Re: [Lynx-dev] Why Do I Receive a Gateway Timeout on www.crisisgroup.org
Actually, no it does not. The profile at the top of this page, the one which appears in lynx, when you remove the user header indicates the servers are rather simple, its dated 1999. if you go to the site with lynx and get the 504 gateway error, change the send user agent header and the site displays, oddly but it displays. links uses a different approach to user agent headers. when I researched the error, all information indicates it is a site thing not a you thing. Kare On Mon, 20 Aug 2018, Chime Hart wrote: OK Karen, thanks for your explainer, but the fact that it works in e l i n k s but not L Y N X would mean something else. In looking in my files, as late as October 2014 or maybe some of 2015 I could reach this site. Thanks so much in advance Chime ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
Re: [Lynx-dev] Why Do I Receive a Gateway Timeout on www.crisisgroup.org
OK Karen, thanks for your explainer, but the fact that it works in e l i n k s but not L Y N X would mean something else. In looking in my files, as late as October 2014 or maybe some of 2015 I could reach this site. Thanks so much in advance Chime ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
Re: [Lynx-dev] Why Do I Receive a Gateway Timeout on www.crisisgroup.org
hi Chime, Normally 504 gateway errors have nothing to do with your personal setup. Instead they reflect a communications error between the site's own servers, timing out communications wise. have you been able to reach the site before using lynx? kare On Mon, 20 Aug 2018, Chime Hart wrote: Well Russell, thanks for looking, however, whether I try here on Shellworld or on my hard-drive in Debian, I receive a 504 error. Running Lynx Version 2.8.9rel.1 Thanks so much in advance Chime ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
Re: [Lynx-dev] Why Do I Receive a Gateway Timeout on www.crisisgroup.org
Well Russell, thanks for looking, however, whether I try here on Shellworld or on my hard-drive in Debian, I receive a 504 error. Running Lynx Version 2.8.9rel.1 Thanks so much in advance Chime ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
[Lynx-dev] Why Do I Receive a Gateway Timeout on www.crisisgroup.org
Quoth Chime Hart: 'in trying to visit www.crisisgroup.org l i n k s does reach this site, but when going to specific articles, I think it just loops around. But worse, L Y N X gives me a 504 gateway timeout. Can some1 please examine, incase there are work-arounds.' I have no trouble connecting. The pages are > 100K, if size matters. Every page begins with > 300 lines of header information before the information on the topic. If you're being read to you have a lot of the same being read before you get to the information you want. russell bell ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
[Lynx-dev] Why Do I Receive a Gateway Timeout on this Site?
Hi All: Well, in trying to visit www.crisisgroup.org l i n k s does reach this site, but when going to specific articles, I think it just loops around. But worse, L Y N X gives me a 504 gateway timeout. Can some1 please examine, incase there are work-arounds. Thanks so much in advance Chime ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
Re: [Lynx-dev] TLS-"transport layer security" & LYNX
> My grudge against HTTPS, for example, is that just looking through an > average certificate store is an enourmous set of public keys - and it > would seem to be impossible to keep up with who actually owns the > private counterparts of these. And it only takes one to be > compromised to throw everyone's HTTPS verifications off. Quite so. I would be astonished if none had leaked. But then, the whole security model was compromised the first time a TLD-wildcard cert was issued (such as is used for "captive portal" interposers by airlines for their in-flight wifi and the like) - or, if you prefer, when support for them was implemented. > But maybe one day HTTPS will be more robust, safe. Well...maybe something derived from it will be - though I have my doubts - but, if so, I think it won't be much like HTTPS any longer. > Personally I think physically going to a business and being given a > copy of their key would be good... a mix of old and new. Yes. Throw out the whole CA-chain model; it's fundamentally broken, by wildcards, by lack of transparency of the root-CA list, and by being run by businesses and therefore having (from users' point of view) perverse incentives. /~\ The ASCII Mouse \ / Ribbon Campaign X Against HTMLmo...@rodents-montreal.org / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
Re: [Lynx-dev] TLS-"transport layer security" & LYNX
> > > manipulating connections, blocking connections that are deemed > > > "unwanted / illegal / etc.", and spying on user agents. > > > > That's all very well, and I'm glad it's available. My beef is with > > webservers imposing it on clients, rather than letting clients choose. > > The idea is that if the webserver does not impose it the client will not > get the choice because of the gov./etc., thus the choice is imposed on all > for those whose clients would not get the choice. > > It is a trade off. > A little late, but, something I wanted to post here: Apparently, according to https://www.howsmyssl.com my distribution of Lynx is supporting weak cipher suites, and that is the only problem with Lynx's TLS. '3DES vulnerable to sweet32' I think this is something that can be fixed upstream? Assuming the opinions of howsmyssl.com on cipher suites are credible. Yes, I would conclude HTTPS is one big trade-off, with obvious flaws. My grudge against HTTPS, for example, is that just looking through an average certificate store is an enourmous set of public keys - and it would seem to be impossible to keep up with who actually owns the private counterparts of these. And it only takes one to be compromised to throw everyone's HTTPS verifications off. So I try to think of HTTPS as a 'public beta' - consumers have only just moved to the internet for everything over the past 10 years, and there are various developments that need to happen to it. I too dislike the power of Google, but they are introducing a new security header named 'Expect-CT' which _might_ solve the thing I most dislike about HTTPS. It should be easier to implement than HKPK. But at present the 'Secure' and 'NotSecure' notices in Chromium/Chrome are just oversimplified humour! But maybe one day HTTPS will be more robust, safe. Personally I think physically going to a business and being given a copy of their key would be good... a mix of old and new. ___ Lynx-dev mailing list Lynx-dev@nongnu.org https://lists.nongnu.org/mailman/listinfo/lynx-dev
