Beta Config (Sep 19 2010)

[JJoe]

(Oct. 01, 2010 03:03 AM)wammie Wrote:  

(Oct. 01, 2010 01:55 AM)JJoe Wrote:  Odd. So are you saying, the active cfg (aka default aka the beta) file has UseSSLeay enabled but the dialog sceen shows it disabled?

Yes.

Fwiw, the dialog screen's values are reflected in the cfg file after the cfg is saved.

(Oct. 01, 2010 03:03 AM)wammie Wrote:  However... I've discovered that if I try to mark the checkbox, that's when I get the SSLeay wrong version messages, and the checkmark that appears there momentarily then disappears after I click OK on the dialogs.

I see the same as long as the DLLs are hidden, absent, or incompatable.
Are you using the DLLs from proxomitron.info?

(Oct. 01, 2010 03:03 AM)wammie Wrote:  So... ideally, sometime I'd like to try getting the SSL page filtering feature to work, but after reading some posts on bulletin boards about this, it seems that it can be quite tricky to get this working reliably across bank websites and such, and most folks using Proxomitron don't bother.

I won't recommend filtering things like your bank's website. I don't think Scott or any of the others will or would either. If you must, you should know what you and the Proxomitron are doing.

Not sure I'll even encourage online banking .

[ProxRocks]

(Oct. 01, 2010 04:32 AM)JJoe Wrote:  I don't think Scott or any of the others will or would either.

I filter not only my online banking but also the SSL-content of several job-related sites as well... Never had any problems whatsoever... Been filtering SSL for a good six to seven YEARS!...

will grant that doing so is completely at the discretion of each Proxo user's own "understanding" of just 'what' Proxo is doing...

for ME, filtering SSL has become quite the GODSEND...
for the "secure" sites that i frequent - d@mn "popup" 'surveys', advertisements, flashy gyrating idiosyncrasies scripted by/for three-year-olds, et cetera, good riddance


edit: the fact of the matter is that there is CRAP that is sent via SSL that was simply NOT sent via SSL "in Scott's day"... that's the power of Proxo, there was no "googleanalytics" in Scott's day either, but Proxo can axe it...

[wammie]

(Oct. 01, 2010 08:14 AM)ProxRocks Wrote:  

(Oct. 01, 2010 04:32 AM)JJoe Wrote:  I don't think Scott or any of the others will or would either.

I filter not only my online banking but also the SSL-content of several job-related sites as well... Never had any problems whatsoever... Been filtering SSL for a good six to seven YEARS!...

will grant that doing so is completely at the discretion of each Proxo user's own "understanding" of just 'what' Proxo is doing...

for ME, filtering SSL has become quite the GODSEND...
for the "secure" sites that i frequent - d@mn "popup" 'surveys', advertisements, flashy gyrating idiosyncrasies scripted by/for three-year-olds, et cetera, good riddance

Thanks for the info, ProxRocks. I remember that several months (years?) ago I read some discussion about this that you participated in and where you presented some good information to help people. This is kind of a low priority for me right now, but when I decide to tackle it I'll look into SSL filtering once more. I appreciate all the help I've gotten on this forum.

For the time being though, I think Sidki ought to consider this discussion and make a decision about turning these SSL filters off or on for the default out of the box configuration. Like I've indicated, some of the SSL filters were TRUE in the default beta installation.


admin edit: missing closing quote tag...

[JJoe]

(Oct. 01, 2010 11:52 AM)wammie Wrote:  For the time being though, I think Sidki ought to consider this discussion and make a decision about turning these SSL filters off or on for the default out of the box configuration. Like I've indicated, some of the SSL filters were TRUE in the default beta installation.

The user must add the DLLs to filter SSL. If the DLLs are present, the user has probably already made a decision to filter. If the DLLs are not present, the user may learn more about the Proxomitron's abilities.
Some of the SSL related filters are TRUE but I believe those filters are disabled by a variable by default.
IOW, the user must choose to filter SSL.

So should you filter all secure pages?
From the Proxomitron's readme.txt

SRL Wrote:** WARNING **

This mode is experimental! I would strongly discourage using active
SSL filtering for important transactions such as on-line banking or purchases.
The connection may not be as secure, and it's better not to risk a filter
potentially creating troubles on such a page. However, since the casual use
of SSL on less important pages is increasing, sometimes you may wish to
filter it anyway. Still, keep in mind that you do so at your own risk.

To use this mode Proxomitron must have access to "slleay32.dll" and
"libeay32.dll" which contain all the SSL libraries and all cryptographic
routines. Otherwise "Pass-Thru" mode will be used.

Because of all the legal and patent problems involved in the USA
with any program that uses encryption, Proxomitron comes with NO
ENCRYPTION CODE WHATSOEVER. In order to filter SSL connection
you must get a copy of two additional files - "slleay32.dll" and
"libeay32.dll".

In addition, I have since been told that there is at least one secure "job-related" site that forbids or discourages the use of things like the Proxomitron.

So if you must, you should know what you and the Proxomitron are doing.



@ProxRocks
Are you telling every user to filter everything? Or are you saying "If you must..."

(Oct. 01, 2010 08:14 AM)ProxRocks Wrote:  for ME, filtering SSL has become quite the GODSEND...
for the "secure" sites that i frequent

In the six to seven YEARS that you have (Don't you block scripts by default?), have you experienced everything?
Can you guarantee that nothing bad will happen due to the use of the Proxomitron?
Who will suffer the consequences of the misuse?

[ProxRocks]

i did say:

(Oct. 01, 2010 08:14 AM)ProxRocks Wrote:  will grant that doing so is completely at the discretion of each Proxo user's own "understanding" of just 'what' Proxo is doing...

when it comes to SSL, i don't block "all" .js...
i have one client's account whose login has fourteen .js files !!!
i block TWELVE of them without undue consequence

i still stand by the addage that the internet has evolved since Scott "discouraged" SSL filtering...

i'm not "advocating" that EVERYBODY filter their SSL CRAP!...
but i for one shall continue to do so


edit: just checked another account, it has TWENTY EIGHT .js files!!! i'm only "allowing" five and everything is hunky dory... i do "browse" the .js in debug mode before deciding it "isn't needed"... more often than not, they are "promotional content" (translation, "advertisement"), "program checkers" (why does your bank account need to know if you have VLC Media Player or QuickTime installed, for example - hint: THEY DON'T!), or "content changers" (i don't have a BlackBerry, i don't need some .js file deciding to send "this" if a 'browser', send "that" if a mobile phone)...

to each their own, of course...
and i AGREE with you that SSL-filtering isn't "for everybody"

[sidki3003]

(Oct. 01, 2010 11:52 AM)wammie Wrote:  For the time being though, I think Sidki ought to consider this discussion and make a decision about turning these SSL filters off or on for the default out of the box configuration.

Pardon me?

As a pure consumer, i.e. requesting free support for free software, without contributing anything, telling me what i ought to do or what not, appears slightly off the road to me. Main point being here that such a judgement obviously requires some insight, i.e. involvement.

Quote:Like I've indicated, some of the SSL filters were TRUE in the default beta installation.

Please enumerate those filters.

[Kye-U]

<steppingin>
Sidki has done an excellent job with his config, not only in the sense of it being effective at cleaning up the web, but also making it easy to configure. The nature of Proxomitron and Sidki's config (or any config) allows you to personalize it and make it your own; his especially, where you simply need to tick/untick Header filters.

Sidki is a valuable asset to the Proxomitron community; he's doing all of this work for free (side-note: Sidki, when are you going to set up a PayPal account?! ). We all love him. For the future, I'd like to ask everyone to fully appreciate his work. I'm not saying that users shouldn't point out glitches/bugs or make suggestions, but dictating what should/should not be done goes against showing appreciation.
</steppingin>

[turtle]

(Oct. 01, 2010 08:00 PM)Kye-U Wrote:  <steppingin>
Sidki has done an excellent job with his config, not only in the sense of it being effective at cleaning up the web, but also making it easy to configure. The nature of Proxomitron and Sidki's config (or any config) allows you to personalize it and make it your own; his especially, where you simply need to tick/untick Header filters.

Sidki is a valuable asset to the Proxomitron community; he's doing all of this work for free (side-note: Sidki, when are you going to set up a PayPal account?! ). We all love him. For the future, I'd like to ask everyone to fully appreciate his work. I'm not saying that users shouldn't point out glitches/bugs or make suggestions, but dictating what should/should not be done goes against showing appreciation.
</steppingin>

Fully agree -- and thanks to all who help on this forum!

[JJoe]

(Oct. 01, 2010 04:16 PM)ProxRocks Wrote:  i did say:

(Oct. 01, 2010 08:14 AM)ProxRocks Wrote:  will grant that doing so is completely at the discretion of each Proxo user's own "understanding" of just 'what' Proxo is doing...

That's the part that should have been bolded green, imo.

Still this may be my fault. I meant 'I don't think Scott or any of the others will or would recommend filtering things like your bank's website.'
I didn't intend to say that experienced users don't.

Maybe a semicolon...

Apologies for any misunderstanding.

[wammie]

(Oct. 01, 2010 06:24 PM)sidki3003 Wrote:  Pardon me?

As a pure consumer, i.e. requesting free support for free software, without contributing anything, telling me what i ought to do or what not, appears slightly off the road to me. Main point being here that such a judgement obviously requires some insight, i.e. involvement.

Something's been misinterpreted, somewhere. This was not meant to be a directive, and I don't understand how this is "off the road," at all. I always thought that discussions of beta software were usually where consumers ask questions, report apparent issues, and make suggestions for a final release. Isn't that the whole purpose? With my admittedly very limited understanding of the coding, I was just observing that 99% of folks seem not to use the SSL feature, and the OOB configuration seems to bring up errors for those who have not made the adjustments to use SSL. All I'd require in response was an explanation that my observation was incorrect, and why that is. As far as involvement, I've been running beta versions and testing for trouble, reporting issues, and therefore involved. I was not inferring that the default SSL configuration has not been considered, but just reporting what I experienced and trying to help with advancing this software.

[JJoe]

(Oct. 01, 2010 10:41 PM)wammie Wrote:  Something's been misinterpreted, somewhere.

Pretty much what I had typed up but I'll let you speak for yourself.

(Oct. 01, 2010 10:41 PM)wammie Wrote:  the OOB configuration seems to bring up errors for those who have not made the adjustments to use SSL.

Thing is I'm not seeing this. If I remove the DLLs, I only see errors when I do something that would require filtering SSL or attempt to enable it in the dialog screen...

Edit: Ok. I think I know what you are doing. Back in a while. I have to refresh my knowledge.
Edit: I think we can move this to http://prxbx.com/forums/showthread.php?tid=1670

[ProxRocks]

(Oct. 01, 2010 10:05 PM)JJoe Wrote:  That's the part that should have been bolded green, imo.

Touché...

[wammie]

(Oct. 01, 2010 06:24 PM)sidki3003 Wrote:  [quote='wammie' pid='14794' dateline='1285933936']

Quote:Like I've indicated, some of the SSL filters were TRUE in the default beta installation.

Please enumerate those filters.

Configuration file sidki_2010-09-19.ptron contains the following by default:

Code:

UseSSLeay = TRUE

Code:

In = TRUE
Out = FALSE
Key = "Location: 4 Half-SSL     06.11.02 (cch!) [jjoe] (d.2) (In)"
URL = "$TST(keyword=(^*.a_cont_loc.)*.i_ssl_h:[12].*)"
Match = "https://\1"
Replace = "http://https-px-.\1"

Code:

Name = "<*>: Half-SSL     09.05.03 (cch! multi) [sd jjoe] (d.2)"
Active = TRUE
Multi = TRUE
URL = "$TST(hCT=*html)$TST(keyword=*.i_ssl_h:[12].*)"
Bounds = "$NEST(<[abdefhilmostu],*https://*,>)"
Limit = 2048
Match = "(^$TST(comment=1)|$TST(tNoscript=1)|<input$TST(keyword=*.a_ssl_q.*))("
        ""
        "(*\s(href|src|action|background|style|content|value|on[a-z]+)=)\#"
        "$AVQ("
        "(\\+"+ https://&\#s://$SET(#=://https-px-.)\#)"
        "|(\0https://(^$TST(\0=\\+"+ (http:/|/|..|)/*))&&\#s://$SET(#=://https-px-.))+{1,*}\#"
        ")"
        ""
        ")+{1,*}\#"
Replace = "\@"

Code:

Name = "JS CSS: Half-SSL     07.11.02 (cch! multi) [jjoe sd] (d.2)"
Active = TRUE
Multi = TRUE
URL = "(^$TYPE(oth))$TST(keyword=*.i_ssl_h:[12].*)"
Limit = 32
Match = "https:($TST(script=[1s](^c)*)|$TST(tStyle=*))"
        "(\\+/(" \+ ')+\\+/|\\(x2f|u002f|057|57)\\(x2f|u002f|057|57))\0(^\()"
Replace = "http:\0https-px-."

The intent of my post was merely to ask if these filters might have something to do with the SSL warnings I started to see when I tried out this new beta configuration, and if so, to consider if an adjustment would be prudent considering the way that the majority of users and newbies would start using the filter set out of the box. True, I don't have full insight into how all this code interacts, but I was just trying to be helpful as a beta tester and observer.

[Kye-U]

(Oct. 02, 2010 03:36 AM)wammie Wrote:  True, I don't have full insight into how all this code interacts, but I was just trying to be helpful as a beta tester and observer.

And you definitely are being helpful. I really appreciate you and everyone who's being active on TUOPF. The purpose of these forums is to encourage constructive discussion while building a sense of community.

[sidki3003]

(Oct. 02, 2010 03:36 AM)wammie Wrote:  Configuration file sidki_2010-09-19.ptron contains the following by default:

Code:

UseSSLeay = TRUE

Yep, this flag is indeed set by default in all sidki configs (not just the beta).
You customize your settings via the "Configure" or "Config" button -> HTTP. These are program options, not filters.

Now to the filters. I'm shortening the quote here:

Quote:

Code:

Key = "Location: 4 Half-SSL     06.11.02 (cch!) [jjoe] (d.2) (In)"
Name = "<*>: Half-SSL     09.05.03 (cch! multi) [sd jjoe] (d.2)"
Name = "JS CSS: Half-SSL     07.11.02 (cch! multi) [jjoe sd] (d.2)"

See the "cch!" in the filter names?

sidki-etc/Abbreviation.txt Wrote:cch! This filter is controlled by a switch in the upper header filter section.

IOW: There is a master filter, in this case "! |||||||||||| 2.2 Use Half-SSL 05.01.12 [jjoe] (o.2) (Out)", which is controlling the state of these "cch!" flagged filters.

People, read the documents! They were written to answer common questions, give background info, and to explain not-so-easy to understand aspects of the config.


What you've said in the follow-ups is correct. In fact, it's basically the definition of beta-stage.

Which boils down to:
- If you have a question: ask.
- If you have a suggestion: suggest.
- If you like to report an issue: do it.
- If you suspect a flaw in the general concept, no matter if expressed directly or via rhetorical devices, RTFM first!