has it occured to anyone that Spectrum offering free antivirus is basically priming old people to be scammed

"free antivirus" is like a plain white van with "FREE CANDY" signs

heh

yeah

user behavior probably matters much more for security than antivirus, and we live in an era where 1) it's apparently usual for mass mailings to have cryptic tracking URLs 2) People click all these links (and often don't have an alternative besides not clicking)

it's like somebody grabbed all the security advice of the late 20th century / early 21st and flushed it down the toilet. (Or threw it out of a Boeing 737 Max window)

njsg new logo for 7.1.0

Windows 7 and 8.1 hosts broken Windows 8.1 guest additions broken since 7.0.17 (signinig issue).

Windows 8.1 x86 3D broken but tis is something probably no one will notice.

sigh. My feeling has been that VirtualBox was never great about compatibility. But not working on NT6.1!?

They ued a new Windows 10 api in 7.1

(I'm reminded of their attitude regarding wanting to run a Win4.10 guest over a decade (two decades?) ago, it wasn't great - this is virtualization software, perhaps it'd not be far-fetched to accept it might be used for that.)

But this is all Oracle Legal now, so I don't expect improvements...

they are probably underfunded and understsaffed. I have given up filing issues. Devs are usually ok to work with. It is still a good program.

it's this bullshit that ruins software .. LIES bugzilla.mozilla.org/1701123#c51

if that's outright wrong, then almost sounds like the kind of thing I've seen from parts of the Wayland crowd in the fediverse.

also sounds like the "you're using ALSA? you need to use PulseAudio to hear audio from more than one application at the same time" thing

I was only about it not being soley important enough to drive the port .. but yeah seems to be lies..

njsg: remember I lost my github account for being anti-wayland

and pointing basic shit like this out on a gist that was pointing this shit out

and GTK4 and especially 5 is important for the waylandists because GTK4 is kinda crap to use on x11 and GTK5 will not HAVE x11 at all.. with their defacto standards or just deeming it THE platform toolkit

it upsets me njsg

and while qt is even more extreme in their not only does it have to be qt but all the functionality is provided by kde foundation supersets .. there are other full toolkits on linux still as well.. like motif.. and fox toolkit.. and others.. its just more monoculture

oh? I thought qt was better in that regard, that you could use *just* qt

as opposed to GIMP ToolKit, which for some reason tends to pull GNOME stuff. One would understand if it were GIMP stuff...

Why unicode enthusiasts are so obsessed with poop emojis?

...and why they are so obsessed in writing every computer program in such way that it is hard-coded to a specific encoding (usually UTF-8 or UTF-16) and not encoding-independent?

every fucking time

unicode is a nice thing to have, but often defaulting to it (or worse, forcing everyone into using it) only creates more problems and doesn't solve anything

there are also those writing utilities that assume all terminal devices can (or want to) do colors

(which probably in some cases means they've never seen a terminal?)

what character set does HTTP/2 use for default for the filename in the GET field?

the real HTTP protocols (by which I mean HTTP/1.1 and older) use ISO-8859-1 by default, and it is in the specification

but that "HTTP/2" protocol doesn't seem to have anything about encodings in its spec

Firefox changed the character set of its address bar to UTF-8 and it instantly created some stupid problems with filenames that have scandic characters

firefox is actually violating the HTTP specification because it doesn't convert the path to ISO-8859-1

you mean it's not doing quoting anymore?

and sending it down the wire as UTF-8?

no

it escapes it as hexadecimal numbers using the %xx notation

but it doesn't convert the filenames to ISO-8859-1

ah, so is using the wrong encoding for quoting?

instead it just requests the UTF-8-encoding path which confuses the server

UTF-8-encoded*

and now filenames containing åäöÅÄÖ don't work anymore

ä.txt used to mean 0xE4 0x2E 0x7E 0x78 0x7E

now it is "%C3%A4.txt" which is of course interpreted by the server as 0xC3 0xA4 0x2E 0x7E 0x78 0x7E

and there is no such file

I guess it's time to revive the timeless saying: {{kk|set eiv{t en{{ ole ongelma

but I'm now more curious about this change in quoted encoding, I have to see what's specified about that and what used to be server behaviour

as I've hit some issues with that a couple times

along with a server wanting \ instead of / but rewriting \ as /, but that's probably unrelated :-P

(that last line was not in ISO-646, if anyone's wondering, I do mean forward and back slashes)

I hate when HTTP/2 enthusiasts claim that encryption-agnostic protocols are "not safe"

IMO they are much safer than protocols that require a specific encryption set because an encryption-agnostic protocol like HTTP/1.1 can have a much stronger encryption

and also they are usually simpler so the probability of security-related bugs is lower

that's the xmpp s2s thing all over again...

why everything else has to be a lie

everything new*

I meant to ask: why everything new has to be a lie, but was multitasking and thinking about something else

it seems to be a kind of argument often seen, and then sometimes even demanded, I'd not be surprised if some entities out there mandated that sites must refuse plain-text to be eligible for something

truth is that you can both have encryption and plain-text, and there are scenarios where encrypted HTTP is now breaking or making sites less compatible

"retrocomputing" for one case

demanding both encryption and third-party signing (which is practically the case with "HTTP/2") is even more stupid than just hard-baking the encryption into the payload protocol

it's actively hostile towards hobbyists and self-hosting things

the whole CA infrastructure is just broken

wait, a requirement for third-party signing?

else the browser shows a scary warning page

I see I have some reading to do about "HTTP/2", but wow.

about a self-signed cert

ah, warning message. On one hand I'd say we have had that already for ages in browsers, OTOH I'm sure can be made worse

there *was* some browser now flagging non-HTTPS downloads, for instance

of course the HTTP/2 spec doesn't require the certificate to be signed by a third party, but practically it leads into that requirement

but then it's not much different than HTTP, is it?

no

instead of a centralized certificate authority, what we really need is a p2p network that is used to check that everyone receives the same self-signed certificate from the same source

it would accumulate trust over time

of course it would also be initially very unsafe

because the "peers" can be just one man-in-the-middle

but assuming that they cannot compromise everyone's internet, after you have some trusted peers it would make those self-signed certs much more safe

but the ones that are lying about "security" are also actively making it harder to have peer-to-peer connections

Sompi: is what you have in mind the PGP/GPG web-of-trust model or close to that?

I don't know

now I am three levels above a spectrum CSR a nice lady in the north carolina office who seems to agree with me that there is something fishy about my account how its been treated and how there has YET to be a single field maintaince request actually satisifed they keep getting viewed and closed according to her..

oh I also "rented" a router from walmart that gives identical results to my router

I have a better idea

make self-signed == http

what do you mean, treat it as http in the UI?

yes

as a valid but unverified origin

as http is treated now at best

http in most browsers is listed as grey "Not Secure" self-signed fits the requirement for basic encrypted connections but unverified so functionally eq with the added encryption for better or worse

it would preserve the key freedom of http .. being able to JUST put up a website

and has the "advantages" of encrypted connection

for whatever that is worth

i just don't see that happening

but i think it should

Maybe I should fork the http protocol

now there is a phrase njsg

k, I've decided.. I am forking http(s)/1.1 into the web protocol

"fork the web"

k

maybe i should just design a whole new protocol

and make it xml based

the internet needs more protocols less http/html standards

how are you this fine evening the tomman

just had a crash here out of the blue, otherwise a typical boring Sunday

what happened?

clicked on a NY Times involving The Copyright Mouse, and suddenly... a crash

restarted, tried the same link again, this time opened fine

strange

likely something poked the js engine wrong

or dom more likely