Recent

Author Topic: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)  (Read 2596 times)

Aruna

  • Sr. Member
  • ****
  • Posts: 452
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #15 on: September 11, 2024, 02:17:21 pm »
Note to Self: NCSA_Mosaic/2.0 (Multics MR12.5) I see it but refuse to believe it, you gotta be kiddin me?  :o

I'm sure the forum wasn't visited by it  ::)
I think he did... for real! I was spooked when I saw that  :o
Debian GNU/Linux 11 (bullseye)
https://pascal.chat/

Aruna

  • Sr. Member
  • ****
  • Posts: 452
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #16 on: September 11, 2024, 02:21:42 pm »
@Aruna:
I personally do not have an opinion on the matter but keep in mind that an ip-address could be considered personal information, see for an explanation here.

It is for example one of the reasons that forum software removed the option/possibility to view an ip-address when reporting a post, e.g. to be in compliance with the GDPR.
I did wonder about that. I am able to see my own ip-address on my post but not anyone else's who replies. So now I know :-) That articles starts by saying 'Maybe..' and that is good enough for me am sticking with my ip-addresses. 
Debian GNU/Linux 11 (bullseye)
https://pascal.chat/

MarkMLl

  • Hero Member
  • *****
  • Posts: 7617
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #17 on: September 11, 2024, 03:25:00 pm »
I have just (14:15 BST) revisited the UA logging URL with my locked-down browser, and was told that the site needed Javascript. Does anything at all show up in the site log?

That is, I believe, /wrong/ for the purpose of UA identification (subject to spoofing), but is needed to get the screensize etc. out of the DOM.

I was able to login to the forum without Javascript etc., post a message and then edit out a typo, but it looks as though Javascript is needed to get the "fancy menu" at the top which prevents one having to remember the markup (BBC) codes.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Logitech, TopSpeed & FTL Modula-2 on bare metal (Z80, '286 protected mode).
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Aruna

  • Sr. Member
  • ****
  • Posts: 452
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #18 on: September 11, 2024, 04:36:02 pm »
I have just (14:15 BST) revisited the UA logging URL with my locked-down browser, and was told that the site needed Javascript. Does anything at all show up in the site log?
I use infinityfree for my hosting and the free service they provide has limitations but works for my needs. There is nothing that has gotten through to my UA database and I do not have access to their error logs. I guess those are restricted to their site admins.

That is, I believe, /wrong/ for the purpose of UA identification (subject to spoofing), but is needed to get the screensize etc. out of the DOM.
I will try and plug-in some php to grab the UA as well so if someone without javascript shows up the php should kick in and grab the UA. I also want to see if the UA is exactly the same in JS and PHP.

I was able to login to the forum without Javascript etc., post a message and then edit out a typo, but it looks as though Javascript is needed to get the "fancy menu" at the top which prevents one having to remember the markup (BBC) codes.
I prefer plain old text and tools like Lynx but that can quickly get really tedious and weary if one has to work with the so called 'modern' UI's and I guess with JS enabled we get a whole lot of convenience and some things are very much easier to do than without JS. LIke you mentioned the fancy tool bar at the top of the forum :-)
Debian GNU/Linux 11 (bullseye)
https://pascal.chat/

MarkMLl

  • Hero Member
  • *****
  • Posts: 7617
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #19 on: September 11, 2024, 05:49:58 pm »
I've been taking another look at what I did historically, and have got it part-running: Javascript detection always fails because of some sort of cookie problem (probably an address lookup or similar) while the non-Javascript stuff is OK.

Basically, what I've got is Smalltalk-like expressions where classes are Usenet-style discussion groups and methods are stored in the first message of each group (or inherited), it's been in use for 20+ years for workflow handling. The class browser starts off by reporting what the server thinks the client is telling it using CGI variables (adequately documented elsewhere for e.g. Apache) and this includes- in particular- the HTTP_USER_AGENT string, client IP address and client port: those last two in combination worry me.

Much more information is available if Javascript is enabled, and I'd also got tests in there for client-side Java and for unhandled <server> tags (which were very rarely implemented, I think they might have been specific to Netscape Enterprise Server which is now owned by Oracle).

The bottom line is that client-side scripting is a serious problem, and that is particularly the case if it has the capability to open server-like ports to which external systems can "push" data (which might, it goes without saying, be potentially malicious) and the server-facing router fails to block them lest it be accused of hobbling the user experience.

Finally, I'd remark that none of this is really new: I was aware of terminals in the early 1980s which ran downloaded programs coded in something similar to UCSD Pascal, and network security was 100% dependent on the fact that it was unlikely that somebody would tap into the bank's leased communication lines.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Logitech, TopSpeed & FTL Modula-2 on bare metal (Z80, '286 protected mode).
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Marc

  • Administrator
  • Hero Member
  • *
  • Posts: 2610
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #20 on: September 12, 2024, 09:59:05 am »
I'm sure the forum wasn't visited by it  ::)

What's the UA string posting this message?

MarkMLl

[11/Sep/2024:09:55:44 +0200] NCSA_Mosaic/1.0 (MULTICS MR12.5)

It the time I wrote that it wasn't visited, there was no NCSA in the logs.
(in order to have an overview of bots and spiders I've a separate log only logging useragents)
//--
{$I stdsig.inc}
//-I still can't read someones mind
//-Bugs reported here will be forgotten. Use the bug tracker

MarkMLl

  • Hero Member
  • *****
  • Posts: 7617
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #21 on: September 12, 2024, 10:06:16 am »
It the time I wrote that it wasn't visited, there was no NCSA in the logs.

I took it as a challenge :-)

As I've already said, I think I had full functionality without Javascript (and possibly with limited cookies) except that the "fancy editing" controls weren't visible.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Logitech, TopSpeed & FTL Modula-2 on bare metal (Z80, '286 protected mode).
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Aruna

  • Sr. Member
  • ****
  • Posts: 452
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #22 on: September 12, 2024, 11:57:11 am »
It the time I wrote that it wasn't visited, there was no NCSA in the logs.

I took it as a challenge :-)

As I've already said, I think I had full functionality without Javascript (and possibly with limited cookies) except that the "fancy editing" controls weren't visible.

MarkMLl
Hi @MarkMLl where can I get a copy to testdrive please? I googled and all I can find is NCSA Mosaic it has all the history but no download link :-(
Debian GNU/Linux 11 (bullseye)
https://pascal.chat/

MarkMLl

  • Hero Member
  • *****
  • Posts: 7617
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #23 on: September 12, 2024, 12:32:31 pm »
Hi @MarkMLl where can I get a copy to testdrive please? I googled and all I can find is NCSA Mosaic it has all the history but no download link :-(

That was a standard and up-to-date (by Debian's lights) Firefox, with "NoScript", "Toggle Image Animations" and "User-Agent Switcher and Manager" installed. Also generally wound up to have security "as tight as possible", custom colours etc. disabled, and IIRC a couple of specials to further disable Javascript.

Somewhere I've seen a photo showing either the Netscape or Mozilla suite on various media including QIC-style cartridge tape, but it was unclear whether that was genuine or had been Photo-edited. In any case I'm fairly sure that the original Multics systems (a) used open reels and (b) had no support for any output devices which were capable of running a graphical browser.

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Logitech, TopSpeed & FTL Modula-2 on bare metal (Z80, '286 protected mode).
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Aruna

  • Sr. Member
  • ****
  • Posts: 452
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #24 on: September 12, 2024, 02:34:49 pm »
Hi @MarkMLl where can I get a copy to testdrive please? I googled and all I can find is NCSA Mosaic it has all the history but no download link :-(

That was a standard and up-to-date (by Debian's lights) Firefox, with "NoScript", "Toggle Image Animations" and "User-Agent Switcher and Manager" installed. Also generally wound up to have security "as tight as possible", custom colours etc. disabled, and IIRC a couple of specials to further disable Javascript.
I tried adding "User-Agent Switcher and Manager" to my firefox and decided to ask you before I say yes. It says this extension will have permission to: Access your data for all websites ( I do my banking on-line ) also says access browser activity during navigation. So how safe is this I wonder?
Debian GNU/Linux 11 (bullseye)
https://pascal.chat/

MarkMLl

  • Hero Member
  • *****
  • Posts: 7617
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #25 on: September 12, 2024, 02:57:39 pm »
I tried adding "User-Agent Switcher and Manager" to my firefox and decided to ask you before I say yes. It says this extension will have permission to: Access your data for all websites ( I do my banking on-line ) also says access browser activity during navigation. So how safe is this I wonder?

If in doubt, set up some extra Firefox profiles: start with

Code: [Select]
-ProfileManager -no-remote %u

The only downside is that a program which tries to fire up FF to read e.g. documentation might have problems, I'm not sure but removing -no-remote might fix that (I can't even remember why that's in there, but there must have been a good reason when I added it ten years or so ago).

This is a facility that goes back (at least) to Netscape, each profile will have a completely separate tree of stored files etc. and a separate IPC mechanism based on a name (shared memory? unix-domain socket? By now I forget) in /tmp (?).

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Logitech, TopSpeed & FTL Modula-2 on bare metal (Z80, '286 protected mode).
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Aruna

  • Sr. Member
  • ****
  • Posts: 452
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #26 on: September 12, 2024, 03:45:33 pm »
Code: [Select]
[quote author=MarkMLl link=topic=68478.msg529659#msg529659 date=1726145859]
If in doubt, set up some extra Firefox profiles: start with
uh-uh, I trust 'your' gut instincts. If you use it, it should be safe enough for me :-) so I took a chance and added it to my firefox and wow this things is pretty comprehensive but I am unable to locate your UA string anywhere yet? How the heck did you spoof NCSA? :-)
Debian GNU/Linux 11 (bullseye)
https://pascal.chat/

MarkMLl

  • Hero Member
  • *****
  • Posts: 7617
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #27 on: September 12, 2024, 03:49:55 pm »
uh-uh, I trust 'your' gut instincts. If you use it, it should be safe enough for me :-) so I took a chance and added it to my firefox and wow this things is pretty comprehensive but I am unable to locate your UA string anywhere yet? How the heck did you spoof NCSA? :-)

Menu at top-left, the drop-down isn't alphabetic. The host OS I edited in manually, In the past I've used CrayOS which amounts to the same thing: improbable :-)

MarkMLl
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Logitech, TopSpeed & FTL Modula-2 on bare metal (Z80, '286 protected mode).
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

Aruna

  • Sr. Member
  • ****
  • Posts: 452
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #28 on: September 12, 2024, 04:00:26 pm »
uh-uh, I trust 'your' gut instincts. If you use it, it should be safe enough for me :-) so I took a chance and added it to my firefox and wow this things is pretty comprehensive but I am unable to locate your UA string anywhere yet? How the heck did you spoof NCSA? :-)

Menu at top-left, the drop-down isn't alphabetic. The host OS I edited in manually, In the past I've used CrayOS which amounts to the same thing: improbable :-)

MarkMLl
Sweet, Thanks. Check the last record here You did what? Aruna reads 'In the past I've used CrayOS' and slowly proceeds to fall off the chair (thud!)
Debian GNU/Linux 11 (bullseye)
https://pascal.chat/

MarkMLl

  • Hero Member
  • *****
  • Posts: 7617
Re: Browser User Agent & Friends Info: I Can Use Your Help (Volunteers Anyone?)
« Reply #29 on: September 12, 2024, 04:26:29 pm »
You did what? Aruna reads 'In the past I've used CrayOS' and slowly proceeds to fall off the chair (thud!)

Well, I could have put "Burroughs MCP-XIII" ** but that does lead to a serious point: the number of large-scale OSes which have gone out of their way to "support standard protocols" while in practical terms doing no such thing (e.g. actually only providing an execution environment for guest OSes, and mapping network devices to them identified by MAC address).

So, speaking from experience, you can have a headless unix system such as Linux running on an ARM-based NSLU2, and /in/ /principle/ you can run Mozilla or Lazarus on it with the X11 server being on different hardware altogether (a desktop PC etc.). The extent to which that really entitles you to say "I've got Mozilla on an NSLU2" really is highly debatable. You could similarly have a Cray with CrayOS, or potentially Multics if somebody had put a TCP/IP stack into a library with I/O via a SLIP serial port.

MarkMLl

** Which I /am/ able to run. However it's strictly 1970s and only has minimal support for the company's own protocols let alone anything exotic, it would be another 30 years before they started to make behemoths with vast numbers of PCI slots and- if my memory serves correctly- a substantial number of "bricks" containing either x86 or Itanium CPUs etc... while at the same time insisting that they could run all their legacy code seamlessly and that doing so provided numerous advantages.
MT+86 & Turbo Pascal v1 on CCP/M-86, multitasking with LAN & graphics in 128Kb.
Logitech, TopSpeed & FTL Modula-2 on bare metal (Z80, '286 protected mode).
Pet hate: people who boast about the size and sophistication of their computer.
GitHub repositories: https://github.com/MarkMLl?tab=repositories

 

TinyPortal © 2005-2018