Re: OS problem or SM problem??

[NoOp]

On 01/08/2018 01:01 AM, Daniel wrote:
> I dual boot this HP 6730b Laptop with both Windows 7 and Mageia Linux, 
> as shown i8n my sig file, and share the one SeaMonkey 2.49.1 profile 
> which is situated on one of my Win7 partitions. Recently I have added 
> Lightning (getting old ... memory failing ;-( or is my life getting 
> busier?? ;-)  ) to both OS's SeaMonkey profiles.
> 
> I originally installed it to Win7 SM and it appeared in the Mail & News 
> Screen and I added several dates. It didn't display or remind me of any 
> dates that I had entered (but I'll try to sort that by posting to the 
> m.s.calendar newsgroup).
> 
> What I want to know here is ... it seems, each time I switch between 
> Win7 and MGALinux, I'm losing the Lightning display in SM's M & N 
> screen. Is this because I'm setting up SM/Lightning to function in one 
> OS and then when I change OS's, it forgets (for some reason) that it had 
> had Lightning installed, requiring a re-installation again and again and 
> again??
> 
> Is there someone out there who uses Lightning on several different OS's 
> that might be able to sort me out??
> 
> TIA
> 

Set up SeaMonkey w/lighting for each OS. The install.rdf's are different
for Win and linux:

linux

 {e2fda1a4-762b-4020-b5ad-a41df1933103}
Lightning
5.4 
Integrated Calendaring  Scheduling for your
Email client
Mozilla Calendar Project

https://www.mozilla.org/projects/calendar/
chrome://calendar/skin/cal-icon32.png

chrome://messenger/content/preferences/preferences.xul
Linux_x86-gcc3
Linux_x86_64-gcc3
true


Windows:
{e2fda1a4-762b-4020-b5ad-a41df1933103}
Lightning
5.4 
Integrated Calendaring  Scheduling for your
Email client
Mozilla Calendar Project

https://www.mozilla.org/projects/calendar/
chrome://calendar/skin/cal-icon32.png

chrome://messenger/content/preferences/preferences.xul
WINNT_x86-msvc

Point to the same profile (backup beforehand) and see if that solves
your problem.

I do not use the same profile on my Win10/Ubuntu linux dualboot - if I
absolutely need to ensure they are in sync I just use grsync/rsync
between them. That said, I have changed to primarily using Google
Calendar as the medium between both Lightnings (Win10-Lightning / GC /
linux-Lightning) and so far everything stays in sync w/o any real issues.




___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Inbox is Protected

[Frog]

I upgraded SeaMonkey to 2.49.1 yesterday.  Now I am getting the 
following message:


"Inbox is protected.  Please enter a Document Open Password."

I have never established such a password on any system that I have ever 
owned.  How do I fix this problem?


Windows 10

Frog
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Spectre exploit

[Ray_Net]

Lee wrote on 08-01-18 23:19:

On 1/8/18, Ray_Net  wrote:

Lee wrote on 08-01-18 01:06:

On 1/7/18, Ray_Net  wrote:

Lee wrote on 07-01-18 22:44:

summary: The vuln. mitigation is to install noscript + request policy
continued or uMatrix + uBlock Origin or whatever other addon combo
that allows javascript from only whitelisted sites.

On 1/7/18, Ray_Net  wrote:

WaltS48 wrote on 06-01-18 18:05:

On 1/6/18 2:36 AM, Ray_Net wrote:

I have read:

"Disable Javascript until browser company comes out with patch for
vulnerable Javascript."

So, will SM issue a patch against the Spectre exploit ?

Mozilla needs to come up with a patch first.  What they have now only
blocks the obvious timing attack methods.


SeaMonkey 2.49.1 is based on Firefox 52 ESR code, and Firefox 52 ESR
doesn't have SharedBufferArray enabled.
||
||SharedArrayBuffer| is already disabled in Firefox 52 ESR.
||
|REF: https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/


Would it mean that we are protected ?

No.

Look at the FF advisory
 The precision of performance.now() has been reduced from 5μs to
20μs, and the SharedArrayBuffer feature has been disabled because it
can be used to construct a high-resolution timer.

SeaMonkey doesn't implement the SharedArrayBuffer feature but I'm
guessing it's performance.now() function still has the 5μs resolution
and that will take a patch to fix.

But changing the performance.now() resolution is not sufficient.  Take a
look at
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
 Furthermore, other timing sources and time-fuzzing techniques are
being worked on.

Which is like saying we've locked the front door so nobody can walk
right in anymore but the ground floor windows are still wide open.

Follow the "other timing sources and time-fuzzing techniques" link to
https://gruss.cc/files/fantastictimers.pdf
 Abstract. Research showed that microarchitectural attacks like cache
attacks can be performed through websites using JavaScript. These
timing attacks allow an adversary to spy on users secrets such as
their keystrokes,leveraging fine-grained timers. However, the W3C and
browser vendors responded to this significant threat by eliminating
fine-grained timers from JavaScript. This renders previous
high-resolution microarchitectural attacks non-applicable.

 >>We demonstrate the inefficacy of this mitigation<< by finding and
evaluating a wide range of new sources of timing information. We
develop measurement methods that exceed the resolution of official
timing sources by to orders of magnitude on all major browsers, and
even more on Tor browser. Our timing measurements do not only
re-enable previous attacks to their full extent but also allow
implementing new attacks. We demonstrate a new DRAM-based covert
channel between a website and an unprivileged app in a virtual machine
without network hardware. Our results emphasize that quick-fix
mitigations can establish a dangerous false sense of security.


In short, performance.now() and SharedBufferArray are the easy/obvious
ways to get a high resolution timer in javascript but they're not the
only possible methods.

So... what to do?  The exploit mitigation is to install noscript +
request policy continued or uMatrix + uBlock Origin or whatever other
addon combo that allows javascript from only whitelisted sites.

Regards,
Lee

For "Request Policy" we have for all versions:
This add-on is not compatible with your version of SeaMonkey.

"Request Policy" was the original - you want "RequestPolicy Continued"
which is easier to use:
https://addons.mozilla.org/en-US/firefox/addon/requestpolicy-continued/

which links to
https://addons.mozilla.org/firefox/downloads/file/747484/requestpolicy_continued-1.0.beta13.2-fx+sm.xpi


For "NoScript Security Suite" we have:
Only with FireFox.

yeah.. you need to scroll down to 'version history' & click on 'see
all versions'
It looks like 5.1.8.3 is the last one that will work w/ SM
Works with Firefox 45.0 - 56.0, SeaMonkey 2.42 - *
https://addons.mozilla.org/firefox/downloads/file/806790/noscript_security_suite-5.1.8.3-fx+sm.xpi

Regards
Lee

Anyway, it's better that SM solve problems instead of a need to install
a myriad of extensions.

agreed.  But I like having more control over what's allowed than the
javascript.enabled on/off switch & extensions are the only way I know
of to get that.

Regards
Lee
I think that Microsoft had installed yesterday an emergency patch for 
adressing meltdown and spectre.

https://blog.trendmicro.com/fixing-meltdown-spectre-vulnerabilities/
and 
Microsoft yesterday released an emergency patch for Windows 10 to 
address this prior to Patch Tuesday, which incorporates KAISER in KB4056892

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org

Re: OS problem or SM problem??

[gNeandr]

On 08.01.2018 22:46, mozilla-lists.mbou...@spamgourmet.com wrote:
In short, I think the problem is with neither the OS nor SeaMonkey, but 
with your configuration (attempting to share a single profile between 
the two OSs).
Right! Special care is needed if it comes to use one profile 
instance/copy for both OSs.


That was solved with Reminderfox to use it with WIN and Linux (and 
should also work with OSX). RmFX stores the reminder ICS data as text 
files (.ics), so with saving we change the path notation (internally, no 
user interaction).


With Lightning the situation could be more complicated, as said it has 
binary, OS specific components and the ICS data can be stored in a db.

So there is no easy solution for SM/LG on Win/Linux.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Spectre exploit

[Lee]

On 1/8/18, Ray_Net  wrote:
> Lee wrote on 08-01-18 01:06:
>> On 1/7/18, Ray_Net  wrote:
>>> Lee wrote on 07-01-18 22:44:
 summary: The vuln. mitigation is to install noscript + request policy
 continued or uMatrix + uBlock Origin or whatever other addon combo
 that allows javascript from only whitelisted sites.

 On 1/7/18, Ray_Net  wrote:
> WaltS48 wrote on 06-01-18 18:05:
>> On 1/6/18 2:36 AM, Ray_Net wrote:
>>> I have read:
>>>
>>> "Disable Javascript until browser company comes out with patch for
>>> vulnerable Javascript."
>>>
>>> So, will SM issue a patch against the Spectre exploit ?
 Mozilla needs to come up with a patch first.  What they have now only
 blocks the obvious timing attack methods.

>> SeaMonkey 2.49.1 is based on Firefox 52 ESR code, and Firefox 52 ESR
>> doesn't have SharedBufferArray enabled.
>> ||
>> ||SharedArrayBuffer| is already disabled in Firefox 52 ESR.
>> ||
>> |REF: https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
>>
> Would it mean that we are protected ?
 No.

 Look at the FF advisory
 The precision of performance.now() has been reduced from 5μs to
 20μs, and the SharedArrayBuffer feature has been disabled because it
 can be used to construct a high-resolution timer.

 SeaMonkey doesn't implement the SharedArrayBuffer feature but I'm
 guessing it's performance.now() function still has the 5μs resolution
 and that will take a patch to fix.

 But changing the performance.now() resolution is not sufficient.  Take a
 look at
 https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
 Furthermore, other timing sources and time-fuzzing techniques are
 being worked on.

 Which is like saying we've locked the front door so nobody can walk
 right in anymore but the ground floor windows are still wide open.

 Follow the "other timing sources and time-fuzzing techniques" link to
 https://gruss.cc/files/fantastictimers.pdf
 Abstract. Research showed that microarchitectural attacks like cache
 attacks can be performed through websites using JavaScript. These
 timing attacks allow an adversary to spy on users secrets such as
 their keystrokes,leveraging fine-grained timers. However, the W3C and
 browser vendors responded to this significant threat by eliminating
 fine-grained timers from JavaScript. This renders previous
 high-resolution microarchitectural attacks non-applicable.

 >>We demonstrate the inefficacy of this mitigation<< by finding and
 evaluating a wide range of new sources of timing information. We
 develop measurement methods that exceed the resolution of official
 timing sources by to orders of magnitude on all major browsers, and
 even more on Tor browser. Our timing measurements do not only
 re-enable previous attacks to their full extent but also allow
 implementing new attacks. We demonstrate a new DRAM-based covert
 channel between a website and an unprivileged app in a virtual machine
 without network hardware. Our results emphasize that quick-fix
 mitigations can establish a dangerous false sense of security.


 In short, performance.now() and SharedBufferArray are the easy/obvious
 ways to get a high resolution timer in javascript but they're not the
 only possible methods.

 So... what to do?  The exploit mitigation is to install noscript +
 request policy continued or uMatrix + uBlock Origin or whatever other
 addon combo that allows javascript from only whitelisted sites.

 Regards,
 Lee
>>> For "Request Policy" we have for all versions:
>>> This add-on is not compatible with your version of SeaMonkey.
>> "Request Policy" was the original - you want "RequestPolicy Continued"
>> which is easier to use:
>> https://addons.mozilla.org/en-US/firefox/addon/requestpolicy-continued/
>>
>> which links to
>> https://addons.mozilla.org/firefox/downloads/file/747484/requestpolicy_continued-1.0.beta13.2-fx+sm.xpi
>>
>>> For "NoScript Security Suite" we have:
>>> Only with FireFox.
>> yeah.. you need to scroll down to 'version history' & click on 'see
>> all versions'
>> It looks like 5.1.8.3 is the last one that will work w/ SM
>>Works with Firefox 45.0 - 56.0, SeaMonkey 2.42 - *
>> https://addons.mozilla.org/firefox/downloads/file/806790/noscript_security_suite-5.1.8.3-fx+sm.xpi
>>
>> Regards
>> Lee
>
> Anyway, it's better that SM solve problems instead of a need to install
> a myriad of extensions.

agreed.  But I like having more control over what's allowed than the
javascript.enabled on/off switch & extensions are the only way I know
of to get that.

Regards
Lee

Re: Is this group moderated?

[Jonathan N. Little]

Paul B. Gallagher wrote:

Jonathan N. Little wrote:

Paul B. Gallagher wrote:

Jonathan N. Little wrote:

Because Windows defaults to using *localtime* for the system's 
realtime clock and Linux uses UTC. Getting Windows to use UTC is a 
bit of a pain, so it is much easier to adjust Linux.


Not much of a pain here on Windows 7. Right-click the clock at lower 
right corner of the screen, choose "Adjust date/time," click "change 
time zone," pull down "(UTC) Coordinated Universal Time" from the 
list, OK out and you're done. Very straightforward. You could go the 
long way through Control Panel if you wanted, but why bother?


BTW, in my experience Windows has usually defaulted to US Pacific 
Time out of the box (I guess 'cause that's where M$ lives), so I've 
had to change the time zone whenever I bought a new machine, but once 
it's done and daylight saving time is enabled, I never have to think 
about it again.


That just sets the display of the clock in Windows not when 
referencing the clock set in CMOS. Windows assumes motherboard has 
*localtime* not UTC so if your are not online yet the clock retrieved 
from CMOS will not show the correct timezone...


To use UTC in CMOS and show local time zone in OS in Windows uses a 
registry edit, see:


 



OK, that's a nice hack, but what does it have to do with the price of 
beans? Does it change the date/time stamps on outgoing emails? Aren't 
those read from the OS time?




I was addressing previous issue Daniel voiced:

"I'm swapping between Linux and Win7. My clock varies by eleven hours"

--
Take care,

Jonathan
---
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: OS problem or SM problem??

[mozilla-lists . mbourne]

Daniel wrote:
I dual boot this HP 6730b Laptop with both Windows 7 and Mageia Linux, 
as shown i8n my sig file, and share the one SeaMonkey 2.49.1 profile 
which is situated on one of my Win7 partitions. Recently I have added 
Lightning (getting old ... memory failing ;-( or is my life getting 
busier?? ;-)  ) to both OS's SeaMonkey profiles.


I originally installed it to Win7 SM and it appeared in the Mail & News 
Screen and I added several dates. It didn't display or remind me of any 
dates that I had entered (but I'll try to sort that by posting to the 
m.s.calendar newsgroup).


What I want to know here is ... it seems, each time I switch between 
Win7 and MGALinux, I'm losing the Lightning display in SM's M & N 
screen. Is this because I'm setting up SM/Lightning to function in one 
OS and then when I change OS's, it forgets (for some reason) that it had 
had Lightning installed, requiring a re-installation again and again and 
again??


Is there someone out there who uses Lightning on several different OS's 
that might be able to sort me out??


I'm not sure if it's still the case, but at one time parts of the 
Lightning were binary components, compiled for a specific OS. You'd need 
to install the Windows build of Lightning in the SeaMonkey profile used 
on Windows, and the Linux build of Lightning in the SeaMonkey profile 
used on Linux. The same build wouldn't work on both. There are certainly 
still different downloads of Lightning for Windows and Linux. Even if 
there are no longer binary components, there may be other things which 
prevent the same build from working in both OSs.


While sharing a single profile between Windows and Linux installs might 
seem to work most of the time, as far as I'm aware that's not actually 
supported and can (as you've discovered) cause some issues. Another 
potential source of problems is that various filesystem paths stored in 
the profile are different on the two OSs, although from posts here it 
seems that doesn't generally cause noticeable problems in practice.


In short, I think the problem is with neither the OS nor SeaMonkey, but 
with your configuration (attempting to share a single profile between 
the two OSs).


--
Mark.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Is this group moderated?

[Paul B. Gallagher]

Jonathan N. Little wrote:

Paul B. Gallagher wrote:

Jonathan N. Little wrote:

Because Windows defaults to using *localtime* for the system's 
realtime clock and Linux uses UTC. Getting Windows to use UTC is a 
bit of a pain, so it is much easier to adjust Linux.


Not much of a pain here on Windows 7. Right-click the clock at lower 
right corner of the screen, choose "Adjust date/time," click "change 
time zone," pull down "(UTC) Coordinated Universal Time" from the 
list, OK out and you're done. Very straightforward. You could go the 
long way through Control Panel if you wanted, but why bother?


BTW, in my experience Windows has usually defaulted to US Pacific Time 
out of the box (I guess 'cause that's where M$ lives), so I've had to 
change the time zone whenever I bought a new machine, but once it's 
done and daylight saving time is enabled, I never have to think about 
it again.


That just sets the display of the clock in Windows not when referencing 
the clock set in CMOS. Windows assumes motherboard has *localtime* not 
UTC so if your are not online yet the clock retrieved from CMOS will not 
show the correct timezone...


To use UTC in CMOS and show local time zone in OS in Windows uses a 
registry edit, see:


 


OK, that's a nice hack, but what does it have to do with the price of 
beans? Does it change the date/time stamps on outgoing emails? Aren't 
those read from the OS time?


--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Is this group moderated?

[A Williams]

Daniel wrote:

Paul B. Gallagher wrote:


Because such an invalid time stamp is proof that the message is spam.
Real people don't keep their computer date and time so far off from
reality.


Well, just at the moment, Paul, you might pick me, as I'm swapping
between Linux and Win7. My clock varies by eleven hours (o.k., not the
24hrs+ Mr/Mrs/Ms Williams refers to, but...) dependant on which OS I'm
using at the time and if I've remembered to adjust the clock or not!!



Lord Williams of somewhere-or-other
and the 24 hours was chosen deliberately.
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Is this group moderated?

[Jonathan N. Little]

Paul B. Gallagher wrote:

Jonathan N. Little wrote:

Because Windows defaults to using *localtime* for the system's 
realtime clock and Linux uses UTC. Getting Windows to use UTC is a bit 
of a pain, so it is much easier to adjust Linux.


Not much of a pain here on Windows 7. Right-click the clock at lower 
right corner of the screen, choose "Adjust date/time," click "change 
time zone," pull down "(UTC) Coordinated Universal Time" from the list, 
OK out and you're done. Very straightforward. You could go the long way 
through Control Panel if you wanted, but why bother?


BTW, in my experience Windows has usually defaulted to US Pacific Time 
out of the box (I guess 'cause that's where M$ lives), so I've had to 
change the time zone whenever I bought a new machine, but one it's done 
and daylight saving time is enabled, I never have to think about it again.




That just sets the display of the clock in Windows not when referencing 
the clock set in CMOS. Windows assumes motherboard has *localtime* not 
UTC so if your are not online yet the clock retrieved from CMOS will not 
show the correct timezone...


To use UTC in CMOS and show local time zone in OS in Windows uses a 
registry edit, see:


 



--
Take care,

Jonathan
---
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Is this group moderated?

[Paul B. Gallagher]

Jonathan N. Little wrote:

Because Windows defaults to using *localtime* for the system's realtime 
clock and Linux uses UTC. Getting Windows to use UTC is a bit of a pain, 
so it is much easier to adjust Linux.


Not much of a pain here on Windows 7. Right-click the clock at lower 
right corner of the screen, choose "Adjust date/time," click "change 
time zone," pull down "(UTC) Coordinated Universal Time" from the list, 
OK out and you're done. Very straightforward. You could go the long way 
through Control Panel if you wanted, but why bother?


BTW, in my experience Windows has usually defaulted to US Pacific Time 
out of the box (I guess 'cause that's where M$ lives), so I've had to 
change the time zone whenever I bought a new machine, but one it's done 
and daylight saving time is enabled, I never have to think about it again.


--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Is this group moderated?

[Jonathan N. Little]

Daniel wrote:

Paul B. Gallagher wrote:

Daniel wrote:


A Williams wrote:


Speaking strictly for myself, there are two categories I'd like to
see blocked - the other one being posts where the date is more than
24 hours in the future.


Why?? You could always find out the "real" posting time if you needed
it!


Because such an invalid time stamp is proof that the message is spam. 
Real people don't keep their computer date and time so far off from 
reality.


Well, just at the moment, Paul, you might pick me, as I'm swapping 
between Linux and Win7. My clock varies by eleven hours (o.k., not the 
24hrs+ Mr/Mrs/Ms Williams refers to, but...) dependant on which OS I'm 
using at the time and if I've remembered to adjust the clock or not!!




Because Windows defaults to using *localtime* for the system's realtime 
clock and Linux uses UTC. Getting Windows to use UTC is a bit of a pain, 
so it is much easier to adjust Linux.


edit file:
sudo nano /etc/default/rcS

change line from:
UTC=yes

To:
UTC=no

Reboot and now your clock will be the same in Windows and Linux.


--
Take care,

Jonathan
---
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Is this group moderated?

[Ed Mullen]

On 1/8/2018 at 5:57 AM, Daniel created this epitome of digital genius:

Paul B. Gallagher wrote:

Daniel wrote:


A Williams wrote:


Speaking strictly for myself, there are two categories I'd like to
see blocked - the other one being posts where the date is more than
24 hours in the future.


Why?? You could always find out the "real" posting time if you needed
it!


Because such an invalid time stamp is proof that the message is spam. 
Real people don't keep their computer date and time so far off from 
reality.


Well, just at the moment, Paul, you might pick me, as I'm swapping 
between Linux and Win7. My clock varies by eleven hours (o.k., not the 
24hrs+ Mr/Mrs/Ms Williams refers to, but...) dependant on which OS I'm 
using at the time and if I've remembered to adjust the clock or not!!




Umm, Windows can automatically adjust the PC clock.  Cannot Linux do the 
same?


--
Ed Mullen
http://edmullen.net/
"You've got to dance like nobody's watching." - Kathy Mattea
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Webcam Shuts Off

[Tom Pamin]

chokito wrote:
Add scrolling="no" and frameborder="0" to the end of line iframe.

http://api.wetmet.net/client-content/PlayerFrame.php?CAMERA=186-04-01CFVER=WMWIDTH=100%HEIGHT=100%; 
width="100%" height="100%" scrolling="no" frameborder="0">


Thanks, that did get rid of the scroll bars. Some of the bottom of the 
video is cut off though, since if I go to View-Fullscreen I get the 
entire screen.


I only have access to my 15 inch laptop right now. Maybe it will appear 
differently on my desktop monitor.



___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Webcam Shuts Off

[chokito]

Add scrolling="no" and frameborder="0" to the end of line iframe.
http://api.wetmet.net/client-content/PlayerFrame.php?CAMERA=186-04-01CFVER=WMWIDTH=100%HEIGHT=100%;
 width="100%" height="100%" scrolling="no" frameborder="0">
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Is this group moderated?

[Daniel]

Paul B. Gallagher wrote:

Daniel wrote:


A Williams wrote:


Speaking strictly for myself, there are two categories I'd like to
see blocked - the other one being posts where the date is more than
24 hours in the future.


Why?? You could always find out the "real" posting time if you needed
it!


Because such an invalid time stamp is proof that the message is spam. 
Real people don't keep their computer date and time so far off from 
reality.


Well, just at the moment, Paul, you might pick me, as I'm swapping 
between Linux and Win7. My clock varies by eleven hours (o.k., not the 
24hrs+ Mr/Mrs/Ms Williams refers to, but...) dependant on which OS I'm 
using at the time and if I've remembered to adjust the clock or not!!


--
Daniel

User agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 
SeaMonkey/2.49.1 Build identifier: 20171016030418


User agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 
SeaMonkey/2.49.1 Build identifier: 20171015235623

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Is this group moderated?

[Paul B. Gallagher]

Daniel wrote:


A Williams wrote:


Speaking strictly for myself, there are two categories I'd like to
see blocked - the other one being posts where the date is more than
24 hours in the future.


Why?? You could always find out the "real" posting time if you needed
it!


Because such an invalid time stamp is proof that the message is spam. 
Real people don't keep their computer date and time so far off from reality.


--
War doesn't determine who's right, just who's left.
--
Paul B. Gallagher
___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

OS problem or SM problem??

[Daniel]

I dual boot this HP 6730b Laptop with both Windows 7 and Mageia Linux, 
as shown i8n my sig file, and share the one SeaMonkey 2.49.1 profile 
which is situated on one of my Win7 partitions. Recently I have added 
Lightning (getting old ... memory failing ;-( or is my life getting 
busier?? ;-)  ) to both OS's SeaMonkey profiles.


I originally installed it to Win7 SM and it appeared in the Mail & News 
Screen and I added several dates. It didn't display or remind me of any 
dates that I had entered (but I'll try to sort that by posting to the 
m.s.calendar newsgroup).


What I want to know here is ... it seems, each time I switch between 
Win7 and MGALinux, I'm losing the Lightning display in SM's M & N 
screen. Is this because I'm setting up SM/Lightning to function in one 
OS and then when I change OS's, it forgets (for some reason) that it had 
had Lightning installed, requiring a re-installation again and again and 
again??


Is there someone out there who uses Lightning on several different OS's 
that might be able to sort me out??


TIA

--
Daniel

User agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 
SeaMonkey/2.49.1 Build identifier: 20171016030418


User agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 
SeaMonkey/2.49.1 Build identifier: 20171015235623

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Spectre exploit

[Ray_Net]

Lee wrote on 08-01-18 01:06:

On 1/7/18, Ray_Net  wrote:

Lee wrote on 07-01-18 22:44:

summary: The vuln. mitigation is to install noscript + request policy
continued or uMatrix + uBlock Origin or whatever other addon combo
that allows javascript from only whitelisted sites.

On 1/7/18, Ray_Net  wrote:

WaltS48 wrote on 06-01-18 18:05:

On 1/6/18 2:36 AM, Ray_Net wrote:

I have read:

"Disable Javascript until browser company comes out with patch for
vulnerable Javascript."

So, will SM issue a patch against the Spectre exploit ?

Mozilla needs to come up with a patch first.  What they have now only
blocks the obvious timing attack methods.


SeaMonkey 2.49.1 is based on Firefox 52 ESR code, and Firefox 52 ESR
doesn't have SharedBufferArray enabled.
||
||SharedArrayBuffer| is already disabled in Firefox 52 ESR.
||
|REF: https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/


Would it mean that we are protected ?

No.

Look at the FF advisory
The precision of performance.now() has been reduced from 5μs to
20μs, and the SharedArrayBuffer feature has been disabled because it
can be used to construct a high-resolution timer.

SeaMonkey doesn't implement the SharedArrayBuffer feature but I'm
guessing it's performance.now() function still has the 5μs resolution
and that will take a patch to fix.

But changing the performance.now() resolution is not sufficient.  Take a
look at
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
Furthermore, other timing sources and time-fuzzing techniques are
being worked on.

Which is like saying we've locked the front door so nobody can walk
right in anymore but the ground floor windows are still wide open.

Follow the "other timing sources and time-fuzzing techniques" link to
https://gruss.cc/files/fantastictimers.pdf
Abstract. Research showed that microarchitectural attacks like cache
attacks can be performed through websites using JavaScript. These
timing attacks allow an adversary to spy on users secrets such as
their keystrokes,leveraging fine-grained timers. However, the W3C and
browser vendors responded to this significant threat by eliminating
fine-grained timers from JavaScript. This renders previous
high-resolution microarchitectural attacks non-applicable.

>>We demonstrate the inefficacy of this mitigation<< by finding and
evaluating a wide range of new sources of timing information. We
develop measurement methods that exceed the resolution of official
timing sources by to orders of magnitude on all major browsers, and
even more on Tor browser. Our timing measurements do not only
re-enable previous attacks to their full extent but also allow
implementing new attacks. We demonstrate a new DRAM-based covert
channel between a website and an unprivileged app in a virtual machine
without network hardware. Our results emphasize that quick-fix
mitigations can establish a dangerous false sense of security.


In short, performance.now() and SharedBufferArray are the easy/obvious
ways to get a high resolution timer in javascript but they're not the
only possible methods.

So... what to do?  The exploit mitigation is to install noscript +
request policy continued or uMatrix + uBlock Origin or whatever other
addon combo that allows javascript from only whitelisted sites.

Regards,
Lee

For "Request Policy" we have for all versions:
This add-on is not compatible with your version of SeaMonkey.

"Request Policy" was the original - you want "RequestPolicy Continued"
which is easier to use:
https://addons.mozilla.org/en-US/firefox/addon/requestpolicy-continued/

which links to
https://addons.mozilla.org/firefox/downloads/file/747484/requestpolicy_continued-1.0.beta13.2-fx+sm.xpi


For "NoScript Security Suite" we have:
Only with FireFox.

yeah.. you need to scroll down to 'version history' & click on 'see
all versions'
It looks like 5.1.8.3 is the last one that will work w/ SM
   Works with Firefox 45.0 - 56.0, SeaMonkey 2.42 - *
https://addons.mozilla.org/firefox/downloads/file/806790/noscript_security_suite-5.1.8.3-fx+sm.xpi

Regards
Lee
Anyway, it's better that SM solve problems instead of a need to install 
a myriad of extensions.

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey

Re: Is this group moderated?

[Daniel]

A Williams wrote:

Daniel wrote:

Paul in Houston, TX wrote:

rickman wrote:

Paul B. Gallagher wrote on 12/14/2017 2:30 PM:

WaltS48 wrote:

On 12/14/17 11:46 AM, Paul B. Gallagher wrote:

David E. Ross wrote:

On 12/13/2017 3:45 PM, Richard Owlett wrote:

If so, *WHY*?

I ask because I follow a similar group following a different
fork of
Netscape.

On that group the moderator chastised a poster for suggesting
conformance to courtesy/productivity issues.

YMMV



Mozilla newsgroups are listed at
.  Those newgroups
that are
moderated are indicated as such.  There is no indication of
moderation
for mozilla.support.seamonkey.


True enough. But in practice, Chris Ilias removes messages that
violate
his criteria and issues warnings both public and private. If you
want to
call that moderation, there it is.



You have received warnings about off-topic, or other unacceptable
posts to
this specific newsgroup?


I have. I didn't always agree with the assessment, but what could I 
do?


And it's not like he's fining me or firing me or putting me in jail.
At most
it's an annoyance when it happens to me, and a pleasure when it
happens to
real bad guys like the Italian spammer. ;-)


Do any spammers get the ax?  I have seen no indication of that.


Except for the ones in Italian I see zero spam or drama in this group.


Neither have I recently!! After I got the filter working correctly.

I'm guessing they only make it here because they come via Google groups
... and nobody dares upset them!!


Why would blocking a spammer upset Google?


Because Google doesn't care who posts what ... as long as they use Google!!

Speaking strictly for myself, there are two categories I'd like to see 
blocked - the other one being posts where the date is more than 24 hours 
in the future.


Why?? You could always find out the "real" posting time if you needed it!

--
Daniel

User agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 
SeaMonkey/2.49.1 Build identifier: 20171016030418


User agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 
SeaMonkey/2.49.1 Build identifier: 20171015235623

___
support-seamonkey mailing list
support-seamonkey@lists.mozilla.org
https://lists.mozilla.org/listinfo/support-seamonkey