buc: if I'm reading my notes the right way, 1 should be better than 2, as 1 is "same-origin". So cloudflare is requiring this again and ddosing themselves because of it again?

at least last time they did that, I think sendOriginHeader lacked some later modifications that made it better to have it disabled for now

njsg: Cloudflare doesn't seem to require this when SM is still mentioned in UA (upstream default). But Fedora chose not to specify SM in the user-agent string by default. Therefore Cloudflare treats Fedora's SM as a "real" Firefox, which from their point of view is obliged to support sendOriginHeader.

buc: is it that you want SeaMonkey in the UA for cloudflare? if so, you can always set up a (UA) override. general.useragent.cloudflare.com (or whatever it might be.)

therube: Unfortunately, it seems BOTH the site itself and cloudflare.com should have this set on.

Setting on only one of them has no effect.

I think therube is saying that you can fix Fedora's goofiness with user settings in your copy of Seamonkey.

jonadab: Then countless banking (and other "critical") sites simply stop working (because of a "suspicious unknown" browser). Many sites will begin to distort the audio (because they interpret the "unknown" browser as "something on the smartphone"). Plus quircks on google.com. Etc.etc.etc.

buc: Did you even read what he wrote?

He specifically said that you can set it on a per-site basis.

Well, setting on cloudflare.com only has NO effect.

Oh, wait, I see.

Nevermind, I'm an idiot.

I just realized that when you wrote "BOTH the site itself and cloudflare.com", you probably meant Seamonkey's UA overrides for both. Not something the sites themselves would have to do.

I misuderstood that previously.

Тhe amount of sites for which the mention of SM is undesirable seems to me much greater than the number of sites where such a mention is useful. Therefore, such a decision was made in Fedorа.

I donÄt think so.The sites who enforce this are usually broken anyway because pusing the latest alpha js or other stuff tailored to Chrome. Setting ua to 91 and advertizing SeaMonkey works for most. Exception I know is Facebook. which needs an override.

buc: oh, that'd be an improvement, last time I think what caused the DDoS loop was that they were requiring it all the time. As in, they'd have fallback for browsers that do not support this and that, but these fallbacks required Origin: too

frg: It seems the setting to 91 and not advertising SM works well too (except addons.thinderbird.net and firefox.com which would otherwise be confused). And now cloudflare.com issue :(

maybe I should try to open a ticket on cloudflare's support site. It still works well with SeaMonkey, I think. What was the url, news.ycombinator.com?

I will look into the other parts of bug 1424076 if this is what it needs. Currently updating Spidermonkey. Up to fully 60 now and beyond but need to rebase the regexp stuff first to push this. Should uncork lots of later possible patches and make this easier.

frg: Тhe idea of simply pointing problematic sites to a previous "clean" version of Firefox seems safer, as "the user just hasn't updated yet" sounds better than "the user is using something weird".

buc: when you say a UA with SeaMonkey works you mean it passes the challenge, or that it loads the site without going through the challenge?

frg: "rebase the regexp stuff" -- did you use the splitted tarball I sent?

"passes the challenge" (ie. the user is required to hit the checkbox, but only once, without the loop).

njsg: "passes the challenge" (ie. the user is required to hit the checkbox, but only once, without the loop).

The setting "network.http.sendOriginHeader" to the value of "2" requires more backports, including ones from the latest (100+) versions of Firefox. And some of them even look uncompleted yet. But it is mostly for the value of "2" case only.

For the value of "1", probably, either nothing to do at all, or much less backports needed.

buc yes and no. Slowly starting to move stuff in the regular queue. But the split stuff from Waterfox is also incomplete so need to check against the real patches. Need to do the final 2.53.17 püatches first. My js adventure took longer than expected.

"My js adventure took longer than expected."

no, it's just the beginning

lose all hope :D

well I would love to implement htis the right way: theverge.com/2023/7/20/23801435/goo…sandbox-cookies-api-release-enabled

> privacy-focused APIs

> Google

my areas of interest: pink unicorns gummi bears

in other news Twitter is dead, say hello to... X

Not X11, not Xorg, not X/1999, not Venezuelan replacement banknotes printed in Russia... just "X"

These google apis are total crap but there are oportinities implementing them right.

tomman: Xfree86!

theregister.com/2023/07/24/dangerous_pleasures_win_xp_in_23 speaking of dinosaurs, a mention for 2.49.5 :D

I still have 2 XP64 licenses. Never tried to get a 2.49.5 x64 working on it.

Well its spelled SeaMonkey. 2.49.6 is the latest but will never be released :)

*i* run XP, in 2023, up through & including 7-24-2023 (& hopefully well into the future, too)

2.49.5 still drives my email

therube still on my eprom burner laptop.

(and only because that laptop really dislike modern Linux kernels!)

it runs our accounting software

it /could/ be updated, but why bother

Well Vista is probably the OS with the lonmgest update cycle. Server 2008 even the x86 still gets updates.

matter of fact, until i got my current box, Win7, i was running online no less, & with SeaMonkey 2.49.x up through Jan. 2021

Still dual booting 7 81. and 2019 here. But 95% 2019. Usually one boot the others after monthy patch day.

i'm more concerned about uptime rather then "updates". Altos Xenix system ran non-stop for years.

don't care. Not running anything 24x7

uptime in this house is basically "until the next blackout"

on the flip side, after power comes back I tend to install any pending updates

power issues & the *odd* software issue is the only reason my Win7 boxes have rebooted, otherwise they too would have very long uptimes

the only problem is that blackouts are very frequent here

I *think* my longest uptime at home was ~45 days on my Debian routerbox

many years ago

from late December to early February

coincidentally that was our largest period without a power failure here, which for Venezuelan standards even back then was "amazing"

(blackouts became a pest here since 2009 or so)

Well only some internet blackouts lately here. I am making sure I have a mobile hotspot around these days.

As for the OS wars mostly on either 2016 or 2019 now. I hate 10 and 11. Not even wanting to update to hardware which is not compatible with 7 and 8.1 so still running 2017 stuff. Which is quite fast anyway and more than enough.

Who actively use instagram.com -- what user agent override is needed for it now? Fx-68, Fx-78 or just omit the SM part?

An issue when I try to download PM source at repo.palemoon.org/MoonchildProductions/Pale-Moon/src/branch/release -- type the "..." button ("More Operations") and try to choose something. It seems that background area is affected instead of the menu entries.

buc yes. You can use the keyboard then but seems to have a problem with mouse only.

Is it a known issue (bug number etc.)?

no. I personally no longer file web compatibility bugs. Can do it all day. Will be fixed with backports or not. If I know what might fix it only try to get the stuff in as early as possible.

I believe this particular site should work fine with PaleMoon (not Chrome only :) ). So I suspect they have backported something useful.

they did some css backports. I calc errors in the log.

^I see calc errors

how to open an encrypted message

how to open an encrypted message

I shoved an extension in that just opens the system default browser (GNOME Web) when I click a link in SeaMonkey Mail.

Things are getting so bad that a lot of the time SeaMonkey chokes on whatever I open in it anyway.

I mainly use SeaMonkey's browser to browse without JavaScript because that's getting so bad on its own that it causes a lot of crashes and stalling.

welcome to the future!

"yo dawg I herd u liek Javascript so we put Javascripts in you Javascripts so you can run out of RAM while you run out of sanity!"