Mathwiz

Member
  • Content count

    68
  • Joined

  • Last visited

Community Reputation

3 Neutral

About Mathwiz

Profile Information

  • OS
    98SE
  • Country
  1. With or without the POSReady '09 updates, XP 32 will support large HDDs but only if they present 4K sectors (not real or emulated 512-byte sectors): http://www.msfn.org/board/topic/158361-confirmed-3tb-hdd-usb-drive-on-winxp-32bit/?do=findComment&comment=1046836
  2. Well, me neither; sadly, so many web sites seem to flummox Opera 12 now. Facebook doesn't really work very well with it anymore. Have to use Firefox. But I still prefer Opera 12's interface to the new browser "look" that has somehow become the standard from Firefox to Chrome to Opera 15-36. And 12 still works fine with a lot of sites, including many forum/board sites like this one. I'm glad to hear 12.18 stopped those random crashes. I haven't seen one in a while, but I used to get them a LOT on my Win 7 machine at home. (I always suspected they had something to do with Flash; they seemed to stop for me once I got to Flash 23.) But either way, I needed the 12.18 security updates because some https: sites just wouldn't connect to 12.17 any more. Anyhow, I seem to have drifted off-topic. I hope Microsoft leaves their site where it will work with TLS 1.0 and 1.1. I just tested it, and the WMC link above even works with a browser as old as Firefox 3.5! You really should use TLS 1.2 if your browser has it, but most of the time there's no reason to force it on folks using older browsers like IE 8.
  3. I had totally missed the 12.18 update to Opera. Thanks! Now I can use Opera 12 with those annoying Web sites that only support Elliptic Curve Diffie-Hellman Ephemeral key exchange. (They used to just give me the Unable to Complete Secure Transaction message and I had to go to another browser.)
  4. Looks like Microsoft enabled HTTP Strict Transport Security as well. That will cause some browsers to turn all http: requests into https: ones. Opera does this, for instance. Oddly, I just tried https://www.microsoft.com/en-us/download/windows-media-player-details.aspx with IE 8 and it worked! So I went back and tried with Opera again, and now it falls back to TLS 1.1 if I disable TLS 1.2. I swear it didn't do that yesterday! BTW, make sure you have the latest IE 8 security fixes. Use the POSReady 9 registry hack if necessary.
  5. OK, I just tried this page with Opera. It works; but if I disable TLS 1.2, it fails with "Unable to complete secure transaction." That's probably why https: connections to microsoft.com fail with IE 8 too. IE 8 does not support TLS 1.2. You can go to https://www.ssllabs.com/ssltest/viewMyClient.html with any browser to see what security protocols, encryption ciphers, etc. your browser supports.
  6. Sounds like the same WU screw-up that bedeviled Win 7/8/8.1 users for several recent months. BTW, the IE8 update (and probably earlier versions) fix a couple of issues most of the Internet says "cannot" be fixed on IE8 on XP: Closes FREAK vulnerability Adds AES support to IE8 (AES was added to schannel.dll many updates ago, but IE8 wouldn't use it) Still haven't figured out a way to enable TLS 1.1 or TLS 1.2, though. Of course IE8 is pretty ancient compared to other XP compatible browsers, but at least if you do use it at a secure website, the security will be less likely to be compromised. One more thing. If you use IE8 with secure websites, you should probably consider disabling the old RC2 and RC4 cipher and MD5 hash algorithms. I've attached a .reg file to do that. Disable insecure algorithms.reg
  7. I wanted to add that kb3172605 is still somewhat buggy. First, as Microsoft has documented, it still breaks Intel Bluetooth devices. Second, on my work PC it breaks Mitel's VOIP software (MiCollab 6.0) just as kb3161608 did. So it may not be a solution to slow Windows Update scans for everyone. The link I provided to Woody's InfoWorld article contained its own link to this page. It's a little hard to follow but gives a workaround. (Unfortunately the workaround may change next Patch Tuesday.) It involves installing a couple of updates on dencorso's blacklist (I'd suggest kb3083710 and kb3102810 for Win 7, kb3083711 and kb3102812 for Win 8.1; despite being on the blacklist, these appear to be relatively safe from both a telemetry and a Win 10 perspective), as well as downloading and installing five security fixes manually (bypassing the search for updates). Once this is done the search for additional updates is purported to take under 15 minutes. I just hate "roll-up" updates. Why couldn't Microsoft have addressed each issue with a separate update? That way, even if there are problems with one, you could still install the others.
  8. That hours-long update cycle is a bug. KB 3161608 was supposed to fix it but was itself buggy. So, it was recently replaced by KB 3172605 for Windows 7, and KB 3172614 for Windows 8.1. Here's an article on the topic: http://www.infoworld.com/article/3099109/microsoft-windows/microsoft-yanks-buggy-speed-up-patch-kb-3161608-replaces-it-with-kb-3172605-and-3172614.html You can try installing the appropriate KB 31726nn update for your system. Hopefully Microsoft finally got it right (at least as far as Windows Update is concerned). They do not seem to include any Win 10 nonsense, as far as I can tell. Unfortunately all these patches do seem to include telemetry so you'll probably also want a telemetry blocking solution (as discussed a few posts ago).
  9. The end (of all this GWX nonsense) appears to be near: https://support.microsoft.com/en-us/kb/3173040
  10. Back in my Win98 days (and I still use my Win98 PC once in a while), I needed a similar wild-card capability for ad blocking, and used a freeware program called DNSKong for this purpose. I just Googled it and apparently, it still exists - and it seems to run fine on Win 7 (someone will need to try it on Win 8 through 10): http://www.pyrenean.com/Filtering. If you set up DNSKong, add the above domains (w/o the * or "=0.0.0.0" parts) to DNSKong's named.txt file and, in combination with the numerous hosts entries added by Spybot Anti-Beacon, you should be set. Depending on your router, you may also be able to set up the above blocks there; but that process varies greatly from one router to another and isn't possible on all of them. BTW, I agree we should try to avoid telemetry updates in the first place if/when feasible. But for those of us not quite ready to ditch Windows updates altogether, updates with telemetry are likely to sneak through on occasion. (In particular, the latest "Windows update update" appears necessary for updates to finish in a reasonable amount of time, and is likely to include the WU telemetry introduced back in December.) So a combination of strategies - both blocking bad updates and blocking telemetry servers - seems more prudent than relying on either strategy alone.
  11. My concern with 3161608/3161647 is telemetry: presumably all updates to the WU client include 3112343, listed on post 1 as "This update also improves the ability of Microsoft to monitor the quality of the upgrade experience." But if it's the only fix for days-long WU downloads, our only realistic choices may be either to live with it or live without updates. Or maybe not. Has anyone tried this from Safer-Networking.org?
  12. Do you get the same error if you run the Dolphin emulator under KernelEx 4.5.2? Remember 4.5.2015.x is experimental; it is not even a beta release. So it may have some bugs that 4.5.2 does not have.
  13. I think you must have HOSTS and localhost confused. WINSSL has nothing to do with HOSTS files, it simply shakes hands with a server that has SSL encryption and allows Win98 to connect.. Thats it, thats all. There is a batch file that create .pem certs. I guess they could be equivalent to each other.It isn't totally obvious what Nomen is doing, but my guess is he's using a trick I also use: putting the IP address of localhost (127.0.0.1) into my HOSTS file for web sites I don't want to connect to (e.g., banner advertising sites). This can speed up browsing because instead of wasting time downloading ads you didn't want to look at anyway, your browser just tries to download the ad from your own PC. A problem with this trick is that where the ad was supposed to appear, you get an ugly rectangular box with no image to fill it. To get around this, I use a "local only" web server on my PC that feeds small "dummy" images to fill those boxes. However, this only works with blocked http: sites, not https: ones. I thought about using WinSSLWrap for the blocked https: sites. My idea was to use it in reverse, letting it listen on port 443 using SSL, and connect to my local web server on port 80. But then I realized it wouldn't work: it would always serve the same certificate, no matter which site the browser was trying to access, and that would trigger the browser's "site name mismatch" warning.
  14. Fair enough. As I said, there are ways around it if you're creative enough. So, yes, to be completely correct in every detail, to use the full 4GB you would need either a 64-bit OS or one of the 32-bit Windows Server OSes you mentioned. But I don't think server editions of Windows were ever remotely under consideration by either the OP or anyone else. Windows XP was indeed the first Windows with a 64-bit edition, AFAIK.
  15. Reallly? I guess that until 64 bit systems came out the world servers must have been very short of memory. jaclaz Really. At least with Intel's 32-bit architecture. 2^32 is ~ 4 billion, so their 32-bit processors could only address 4 GB. But some of that address space is needed for non-RAM uses, so only about 3-3.5 GB (maybe a bit more) is accessible in the 32-bit address space. The remainder is only accessible with additional addresses; that generally means a 64-bit OS. There are ways around it, if you're creative enough. (Remember "expanded memory" back in the old 16-bit days?) Edit: and now I've read your final post, and apparently you agree! So why the snarky comment?