08:15:39 frg_Away: I won Linux from Scratch 08:16:08 CaptainTobin I am too lazy and just use stock Rocky 8. 08:16:41 that's cool it will be a long time before I could consider putting a from scratch distro i do in the position of server os 08:17:11 but I did it.. i did linux from scratch and it booted successfully 08:18:25 When Suse was young so 6.0 199x I compiled my own kernels, X11 and stuff. Gave up when a 1000 dependencies took over. 08:18:58 like mozilla and the rusticals? 08:19:48 I have learned a great deal in the past 3 days 08:19:56 and I am pretty happy about that 08:20:07 yeah. Then it was cvs then some switched to svn and then cmake and it got messy. Ran self compiled kde 3.5 for a long time too. 08:20:28 I kinda like compiling the kernel to my specifications (big shock) tho doing the whole thing more than once or twice a year would get old 08:20:38 Yes I learned lots of things too but I just don't have the time any more. 08:25:08 well my system is resisting getting windows 10 reinstalled and updated 08:25:16 the os update constantly fails 08:25:20 and fucks all updates 08:25:23 and i dunno why 08:25:41 or when this happened as i haven';t been updating this craptop and i been off windows on my workstation since october 08:25:57 There are problems with 2 KBs as far as I know. 08:28:07 also another reason I am doing LFS is I am 100% done with trying to deal with systemd any further than a basic unit file in my established server setup.. systemd is in the way of me being able to manage my system.. so sysvinit i go.. i know bash scripting fairly well 08:29:38 also, i can use a copy of it as a chroot os and craft a mozillabuild chroot distro that can and will continue to be able to build UXP, SM, and Mozilla 08:30:23 likely wouldn't take much to extend it to be at least VM bootable 08:30:27 i figure 08:30:39 well sysetmd is like rust but I have given up any crusade against such stuff. Life is too short. In the case of rust I will just make sure that it does not creep directly into suite code. 08:31:29 I think rust is a bad idea but I fear I will have to learn rust eventually but damn sure not befure I aquire some messure of the sea plus plus 08:31:46 i refuse to learn one iota of rust before c++ 08:34:17 well with all the backporting I touch lots of this stuff but have no time to really dig into it. But rust is too abstract for me. In 10 years from now it will become interesting. You might need KI then to understand the old code :) This will bite anyone useing it I am pretty sure. 08:37:38 well one thing I could do is attempt to keep a rust free linux kernel 08:38:37 but i doubt that is gonna happen once rust modules get added and redhat and canonical start using em 08:38:44 anyway I am just super happy that I was victorious and won Linux from Scratch and actually accomplished something tangible beyond xref and a web design since july 2022 08:39:13 I compiled barely an operating system. 08:40:10 and it worked. 08:40:41 Paradigm or not.. 08:40:46 I am Tobin. 08:40:50 NO ONE CAN STOP ME! 08:40:56 good night frg_Away 08:41:05 nn 09:37:43 x11 probably got funnier to compile in recent years, I think freedesktop has switched a lot of build systems, so now some packages end up pulling these dependencies 09:37:52 I think it's a python-based one, but I might be misremembering 09:38:10 well s@x11@xorg@ 14:27:57 shouldn't there be a link in the topic to where the log for this channel is???? 14:35:38 !seen rsx11m\ 14:35:45 !seen rsx11m 15:14:14 WG9s: oh man BinOC/Linux is gonna be the bestest distro evar 15:15:26 Linux as envisioned by a mozilla traditionalist and windows user.. what could possibly go wrong! 15:17:15 WG9s: according to libera chat rules channels must make it plainly obvious a public channel is logged.. least that was the standard *I* was held to 15:18:34 i have NOT been a window user since sometome in the 1980's but work mandated me using windows there. so which Linux distro do Windows users like not going to sway me much. 15:18:41 no i am 15:18:44 or was 15:19:36 I mean really, if I thought i could do it, which i can, and i thought it would work, which me alone it wouldn't I'd make essentually Netscape Linux powered by XUL and XPCOM tech 15:19:53 buuuuuut 15:20:51 WG9s: 80s windows 15:21:02 ! 15:21:34 I like how openbox is more advanced than all of 80s windows 15:22:26 so many no longer where "there is only XUL" comes from. 15:23:14 There is no data, there is only XUL 15:23:19 first of all they don;t know how to pronounce XUL. 15:24:06 well it is pronounced much like the samarian shapeshifting god .. nothing strange about that WG9s 15:24:08 :P 15:24:38 CaptainTobin: so ar you one of them? XUL is pronounced ZOOL so is a Ghostbusters refernce! 15:25:52 https://youtu.be/lg7MAacSPNM 15:26:36 well here if you refer to this chart showing the reletive size of people who know how to pronounce it vs who do not by means of the reletive twinkie size to chaos hypothisis 15:26:47 that is the scene form the move where the "there is only XUL" thing came form 15:27:00 oh wait 15:27:09 i didn't tell you about the twinkie 15:27:58 but suffice it to say the data clearly shows I am full of shit and love ghostbusters provong There is no Data only XUL 15:28:25 WG9s: if you follow me lol 15:29:51 https://www.youtube.com/watch?v=j3Uy9wsfkok 15:33:12 and you know what ... watching that scene again.. YEAH that is totally just how mozilla development goes 15:39:36 yay 15:39:40 I can no longer login to one of my bsnks 15:39:42 --banks 15:39:48 thanks to fucking Clownflare 15:39:51 I'm stuck at captcha hell 15:41:27 no matter how many times I tick the "YES I AM A HUMAN STOP BUGGING ME" checkbox, it fails anyway 15:41:46 tomman: in these instances you need a today-mozilla based browser compainion program that can take the place of a secondary browser.. because why run chrome or firefox when you already have a default browser when you just need the thing for that one site for five minutes 15:41:53 I refuse 15:41:55 nope 15:42:00 I have a simpler solution 15:42:04 I'm CLOSING this bank account 15:42:08 this will be oh-so convenient... 15:42:12 penny bank? 15:42:23 some Venezuelan hipster bank named "Bancamiga" 15:42:28 if it isn't shaped like a pig.. you loose 15:42:35 I guess I do not need that international debit card anymore 15:43:18 tomman: no i mean this is a circumstance that would be perfect for a much simpler browser that will simply discard the session afterword 15:43:30 you have sealed the main use case for me thank you tomman 15:43:42 I refuse to use a secondary web browser 15:43:52 well, time to take all of my money away from that bank 15:44:07 that also means it gonna hurt since one of my forex accounts there doesn't allow for cash withdrawals 15:44:17 so that means sell my few buckos on it, and take a loss 15:44:26 I apprciate and respect your stance on this dude but it is gonna make it harder for you not so much for them 15:44:26 I am ROYALLY PISSED OFF right now 15:47:29 no, UA overrrides won't work 15:47:31 tomman: on one hand I feel the same amount of pissed offness because I have had similar situations .. but on the other you have given me a solid basis and use case for a thing i wanna do that was far more fuzzy on justification 15:47:41 time to call this goddamned bank 15:47:49 yes 15:47:55 call those motherfuckers 15:50:21 ...and then I remember 15:50:33 this bank does not have a callcenter, unlike every other bank in Venezuela 15:50:35 GAAAH! 15:51:02 tomman: can't you just put yourself in a big box and ship yourself to somewhere else? 15:51:07 NO. 15:56:48 now, if ClownFart breaks with this bank, it's matter of time to break everybody not using Thy Holy Chrome 15:57:35 so if I made a simpler browser that forgets its shit after it is closed for these specific cases you wouldn't use it? 15:58:15 I just want to kill Clownflare 15:58:21 nothing more, nothing less 15:58:24 I want them to GO AWAY 15:58:31 hope they get massively hacked by some ugly actor 15:58:32 cloudflare is a threat to freedom 15:58:37 in the truest sense 15:58:40 and now to my money too! 15:58:57 because thanks to some hipster bank IT "ops" idiot, I'm barred from entering into my very own account 15:59:56 Ooh, I can call the banking regulator 16:00:08 ..nevermind, they're also drinking the Google kool-aid on some of their subsites too 16:24:57 Called the bank 16:25:05 surprisingly they now have a call center for "fraud monitoring" 16:25:10 got told to pound sand 16:25:28 Basically the slaves there told me the crapola to clear history and cookies, and to use another browser 16:25:51 had to remind them that I'm NOT a computer challenged moron, but a dude with an actual IT degree from a college 16:26:00 ...got told to go to a branch to close my accounts 16:26:26 It's a shame after all, as I kinda liked this bank... until they decided to enroll ClownFart 16:28:11 I'm pretty much sure it's a config error on the bank side, but alas, there is no way to talk to anyone in IT from a customer call center 16:49:31 with cloudflare, the only way to get a response is to visit their support site, and complain there: news.ycombinator.com 17:12:34 I doubt Hackernews care about someone living in a country they can't point at a map 17:13:26 (and if they can, they will use their wretched politics to derail the thread into "the USA government suuuucks" 17:13:59 yes, but then someone who does work at cloudflare will read it and check inside and that'll make them realize not all browsers provide the Origin header as they intended or something 17:14:36 this, btw... CloudFlare *has* (or at least had, for their usual "browser check") fallbacks. a few of them 17:14:46 doesn't prevent them from aiming at their own feet and making it fail despite that 17:15:03 it seems they don't actually test the fallbacks on browsers where these would be needed? 17:16:01 or maybe the resulting DDoS is meant as a test of *cloudflare's* own infra? 17:28:52 OK, had a nice call with the banking regulator 17:28:56 they tried to punt the case to the telcos regulator (!!!) 17:28:59 I told them that CF is one Executive Order away from fucking up raw with Venezuelan banking (had to play my inner red commie card!) so the ball was on THEIR court, not with the telcos 17:29:05 they told me to write a formal complaint letter to the bank, send it over email, wait 20 days, and if the bank hasn't replied, then call them again to continue escalating the case 17:29:10 suddenly I had to remind those idiots that they're supposed to be against 'merica :P 17:29:48 Clownflare meddling with our banks is hardly matter of the telco regulator (although they could order telcos to block Clownflare, which would cause all sorts of collateral damage... hmmm...) 17:38:50 tomman: be careful dude are you at odds with the US government's bullshit cause plenty of americans are as well 17:41:17 besides, america the idealized concept is still worth something.. if we started actually living it and not whatever .. this is 18:06:24 CaptainTobin: I can be against commies here, but also against greedy 'merican conglomos 18:06:40 but if you're escalating things to get heard, you need to kniow when to switch masks 18:11:13 tomman: i still believe we'd be lucky if it was just the traditional american 80s style corperate greed.. it's well worse than that 18:12:53 if it was just about money and wealth .. it be long done with by now 18:13:00 you get what I mean 18:14:54 to me it seems more like a huge excersize to justify increasingly bad ideas just to see how much people will take 18:15:20 like a long running test just to see how far you can go 18:16:00 the money the wealth the virtuous nature of your beliefs its all secondary or so it seems 18:16:20 just trappings to distract from .. what even 18:18:01 tomman: Robocop was an optimistic dystopian future.. but nothing beats cold hard reality 18:18:59 man depressing 18:19:12 but maybe I can help fix the world with computers 18:20:13 buuut everyone else is gonna have to do their part too that's always the tricky bit 18:21:08 but often times humanity.. eventually.. does .. enough .. to fix these things .. for a while.. and we are about due i think 19:04:20 IanN_Away: are you around? 19:05:16 I could kick ban foman and Tobin form #SeaMonkey but thought better someone with authority! 19:06:10 WG9s: we all have a rant occasionally 19:06:41 CaptainTobin and tomman: don't get too sweary and ranty please 19:07:42 i'm sure there are rooms on this server that let you get very sweary and ranty... 19:12:49 tomman: does cloudflare have infra in venezuela? 19:15:01 tomman: also, escalating with wording reminds me of a part of Guy Delisle's chronicles in DPRK 19:16:12 si was more taking over channel for off topic stuff than being sweary and ranty that I asked iANn TO INTERVENE ON. 19:16:14 the cloudflare bit is important, because if not, they're probably running afoul of some law or rule somewhere 19:17:20 depends on who picked them and why, .pt is also sometimes relying on what's most likely not even EU tech wih Google, and Sompi has pointed out the current state of affairs where apparently one can't even log in to Kela's self-service page 19:17:27 * njsg wonders if they broke OmaKanta too 19:17:49 that was simple, I think, wasn't it checkboxes, drop down boxes, and a button? 19:17:52 I was trying to get unrant-y guess i need to work on it sorry WG9s IanN_Away 19:18:23 i wa not complaining bout the ranting was just it was getting off topic 19:19:09 off topic ranting is whhat triggered my asking Ian to help meant not to do that on the channel but I scresed up 19:21:43 it was actully tomman who got this off to complaints about banking regulators that triggered me 19:22:37 well WG9s I am taking that and other similar issues to heart and trying to not do those things or at least as much 19:22:58 so reanting is fine to a degree but off topic ranting not so much in my opinion. 19:23:19 is ghostbusters on-topic? 19:23:20 :-P 19:23:25 yes 19:23:32 i better not mention the Oscars either 19:23:34 as long as seamonkey uses xul 19:23:35 lol 19:23:47 i am imposing that on everyone 19:23:51 no choice ban me lol 19:24:29 IanN_Away: people still care about the oscars? 19:24:34 i mean real people 19:24:52 interesting *stops talking about it* :P 19:25:02 CaptainTobin: I thought it was a reality show... 19:27:07 I guess in .pt many people were instead watching vote counting unfold. Whether that's a better or worse show than the AMPAS one, I can't tell without comparing both. 19:27:48 njsg: any broken water mains or hanging chads? 19:29:40 the former I think not, latest such incident I heard about was in Espoo 19:30:05 hanging chads I suppose require more complex ballots and machine reading? 19:30:47 but well, for offtopics this is probably one to avoid as it includes politics, and politics chat tends to have more potential energy for a blowup 19:30:58 well that was like 24 years ago i might remember that is likely correct lol 19:31:39 i was what 15 couldn't even vote but i sure remember all dem chads 19:32:10 that was four years before John Edwards got one vote for president? 19:32:47 i only remember he exists because the name is associated with a thing that exists.. i recall literally nothing about the man lol 19:33:19 what the hell is a John Edwards? 19:33:22 heh 19:33:33 oh right.. the internet 19:33:36 hold on 19:33:53 oh that sob 19:33:54 lol 19:34:22 vice-presidential run-mate of John Kerry, was that 2004? 19:34:38 well i sure remember John Kerry 19:36:15 he was like right in the middle of everything at the time and yet he is so unremarkable as an existing entity.. 19:36:41 back in the day way beofe the bush/gore election my town used those butterfly ballots. were a thing form the 1960s when punch cards were the thing. had nd old style puch card in the balit booklet that recoreced your vote but wa perforated card and punching device that puched out the wholes but after you had to atke the atd out and manke sure the patriolly puched out thikgs were ocmpletely... 19:36:42 ...disconnected. 19:38:07 during the bush.gore election me direct supervisor's name was Chad. SO i made fun by calling him the hanging Chad, as in the hanging judge. 19:38:17 and now i am off topi 19:38:20 topic 19:38:50 the last thing deeply political i will remark on because i do believe it is there should be no such thing as politician as a lifelong career they should have an idea run serve and piss off back to normal life 19:40:42 Sorry for all the unrest here, folks, but yeah, CF triggers me BADLY, especially when it gets in the way 19:40:50 but a difference between people who want to serve, and those who want to contiue to get money from loyists. 19:40:54 lobyists 19:41:02 now my problem with CF sadly has become perosnal 19:41:04 --personal 19:41:36 i should hvae just said off here we are getting abit off topic instead of asking IanN for help 19:41:38 now I have to invest my free time researching on applicable laws and legal precedent to write a formal complaint letter to my bank, and also to the banking regulator 19:41:45 the pro in all this is unlike some places even tho one of us flies off the handle it can useally be dealt with rather than bans wars and huge specticals 19:41:52 all because CF declared SeaMonkey "lolno" 19:42:22 FWIW, UA overrides for both and *.clownflare.com didn't helped at all 19:42:29 clearing cookies and storage didn't helped 19:42:41 something is causing CF to get stuck at the "I'm a human!" challenge 19:43:04 tomman: remember dude when they pulled this before they were using complex experimental crap to do insane work to prove your browser is not old and insecure and approved 19:43:09 if this one were another ordinary website, I would have moved on... but sadly it's my money on the line 19:43:36 again, I offer my apologies if this caused any unpleasant situation here... 19:43:37 tomman do you have an adblocker or such? 19:43:43 WG9s: not client-side 19:43:47 I do block ads via DNS 19:44:17 I did tried from my cellphone on FF, and the CF challenge passes there 19:44:32 of course, I'm not doing my banking from a cellphone 19:44:43 osme of these cript blockers and add or script clockers and even cross site script blocking breack sucu stipd things 19:44:49 ha, even the banking regulator customer support agent told me to use "an app" 19:45:02 tomman: that is what this is about 19:45:11 make the web so unseable everyone has to use the gated app 19:45:20 or social networks 19:45:27 which... again, involves "apps" 19:45:29 cause i had another case where the solution was "use the app" 19:46:00 or use a different bank 19:46:01 tomman: it could be tho the bank's custom rules at fault as well 19:46:28 WG9s: I have account with seven banks, actually, but only this one issues international cards (due to very complicate laws here) 19:46:37 and at least another two are testing the water with Chromeisms 19:46:48 when Moonchild would fuck up his clownflare it would pull all kinds of havoc.. i eventually had to just get him to lift the protection so my shit could actually fuction without him being required to fix something 19:46:56 thankfully the other four are still stuck in the early '00s :) 19:47:19 CaptainTobin: at least you knew who was in charge and something could be done 19:47:20 as a hint better to use a small bank without a huge ATM network. most of them will refund any ATM fees using anyone elses ATM cheaper for them to do this than establixh a hughe ATM netowrk or pay the fees required to join one. 19:47:31 try calling someone at IT at a bank to relax their Clownflare BS 19:47:35 tomman: Yes. Didn't I. 19:47:49 WG9s: this one bank also has ATM-free debit cards, ironicaly 19:48:06 ...the only one in the country since they issue Debit MasterCard instead of Maestro 19:48:15 so... yeah, I got baited, nicely 19:48:18 tomman: do they not get that the app uses the same web the web site does hell the app may JUST BE ONLY a browser widget displaying the site 19:49:21 here comes the funny part 19:49:27 the app offers some native functionality 19:49:41 but they also have a icon that punts you to the webapp, but the app itself performs the login 19:49:53 that part seems to be safe from Clownflare interference 19:49:56 ah to collect your contacts and sim data to link your account to that telecomm account 19:50:44 well maybe they allow unrestricted access with oauth via the app but fuck you on the normal web like github now does 19:50:53 except without the 2fa yet 19:50:58 unless you have to do 2fa 19:51:17 eeeeh.... 19:51:22 well, ackshually™ 19:51:50 they offer you SMS 2FA (like most other banks), but they crippled it so badly unless you opt in to "Google authenticator" (AKA TOTP) 19:51:59 fun fact: my "Google Authenticator" is... a KaiOS cellphone :D 19:52:03 (With no SIM) 19:52:22 my authinticator is a bash script i wrote that calls to oauthtool 19:52:27 oathtool? 19:52:29 whatever it is 19:52:38 if you don't opt in to that, then you get endless prompts to enter SMS codes that may or may not arrive 19:53:00 also, they're the only bank in the country that pulls all that 19:53:13 but the Clownflare challenge was the one that blew my gasket 19:54:34 tomman: here you go the most insecure 2factor auth ever https://dpaste.org/OsYO6 19:56:30 that was my solution to multi freakin dumb auth 19:56:33 whatcha think 19:57:03 > "Useage: Read the script source...\n" 19:57:04 :D 19:57:16 that's almost JWZ levels of evil :D 19:57:18 misspelled too 19:57:20 i think 19:57:52 tomman: I am Netscape. I have always been Netscape. 19:59:00 tomman: but yeah the fact I added the case to display the message but didn't bother to explain anything is quite nasty now that I think of it 19:59:08 nasty with a big N 20:06:25 CaptainTobin: I was always Mosiac fan not a big Netscape fan Netscape brought us Ads. 20:08:12 Mosaic ws funded by a govenment grant so was paid for by taxpayerers and could not get Ad money, but one of the developers when off to found Netscape stealing the government funded coded to found a for profit company. 20:08:34 :( 20:09:15 Too many business owners do the same thing :( 20:11:20 and that was Marc Andreessen and Netscape. 20:11:21 OK, managed to reproduce the ClownFlare captcha loop on a CLEAN profile of latest SM2.53.18.1 20:11:24 i.e. stable 20:11:34 so it's CF that is actively saying "go away" 20:11:56 the wikipeidia articles say that mozaic changed their name to netscpe but that is revisionist history.\ 20:12:03 let's check the console.. 20:12:12 "Request for the Private Access Token challenge" 20:12:25 tick the "I'm human FFS!!!" checkbox... 20:12:27 and I get a error 20:12:37 but a error that gets caught 20:12:42 ...and then the page reloads 20:12:45 wonder what's on that error 20:14:01 ha, the widget is called "Cloudflare Turnstile" 20:15:14 great, it's half a megabyte of minified dog vomit 20:15:34 but it's pointing at a script error at their challenge script 20:15:53 so indeed ClownFart is testing in production as expected 20:19:50 wtf is this syntax!? 20:20:28 this.h[c[kH(2445)](c208,this.g][0]++ 20:22:39 nevermind, the position of the error changes on each API call 20:22:54 of course CF wanted this to be as undebuggable as possible 20:23:38 there is a stacktrace you can navigate, but since the page reloads after a while, it gets very hard to dive into it 20:24:57 but now it's clear to me: the error is on CF's side, not on the bank 20:25:25 as soon as I tick the "I AM A HUMAN, FOR REAL, STOP MAKING MY LIFE MISERABLE!!!" checkbox, a exception triggers, gets caught, and the page reloads 20:25:36 and you can't get past it 20:25:44 so indeed ClownFart broke SeaMonkey 20:29:58 https://forum.palemoon.org/viewtopic.php?f=3&t=30950&hilit=cloudflare WOW 20:30:01 it's not just me™ 20:30:11 > Everyone who runs into the captcha failing please contact cloudflare about this. make sure they get enough requests for fixing this so they take note. include the "ray id" at the bottom when you do. 20:30:18 sadly I don't get a Ray ID, tho 20:31:41 test it yourself: https://online.bancamiga.com/?p=1 (not sure if it opens outside Venezuela, tho) 20:32:02 wait, click the checkbox, then... the whole page reloads, sometimes with a "it's taking too much to reload, click here" 20:32:12 --taking too much to authenticate 20:35:41 and of course, CF use Dischorse as their forum platform, lovely 20:35:43 how fitting 20:40:08 Anyway, I now know what's happening, and of course chances are good that noone at my bank have noticed 20:40:31 I'll have to reference those threads on my complaint letter to the bank 20:40:57 SteamDB is also borken 20:43:21 https://community.cloudflare.com/t/browser-integrity-check-broken/381029 of course CF's official policy is "we don't care, complain with the site owners" (which I DID) 20:44:43 CaptainTobin: some banks feel the need to push apps, might be as simple as that :-\ 20:44:57 "use Chromium" 20:45:27 how about you stop trying to tell me what I should run on the computer I OWN (not lease from you), pretty please? 20:46:18 > Do you think that anyone from Cloudflare is going to go out of their way to offer you assistance when more than half of this post is ranting ‘at best’ and calling their livelihoods criminal & disgusting ‘at worse’? 20:46:34 I'm glad I don't work there, unlike them, I have *morals* and *ethic* 20:50:34 (anyone with accounts either at PM forums or CF Dischorse, please tell them it also broke SeaMonkey - I'm not in the mood to create forum accounts right now, especially at a Dischorse) 20:52:35 tomman: don't use the discourse venue, that's littered with first-tier supprot 20:52:44 :D 20:52:47 s@rot@ort@ 20:53:01 I really mean it when I say that last time with Origin: what solved it was the orange site 20:53:18 their discourse venues were filled with people saying "that's an unsupported client" etc etc 20:53:29 just going by silly scripts or the like 20:53:35 unfortunately the chances of my bank fixing this at their end are close to zero 20:54:20 uh it requires webgl? 20:54:33 hopefully that just makes it fallback 20:54:40 but yes, can reproduce 20:59:34 Steamdb.info is also broken due to this: you can't get past the endless challenge that does not work anymore because Clownflare hates us 21:00:20 so they've *again* broken their fallback by expecting *all* browsers to follow HTTP header behaviour that is only implemented in some browsers? 21:00:25 that's precisely what they did with Origin: 21:00:53 they had it all neatly arranged for fallback, but rejected any request without Origin: 21:01:51 but is this access-control-allow-origin then, or is that just something else people are observing along with this? 21:03:21 for cf-rays see the network tab of the devtools inspector, it seems to be included as header in some requests 21:05:42 tomman: btw had the address in my notes: https://news.ycombinator.com/item?id=31317886 21:06:41 > I'm sorry that this has caused a serious issue for quite a large number of users, and that we were not more reachable in our community forum. I'll provide a follow-up here when we have an update on the bug. Thank you again for taking the time to write this up! 21:06:46 what a non-apology 21:07:22 it still seems to have been what got the issue fixed internally, or am I misremembering? 21:07:26 haven't read that in a long time 21:07:56 ...and they broke it again in 2023. And again in 2024 21:08:03 and will happen forever and ever 21:38:40 tomman: just to double check, I'll reread the pale moon and discourse topics later, but: has anyone identified what precisely is making cloudflare's check fail? 21:39:35 good luck debugging a heavily obfuscated and minified ~0.5MB JS blob 21:39:54 and of course since this Browser Integrity Check™, it has been made hard enough to debug 22:04:28 I was thinking more along the lines of bisecting firefox releases first 22:04:46 first things first: they do reject some firefox versions based on UA, so maybe that gives clues 22:06:03 actually first things first closing down a few tabs I have open on a heavy webapp... 22:10:42 they do feature detection AFAIK 22:10:55 they know UA spoofing is a thing, so they get extra nasty there 22:11:07 (FWIW using a FF118 ESR UA won't work) 22:13:00 yes, but they're also showing a "too old" message for some UAs, so there's some hope that gives a starting point 22:19:39 Over here I see no message,it just... starts over 22:19:53 (the exception fires when ticking the human checkbox) 22:28:39 * njsg ponders why is the mastodon web ui rendering ":tm:" using an image instead of ™ 22:40:05 FX 69 UA shows "your browser is out of date!", FX 70 goes to the challenge 22:42:19 https://developers.cloudflare.com/waf/reference/cloudflare-challenges/#browser-support this doesn't really get to be called documentation sadly 22:42:27 either that, or this product is actually a massive downgrade 22:42:53 "browser integrity check" has fallback for browsers other than the select few they decided to support, this one doesn't? 22:51:45 ... isn't "reCAPTCHA" google's captcha? 22:59:39 yes it is 23:03:21 that's fun, look at bancamiga's page :-D 23:04:15 okay, firefox 70 gets through: the passing request that's a 403 in seamonkey does carry Origin: in Fx70... but the difference I'm more interesting in is that in SeaMonkey it's GET, in Fx70 it's POST 23:04:48 so... anything changed that'd default to GET and then defaulted to POST later? 23:08:59 (or it's possibly their attempt at working around some different behaviour?) 23:12:47 what makes it fail may indeed be that the challenge response data cloudflare wants is passed as "form data" in the POST request 23:33:46 sounds consistant with the last time 23:33:49 njsg: 23:34:03 using shineys then fucking up the fallbacks 23:34:08 this is giving me some dejavu and indeed just found one more thing in the browser history that sounds fitting 23:34:08 screwing* 23:59:48 I need to relearn the little I had seen of CORS preflight