Quote
Dorian

Quote
JohnHell
For example, the first thing I noticed is that the icon of the buttons in a toolbar created with a macro (pluginmsg command), now aren't taken from the default skin and then fallback to the user skin. Now, it should be in the user skin folder.

Order should be:

1. User profile (profile/skins/)
2. Skin in user profile (profile/skins/{skinname}/)
3. Skin in program folder (kmeleon/skins/{skinname}/)
4. Shared in user skin folder (profile/skins/shared)
5. Shared in program skin folder (kmeleon/skins/shared)

I see, taking note.

But, even I think I mixed things a little above (I said falling back to user from Default instead Default from user), the thing is that prior update 2, after user skin, the next taken was "kmeleon/skins/Default" when I wasn't using it at all (even locker icons were taken from here and I remember I commented months ago).

So, maybe this update fixed that.

Now, shared is taken, and Default is not considered as shared anymore.

Just saying this, because is the behavior I noticed this afternoon , after an icon vanished when I had placed it in the Default skin and k-meleon was taking it from there, even I'm using a custom "userprofile/skin/skinname". Might be because I'm using an old skinning system skin and this way wasn't fixed. No idea.



Edited 1 time(s). Last edit at 05/14/2015 09:32PM by JohnHell.

 



Edited 2 time(s). Last edit at 03/21/2016 12:17PM by adodupan.

Quote
Dorian
Order should be:

1. User profile (profile/skins/)
2. Skin in user profile (profile/skins/{skinname}/)
3. Skin in program folder (kmeleon/skins/{skinname}/)
4. Shared in user skin folder (profile/skins/shared)
5. Shared in program skin folder (kmeleon/skins/shared)

But what sense does it make to rename the native skin folder to "default", if it has nothing to do anymore with "default" pics?

Aside from that where would be the harm to just extend the above list to one more item, if all the previous ones failed, thus not breaking all existing button macros without real need?

Perhaps there will be fixes for the new system in the future, but for now it still looks like that foldername for the native startup skin just gives trouble. At least for less expert users who don't know how to fix things themselves. Sigh, in the 'good old' times the skin system was so greatly self-explaining, one only had to look inside the folders. And could so discover great things like e.g. the skinname(version) system, containing only changed icons, not all. Today that feature is nearly impossible to discover, and there's not even a toolbars.cfg in it yet, breaking the config-menu.
Sorry, bit frustraded, seeing no need for breaking good features instead of just adding new ones without harm for existing ones

You're right, it should check in default for last.
Did I break that?

After recheck, yes, but for the old skins.

If you use a skin with the new skinning system, it takes from Default.

If you use a skin with the old skinning system, it doesn't take from Default anymore. Should be placed in shared.

The change was from update 1 to update 2 of RC 3.

Quote
adodupan
There are still missing functions:
menuchecked
menugrayed
also, there missing possibility to get a tab list (imagine this as nsIDOMWindow for each tab),
also, possibility to listen to events
TabOpen
TabClose
TabSelect
I hope you will not spend one more year for this.

^^
To do it properly, probably.
Else, tabselect already exists, the places extension is using it. I can add the other ones even if the implementation is meh.
As for menuchecked/menugrayed, registercmd has optional options for this, but not yet working.

Quote
adodupan
After restarting, if previous session has more than one tab, km crashes after reload all tabs.

I'll fix the crash, but reload all tabs can't work here because it uses javascript.

Quote
adodupan
If checked 'Show closing buttons on the tab buttons', active tab is not in hot color.

What is your windows version again? Themes disabled?
Each windows is different, and I can't test on all.
Win 8 and xp are fine.

Quote
adodupan
Edit:
Can you explain these:
GetWindows
CreateCallbackButton

Unfinished/test functions.

Forget the above Dorian, must be something deeper... but I can't catch it.

Quote
cfpp2p
kPrivacy_ClearAll macro does not seem to work for me on win xp K-Meleon75RC3. It's completely fine for me win xp K-Meleon74.0.

I reduce kPrivacy_ClearAll macro to just a single plugin(privacy, xxxxx) and it doesn't matter. Tested each of the five types as a single plugin() call as a single call in the main.kmm . Not one, for each of the five separate tests, functioned.

http://kmeleonbrowser.org/forum/read.php?3,133574

Is no one else having this issue?

I narrowed it down to macros.dll. If I replace the 04/27/2015 macros.dll of K-Meleon75RC3 with that of K-Meleon75b3 macros.dll 02/04/2015 the issue disappears. The clear all then correctly clears all private data.

Quote
JohnHell
Forget the above Dorian, must be something deeper... but I can't catch it.

(Sorry the delay ("filling my tank" ))

Ok, it is not deeper but dumb of me, in the fresh profile was working. How couldn't!!! if the fresh profile uses the Default skin LOL!!!!

So the new bug, the broken feature, is not only with old, but with new skins too. Default folder is never checked for images (for buttons created by macro, or manually created).


By the way, I found that when changing to Klassic skin, the privacy bar visibility status is not saved to prefs.js and every time is hidden :/ when switching back to Default, there is not that problem.

Wasn't this bug already fixed and/or reported?

Quote
Dorian

Quote
thomase13
[*] All favicons are quite dark

Your screenshot doesn't show this, except maybe the first tab.

The first tab shows the most noticable difference, but many other sites have this problem. As you can see from the screenshot, I have the same pages open in IE and K-M, and most of the favicons don't show up in K-Meleon at all; instead "default.ico" will show (instead of "main.ico" which used to in that case.

To compare my last screenshot with K-M 74:


The Naxos favicon looks fine in K-M 75, but others like Facebook and others no longer show up at all!

Quote
Dorian

Quote
thomase13
[*] YouTube comments still don't work with default settings.

Third party cookies are mostly used by tracker. I won't change a 12+ years old setting for one site. But it should indeed be in the FAQ.

Thanks for the explanation!
In that case, I think I'd better switch to accepting cookies "from originating Website only" and make a manual exception for YouTube. Do you know what URL(s) I would have to allow for YouTube commenting to work?
I would add something to the FAQ if I knew how to do this. Also, I can't edit the FAQ page because of the good old bug tracker login bug! Sometimes I can edit some pages, and other times I just get stuck in that login loop.

Quote
Dorian

Quote
thomase13
[*] Also, while testing YouTube, the video turned grey a few times and I had to refresh (flash crashed I guess), which has never happened to me in any previous version of K-Meleon.

Yeah plugin container is still used by default but i'll fix this.
I'm using the html5 player with youtube and never had any problem.

Thank you. I've opted in to the HTML 5 player.

Quote
Dorian

Quote
thomase13
As you can see, many of these issues I mention are quite minor, but this screenshot comparing K-Meleon to MSIE should show the biggest and most bothersome ones.

Fixed that for you.

Thanks very much. Now works perfectly just as before!
My XP is not just unthemed, but the "Themes" service is disabled! :cool:

I noticed a small new bug in K-M 75 with Facebook's default "theatre" picture viewer: the popup window can no longer be closed with the Esc key, though Esc still works to exit fullscreen mode. The popup can still be closed with the X button, so not a huge issue; just less convenient!



Edited 4 time(s). Last edit at 05/18/2015 09:43PM by thomase13.

Quote
thomase13

Quote
Dorian

Quote
thomase13
[*] All favicons are quite dark

Your screenshot doesn't show this, except maybe the first tab.

The first tab shows the most noticable difference, but many other sites have this problem. As you can see from the screenshot, I have the same pages open in IE and K-M, and most of the favicons don't show up in K-Meleon at all; instead "default.ico" will show (instead of "main.ico" which used to in that case.

About the icons, read this:
http://kmeleonbrowser.org/forum/read.php?3,130000,130000

Anyway, it's strange about FaceBook, as it must be showing without problems the icon with any browser preference.

Could be that you stopped loading the whole page or you are in the mobile version (m.facebook.com/whatever)? The mobile version hasn't an icon (by default) and stop loading a page can cause it too.

Would force-reload help missing icons?
As for the cookie-exceptions, it used to be just the URL displayed in the URL bar, unless that was changed meanwhile. The origin url of third-party stuff didn't matter, only the current URL.



Edited 1 time(s). Last edit at 05/17/2015 07:53PM by siria.

Quote
JohnHell

Quote
thomase13

Quote
Dorian

Quote
thomase13
[*] All favicons are quite dark

Your screenshot doesn't show this, except maybe the first tab.

The first tab shows the most noticable difference, but many other sites have this problem. As you can see from the screenshot, I have the same pages open in IE and K-M, and most of the favicons don't show up in K-Meleon at all; nstead "default.ico" will show (instead of "main.ico" which used to in that case.)

About the icons, read this:
http://kmeleonbrowser.org/forum/read.php?3,130000,130000

Thanks for the link!
I agree with you that the behavior isn't exactly a bug; it's a decision. I changed the the "browser.chrome.favicons" preference to true, and all the sites' favicons show up now!

Quote
JohnHell
Anyway, it's strange about FaceBook, as it must be showing without problems the icon with any browser preference.

The Facebook favicon displays only with that preference set to true, because it, like many other Web sites, uses the original method of adding a favicon to your site. Microsoft introduced this icon for their Internet Explorer Favorites with the release of MSIE 5, and this is the original way to do it. I think this method should be respected, given that Microsoft was the first to introduce the feature.
The W3C standardized this feature, and recommend their own method, and while they frown upon Microsoft's original method of simply placing the icon in the root directory, they still do acknowledge it. While the W3C's method is necessary, for reasons they mention, such as that not everyone is given access to the root directory, they do not give a legitimate reason why the original method is bad.

On my own Web site, I personally use both methods. I have a "favicon.ico" in my root directory, and if I want a special favicon for a particular page, I use the W3C method of indicating it explicitly. I can see how some would think neglecting to explicitly specify the favicon's location is lazy, however, there is generally no need to, since the original method is so widely supported and I see no need for it. In fact, SGML, and subsequently HTML seem tailor-made for lazy people, with many short abbreviated tags in favour of more self-explanatory ones, and many end tags being optional. So my point is: the original method is lazy, yes; neglectful, no. I think this combination method is best because then there is a fallback in the root directory if you don't specify the favicon.

Wikipedia's article mentions Seamonkey as the only browser which doesn’t fetch favicon.ico files in the web site’s root by default, however, even that no longer seems to be true as it can display favicons for sites like Facebook with no boolprop tweaking required.

I'm glad we figured that one out!

Anyway, I was doing a bit more browsing, and here are some sites with dark favicons in K-Meleon, compared to SeaMonkey this time:



Here K-Meleon's very strange and selective favicon corruption is quite clear. Even its internal "page load error" icon doesn't display properly! (It should be bright yellow.)

Again, these are all small potatoes compared to the page frame issue, but I thought I would bring it up anyway.

Quote
JohnHell
The break of the web is a common reference nowdays for these cases where a lack of efforts and automation of process creates incompatibilites for future or backwards compatiblity for those who follow the rules.

This path we are following makes me sad

I certainly agree with you in many ways. The way of Web browser design is incredibly dumbed down, and it very much disturbs me how much Mozilla, the supposedly "different and alternative" browser organization is just following in the footsteps of Google, no more "for the user", and no less aggressive. Also, while "HTML5" has some good features, and I understand why they want to replace Flash (so many people browsing on their Flashless pocket Internet appliances), but some of their decisions make no sense to me, like dropping support for the anchor name attribute, and ceasing to call HTML an SGML application.

Quote
siria
As for the cookie-exceptions, it used to be just the URL displayed in the URL bar, unless that was changed meanwhile. The origin url of third-party stuff didn't matter, only the current URL.

I tried making a cookie exception for "youtube.com", and it did nothing, so then I tried making one for "google.com", and it did the trick!
I don't know if this is a totally wise move, since I guess my exception is equivalent to *.google.com, the wildcard giving Google and all of its subdomain tentacles full rein to track my every move. Perhaps I only need "plus.google.com" or "apis.google.com", so I will try a few more things.
Since I have been accepting all third-party cookies for the past year or so, would it be wise to clean them out? Is there a detriment to this? Or will they eventually just expire on their own?
I am generally of the mind that being tracked less is better, though I don't know how much my feeble measures such as cookie monitoring might help. In a similar vein, is there any point of enabling the "Do not track" preference? I have heard mixed reviews about this feature.

Thanks,
Thomas



Edited 2 time(s). Last edit at 05/18/2015 09:41PM by thomase13.

Quote
thomase13
my exception is equivalent to *.google.com, the wildcard giving Google and all of its subdomain tentacles full rein to track my every move. Perhaps I only need "plus.google.com" or "apis.google.com", so I will try a few more things.

That's where the privbar really shines ;-) By toggling manually only when really needed.
Although I have the uneasy feeling that against evil big brother it doesn't help much, they use too many ways to identify your exact machine, but at least helps against some smaller fishes.
For example I've read (but not sure) that https needs certificates and those are unique to each machine? If yes, it's no wonder nearly all big sites now force https all the time :-/ Be it a simple google search, or just viewing yt, or FB, or twitter, etc

Quote
siria

Quote
thomase13
my exception is equivalent to *.google.com, the wildcard giving Google and all of its subdomain tentacles full rein to track my every move. Perhaps I only need "plus.google.com" or "apis.google.com", so I will try a few more things.

That's where the privbar really shines ;-) By toggling manually only when really needed.
Although I have the uneasy feeling that against evil big brother it doesn't help much, they use too many ways to identify your exact machine, but at least helps against some smaller fishes.

I think I'm seeing the point now!
The only problem is that simple users like me don't really understand how to use the privacy bar properly; we just assume that the default settings are good and go about our business. As I said, I have changed settings to accept only first-party cookies, but don't really understand the implications of having Javascript, cookies, etc. on or off by default or when they are needed or for what.

Quote
siria
For example I've read (but not sure) that https needs certificates and those are unique to each machine? If yes, it's no wonder nearly all big sites now force https all the time :-/ Be it a simple google search, or just viewing yt, or FB, or twitter, etc

Wow, I haven't heard that about https, but have wondered why everyone is switching over now! I had heard it was so the NSA, CSIS, etc. can't read and track everything, but I don't really know.

Quote
thomase13
The only problem is that simple users like me don't really understand how to use the privacy bar properly; we just assume that the default settings are good and go about our business. As I said, I have changed settings to accept only first-party cookies, but don't really understand the implications of having Javascript, cookies, etc. on or off by default or when they are needed or for what.

Wow too - it never occured to me that something as simple as the privbar could be considered difficult!
I'm not a computer wiz at all (just trying to keep my machine somehow running, except for advanced playing with macros). So in my view it's quite simple:
javascript, flash, animations etc. cost a LOT of performance (freeze my old machine in minutes), and are also highly dangerous (when reading about new malware they nearly always need JS, flash etc. as open doors). So whenever possible, I keep everything that's unnecessary blocked. Helps speed and safety greatly.
When I come across a site that looks too crippled (like youtube with blocked videos) I consider if I want it badly enough to risk damage or freezing, or if the site may be trustworthy enough, and then switch on JS temporarily. If not enough, try unblocking ads, try allowing popups, and if really need be allowing embedded objects etc. And afterwards off it goes again
To tell the truth, before switching on JS, I first try if killing the css styles doesn't already do the trick and unhide the stuff I want to see - works wonders quite often!
And in general prefer simple mobile versions for twitter etc., which are nearly unbearable in default view.

Of course, it depends from the computer power and especially from the sites one regularly visits. But personally I prefer simple clear sites anyway, so no prob. If someone needs those flashy big sites though like Facebook or mail accounts all the time they'd go crazy when toggling stuff all the time on-off-on-off...

To keep the NSA &Co from spying via encrypted transfer?? Hehe, good one They did force by law the encryption companies to build in special keys for them, so they can read everything anyway. If they refused or wouldn't keep that order top secret, they were treated as enemies of the state and threatened with jail.



Edited 1 time(s). Last edit at 05/18/2015 10:00PM by siria.

For the icons Dorian discussed with Zero3k in one of the K-meleon 75 threads, why does it happen. I can't remember and find right now.


Here is a thread:
http://kmeleonbrowser.org/forum/read.php?1,131701,131701

And this is in K-meleon74:
http://kmeleonbrowser.org/forum/read.php?8,127127




From here this is quite off topic, Dorian, ignore.



For cookies and youtube. Set allow to youtube.com and session to google.com. After set the permanent cookies to log in for youtube, you can remove the google.com session rule and set youtube.com to session. You don't need anything else.

This happens because you are logged in to accounts.google.com first, then to youtube.com. The cookie login is set for a lot of years.

If I'm not wrong, I explained in the forum a few months back.

Quote
thomase13

Quote
siria
For example I've read (but not sure) that https needs certificates and those are unique to each machine? If yes, it's no wonder nearly all big sites now force https all the time :-/ Be it a simple google search, or just viewing yt, or FB, or twitter, etc

Wow, I haven't heard that about https, but have wondered why everyone is switching over now! I had heard it was so the NSA, CSIS, etc. can't read and track everything, but I don't really know.

Wow, wow, wow.... step back and breath, LOL.

First, every connection is logged so every connection could be tracked, and I say "could" because this has become a normal behavior with the Big Data market and you can't even trust that your TLS connection isn't being tracked and categorized.

If they want, they can track everything and not with a certificate, just your browser UA, IP, and so on. This, in the server side.

The reason to switch to TLS is because aside the ISP, that only knows where are you connecting, the only one who knows what are you transferring is the server and you. Unless in the endpoints the connection if being sniffed (httpmonitor/httpfox extension for K-meleon/Firefox, for example) or there is a MiTM attack (harder with TLS).

Said that, no, each machine hasn't a unique certificate. In fact, with TLS, every connection has a handsake where is negotiated a new key pair for the asymmetric connection. Unless you need to use a certificate, which is not mandatory, unless you need to log in, for example, to your government websites, where you have to identify yourself unequivocally with your own personal certificate issued by your government. This applies, in the same way, to your company, for example, or other similar uses. In this case, your certificate can be used to create the asymmetric encryption (note that this connection isn't the handsake where still is negotiated a key pair).



Edited 2 time(s). Last edit at 05/19/2015 12:23AM by JohnHell.

Quote
siria
... in my view it's quite simple:
javascript, flash, animations etc. cost a LOT of performance (freeze my old machine in minutes), and are also highly dangerous (when reading about new malware they nearly always need JS, flash etc. as open doors). So whenever possible, I keep everything that's unnecessary blocked. Helps speed and safety greatly.
When I come across a site that looks too crippled (like youtube with blocked videos) I consider if I want it badly enough to risk damage or freezing, or if the site may be trustworthy enough, and then switch on JS temporarily. If not enough, try unblocking ads, try allowing popups, and if really need be allowing embedded objects etc. And afterwards off it goes again

Same here, even on a fast machine with Windows 7. In fact, I have assigned four keyboard shortcuts, since I don't use the privacy bar: Alt J to toggle Javascript, Alt K for cookies, Alt L for flash block and Alt ; for animations. I've made sure to keep them all in one straight line and easy to find, so I can just hold down my Alt key and fire away, one after the other. It would be nice to have a macro that toggles all four at once, since most of the time that's what I do, but I'm not going to be the user who creates such a macro. As for HTTP referers, I leave them blocked all the time.

Incidentally, I was amazed to discover that I could log in to this forum with everything blocked, since I can't log into any of my other accounts without enabling JavaScript and cookies at the very least.

Should be the last update

The "plugin" macro function is fixed (kPrivacy_ClearAll is working now)
Titles were missing in tab tooltip after loading a session
Disabled OOP for flash by default, and tweaked it a bit for OOP
Jsbridge registercmd, add experimental enabled and checked callback

Give me your test example for last two parameters.
(in RegisterCmd)



Edited 1 time(s). Last edit at 05/19/2015 07:08PM by adodupan.

Quote
foliator
As for HTTP referers, I leave them blocked all the time.

Some pages insist on that too, probably to make sure you arrive from their own site, with their own ads. Quite often just cookies and referer are all that's needed.

Quote
foliator
It would be nice to have a macro that toggles all four at once, since most of the time that's what I do, but I'm not going to be the user who creates such a macro.

Why not? If you really want it and would like some help, just create a thread for it or look for the macro-help thread. Sounds like a fun and easy one, the hardest part being to invent names ;-) Multitoggle?

Quote
foliator
Incidentally, I was amazed to discover that I could log in to this forum with everything blocked, since I can't log into any of my other accounts without enabling JavaScript and cookies at the very least.

Yes it's an extremely simple forum, but are you really sure about no cookies?? Or perhaps have set an exception for here?

Quote
Dorian
Little update, fix german and spanish tooltips, loading title in tab.
http://kmeleon.sourceforge.net/files/km75rc3u1.zip

Quote
Dorian
Should be the last update

The "plugin" macro function is fixed (kPrivacy_ClearAll is working now)
Titles were missing in tab tooltip after loading a session
Disabled OOP for flash by default, and tweaked it a bit for OOP
Jsbridge registercmd, add experimental enabled and checked callback

Apparently all on Youtube / Flash works perfectly now on K-Meleon 75RC3u3
Thank you very much Dorian.

Quote
siria
Quite often just cookies and referer are all that's needed.

I've had referers blocked for quite some time now, and so far it hasn't disabled anything in the sites I visit, even YouTube, Google Maps and those big, commercial sites. Forgot to mention that I also block ads by default, as well as Java. Of course, Java doesn't matter, as I haven't installed Java support here.

Quote
siria

Quote
foliator
It would be nice to have a macro that toggles all four at once, since most of the time that's what I do, but I'm not going to be the user who creates such a macro.

Why not? If you really want it and would like some help, just create a thread for it or look for the macro-help thread.

I'm afraid I've no concentration left for working with macros, because my head (and my computer) is full of my music compositions most of the time. Visits to these forums are my way of coming up for air.

Quote
siria
Sounds like a fun and easy one, the hardest part being to invent names ;-) Multitoggle?

Names are a real nuisance in software because of the lack of standardization. You're never sure what a feature is called in order to look for it in the menus. For example, some file managers have "sync browsing", while others have it, too, but call it "mirror browsing". Same animal, different color fur!

Quote
siria
... it's an extremely simple forum, but are you really sure about no cookies?? Or perhaps have set an exception for here?

I've set no exceptions for anything I block. Of course, this is why I occasionally need to unblock things for some sites, but I always know that ahead of time.



Edited 1 time(s). Last edit at 05/19/2015 11:24PM by foliator.

Quote
Dorian
Should be the last update

The "plugin" macro function is fixed (kPrivacy_ClearAll is working now)
Titles were missing in tab tooltip after loading a session
Disabled OOP for flash by default, and tweaked it a bit for OOP
Jsbridge registercmd, add experimental enabled and checked callback

Quote
Dorian
The "plugin" macro function is fixed (kPrivacy_ClearAll is working now)

Works for me now with the update 3.
Thank you :cool:

By the way, can anyone tell me where I can browse the source and change-sets?



Edited 1 time(s). Last edit at 05/20/2015 11:27AM by cfpp2p.

Quote
adodupan
Give me your test example for last two parameters.
(in RegisterCmd)

Something like this

    var check = false;
    KMeleon.RegisterCmd(
        "test", "test", function() {
          logger.debug('Coucou');
          check = !check;
        }, 
        {path:"tabbar.png",top:0,left:24,right:48,bottom:48},
        function() {return false;}, 
        function() {return check;}
    );

Quote
cfpp2p
By the way, can anyone tell me where I can browse the source and change-sets?

http://kmeleon.cvs.sourceforge.net/viewvc/kmeleon/k-meleon/



Edited 1 time(s). Last edit at 05/20/2015 05:05PM by Dorian.

Quote
siria

Quote
thomase13
The only problem is that simple users like me don't really understand how to use the privacy bar properly; we just assume that the default settings are good and go about our business. As I said, I have changed settings to accept only first-party cookies, but don't really understand the implications of having Javascript, cookies, etc. on or off by default or when they are needed or for what.

Wow too - it never occured to me that something as simple as the privbar could be considered difficult!

It's amazing what knowledge we take for granted!
That said, it is hard to gauge what the average person knows about a subject when you know a good deal about it. I can tell you right now that the average user doesn't know what Java is, never mind the difference between Java and Javascript! The average K-Meleonaire might be a bit more savvy, but not necessarily!

Quote
siria
I'm not a computer wiz at all (just trying to keep my machine somehow running, except for advanced playing with macros).
So in my view it's quite simple:
javascript, flash, animations etc. cost a LOT of performance (freeze my old machine in minutes), and are also highly dangerous (when reading about new malware they nearly always need JS, flash etc. as open doors). So whenever possible, I keep everything that's unnecessary blocked. Helps speed and safety greatly.
When I come across a site that looks too crippled (like youtube with blocked videos) I consider if I want it badly enough to risk damage or freezing, or if the site may be trustworthy enough, and then switch on JS temporarily. If not enough, try unblocking ads, try allowing popups, and if really need be allowing embedded objects etc. And afterwards off it goes again

Siria, you are far too modest!!!
As I said, most people would be too afraid of turning these things off for fear of "breaking the Web". In fact, Firefox actually removed the option to block images and Javascript from their preferences for this "reason". I personally wouldn't block images by default unless I had a very slow connection, but talk about dumbing down for users!!!
I will try browsing for the next while with Java applets, Javascript, and Popups turned off. Should I have cookies off too?

Quote
siria
To tell the truth, before switching on JS, I first try if killing the css styles doesn't already do the trick and unhide the stuff I want to see - works wonders quite often!

I must say, I've never killed a CSS, although I see them commit suicide now and again, like the past few days on this forum! My message took many attempts to finally post; sourceforge problems I guess. How does one kill a CSS? This would be nice sometimes.

Quote
siria
And in general prefer simple mobile versions for twitter etc., which are nearly unbearable in default view.

I might not need this with my Intel Core 2 Duo 2.33 GHz and 3 GB RAM in my "zippy" ThinkPad T60p, but can certainly see this being helpful on a slower machine!

Quote
siria
Of course, it depends from the computer power and especially from the sites one regularly visits. But personally I prefer simple clear sites anyway, so no prob. If someone needs those flashy big sites though like Facebook or mail accounts all the time they'd go crazy when toggling stuff all the time on-off-on-off...

I don't use Webmail anymore, though I do use Facebook quite a bit, but I will try the privacy bar. I personally find the mobile sites too drastic a jump, but it does make me mad when the regular desktop version of Web sites keep updating to new versions (read: bloating) but don't seemingly add any more functionality. I can tell you Facebook was at least three times faster five years ago! It was zippy even with IE!

Quote
siria
To keep the NSA &Co from spying via encrypted transfer?? Hehe, good one They did force by law the encryption companies to build in special keys for them, so they can read everything anyway. If they refused or wouldn't keep that order top secret, they were treated as enemies of the state and threatened with jail.

Yes, some of the backdoors I've heard about are incredible. There was the one with the SIM card manufacturer, and even the firmware of some of the biggest hard drive companies!

You know, as commendable as it is that you keep your Windows 98 computer running and on the Internet in 2015 now, if you downgraded your unloved Vista laptop to XP (you might still have downgrade rights!), upgrading from 98 to XP (with ineXPerience installed and nonsense disabled), I bet your life would be a lot easier in this day and age. Although perhaps not as fun! :cool:

Quote
JohnHell

Here is a thread:
http://kmeleonbrowser.org/forum/read.php?1,131701,131701

And this is in K-meleon74:
http://kmeleonbrowser.org/forum/read.php?8,127127

Thanks for finding these threads!
Well I'm glad to see it is noticed by others, but as Dorian says, it is a relatively low-priority bug.

Quote
JohnHell
For cookies and youtube. Set allow to youtube.com and session to google.com.

I did this and YouTube comments work now!

Quote
JohnHell
After set the permanent cookies to log in for youtube, you can remove the google.com session rule and set youtube.com to session. You don't need anything else.

I did this step and then it won't work anymore, so I reverted to the first way.
By needing nothing else, do you mean I can safely clear out all my hundreds of cookies and keep them blocked with that exception in place?

Quote
JohnHell
If I'm not wrong, I explained in the forum a few months back.

Their commenting system may have changed since then. I say "if it ain't broke, don't fix it", but that is not Google ideology.

Quote
JohnHell

Quote
thomase13

Quote
siria
For example I've read (but not sure) that https needs certificates and those are unique to each machine? If yes, it's no wonder nearly all big sites now force https all the time :-/ Be it a simple google search, or just viewing yt, or FB, or twitter, etc

Wow, I haven't heard that about https, but have wondered why everyone is switching over now! I had heard it was so the NSA, CSIS, etc. can't read and track everything, but I don't really know.

Wow, wow, wow.... step back and breath, LOL.

The reason to switch to TLS is because aside the ISP, that only knows where are you connecting, the only one who knows what are you transferring is the server and you. Unless in the endpoints the connection if being sniffed (httpmonitor/httpfox extension for K-meleon/Firefox, for example) or there is a MiTM attack (harder with TLS).

Said that, no, each machine hasn't a unique certificate. In fact, with TLS, every connection has a handsake where is negotiated a new key pair for the asymmetric connection. Unless you need to use a certificate, which is not mandatory, unless you need to log in, for example, to your government websites, where you have to identify yourself unequivocally with your own personal certificate issued by your government. This applies, in the same way, to your company, for example, or other similar uses. In this case, your certificate can be used to create the asymmetric encryption (note that this connection isn't the handsake where still is negotiated a key pair).

I don't think I understand all of this, but I do not know how to switch to TLS. I see nothing about this in the preferences.

Quote
Dorian
Should be the last update

The "plugin" macro function is fixed (kPrivacy_ClearAll is working now)
Titles were missing in tab tooltip after loading a session
Disabled OOP for flash by default, and tweaked it a bit for OOP
Jsbridge registercmd, add experimental enabled and checked callback

Thank you Dorian!
Appreciate the updated Klassic padlock icons!
Only thing that won't work for me is that my privacy bar will not stay enabled after restarting.



Edited 2 time(s). Last edit at 05/20/2015 05:31PM by thomase13.

 



Edited 1 time(s). Last edit at 03/21/2016 12:18PM by adodupan.

All here is off Topic, ignore Dorian and devs.

Quote
thomase13

Quote
JohnHell
For cookies and youtube. Set allow to youtube.com and session to google.com.

I did this and YouTube comments work now!

Quote
JohnHell
After set the permanent cookies to log in for youtube, you can remove the google.com session rule and set youtube.com to session. You don't need anything else.

I did this step and then it won't work anymore, so I reverted to the first way.
By needing nothing else, do you mean I can safely clear out all my hundreds of cookies and keep them blocked with that exception in place?

Quote
JohnHell
If I'm not wrong, I explained in the forum a few months back.

Their commenting system may have changed since then. I say "if it ain't broke, don't fix it", but that is not Google ideology.

For comments just differs a little (I was only telling how to login to youtube without accepting more cookies than the necessary to login) as you need to add plus.google.com to the process.

By nothing else, I meant that once the cookies are set for youtube.com and/or plus.google.com with rules as Allow, you can change back these rules to session. This means that the login cookies would be read, but as they are not changed, there is no harm in set the rules to session. The benefit is no new cookies from those domains and permanent permission to read the login cookies that are stored, as those cookies were written while the permission was Allow and won't be removed when changing the permission to session.

But in any way I meant to remove any other cookie. You need to left the login cookies, that with youtube are several cookies.

Just a final note. I haven't tested the domain plus.google.com as explained above because I don't have a plus account. I just pass to sign for it for just commenting in Youtube (or any other shit by Google forcing to use G+), but should work.

Quote
thomase13

Quote
JohnHell

Quote
thomase13

Quote
siria
For example I've read (but not sure) that https needs certificates and those are unique to each machine? If yes, it's no wonder nearly all big sites now force https all the time :-/ Be it a simple google search, or just viewing yt, or FB, or twitter, etc

Wow, I haven't heard that about https, but have wondered why everyone is switching over now! I had heard it was so the NSA, CSIS, etc. can't read and track everything, but I don't really know.

Wow, wow, wow.... step back and breath, LOL.

The reason to switch to TLS is because aside the ISP, that only knows where are you connecting, the only one who knows what are you transferring is the server and you. Unless in the endpoints the connection if being sniffed (httpmonitor/httpfox extension for K-meleon/Firefox, for example) or there is a MiTM attack (harder with TLS).

Said that, no, each machine hasn't a unique certificate. In fact, with TLS, every connection has a handsake where is negotiated a new key pair for the asymmetric connection. Unless you need to use a certificate, which is not mandatory, unless you need to log in, for example, to your government websites, where you have to identify yourself unequivocally with your own personal certificate issued by your government. This applies, in the same way, to your company, for example, or other similar uses. In this case, your certificate can be used to create the asymmetric encryption (note that this connection isn't the handsake where still is negotiated a key pair).

I don't think I understand all of this, but I do not know how to switch to TLS. I see nothing about this in the preferences.

You don't need to enable anything. It was an explanation of the Transport Layer Security that is shipped with every browser to establish secured connections and that there isn't a default certificate that identifies the browser (in fact, you should be requested for it each time and you aren't).

Now it is used TLS 1.1 as default in every gecko browser instead the previous SSL (Secure Sockets Layer) because of the recent discovered issues.

More at https://en.wikipedia.org/wiki/Transport_Layer_Security



Edited 1 time(s). Last edit at 05/20/2015 08:18PM by JohnHell.

Thanks guys! (why are there hardly ever any girls around? ;-P)Will have to study it closer when I have more time.
Just quick notes, of course websites sometimes "break" when blocking stuff :cool: But that can be 'repaired' by simple reloading, while the 'un-blocked' danger is 100x times worse, it can easily get our own computers broken by malware. Kinda funny if clueless people think they'd be 'safer' with default settings. A viewpoint that never occured to me, but now, you're probably right!
And while cookies are about identifying, spying and tracking, at least they don't destroy anything, contrary to new malware slipped in by javascript, java, flash, etc. So personally I prefer to open those doors only step by step, not all at once. But everyone has their own needs and favorite methods.



Edited 1 time(s). Last edit at 05/20/2015 09:34PM by siria.

Had been navEnableJS and navDisableJS removed?

Looks like what works are:

navToggleJS

pageToggleJS
pageEnableJS
pageDisableJS


It has sense, as they aren't needed with navToggleJS, but I just want to know if it is like this.

This is to fix the Documentation:
http://kmeleonbrowser.org/forum/read.php?2,130307,page=3#msg-133093



Edited 1 time(s). Last edit at 05/20/2015 10:52PM by JohnHell.