frg_Away: I won Linux from Scratch

CaptainTobin I am too lazy and just use stock Rocky 8.

that's cool it will be a long time before I could consider putting a from scratch distro i do in the position of server os

but I did it.. i did linux from scratch and it booted successfully

When Suse was young so 6.0 199x I compiled my own kernels, X11 and stuff. Gave up when a 1000 dependencies took over.

like mozilla and the rusticals?

I have learned a great deal in the past 3 days

and I am pretty happy about that

yeah. Then it was cvs then some switched to svn and then cmake and it got messy. Ran self compiled kde 3.5 for a long time too.

I kinda like compiling the kernel to my specifications (big shock) tho doing the whole thing more than once or twice a year would get old

Yes I learned lots of things too but I just don't have the time any more.

well my system is resisting getting windows 10 reinstalled and updated

the os update constantly fails

and fucks all updates

and i dunno why

or when this happened as i haven';t been updating this craptop and i been off windows on my workstation since october

There are problems with 2 KBs as far as I know.

also another reason I am doing LFS is I am 100% done with trying to deal with systemd any further than a basic unit file in my established server setup.. systemd is in the way of me being able to manage my system.. so sysvinit i go.. i know bash scripting fairly well

also, i can use a copy of it as a chroot os and craft a mozillabuild chroot distro that can and will continue to be able to build UXP, SM, and Mozilla

likely wouldn't take much to extend it to be at least VM bootable

i figure

well sysetmd is like rust but I have given up any crusade against such stuff. Life is too short. In the case of rust I will just make sure that it does not creep directly into suite code.

I think rust is a bad idea but I fear I will have to learn rust eventually but damn sure not befure I aquire some messure of the sea plus plus

i refuse to learn one iota of rust before c++

well with all the backporting I touch lots of this stuff but have no time to really dig into it. But rust is too abstract for me. In 10 years from now it will become interesting. You might need KI then to understand the old code :) This will bite anyone useing it I am pretty sure.

well one thing I could do is attempt to keep a rust free linux kernel

but i doubt that is gonna happen once rust modules get added and redhat and canonical start using em

anyway I am just super happy that I was victorious and won Linux from Scratch and actually accomplished something tangible beyond xref and a web design since july 2022

I compiled barely an operating system.

and it worked.

Paradigm or not..

I am Tobin.

NO ONE CAN STOP ME!

good night frg_Away

nn

x11 probably got funnier to compile in recent years, I think freedesktop has switched a lot of build systems, so now some packages end up pulling these dependencies

I think it's a python-based one, but I might be misremembering

well s@x11@xorg@

shouldn't there be a link in the topic to where the log for this channel is????

!seen rsx11m\

!seen rsx11m

WG9s: oh man BinOC/Linux is gonna be the bestest distro evar

Linux as envisioned by a mozilla traditionalist and windows user.. what could possibly go wrong!

WG9s: according to libera chat rules channels must make it plainly obvious a public channel is logged.. least that was the standard *I* was held to

i have NOT been a window user since sometome in the 1980's but work mandated me using windows there. so which Linux distro do Windows users like not going to sway me much.

no i am

or was

I mean really, if I thought i could do it, which i can, and i thought it would work, which me alone it wouldn't I'd make essentually Netscape Linux powered by XUL and XPCOM tech

buuuuuut

WG9s: 80s windows

!

I like how openbox is more advanced than all of 80s windows

so many no longer where "there is only XUL" comes from.

There is no data, there is only XUL

first of all they don;t know how to pronounce XUL.

well it is pronounced much like the samarian shapeshifting god .. nothing strange about that WG9s

:P

CaptainTobin: so ar you one of them? XUL is pronounced ZOOL so is a Ghostbusters refernce!

well here if you refer to this chart showing the reletive size of people who know how to pronounce it vs who do not by means of the reletive twinkie size to chaos hypothisis

that is the scene form the move where the "there is only XUL" thing came form

oh wait

i didn't tell you about the twinkie

but suffice it to say the data clearly shows I am full of shit and love ghostbusters provong There is no Data only XUL

WG9s: if you follow me lol

and you know what ... watching that scene again.. YEAH that is totally just how mozilla development goes

yay

I can no longer login to one of my bsnks

--banks

thanks to fucking Clownflare

I'm stuck at captcha hell

no matter how many times I tick the "YES I AM A HUMAN STOP BUGGING ME" checkbox, it fails anyway

tomman: in these instances you need a today-mozilla based browser compainion program that can take the place of a secondary browser.. because why run chrome or firefox when you already have a default browser when you just need the thing for that one site for five minutes

I refuse

nope

I have a simpler solution

I'm CLOSING this bank account

this will be oh-so convenient...

penny bank?

some Venezuelan hipster bank named "Bancamiga"

if it isn't shaped like a pig.. you loose

I guess I do not need that international debit card anymore

tomman: no i mean this is a circumstance that would be perfect for a much simpler browser that will simply discard the session afterword

you have sealed the main use case for me thank you tomman

I refuse to use a secondary web browser

well, time to take all of my money away from that bank

that also means it gonna hurt since one of my forex accounts there doesn't allow for cash withdrawals

so that means sell my few buckos on it, and take a loss

I apprciate and respect your stance on this dude but it is gonna make it harder for you not so much for them

I am ROYALLY PISSED OFF right now

no, UA overrrides won't work

tomman: on one hand I feel the same amount of pissed offness because I have had similar situations .. but on the other you have given me a solid basis and use case for a thing i wanna do that was far more fuzzy on justification

time to call this goddamned bank

yes

call those motherfuckers

...and then I remember

this bank does not have a callcenter, unlike every other bank in Venezuela

GAAAH!

tomman: can't you just put yourself in a big box and ship yourself to somewhere else?

NO.

now, if ClownFart breaks with this bank, it's matter of time to break everybody not using Thy Holy Chrome

so if I made a simpler browser that forgets its shit after it is closed for these specific cases you wouldn't use it?

I just want to kill Clownflare

nothing more, nothing less

I want them to GO AWAY

hope they get massively hacked by some ugly actor

cloudflare is a threat to freedom

in the truest sense

and now to my money too!

because thanks to some hipster bank IT "ops" idiot, I'm barred from entering into my very own account

Ooh, I can call the banking regulator

..nevermind, they're also drinking the Google kool-aid on some of their subsites too

Called the bank

surprisingly they now have a call center for "fraud monitoring"

got told to pound sand

Basically the slaves there told me the crapola to clear history and cookies, and to use another browser

had to remind them that I'm NOT a computer challenged moron, but a dude with an actual IT degree from a college

...got told to go to a branch to close my accounts

It's a shame after all, as I kinda liked this bank... until they decided to enroll ClownFart

I'm pretty much sure it's a config error on the bank side, but alas, there is no way to talk to anyone in IT from a customer call center

with cloudflare, the only way to get a response is to visit their support site, and complain there: news.ycombinator.com

I doubt Hackernews care about someone living in a country they can't point at a map

(and if they can, they will use their wretched politics to derail the thread into "the USA government suuuucks"

yes, but then someone who does work at cloudflare will read it and check inside and that'll make them realize not all browsers provide the Origin header as they intended or something

this, btw... CloudFlare *has* (or at least had, for their usual "browser check") fallbacks. a few of them

doesn't prevent them from aiming at their own feet and making it fail despite that

it seems they don't actually test the fallbacks on browsers where these would be needed?

or maybe the resulting DDoS is meant as a test of *cloudflare's* own infra?

OK, had a nice call with the banking regulator

they tried to punt the case to the telcos regulator (!!!)

I told them that CF is one Executive Order away from fucking up raw with Venezuelan banking (had to play my inner red commie card!) so the ball was on THEIR court, not with the telcos

they told me to write a formal complaint letter to the bank, send it over email, wait 20 days, and if the bank hasn't replied, then call them again to continue escalating the case

suddenly I had to remind those idiots that they're supposed to be against 'merica :P

Clownflare meddling with our banks is hardly matter of the telco regulator (although they could order telcos to block Clownflare, which would cause all sorts of collateral damage... hmmm...)

tomman: be careful dude are you at odds with the US government's bullshit cause plenty of americans are as well

besides, america the idealized concept is still worth something.. if we started actually living it and not whatever .. this is

CaptainTobin: I can be against commies here, but also against greedy 'merican conglomos

but if you're escalating things to get heard, you need to kniow when to switch masks

tomman: i still believe we'd be lucky if it was just the traditional american 80s style corperate greed.. it's well worse than that

if it was just about money and wealth .. it be long done with by now

you get what I mean

to me it seems more like a huge excersize to justify increasingly bad ideas just to see how much people will take

like a long running test just to see how far you can go

the money the wealth the virtuous nature of your beliefs its all secondary or so it seems

just trappings to distract from .. what even

tomman: Robocop was an optimistic dystopian future.. but nothing beats cold hard reality

man depressing

but maybe I can help fix the world with computers

buuut everyone else is gonna have to do their part too that's always the tricky bit

but often times humanity.. eventually.. does .. enough .. to fix these things .. for a while.. and we are about due i think

IanN_Away: are you around?

I could kick ban foman and Tobin form #SeaMonkey but thought better someone with authority!

WG9s: we all have a rant occasionally

CaptainTobin and tomman: don't get too sweary and ranty please

i'm sure there are rooms on this server that let you get very sweary and ranty...

tomman: does cloudflare have infra in venezuela?

tomman: also, escalating with wording reminds me of a part of Guy Delisle's chronicles in DPRK

si was more taking over channel for off topic stuff than being sweary and ranty that I asked iANn TO INTERVENE ON.

the cloudflare bit is important, because if not, they're probably running afoul of some law or rule somewhere

depends on who picked them and why, .pt is also sometimes relying on what's most likely not even EU tech wih Google, and Sompi has pointed out the current state of affairs where apparently one can't even log in to Kela's self-service page

that was simple, I think, wasn't it checkboxes, drop down boxes, and a button?

I was trying to get unrant-y guess i need to work on it sorry WG9s IanN_Away

i wa not complaining bout the ranting was just it was getting off topic

off topic ranting is whhat triggered my asking Ian to help meant not to do that on the channel but I scresed up

it was actully tomman who got this off to complaints about banking regulators that triggered me

well WG9s I am taking that and other similar issues to heart and trying to not do those things or at least as much

so reanting is fine to a degree but off topic ranting not so much in my opinion.

is ghostbusters on-topic?

:-P

yes

i better not mention the Oscars either

as long as seamonkey uses xul

lol

i am imposing that on everyone

no choice ban me lol

IanN_Away: people still care about the oscars?

i mean real people

interesting *stops talking about it* :P

CaptainTobin: I thought it was a reality show...

I guess in .pt many people were instead watching vote counting unfold. Whether that's a better or worse show than the AMPAS one, I can't tell without comparing both.

njsg: any broken water mains or hanging chads?

the former I think not, latest such incident I heard about was in Espoo

hanging chads I suppose require more complex ballots and machine reading?

but well, for offtopics this is probably one to avoid as it includes politics, and politics chat tends to have more potential energy for a blowup

well that was like 24 years ago i might remember that is likely correct lol

i was what 15 couldn't even vote but i sure remember all dem chads

that was four years before John Edwards got one vote for president?

i only remember he exists because the name is associated with a thing that exists.. i recall literally nothing about the man lol

what the hell is a John Edwards?

heh

oh right.. the internet

hold on

oh that sob

lol

vice-presidential run-mate of John Kerry, was that 2004?

well i sure remember John Kerry

he was like right in the middle of everything at the time and yet he is so unremarkable as an existing entity..

back in the day way beofe the bush/gore election my town used those butterfly ballots. were a thing form the 1960s when punch cards were the thing. had nd old style puch card in the balit booklet that recoreced your vote but wa perforated card and punching device that puched out the wholes but after you had to atke the atd out and manke sure the patriolly puched out thikgs were ocmpletely...

...disconnected.

during the bush.gore election me direct supervisor's name was Chad. SO i made fun by calling him the hanging Chad, as in the hanging judge.

and now i am off topi

topic

the last thing deeply political i will remark on because i do believe it is there should be no such thing as politician as a lifelong career they should have an idea run serve and piss off back to normal life

Sorry for all the unrest here, folks, but yeah, CF triggers me BADLY, especially when it gets in the way

but a difference between people who want to serve, and those who want to contiue to get money from loyists.

lobyists

now my problem with CF sadly has become perosnal

--personal

i should hvae just said off here we are getting abit off topic instead of asking IanN for help

now I have to invest my free time researching on applicable laws and legal precedent to write a formal complaint letter to my bank, and also to the banking regulator

the pro in all this is unlike some places even tho one of us flies off the handle it can useally be dealt with rather than bans wars and huge specticals

all because CF declared SeaMonkey "lolno"

FWIW, UA overrides for both <bank domains> and *.clownflare.com didn't helped at all

clearing cookies and storage didn't helped

something is causing CF to get stuck at the "I'm a human!" challenge

tomman: remember dude when they pulled this before they were using complex experimental crap to do insane work to prove your browser is not old and insecure and approved

if this one were another ordinary website, I would have moved on... but sadly it's my money on the line

again, I offer my apologies if this caused any unpleasant situation here...

tomman do you have an adblocker or such?

WG9s: not client-side

I do block ads via DNS

I did tried from my cellphone on FF, and the CF challenge passes there

of course, I'm not doing my banking from a cellphone

osme of these cript blockers and add or script clockers and even cross site script blocking breack sucu stipd things

ha, even the banking regulator customer support agent told me to use "an app"

tomman: that is what this is about

make the web so unseable everyone has to use the gated app

or social networks

which... again, involves "apps"

cause i had another case where the solution was "use the app"

or use a different bank

tomman: it could be tho the bank's custom rules at fault as well

WG9s: I have account with seven banks, actually, but only this one issues international cards (due to very complicate laws here)

and at least another two are testing the water with Chromeisms

when Moonchild would fuck up his clownflare it would pull all kinds of havoc.. i eventually had to just get him to lift the protection so my shit could actually fuction without him being required to fix something

thankfully the other four are still stuck in the early '00s :)

CaptainTobin: at least you knew who was in charge and something could be done

as a hint better to use a small bank without a huge ATM network. most of them will refund any ATM fees using anyone elses ATM cheaper for them to do this than establixh a hughe ATM netowrk or pay the fees required to join one.

try calling someone at IT at a bank to relax their Clownflare BS

tomman: Yes. Didn't I.

WG9s: this one bank also has ATM-free debit cards, ironicaly

...the only one in the country since they issue Debit MasterCard instead of Maestro

so... yeah, I got baited, nicely

tomman: do they not get that the app uses the same web the web site does hell the app may JUST BE ONLY a browser widget displaying the site

here comes the funny part

the app offers some native functionality

but they also have a icon that punts you to the webapp, but the app itself performs the login

that part seems to be safe from Clownflare interference

ah to collect your contacts and sim data to link your account to that telecomm account

well maybe they allow unrestricted access with oauth via the app but fuck you on the normal web like github now does

except without the 2fa yet

unless you have to do 2fa

eeeeh....

well, ackshually™

they offer you SMS 2FA (like most other banks), but they crippled it so badly unless you opt in to "Google authenticator" (AKA TOTP)

fun fact: my "Google Authenticator" is... a KaiOS cellphone :D

(With no SIM)

my authinticator is a bash script i wrote that calls to oauthtool

oathtool?

whatever it is

if you don't opt in to that, then you get endless prompts to enter SMS codes that may or may not arrive

also, they're the only bank in the country that pulls all that

but the Clownflare challenge was the one that blew my gasket

tomman: here you go the most insecure 2factor auth ever dpaste.org/OsYO6

that was my solution to multi freakin dumb auth

whatcha think

> "Useage: Read the script source...\n"

:D

that's almost JWZ levels of evil :D

misspelled too

i think

tomman: I am Netscape. I have always been Netscape.

tomman: but yeah the fact I added the case to display the message but didn't bother to explain anything is quite nasty now that I think of it

nasty with a big N

CaptainTobin: I was always Mosiac fan not a big Netscape fan Netscape brought us Ads.

Mosaic ws funded by a govenment grant so was paid for by taxpayerers and could not get Ad money, but one of the developers when off to found Netscape stealing the government funded coded to found a for profit company.

:(

Too many business owners do the same thing :(

and that was Marc Andreessen and Netscape.

OK, managed to reproduce the ClownFlare captcha loop on a CLEAN profile of latest SM2.53.18.1

i.e. stable

so it's CF that is actively saying "go away"

the wikipeidia articles say that mozaic changed their name to netscpe but that is revisionist history.\

let's check the console..

"Request for the Private Access Token challenge"

tick the "I'm human FFS!!!" checkbox...

and I get a error

but a error that gets caught

...and then the page reloads

wonder what's on that error

ha, the widget is called "Cloudflare Turnstile"

great, it's half a megabyte of minified dog vomit

but it's pointing at a script error at their challenge script

so indeed ClownFart is testing in production as expected

wtf is this syntax!?

this.h[c[kH(2445)](c208,this.g][0]++

nevermind, the position of the error changes on each API call

of course CF wanted this to be as undebuggable as possible

there is a stacktrace you can navigate, but since the page reloads after a while, it gets very hard to dive into it

but now it's clear to me: the error is on CF's side, not on the bank

as soon as I tick the "I AM A HUMAN, FOR REAL, STOP MAKING MY LIFE MISERABLE!!!" checkbox, a exception triggers, gets caught, and the page reloads

and you can't get past it

so indeed ClownFart broke SeaMonkey

forum.palemoon.org/viewtopic.php?f=3&t=30950&hilit=cloudflare WOW

it's not just me™

> Everyone who runs into the captcha failing please contact cloudflare about this. make sure they get enough requests for fixing this so they take note. include the "ray id" at the bottom when you do.

sadly I don't get a Ray ID, tho

test it yourself: online.bancamiga.com/?p=1 (not sure if it opens outside Venezuela, tho)

wait, click the checkbox, then... the whole page reloads, sometimes with a "it's taking too much to reload, click here"

--taking too much to authenticate

and of course, CF use Dischorse as their forum platform, lovely

how fitting

Anyway, I now know what's happening, and of course chances are good that noone at my bank have noticed

I'll have to reference those threads on my complaint letter to the bank

SteamDB is also borken

community.cloudflare.com/t/browser-integrity-check-broken/381029 of course CF's official policy is "we don't care, complain with the site owners" (which I DID)

CaptainTobin: some banks feel the need to push apps, might be as simple as that :-\

"use Chromium"

how about you stop trying to tell me what I should run on the computer I OWN (not lease from you), pretty please?

> Do you think that anyone from Cloudflare is going to go out of their way to offer you assistance when more than half of this post is ranting ‘at best’ and calling their livelihoods criminal & disgusting ‘at worse’?

I'm glad I don't work there, unlike them, I have *morals* and *ethic*

(anyone with accounts either at PM forums or CF Dischorse, please tell them it also broke SeaMonkey - I'm not in the mood to create forum accounts right now, especially at a Dischorse)

tomman: don't use the discourse venue, that's littered with first-tier supprot

:D

s@rot@ort@

I really mean it when I say that last time with Origin: what solved it was the orange site

their discourse venues were filled with people saying "that's an unsupported client" etc etc

just going by silly scripts or the like

unfortunately the chances of my bank fixing this at their end are close to zero

uh it requires webgl?

hopefully that just makes it fallback

but yes, can reproduce

Steamdb.info is also broken due to this: you can't get past the endless challenge that does not work anymore because Clownflare hates us

so they've *again* broken their fallback by expecting *all* browsers to follow HTTP header behaviour that is only implemented in some browsers?

that's precisely what they did with Origin:

they had it all neatly arranged for fallback, but rejected any request without Origin:

but is this access-control-allow-origin then, or is that just something else people are observing along with this?

for cf-rays see the network tab of the devtools inspector, it seems to be included as header in some requests

tomman: btw had the address in my notes: news.ycombinator.com/item?id=31317886

> I'm sorry that this has caused a serious issue for quite a large number of users, and that we were not more reachable in our community forum. I'll provide a follow-up here when we have an update on the bug. Thank you again for taking the time to write this up!

what a non-apology

it still seems to have been what got the issue fixed internally, or am I misremembering?

haven't read that in a long time

...and they broke it again in 2023. And again in 2024

and will happen forever and ever

tomman: just to double check, I'll reread the pale moon and discourse topics later, but: has anyone identified what precisely is making cloudflare's check fail?

good luck debugging a heavily obfuscated and minified ~0.5MB JS blob

and of course since this Browser Integrity Check™, it has been made hard enough to debug

I was thinking more along the lines of bisecting firefox releases first

first things first: they do reject some firefox versions based on UA, so maybe that gives clues

actually first things first closing down a few tabs I have open on a heavy webapp...

they do feature detection AFAIK

they know UA spoofing is a thing, so they get extra nasty there

(FWIW using a FF118 ESR UA won't work)

yes, but they're also showing a "too old" message for some UAs, so there's some hope that gives a starting point

Over here I see no message,it just... starts over

(the exception fires when ticking the human checkbox)

FX 69 UA shows "your browser is out of date!", FX 70 goes to the challenge

developers.cloudflare.com/waf/refer…udflare-challenges/#browser-support this doesn't really get to be called documentation sadly

either that, or this product is actually a massive downgrade

"browser integrity check" has fallback for browsers other than the select few they decided to support, this one doesn't?

... isn't "reCAPTCHA" google's captcha?

yes it is

that's fun, look at bancamiga's page :-D

okay, firefox 70 gets through: the passing request that's a 403 in seamonkey does carry Origin: in Fx70... but the difference I'm more interesting in is that in SeaMonkey it's GET, in Fx70 it's POST

so... anything changed that'd default to GET and then defaulted to POST later?

(or it's possibly their attempt at working around some different behaviour?)

what makes it fail may indeed be that the challenge response data cloudflare wants is passed as "form data" in the POST request

sounds consistant with the last time

njsg:

using shineys then fucking up the fallbacks

this is giving me some dejavu and indeed just found one more thing in the browser history that sounds fitting

screwing*

I need to relearn the little I had seen of CORS preflight