Internet of shit
-
@ben_lubar HSTS isn't an issue since it just says "use HTTPS" which he'd already be doing. He could import whatever CA the MITM proxy is using (and hope it's not as braindead as Superfish) and be fine. HPKP is only supported by Firefox 35 and up, so any pre-2015 version is "immune".
-
@lorne-kates Maybe you could start a community-maintained fork of FF22 that incorporates security patches and support for new web features from newer versions without any of the stuff you don't want. It would probably be very time-consuming, though...
-
@lb_ said in Internet of shit:
Maybe you could start a community-maintained fork of FF22
-
@lb_ said in Internet of shit:
@lorne-kates Maybe you could start a community-maintained fork of FF22 that incorporates security patches and support for new web features from newer versions without any of the stuff you don't want. It would probably be very time-consuming, though...
And call it Unsaturated Satellite?
-
@zecc said in Internet of shit:
And call it Unsaturated Satellite?
Firefox Unfucked Canadian Know-how Yearly Open Universe
-
@ben_lubar said in Internet of shit:
I would need to get a TV with a USB port that isn't a smart TV. I'd also need to get a Chromecast.
No, you would need to get a TV with a HDMI port. The Chromecast is powered via USB, but you can plug it into a wall or something. The output is HDMI.
You can also use it on a smart TV. I've got a "smart" TV, and I prefer using the Chromecast cause it's not crap.
@ben_lubar said in Internet of shit:
But Chromebooks are capable of playing videos on their own, AND THEY ARE PORTABLE.
But they're not as big of a screen as (most) TVs. And that's the reason people like them.
Granted, you're not the target demographic. The target demographic is "People with TVs who occasionally want to share content from their smartphone via the TV with a dongle that costs $35". Which fits a lot of people. And it's perfect for that demographic.
-
@ben_lubar said in Internet of shit:
@lorne-kates Your browser doesn't support TLS 1.2? I sure hope you aren't logging into any sensitive websites in that browser.
Note that Debian has already disabled everything before TLS 1.2 in its OpenSSL packages (this is in Testing currently; since it was done just after Stable release, it's going to take around 2 years to get to Stable).
-
"OK Google, do all my digital assistants make me look douchey?"
-
@izzion Movies theaters should play a voice saying "OK Google, silence the phone".
-
@zecc said in Internet of shit:
@izzion Movies theaters should play a voice saying "OK Google, silence the phone".
"OK Google, but first visit cocacola.com for cool, refreshing deals..."
-
@sloosecannon said in Internet of shit:
You can also use it on a smart TV. I've got a "smart" TV, and I prefer using the Chromecast cause it's not crap.
Amen to this. My current LG "smart" TV's software is absolute shit and slow as fuck, so I use one of my two Chromecasts for that instead. (The other is connected to the smaller dumb LCD in the bedroom to "smartify" it a bit.)
However, there are some smart TVs that seem to operate pretty well. The prime example I can think of is the Sony one someone I know has that seems to be running some flavor of Android as an OS, that thing runs smooth as silk for the most part (apart from the connectivity issues it regularly experiences because they have it hooked up to a really crappy 768k DSL connection...)
-
@e4tmyl33t said in Internet of shit:
Sony
You're knowingly using a Sony device with an attached microphone, camera and internet connection in your home?
You are the dumbest boy alive.
-
@lorne-kates Not me, someone I know. I'm betting they ain't gonna get shit over that 768k connection that's down more than it's up...
-
@lb_ It's called Pale Moon. Though they still have trouble keeping up with new web features.
-
@magnusmaster said in Internet of shit:
@lb_ It's called Pale Moon. Though they still have trouble keeping up with new web features.
Waterfox is currently up to date, and is pretty much what you'd expect from Firefox minus Mozilla. It removes most of the bloat crap and lets you do a couple extra things (namely, unsigned extensions).
-
@sumireko Waterfox does seem to have the "everything is Chrome" brainworm...
Pick your poison I guess?
-
A jacket, sorry, a 'connected textile platform' you can only wash 10 times. Amazing!
-
@cursorkeys Meh. Who washes a jacket anyway?
-
@masonwheeler said in Internet of shit:
@cursorkeys Meh. Who washes a jacket anyway?
I wash my fleece ones all the time. My shelled ones? Not so much. (The one lined with fleece has been washed maybe 10 times in 20 years, the normal winter jackets have never)
-
@dcon said in Internet of shit:
@masonwheeler said in Internet of shit:
@cursorkeys Meh. Who washes a jacket anyway?
I wash my fleece ones all the time. My shelled ones? Not so much. (The one lined with fleece has been washed maybe 10 times in 20 years, the normal winter jackets have never)
I wash my fleeces monthy. The Regatta waterproof one gets washed regularly too as the waterproofing seems to fade and I can wash and refresh it (plus I've usually fallen over into the mud by that point anyway).
The only one that doesn't is my wool coat because it can't be washed, it's a 1940's repro given as a gift so I take really good care of it. It does limit its practicality though for that reason.
-
@ben_lubar said in Internet of shit:
@lorne-kates Your browser doesn't support TLS 1.2? I sure hope you aren't logging into any sensitive websites in that browser.
So that's why Android Browser has been giving me a security error whenever I tried to visit xkcd from my smartphone in the last month? A browser too obsolete to support modern TLS?
-
@lorne-kates said in Internet of shit:
TIL that XKCD apparently thinks it needs TLS1.2 or higher to serve up a static image with no sensitive information in it.
They follow the "encrypt everything" policy rather than the "carefully divide your stuff into things with sensitive information and things without sensitive information so you can encrypt only the first ones and save a tiny bit of processing power".
-
@anonymous234 If only interesting things are encrypted, then encrypted things must be interesting. Encrypting everything adds enough hay to the haystack that the needles can be hidden, layering steganography on top of cryptography, and changing the attack surface from having a guaranteed payoff on success into a bazillion-door
goatXKCD game show.
-
@twelvebaud said in Internet of shit:
@anonymous234 If only interesting things are encrypted, then encrypted things must be interesting. Encrypting everything adds enough hay to the haystack that the needles can be hidden, layering steganography on top of cryptography, and changing the attack surface from having a guaranteed payoff on success into a bazillion-door
goatXKCD game show.Except that the ClientHello will tell you it's
www.xkcd.com
in plain.
-
@pleegwat said in Internet of shit:
Except that the ClientHello will tell you it's
www.xkcd.com
in plain.You can usually guess that from the address anyway. Interesting servers generally have their own IP addresses. However, it does not tell you anything else. So you don't know whether the user is doing anything interesting or not, hiding the interesting activity between a lot of uninteresting one.
Also if you just encrypt everything, you won't leak something that should have been protected by accident.
-
@bulb Yeah, you can definitely obfuscate things by tossing the payment portal, the admin interface, and the shop catalogues behind the same hostname+certificate.
But browsing xkcd encrypted won't provide any hay to hide your online banking portal needle in.
-
@pleegwat … and it won't provide any hay to hide its online store either, because it has different hostname for it.
I am still for anything that makes things harder for the Great Firewall of China, Great Firewall of Myanmar etc.
-
@pleegwat Also, when you start mixing http and https, you'll quickly end up with:
and when you enable https and try not to use it for everything, you'll get users redirected to https for everything by
anyway.
So if enabling https, just serve everything over it and call it a day. It is much less trouble that way.
-
@bulb said in Internet of shit:
Also, when you start mixing http and https, you'll quickly end up with:
At work I've got a personal utility page to provide me with various stuff. It runs over https for reasons. Browsers always display warnings about insecure content, because one of the widgets on the page is an entry box into which I can paste a test job ID to triage on a different internal site, and that other internal site doesn't offer an HTTPS version.
-
@cursorkeys said in Internet of shit:
A jacket, sorry, a 'connected textile platform' you can only wash 10 times. Amazing!
I mean, swiping on your arm to control stuff is pretty freaking cool. Not worth the "can't wash more than 10 times", and definitely not worth $350, but pretty cool
-
Kinda cool, but those little fob things with buttons that go inline on the headphones do a good job and they come free with the device usualy.
Voice commands are good too, I can shout at my new car and get it to change the track.
-
@cursorkeys said in Internet of shit:
Kinda cool, but those little fob things with buttons that go inline on the headphones do a good job and they come free with the device usualy.
Though when they flake out they're the worst. Cheaped out on replacement headphones recently and got a Sony one with a broken button that would pause, speed up, and switch to next track nonstop (bad for podcasts). I was so infuriated I was pretty close to an aneurysm.
Filed under: First world problems
-
@heterodox said in Internet of shit:
@cursorkeys said in Internet of shit:
Kinda cool, but those little fob things with buttons that go inline on the headphones do a good job and they come free with the device usualy.
Though when they flake out they're the worst. Cheaped out on replacement headphones recently and got a Sony one with a broken button that would pause, speed up, and switch to next track nonstop (bad for podcasts). I was so infuriated I was pretty close to an aneurysm.
Filed under:
First worldSelf-inflicted problemsFTFY. Next time maybe don't skimp on headphones? With that family of peripherals, you get what you pay for.
-
@pie_flavor Yep, silly me for thinking $25 headphones from a reputable brand would be sufficient. It clearly wasn't just those particular ones that had a defect.
-
@heterodox said in Internet of shit:
@pie_flavor Yep, silly me for thinking $25 headphones from a reputable brand would be sufficient.
Just for clarification, are we talking literal headphones, or earbuds?
Edit: Missed an edit. Can't tell if the second sentence is sarcasm or literal.
-
@pie_flavor said in Internet of shit:
Just for clarification, are we talking literal headphones, or earbuds?
Earbuds.
-
@heterodox said in Internet of shit:
@pie_flavor said in Internet of shit:
Just for clarification, are we talking literal headphones, or earbuds?
Earbuds.
Right. $25 earbuds do, on the whole, generally suck.
Related:
https://gizmodo.com/5617200/the-secret-scam-of-cheap-earbuds
-
@pie_flavor That entire article is about "acoustic competence", which I don't give a shit about. I just want something I can plug into my phone so I can get on a conference call without having to hold my phone to my ear for an hour. If I could find ones that didn't even have media controls, I'd use those.
-
@heterodox Look in cheaper places maybe? The last several pairs of earbuds I've bought have all not had media controls, and have all been under $20. I don't see any reason to change either policy.
Of course for the kids, we buy the cheapest stuff we can find ($10? Good. $5? Even better!), because at the rate they go through them we'd be bankrupt otherwise :)
-
@scarlet_manuka said in Internet of shit:
@heterodox Look in cheaper places maybe? The last several pairs of earbuds I've bought have all not had media controls, and have all been under $20.
Yeah, do they have a mic though? The one usually comes with the other. (There are “just earbuds”, easy to get for $5-$8 then there are “iPhone earbuds” which range higher.)
-
@bulb said in Internet of shit:
protected by accident
How do you protect something by accident? Other than… well… accidentally?
-
@dkf It isn't protected by accident but it should have been
-
@heterodox said in Internet of shit:
Yeah, do they have a mic though? The one usually comes with the other. (There are “just earbuds”, easy to get for $5-$8 then there are “iPhone earbuds” which range higher.)
Ah, I didn't realise that you wanted the mic - yes, that and the media controls seem to go hand in hand most of the time. Doesn't mean they have to be expensive though.
$6: https://www.officeworks.com.au/shop/officeworks/p/qudo-in-ear-earbuds-with-mic-blue-crqdinmzb
$5: https://www.kogan.com/au/buy/kogan-earbud-headphones-inline-remote-mic-black/ (though I presume this is a special, because the black version and the white version are $5 but the blue version and pink version are $19)
(also, the first line of the description of the earbuds goes like this, for all four colours: "These quality stylish white earbud headphones are designed to work perfectly with your Apple device." Sign of quality right there.)
-
@lorne-kates said in Internet of shit:
I'll need to figure out how to hack the launch icon before then
That? That's the easy part. Resource Hacker.
Launch Resource Hacker. Open the Firefox executable. Expand "Icon groups". You should see about 6: the main application icon, the HTML document icon, several internal icons, and finally the main application icon again (I don't know).
Right click the first icon group in the tree. You should see an option, "Replace Icon". Click the button to open an icon file, select the appropriate icon file, and click "Replace". Repeat for the other icon groups that need to be replaced (group 2, and the last group, which is identical to the first one). Save the file. (It'll create a backup copy of the original,
firefox_original.exe
, before making the changes.) That's it.Here are the two icon files that you'll need: (save the link, not the preview image)
/assets/uploads/files/1506616858336-1.ico
/assets/uploads/files/1506616949224-2.ico
(straight from the Firefox 22 executable, but I removed the 16- and 256-color versions that FF 22 had; FF 24 only has 32-bit versions anyway.)After you've modified the executable, you'll probably need to clear the Windows icon cache and/or reboot/restart Explorer to get it to actually start using the new (old) icon for the shortcuts.
-
@anotherusername said in Internet of shit:
Good grief, what did they do to Resource Hacker's toolbar??!!
-
-
@twelvebaud oh, an IE user? Save the video and play it in VLC, or any real web browser.
edit: that's not the way IE tells me it can't play the file on my machine. I dunno. It should work on Chrome, Firefox, even Opera and Safari... I even encoded it using VP8 instead of VP9, so that Lorne's FF22 should be able to play it.
-
@lorne-kates said in Internet of shit:
I'll need to figure out how to hack the launch icon before then.
Or you could learn to cope with small changes in images on your screen.
-
@anonymous234 said in Internet of shit:
@lorne-kates said in Internet of shit:
I'll need to figure out how to hack the launch icon before then.
Or you could learn to cope with small changes in images on your screen.
Is there actually a change? Cause I didn't notice one...
-
@sloosecannon said in Internet of shit:
@anonymous234 said in Internet of shit:
@lorne-kates said in Internet of shit:
I'll need to figure out how to hack the launch icon before then.
Or you could learn to cope with small changes in images on your screen.
Is there actually a change? Cause I didn't notice one...
FF22 FF24