02:18:41 has it occured to anyone that Spectrum offering free antivirus is basically priming old people to be scammed 02:42:27 "free antivirus" is like a plain white van with "FREE CANDY" signs 02:42:42 heh 02:42:48 yeah 09:18:51 user behavior probably matters much more for security than antivirus, and we live in an era where 1) it's apparently usual for mass mailings to have cryptic tracking URLs 2) People click all these links (and often don't have an alternative besides not clicking) 09:19:41 it's like somebody grabbed all the security advice of the late 20th century / early 21st and flushed it down the toilet. (Or threw it out of a Boeing 737 Max window) 11:09:16 https://social.sdf.org/system/cache/media_attachments/files/113/139/117/049/643/081/original/198bcdf6e5c1fc06.png 11:09:19 * njsg blinks 11:18:04 njsg new logo for 7.1.0 11:18:49 Windows 7 and 8.1 hosts broken Windows 8.1 guest additions broken since 7.0.17 (signinig issue). 11:19:54 Windows 8.1 x86 3D broken but tis is something probably no one will notice. 11:21:57 https://forums.virtualbox.org/viewtopic.php?p=550549#p550549 11:21:58 https://forums.virtualbox.org/viewtopic.php?p=550540&sid=261d322f6c7c22d39a9ce6882f7e1d47#p550540 11:23:03 sigh. My feeling has been that VirtualBox was never great about compatibility. But not working on NT6.1!? 11:24:13 They ued a new Windows 10 api in 7.1 11:25:52 (I'm reminded of their attitude regarding wanting to run a Win4.10 guest over a decade (two decades?) ago, it wasn't great - this is virtualization software, perhaps it'd not be far-fetched to accept it might be used for that.) 11:26:29 But this is all Oracle Legal now, so I don't expect improvements... 11:27:23 they are probably underfunded and understsaffed. I have given up filing issues. Devs are usually ok to work with. It is still a good program. 16:05:19 it's this bullshit that ruins software .. LIES https://bugzilla.mozilla.org/show_bug.cgi?id=1701123#c51 16:08:37 if that's outright wrong, then almost sounds like the kind of thing I've seen from parts of the Wayland crowd in the fediverse. 16:09:03 also sounds like the "you're using ALSA? you need to use PulseAudio to hear audio from more than one application at the same time" thing 16:09:10 I was only about it not being soley important enough to drive the port .. but yeah seems to be lies.. 16:09:34 njsg: remember I lost my github account for being anti-wayland 16:09:51 and pointing basic shit like this out on a gist that was pointing this shit out 16:10:50 and GTK4 and especially 5 is important for the waylandists because GTK4 is kinda crap to use on x11 and GTK5 will not HAVE x11 at all.. with their defacto standards or just deeming it THE platform toolkit 16:10:56 it upsets me njsg 16:12:27 and while qt is even more extreme in their not only does it have to be qt but all the functionality is provided by kde foundation supersets .. there are other full toolkits on linux still as well.. like motif.. and fox toolkit.. and others.. its just more monoculture 16:16:15 oh? I thought qt was better in that regard, that you could use *just* qt 16:16:40 as opposed to GIMP ToolKit, which for some reason tends to pull GNOME stuff. One would understand if it were GIMP stuff... 16:44:55 Why unicode enthusiasts are so obsessed with poop emojis? 17:22:46 ...and why they are so obsessed in writing every computer program in such way that it is hard-coded to a specific encoding (usually UTF-8 or UTF-16) and not encoding-independent? 17:22:53 every fucking time 17:24:05 unicode is a nice thing to have, but often defaulting to it (or worse, forcing everyone into using it) only creates more problems and doesn't solve anything 17:37:10 there are also those writing utilities that assume all terminal devices can (or want to) do colors 17:37:42 (which probably in some cases means they've never seen a terminal?) 17:38:31 what character set does HTTP/2 use for default for the filename in the GET field? 17:39:11 the real HTTP protocols (by which I mean HTTP/1.1 and older) use ISO-8859-1 by default, and it is in the specification 17:39:30 but that "HTTP/2" protocol doesn't seem to have anything about encodings in its spec 17:40:28 Firefox changed the character set of its address bar to UTF-8 and it instantly created some stupid problems with filenames that have scandic characters 17:41:37 firefox is actually violating the HTTP specification because it doesn't convert the path to ISO-8859-1 17:43:35 you mean it's not doing quoting anymore? 17:44:06 and sending it down the wire as UTF-8? 17:47:19 no 17:47:54 it escapes it as hexadecimal numbers using the %xx notation 17:48:03 but it doesn't convert the filenames to ISO-8859-1 17:48:06 ah, so is using the wrong encoding for quoting? 17:48:41 instead it just requests the UTF-8-encoding path which confuses the server 17:48:46 UTF-8-encoded* 17:49:04 and now filenames containing åäöÅÄÖ don't work anymore 17:50:51 ä.txt used to mean 0xE4 0x2E 0x7E 0x78 0x7E 17:52:54 now it is "%C3%A4.txt" which is of course interpreted by the server as 0xC3 0xA4 0x2E 0x7E 0x78 0x7E 17:52:58 and there is no such file 17:53:53 I guess it's time to revive the timeless saying: {{kk|set eiv{t en{{ ole ongelma 17:54:11 but I'm now more curious about this change in quoted encoding, I have to see what's specified about that and what used to be server behaviour 17:54:19 as I've hit some issues with that a couple times 17:54:42 along with a server wanting \ instead of / but rewriting \ as /, but that's probably unrelated :-P 17:56:02 (that last line was not in ISO-646, if anyone's wondering, I do mean forward and back slashes) 17:59:27 I hate when HTTP/2 enthusiasts claim that encryption-agnostic protocols are "not safe" 18:00:12 IMO they are much safer than protocols that require a specific encryption set because an encryption-agnostic protocol like HTTP/1.1 can have a much stronger encryption 18:01:06 and also they are usually simpler so the probability of security-related bugs is lower 18:01:29 that's the xmpp s2s thing all over again... 18:02:52 why everything else has to be a lie 18:02:56 everything new* 18:03:50 I meant to ask: why everything new has to be a lie, but was multitasking and thinking about something else 18:05:21 it seems to be a kind of argument often seen, and then sometimes even demanded, I'd not be surprised if some entities out there mandated that sites must refuse plain-text to be eligible for something 18:06:31 truth is that you can both have encryption and plain-text, and there are scenarios where encrypted HTTP is now breaking or making sites less compatible 18:07:10 "retrocomputing" for one case 18:09:34 demanding both encryption and third-party signing (which is practically the case with "HTTP/2") is even more stupid than just hard-baking the encryption into the payload protocol 18:10:08 it's actively hostile towards hobbyists and self-hosting things 18:10:56 the whole CA infrastructure is just broken 18:11:11 wait, a requirement for third-party signing? 18:11:24 else the browser shows a scary warning page 18:11:25 I see I have some reading to do about "HTTP/2", but wow. 18:11:36 about a self-signed cert 18:12:02 ah, warning message. On one hand I'd say we have had that already for ages in browsers, OTOH I'm sure can be made worse 18:12:19 there *was* some browser now flagging non-HTTPS downloads, for instance 18:12:24 of course the HTTP/2 spec doesn't require the certificate to be signed by a third party, but practically it leads into that requirement 18:13:21 but then it's not much different than HTTP, is it? 18:13:27 no 18:14:25 instead of a centralized certificate authority, what we really need is a p2p network that is used to check that everyone receives the same self-signed certificate from the same source 18:15:14 it would accumulate trust over time 18:15:26 of course it would also be initially very unsafe 18:16:35 because the "peers" can be just one man-in-the-middle 18:17:32 but assuming that they cannot compromise everyone's internet, after you have some trusted peers it would make those self-signed certs much more safe 18:18:14 but the ones that are lying about "security" are also actively making it harder to have peer-to-peer connections 19:03:46 Sompi: is what you have in mind the PGP/GPG web-of-trust model or close to that? 19:11:37 I don't know 20:22:15 now I am three levels above a spectrum CSR a nice lady in the north carolina office who seems to agree with me that there is something fishy about my account how its been treated and how there has YET to be a single field maintaince request actually satisifed they keep getting viewed and closed according to her.. 20:23:49 oh I also "rented" a router from walmart that gives identical results to my router 20:34:19 I have a better idea 20:34:35 make self-signed == http 20:37:00 what do you mean, treat it as http in the UI? 20:37:29 yes 20:37:42 as a valid but unverified origin 20:37:49 as http is treated now at best 20:39:32 http in most browsers is listed as grey "Not Secure" self-signed fits the requirement for basic encrypted connections but unverified so functionally eq with the added encryption for better or worse 20:40:17 it would preserve the key freedom of http .. being able to JUST put up a website 20:40:31 and has the "advantages" of encrypted connection 20:40:35 for whatever that is worth 20:40:43 i just don't see that happening 20:40:48 but i think it should 20:44:42 Maybe I should fork the http protocol 20:44:55 now there is a phrase njsg 20:46:33 k, I've decided.. I am forking http(s)/1.1 into the web protocol 20:47:59 "fork the web" 20:48:00 k 20:54:19 * njsg goes look for gopher+.txt 20:55:46 maybe i should just design a whole new protocol 20:55:52 and make it xml based 20:58:52 the internet needs more protocols less http/html standards 22:18:50 how are you this fine evening the tomman 22:19:07 just had a crash here out of the blue, otherwise a typical boring Sunday 22:20:39 what happened? 22:21:31 clicked on a NY Times involving The Copyright Mouse, and suddenly... a crash 22:21:42 restarted, tried the same link again, this time opened fine 22:21:59 strange 22:22:07 likely something poked the js engine wrong 22:22:12 or dom more likely