Pale Moon forum

No site is perfect, just like no browser is perfect, expecting them to be perfect breaks things. There will always be sites like this.

For me the problem was that I couldn't bypass the warning screen. I do absolutely want to decide myself, not have someone else decide for me.

The solution I used was setting the computer's date back to the previous day.

blind12 wrote:No site is perfect, just like no browser is perfect, expecting them to be perfect breaks things. There will always be sites like this.

Unfortunately for you I disagree that it should be the browser's task to handle website setups that are broken. There is a good reason why https is called "secure"; if the browser makes it "secure unless it's not secure" then it's not doing its job.
If a website enforces https they are making a promise to the world that their setup is in order. If they don't have it in order, then it will mean their website is inaccessible.

If a browser only shows perfect websites then it wouldn't work or be a pain with most of the web content:)
Web creators produce all sort of crap out of error, stupidity, arrogance, greed or malice, a browser needs to be ready for all of that.

And there should exist at least one browser where the user can make most decisions:)

Pale Moon is that browser where it's power to the user.

blind12 wrote:If a browser only shows perfect websites then it wouldn't work or be a pain with most of the web content:)

There is a big difference between erroneous content (which is 1000 shades of grey) and secure connections (which are pretty much black and white).
A connection is either secure, or it isn't. If it isn't secure and the website owners have previously told the browser to only accept secure connections, then they have locked their own door.

Admin wrote:There is a big difference between erroneous content (which is 1000 shades of grey) and secure connections (which are pretty much black and white).
A connection is either secure, or it isn't. If it isn't secure and the website owners have previously told the browser to only accept secure connections, then they have locked their own door.

Security is always 1000 shades of grey as history hath proven over and over.
I don't care about security when skimming through some documentation.

And I'd damn much appreciate to be the one who decides who lockes what doors.
Dumbing software down is the leading cause of dumbed-down software, and dumbed-down software is bad.

If a website refuses to configure their security properly, it's obvious they don't care about their users/consumers.

blind12 wrote:I don't care about security when skimming through some documentation.

It's not up to you when a website decides to enforce https.

And I'd damn much appreciate to be the one who decides who lockes what doors.
Dumbing software down is the leading cause of dumbed-down software, and dumbed-down software is bad.

This has nothing to do with dumbing down software, and everything to do with software following security standards (so you're safe when it does matter).

Admin wrote: It's not up to you when a website decides to enforce https.

And I'd damn much appreciate to be the one who decides who lockes what doors.
Dumbing software down is the leading cause of dumbed-down software, and dumbed-down software is bad.


This has nothing to do with dumbing down software, and everything to do with software following security standards (so you're safe when it does matter).

I disagree strongly. The USER should have FULL CONTROL in a situation like this. Plus, it is DUMBING DOWN of Pale Moon by that website. That website is telling visitors that it believes all of them are ignorant of computers users so it is going to FORCE its idea of "security" on all users. I object to that label being placed on me. I do tweaking of root cert authorities on all browsers. I happen to know the owners of two of the biggest and because I know them I don't trust their certs. So, I distrust those certs and I want any site using a cert from one of these "authorities" for my browsers to alert me and tell me the cert is not trusted. Then I can make a one time decision on whether I want to override my browser and visit the site anyway. It is MY computer and the final decision should always be MINE not the website's and not my browser or Windows or whatever. The decision is MY decision. If I screw up then I have only myself to blame.

So I am in full agreement with blind12 on this. NO SITE should be allowed to make a cert decision for me. In my case, I cannot visit such a site even if I wanted to do so because Pale Moon (or any browser) won't let me look at the cert so I have no way of knowing if that site is using a cert from one of the two authorities (one authority is the one Mozilla came extremely close to banning from Mozilla browsers back in December 2008 because of how bad they were then (still are) regarding not having proper controls over their resellers) that I have distrusted. (Thus I cannot go into Pale Moon Options/Advanced/Certificates and temporarily Edit Trust for that cert to allow it so I can visit that site that uses it and is refusing me the right to examine the cert and choose override just that one time for that one site). Sites like that should not be allowed to exist and I am really puzzled why the Admin of Pale Moon forums, when Pale Moon is known for standing for power users, would dis powers users in this regard.

Obligated self-quote.

half-moon wrote:If a website refuses to configure their security properly, it's obvious they don't care about their users/consumers.

Sichuan wrote:Disabling Private Browsing doesn't help. Unchecking Check URLS in Web Anti-Virus settings doesn't help. As I mentioned before, completely disabling Kaspersky doesn't help. I still get the warning.

I don't have the option to proceed to the website under Technical Details, as you can see on the attachment. I've already tried that.

Technical Details.PNG

Try this setting in about:config:
browser.xul.error_pages_expert_bad_cert: true

More information:
http://kb.mozillazine.org/Browser.xul.error_pages.expert_bad_cert

Previously sites allowed to skip security, and now they got block a connection if they cant set it secure. Nothing to do with that.

Smokey, you have to understand that browser users in general do not know the intricacies of https and what it means to have bad encryption.
That isn't dumbing down of anything, it is being responsive and responsible to the expected users. Even in the situation where you get the option to make an exception because it might be legit, droves of users already use the option that they "understand the risks" but they really don't understand the risks and instead are just impatient. Give a user a button to ignore a serious warning or error and continue on to what they want that very second, and they will click it, regardless of the consequences. I wish it were different, but it isn't.

If you had rather use a browser that just lets you visit hostile websites even though all indicators are there that the connection isn't secure or isn't what the site previously clearly stated should be the case, then you are assuming any insecure connection on the internet is because of server operator fault and not malicious networking activity. You may want to read up on the applicable numbers and probabilities there.

Once more: if a website makes a solid, long-term commitment to use proper https to the browser on a previous visit (through HSTS), then the browser MUST honor that and MUST abort the connection on any error or warning. It's in the standards.

half-moon wrote:If a website refuses to configure their security properly, it's obvious they don't care about their users/consumers.

In this case, I care about them, or the information they provide. I don't need them to care about me enough to keep their server properly configured 365/24. It's nice if they do, but life's not perfect, there will always be non-ideally configured servers whose data I need only once in a lifetime on a Sunday night around 2am.

Admin wrote:That isn't dumbing down of anything, it is being responsive and responsible to the expected users.

Dumb users:)
So hide a setting from "expected" users in about:config. If I visit a truly suspicious site, I'll sandbox the browser anyway.

Necro-posting with potentially offensive content is pretty bad form. Please don't.
Locking this old thread.