Jump to content
Tuts 4 You
Sign in to follow this  
kao

https issue/broken link

Rate this topic

Recommended Posts

kao

In this topic, there is a download link: http://www.tuts4you.com/forum/index.php?automodule=downloads&showfile=192


 


When I click on it, Google Chrome gives me the following error:


 



This is probably not the site you are looking for!

You attempted to reach www.tuts4you.com, but instead you actually reached a server identifying itself as forum.tuts4you.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of www.tuts4you.com.

You cannot proceed because the website operator has requested heightened security for this domain.


 


There is no way to work around it, see last sentence in error message.. ;)


 


IP address xxx.yyy.8.85, OS: 64bit Win7, Browser: Google Chrome 30.0.1599.69 (I refuse to update to any version that doesn't support NPAPI).


Share this post


Link to post
Share on other sites
SkyProud

NPAPI).

http://blog.chromium.org/2013/09/saying-goodbye-to-our-old-friend-npapi.html

 

Saying Goodbye to Our Old Friend NPAPI

Monday, September 23, 2013

The Netscape Plug-in API (NPAPI) ushered in an early era of web innovation by offering the first standard mechanism to extend the browser. In fact, many modern web platform features—including video and audio support—first saw mainstream deployment through NPAPI-based plug-ins.

But the web has evolved. Today’s browsers are speedier, safer, and more capable than their ancestors. Meanwhile, NPAPI’s 90s-era architecture has become a leading cause of hangs, crashes, security incidents, and code complexity. Because of this, Chrome will be phasing out NPAPI support over the coming year.

We feel the web is ready for this transition. NPAPI isn’t supported on mobile devices, and Mozilla plans to make all plug-ins except the current version of Flash click-to-play by default. Based on anonymous Chrome usage data, we estimate that only six NPAPI plug-ins were used by more than 5% of users in the last month. Still, we appreciate that it will take time to transition away from NPAPI, so we will be rolling out this change in stages.

Starting in January 2014, Chrome will block webpage-instantiated NPAPI plug-ins by default on the Stable channel. To avoid disruption to users, we will temporarily whitelist the most popular NPAPI plug-ins that are not already blocked for security reasons. These are:

  • Silverlight (launched by 15% of Chrome users last month)
  • Unity (9.1%)
  • Google Earth (9.1%)
  • Java (8.9%) *
  • Google Talk (8.7%)
  • Facebook Video (6.0%)
* Already blocked by default for security reasons.

In the short term, end users and enterprise administrators will be able to whitelist specific plug-ins. Eventually, however, NPAPI support will be completely removed from Chrome. We expect this to happen before the end of 2014, but the exact timing will depend on usage and user feedback. Note that the built-in Flash plug-in and PDF viewer will be unaffected because they don’t use NPAPI.

The Chrome Web Store will also be phasing out NPAPI support. Starting today, no new Apps or Extensions containing NPAPI-based plug-ins will be allowed in the Web Store. Developers will be able to update their existing NPAPI-based Apps and Extensions until May 2014, when updates will be blocked. Also in May, listings for NPAPI-based Apps and Extensions will be removed from the Web Store home page, search results, and category pages. In September 2014, all existing NPAPI-based Apps and Extensions will be unpublished. Existing installations will continue to work until Chrome fully removes support for NPAPI.

There are several alternatives to NPAPI. In cases where standard web technologies are not yet sufficient, developers and administrators can use NaCl, Apps, Native Messaging API, and Legacy Browser Support to transition from NPAPI. Moving forward, our goal is to evolve the standards-based web platform to cover the use cases once served by NPAPI. 

UPDATES

  • November 2013: For more details about NPAPI deprecation, see the NPAPI Deprecation Developer Guide.
  • April 2014: NPAPI support was removed from Chrome for Linux in release 35.
  • April 2014: Developers will be able to update Apps and Extensions that use NPAPI until their listings are unpublished in September. This deviation from the original schedule is to allow for security updates.
  • July 2014: Chrome 37 has switched to a harder-to-bypass blocking UI for NPAPI.
Justin Schuh, Security Engineer and Plug-in Retirement Planner

 

Share this post


Link to post
Share on other sites
kao

@Tianjiao: and your point is?


Share this post


Link to post
Share on other sites
SkyProud

Warning

NPAPI is being phased out. Consider using alternatives.

 

NPAPI is a really big hammer that should only be used when no other approach will work.

 

Code running in an NPAPI plugin has the full permissions of the current user and is not sandboxed or shielded from malicious input by Google Chrome in any way. You should be especially cautious when processing input from untrusted sources, such as when working with XMLHttpRequest.

Share this post


Link to post
Share on other sites
kao

Yes, I know that - and I don't give a flying f*ck. Until somebody creates a gestures plugin that works on every single page without NPAPI, I'm sticking to Chrome 30.


So, could you please stop copy-pasting large amounts of text - they're not helping in any way?


Share this post


Link to post
Share on other sites
SkyProud

The reason you stayed on Chrome 30 is only because of gestures plugin?However, it is a security flaw technology, you think of giving up something not secure plugin?


Share this post


Link to post
Share on other sites
kao

SWF, PDF and Java security is much more flawed than Chrome - but you're still using those technologies, right? ;)


 


And yes, my convenience is much more important than some theoretical attack against Chrome or the gestures plugin I'm using.


  • Like 1

Share this post


Link to post
Share on other sites
SkyProud

Java has Sandbox, but NPAPI does not have.


Security comes first, any temporary inconvenience is worthy.


Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...