On Fri, Sep 06, 2002 at 09:43:47PM +0200, Robert Bihlmeyer wrote: > Travis Bemann <[EMAIL PROTECTED]> writes: > > > I think that a good compromise would be to put up a warning page > > where the user has to type "I do know that Micro$oft Internet > > Explorer is an insecure piece of shit" as specified by the page into > > a text item in a form (the $ would be mandatory) and then press a > > button to actually use fproxy, to keep people from simply clicking > > through without paying real serious attention to the warning. :) > > Your rage against MS's stance is perfectly understandable, but let's > try a more clear minded approach. Otherwise we will lose more respect > than we'll gain. > > First, it would be nice if (rather than checking the browser version) > the bug could be tested directly. This could work: Serve "check.txt" > declared text/plain in a small frame, non-scrolling frame. This file > will contain a lot of linefeeds, and finally > > <html><head><meta http-equiv="refresh" content="0;URL=/bug_warning.html"> I'd prefer for it to start immediately as HTML, in case any browser only treats text as HTML if it sees HTML in the first n lines or n chars. Something like <html><head>.... <!-- If you are seeing this, your browser is safe.
> > A buggy browser will interpret the HTML, and therefore most likely the > refresh command. Others will just show everything as text (and > hopefully the above junk will not be in view). Yup. There are some interfaces issues; I am planning to add a "Protecting your anonymity" link/servlet to the nodeinfo/fproxy home page, which includes this sort of thing. Another problem is how do we get users already using freenet to test their browsers; and for this reason, keeping a blacklist of bad browsers separately has to be a good idea. > > The warning page should contain an explanation, solutions (e.g. links > to fine browsers), and a "I don't care about anonymity" button. > Disabling the warning should be possible in the config file, with dire > warnings there as well. If people want to disable the warning completely, they can go hack the source. > > As a final thought, couldn't we just work around deficiencies like > that? What happens if you send "text/x-really-plain" instead? Nope. Not really. > > -- > Robbe -- Matthew Toseland [EMAIL PROTECTED] [EMAIL PROTECTED] Freenet/Coldstore open source hacker. Looking for $coding (I'm cheap)
msg03855/pgp00000.pgp
Description: PGP signature