|
Kheldarn posted:I don't click through like a moron, and I always look for a custom install option, and/or checkboxes. Magical Jelly Bean just installs it without saying a damned thing. Would this Unchecky catch that?
|
#
?
Feb 27, 2016 03:39
|
|
|
|
| # ? Apr 29, 2024 16:46 |
|
|
hooah posted:Would this Unchecky catch that? If it really doesn't give any custom install options or checkboxes, then Unchecky won't do poo poo. Basically it just checks for installers that have extra crap enabled by default and disables the checkboxes for the extra cruft, giving a warning if you re-enable them.
|
|
#
?
Feb 27, 2016 03:42
|
|
|
Read posted:uTorrent 2.2.1 or qBittorent. Transmission: Now available in Windows (TW: Sourceforge, but they haven't hosed with the installers as far as I can determine. Also go out of your way to go 64-bit because it's 2016.) v v v 
dont be mean to me fucked around with this message at 07:40 on Feb 27, 2016 |
|
#
?
Feb 27, 2016 05:08
|
|
|
Good news, Sourceforge was sold last month, and about two weeks ago the new owners shut down the malware distribution network.
|
|
#
?
Feb 27, 2016 07:06
|
|
|
FileZilla is still dead to me. WinSCP for life.
|
|
#
?
Feb 27, 2016 11:54
|
|
|
Alereon posted:Good news, Sourceforge was sold last month, and about two weeks ago the new owners shut down the malware distribution network. Is this why uBlock Origin gives me a warning page whenever I click on a SourceForge link?
|
|
#
?
Feb 27, 2016 18:05
|
|
|
Boris Galerkin posted:Is this why uBlock Origin gives me a warning page whenever I click on a SourceForge link? I was wondering about that too.
|
|
#
?
Feb 27, 2016 18:33
|
|
|
Boris Galerkin posted:Is this why uBlock Origin gives me a warning page whenever I click on a SourceForge link? Yes.
|
|
#
?
Feb 27, 2016 19:42
|
|
|
But the site still hasn't been cleaned up. Yesterday I needed to download some Python scripts archived as .tar.gz, and SourceForge helpfully offered me an .exe I could install on my Fedora computer.
|
|
#
?
Feb 27, 2016 20:06
|
|
|
Saukkis posted:But the site still hasn't been cleaned up. Yesterday I needed to download some Python scripts archived as .tar.gz, and SourceForge helpfully offered me an .exe I could install on my Fedora computer.
|
|
#
?
Feb 27, 2016 20:42
|
|
|
Alereon posted:Do you have a link? The owners claim they shut down the program two weeks ago and previously infected files they hosted are now clean. It's likely that was some other kind of bullshit.
|
|
#
?
Feb 27, 2016 21:10
|
|
|
Implied Consent posted:FileZilla is still dead to me. WinSCP for life. What's wrong with-- ...wikipedia... plaintext pass-- oh, dear. Kind of telling that WinSCP was able to copy my Filezilla sessions over, passwords included. Edit: That's even worse. I don't begrudge anyone wanting to make a buck, but that kind of behavior is beyond the pale. Bieeanshee fucked around with this message at 09:27 on Feb 28, 2016 |
|
#
?
Feb 28, 2016 07:41
|
|
|
Bieeardo posted:What's wrong with--
|
|
#
?
Feb 28, 2016 08:59
|
|
|
Alereon posted:Do you have a link? The owners claim they shut down the program two weeks ago and previously infected files they hosted are now clean. https://sourceforge.net/projects/xmpppy/files/xmpppy/ I didn't check what the contents of the .exe were and I'm not sure if it was generated by SF or published by the authors, but I have trouble thinking about a purpose for it.
|
|
#
?
Feb 28, 2016 19:36
|
|
|
Saukkis posted:https://sourceforge.net/projects/xmpppy/files/xmpppy/
|
|
#
?
Feb 29, 2016 04:34
|
|
|
It looks like the bug where animated .gifs could lock up Firefox for long periods of time is finally going to be fixed in Firefox 47. Now to wait 3 months for the fix to hit release...
|
|
#
?
Mar 3, 2016 02:06
|
|
|
Nalin posted:It looks like the bug where animated .gifs could lock up Firefox for long periods of time is finally going to be fixed in Firefox 47. Now to wait 3 months for the fix to hit release... Oddly, I've never had any problems with gifs in Firefox. They were hell on Safari/Chrome for years though
|
|
#
?
Mar 3, 2016 03:31
|
|
|
The Milkman posted:Oddly, I've never had any problems with gifs in Firefox. They were hell on Safari/Chrome for years though Load up a thread with animated gifs then switch tabs for 5-10 minutes. Switch back to the thread and scroll down to the first gif. The browser will then lock up for 5-20 seconds or so (the longer you wait before switching back, the longer it locks up). If the thread has animated gifs all the way down the page, the browser will continuously lock up after each one comes into view.
|
|
#
?
Mar 3, 2016 03:45
|
|
|
Nalin posted:Load up a thread with animated gifs then switch tabs for 5-10 minutes. Switch back to the thread and scroll down to the first gif. The browser will then lock up for 5-20 seconds or so (the longer you wait before switching back, the longer it locks up). Yeah. That's why I was happy when they added inline WebM and GIFV support to the forums. Now if we can just get the mods to make it a rule that those formats must be used in the PYF GIFs thread...
|
|
#
?
Mar 3, 2016 04:38
|
|
|
Nalin posted:It looks like the bug where animated .gifs could lock up Firefox for long periods of time is finally going to be fixed in Firefox 47. Now to wait 3 months for the fix to hit release...
|
|
#
?
Mar 3, 2016 08:47
|
|
|
Malloc Voidstar posted:where's the bugzilla for this, I've literally never had this issue and I'm interested in reading about it https://bugzilla.mozilla.org/show_bug.cgi?id=926048
|
|
#
?
Mar 3, 2016 09:30
|
|
|
http://www.ghacks.net/2016/03/03/beware-firefox-add-on-youtube-unblocker-put-on-blocklist/quote:disables Firefox security preferences using user.js manipulations, among them the blocklist feature and add-on signature enforcement, and downloads another add-on afterwards, named Adblock Converter, which it hides from the browser's Add-on Manager. I guess we've all been waiting for this as Firefox's addon capabilities seem too powerful for their own good. Compulsory addon signing seems more prescient, though I guess this is more about testing of Addons as it bypasses addon signing for the payload
|
|
#
?
Mar 3, 2016 15:10
|
|
|
I'm having trouble creating a uBlock filter for images in a feed in Feedly. The feed is https://notalwaysright.com/, and they've started adding small icons that Feedly makes enormous. So, I right-click and choose "block element" via uBlock. But when I advance an item and come back, the same image is still displayed. If I right-click and block it again, the same expression shows up in uBlock's filter. Why isn't this working?
|
|
#
?
Mar 3, 2016 15:11
|
|
|
lightinwater posted:http://www.ghacks.net/2016/03/03/beware-firefox-add-on-youtube-unblocker-put-on-blocklist/ Ah god loving dammit! Youtube Unblocker was a good extension for anyone not in the US. Now it's gone to poo poo and turned evil. This is why I started getting weird proxy error messages when clicking on links from google searches for sites I knew were good. EDIT - Well I tried the advice in the article (except doing a full refresh) and it didn't work. Google is still giving me ads masquerading as links which go through "xg4ken.com". Damned if I can find any addons which I haven't installed myself, though. Looks like it's time for a refresh  DOUBLE EDIT - Okay, by closing Firefox and manually editing prefs.js to the settings mentioned in the article, I've got Firefox to stop resetting all its about :config settings every time I open it. This is good. But I still get a drat ad which sets off my uBlock filters whenever I type in something popular like, "goldcoast seaworld" A full Windows Defender scan also found this:  -------------------------- Final edit (with any luck) - okay, so manually resetting prefs.js and running Defender cleaned out the poo poo Youtube Unblocker put on my system, but I also had to go and reset a bunch of uBlock preferences because they got all janked up too. Now things look to be working okay and the nuclear 'refresh' option has been put back into its silo for the moment. Megillah Gorilla fucked around with this message at 16:46 on Mar 3, 2016 |
|
#
?
Mar 3, 2016 15:19
|
|
|
hooah posted:I'm having trouble creating a uBlock filter for images in a feed in Feedly. The feed is https://notalwaysright.com/, and they've started adding small icons that Feedly makes enormous. So, I right-click and choose "block element" via uBlock. But when I advance an item and come back, the same image is still displayed. If I right-click and block it again, the same expression shows up in uBlock's filter. Why isn't this working? To block all similar for all posts, do a control+click on the picker window's suggested rule, which should reduce that to "##.featuredimage", which should work for all those icons.
|
|
#
?
Mar 3, 2016 16:00
|
|
|
It seems a restart of either Firefox or Windows (thanks Windows 10) solved the problem.
|
|
#
?
Mar 3, 2016 17:14
|
|
|
lightinwater posted:I guess we've all been waiting for this as Firefox's addon capabilities seem too powerful for their own good. Compulsory addon signing seems more prescient, though I guess this is more about testing of Addons as it bypasses addon signing for the payload You literally won't be able to disable addon signing in Firefox 46, and this poo poo is why.
|
|
#
?
Mar 3, 2016 18:47
|
|
|
OK, this is bothering me enough that I feel compelled to ask. At work which requires that I use a certain version of Firefox ESR (38.6.0 at the moment) I am able to see embedded tweets on SA. Yet at home with the latest (44 something?) it doesn't work. I was going to try a nightly and maybe even find an installer to roll it back to 38 to test it at home but is there something glaringly obvious I might be missing that is preventing it from working on 44?
|
|
#
?
Mar 3, 2016 20:31
|
|
|
Nate RFB posted:OK, this is bothering me enough that I feel compelled to ask. At work which requires that I use a certain version of Firefox ESR (38.6.0 at the moment) I am able to see embedded tweets on SA. Yet at home with the latest (44 something?) it doesn't work. I was going to try a nightly and maybe even find an installer to roll it back to 38 to test it at home but is there something glaringly obvious I might be missing that is preventing it from working on 44? Sounds like you might have tracking protection enabled. Click the shield in the address bar, disable for this site.
|
|
#
?
Mar 3, 2016 20:35
|
|
|
Nate RFB posted:OK, this is bothering me enough that I feel compelled to ask. At work which requires that I use a certain version of Firefox ESR (38.6.0 at the moment) I am able to see embedded tweets on SA. Yet at home with the latest (44 something?) it doesn't work. I was going to try a nightly and maybe even find an installer to roll it back to 38 to test it at home but is there something glaringly obvious I might be missing that is preventing it from working on 44? Disable tracking protection for Something Awful by clicking the shield icon.
|
|
#
?
Mar 3, 2016 20:35
|
|
|
Thanks, that did it. I wonder what it is about ESR that allowed it to work?
|
|
#
?
Mar 3, 2016 21:54
|
|
|
Nate RFB posted:Thanks, that did it. I wonder what it is about ESR that allowed it to work?
|
|
#
?
Mar 4, 2016 00:15
|
|
|
lightinwater posted:Compulsory addon signing seems more prescient, though I guess this is more about testing of Addons as it bypasses addon signing for the payload Avenging Dentist posted:You literally won't be able to disable addon signing in Firefox 46, and this poo poo is why.  Google cache, but it seems to me that the addon was signed? Mozilla doesn't have the staff to do real security testing of all the stuff coming in, is the problem. The forced signing system is just gonna make that worse. There will be more submissions in the pipe to look at, and the bad actors will concentrate on getting malware through the signing process. Centralized security only works if the authority is close to flawless, and I just don't see Mozilla having the resources. lightinwater posted:I guess we've all been waiting for this as Firefox's addon capabilities seem too powerful for their own good. To which their long-term solution is to get rid of those capabilities entirely and reduce firefox down to a bad copy of chrome, because that is gonna get them market share back for some reason. Ugh.
|
|
#
?
Mar 4, 2016 00:30
|
|
|
Klyith posted:
That extension was signed, but from what I understand it fetched some resources remotely and saved them to a hard drive with paths provided by the remote resource. These disabled signing and downloaded an evil (likely unsigned, given that it flipped the signing pref) extension. Once signing is enforced, the evil extension would have had to get signed too, but the signing validator ought to catch most of the evil stuff. quote:To which their long-term solution is to get rid of those capabilities entirely and reduce firefox down to a bad copy of chrome, because that is gonna get them market share back for some reason. Ugh. If you're talking about Webextensions, they're intended to be a superset.
|
|
#
?
Mar 4, 2016 01:00
|
|
|
Klyith posted:Google cache, but it seems to me that the addon was signed? Mozilla doesn't have the staff to do real security testing of all the stuff coming in, is the problem. The forced signing system is just gonna make that worse. There will be more submissions in the pipe to look at, and the bad actors will concentrate on getting malware through the signing process. No, I mean the first, signed add-on won't be physically able to disable signing to sneak in a second, unsigned add-on.
|
|
#
?
Mar 4, 2016 01:19
|
|
|
astral posted:That extension was signed, but from what I understand it fetched some resources remotely and saved them to a hard drive with paths provided by the remote resource. These disabled signing and downloaded an evil (likely unsigned, given that it flipped the signing pref) extension. Once signing is enforced, the evil extension would have had to get signed too, but the signing validator ought to catch most of the evil stuff. See all this self-congratulation about how compulsory signing means this exact thing can no longer happen rings hollow to me. An addon was signed that wasn't even subtle in editing Firefox config files to the end users detriment. Now I am mostly ignorant of the exact capabilities of Firefox addons and it may be that addon signing will stop the only vector for bad actors who've managed to get their addon signed, but i doubt it
|
|
#
?
Mar 4, 2016 01:52
|
|
|
lightinwater posted:See all this self-congratulation about how compulsory signing means this exact thing can no longer happen rings hollow to me. An addon was signed that wasn't even subtle in editing Firefox config files to the end users detriment. Now I am mostly ignorant of the exact capabilities of Firefox addons and it may be that addon signing will stop the only vector for bad actors who've managed to get their addon signed, but i doubt it Not sure what self-congratulation you're talking about, but it is true that in this particular case mandatory addon signing would have prevented the second, more evil addon from being executed. It's certainly a failure that the first addon was able to download arbitrary files to arbitrary paths all specified in a remote resource to begin with - listed addons are supposed to undergo a thorough review, but it slipped past whomever was responsible for reviewing it. I suspect the incident will lead to some improvements in the process.
|
|
#
?
Mar 4, 2016 02:24
|
|
|
astral posted:Not sure what self-congratulation you're talking about, but it is true that in this particular case mandatory addon signing would have prevented the second, more evil addon from being executed. Perhaps self-congratulation is the wrong term. However most of the talk seems to be about compulsory signing, which is superficially the problem/solution here, when I think that the big story is how the original addon got signed in the first place. If spotting malicious addons were a game it seems this was essentially the tutorial level, given what this thing tries to do and the level of guile it does it with, and Mozilla has managed to fail
|
|
#
?
Mar 4, 2016 02:59
|
|
|
So this particular attack took advantage of being able to load an unsigned addon, but I think anyone who believes further attacks will be impossible after that hole is blocked off is nuts. Addons are an attack vector, and signing doesn't stop that. It just shifts the method from "fool lots of dumb people into clicking yes to load malware" to "fool one mozilla employee and infect thousands of people who didn't make any mistakes themselves". I personally think the change to required signed is bad, because they're effectively taking responsibility for the security of not only the browser but also every addon they sign. But, you know, do that instead of fixing the problem where a badware addon could be silently & invisibly installed without the user's knowledge.
|
|
#
?
Mar 4, 2016 11:30
|
|
|
|
| # ? Apr 29, 2024 16:46 |
|
|
Other than perhaps making it harder for malware to drop malicious extensions, I don't think it will achieve a lot. If Apple can't beat the limitations of static analysis in the app store with a couple of orders of magnitude more financial backing, then I'm not sure what guarantees Mozilla are really trying to ascribe.
|
|
#
?
Mar 4, 2016 11:33
|
|
