00:16:34 <tomman> https://forum.palemoon.org/viewtopic.php?t=32127#p260948 Clownflare siege, day 50: Pale Moon got whitelisted 00:17:10 <tomman> it still blocks SeaMonkey, and any attempt to get the invisible Turnstile to render will hang the browser :/ 00:17:55 <tomman> (and even the Pale Moon whitelist remains fragile) 00:18:36 <tomman> So... nothing has really changed, and I really wish I had a debug symbols build here to check why in the hell SM is hanging if I dare using Inspector to point at the invisible Turnstile box 00:19:05 <tomman> it's a instafreeze now, and doesn't seem to be script related in principle (as no script timeout window ever comes), but I have no clue there 00:19:08 <tomman> ...wait 00:19:27 <tomman> ....it eventually unhung itself!? 00:19:33 <tomman> .....after almost 5 minutes 00:19:46 <tomman> OK, let me wait 5 more minutes then... 00:22:02 <tomman> 2 minutes, still hung at 100% single core 00:23:05 <tomman> ...3 minutes, still burning coal 00:24:01 <tomman> and exactly 4 minutes later, it hung 00:24:12 <tomman> so... 240 seconds 00:24:16 <tomman> ---it unhung 00:24:25 <tomman> then the page reloads, still with a blank Turnstile 00:26:01 <tomman> looking at about:config for prefs named "timeout" yields nothing if looking for 240 seconds 00:26:48 <tomman> but there are a couple dom.min_timeout_value prefs set to 4 (that one and dom.min_tracking_timeout_value) 00:26:56 <tomman> maybe 4 for "minutes"ยก 00:26:58 <tomman> ? 00:27:39 <tomman> ...no, those are miliseconds 00:27:42 <tomman> irrelevant then 00:34:31 <tomman> after a couple more runs on my Ryzen laptop, I can indeed narrow down the hang time to ~270 seconds, or 4m30s 00:34:38 <tomman> that's a... very weird timeout 00:35:16 <tomman> so let's recap: go to a Clownflared site, get the invisible challenge, try to inspect it (this caused it to render in older versions), then your browser will hang for 270 seconds pegging a single core 100% 00:35:37 <tomman> it WILL unhang itself after that, then the challenge obviously has failed and expired, so it reloads. 00:38:39 <tomman> yep, 270 seconds. 00:38:53 <tomman> now let's confirm if this is profile dependent or not 00:42:41 <tomman> https://forum.palemoon.org/viewtopic.php?f=65&t=32190&start=20#p260857 yep, the whitelist is _only_ for Pale Moon, contingent on them actually implementing a bunch of CSP junk as Chrome does among other things, and they will revoke it if they feel so 00:42:51 <tomman> > Going to launch our browser developer program hopefully before end of month. This community will be invited to join along with others we are in contact with. The aim will be to share our requirements and have a better two way communication in place. Of course this is always going to be an ongoing balance between reducing unwanted bot traffic to a minimum VS keeping the false positive rate... 00:42:52 <tomman> ...as low as possible 00:46:37 <tomman> FWIW the hang IS reproducible on 1) clean profile, and 2) usual work profile booted in safe mode 00:54:34 <tomman> the 270 seconds timeout is extremely weird - the time IS always constant, always reproducible, and there is no specific pref or anything browser-side 00:54:54 <tomman> but if it is a script that takes all that time, why the script timeout warning doesn't kick in? 01:06:58 <tomman> now let's check if it is hardware dependant 01:07:08 <tomman> fired up my trusty Core 2 Duo laptop 01:07:37 <tomman> this one is running the release 2.53.20 official binaries, and the hang indeed is reproducible 01:07:44 <tomman> now let's see how long it takes to unblock 01:11:46 <tomman> ...far more than 5 minutes, it seems :/ 01:17:43 <tomman> the poor ol' Core has been hung for the last 10 minutes :O 01:27:45 <tomman> ...finally it unhung itself after TWENTY MINUTES 01:28:23 <tomman> Core 2 Duo T7200: > 20 minutes. Ryzen 7 5700U: 270 seconds 13:53:37 <nsITobin> Got Mine strikes again 13:53:45 <nsITobin> eh tomman 14:12:40 <frg_Away> nsITobin hi 14:12:56 <nsITobin> Hi frg_Away 14:31:28 <nsITobin> well news from the welfare warfare front.. judge blocked doge from getting specific personally identifiable data from social security master file and to destory any data collected thus far but that only potentally helps specific targets while the wreaking ball is elsewhere on the SSA. I think it will be cripple service and then glitches no one can really resolve while priming on national tv that ONLY fruadsters would be impacted by a temporary glitch 14:31:28 <nsITobin> or suspention.. 14:53:01 <nsITobin> but for the minute i will have some groceries delivered 14:56:13 <tomman> in the meanwhile, see the scrollback for my late nite adventures with that Turnstile inspector hang 14:57:07 <tomman> finding out that if I just leave the browser alone for 5-20 minutes (depending on the hardware) after triggering the landmine, it will eventually un-hang and continue working as usual 14:58:26 <nsITobin> tomman: it is basically based on a benchmark test returning correctly and within time.. its all artifical 14:58:46 <tomman> but... why the hang? Why no "hung script" warning popups? 14:58:51 <nsITobin> i thought i mentioned that at some point but couldn't find a reference in mah brain 14:59:14 <nsITobin> tomman: some codepaths are still able to block the watchdog for quite some time 14:59:16 <tomman> all I managed to find is that the hangs are consistent, and so is the duration time per CPU 14:59:20 <nsITobin> or simply aren't covered 14:59:27 <tomman> on a Ryzen 7 5700U I always measured ~270 seconds 14:59:54 <nsITobin> that is an issue with any fork or would be.. there is no way to get percise identical results even if you support everything within the bounds of another program with extreme pgo 15:00:31 <tomman> But in any case the browser would eventually unblock and continue working like if nothing had happened 15:00:47 <tomman> (Aside of existing connections being forcibly closed, or your captcha expired) 15:01:16 <nsITobin> well that just proves its a seamonkey problem in their eyes.. see it works its your fault everyone elses shit works.. and on for days and days and days 15:01:26 <nsITobin> this cloudflare war is effectively irrelevant 15:01:45 <tomman> At this point what worries me is the hang, more than Clownflare blocking my browser 15:01:51 <nsITobin> in context with everything else happening and will happen 15:01:56 <tomman> which means that other websites could trigger it too 15:02:18 <tomman> if they copy the magical Evil Script bits, of course 15:02:46 <nsITobin> well if someone else does it then it becomes MORE a seamonkey problem in malicious and uninformed eyes 15:04:15 <nsITobin> of course that's bs.. but you know how it is 22:59:54 <Guest20> hello 23:01:54 <Guest20> does discord work on seamonkey? 23:14:51 <frg_Away> Guest20 no 23:15:15 <Guest20> ok, thank you 23:40:02 <frg_Away> gitlab wip updated 23:43:43 <nsITobin> :) 23:53:20 <nsITobin> rest well 23:53:32 <nsITobin> to everyone