11:26:27 https://forum.palemoon.org/viewtopic.php?f=3&t=30950&sid=45365ffb67dbbc99af2ed558a6c6c824&start=20#p249796 what a surprise, Clownflare relying on non-standard Chromeisms 12:14:31 i said that before tomman 12:14:57 over and over ust the other day 13:20:43 also if anyone from the palemoon forum reads this: ray ids should also show up as headers in requests 13:21:05 I'm not even sure if turnstile has the capability of showing ray IDs, I've only seen these in the full-screen browser integrity check 13:21:12 (or is that one broken too now?) 15:43:52 njsg: as I've said, I get no ray ID from my bank failpage :/ 15:44:02 however I haven't peeked at the requests 15:44:22 other than one request going 403, but according to whatever crap they log on the console, a 403 may be "normal" 15:45:03 https://forum.palemoon.org/viewtopic.php?f=3&t=30950&sid=45365ffb67dbbc99af2ed558a6c6c824&start=20#p249812 oooh, ClownFart closed the ticket from Moonchild over completely unrelated reasons 15:45:06 yaaaaaay~ 15:45:15 CLOSED WONTFIX SUSPICIOUSACTIVITY 15:46:08 OK, need to find a "Clownfart is the enemy of the free Internet" blogpost not written by a nutcase, and THEN I'll have more than enough material to start penciling my formal complaint letter to my bank over this pathetic episode 15:46:45 the problem is that half of the letter will be full of links, and most likely I face the bank rejecting it over "we won't click on those links for SEKURITAH reasons" 15:47:02 but no problemo, the banking regulator told me to bug them again if they tried to play silly 15:49:34 ah no, it's the bank CF's challenge page returning a 403, but instead CF's expected error for some other thing is a 401 15:49:37 " next request for the Private Access Token challenge may return a 401 and show a warning in console." 15:50:11 > cf-ray: 863d2cfc6d4e5c7c-MIA 15:50:16 found it on the headers, as expected 15:50:36 > 863d2d762f5e5c7c-MIA 15:52:21 of course every request comes with a different ray ID 18:57:53 tomman: devtools inspector, network tab, check headers of requests to cloudflare 18:58:19 ah, (I'm reading the backlog sequentially) 18:58:52 I'm this: – far from submitting something to the orange site 19:00:35 tomman: and the 403 is the difference between this and Firefox 70 (where it works) 19:01:16 working interaction IIRC has a 401 indeed 19:07:04 wait so they closed moonbeast's thing but he is a paying customer that relies on klanflare .. do you perhaps think it is because 1 he doesn't pay them enough to care? 19:07:54 and two.. Moonchild runs an old and insecure browser project in the eyes of many? 19:08:16 no, it's because it's first-level support 19:08:48 they have some kind of attraction to shrug anything as "not supported" if the browser is not in their short list 19:08:54 so their script must literally tell them to do that.. first level support people get fired if they use common sense 19:09:13 *even* if it's an obvious issue on cloudflare's side (such as requiring Origin: everywhere *in fallback code* and triggering a DDoS against cloudflare) 19:09:22 well Moonchild is not just a customer but a .. MOSTLY legit browser vendor 19:09:57 it's pretty obvious where is ClownFlare attention: at $GOOG's 19:10:00 this is precisely why I keep saying the way to get support is news.ycombinator.com :-P 19:10:12 and a named party in that now pathetic vs google court case 19:10:36 you may get hit by those who will "but why u no 'modern' browser?", but it is a proven way to get it to the attention of someone inside CF 19:10:45 njsg: I'm THIS close of creating a Hackernews account, but the stench would linger on me for months 19:11:13 but since this involves a party favorite (CF), a bank, real money, and a country everybody loves to blame its downfall on 'merica, it would be nice bait 19:11:14 tomman: I prefer not to explain why I feel like I'm a bit closer than you on that regard. Don't ask me why but it *exists*. 19:11:26 i'd love to go on a crusade about this with you but i am not sure at this specific juncture that would be the wise move for me or y'all 19:12:48 good ol band of strung out mozaddics crusading for internet freedom 19:13:04 tomman: banking entities who have customer-facing IT systems can't just enter contracts with CF or cloud providers without realizing the legal implications of doing so. That's not meant as a threat, but really just an observation. 19:13:09 and there will be some of that to come i am sure but not for me today lol 19:13:30 it might even be seen by some that doing it in the cloud is the way to do it, but they can't just ignore what that implies 19:13:34 njsg: I'm reading the applicable laws on that here, ackshually 19:13:59 fun fact: they're supposed to supply the source code of whatever tool/lib/service if they ever go bust :D 19:14:07 good luck getting ClownFlare sourcecode when they tank 19:14:31 tomman: it's so much *easier* to just ashroom the law and do what you want 19:14:32 but... yes, our applicable laws on IT stuffs on banks are a good read anyway: https://sudeban.gob.ve/wp-content/uploads/N_Prudenciales/26-LA-ADECUADA-TECNOLOGIA-DE-LA-INFORMACION/26-4-1-ANEXO-CC-SBIF-DSB-II-GGTI-GRT-01907.pdf 19:14:57 not that banks or the regulator ever care unless someone at the Party gets pissed off 19:15:16 this is why if I wear my Party T-Shirtâ„¢, I could try to spin this as a national security threat against a "embargoed nation" :D 19:16:08 Ironically it was CF and not the bank that broke access here 19:16:22 I now somehow want to read all this topic through Mafalda 22:05:26 frg, tomman: works in FF78.15.0esr 22:07:14 oh wait, I wanted to test 68 22:09:12 I was finding it strange it didn't tell me the browser was "out of date", I'm amazed I managed to mix the versions this way, though 22:09:39 I had a 78.15.0esr in the same folder I just saved 68.12.0esr in, and grabbed the wrong one 22:15:02 68.12.0esr fails (needs UA override to get over said "out-of-date" notice), POST gets 302 to the same location and is followed by a GET which gets 403 22:17:25 njsg: sure am glad this channel is logged cause it is a lot to follow 22:26:39 fails in FF69.0.3 as well (also needs UA override for the same reason as above) 22:27:04 so whatever makes cloudflare work is present in 70.0 but not in the latest 69 or 68esr 22:42:17 ah, the successful request not only has Origin and Referer, it has a value in the Referer that might be computed by the scripts 23:34:29 https://forum.palemoon.org/viewtopic.php?f=3&t=30950&sid=45365ffb67dbbc99af2ed558a6c6c824&start=20#p249833 LOOOOOL CLOWNFLARE 23:34:42 they *really* are run by clowns and hire clowns too :D 23:35:00 or they simply want us "gone with the wind" 23:43:31 can't we just have Moonchild gone with the wind and we all just stay with the calm? tomman :P 23:43:48 Just following the situation~ 23:43:57 it's obvious that CF wants us, y'know, dead 23:44:02 well yeah 23:44:10 at least 2 years ago they did the PR show on Hackernews 23:44:13 anyone not using chrome is obviously a kiwifarmer 23:44:18 don't you know 23:44:19 but nowadays, not even that 23:44:23 tomman: 23:45:54 well that's fine.. like I said, the key to the whole thing is the distinction between world wide web and navigators vs open modern web and browsers and never forget we have an internet which is still .. for the moment more than the web 23:47:00 if AOL came back in a real way and offered 100mb broadband for 23.95 a month but you had to use the AOL client with chrome in it.. people would overwhelmingly do it 23:47:25 or some similar service 23:47:35 hell MSN would work as long as no one knew it was MSN 23:48:00 as something else disconnected from microsoft it would be big in the majority tech consumer land 23:49:05 so.. until I can make a navigator from scratch or get seamonkey working on central.. I have built me a firefox without some of the experiments and with some cheap tab style tabs styling 23:49:26 plus my LFS is awesome.. and awesomely limited cause I don't have nothin but the baseos