0 users browsing Discussion. | 1 guest | 3 bots  
Main » Discussion » Board feature requests/suggestions
Pages: First Previous 12 13 14 15 16 17 18 19 Next Last
Posted on 19-08-16, 16:01
Not from my cellphone

Post: #487 of 664
Since: 10-30-18

Last post: 4 days
Last view: 3 hours
I... didn't noticed.

But then, I'm on Seamonkey, a browser where the obsession is not at the security theatre, but actually getting the next version released.

BTW: the random page load delays are still there, particularly at the Discussion board. And since I'm now forced to read this From My Cellphone™ thanks to our benevolent phone and ISP company, it gets incredibly confusing (is the delay caused by the site? by our shittyass 3G/4G networks?)

Not that I care anymore, but I guess a bug is still a bug?

Licensed Pirate® since 2006, 100% Buttcoin™-free
Posted on 19-08-16, 16:05
BL4R

Post: #348 of 480
Since: 10-29-18

Last post: 1 day
Last view: 2 hours
If I knew what caused the delays, I would gladly fix them. I actually thought I'd fucked something up real bad after the TLS version bump and it took *that* long to test!
Posted on 19-08-16, 16:17

Post: #191 of 210
Since: 10-29-18

Last post: 187 days
Last view: 159 days
The website is always really snappy for me, here.
Posted on 19-08-16, 17:26 (revision 1)
Post: #253 of 353
Since: 10-30-18

Last post: 1 day
Last view: 5 min.
User is online
Posted by Kakashi
The website is always really snappy for me, here.

Often (not always) slow for me.

AMD Ryzen 3700X | MSI Gamer Geforce 1070Ti 8GB | 16GB 3600MHz DDR4 RAM | ASUS Crosshair VIII Hero (WiFi) Motherboard | Windows 10 x64
Posted on 19-08-16, 17:42
Don't. Even. Blink.

Post: #349 of 480
Since: 10-29-18

Last post: 1 day
Last view: 2 hours
You'd think considering where the server is physically located it'd be fast for me. It's not. Not always. Even my dead-simple frontpage sometimes takes remarkably long to load.
Posted on 19-08-17, 14:10
Stirrer of Shit
Post: #577 of 717
Since: 01-26-19

Last post: 74 days
Last view: 72 days
Isn't this just the MySQL issue though?

On the topic of SSL: I often get SSL warnings when browsing here, since the certificate is sometimes signed by an unknown authority. I get them all the time, so I've been conditioned to just click through them. I only ever get them with Tor Browser, so it might just be that they have an outdated certificate store.
(no, I am not getting MITM'd, it only happens on some sites and it persists even if I do CTRL-SHIFT-L, and furthermore any exit node that did this would get blacklisted real fast)

There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this.
Posted on 19-08-17, 16:40
Post: #77 of 136
Since: 11-01-18

Last post: 9 days
Last view: 4 hours
I'd go with outdated store... maybe update your tor browser?
Posted on 19-08-18, 07:55
Stirrer of Shit
Post: #581 of 717
Since: 01-26-19

Last post: 74 days
Last view: 72 days
It is up-to-date, at least as much as TBB can be. It's the equivalent of ESR 60.8.
But extremely odd still. Wouldn't a security-critical software want to maintain a really fresh cert store?

There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this.
Posted on 19-08-18, 08:38
Full mod

Post: #320 of 394
Since: 10-30-18

Last post: 31 days
Last view: 2 hours
Posted by sureanem
I often get SSL warnings when browsing here, since the certificate is sometimes signed by an unknown authority. I get them all the time, so I've been conditioned to just click through them. I only ever get them with Tor Browser, so it might just be that they have an outdated certificate store.
(no, I am not getting MITM'd, it only happens on some sites and it persists even if I do CTRL-SHIFT-L, and furthermore any exit node that did this would get blacklisted real fast)

Next time it happens, poke around in the certificate details and see what the certificate chain looks like, and then take a look again when it works fine.

This specific website use a certificate from Let's Encrypt that's signed by "Let's Encrypt Authority X3", which in turn is signed by "ISRG Root X1" (Let's Encrypt's root cert) and "DST Root CA X3" (the root cert of IdenTrust, an existing for-profit CA). My Firefox has "Let's Encrypt Authority X3" in its trusted cert store, so it automatically trusts this site. However, older browsers don't have the Let's Encrypt cert in their store, so sites should be configured to serve up both their own cert, and "Let's Encrypt Authority X3", and then older browsers can follow the chain to "DST Root CA X3" and everything still works.

This site *doesn't* serve up the intermediate certificate, which doesn't matter for modern, up-to-date browsers, but it causes that "This server's certificate chain is incomplete. Grade capped to B." message from SSL Server Test, and I wonder if it causes your SSL warnings too.

On the other hand, apparently the Let's Encrypt certs were added to Firefox in version 50, which is over a year before your ESR 60. So who knows what the heck's going on. Maybe it really is an MITM, even if not a malicious one.

The ending of the words is ALMSIVI.
Posted on 19-08-18, 14:25
Stirrer of Shit
Post: #583 of 717
Since: 01-26-19

Last post: 74 days
Last view: 72 days
If it is MITM, I'd reckon they'd get caught pretty quickly. It's trivial to run a script that tries to connect to some site across all exit nodes and see which ones mess with the cert, report it, and get them banned. And it happens across several nodes, so I wouldn't think that's it. Right now it works fine, so it's very possible they fixed it.

...I could have sworn I took a screenshot of it, but apparently not.

The current hierarchy is DST -> LE -> helmet, so are you sure it doesn't follow it?

There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this.
Posted on 19-08-18, 16:23
Stirrer of Shit
Post: #584 of 717
Since: 01-26-19

Last post: 74 days
Last view: 72 days
OK, now it gave me the error again. "Certificate Hierarchy" just contained "helmet.kafuka.org," SHA-256 fingerprint was "B5:92:85:CD:89:16:38:D9:3B:31:49:22:F6:36:CA:59:10:7A:50:BB:9F:54:30:93:5A:12:11:06:18:3B:74:79,", issuer was "Let's Encrypt Authority X3," and Certificate Authority Key Identifier was "a8 4a 6a 63 04 7d dd ba e6 d1 39 b7 a6 45 65 ef
f3 a8 ec a1," which by all accounts seems to be Let's Encrypt.

The error in boldface on top is, "Could not verify this certificate because the issuer is unknown."

Here's the certificate, but I wouldn't think it's been tampered with:


...And after a few minutes of looking stuff up, I opened the certificate info box up again. It showed up as "Verifying certificate...," and then marked it as valid, with a filled in hierarchy and everything. So I would guess it tried to fetch the intermediate certificates from the URL in the certificate, but it took them some time.

When I go to about:preferences#privacy and open the Certificate Manager, it indeed does not show Let's Encrypt, but it does show DST Root CA X3.

There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this.
Posted on 19-08-19, 07:40
Full mod

Post: #322 of 394
Since: 10-30-18

Last post: 31 days
Last view: 2 hours
Yeah, so this site is serving up its own cert (signed by Let's Encrypt), but the browser for whatever reason doesn't know about Let's Encrypt.

I'm very surprised that any up-to-date browser in 2019 doesn't automatically trust the Let's Encrypt cert, and even more surprised at the idea of browsers downloading plausible-looking certs, but apparently that's a thing that can happen.

Actually, now that I think about it, maybe between the time that it broke and the time that it worked, you happened to visit another Let's Encrypt-secured website that *did* provide the intermediate cert, and the browser cached that somewhere so it was available the next time you visited this site. And then when you shut down the browser, it clears all its caches and the problem resurfaces.

I guess we can test that hypothesis:

- Restart your browser
- Visit https://helmet.kafuka.org/
- Confirm that the site is not trusted
- Restart your browser
- Visit https://lobste.rs/ (a Let's Encrypt-protected site that does serve the intermediate)
- Confirm that the site is trusted
- Restart your browser
- Visit https://helmet.kafuka.org/
- Confirm that the site is still not trusted
- Visit https://lobste.rs/
- Confirm that the site is still trusted
- Visit https://helmet.kafuka.org/ again
- See if the browser trusts it now

The ending of the words is ALMSIVI.
Posted on 19-08-19, 17:31
Stirrer of Shit
Post: #587 of 717
Since: 01-26-19

Last post: 74 days
Last view: 72 days
Yes, that is what happens. Except for the part where it sometimes randomly works if you directly navigate to it with a clean browser, and sometimes randomly begins to work despite loading no other websites. It seems like it works more often to load it from bookmark than to go to helmet.kafuka.org, go to bboard/, and then click the HTTPS icon. But this could just be spurious/superstition.

It has to verify them by hash, so I'd say it's quite secure.

The certificate does include URL of the parent certificate, so it could be that it tries to fetch it based on my connection speed, which is random, which causes the non-deterministic behavior. That could explain why it sometimes loads instantly.

Another hypothesis is that some post contained an embed going to a Let's Encrypt secured page complete with proper chain, that forces a cert download, boom, complete chain. I think this is what happens.

To reproduce:
1) open TBB
2) go to https://helmet.kafuka.org/bboard
-> red sometimes, green sometimes
3) add temp exception (if green, make new identity and try again)
4) mess around in options, refresh page, etc
-> nothing happens, still orange
5) open all threads from last post in new tab
6) "View certificate"
-> Currently verifying...
-> green

But the big mystery is why it sometimes DOESN'T show up as red.

Man, to hell with SSL. How many people get false impressions of security from the magic green lock? How many people get Pavlov'd into clicking through all warnings? (see: Windows executable signing) And most importantly, why tolerate this atrocious single point of failure? We're not far out from seeing HTTP getting the same warnings as HTTPS with self-signed cert does, and then blocked outright eventually (where there is no override button and you have to go into about:config). Then maybe ISPs will block it, like they did for SMTP, but I doubt it (after all, our Chinese IoT makers must access their APIs)

And after that, we will have a complete oligopoly. Good luck publishing such tracts if the CA cartel doesn't allow them. They've null-routed entire ASNs for hosting legal but controversial websites, so why wouldn't refusing to issue a certificate - an active rather than passive action, most definitely within their prerogative - be a valid action likewise?

Completely unironically, this is a problem that The Blockchain™ solves in a cheap, efficient, and safe manner.

/rant

There was a certain photograph about which you had a hallucination. You believed that you had actually held it in your hands. It was a photograph something like this.
Posted on 19-08-26, 15:54
Post: #17 of 19
Since: 11-08-18

Last post: 220 days
Last view: 194 days
I'm not sure if this is related to the HTTPS discussion above, but as of this morning I'm getting a "Website With Harmful Software Warning" whenever I visit this website in Safari.

Safari supposedly uses Google Safe Browsing for this warning...
Posted on 19-08-26, 17:21

Post: #193 of 266
Since: 10-29-18

Last post: 1 day
Last view: 1 hour
Same for me with Firefox; had to use Opera.

My current setup: Super Famicom ("2/1/3" SNS-CPU-1CHIP-02) → SCART → OSSC → StarTech USB3HDCAP → AmaRecTV 3.10
Posted on 19-08-26, 17:47
You spin me right round baby right round like a record baby

Post: #366 of 480
Since: 10-29-18

Last post: 1 day
Last view: 2 hours
Posted by Wowfunhappy
as of this morning I'm getting a "Website With Harmful Software Warning"
That's a known issue, nothing is actually wrong with the site or anything served on it.
Posted on 19-08-27, 00:53
Custom title here

Post: #659 of 866
Since: 10-30-18

Last post: 2 days
Last view: 15 hours
Posted by Kawa
Posted by Wowfunhappy
as of this morning I'm getting a "Website With Harmful Software Warning"
That's a known issue, nothing is actually wrong with the site or anything served on it.
That's just what a malware provider woold say!

--- In UTF-16, where available. ---
Posted on 19-08-27, 01:00
Tall, Dark and Bishōjo

Post: #371 of 480
Since: 10-29-18

Last post: 1 day
Last view: 2 hours
Visual Basic 6 and UPX smell bad to certain antivirus programs 🤷
Posted on 19-09-05, 12:20
Post: #268 of 353
Since: 10-30-18

Last post: 1 day
Last view: 5 min.
User is online
I guess I shoulda made my comment about the Quote system here, in any case thanks for adjusting the Quote visuals to make it easier to see who said what.

Here's a feature request: Add a "Cancel" button when making posts and editing posts, the button should obviously take you back to the previously visited page.

AMD Ryzen 3700X | MSI Gamer Geforce 1070Ti 8GB | 16GB 3600MHz DDR4 RAM | ASUS Crosshair VIII Hero (WiFi) Motherboard | Windows 10 x64
Posted on 19-09-05, 12:34
Custom title here

Post: #675 of 866
Since: 10-30-18

Last post: 2 days
Last view: 15 hours
Posted by Nicholas Steel
I guess I shoulda made my comment about the Quote system here, in any case thanks for adjusting the Quote visuals to make it easier to see who said what.

Here's a feature request: Add a "Cancel" button when making posts and editing posts, the button should obviously take you back to the previously visited page.
Why not just alt-left? Or click the thread title above the reply/edit box? Or the back button in the address bar?

--- In UTF-16, where available. ---
Pages: First Previous 12 13 14 15 16 17 18 19 Next Last
Main » Discussion » Board feature requests/suggestions
Kawa's Github