Hello, /me playing bullshit-bingo in this mail ... On Fri, 24 Mar 2017, David C. Rankin wrote:
Works here with seamonkey/flash-player-25.0.0.127-2.127.1.x86_64 and under Gentoo with Firefox-45.7.0 with www-plugins/adobe-flash-25.0.0.127
You don't even need JS. Have you accidentally disabled it? [..] It must be something within my config (about:config) that is preventing the
On 03/24/2017 07:15 PM, David Haller wrote: plugin from working. The bizarre thing is with flash-plugin installed, it doesn't even show in the addons->plugins list.
This is with firefox 48esr, and the config/security tweaks from:
https://wiki.archlinux.org/index.php/Firefox/Tweaks https://wiki.archlinux.org/index.php/Firefox/Privacy
Can't you pin it down a bit from that stuff? That's rather a lot. And BTW, while I'm at it, what do you think happens if you set privacy.trackingprotection.enabled to "true"? *BUUULLLLSHHIIIIT* Exactly: you are _explicitly_ sending _even more info_. And nobody's bound to honor that flag. So, one of the first things I do is to _DISABLE_ that "pseudo" protection. Instead I use uMatrix (a bit more complex but better that uBlock, same author IIRC). And and a blacklist the notorious trackers (doubleclick, farcebork etc. pp.) via dnsmasq. However, they got that right: "Disable Safe Browsing service Safe Browsing offers phishing protection and malware checks," *BUUULLLLSHHIIIIT* "however it may send user information (e.g. URL, file hashes, etc.) to third parties like Google." No shit, really?!?! *feigning being flabbergasted* Wait, what "it might"??? NO FUCKING WAY! IT MUST SEND THAT STUFF to work! So, again: *BUUULLLLSHHIIIIT* Three strikes, those wiki-pages are *OUUUTTT*! So, same as above, and they even say it: using that "Safe Browsing" is bending over for the "soap" and invite Mozilla/Google to ream^Wtrack you real good. I've no idea what Mozilla does with it. But Google? It's Google! I'd be verrrrra surprised if they didn't use and monetarize it. So, just don't send anything but your request and only what is needed for that request. E.g. I've disabled send-referer via a prefbar checkbox, and that stays off unless (very rarely) some site doesn't work without it. Yes, I know what the referer is and I miss it in the logs of my site(s) if it's not there, but, as the web has developed the last 15 years??? Hey, they want to track me? Ok, so I don't even send them the referer... I can play that game too ... If I find the time, I might look over those tips above a bit more. But: many basic configs that Firefox lacks in the UI are there in Seamonkey (which I use only as a browser, FFs UI is crap anyway). And some I might have as checkboxes in my prefbar (e.g. some deprecated hashes, safe.renogtiation which I don't care about if I'd load that page without https anyway and some sites have broken https or had until not long ago[1]). So, David, could you start with a fresh profile, install uMatrix, read its docs (once you get the basic principle[2], its quite easy and very efficient to use!). And on that specific site, no adjustments were needed, if I remember the uMatrix defaults right. And/or try my flash-player package, if that works, that might be the easiest way. Or 'strace -f -efile -o ff-flash.strace' your firefox. Somehow it doesn't seem to find the plugin... But analyzing that ff-flash.strace might be a little tedious ('grep flash ff-flash.strace' would be my first step, probably). And remind me to go over the about:config prefs of firefox, I need to do that anyway too, so maybe we can do that together. I could even fire up my irc server and open the firewall for some more rapid back-n-forth on request for you. -dnh PS: And yes, I'm aware of being trackable by trying to be untrackable but as long as they can't connect this to me... Anyhow, I prefer being only trackable that way than by bending over and just delivering willfully. Me paranoid? PPS: prefbar.mozdev.org PPPS: Webdesigners should be forced to use 56k lines (max), and CPUs like a Pentium 133 or so. [1] ISTR amazon needed rc4/md5 still not that long ago, which ISTR is, why I have a prefbar checkbox for this option: security.ssl3.rsa_rc4_128_md5 And yes, I've disabled all insecure algorithms, but have the checkbox for this, as I needed it not long ago. [2] the matrix of (sub-)domains over features (cookies, scripts, ...) -- A monk. A punk. A chick. In a kick-ass flick. -- Bulletproof Monk -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org