Cloudflare now persistently requiring Javascript! (Here’s my temp mitigation.)
Cloudflare has effectually locked me out since sometime yesterdayboth of me. I am posting this from the account under which I first got hit with it, almost 22 hours ago. This time, it does not stop! It has caused me to avoid the forum until I worked out the mitigation given below.
Translation: Bend over, and spread your cheeks. Cloudflare wants to check if youre human on the inside:
cloudflare_cavity_search.png
Moreover...
This Cloudflare/SMF interaction bug persists: Cloudflare is rerunning these checks regularly, at times unpredictable to the user. If it collides with your hitting the Post button, then the Cloudflare cavity search function will throw away your post and redirect you to a blank form for starting a new topic. That is how the current topic came to exist: I had tried to post a reply on the main Cloudflare thread, then received a screen which looks like the following; I then just pasted in my post and hit the button again, without realizing that I was submitting a a new topic. It is fortunate that I compose in a text editor. Those who dont will lose their posts.
Here is what it looks like, from when I was hit with this again while making this post:
An absolute requirement of Javascript will drive away many of the types of people whom the forum should want to attract: Privacy and security experts, cypherpunks, people for whom the word crypto means something other than get-rich-quick schemes or Paypal 2.0. For my part, it is unacceptable to me in the long term.
As an interim threat mitigation for occasional Cloudflare flare-ups, for those running ephemeral Tor Browser instances in vanishing VMs, here is a script which shows what you need to instantiate your saved login cookies and avoid being effectually locked out by the Google CAPTCHA.
No technical support will be provided by me with this script. Figure it out. It is provided as documentation of badly undocumented stuff not made by me. I developed this by running diff(1) against prefs.js at various stages of configuration; if there exist any references, I would like to know about them.
permissions.sql:
HTH, HAND.
Translation: Bend over, and spread your cheeks. Cloudflare wants to check if youre human on the inside:
cloudflare_cavity_search.png
Moreover...
[Edit: @mods, apologies for making this a new thread. I tried to post it in the Cloudflare thread. When Cloudflare ate my post and threw me back to a blank form as described below, I did not realize SMFs reply info somehow got lostthus resulting in a new thread. Meta wont let me delete my own topic; I just tried.]
This Cloudflare/SMF interaction bug persists: Cloudflare is rerunning these checks regularly, at times unpredictable to the user. If it collides with your hitting the Post button, then the Cloudflare cavity search function will throw away your post and redirect you to a blank form for starting a new topic. That is how the current topic came to exist: I had tried to post a reply on the main Cloudflare thread, then received a screen which looks like the following; I then just pasted in my post and hit the button again, without realizing that I was submitting a a new topic. It is fortunate that I compose in a text editor. Those who dont will lose their posts.
Here is what it looks like, from when I was hit with this again while making this post:
Temporary mitigation:
An absolute requirement of Javascript will drive away many of the types of people whom the forum should want to attract: Privacy and security experts, cypherpunks, people for whom the word crypto means something other than get-rich-quick schemes or Paypal 2.0. For my part, it is unacceptable to me in the long term.
As an interim threat mitigation for occasional Cloudflare flare-ups, for those running ephemeral Tor Browser instances in vanishing VMs, here is a script which shows what you need to instantiate your saved login cookies and avoid being effectually locked out by the Google CAPTCHA.
No technical support will be provided by me with this script. Figure it out. It is provided as documentation of badly undocumented stuff not made by me. I developed this by running diff(1) against prefs.js at various stages of configuration; if there exist any references, I would like to know about them.
Code:
#!/bin/sh
#
# Set this to the path containing subpath:
# "Browser/TorBrowser/Data/Browser/profile.default"
#
ffprofile="path/to/tor-browser/Browser/TorBrowser/Data/Browser/profile.default"
#
# Change this (duh).
#
case "${1}" in
nullius)
bcfuser="nullius"
;;
[Mm]eretrix)
bcfuser="meretrix"
;;
*)
echo "User not specified, or unknown user" >&2
exit 1
;;
esac
{
cat << EOF
# Turn off Tor Browser's no-disk-write mode:
pref("browser.cache.disk.enable", true);
pref("browser.download.manager.retention", 2);
pref("browser.privatebrowsing.autostart", false);
pref("permissions.memory_only", false);
pref("security.nocertdb", false);
pref("volatilePrivatePermissions", false);
pref("pref.privacy.disable_button.cookie_exceptions", false);
EOF
} >> "${ffprofile}/preferences/extension-overrides.js"
#
# permissions.sqlite could also be reconstructed with
# `sqlite3 -batch -bail -init permissions.sql -cmd .quit "${ffprofile}/permissions.sqlite"`
# using the SQL provided below. The important cookies are
# the SMF login tokens, of course.
#
cp -p permissions.sqlite \
"${bcfuser}/cookies.sqlite" \
"${bcfuser}/cookies-tor.json" \
"${ffprofile}"
#
# Set this to the path containing subpath:
# "Browser/TorBrowser/Data/Browser/profile.default"
#
ffprofile="path/to/tor-browser/Browser/TorBrowser/Data/Browser/profile.default"
#
# Change this (duh).
#
case "${1}" in
nullius)
bcfuser="nullius"
;;
[Mm]eretrix)
bcfuser="meretrix"
;;
*)
echo "User not specified, or unknown user" >&2
exit 1
;;
esac
{
cat << EOF
# Turn off Tor Browser's no-disk-write mode:
pref("browser.cache.disk.enable", true);
pref("browser.download.manager.retention", 2);
pref("browser.privatebrowsing.autostart", false);
pref("permissions.memory_only", false);
pref("security.nocertdb", false);
pref("volatilePrivatePermissions", false);
pref("pref.privacy.disable_button.cookie_exceptions", false);
EOF
} >> "${ffprofile}/preferences/extension-overrides.js"
#
# permissions.sqlite could also be reconstructed with
# `sqlite3 -batch -bail -init permissions.sql -cmd .quit "${ffprofile}/permissions.sqlite"`
# using the SQL provided below. The important cookies are
# the SMF login tokens, of course.
#
cp -p permissions.sqlite \
"${bcfuser}/cookies.sqlite" \
"${bcfuser}/cookies-tor.json" \
"${ffprofile}"
permissions.sql:
Code:
PRAGMA foreign_keys=OFF;
BEGIN TRANSACTION;
CREATE TABLE moz_perms ( id INTEGER PRIMARY KEY,origin TEXT,type TEXT,permission INTEGER,expireType INTEGER,expireTime INTEGER,modificationTime INTEGER);
INSERT INTO moz_perms VALUES(1,'https://bitcointalk.org','cookie',1,0,0,1521640330020);
CREATE TABLE moz_hosts ( id INTEGER PRIMARY KEY,host TEXT,type TEXT,permission INTEGER,expireType INTEGER,expireTime INTEGER,modificationTime INTEGER,appId INTEGER,isInBrowserElement INTEGER);
COMMIT;
BEGIN TRANSACTION;
CREATE TABLE moz_perms ( id INTEGER PRIMARY KEY,origin TEXT,type TEXT,permission INTEGER,expireType INTEGER,expireTime INTEGER,modificationTime INTEGER);
INSERT INTO moz_perms VALUES(1,'https://bitcointalk.org','cookie',1,0,0,1521640330020);
CREATE TABLE moz_hosts ( id INTEGER PRIMARY KEY,host TEXT,type TEXT,permission INTEGER,expireType INTEGER,expireTime INTEGER,modificationTime INTEGER,appId INTEGER,isInBrowserElement INTEGER);
COMMIT;
HTH, HAND.