apache2 – Website only displays directory listings in certain browsers

I have a website (https://hypermotions.com) that only displays a directory listing in some browsers (for example, in the iOS Chrome app), but most desktop and mobile browsers can display the site correctly.

What does the Apache server do with such behavior? The site is built using https://imcreator.com, but it is certain that it is related (therefore I have no control over the files, such as: .htaccess).

tls – Why are file URLs in browsers marked as safe and https URLs safe?

I understand that modern https protocols are safe enough for an average user.

However, because these logs need to retrieve files from the server, while the file log merely tells the browser to find the file on your computer, I believe that file logs are more secure than https logs.

Why are browsers that mark https logs as safe while file logs are marked as unsafe, so not sure?

Ease of Use – Why does Google Chrome not have a GoTo Link button like other browsers?

Some people prefer to have the Go button, others are out of habit, and the others are mouse users who have copied, pasted, and cut out the URL field.

The use case is when some links with long variables are copied after the URL, e.g. B .: https://domain.com?variable=a_very_long_variable_here_or_provide_some_infos

Surfing with the mouse does not require any interaction with the keyboard at all. You would like to copy this URL with the mouse and then cut the words with the mouse afterwards? then go to the URL. The context menu "paste and go" is not a solution, because you want to cut out parts of the URL.

To do this, we need to rise from our lazy chair to the keyboard to press the "ENTER" key. What's annoying in lazy browsing status when just a wireless mouse is nearby, while your keyboard is far away and near your feet. You can also use your feet to press the keyboard. 😀 But a click on a go button is much lazier.

That's why many people need the clickable start button.

Mostly, we can restore the button by editing the browser stylesheet.

Google programmers, UI experts, and employees have no idea that lazy people like us exist. You can only surf with the keyboard and have never heard that they only surf with the mouse. Therefore, remove the button.

Browsers can not download files, they seem to have a problem with the storage layer

The phone is Samsung Galaxy Note N7000. In recent years, I use NightOwl Custom Rome (Android 7). I can not remember when I faced this problem, possibly after repartitioning with REPIT, but now I can not take any more photos. The photo app says I need to insert an SD card, but I can take photos through the Evernote app. Also, I can not see any photos in WhatsUp because my phone can not download them and web browsers can not download files. But I can install most programs and, for example, cache my notes in Evernote.

In recovery mode in TWRP, I found that I have a partition sdcard1 that's 0 bytes in size. Maybe it will fix my memory problem if I remove this partition?
TWRP partitions
Twrp partition SD card1 zero
Twrp partition sdcard0

I tried flashing the same ROM again.

I asked in the thread for this Rome, but nobody answered.

The phone is without external SD card.

Thanks for your help.

Video – Some Twitter GIFs do not work in PC browsers, but in mobile browsers

I could really use some help to figure out this weird problem with Twitter GIFs.

Some animated Twitter GIFs (which are converted from Twitter to MP4, which I'll call GIFs for convenience) will not work in the web browsers on my Windows PC. This is true for some GIFs and not for others – it seems to be something like a 30/70 Work / Don & # 39; t Work Split – and affects both Firefox and Chrome on my PC, though Not on my android phone. (This applies to both Twitter page and the TweetDeck platform.)

Take, for example This first GIF (direct connection).

In Firefox on my PC, the GIF thumbnail is loaded, but clicking on "Play" turns it black. If you use the direct link, shows also displays a space, with the video progress bar – although it is 7 seconds long – stuck at the end and the "Play" button does nothing.

In Chrome on my PC, the GIF freezes in the first frame and clicking does nothing. The direct link shows the same thing as above, but the progress bar gets stuck.

In Firefox and Chrome on my Android phone, the GIF works flawlessly both in the tweet and via the direct link.

Now take it this second GIF (direct connection).
It loads properly in all my browsers, both on the PC and on the phone, whether in tweet form or via the direct link. (Todd Howard voice) It just works.

The fact that the problem occurs only in the browsers of my PC and in none of my phones, indicates that the cause is on my PC something GIFs and not others, and I can not imagine the difference between those who work and those who do not.

I know it's a trifle overall, but it's weird and annoying, so I really want to fix it. Any help with troubleshooting would be very grateful.

How do attacks on web browsers succeed?

While there are still drive-by download attacks that exploit browser vulnerabilities themselves, most of today's web-based attacks are different. This is because drive-by downloads have become more difficult as the major insecure technologies (ActiveX, Java, Flash) have been largely blocked and the browsers themselves have become more robust against attacks.

The main attacks today are likely due to delusion of the user, i. H. phishing, executed.
For example, phishing credentials (usually linked via e-mail or other messages) are made to similar sites or sites that promise import information after logging in. There are websites for the (usually illegal) streaming or downloading of videos that allegedly require plugins or software updates to access the content. And there are websites that create windows or pop-ups that look like system error messages to trick users into downloading fake antivirus programs or calling a fake Microsoft hotline or similar.

There are also seemingly innocent browser plug-ins or extensions that later turn the behavior into malicious, either because it was intended from the beginning or because ownership of the extension was transferred to a shady party. Because extensions are normally updated automatically, this attack is based on using the initial trust that a user put in the extension to silently add malicious behavior.

Is it due to ignorant browser users?

It would be easy to blame users for their ignorance, but it would not be fair. One can not expect the average user to have much experience with detecting attacks. Most users are unable to properly handle all the different websites with different user interfaces and behaviors, as well as sporadic website and operating system error messages. They are used to be disturbed by the various software programs they need to install before they can proceed. All they want is to get things done. In most cases, they can do this by ignoring error messages or selecting the recommended option in a dialog box that they do not really understand. The attackers can therefore rightly assume that enough users will do almost anything to continue, especially if only one button has to be clicked or software has to be installed quickly – they are trained for this anyway.

Enlightening the users and keeping them alert can only go so far. While this may make their behavior more suspicious, it also makes it more suspicious to obtain perfectly innocuous login prompts, dialogues, or update requests, since it is often impossible for the average user (and sometimes for experts) to do well to distinguish from bad. This usually causes unexpected behavior to be accepted in order to proceed, since in most cases it is actually innocent.

Navigation – Is there a way to hide the submenus in mobile browsers?

I searched before posting and could not use the instructions from

How to hide menu items on mobile devices

without a positive result. Due to the size of the menu I want to hide the submenu on the primary navigation system for mobile users, as scrolling also starts the page. Users can click on the primary navigation to see all the items. However, on mobile devices this takes too long again. I'm afraid users simply leave the site instead of using it.

Code I tried is;

@media (max-width:600px) {

.the-last-inventory-changed-the-life-in-our-community-through-partnerships-with-these-two-schools {
Display: none! important;
Visibility: hidden! important;

Thank you in advance for all the words of wisdom.

SEO – Google can not retrieve a large sitemap with 50,000 URLs and is not rendered by browsers

My sitemap contains 50,000 URLs / 7.8 MB and the following URL syntax:

 https://www.ninjogos.com.br/resultados?pesquisa=vestido, maquiagem,   2019-10-03T17:12:01-03:00 

The problems are:

• The search console reports that the sitemap could not be read.

• Sitemap loading takes 1 hour and Chrome stops working.

Enter image description here

• In Firefox, the sitemap was downloaded in 1483 ms and fully loaded after 5 minutes.

Things that I have done without success:

• Disable GZip compression.

• Delete my .htaccess file;

• Create a test sitemap with 1 KB URLs and the same syntax, and send it to Search Console. However, the sitemap with 50 KB URLs still displays "" that no sitemap can be retrieved.

Enter image description here

• An attempt was made to directly check the URL, but an error occurred and you are asked to try again later while the 1KB URLs worked.

• An attempt was made to validate the sitemap on five different websites (YANDEX, ETC), and all worked without error / warning

Any light?

Privacy – How to combat the fingerprint of browsers?

The fingerprinting technology used by the EFF is nothing more than the "normal" Javascript functions used by websites to function properly. It is possible to report untrue information to the outside, but then you risk either "falling behind":

  • the untrue information that you should send amendments and not yours, which makes you unique – and suspicious;
  • The detection techniques are changing and you are unaware of it. So become unique again.

or with a really complicated navigation.

Assuming that you can use Tor or a VPN or OpenShell to tunnel your IP address, I think it's the safest way to boot a virtual machine, install Windows Seven on it, and install it for everyone to use data protection-sensitive operation. Do not install anything unusual on the computer, and it is a standard Windows Seven computer that belongs to a horde of similar computers.

They also have the advantage that the machine is isolated in your real system and you can quickly snapshots / reinstall them. What you can do from time to time – the "you" who has done all the navigation before disappears and a fresh "you" appears with a clean story.

This can be very useful because you can keep a "clean" snapshot and always restore it before you perform sensitive operations like home banking. Some VMs also allow & # 39; sandboxing & # 39; d. H., Nothing made in the VM is constantly changing its content – all system changes, downloaded malware, installed viruses, keyloggers infiltrated disappear as soon as the virtual machine shuts down.

Any other technique would be no less intrusiveand would involve a considerable amount of work on the browser or on an anonymizing proxy, which not only serves to clean up your headers and your javascript answers (as well as the fonts!), but to do it in a credible way,

In my opinion not only would the total work be the same (or even more), but also a much more complicated and less stable kind of work.

Install the most common operating system, stick to the included browser and software, and resist the temptation to pimp it hundreds of thousands of similar, just-installed, never-serviced computers on the Internet?

Update – browser behavior and side channels

Now I've installed a virtual Windows 7 machine and even upgraded to Windows 10, as Joe Q. Average would do. I do not use Tor or VPN. All an external site can see is that I'm connecting from Florence, Italy. There are just like my thirty thousand connections. Even if I know my provider, there are still about nine thousand candidates left. Is that sufficiently anonymous?

It turns out that this is not the case. It could still exist correlations that could be investigated, with sufficient access. For example, I play an online game and my input is sent immediately (character-buffered, not line-buffered). It becomes possible to fingerprint digram and trigram delays, and if the corpus is large enough, determine that online user A is the same person as online user B (of course, within the same online game). The same problem could occur elsewhere.

When I surf the net, I usually always meet the same websites in the same order. And of course I called my "personal pages" on several websites, eg. Stack overflow, regular. A customized distribution of images is already in my browser and will not be downloaded or bypassed at all HTTP If-Modified-Since or If-None-Match Inquiry. This combination of habit and helpfulness of the browser is also a signature.

Given the abundance of tag methods available to websites, it is unlikely that only cookies and passive data could be collected. For example, a site may promote the need to install a font named Tracking-ff0a7a.otfand the browser would dutifully download it. This file is not necessarily deleted when deleting the cache. If it is not downloaded again on subsequent visits, this is proof that I have already visited the site. The font may not be the same for all users, but contains a unique combination of glyphs (for example, the character "1" may contain a "d", "2" may include an "e" and "4" may include a "d"). again – or this could be done with infrequently used font code points), and HTML5 can be used to draw a glyph string "12345678" onto an invisible canvas and upload the result as an image, which would then create the unique hex sequence & #. 39; deadbeef & spell, and this is a cookie in every sense.

To fight this, I may have to:

  • After each browser session, take another snapshot of the VM (and reset the modem if I do). It would not be enough to always have the same VM.
  • Use several different virtual machines or browsers, as well as known proxy services or Tor (I would not mind using a proxy that is unique to me or for which I'm the only user in Florence for anonymity reasons)).
  • Empty and / or purge the browser cache routinely and remember this Not for example, to always open XKCD immediately after questionable content.
  • Accept two or more different "personas" for the services for which I want anonymity, and for which I'm not interested, and make sure that they stay separate in separate VMs so that a permanent connection may be made by a savvy external Agency is made.

This also shows that I would better have a good reason to want anonymity: because it will be a royal pain in the back to accomplish this reliably.