doomed - use! HTTPS Everywhere - google explained why

For friendly off topic discussion not covered in a forum above.
Forum rules
No politics, please.
User avatar
hamei
Posts: 10535
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby hamei » Fri May 04, 2018 9:07 pm

Raion-Fox wrote:Yep. I can disable certificate warnings in Vivaldi (which is based on Blink/Chromium) by passing this: --ignore-certificate-errors

I actually grabbed chromium at one point, it seemed to get a lot of things right that the Mazzola retards totally fucked up, but alas. gcc-isms up the wazoo and if anything, they go out of their way to keep any non-google-approved platforms from building it.

But seems to me, at this point, that would be a more productive way to get a current browser on irix than chasing after fireflop. Between goofball and mazoola, that's like choosing between hitler and mussolini. Oh joy oh joy :(
hey friendly ! come outta there ! you're a cheap lousy dirty stinkin' mug and I'm glad what I done !

User avatar
commodorejohn
Posts: 698
Joined: Tue Oct 02, 2012 1:22 pm
Contact:

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby commodorejohn » Fri May 04, 2018 10:34 pm

At least on Windows and Loonix there's Pale Moon, reinstating all the options Mozilla insists on removing...
Computers: Amiga 1200, DEC VAXStation 4000/60, DEC MicroPDP-11/73
Synthesizers: Roland JX-10/SH-09/MT-32/D-50, Yamaha DX7-II/V50/TX7/TG33/FB-01, Korg MS-20 Mini/ARP Odyssey/DW-8000/X5DR, Ensoniq SQ-80, E-mu Proteus/2, Moog Satellite, Oberheim SEM

User avatar
shutitalldown
Posts: 177
Joined: Sat Feb 10, 2018 3:28 am

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby shutitalldown » Sat May 05, 2018 2:47 am

The future is Otter. Maybe.
A project aiming to recreate classic Opera (12.x) UI using Qt5.
I am tattooed in reverse, cause if you break rules you don't know where it leads.
But, say, all the venus in furs are so manically depressed and manically dressed.

User avatar
hamei
Posts: 10535
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby hamei » Sat May 05, 2018 4:48 am

Made me laugh ... this is what happens when you let imbeciles, e.g. the TSA, control anything ...
Radio Timeline wrote: 1896
� Marconi transports his wireless invention to England. Upon entry to the country, nervous customs officials smash his apparatus under suspicion that it may be part of an Italian anarchist plot.

The more things change .... :D
hey friendly ! come outta there ! you're a cheap lousy dirty stinkin' mug and I'm glad what I done !

User avatar
hamei
Posts: 10535
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby hamei » Wed May 09, 2018 3:03 am

Whoa ! new information from the front ! In light of this, I am really really concerned about craigslist making sure to use https ...

http://www.latimes.com/business/technol ... story.html

And I think, first chance I get, I'm gonna run down to the Y with a magic marker and put all my personal information on the shitter's walls ...
hey friendly ! come outta there ! you're a cheap lousy dirty stinkin' mug and I'm glad what I done !

User avatar
shutitalldown
Posts: 177
Joined: Sat Feb 10, 2018 3:28 am

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby shutitalldown » Wed May 09, 2018 3:54 am

It's happening, it's the end of the world, Facebook and Equifax lost control of millions of social security numbers, personal information, pics, driver's license numbers, names, birth dates and other sensitive personal information in a massive data breach, but they are under HTTPs and I can no more use eBay with Chrome because *it's saafe*, and it's so *safe* that it needs to force some extra features implemented in specific HTTPs pages, so payment, bills, etc, even "page edit" got reimplemented with the last "secure" version not supported by Chrome on XP, and soon I won't be either able to browse auctions.

It's happening, It's the process of a group being or becoming extinct. Like the extinction of the great auk.

Yesterday, I had to launch Firefox inside a virtual machine (Linux on VirtualBox, exported through MobaXterm) to correct the text of an auction to include a few links to specs, because Chrome was refusing to open the page.

Oh, and even links to pics and pdfs now must be HTTPs-super-secure-version :roll:

The whole old-school of HTTP is going to die. It persists surviving the extinction, but it can't last.

At some point I will shut down the console, to take refuge inside the Saint Bali Temple of "The unplugged".
I am tattooed in reverse, cause if you break rules you don't know where it leads.
But, say, all the venus in furs are so manically depressed and manically dressed.

User avatar
jan-jaap
Donor
Donor
Posts: 5071
Joined: Thu Jun 17, 2004 11:35 am
Location: Wijchen, The Netherlands
Contact:

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby jan-jaap » Wed May 09, 2018 5:28 am

shutitalldown wrote:payment, bills, etc, [...] not supported by Chrome on XP

Using an outdated browser on Windows XP to do financial transactions? There's got to be at least a dozen CVEs in that version of Chrome, and there are some critical privilege escalation bugs in XP that will never be patched. Do you also leave the doors and windows wide open when you leave for holidays? After all, burglary is against the law. What could possibly happen :roll:

I can understand that you need Windows XP for some software that won't work with a newer OS. Same here. I lock it up inside a VM with restricted network access.
shutitalldown wrote:At some point I will shut down the console, to take refuge inside the Saint Bali Temple of "The unplugged".

That will probably be as soon as your current computer craps out, because the next one will likely not be able to run XP on 'bare metal'. Could be later today.

User avatar
shutitalldown
Posts: 177
Joined: Sat Feb 10, 2018 3:28 am

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby shutitalldown » Wed May 09, 2018 5:45 am

jan-jaap wrote:Using an outdated browser on Windows XP to do financial transactions?


Of course, payments, where I have to expose my credit card, Paypal, or bank account, are done on my smartphone, what's wrong with editing an invoice of payment without encryption? You are not exposing your IBAN, your credit card number, you are just editing an HTML-page to say: "hey, if you want the doc, I want 5 more dollars for a paper copy of it". eBay allowed it. Now it didn't.

I have been using it without a problem for ten years.

jan-jaap wrote:There's got to be at least a dozen CVEs in that version of Chrome, and there are some critical privilege escalation bugs in XP that will never be patched.


I bought this computer in April 2008, and in ten years of usage (read it again *TEN YEARS OF USAGE*) I have done more than seven thousand transactions on eBay and such a stuff, (usually two per day) and I have never seen a singular problem.

Of course, I have never used facebook, except as fake account to fool sites that require it for authentication.

I have to of these laptops with exactly the same specs, and they are loaded with 12K euro of software, node-locked to the machines, they work fine, I spent a lot of time and money on them, I don't see a good point to change.

jan-jaap wrote:I can understand that you need Windows XP for some software that won't work with a newer OS. Same here. I lock it up inside a VM with restricted network access.


Some software that needs to physically access the hardware, e.g. national instruments PCMCIA cards, does not work inside a virtualizer, and replacing them is too costly for me.

And I do not want to bring two laptops with me when I visit customers. Each new machine would need an authorization, that requires a lot of my signatures on their agreements. I won't do that.

And on the top of that, it's all modern mind paranoia. What really cares is a good firewall, plus the intelligence of knowing what you are doing on the Internet.

Those things (HTTPs, modern OSes, etc etc ) won't save you from losing your personal information if you are so silly to put them on Facebook. It happened, and it will happen again.
I am tattooed in reverse, cause if you break rules you don't know where it leads.
But, say, all the venus in furs are so manically depressed and manically dressed.

User avatar
mapesdhs
Posts: 2567
Joined: Mon Nov 10, 2003 4:17 pm
Location: Edinburgh, Scotland
Contact:

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby mapesdhs » Wed May 09, 2018 6:11 am

You think a smartphone is secure?? Holy grud! :D



Ian.
I'm working on a charitable PC build for the Learn Engineering YouTube channel. Please PM/email/call if you'd like to contribute!
Donations of any kind of item I can sell to provide funds are also most welcome.
mapesdhs@yahoo.com
+44 (0)7434 635 121

User avatar
hamei
Posts: 10535
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby hamei » Wed May 09, 2018 6:17 am

Considering that Equifax managed to dump all the personal information of 147 million people - and that's ALL as in a ton of things that aren't ever exposed by credit card transactions over XP - and we're not even mentioning the 80 million here and 30 million there by other big players .. it seems like the entire discussion of "security" is ludicrous.

It's like complaining about a mosquito bite when you have a six pound tumor in the brain.
hey friendly ! come outta there ! you're a cheap lousy dirty stinkin' mug and I'm glad what I done !

User avatar
jan-jaap
Donor
Donor
Posts: 5071
Joined: Thu Jun 17, 2004 11:35 am
Location: Wijchen, The Netherlands
Contact:

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby jan-jaap » Wed May 09, 2018 6:35 am

If you've got 12K of software nodelocked to a 10 year old computer running a long EOL-ed OS with no upgrade path, and you need it to get your job done I'm glad I'm not in your shoes. Because the day that thing dies or is taken over by malware you're SOL.
shutitalldown wrote:It's all modern mind paranoia. What really cares is a good firewall, plus the intelligence of knowing what you are doing on the Internet.

I'd say a healthy dose of paranoia is essential to survive on the internet these days. And you don't need to be browsing porn, warez or torrents to get yourself into trouble. One of our engineers landed on a rogue malware infested site yesterday because the download pages of a well regarded EDA and IP standards group had been infected. Then there's malvertising which can hit you anywhere.

The web is not static. The vulnerabilities being exploited today weren't known 10 years ago.
hamei wrote:Considering that Equifax managed to dump all the personal information of 147 million people - and that's ALL as in a ton of things that aren't ever exposed by credit card transactions over XP - and we're not even mentioning the 80 million here and 30 million there by other big players .. it seems like the entire discussion of "security" is ludicrous.

Just because Equifax didn't take it's responsibility doesn't mean I have to act the same way. Let them die and be an example to the rest. Meanwhile, if I have my credit card data stolen and abused and the bank figures out I'm still running XP, I'm not sure I'm covered.

User avatar
shutitalldown
Posts: 177
Joined: Sat Feb 10, 2018 3:28 am

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby shutitalldown » Wed May 09, 2018 10:56 am

jan-jaap wrote:Because the day that thing dies or is taken over by malware you're SOL.


The day that the first laptop dies, there is the second laptop. The whole hard drive was cloned into a backup archive, projects are not hosted on it. They are files, sources, and documentation, committed through a professional software like Doors, and backup-ed on MO-WORM archives. Partition D: contains temporary files, while partition C: is loaded with the just the OS and the applications, thus, if they get corrupted or infected, I wipe the whole disk and it takes 45 minutes to resume from a backup.

jan-jaap wrote:One of our engineers landed on a rogue malware infested site yesterday because the download pages of a well regarded EDA and IP standards group had been infected. Then there's malvertising which can hit you anywhere.


Yeah. Precisely what they use to force you into being under control. You got afraid, you play their games.

jan-jaap wrote:The web is not static. The vulnerabilities being exploited today weren't known 10 years ago.


And this is precisely the reason why, at some point, I will retreat from the scene, like a player who does no more want to play the game, since rules are changed.

The whole computing world is a sham, and in general, no one is doing anything useful these days, just playing with their duck, and the whole computing world is a thing that is not what it is purported to be.

Even the internet is not what it is purported to be.
I am tattooed in reverse, cause if you break rules you don't know where it leads.
But, say, all the venus in furs are so manically depressed and manically dressed.

User avatar
shutitalldown
Posts: 177
Joined: Sat Feb 10, 2018 3:28 am

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby shutitalldown » Wed May 09, 2018 12:00 pm

mapesdhs wrote:You think a smartphone is secure??


It's not secure, and it tells everybody where you are. But it runs a browser able to connect to eBay, Paypal, and those places to send an invoice for payment to customers, pay for goods and services, move funds from/to a bank account.

As well as it's able to connect to new sites to download pdf, documentation, and git repositories. Nowadays even a silly python script needs to be checked for the integrity, as well as you need to be authenticated from the offering site.

All of these functions are no more working on my laptop. Unless I put firefox on a virtual machine.

Oh. And I was so irritated by the geolocalization, that I hacked the GPS of my smartphone, forcing it says I am located 8km near Rovaniemi, in the Santa Claus village park. Probably nodes accessing me on the internet believe it unless they want to check the first access point in the traceroute that will say to other nodes that it gets packages from me within 3 hops, thus releasing where I am really located.

Do you remember? proxies are no more working with HTTPs, and if you access Gmail through HTTPs (to check if someone has already paid you by Paypal), Googles knows who you are, where you are, with which device you are connected, and guys behind Google can tell this information to everyone they want. There are scripts even for Facebook.

Even Amazon. Even when you use your Kindle Paper White without forcing it into perpetual airplane-mode (wifi off, unplugged).

I would say it's the big brother.
I am tattooed in reverse, cause if you break rules you don't know where it leads.
But, say, all the venus in furs are so manically depressed and manically dressed.

User avatar
mapesdhs
Posts: 2567
Joined: Mon Nov 10, 2003 4:17 pm
Location: Edinburgh, Scotland
Contact:

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby mapesdhs » Wed May 09, 2018 1:25 pm

shutitalldown, my point btw was that jan-jaap commented on the use of XP, presumably with respect to security issues, and your response was that you used a smartphone for relevant tasks for, "...payments, where I have to expose my credit card, Paypal, or bank account...", yet the reply to my question about the security of a smartphone was, "It's not secure, ..." which begs the rhetorical question, why are you using a smartphone? The answer of course is that it's secure enough, most of the time. The wider issue is that the definition of "enough" is being diluted more and more as time goes by. Another good vid by Bryan:



Note I'm pointing out the contradiction above not to be picky at you (I use a smartphone for ebay and email, Windows PC for most things), rather to demonstrate that we all compromise on what the ideal would be for safe and secure coms. I would rather use an SGI for online banking, as I once did, but now my bank blocks browsers it deems too old, forcing one to use something on WIndows, and its use of js had made using an SGI nigh on impossible anyway (ditto many other sites). For most people it's difficut to have much choice in the matter. Most don't realise how bad it can get until something serious happens, something which permits the state or corporations to meddle with peoples lives' in some manner, such as severe censorship or media lying (Trump's election was a non-stop, 2-year example of that, and it's still going on), or simply slicing off the savings of vast numbers of citizens without those affected having any means of preventing it, eg. Cyprus and Greece (those on the left can use whatever verbal spaghetti they want to frame such actions, it's still theft).

Here's another vid by Bryan, and alas I think he's probably right, the forces ranged against a free, open and secure net are too great:



The nature of tech and modern media allows us to delude ourselves into believing that what we have at the moment must have some degree of permanence, but the evidence from the past is that such a thing is almost unheard of. The way people use youtube atm is a good example of this. Many people entirely rely on it for a living, for others it's their primary source of visual entertainment (that includes me), but given what the company has been doing in recent years, and what Google is doing, it's entirely possible it won't be around in 10 years' time (or just a shadow of its former glory), and that's a blink of an eye in cultural terms.

We're in an age where everything media related that envelopes a young person as they grow up can be completely gone by the time they reach adulthood, or even their teens. I can still dig out the old games from my teenage years (8bit home micros), and most from my adult life aswell (N64, GameCube, PS2, most PC stuff pre-Steam), but that's not the case anymore, children growing up now will have an adult life where they will simply not be able to play the vast majority of the games they enjoyed as a child or teenager, they won't be able to show their own children, etc. There are rare exceptions, such as Project Reality, but already there have been numerous online gaming and other services that have just closed and that's that. I like playing Elite Dangerous (and at the moment, Subnautica even more), but one day, unless the devs add some kind of bolton to make offline operation possible, these games will die, they just won't work anymore. And of course, even now, without a net link, vast amounts of modern media is not accessible, a situation which is spreading all the time as ever more services and content switch to IP based distribution (including phone calls).

These changes place enormous power in the hands of corporations and the state; frankly I don't know why more people don't find the notion of what Zuckerberg is trying to do with FB absolutely terrifying, because it's already dreadful. His very earliest comments on privacy when FB first began make it quite clear he doesn't give a damn about user rights. Meanwhile, govts every day show they place citizen rights at the very bottom of the stack of priorities, eg. the way Count Dankula was treated in the UK, ditto Lauren Southern and Tommy Robinson.

I saw a piece a couple of years ago on Bloomberg where the CEO of a big US corp was talking about some of these issues. He mentioned that recently in response to his 15yr old daughter referencing something, he replied well of course she's going to upload that to Facebook for her friends; her response was, "Facebook? Who uses that anymore??" Gopher, archie, Geocities, USENET, Yahoo, AOL, Compuserve, MySpace, and quite likely Twitter not too far in the future, perhaps FB too eventually, they come and they go. Sometimes though, these entities have the potential to cause extraordinary mayhem in the process, and while they're active they can be powerful tools for propaganda and manipulation.

What's really awful though is the staggering amount of cultural content that gets completely wiped out when these entities die (the web archive sites can help to an extent, but it's really only skimming the surface). Consider for a moment the billions of comments typed into YT; a lot of dross for sure, but also a heck of a lot of fascinating, educational and entertaining discussions on an uncountable range of topics, yet YT already indulges in simply obliterating this information whenever it likes, removing videos, deleting channels, censoring/blocking search results, etc. It started as a reaction against conservatives during Trump's campaign, but now it's more a reaction to pressures from old media, attacking new media because old media is dying. I use YT because the MSM alternative is much worse, but at least on youtube I can try to make a difference by talking to people.

Btw, anyone noticed how much of the time, Firefox doesn't even shows the http or https at the top in the URL? It's as if they just don't want one to even think about it... and given what Mozilla has been up to, I don't trust all these little onscreen icons which are supposed to denote a connection is secure or whatever; it's just an image, nothing to stop them putting it there when actually the link isn't secure at all (no different to their interfering with content via injected js/CSS that one hasn't authorised).

Ian.
I'm working on a charitable PC build for the Learn Engineering YouTube channel. Please PM/email/call if you'd like to contribute!
Donations of any kind of item I can sell to provide funds are also most welcome.
mapesdhs@yahoo.com
+44 (0)7434 635 121

User avatar
hamei
Posts: 10535
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: doomed - use! HTTPS Everywhere - google explained why

Unread postby hamei » Wed May 09, 2018 7:07 pm

jan-jaap wrote:if I have my credit card data stolen and abused and the bank figures out I'm still running XP, I'm not sure I'm covered.

If you truly care about security, you keep your money in a shoebox under the bed :D

Ask fu about banks some day.
hey friendly ! come outta there ! you're a cheap lousy dirty stinkin' mug and I'm glad what I done !


Return to “Everything Else”

Who is online

Users browsing this forum: No registered users and 1 guest