs forever on trying to
> access (some?) sites.
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=1749908
>
>
>
> There is a simple workaround
>
> or more.
>
> Anyway if you are experiencing this, just try some of the fixes.
>
> My browser worked by disabling http3 dns support
>
>

1749910 - [2022-01-13] Hangs in socket thread

https://bugzilla.mozilla.org/show_bug.cgi?id=1749910#c52

"Firefox has witnessed outages and we are sorry for that. We believe
it's fixed and a restart of Firefox should restore normal behaviour. We
will provide more information shortly"

Status: NEW → RESOLVED

[The Natural Philosopher]

in v 96...will have to wait for the package managers to get it into the
distro tree ...meanwhile it has resolved itself on the one machine I
didn't hack...
I think it was not just firefox, but also some other external issue.


--
All political activity makes complete sense once the proposition that
all government is basically a self-legalising protection racket, is
fully understood.

[noscript]

On Thu, 13 Jan 2022 11:58:12 +0000
The Natural Philosopher <t...@invalid.invalid> wrote:

> On 13/01/2022 11:23, Andrei Z. wrote:
> > The Natural Philosopher wrote:
> >> Wasted an hour of my life tracking down this one - its just
> >> appeared on my linux systems today. One system oddly isn't
> >> affected.
> >>
> >> Symptoms are that firefox sometimes/always hangs forever on trying
> >> to access (some?) sites.
> >>
> >> https://bugzilla.mozilla.org/show_bug.cgi?id=1749908
> >>
> >>
> >>
> >> There is a simple workaround
> >>
> >> or more.
> >>
> >> Anyway if you are experiencing this, just try some of the fixes.
> >>
> >> My browser worked by disabling http3 dns support
> >>
> >>
> > 1749910 - [2022-01-13] Hangs in socket thread
> >
> > https://bugzilla.mozilla.org/show_bug.cgi?id=1749910#c52
> >
> > "Firefox has witnessed outages and we are sorry for that. We
> > believe it's fixed and a restart of Firefox should restore normal
> > behaviour. We will provide more information shortly"
> >
> > Status: NEW → RESOLVED
> >
> in v 96...will have to wait for the package managers to get it into
> the distro tree ...meanwhile it has resolved itself on the one
> machine I didn't hack...
> I think it was not just firefox, but also some other external issue.
>
>

You can also disable http3 in about:config

[The Natural Philosopher]

That is what I did on this machine. Another machine seemed not to be
suffering, and the laptop 'fixed itself'

It seems tio be an interaction between firefox and certain external
things and the internal 'ET phone home' firefox software. Anyway, its
all working now and you know where to look if it catches you out



--
Renewable energy: Expensive solutions that don't work to a problem that
doesn't exist instituted by self legalising protection rackets that
don't protect, masquerading as public servants who don't serve the public.

[noscript]

On Thu, 13 Jan 2022 19:43:41 +0000
The Natural Philosopher <t...@invalid.invalid> wrote:

> It seems tio be an interaction between firefox and certain external
> things and the internal 'ET phone home' firefox software. Anyway, its
> all working now and you know where to look if it catches you out
>
>
>

I usually disable telemetry like this:

* about:config **browser.cache.disk.enable** = false
* about:config **browser.cache.memory.enable** = false
* about:config **browser.cache.offline.enable** = false
* about:config **browser.cache.offline.storage.enable** = false
* about:config **browser.cache.disk_cache_ssl** = false
* about:config telemetry set to false, and telemetry.rejected set to
true
* about:config **keyword.enabled = false** (do not send keys typed in
address bar to search engine)
* about:config **browser.urlbar.suggest.searches** = false
* about:config **network.trr.mode** = 5 (disable trusted recursive
resolver dns over https by choice)
* about:config **extensions.webextensions.retrictedDomains** = ""
(enable ad blockers on all domains, inculding mozilla domains)

[Computer Nerd Kev]

noscript <sept...@noulin.net> wrote:
> On Thu, 13 Jan 2022 19:43:41 +0000
> The Natural Philosopher <t...@invalid.invalid> wrote:
>
>> It seems tio be an interaction between firefox and certain external
>> things and the internal 'ET phone home' firefox software. Anyway, its
>> all working now and you know where to look if it catches you out
>
> I usually disable telemetry like this:
>
> * about:config **browser.cache.disk.enable** = false
> * about:config **browser.cache.memory.enable** = false
> * about:config **browser.cache.offline.enable** = false
> * about:config **browser.cache.offline.storage.enable** = false
> * about:config **browser.cache.disk_cache_ssl** = false

They disable the cache. What's the cache have to do with telemetry?

> * about:config telemetry set to false, and telemetry.rejected set to
> true

Those settings are not found (not even as defaults), but the
about:telemetry and about:studies pages show that telemetry is
disabled in my Firefox configuration.

> * about:config **network.trr.mode** = 5 (disable trusted recursive
> resolver dns over https by choice)

That's a handy one, though apparantly the browser is supposed to
prompt you to opt-in when they decide the time is right anyway.

I notice at the end of the bug report discussion they're talking
about changing the network.http.http3.enabled setting in the future
because people might have toggled it as a temporary fix and
forgotten about it. So continues the endless cat and mouse game of
the Firefox developers swapping around about:config settings and
users who genuinely want those setting to work having to hunt
around obscure forum threads in order to find the name of the new
secret config. concoctions.

--
__ __
#_ < |\| |< _#

[The Natural Philosopher]

On 13/01/2022 21:52, Computer Nerd Kev wrote:
> So continues the endless cat and mouse game of

> the Firefox developers swapping aroundabout:config settings and

> users who genuinely want those setting to work having to hunt
> around obscure forum threads in order to find the name of the new
> secret config. concoctions.

Oh yaaas!
Thunderbird is EVEN WORSE.

Upgrade happened, wouldn't talk to my smtp server, all the icons
changed, all the colors changed the fonts were rubbish...took me two
days of userchrome hacks to sort te appearance out and an hour to track
down the magic spell to stop it using advanced, advanced, advanced TLS,
and just use what had been working fine for the last 10 years...


--
“Those who can make you believe absurdities, can make you commit
atrocities.”

― Voltaire, Questions sur les Miracles à M. Claparede, Professeur de
Théologie à Genève, par un Proposant: Ou Extrait de Diverses Lettres de
M. de Voltaire

[1.AAC0832]

Seems, like Winders, the more they "improve" it
the more problems.

And Win-11 ... I'm surprised a massive number of class action
lawsuits haven't been filed already ...... time for MS to
go *down* forever and always. What hateful crap.

[Ant]

1.AAC0832 <z24ba7.net> wrote:
...

> Seems, like Winders, the more they "improve" it
> the more problems.

> And Win-11 ... I'm surprised a massive number of class action
> lawsuits haven't been filed already ...... time for MS to
> go *down* forever and always. What hateful crap.

Don't forget Apple's stuff too. Even Linux. Everything is getting worse. :(
--
Slammy new week as expected. Lots of spams again! 2022 isn't any better and different so far. :(
Note: A fixed width font (Courier, Monospace, etc.) is required to see this signature correctly.
/\___/\ Ant(Dude) @ http://aqfl.net & http://antfarm.home.dhs.org.
/ /\ /\ \ Please nuke ANT if replying by e-mail.
| |o o| |
\ _ /
( )

[noscript]

On 2022-01-13, Computer Nerd Kev <n...@telling.you.invalid> wrote:
>> I usually disable telemetry like this:
>>
>> * about:config **browser.cache.disk.enable** = false
>> * about:config **browser.cache.memory.enable** = false
>> * about:config **browser.cache.offline.enable** = false
>> * about:config **browser.cache.offline.storage.enable** = false
>> * about:config **browser.cache.disk_cache_ssl** = false
>
> They disable the cache. What's the cache have to do with telemetry?

It is directly connected to telemetry, but it increases privacy and I
usually disable telemetry for privacy.

>
>> * about:config telemetry set to false, and telemetry.rejected set to
>> true
>
> Those settings are not found (not even as defaults), but the
> about:telemetry and about:studies pages show that telemetry is
> disabled in my Firefox configuration.

The exact settings are:
toolkit.telemetry.rejected=true
toolkit.telemetry.server is empty
*.telemetry.*enabled=false

[Andrei Z.]

1749957 - `content-length` is not properly parsed when using viaduct
over HTTP3
https://bugzilla.mozilla.org/show_bug.cgi?id=1749957

Status: RESOLVED FIXED
Milestone: 98 Branch

[Andrea Croci]

On 14.01.22 08:39, Ant wrote:
> 1.AAC0832 <z24ba7.net> wrote:
> ...
>> Seems, like Winders, the more they "improve" it
>> the more problems.
>
>> And Win-11 ... I'm surprised a massive number of class action
>> lawsuits haven't been filed already ...... time for MS to
>> go *down* forever and always. What hateful crap.
>
> Don't forget Apple's stuff too. Even Linux. Everything is getting worse. :(

Sad but true: the good old days are gone.

[The Natural Philosopher]

Mmm. it seems - not having time to really understand that, that a rogue
response could essentially stop firefox from working at all, or even
closing..so a combination of a rogue site on the net and a bug in firefox.

Nasty.

Explains why my laptop is now working tho - they fixed the rogue site
perhaps and the fix to firefox will come soon enough with V96...

Which contains another bug fix to an old bug I reported I think. anyway
they decided to finally look into that and a fix is on the way.

--
"And if the blind lead the blind, both shall fall into the ditch".

Gospel of St. Mathew 15:14

[Johnny]

Why go to all that trouble when you could just use Waterfox?

https://www.waterfox.net/

If you use MX Linux, it's in the repository.

[Bobbie Sellers]

On 1/13/22 23:39, Ant wrote:
> 1.AAC0832 <z24ba7.net> wrote:
> ...
>> Seems, like Winders, the more they "improve" it
>> the more problems.

You must have a vision of better that is not the same
as the Vision at Microsoft. So do I but mine was inspired by
the very imperfect but very usable AmigaOS. Amiga was like a
custom built sports care and was not nearly as expensive.
Still I could never afford a new Amiga Computer when it
was selling well.

>
>> And Win-11 ... I'm surprised a massive number of class action
>> lawsuits haven't been filed already ...... time for MS to
>> go *down* forever and always. What hateful crap.
>
> Don't forget Apple's stuff too. Even Linux. Everything is getting worse. :(

Apple was another computer out of my price range. It may get better or
worse I still cannot afford a good Apple computer.
I buy second hand Dell Latitudes to run Linux.

That is just age speaking, Ant, and how is Grasshopper?

PCLinuxOS gets better in any event, resisting entropy.

But it seems there is always a debate over what exactly
"better" may mean.
Even Leonard Poettering believes that his awful creation
is somehow better. What has happened is that his captive audience
forced to use a grab-bag tool has gotten better at dealing with
its complications.

bliss - brought to you by the power and ease of PCLinuxOS
and a minor case of hypergraphia

--
bliss dash SF 4 ever at dslextreme dot com

[Dan Espen]

a...@zimage.comANT (Ant) writes:

> 1.AAC0832 <z24ba7.net> wrote:
> ...
>> Seems, like Winders, the more they "improve" it
>> the more problems.
>
>> And Win-11 ... I'm surprised a massive number of class action
>> lawsuits haven't been filed already ...... time for MS to
>> go *down* forever and always. What hateful crap.
>
> Don't forget Apple's stuff too. Even Linux. Everything is getting worse. :(

Don't know about Apple, but as for Linux, NO FREAKING WAY.
It continues to improve. No, I do not use a desktop, fvwm3 here.
I don't see a lot of change, but when I do, it's a change for the better.

--
Dan Espen

[Charlie Gibbs]

On 2022-01-14, Bobbie Sellers <bl...@mouse-potato.com> wrote:

> On 1/13/22 23:39, Ant wrote:
>
>> 1.AAC0832 <z24ba7.net> wrote:
>> ...
>>> Seems, like Winders, the more they "improve" it
>>> the more problems.
>
> You must have a vision of better that is not the same
> as the Vision at Microsoft. So do I but mine was inspired by
> the very imperfect but very usable AmigaOS. Amiga was like a
> custom built sports care and was not nearly as expensive.
> Still I could never afford a new Amiga Computer when it
> was selling well.
>
>>
>>> And Win-11 ... I'm surprised a massive number of class action
>>> lawsuits haven't been filed already ...... time for MS to
>>> go *down* forever and always. What hateful crap.
>>
>> Don't forget Apple's stuff too. Even Linux. Everything is getting worse. :(
>
> Apple was another computer out of my price range. It may get better or
> worse I still cannot afford a good Apple computer.
> I buy second hand Dell Latitudes to run Linux.
>
> That is just age speaking, Ant, and how is Grasshopper?
>
> PCLinuxOS gets better in any event, resisting entropy.
>
> But it seems there is always a debate over what exactly
> "better" may mean.

True. What makes it complicated is that "better" means different
things to different people. Microsoft's products might be a
technical disaster, but if you define "better" as "making lots
of money", then their products are among the best that have
ever been created. See my .sig.

--
/~\ Charlie Gibbs | Microsoft is a dictatorship.
\ / <cgi...@kltpzyxm.invalid> | Apple is a cult.
X I'm really at ac.dekanfrus | Linux is anarchy.
/ \ if you read it the right way. | Pick your poison.

[Charlie Gibbs]

On 2022-01-14, Johnny <joh...@invalid.net> wrote:

> Why go to all that trouble when you could just use Waterfox?
>
> https://www.waterfox.net/
>
> If you use MX Linux, it's in the repository.

Interesting. I left Firefox for Seamonkey as of release 29,
when they changed the user interface in ways I didn't like.
To this day, Seamonkey preserves the classic interface:
a standard menu instead of that dreadful hamburger menu,
and a tab bar configurable to disappear when you only have
one tab open (as I usually do).

The web page says, "you can use it with the interface of
Firefox 27+, 56, and 68" - maybe I could bring it back to
the classic interface. Looks like it's worth checking out.

Any other Seamonkey users out there?

https://www.seamonkey-project.org

[Computer Nerd Kev]

noscript <sept...@noulin.net> wrote:
> On 2022-01-13, Computer Nerd Kev <n...@telling.you.invalid> wrote:
>>> I usually disable telemetry like this:
>>>
>>> * about:config **browser.cache.disk.enable** = false
>>> * about:config **browser.cache.memory.enable** = false
>>> * about:config **browser.cache.offline.enable** = false
>>> * about:config **browser.cache.offline.storage.enable** = false
>>> * about:config **browser.cache.disk_cache_ssl** = false
>>
>> They disable the cache. What's the cache have to do with telemetry?
>
> It is directly connected to telemetry, but it increases privacy and I
> usually disable telemetry for privacy.

It's for performance actually:
https://en.wikipedia.org/wiki/Web_cache

>>> * about:config telemetry set to false, and telemetry.rejected set to
>>> true
>>
>> Those settings are not found (not even as defaults), but the
>> about:telemetry and about:studies pages show that telemetry is
>> disabled in my Firefox configuration.
>
> The exact settings are:
> toolkit.telemetry.rejected=true

I haven't got that, but instead there's toolkit.telemetry.enabled,
which is not only set to False but greyed out so that I can't
toggle it True. Maybe that's because I also added ".invalid" to
the end of the toolkit.telemetry.server domain, or maybe they just
don't want to know what goes on in my world?

[Computer Nerd Kev]

Dan Espen <dan1...@gmail.com> wrote:
> a...@zimage.comANT (Ant) writes:
>> 1.AAC0832 <z24ba7.net> wrote:
>>> Seems, like Winders, the more they "improve" it
>>> the more problems.
>>

>> Don't forget Apple's stuff too. Even Linux. Everything is getting worse. :(
>
> Don't know about Apple, but as for Linux, NO FREAKING WAY.
> It continues to improve. No, I do not use a desktop, fvwm3 here.
> I don't see a lot of change, but when I do, it's a change for the better.

But that depends, eg. my router running OpenWRT keeps getting
slower to boot and has less free space in the 8MB of flash after
each major upgrade, yet doesn't do anything I want it to any
better. If it weren't for security fixes, I'd be much better off
sticking with a very old release. Granted some redesigning of
kernel functionality is done partly in the name of security, but
as a rule increasing the amount of code isn't the way to reduce
security vulnerabilities.

"As the current stable 21.02 release uses kernel 5.4 that is roughly
0.5 MB larger than the kernel 4.14 used in the old 19.07.x releases"
https://openwrt.org/supported_devices/432_warning

That said, in these discussions people do far too often confuse
the Linux kernel with popular Linux distros where bloated software
like default "desktops"/WMs get much worse over time than any picky
issue I have with the growth of the Linux kernel itself. I use JWM
here, also no Systemd, nor PulseAudio, and find that on a PC there
indeed isn't that much obvious change going on, with maybe a rare
useful feature appearing unobtrusively in the kernel from time to
time. So compared to M$ and Apple, who aren't even trying to make
something that would be practical to run on an old consumer-level
router, Linux is remaining extremely good.

[John-Paul Stewart]

On 2022-01-14 16:20, Computer Nerd Kev wrote:

> noscript <sept...@noulin.net> wrote:
>>
>> The exact settings are:
>> toolkit.telemetry.rejected=true
>
> I haven't got that, but instead there's toolkit.telemetry.enabled,
> which is not only set to False but greyed out so that I can't
> toggle it True. Maybe that's because I also added ".invalid" to
> the end of the toolkit.telemetry.server domain, or maybe they just
> don't want to know what goes on in my world?

Many/most Linux distributions completely disable telemetry in their
builds. The distros and their package maintainers still care about
privacy. (At least somewhat.) That's why it's cannot be enabled in the
version of Firefox you're running.

[Ant]

Firefox v96.0.1 is out now. Upgrade and retry?

The Natural Philosopher <t...@invalid.invalid> wrote:

> Wasted an hour of my life tracking down this one - its just appeared on
> my linux systems today. One system oddly isn't affected.

> Symptoms are that firefox sometimes/always hangs forever on trying to
> access (some?) sites.

> https://bugzilla.mozilla.org/show_bug.cgi?id=1749908



> There is a simple workaround

> or more.

> Anyway if you are experiencing this, just try some of the fixes.

> My browser worked by disabling http3 dns support



--

[Computer Nerd Kev]

No actually I'm using the official Mozilla binary of v. 96, so it's
definitely the Firefox developers who prevented that setting from
being toggled in my about:config for some reason (possibly because
I've fiddled with so many other about:config settings).

Actually, I just tried starting Firefox in a new profile and
toolkit.telemetry.enabled is still locked at False, yet the
telemetry settings in preferences (which it prompted me to look at
on start-up) are set to enabled, and about:telemetry says that
telemetry is enabled. So I'm confused.

[Diego Garcia]

On Fri, 14 Jan 2022 11:45:15 -0500, Dan Espen wrote:

>>
>> Don't forget Apple's stuff too. Even Linux. Everything is getting worse. :(
>
> Don't know about Apple, but as for Linux, NO FREAKING WAY.
> It continues to improve. No, I do not use a desktop, fvwm3 here.
> I don't see a lot of change, but when I do, it's a change for the better.
>

Good choice (fvwm3)!

As far as browsers, Palemoon is the only choice, and coupled
with graphical links (links -g) there is no better way (IMO) to
access the degenerate web.

http://links.twibright.com/

There is also ungoogled chromium:

https://github.com/Eloston/ungoogled-chromium

Any web sites that cannot be viewed in the above browsers are
not worth the INTELLIGENT man's time.


--
Scratch your technical itch:
https://www.linuxfromscratch.org/

[John-Paul Stewart]

On 2022-01-14 17:51, Computer Nerd Kev wrote:
> John-Paul Stewart <jpst...@personalprojects.net> wrote:
>> On 2022-01-14 16:20, Computer Nerd Kev wrote:
>>> noscript <sept...@noulin.net> wrote:
>>>>
>>>> The exact settings are:
>>>> toolkit.telemetry.rejected=true
>>>
>>> I haven't got that, but instead there's toolkit.telemetry.enabled,
>>> which is not only set to False but greyed out so that I can't
>>> toggle it True. Maybe that's because I also added ".invalid" to
>>> the end of the toolkit.telemetry.server domain, or maybe they just
>>> don't want to know what goes on in my world?
>>
>> Many/most Linux distributions completely disable telemetry in their
>> builds. The distros and their package maintainers still care about
>> privacy. (At least somewhat.) That's why it's cannot be enabled in the
>> version of Firefox you're running.
>
> No actually I'm using the official Mozilla binary of v. 96, so it's
> definitely the Firefox developers who prevented that setting from
> being toggled in my about:config for some reason (possibly because
> I've fiddled with so many other about:config settings).

Interesting. It's been a while since I read that the distros were the
ones disabling telemetry. (It's permanently disable here, using the
Debian build.) Maybe things have changed or maybe the article I read
was wrong.

Either way, I'm glad to hear that the official Firefox build also has it
permanently off.

[Dan Espen]

I'm using Brave. Works well enough.
Firefox kept crashing.

I've used all the Fvwm versions.
Regardless of how many features Fvwm added the appearance and operation
of my setup has never changed unless I changed my configuration.

--
Dan Espen

[The Natural Philosopher]

When I used to write code, it would start off great , and then as I
realised what really needed to be done after coding it, I would rewrite
huge chunks of it to reduce the size ...after three iterations it was
generally respectable.

Really linux needs to start again....
...i'll get my coat...
--
Microsoft : the best reason to go to Linux that ever existed.

[The Natural Philosopher]

Apropos of this and other thread drifts, firefox 96 arrived in my
distro, and so one presumes its all fixed. HOWEVER they fixed something
else so my generally white on dark theme, suddenly also applied to
bookmark drop down menus, which had previously been resolutely white, so
I had to change the text color to white...

[The Natural Philosopher]

On 14/01/2022 22:21, Ant wrote:
> Firefox v96.0.1 is out now. Upgrade and retry?
>

Have done.

but TBH the problem had stopped before that anyway.

It seemed to be that this bug required something else out there in
'netland to manifest - so fixing either end worked, and someone fixed
the far end.


>


--
Future generations will wonder in bemused amazement that the early
twenty-first century’s developed world went into hysterical panic over a
globally average temperature increase of a few tenths of a degree, and,
on the basis of gross exaggerations of highly uncertain computer
projections combined into implausible chains of inference, proceeded to
contemplate a rollback of the industrial age.

Richard Lindzen

[The Natural Philosopher]

Some of us have no option but to use whatever works with our financial
companies servers.

--
"It is an established fact to 97% confidence limits that left wing
conspirators see right wing conspiracies everywhere"

[Andrei Z.]

The Natural Philosopher wrote:
> On 14/01/2022 22:21, Ant wrote:
>> Firefox v96.0.1 is out now. Upgrade and retry?
>>
> Have done.
>
> but TBH the problem had stopped before that anyway.
>
> It seemed to be that this bug required something else out there in
> 'netland to manifest - so fixing either end worked, and someone fixed
> the far end.
>
>
>>
>
>

freddyb Mozilla Security:
https://lobste.rs/s/zcjtv2/1749908_infinite_loop_http3_hangs_socket#c_kikbal

"We’re disabling HTTP/3 for the time being, which is hopefully picked up
automatically upon restart. Restarting the browser should just help. ...
Edit: The bug was in HTTP/3, but not in “all of HTTP/3”. We solved this
on the server-end."

Bug 1749957 - Fix parsing of content-length http3 header
https://phabricator.services.mozilla.com/D135871

[The Natural Philosopher]

On 15/01/2022 11:56, Andreas Kohlbach wrote:

> On Fri, 14 Jan 2022 19:30:06 -0500, Dan Espen wrote:
>>
>> I'm using Brave. Works well enough.
>

> Dunno about Brave, trying to understand its purpose reading the Wikipedia
> page <https://en.wikipedia.org/wiki/Brave_(web_browser)>.
>
> Just seems to be based on Chromium with some automatic ad-blockers, but
> also
>
> <quote>provides users the choice to turn on optional ads that pay users
> for their attention in the form of Basic Attention Tokens (BAT)
> cryptocurrency.</quote>
>
> Can't make up my mind about Brave...
>
>> Firefox kept crashing.
>
> Runs rock stable. So stable, it eats up all available CPU time ad RAM,
> plus paging space on some web pages. I try to avoid FF.
>

"ad RAM". That's about right!

I think they have fixed some memory leaks in the last few rels.

But last time I looked javaShit-heavy sites would still consume all CPU
and lock the browser up for seconds at a time

[Diego Garcia]

On Sat, 15 Jan 2022 10:32:14 +0000, The Natural Philosopher wrote:

>>
> Some of us have no option but to use whatever works with our financial
> companies servers.
>

That's usually only 2 or 3 web sites. For those cases I will use Iron:

https://www.srware.net/iron/

Unfortunately, Google has the financial/commercial world by the balls
and that world turns literally around Chrome.

Supposedly, the open-source Chromium can be configured to eliminate most
of the useless junk but I'm too lazy to do that. So I use Iron.

On Gentoo, chromium can be built without much fuss:

[~] emerge -pv chromium

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild N ] dev-libs/re2-0.2021.11.01:0/9::gentoo USE="-icu" 400 KiB
[ebuild N ] dev-util/gn-0.1943::gentoo USE="-vim-syntax" 691 KiB
[ebuild N ] net-dns/c-ares-1.18.1:0/2::gentoo USE="-static-libs -test" 1,524 KiB
[ebuild N ] net-libs/nodejs-16.13.1:0/16::gentoo USE="icu inspector lto snapshot ssl system-icu system-ssl -debug -doc -npm -pax-kernel -systemtap -test" CPU_FLAGS_X86="sse2" 33,113 KiB
[ebuild N ] www-client/chromium-98.0.4758.54:0/beta::gentoo USE="hangouts js-type-check official (pic) proprietary-codecs suid system-harfbuzz system-icu system-png (-component-build) -cups -custom-cflags -debug (-headless) -kerberos -pulseaudio -screencast (-selinux) (-system-ffmpeg) -vaapi -wayland -widevine" L10N="-am -ar -bg -bn -ca -cs -da -de -el -en-GB -es -es-419 -et -fa -fi -fil -fr -gu -he -hi -hr -hu -id -it -ja -kn -ko -lt -lv -ml -mr -ms -nb -nl -pl -pt-BR -pt-PT -ro -ru -sk -sl -sr -sv -sw -ta -te -th -tr -uk -vi -zh-CN -zh-TW" 1,213,151 KiB

[Joerg Lorenz]

Am 15.01.22 um 12:56 schrieb Andreas Kohlbach:

> On Fri, 14 Jan 2022 19:30:06 -0500, Dan Espen wrote:
>> Firefox kept crashing.
>
> Runs rock stable. So stable, it eats up all available CPU time ad RAM,
> plus paging space on some web pages. I try to avoid FF.

I use FF on all OSs. Linux, Mac, Android und iOS. It is by far the most
trustworthy browser that exists. And also the most flexible one. And in
addition it is the most stable. I hardly ever experienced crashes.

If it acts up I recommend to set up a new profile and/or I would start
FF without add-ons to test.


--
De gustibus non est disputandum

[Joerg Lorenz]

Am 15.01.22 um 13:43 schrieb Diego Garcia:

> On Sat, 15 Jan 2022 10:32:14 +0000, The Natural Philosopher wrote:
>
>>>
>> Some of us have no option but to use whatever works with our financial
>> companies servers.
>>
>
> That's usually only 2 or 3 web sites. For those cases I will use Iron:
>
> https://www.srware.net/iron/
>
> Unfortunately, Google has the financial/commercial world by the balls
> and that world turns literally around Chrome.

My experience is totally different. Chrome is not really that important.
Safari and others are at least as important.

And there are standards. The only company that still thinks it sets
standards is $Microsoft.

[Dan Espen]

I used the remove profile trick quite a few times.
After a while even that stopped working.

I think something must have gotten fixed because now I can start FF and
use it for a while, but I've grown used to Brave.

--
Dan Espen

[Diego Garcia]

On Sat, 15 Jan 2022 14:32:23 +0100, Joerg Lorenz wrote:

>
> My experience is totally different. Chrome is not really that important.
>

> And there are standards. The only company that still thinks it sets
> standards is $Microsoft.
>

Google does not THINK that it sets standards. Google actually DOES
set standards. One example is AMP:

https://developers.google.com/amp

Google also eliminates standards.

Google has destroyed MathML. The Google rendering engine, which
is used by the vast majority of browsers on the planet, no longer renders
MathML markup -- at least not completely. Google has unilaterally decided
that MathML, a standard set forth by W3C, is insecure (WTF!) and
therefore has to go.

The only substitute for MathML is the odious javascript MathJax, which
is far more complicated to deploy.

Firefox is the only browser remaining that supports MathML but most
likely they will give it the ax as well.

Google also demands that web sites use the HTTPS protocol or else
it will punish them by lowering their search rankings. People who maintain
their own web sites, such as myself, are thereby forced to spend extra
$$$$ to purchase certs regularly from a cert authority. This is veritable
blackmail.

So Google is evil incarnate but nothing can be done to stop it.

Support true alternatives like links and dillo:

https://github.com/rodarima/dillo

http://links.twibright.com/

[Rich]

Diego Garcia <d...@chaos.info> wrote:
> Google also demands that web sites use the HTTPS protocol or else it
> will punish them by lowering their search rankings. People who
> maintain their own web sites, such as myself, are thereby forced to
> spend extra $$$$ to purchase certs regularly from a cert authority.

While you /can/ spend extra $$$$, you certianly do not have to do so:

https://en.wikipedia.org/wiki/Let's_Encrypt

Let's Encrypt is a non-profit certificate authority run by Internet
Security Research Group (ISRG) that provides X.509 certificates for
Transport Layer Security (TLS) encryption *at no charge*.

And for automating the aquisition of certifcates from Let's Encrypt:

https://github.com/dehydrated-io/dehydrated

[Diego Garcia]

On Sat, 15 Jan 2022 14:25:13 +0000, Rich wrote:

>
> While you /can/ spend extra $$$$, you certianly do not have to do so:
>
> https://en.wikipedia.org/wiki/Let's_Encrypt
>

Let's Encrypt requires a dedicated IP address.

People, such as myself, who choose to use shared hosting must
then purchase a dedicated IP address.

The expense is not significant, but the principle involved certainly
is significant. Why should Google be permitted to dictate how web sites
are implemented? Why should google be permitted to act as an ad hoc,
self-proclaimed web authority?

Google also has influenced the removal of FTP capability from web
browsers, again due to their obsession with security and their desire
to be the "nanny" of the Internet.

Anyone who uses a browser based on Google's engine is complicit
in their evil empire.

[Rich]

Diego Garcia <d...@chaos.info> wrote:
> On Sat, 15 Jan 2022 14:25:13 +0000, Rich wrote:
>
>>
>> While you /can/ spend extra $$$$, you certianly do not have to do so:
>>
>> https://en.wikipedia.org/wiki/Let's_Encrypt
>>
>
> Let's Encrypt requires a dedicated IP address.

Are you certian of that fact? I see nothing in the Let's Encrypt FAQ
indicating a static IP is required. However on the two systems where I
am using it, I already have a static IP (purposefully, for other
reasons unrelated to TLS/SSL certificates) and so I simply may never
have noticed such a requirement.

> The expense is not significant, but the principle involved certainly
> is significant. Why should Google be permitted to dictate how web
> sites are implemented? Why should google be permitted to act as an
> ad hoc, self-proclaimed web authority?

While I do agree with your sentiment, reality is what whomever is the
800lb gorilla of the moment gets to /dictate/ terms by being that 800lb
gorilla that we others may not like. And the web moves too fast for
most regulations (which would tame such 800lb gorillas) to keep up
with. So we are stuck with what we have in many ways.

[Richard Kettlewell]

Rich <ri...@example.invalid> writes:
> Diego Garcia <d...@chaos.info> wrote:
>> On Sat, 15 Jan 2022 14:25:13 +0000, Rich wrote:
>>> While you /can/ spend extra $$$$, you certianly do not have to do so:
>>>
>>> https://en.wikipedia.org/wiki/Let's_Encrypt
>>
>> Let's Encrypt requires a dedicated IP address.
>
> Are you certian of that fact? I see nothing in the Let's Encrypt FAQ
> indicating a static IP is required. However on the two systems where I
> am using it, I already have a static IP (purposefully, for other
> reasons unrelated to TLS/SSL certificates) and so I simply may never
> have noticed such a requirement.

HTTP-01 challenges require that LE can reach your web server. A static
address achieves that but a dynamic address should work too provided you
keep the DNS up to date.

DNS-01 challenges require that you supply the response via DNS. Your web
server (or IMAP server, etc) doesn’t have to be reachable. I use this
strategy to maintain TLS certificates for my internal services (which
have RFC1918 addresses). Whether that’s an extra cost depends on how
you’re doing DNS.

--
https://www.greenend.org.uk/rjk/

[Markus Heinz]

Hello.

On 2022-01-15 16:29 -0000 Rich wrote:
> Diego Garcia <d...@chaos.info> wrote:
> > On Sat, 15 Jan 2022 14:25:13 +0000, Rich wrote:
> >
> >>
> >> While you /can/ spend extra $$$$, you certianly do not have to do
> >> so:
> >>
> >> https://en.wikipedia.org/wiki/Let's_Encrypt
> >>
> >
> > Let's Encrypt requires a dedicated IP address.
>
> Are you certian of that fact? I see nothing in the Let's Encrypt FAQ
> indicating a static IP is required. However on the two systems where
> I am using it, I already have a static IP (purposefully, for other
> reasons unrelated to TLS/SSL certificates) and so I simply may never
> have noticed such a requirement.

You may need a static IP address (vs a dynamic one), but not a dedicated
one. At my work we have hundreds of domains each with a Let's Encrypt
certificate on one static IP address.

But we had to modify a Let's Encrypt client to obtain the certificates
for the special setup we have in order to properly respond to the HTTP
authentication requests from the Let's Encrypt servers to prove that
we actually own the domains we request certificates for.

I think encrypting website traffic with TLS is a good thing as it makes
it at least harder to tamper with or eavesdrop on it.

Regards

Markus

[Diego Garcia]

On Sat, 15 Jan 2022 16:29:34 +0000, Rich wrote:

>>
>> Let's Encrypt requires a dedicated IP address.
>
> Are you certian of that fact?
>

It depends on the hosting provider.

My provider requires a static IP for all certs.

>
> While I do agree with your sentiment, reality is what whomever is the
> 800lb gorilla of the moment gets to /dictate/ terms by being that 800lb
> gorilla that we others may not like.
>

Google is not an 800llb gorilla.

Google is a sickly weakling that has succeeded by pandering to the
vast hordes of ignorant humans.

This would be an entirely moot issue but FOSS has not been able, and
will not ever be able, create a completely free web browser. The developers
at Palemoon, for example, realize that the growing complexity of the
browser may put an end to their project.

There is GNU IceCat which I may take a look at, but little else is available
as a true alternative.

>
> And the web moves too fast for most regulations
>

The web is fast degenerating into a sick joke. Even serious, non-commercial
sites are literally crippled with a self-imposed and totally unnecessary complexity
based on javascript.

And the web moves too fast for
> most regulations (which would tame such 800lb gorillas) to keep up
> with. So we are stuck with what we have in many ways.

[Diego Garcia]

On Sat, 15 Jan 2022 18:06:15 +0100, Markus Heinz wrote:

>
> I think encrypting website traffic with TLS is a good thing as it makes
> it at least harder to tamper with or eavesdrop on it.
>

How would an encrypted connection benefit a web site that exists
solely to provide information? (Remember the "information superhighway?")

Answer: there would be NO benefit. None. Zip. Nada.

[Markus Heinz]

On 2022-01-15 17:21 +0000 Diego Garcia wrote:

> On Sat, 15 Jan 2022 18:06:15 +0100, Markus Heinz wrote:
>
> >
> > I think encrypting website traffic with TLS is a good thing as it
> > makes it at least harder to tamper with or eavesdrop on it.
> >
>
> How would an encrypted connection benefit a web site that exists
> solely to provide information? (Remember the "information
> superhighway?")
>
> Answer: there would be NO benefit. None. Zip. Nada.

A malicious router in the internet which forwards the information from
the web server to the client's browser could alter the information.

Imagine the contents of a popular weather forecast website might get
modified in transmission to announce some hurricans when there is no
meteorological cause to announce this.

Or the results of an election might get modified the same way.

Or downloads of some software could be altered to contain malware.

This might sound paranoid - but technically it is possible.

I've read reports about HTTP downloads via TOR network got altered to
infect PCs with spyware.

Governments and secret services have the possibility and maybe also the
interest to do those things. Encrypting the traffic with HTTPS / TLS
makes it harder for them. But still you have to trust the source of
information of course. Encryption just ensures it get transmitted
unaltered.

[The Natural Philosopher]

On 15/01/2022 14:08, Diego Garcia wrote:
> People who maintain
> their own web sites, such as myself, are thereby forced to spend extra
> $$$$ to purchase certs regularly from a cert authority. This is veritable
> blackmail.

No, you use the free 'letsencrypt' service. takes almost 5 minutes and
costs nothing


--
The theory of Communism may be summed up in one sentence: Abolish all
private property.

Karl Marx

[The Natural Philosopher]

On 15/01/2022 15:30, Diego Garcia wrote:
> On Sat, 15 Jan 2022 14:25:13 +0000, Rich wrote:
>
>>
>> While you /can/ spend extra $$$$, you certianly do not have to do so:
>>
>> https://en.wikipedia.org/wiki/Let's_Encrypt
>>
>
> Let's Encrypt requires a dedicated IP address.
>
> People, such as myself, who choose to use shared hosting must
> then purchase a dedicated IP address.
>

cant you afford a virtual private server?

> The expense is not significant, but the principle involved certainly
> is significant. Why should Google be permitted to dictate how web sites
> are implemented? Why should google be permitted to act as an ad hoc,
> self-proclaimed web authority?

because it can?

>
> Google also has influenced the removal of FTP capability from web
> browsers, again due to their obsession with security and their desire
> to be the "nanny" of the Internet.
>
> Anyone who uses a browser based on Google's engine is complicit
> in their evil empire.
>
>

Yawn.

[Rich]

Diego Garcia <d...@chaos.info> wrote:
> On Sat, 15 Jan 2022 16:29:34 +0000, Rich wrote:
>
>>>
>>> Let's Encrypt requires a dedicated IP address.
>>
>> Are you certian of that fact?
>>
>
> It depends on the hosting provider.
>
> My provider requires a static IP for all certs.

So you accused Let's Encrypt of requiring dedicated IP addresses when
in fact it was your web host provider that had the requirement.

It is not at all Let's Encrypt's fault that your web host provider has
additional requirements for certificate usage.

[Computer Nerd Kev]

The Natural Philosopher <t...@invalid.invalid> wrote:
> On 15/01/2022 14:08, Diego Garcia wrote:
>> People who maintain
>> their own web sites, such as myself, are thereby forced to spend extra
>> $$$$ to purchase certs regularly from a cert authority. This is veritable
>> blackmail.
> No, you use the free 'letsencrypt' service. takes almost 5 minutes and
> costs nothing

Except the rest of your life worrying that something might have
gone wrong and prevented the renewal process from working, causing
your site to effectively go down (except to people like me who
usually "accept the risks and continue" when their browser warns
about a certificate error because they know that the info has no
real need to be encrypted/verified in the first place).

Anyway I don't think Google really care. I've got a website that
can be accessed over either HTTP or HTTPS (a choice I wish that
everyone who runs purely information websites would permit), and
Google still happily put HTTP links to it high in their search
results for some not-exceptionally-specific searches.

--
__ __
#_ < |\| |< _#

[Computer Nerd Kev]

Markus Heinz <markus...@uni-dortmund.de> wrote:
> On 2022-01-15 17:21 +0000 Diego Garcia wrote:
>> On Sat, 15 Jan 2022 18:06:15 +0100, Markus Heinz wrote:
>> > I think encrypting website traffic with TLS is a good thing as it
>> > makes it at least harder to tamper with or eavesdrop on it.
>>
>> How would an encrypted connection benefit a web site that exists
>> solely to provide information? (Remember the "information
>> superhighway?")
>>
>> Answer: there would be NO benefit. None. Zip. Nada.
>
> A malicious router in the internet which forwards the information from
> the web server to the client's browser could alter the information.
>
> Imagine the contents of a popular weather forecast website might get
> modified in transmission to announce some hurricans when there is no
> meteorological cause to announce this.

> [snip]

>
> Governments and secret services have the possibility and maybe also the
> interest to do those things. Encrypting the traffic with HTTPS / TLS
> makes it harder for them. But still you have to trust the source of
> information of course.

The source, which practically speaking is today usually a server
owned and run by a large company which could be easily forced by
such governments to grant them access to that server and play with
the information from that end.

But I don't mind HTTPS really, I just wish websites would stop
redirecting me too it when I know I don't need it for particular
sites.

[The Natural Philosopher]

On 15/01/2022 23:22, Computer Nerd Kev wrote:
> The Natural Philosopher <t...@invalid.invalid> wrote:
>> On 15/01/2022 14:08, Diego Garcia wrote:
>>> People who maintain
>>> their own web sites, such as myself, are thereby forced to spend extra
>>> $$$$ to purchase certs regularly from a cert authority. This is veritable
>>> blackmail.
>> No, you use the free 'letsencrypt' service. takes almost 5 minutes and
>> costs nothing
>
> Except the rest of your life worrying that something might have
> gone wrong and prevented the renewal process from working, causing
> your site to effectively go down (except to people like me who
> usually "accept the risks and continue" when their browser warns
> about a certificate error because they know that the info has no
> real need to be encrypted/verified in the first place).
>

One of my machines has its http port disabled most of the time and works
only on https so lets encrypt renewal is a manual process - but since
they email me every time its about to expire, its is just a five minute
job every three months or so.

I think that my main public facing site has been autorenewing happily
for the last 4 years.

I cant see how paying for the service would make the renewal process any
different.

Feel free to enlighten me.

> Anyway I don't think Google really care. I've got a website that
> can be accessed over either HTTP or HTTPS (a choice I wish that
> everyone who runs purely information websites would permit), and
> Google still happily put HTTP links to it high in their search
> results for some not-exceptionally-specific searches.
>

It's less that google care, it's more that many browsers are now set up
to issue dire warnings on non https sites, even those that are one way
providers of public information.

Also many random ratware programs knock on port 80 doors. They seem to
knock less on 443...reduces traffic.


--
Gun Control: The law that ensures that only criminals have guns.

[Richard Kettlewell]

n...@telling.you.invalid (Computer Nerd Kev) writes:
> The Natural Philosopher <t...@invalid.invalid> wrote:
>> On 15/01/2022 14:08, Diego Garcia wrote:
>>> People who maintain their own web sites, such as myself, are thereby
>>> forced to spend extra $$$$ to purchase certs regularly from a cert
>>> authority. This is veritable blackmail.
>> No, you use the free 'letsencrypt' service. takes almost 5 minutes
>> and costs nothing
>
> Except the rest of your life worrying that something might have
> gone wrong and prevented the renewal process from working, causing
> your site to effectively go down (except to people like me who
> usually "accept the risks and continue" when their browser warns
> about a certificate error because they know that the info has no
> real need to be encrypted/verified in the first place).

You could worry about it ineffectually or you could do something about
it. For example:

- letsencrypt certificates are normally renewed by a cronjob. Read your
cron mail and check for errors.

- Certificates have expiry times. Use a network monitor of some kind to
check that expiry of certificates you care about isn’t getting too
close and notify you if they are.

--
https://www.greenend.org.uk/rjk/

[The Natural Philosopher]

I agree with Diego that https is redundant in many cases. Its something
I am glad to have when accessing my banks or share trading companies, or
going shopping
online ... but looking up the weather forecast or reading the papers its
probably overkill.

And it isn't the guvmint you need to worry about, its the cousin of the
sysadsmin at the ISP who tips a switch into promiscuous mode, and
collects a load of free name password pairs to add to his list of 'let's
try these first' crackers...

..I was appalled to see when I visited a well known 'dark office' to
install a cable between two dark offices full of racks, that the wiring
all ran under the corridor floors, which we lifted to reveal about 1000
coloured cables, (not all of them LSOH), running between peoples kit.
Snip, crimp and pop a monitor in some dark corner...

The other issue is that routine encryption probably helps with deep
packet inspection.

The only people now who can deep packet inspect are those that hold the
TLS keys. Which effectively means the guvmint or the organisation you
are connecting to, not the ISP...

I agree with you that I don't really mind, now that I can encrypt my
websites for free.

It really marks a shift in the internet away from providing information
to a way of doing private business.


--
"And if the blind lead the blind, both shall fall into the ditch".

Gospel of St. Mathew 15:14

[Charlie Gibbs]

On 2022-01-15, Computer Nerd Kev <n...@telling.you.invalid> wrote:

> But I don't mind HTTPS really, I just wish websites would stop
> redirecting me too it when I know I don't need it for particular
> sites.

This becomes problematic if you're in a hotel and trying to connect
to its wi-fi. If you go to a site that automatically promotes you
to HTTPS, you'll never get picked up by the hotel's captive portal,
which you need to get connected in the first place. That's why the
first place I go is http://neverssl.com - it's an HTTP-only site
designed to work around exactly this problem.

--
/~\ Charlie Gibbs | Microsoft is a dictatorship.
\ / <cgi...@kltpzyxm.invalid> | Apple is a cult.
X I'm really at ac.dekanfrus | Linux is anarchy.
/ \ if you read it the right way. | Pick your poison.

[Computer Nerd Kev]

The Natural Philosopher <t...@invalid.invalid> wrote:
> On 15/01/2022 23:22, Computer Nerd Kev wrote:
>> The Natural Philosopher <t...@invalid.invalid> wrote:
>>> On 15/01/2022 14:08, Diego Garcia wrote:
>>>> People who maintain
>>>> their own web sites, such as myself, are thereby forced to spend extra
>>>> $$$$ to purchase certs regularly from a cert authority. This is veritable
>>>> blackmail.
>>> No, you use the free 'letsencrypt' service. takes almost 5 minutes and
>>> costs nothing
>>
>> Except the rest of your life worrying that something might have
>> gone wrong and prevented the renewal process from working, causing
>> your site to effectively go down (except to people like me who
>> usually "accept the risks and continue" when their browser warns
>> about a certificate error because they know that the info has no
>> real need to be encrypted/verified in the first place).
>>
> One of my machines has its http port disabled most of the time and works
> only on https so lets encrypt renewal is a manual process - but since
> they email me every time its about to expire, its is just a five minute
> job every three months or so.
>
> I think that my main public facing site has been autorenewing happily
> for the last 4 years.
>
> I cant see how paying for the service would make the renewal process any
> different.

It wouldn't, hence all the sites with broken certificates that I
still used to encounter even before Let's Encrypt. It's an extra
thing to go wrong either way.

> Also many random ratware programs knock on port 80 doors. They seem to
> knock less on 443...reduces traffic.

Though the encrypted connections which are made require more CPU
time on the server.

[Computer Nerd Kev]

True, but the mail provider you use (if not running your own) might
have an outage and the warning email doesn't get delivered, or you
might be on holiday and can't check emails because you don't have
internet access. etc.

All I'm saying is that it's another thing to go wrong, and the
frequent occourance of certificate errors while I look up
low-traffic one man (who may no longer be very interested) show
type websites indicates that it often does.

[The Natural Philosopher]

One presumes so, though how much this is an issue is unknown to me, at
least.


--
Climate Change: Socialism wearing a lab coat.

[Diego Garcia]

On Sat, 15 Jan 2022 18:42:45 +0100, Markus Heinz wrote:

>>
>> Answer: there would be NO benefit. None. Zip. Nada.
>
> A malicious router in the internet which forwards the information from
> the web server to the client's browser could alter the information.
>
> Imagine the contents of a popular weather forecast website might get
> modified in transmission to announce some hurricans when there is no
> meteorological cause to announce this.
>

I thank you for your informed response.

But my web site is not a popular weather forecast site nor does it
contain election results or software. It is a web site that provides
practical information to anyone who may be interested. I cannot
imagine why any third party would ever be interested in compromising
the site. Therefore, the use of the HTTPS protocol for access
is simply and totally irrational.

It is an issue of COMMON SENSE. If ones barn contains nothing
of value then there is no need to lock it.

[Rich]

Ok, then how about someone deciding to dox you, and they intercept the
contents of your website, substituting child-porn images, resulting in
local law enforcement arresting you for distribution of child-porn (and
then you having to deal with educating local law enforcement about what
is/is not stored on your site and about how someone can modify the
pages in transit to a viewing browser)?

[Lew Pitcher]

On Mon, 17 Jan 2022 23:39:18 +0000, Diego Garcia wrote:

> On Sat, 15 Jan 2022 18:42:45 +0100, Markus Heinz wrote:
>
>>>
>>> Answer: there would be NO benefit. None. Zip. Nada.
>>
>> A malicious router in the internet which forwards the information from
>> the web server to the client's browser could alter the information.
>>
>> Imagine the contents of a popular weather forecast website might get
>> modified in transmission to announce some hurricans when there is no
>> meteorological cause to announce this.
>>
>
> I thank you for your informed response.
>
> But my web site is not a popular weather forecast site nor does it
> contain election results or software. It is a web site that provides
> practical information to anyone who may be interested. I cannot
> imagine why any third party would ever be interested in compromising
> the site. Therefore, the use of the HTTPS protocol for access
> is simply and totally irrational.

There are miscreants who like to use other people's internet-connected
computers for "evil" purposes (anything from spam-bombing to DDoS attacks,
and more). A system that has not been adequately secured may be compromised
in one manner or another, to permit (if not root) uncontrolled access.

Even those sites operated by those who "cannot imagine why any third party
would ever be interested in compromising the site" can be compromised for
such tasks.

It is best to take precautions, even if you imagine them to be unnecessary.

As for the "HTTPS everywhere" crowd, I concur that it may be overkill. So
long as you adequately control remote access, you don't /need/ HTTPS for
an information-only site.

>
> It is an issue of COMMON SENSE. If ones barn contains nothing
> of value then there is no need to lock it.

As the drug dealers that use the barn to consummate their deals would like
you to believe.





--
Lew Pitcher
"In Skills, We Trust"

[Diego Garcia]

On Mon, 17 Jan 2022 23:48:45 -0000 (UTC), Lew Pitcher wrote:

>
> There are miscreants who like to use other people's internet-connected
> computers for "evil" purposes (anything from spam-bombing to DDoS attacks,
> and more). A system that has not been adequately secured may be compromised
> in one manner or another, to permit (if not root) uncontrolled access.
>
> Even those sites operated by those who "cannot imagine why any third party
> would ever be interested in compromising the site" can be compromised for
> such tasks.
>

OK. I am convinced. It is a simple matter, and not all that expensive, to convert.

But it will take some time and effort.

Before too long I will have my web site converted to HTTPS.

I am an applications programmer and not a network programmer and thus
and I am not aware of all the possibilities for compromise.

[Bit Twister]

On Mon, 17 Jan 2022 23:39:18 +0000, Diego Garcia wrote:

If some criminal uses your site to crack into another site then you
will be the one who gets free bed and board at the local barbed wire
hotel. Hope you have someone who could pay your bills while at the
barbed wire hotel.

Then there is bail money, lawyer fees and whatnot. Computer will be held
as evidence for a year or more.....

Just not worth the possible suit brought against you for not taking basic
steps to protect your site and damages caused by whatever was on YOUR
system.

[Richard Kettlewell]

Diego Garcia <d...@chaos.info> writes:
> On Sat, 15 Jan 2022 18:42:45 +0100, Markus Heinz wrote:
>>> Answer: there would be NO benefit. None. Zip. Nada.
>>
>> A malicious router in the internet which forwards the information from
>> the web server to the client's browser could alter the information.
>>
>> Imagine the contents of a popular weather forecast website might get
>> modified in transmission to announce some hurricans when there is no
>> meteorological cause to announce this.
>
> I thank you for your informed response.
>
> But my web site is not a popular weather forecast site nor does it
> contain election results or software. It is a web site that provides
> practical information to anyone who may be interested. I cannot
> imagine why any third party would ever be interested in compromising
> the site. Therefore, the use of the HTTPS protocol for access is
> simply and totally irrational.

One real-world motivation is to insert adverts into web pages, in order
to make money. I’ve seen Wikipedia with inserted adverts resulting from
tampering (not with a network-based mechanism, but the point stands). I
guess today inserting a JavaScript-based cryptocurrency miner is a
plausible threat model too.

--
https://www.greenend.org.uk/rjk/

[The Natural Philosopher]

On 17/01/2022 23:48, Lew Pitcher wrote:
> As for the "HTTPS everywhere" crowd, I concur that it may be overkill. So

> long as you adequately control remote access, you don't/need/ HTTPS for
> an information-only site.

Except that many browsers will *no longer connect* to a non https site.
For naive users.



--
Any fool can believe in principles - and most of them do!

[The Natural Philosopher]

On 18/01/2022 01:08, Diego Garcia wrote:
> On Mon, 17 Jan 2022 23:48:45 -0000 (UTC), Lew Pitcher wrote:
>
>>
>> There are miscreants who like to use other people's internet-connected
>> computers for "evil" purposes (anything from spam-bombing to DDoS attacks,
>> and more). A system that has not been adequately secured may be compromised
>> in one manner or another, to permit (if not root) uncontrolled access.
>>
>> Even those sites operated by those who "cannot imagine why any third party
>> would ever be interested in compromising the site" can be compromised for
>> such tasks.
>>
>
> OK. I am convinced. It is a simple matter, and not all that expensive, to convert.

If you are running apache, on linux, its trivial and cost free with
letsencrypt.

>
> But it will take some time and effort.
>
> Before too long I will have my web site converted to HTTPS.
>
> I am an applications programmer and not a network programmer and thus
> and I am not aware of all the possibilities for compromise.
>


--

[Richard Kettlewell]

The Natural Philosopher <t...@invalid.invalid> writes:
> On 17/01/2022 23:48, Lew Pitcher wrote:
>> As for the "HTTPS everywhere" crowd, I concur that it may be overkill. So
>> long as you adequately control remote access, you don't/need/ HTTPS for
>> an information-only site.
>
> Except that many browsers will *no longer connect* to a non https
> site. For naive users.

Got an example of a such a browser in mind?

--
https://www.greenend.org.uk/rjk/

[The Natural Philosopher]

Firefox if 'enable https only' mode is selected.

I have no idea if this is the default. I remember I had to switch it off
some years back.

Also edge safari and shortly in chrome

In short the way the walled garden safe space kindergarten kids want
things these days, that's likely to be a default in a few months


--
“Those who can make you believe absurdities, can make you commit
atrocities.”

― Voltaire, Questions sur les Miracles à M. Claparede, Professeur de
Théologie à Genève, par un Proposant: Ou Extrait de Diverses Lettres de
M. de Voltaire

[Richard Kettlewell]

The Natural Philosopher <t...@invalid.invalid> writes:
> On 18/01/2022 11:01, Richard Kettlewell wrote:
>> The Natural Philosopher <t...@invalid.invalid> writes:
>>> On 17/01/2022 23:48, Lew Pitcher wrote:
>>>> As for the "HTTPS everywhere" crowd, I concur that it may be overkill. So
>>>> long as you adequately control remote access, you don't/need/ HTTPS for
>>>> an information-only site.
>>>
>>> Except that many browsers will *no longer connect* to a non https
>>> site. For naive users.
>> Got an example of a such a browser in mind?
>
> Firefox if 'enable https only' mode is selected.
>
> I have no idea if this is the default. I remember I had to switch it
> off some years back.

It isn’t.

> Also edge safari and shortly in chrome

All of Edge, Safari, Chrome and Firefox seem to be happy to visit http:
sites for me.

--
https://www.greenend.org.uk/rjk/

[Computer Nerd Kev]

Focus on your applications if you're worried about your site being
hacked in order to be using in spam-bombing, DDoS attacks etc.
What Lew Pitcher wrote there has nothing to do with HTTPS, unless
you're using HTTP to log into some sort of web-based administration
interface.

If the server software, or more likely a CGI program/script that's
on your site, has a security vulnerability that will allow
unauthenticated users to make your server do something malicious,
then that will still be there whether the pages are sent over HTTP
or HTTPS. All HTTPS will do from a server security perspective is
make sure that nobody steals passwords for log-in pages which might
allow access to less-secure parts of your site. If you don't have
any such log-in pages, then it's not preventing anything.

Either way, there's no reason to redirect requests from HTTP to
HTTPS except when someone's accessing those log-in pages
(page-specific HTTPS redirects are easily done with Apache, and
probably other web server software). Doing so simply makes life
difficult for people trying to use old/unmaintained web browsers
and, by extension, devices.

[Computer Nerd Kev]

But unless he's using HTTP connections to actually control his web
server, HTTPS is an irrelevent "step". You should be talking about
using SSH instead of Telnet, SFTP instead of FTP, and making sure
there aren't any vulnerabilities in scripts or programs run by the
server that process user input.

[Lew Pitcher]

On Tue, 18 Jan 2022 21:33:27 +0000, Computer Nerd Kev wrote:

> Diego Garcia <d...@chaos.info> wrote:
>> On Mon, 17 Jan 2022 23:48:45 -0000 (UTC), Lew Pitcher wrote:
>>>
>>> There are miscreants who like to use other people's internet-connected
>>> computers for "evil" purposes (anything from spam-bombing to DDoS attacks,
>>> and more). A system that has not been adequately secured may be compromised
>>> in one manner or another, to permit (if not root) uncontrolled access.
>>>
>>> Even those sites operated by those who "cannot imagine why any third party
>>> would ever be interested in compromising the site" can be compromised for
>>> such tasks.
>>
>> OK. I am convinced. It is a simple matter, and not all that expensive, to convert.
>>
>> But it will take some time and effort.
>>
>> Before too long I will have my web site converted to HTTPS.
>>
>> I am an applications programmer and not a network programmer and thus
>> and I am not aware of all the possibilities for compromise.
>
> Focus on your applications if you're worried about your site being
> hacked in order to be using in spam-bombing, DDoS attacks etc.
> What Lew Pitcher wrote there has nothing to do with HTTPS, unless
> you're using HTTP to log into some sort of web-based administration
> interface.

FWIW, I made no claim that the OP required HTTPS to secure the his site.
What I said was:

>>> As for the "HTTPS everywhere" crowd, I concur that it may be
>>> overkill. So long as you adequately control remote access, you
>>> don't /need/ HTTPS for an information-only site.

[snip]

HTH

[Richard Kettlewell]

n...@telling.you.invalid (Computer Nerd Kev) writes:

> If the server software, or more likely a CGI program/script that's
> on your site, has a security vulnerability that will allow
> unauthenticated users to make your server do something malicious,
> then that will still be there whether the pages are sent over HTTP
> or HTTPS. All HTTPS will do from a server security perspective is
> make sure that nobody steals passwords for log-in pages which might
> allow access to less-secure parts of your site. If you don't have
> any such log-in pages, then it's not preventing anything.

That’s not true at all. It prevents tampering with the communication as
well as preventing interception.

--
https://www.greenend.org.uk/rjk/

[Andreas Kohlbach]

On Tue, 18 Jan 2022 16:05:00 +0000, The Natural Philosopher wrote:
>
> On 18/01/2022 11:01, Richard Kettlewell wrote:
>> The Natural Philosopher <t...@invalid.invalid> writes:
>>> On 17/01/2022 23:48, Lew Pitcher wrote:
>>>> As for the "HTTPS everywhere" crowd, I concur that it may be overkill. So
>>>> long as you adequately control remote access, you don't/need/ HTTPS for
>>>> an information-only site.
>>>
>>> Except that many browsers will *no longer connect* to a non https
>>> site. For naive users.
>> Got an example of a such a browser in mind?
>>
> Firefox if 'enable https only' mode is selected.
>
> I have no idea if this is the default. I remember I had to switch it
> off some years back.

I recently installed a fresh Debian distribution and five browsers. With
all (including a vanilla Firefox) I visited my own HTTP-only domain and
all showed it.

I really should have a look at Let's Encrypt though, be it just for a
better search engine ranking.

> Also edge safari and shortly in chrome

Remains to be seen.

> In short the way the walled garden safe space kindergarten kids want
> things these days, that's likely to be a default in a few months

That reminds me on a "retro" video, showing footage from the 70s showing
children playing on these metal pipes and stuff. Not focusing on the
children but concrete floor (instead of sand or soft plastic), rusty and
broken pipes and possible spikes you could slit your arm - and neither
parents nor the city cared to make them safer.

Amazing many of us are still alive. Or how many more of us would there be,
*if* these places were made safer some 50 years ago already.
--
Andreas

[Computer Nerd Kev]

Richard Kettlewell <inv...@invalid.invalid> wrote:
> n...@telling.you.invalid (Computer Nerd Kev) writes:

>Diego Garcia <d...@chaos.info> wrote:
>> On Mon, 17 Jan 2022 23:48:45 -0000 (UTC), Lew Pitcher wrote:
>>>
>>>> There are miscreants who like to use other people's internet-connected
>>>> computers for "evil" purposes (anything from spam-bombing to DDoS attacks,
>>>> and more). A system that has not been adequately secured may be compromised
>>>> in one manner or another, to permit (if not root) uncontrolled access.
>>>>
>>>> Even those sites operated by those who "cannot imagine why any third party
>>>> would ever be interested in compromising the site" can be compromised for
>>>> such tasks.
>>>
>>> OK. I am convinced. It is a simple matter, and not all that expensive,
>>> to convert.
>>>
>>> But it will take some time and effort.
>>>
>>> Before too long I will have my web site converted to HTTPS.
>>>
>>> I am an applications programmer and not a network programmer and thus
>>> and I am not aware of all the possibilities for compromise.
>

>> If the server software, or more likely a CGI program/script that's
>> on your site, has a security vulnerability that will allow
>> unauthenticated users to make your server do something malicious,
>> then that will still be there whether the pages are sent over HTTP
>> or HTTPS. All HTTPS will do from a server security perspective is
>> make sure that nobody steals passwords for log-in pages which might
>> allow access to less-secure parts of your site. If you don't have
>> any such log-in pages, then it's not preventing anything.
>

> That?s not true at all. It prevents tampering with the communication as
> well as preventing interception.

As per the quotes that I have reintroduced, Garcia is apparantly in
the process of converting his site to HTTPS in order to reduce the
risk of his server getting hyjacked and used for something like
spam-bombing or DDoS attacks. _This_ is in no way prevented by
switching his site to HTTPS, unless he happens to be connecting to
a web-based admin interface over HTTP. He's already stated that he
doesn't think his site's content warrants measures against
tampering with or intercepting its content, hence I'm only talking
from the server security perspective.

[Diego Garcia]

On Tue, 18 Jan 2022 16:05:00 +0000, The Natural Philosopher wrote:

>

> In short the way the walled garden safe space kindergarten kids want
> things these days, that's likely to be a default in a few months
>

Well, that's the point. Is it not?

Why should Google, or Mozilla, or any other party dictate the
protocol for web access?

Only W3C or ICANN or other international body should determine
what protocol is mandatory.

Google, in particular, is arrogant to the extreme. They have unilaterally
eliminated MathML rendering in their browser and that action contravenes
all international standards.

Few users, I suppose, care about MathML but it is an extremely efficient
method of displaying math/scientific expressions.

Mozilla is the only browser remaining that supports MathML, and we know
that Mozilla is destined for failure.

The sheeple are responsible for this outrage to digital freedom.

[The Natural Philosopher]

On 20/01/2022 00:46, Diego Garcia wrote:
> On Tue, 18 Jan 2022 16:05:00 +0000, The Natural Philosopher wrote:
>
>>
>> In short the way the walled garden safe space kindergarten kids want
>> things these days, that's likely to be a default in a few months
>>
>
> Well, that's the point. Is it not?
>
> Why should Google, or Mozilla, or any other party dictate the
> protocol for web access?

Because they can.

>
> Only W3C or ICANN or other international body should determine
> what protocol is mandatory.
>

*should*?

"Should" is a word with moral implications - but who, absent of a Deity,
gets to dictate what is right and what is wrong?

> Google, in particular, is arrogant to the extreme. They have unilaterally
> eliminated MathML rendering in their browser and that action contravenes
> all international standards.
>

Tough shit baby.

> Few users, I suppose, care about MathML but it is an extremely efficient
> method of displaying math/scientific expressions.
>
> Mozilla is the only browser remaining that supports MathML, and we know
> that Mozilla is destined for failure.
>

Is it?

> The sheeple are responsible for this outrage to digital freedom.
>

Right on. Another beer?


--
"Corbyn talks about equality, justice, opportunity, health care, peace,
community, compassion, investment, security, housing...."
"What kind of person is not interested in those things?"

"Jeremy Corbyn?"

[Roger Blake]

On 2022-01-18, The Natural Philosopher <t...@invalid.invalid> wrote:
> If you are running apache, on linux, its trivial and cost free with
> letsencrypt.

Ditto for nginx.

--
------------------------------------------------------------------------------
18 Reasons I won't be vaccinated -- https://tinyurl.com/ebty2dx3
Covid vaccines: experimental biology -- https://tinyurl.com/57mncfm5
The fraud of "Climate Change" -- https://RealClimateScience.com
There is no "climate crisis" -- https://climatedepot.com
Don't talk to cops! -- https://DontTalkToCops.com
------------------------------------------------------------------------------

[Philip Nienhuis]

Charlie Gibbs wrote:
> On 2022-01-14, Johnny <joh...@invalid.net> wrote:
>
>> Why go to all that trouble when you could just use Waterfox?
>>
>> https://www.waterfox.net/
>>
>> If you use MX Linux, it's in the repository.
>
> Interesting. I left Firefox for Seamonkey as of release 29,
> when they changed the user interface in ways I didn't like.
> To this day, Seamonkey preserves the classic interface:
> a standard menu instead of that dreadful hamburger menu,
> and a tab bar configurable to disappear when you only have
> one tab open (as I usually do).
>
> The web page says, "you can use it with the interface of
> Firefox 27+, 56, and 68" - maybe I could bring it back to
> the classic interface. Looks like it's worth checking out.
>
> Any other Seamonkey users out there?

Yes, but I'm pondering about going over to Firefox (or Waterfox) :-)

More and more websites don't open properly in SM and many SM extensions
don't work anymore, often due to incompatibilities with FF and/or lack
of developer interest. There used to be the modifiedmisc site with FF
extensions ported over but these days I can't find it anymore.

Too bad, I still use SM a lot, also the mail/news program.

[Charlie Gibbs]

On 2022-01-23, Philip Nienhuis <nos...@spamcop.org> wrote:

> Charlie Gibbs wrote:
>
>> Any other Seamonkey users out there?
>
> Yes, but I'm pondering about going over to Firefox (or Waterfox) :-)
>
> More and more websites don't open properly in SM and many SM extensions
> don't work anymore, often due to incompatibilities with FF and/or lack
> of developer interest. There used to be the modifiedmisc site with FF
> extensions ported over but these days I can't find it anymore.
>
> Too bad, I still use SM a lot, also the mail/news program.

My main problem is with JavaScript. I'm running NoScript, but
more and more I have to select "Temporarily allow all this site".
It appears that JavaScript is now so ubiquitous that it's almost
mandatory to give it free rein.

[Diego Garcia]

On Mon, 24 Jan 2022 02:46:59 GMT, Charlie Gibbs wrote:


> It appears that JavaScript is now so ubiquitous that it's almost
> mandatory to give it free rein.
>

Nope.

Any site that depends on javascript is simply not worth visiting.

I access the degenerate web using the graphical "links" browser,
"links -g," which ignores both javascript and CSS. Most web sites are
viewable in graphical links but the ones that are not viewable
are simply not worth the time and effort.

The link to the graphical "links" browser:

http://links.twibright.com/

Of course, my reason for accessing the web may be entirely
different than yours. You may wish to indulge in a bit of the
decadence, but I do not. Hence I use graphical "links."

HTML, CSS, and javascript are the most odious developments
of programming. The web was flawed from the very beginning
but instead of an immediate scrapping the world chose to shoehorn
idiotic solutions, i.e. CSS and javascript.

Many fine web sites now distribute their information via PDF
downloads rather than have to accommodate that CSS/javascript
morass.

[The Natural Philosopher]

On 24/01/2022 22:35, Diego Garcia wrote:
> On Mon, 24 Jan 2022 02:46:59 GMT, Charlie Gibbs wrote:
>
>
>> It appears that JavaScript is now so ubiquitous that it's almost
>> mandatory to give it free rein.
>>
>
> Nope.
>
> Any site that depends on javascript is simply not worth visiting.

Absolute rubbish.

There are many engineering sites that allow you to enter data and have
results presented on the fly. Can't do that without JavaScript.

That's just one example.

Almost any site that presents an interactive face to the user will need
to use JavaScript - at least in ajax form - in order not to waste time
reloading.

Drop down menus rely on javascript.



--
"Anyone who believes that the laws of physics are mere social
conventions is invited to try transgressing those conventions from the
windows of my apartment. (I live on the twenty-first floor.) "

Alan Sokal

[Richard Kettlewell]

The Natural Philosopher <t...@invalid.invalid> writes:

> There are many engineering sites that allow you to enter data and have
> results presented on the fly. Can't do that without JavaScript.
>
> That's just one example.
>
> Almost any site that presents an interactive face to the user will
> need to use JavaScript - at least in ajax form - in order not to
> waste time reloading.
>
> Drop down menus rely on javascript.

You can use the :hover selector to do dropdowns with no JS.

--
https://www.greenend.org.uk/rjk/

[The Natural Philosopher]

I thought that *was* technically Javascript?

How do you hide/show an element without using javascript to set the DOM
property?

Oh. Set the hover: CSS property to 'block' and so on?

[Richard Kettlewell]

The Natural Philosopher <t...@invalid.invalid> writes:

> On 25/01/2022 13:26, Richard Kettlewell wrote:
>> The Natural Philosopher <t...@invalid.invalid> writes:
>>> There are many engineering sites that allow you to enter data and have
>>> results presented on the fly. Can't do that without JavaScript.
>>>
>>> That's just one example.
>>>
>>> Almost any site that presents an interactive face to the user will
>>> need to use JavaScript - at least in ajax form - in order not to
>>> waste time reloading.
>>>
>>> Drop down menus rely on javascript.
>> You can use the :hover selector to do dropdowns with no JS.
>
> I thought that *was* technically Javascript?

It’s CSS.

> How do you hide/show an element without using javascript to set the
> DOM property?
>
> Oh. Set the hover: CSS property to 'block' and so on?

There’s an example in https://www.w3schools.com/cssref/sel_hover.asp

--
https://www.greenend.org.uk/rjk/

[The Natural Philosopher]

On 25/01/2022 14:02, Richard Kettlewell wrote:
> The Natural Philosopher <t...@invalid.invalid> writes:
>
>> On 25/01/2022 13:26, Richard Kettlewell wrote:
>>> The Natural Philosopher <t...@invalid.invalid> writes:
>>>> There are many engineering sites that allow you to enter data and have
>>>> results presented on the fly. Can't do that without JavaScript.
>>>>
>>>> That's just one example.
>>>>
>>>> Almost any site that presents an interactive face to the user will
>>>> need to use JavaScript - at least in ajax form - in order not to
>>>> waste time reloading.
>>>>
>>>> Drop down menus rely on javascript.
>>> You can use the :hover selector to do dropdowns with no JS.
>>
>> I thought that *was* technically Javascript?
>
> It’s CSS.
>
>> How do you hide/show an element without using javascript to set the
>> DOM property?
>>
>> Oh. Set the hover: CSS property to 'block' and so on?
>
> There’s an example in https://www.w3schools.com/cssref/sel_hover.asp
>

Yes. Since the sites I design these days are very complex I tend too
start off assuming javaScript will be necessary anyway, and use it
instead of Css 'active' html


--
"I am inclined to tell the truth and dislike people who lie consistently.
This makes me unfit for the company of people of a Left persuasion, and
all women"

[Computer Nerd Kev]

Diego Garcia <d...@chaos.info> wrote:
> On Mon, 24 Jan 2022 02:46:59 GMT, Charlie Gibbs wrote:
>> It appears that JavaScript is now so ubiquitous that it's almost
>> mandatory to give it free rein.
>
> Nope.
>
> Any site that depends on javascript is simply not worth visiting.
>
> I access the degenerate web using the graphical "links" browser,
> "links -g," which ignores both javascript and CSS. Most web sites are
> viewable in graphical links but the ones that are not viewable
> are simply not worth the time and effort.

That's my approach, except using Dillo, for viewing informational
websites. Unfortunately it often falls apart as soon as I try to
research a physical product that I want to buy because I'm then at
the mercy of the manufacturer and their specific website, which is
often full of Javascript. Then if I want to actually order it then
no doubt I'll need JS for PayPal or a third party Credit Card
processor.

Then there are all the Australian government websites that are full
of flashy JS with the added annoyance that it breaks half of the
time and throws up meaningless error messages while you're trying
to fulfil your obligations.

If you actually get by without a Firefox or Chrome based browser
installed at all, then I admire your resolve.

> Many fine web sites now distribute their information via PDF
> downloads rather than have to accommodate that CSS/javascript
> morass.

I like DjVu better. I'm never happy.

[Diego Garcia]

On Tue, 25 Jan 2022 11:24:06 +0000, The Natural Philosopher wrote:

>
> There are many engineering sites that allow you to enter data and have
> results presented on the fly. Can't do that without JavaScript.
>

Yes it can. The fact that you say it can't indicates that you do not
understand.

Anything that javascript can accomplish can be accomplished
on the server -- but that is NOT the point.

Javascript can certainly be useful and can alleviate the burden on
the server, but for the purposes for which it is commonly employed
it is garbage.

For performing local (i.e. within the browser) javascipt may be preferable,
but that if far from its common purpose and I was addressing only its
common, commercial purpose.

[Diego Garcia]

On Tue, 25 Jan 2022 21:40:20 -0000 (UTC), Computer Nerd Kev wrote:

>
> That's my approach, except using Dillo, for viewing informational
> websites.
>

Dillo is another excellent choice, except that it cannot handle SSL
very well -- and evil Google, the self-proclaimed web authority, now
mandates that all web sites must be SSL.

>
> the mercy of the manufacturer and their specific website, which is
> often full of Javascript. Then if I want to actually order it then
> no doubt I'll need JS for PayPal or a third party Credit Card
> processor.
>

I have been paid ($$$) to write simple e-commerce web sites.
Javascript is NOT required. But business owners are often at
the mercy of developers who in turn are at the mercy of fashion
and the fashion is javascript.

A browser is nothing more than a GUI interface that is wrapped
around a rendering engine. Thus, there can, and should, be many,
many alternative browsers without all the junk.

A case in point was (unfortunately past tense) the Skipstone
browser:

http://www.muhri.net/skipstone/

Skipstone wrapped an early versionof the Moziila Gecko engine
with a very simple, no-frills interface.

Sadly, however, Skipstone is no longer compatible with recent
versions of Gecko.

But the concept remains valid . Someone needs to emulate Skipstone
with the recent HTML engines.

>
> I like DjVu better. I'm never happy.
>

That's also a possibility. Some web sites distribute PostScript.
One must be prepared for anything and everything, and GNU/Linux
is the best way to do that.

In my view, the web should be just a bulletin board with links
(URLs) to content in ODT, ODS, PostScript, DJVU, PDF, etc.

HTML/CSS/Javascript is just a useless intermediary.

[The Natural Philosopher]

On 25/01/2022 23:33, Diego Garcia wrote:
> On Tue, 25 Jan 2022 11:24:06 +0000, The Natural Philosopher wrote:
>
>>
>> There are many engineering sites that allow you to enter data and have
>> results presented on the fly. Can't do that without JavaScript.
>>
>
> Yes it can. The fact that you say it can't indicates that you do not
> understand.
>
> Anything that javascript can accomplish can be accomplished
> on the server -- but that is NOT the point.

But not without a page reload, network overhead and the rest.

>
> Javascript can certainly be useful and can alleviate the burden on
> the server, but for the purposes for which it is commonly employed
> it is garbage.
>

Wont argue with the dislike of the trend to build everything in a
JavaScript frameworks *for the sake of it*.

> For performing local (i.e. within the browser) javascipt may be preferable,
> but that if far from its common purpose and I was addressing only its
> common, commercial purpose.
>

I think there is no 'common commercial purpose'

It's used for all sorts of things.



--
"In our post-modern world, climate science is not powerful because it is
true: it is true because it is powerful."

Lucas Bergkamp

[Computer Nerd Kev]

Diego Garcia <d...@chaos.info> wrote:
> On Tue, 25 Jan 2022 21:40:20 -0000 (UTC), Computer Nerd Kev wrote:
>>
>> That's my approach, except using Dillo, for viewing informational
>> websites.
>>
> Dillo is another excellent choice, except that it cannot handle SSL
> very well -- and evil Google, the self-proclaimed web authority, now
> mandates that all web sites must be SSL.

There are patches for the v. 3.1 development release which help.
Unfortunately 3.1 has some rendering bugs which turn me off so I
do just tend to use a HTTP - HTTPS proxy a lot with 3.0. There are
lots of forks on GitHub but as usual on GitHub the authors don't
bother summarising what their intentions and changes are so it's
hard to choose between them, or even to find the "real" forks
amongst all the non-forks (nothing changed) that GitHub always
seems to list. I'll have to dedicate a day to researching and
experimenting with them one day, but I'm about fed up with
researching and experimenting with web browsers after years of
similar stuff.

>> the mercy of the manufacturer and their specific website, which is
>> often full of Javascript. Then if I want to actually order it then
>> no doubt I'll need JS for PayPal or a third party Credit Card
>> processor.
>
> I have been paid ($$$) to write simple e-commerce web sites.
> Javascript is NOT required. But business owners are often at
> the mercy of developers who in turn are at the mercy of fashion
> and the fashion is javascript.

True, though if they wish to use PayPal or many CC processors it
is required at that stage because the payment processor designs
their own interface. Granted I do buy things from a few small
businesses by browsing their websites in Dillo and then placing
an order by email or phone.

> A browser is nothing more than a GUI interface that is wrapped
> around a rendering engine. Thus, there can, and should, be many,
> many alternative browsers without all the junk.
>
> A case in point was (unfortunately past tense) the Skipstone
> browser:
>
> http://www.muhri.net/skipstone/
>
> Skipstone wrapped an early versionof the Moziila Gecko engine
> with a very simple, no-frills interface.

I'm of the opinion that to achieve similar performance to Dillo
and Links, you need to deal with the efficiency of the rendering
engine itself, so simply wrapping the engine in a different skin
doesn't cut it. The problem with that is the modern web is only
designed for the Chrome and (with luck) Firefox rendering engines.
So I'm just resigned to using Firefox for things that don't work in
Dillo because looking for slight improvements around the UI side of
things is only a minimal gain.

I did mess about with Fifth browser a few years ago (last updated
in 2016, which wasn't so long ago then). It was a FLTK-based
wrapper for Chrome's WebKit engine, and the experience helped me
form the above opinion. I'm not comfortable about relying on
Google's code anyway, mind you.

[Diego Garcia]

On Wed, 26 Jan 2022 21:19:10 -0000 (UTC), Computer Nerd Kev wrote:

>> Dillo ... There are

> lots of forks on GitHub but as usual on GitHub the authors don't
> bother summarising what their intentions and changes
>

I am surprised that anyone is interested in forking Dillo at all.

Dillo has no chance of surviving amid the commercially
controlled development of browsers and of the web itself.

>
> The problem with that is the modern web is only
> designed for the Chrome and (with luck) Firefox rendering engines.
>

So I have observed.

Whatever happened to international standards?

Companies, including essential companies like banks, hire
developers to develop only for the latest Google Chrome.
It is a disgusting practice but there is no way to stop it.

Never underestimate the power of stupid people in large
numbers.

Things have gotten so bad that there exist several projects
for alternative global networks.

Unfortunately, ATM I can't recall the name of these projects,
but again, I have serious doubts that any of these projects
will gain a significant following.

[Charlie Gibbs]

On 2022-01-26, Diego Garcia <d...@chaos.info> wrote:

> On Wed, 26 Jan 2022 21:19:10 -0000 (UTC), Computer Nerd Kev wrote:
>
>> The problem with that is the modern web is only designed
>> for the Chrome and (with luck) Firefox rendering engines.
>
> So I have observed.
>
> Whatever happened to international standards?
>
> Companies, including essential companies like banks, hire
> developers to develop only for the latest Google Chrome.
> It is a disgusting practice but there is no way to stop it.
>
> Never underestimate the power of stupid people in large
> numbers.

Ignorance is bliss - if you're exploiting the ignorant.
The people carrying out this plot, on the other hand,
are anything but stupid.

Never underestimate your enemy.

> Things have gotten so bad that there exist several projects
> for alternative global networks.
>
> Unfortunately, ATM I can't recall the name of these projects,
> but again, I have serious doubts that any of these projects
> will gain a significant following.

The sheeple are happy, even as they're being fleeced.
It's up to us to maintain pockets of freedom wherever we can.

--
/~\ Charlie Gibbs | Microsoft is not
\ / <cgi...@kltpzyxm.invalid> | a necessary evil.
X I'm really at ac.dekanfrus | Microsoft is not necessary.
/ \ if you read it the right way. | -- Ted Nelson (paraphrased)

[Bobbie Sellers]

On 1/26/22 16:42, Charlie Gibbs wrote:
> On 2022-01-26, Diego Garcia <d...@chaos.info> wrote:
>
>> On Wed, 26 Jan 2022 21:19:10 -0000 (UTC), Computer Nerd Kev wrote:
>>
>>> The problem with that is the modern web is only designed
>>> for the Chrome and (with luck) Firefox rendering engines.
>>
>> So I have observed.
>>
>> Whatever happened to international standards?
>>
>> Companies, including essential companies like banks, hire
>> developers to develop only for the latest Google Chrome.
>> It is a disgusting practice but there is no way to stop it.
>>
>> Never underestimate the power of stupid people in large
>> numbers.
>
> Ignorance is bliss - if you're exploiting the ignorant.
> The people carrying out this plot, on the other hand,
> are anything but stupid.
>
> Never underestimate your enemy.
>
>> Things have gotten so bad that there exist several projects
>> for alternative global networks.
>>
>> Unfortunately, ATM I can't recall the name of these projects,
>> but again, I have serious doubts that any of these projects
>> will gain a significant following.
>
> The sheeple are happy, even as they're being fleeced.
> It's up to us to maintain pockets of freedom wherever we can.
>

Bliss's ignorance is pain she feels acutely. But so far my
bank's web site is still compatible with Firefox. I would no sooner
defect to Chrome than I would shut off my computer travel to the nearest
bank to pay bills and reconcile my accounts.


bliss - brought to you by the power and ease of PCLinuxOS
and a minor case of hypergraphia

--
bliss dash SF 4 ever at dslextreme dot com