Development :
K-Meleon Web Browser Forum
Oh great, have just read this:
https://www.ghacks.net/2018/09/03/what-happened-to-http-and-https-in-chrome/
https://www.ghacks.net/2019/08/01/chrome-76-no-more-https-or-www-in-address-bar/
Google/Chrome browsers (= all except Firefox family) are marking all "http" websites with a prefix "Not secure" before the URL.
That looks of course especially great on a browser homepage like KM
Very encouraging for potential new users...
The advantage of "http" over "httpS" is of course that people on very old systems with very old browsers are still allowed reading access too. Almost everywhere else on the web we're now locked out
As far as I understand history, in the far past only private websites (especially for banking) were encrypted, not public ones.
Later, until 1-2 years ago, most public sites were encrypted too, with SSL3, which still allowed access for old browsers too. But meanwhile this is outdated, not fully secure anymore, and Google (ab)used it's monopoly power to force just about ALL websites, regardless how public and harmless, to use TLS1.2 for httpS encryption. Which mostly means GoodBye internet for very old systems.
In general encryption is good of course, but if a user is "protected" by locking him out from reading even harmless, public websites, this claim becomes sarcastic.
The best compromise is of course if non-banking sites can offer both, old or new encryption, depending on browser age.
What I find interesting, have recently learned there are also some disadvantages to httpS:
httpS needs certificates, and website or blog owners must BUY them!
Aside from the money, which most little hobby site owners may have or not, this also involves banking for paying, which is highly dangerous. Hundreds of millions of hacked data sets get regularly sold in the dark net, and even the most secure companies have been hacked in the past. It's only a matter of time.
And httpS is especially GREAT for the global spying companies! For recording browsing history.
Because all internet traffic to httpS sites first contacts those very few certificate issuers, to ask if the certificate of the target site is still valid. Could bet this also sends them the own IP and possibly other data along, making it supereasy to get a complete browsing history of users. Even if the IP is dynamic and changes every day or week, but the browsing habits are much the same every day, making users easily recognizable again by AI.
There's not the slightest doubt for me that Google and other data collectors have access to those data sets too, some way or other they are all interconnected and buying each others data, or if necessary Google/Facebook/Amazon simply buy whole companies. Or create own ones. Google has already under one roof combined data of most browser users, most mail users, most sync and cloud data and whatever users, and other mega corporations like Akamai, Amazon etc. may act more invisibly, but in the background are involved in most internet traffic today too. Over here hosting even Police data sets and whatnot. And in US the ISP-providers are officially allowed to sell ALL data of their users to whom they want, but that's getting too offtopic.
Over half the web is now already blocked from READING by TLS1.2, quickly growing towards 80%, just a few examples:
developer.mozilla.org, github, sourceforge mostly, twitter, latest addition: ghacks.net
(only saved now by a few updated ancient browsers, like retrozilla, or roytam1 fx36, and partly KMG74)
Edited 1 time(s). Last edit at 10/07/2019 01:42PM by siria.
Another update:
https://www.ghacks.net/2019/10/02/tls-1-0-and-1-1-deprecation-chrome-to-display-your-connection-is-not-fully-secure-warnings/
And as stated in various computer news reports, soon all lastest browser versions will completely block old encryption anyway, also driven mainly by Google. Older HTTPS sites will become complete unreadable with all modern, updates browsers.
What a joke.
Haven't followed that subject too closely, being unable to use such browsers anyway.
But suppose completely UNencrypted HTTP websites will then still remain readable at least, in modern browsers too? Joke too.
One of the main reasons that sites have switched (in opposition to offer) encrypted version of the pages, is because there is no need to pay anymore, except for more "serious" trust, with the "Let's encrypt" certificates, and already trusted.
http://letsencrypt.org/
Should we move this to other subforum instead Development? Nothing to do what the browser itself, even if all www becomes encrypted. Won't lose plain text capabilities.
Got a bit far drifted off, but have posted it here since it relates to the homepage, and in my view, may contribute to the growing silence here :-(
It keeps worrying me, and since awhile have started wondering if not such technical issues, with this website or otherwise, may contribute more as we suspect. And the point above was yet another aspect.
I mean: visitors look at a browser homepage, and get a prominent warning: this page is insecure! How in the world shall they trust this browser's developers care about security? Why should they trust the product itself to be any safer??
Or another technical point, it's long since known that Google lists non-encrypted websites far back in their search results, which is certainly not helping either. Another reason completely independant from the browser itself.
Or another point, despite another discussion awhile back about all sorts of possible reasons, it still feels so contradictive to me that the forum and KM mentions on the web keep going downhill, while the browser itself is getting 100x more updates as ever before. But get reminded of another technical prob each time I try to post anything: since a long time hardly ANY forum post gets through without probs. Most passing posters will be confused, not try a second time and just leave, and those who know must reload the page. This eternal waiting gets on the nerves, first for the timeout, and then the reloads again, yet lately I must reload every post even 2-4 times, and wait for yet more timeouts in between! It has become "almost" impossible to post. Don't know if things are equally bad for other users, but if so, one could mean SF now really wants to kill that forum
By the way, saw this yesterday: Sourceforge still lists about 4.000 KM-downloads WEEKLY!!
Of the "last stable" version of course, which is 75.1 from 2015, siiigh.... This unexpected high number really shocked me, but unless a completely new build is uploaded to SourceForge by Dorian and gets an "official" stamp, this will probably never change
Here:
https://sourceforge.net/projects/kmeleon/files
Oooohhh, ok, ok, I misunderstand that.
Since the problems a month back now things are swiftly again for me. Rarely I have to wait, except for the slow images server we talked in the past.
Anyway, the drop in the downloads in SourceForge matches the wiki News edit pointing as stable the roytam build.
K-Meleon development related discussions.
K-Meleon homepage / website / forum
Posted by:
siria
Date: October 07, 2019 01:09PM
Oh great, have just read this:
https://www.ghacks.net/2018/09/03/what-happened-to-http-and-https-in-chrome/
https://www.ghacks.net/2019/08/01/chrome-76-no-more-https-or-www-in-address-bar/
Google/Chrome browsers (= all except Firefox family) are marking all "http" websites with a prefix "Not secure" before the URL.
That looks of course especially great on a browser homepage like KM
Very encouraging for potential new users...
The advantage of "http" over "httpS" is of course that people on very old systems with very old browsers are still allowed reading access too. Almost everywhere else on the web we're now locked out
As far as I understand history, in the far past only private websites (especially for banking) were encrypted, not public ones.
Later, until 1-2 years ago, most public sites were encrypted too, with SSL3, which still allowed access for old browsers too. But meanwhile this is outdated, not fully secure anymore, and Google (ab)used it's monopoly power to force just about ALL websites, regardless how public and harmless, to use TLS1.2 for httpS encryption. Which mostly means GoodBye internet for very old systems.
In general encryption is good of course, but if a user is "protected" by locking him out from reading even harmless, public websites, this claim becomes sarcastic.
The best compromise is of course if non-banking sites can offer both, old or new encryption, depending on browser age.
What I find interesting, have recently learned there are also some disadvantages to httpS:
httpS needs certificates, and website or blog owners must BUY them!
Aside from the money, which most little hobby site owners may have or not, this also involves banking for paying, which is highly dangerous. Hundreds of millions of hacked data sets get regularly sold in the dark net, and even the most secure companies have been hacked in the past. It's only a matter of time.
And httpS is especially GREAT for the global spying companies! For recording browsing history.
Because all internet traffic to httpS sites first contacts those very few certificate issuers, to ask if the certificate of the target site is still valid. Could bet this also sends them the own IP and possibly other data along, making it supereasy to get a complete browsing history of users. Even if the IP is dynamic and changes every day or week, but the browsing habits are much the same every day, making users easily recognizable again by AI.
There's not the slightest doubt for me that Google and other data collectors have access to those data sets too, some way or other they are all interconnected and buying each others data, or if necessary Google/Facebook/Amazon simply buy whole companies. Or create own ones. Google has already under one roof combined data of most browser users, most mail users, most sync and cloud data and whatever users, and other mega corporations like Akamai, Amazon etc. may act more invisibly, but in the background are involved in most internet traffic today too. Over here hosting even Police data sets and whatnot. And in US the ISP-providers are officially allowed to sell ALL data of their users to whom they want, but that's getting too offtopic.
Over half the web is now already blocked from READING by TLS1.2, quickly growing towards 80%, just a few examples:
developer.mozilla.org, github, sourceforge mostly, twitter, latest addition: ghacks.net
(only saved now by a few updated ancient browsers, like retrozilla, or roytam1 fx36, and partly KMG74)
Edited 1 time(s). Last edit at 10/07/2019 01:42PM by siria.
Re: K-Meleon homepage / website / forum
Posted by:
siria
Date: October 07, 2019 01:50PM
Another update:
https://www.ghacks.net/2019/10/02/tls-1-0-and-1-1-deprecation-chrome-to-display-your-connection-is-not-fully-secure-warnings/
And as stated in various computer news reports, soon all lastest browser versions will completely block old encryption anyway, also driven mainly by Google. Older HTTPS sites will become complete unreadable with all modern, updates browsers.
What a joke.
Haven't followed that subject too closely, being unable to use such browsers anyway.
But suppose completely UNencrypted HTTP websites will then still remain readable at least, in modern browsers too? Joke too.
Re: K-Meleon homepage / website / forum
Posted by:
JohnHell
Date: October 07, 2019 09:38PM
Quote
siria
What I find interesting, have recently learned there are also some disadvantages to httpS:
httpS needs certificates, and website or blog owners must BUY them!
One of the main reasons that sites have switched (in opposition to offer) encrypted version of the pages, is because there is no need to pay anymore, except for more "serious" trust, with the "Let's encrypt" certificates, and already trusted.
http://letsencrypt.org/
Should we move this to other subforum instead Development? Nothing to do what the browser itself, even if all www becomes encrypted. Won't lose plain text capabilities.
Re: K-Meleon homepage / website / forum
Posted by:
siria
Date: October 07, 2019 11:06PM
Quote
JohnHell
Should we move this to other subforum instead Development? Nothing to do what the browser itself, even if all www becomes encrypted. Won't lose plain text capabilities.
Got a bit far drifted off, but have posted it here since it relates to the homepage, and in my view, may contribute to the growing silence here :-(
It keeps worrying me, and since awhile have started wondering if not such technical issues, with this website or otherwise, may contribute more as we suspect. And the point above was yet another aspect.
I mean: visitors look at a browser homepage, and get a prominent warning: this page is insecure! How in the world shall they trust this browser's developers care about security? Why should they trust the product itself to be any safer??
Or another technical point, it's long since known that Google lists non-encrypted websites far back in their search results, which is certainly not helping either. Another reason completely independant from the browser itself.
Or another point, despite another discussion awhile back about all sorts of possible reasons, it still feels so contradictive to me that the forum and KM mentions on the web keep going downhill, while the browser itself is getting 100x more updates as ever before. But get reminded of another technical prob each time I try to post anything: since a long time hardly ANY forum post gets through without probs. Most passing posters will be confused, not try a second time and just leave, and those who know must reload the page. This eternal waiting gets on the nerves, first for the timeout, and then the reloads again, yet lately I must reload every post even 2-4 times, and wait for yet more timeouts in between! It has become "almost" impossible to post. Don't know if things are equally bad for other users, but if so, one could mean SF now really wants to kill that forum
By the way, saw this yesterday: Sourceforge still lists about 4.000 KM-downloads WEEKLY!!
Of the "last stable" version of course, which is 75.1 from 2015, siiigh.... This unexpected high number really shocked me, but unless a completely new build is uploaded to SourceForge by Dorian and gets an "official" stamp, this will probably never change
Here:
https://sourceforge.net/projects/kmeleon/files
Re: K-Meleon homepage / website / forum
Posted by:
JohnHell
Date: October 08, 2019 12:25AM
Quote
siria
I mean: visitors look at a browser homepage, and get a prominent warning
Oooohhh, ok, ok, I misunderstand that.
Quote
siria
I must reload every post even 2-4 times, and wait for yet more timeouts in between! It has become "almost" impossible to post. Don't know if things are equally bad for other users
Since the problems a month back now things are swiftly again for me. Rarely I have to wait, except for the slow images server we talked in the past.
Quote
siria
By the way, saw this yesterday: Sourceforge still lists about 4.000 KM-downloads WEEKLY!!
Of the "last stable" version of course, which is 75.1 from 2015, siiigh.... This unexpected high number really shocked me, but unless a completely new build is uploaded to SourceForge by Dorian and gets an "official" stamp, this will probably never change
Here:
https://sourceforge.net/projects/kmeleon/files
Anyway, the drop in the downloads in SourceForge matches the wiki News edit pointing as stable the roytam build.
English