Latest Comments

75 Total
a reply to a comment on the General Rambling Please move away from Zoho. 5 years and 2 months ago
+1 for moving away from Zoho.

The problems I have with Zoho:

  • Requirement of third party cookies (I keep all third party cookies disabled in my browser)
  • It uses really shitty SSL, the only cipher selection in Firefox that seems to be supported is, security.ssl3.rsa_rc4_128_sha

Let Me DuckDuckGo That For You
a reply to a comment on the General Rambling Images on Tor hidden service Not Loaded through Tor hidden service 5 years and 2 months ago
To clarify the Amazon scroll thing in the zero-click field. The images of the covers that look like they are from Amazon come from the .onion address, everything else comes from duckduckgo.com. If you install RequestPolicy and have it block everything you can see all the red flags that block all the images but those ones from Amazon.

Let Me DuckDuckGo That For You
a reply to a comment on the General Rambling Problem with SSL connection when only ephemeral cipher suites enabled in client 5 years and 2 months ago
Forward secrecy prevents past communications from being decrypted tomorrow even if the private key on the server is compromised.

Let Me DuckDuckGo That For You
a reply to a comment on the General Rambling Fix Ability to Parse URL Parameters without Javascript (/html/) 5 years and 2 months ago
Awesome! Thank you very much!

One little thing I did notice though, is the final URL is: https://duckduckgo.com/html?q=shit&kp=-1&kl=us-en

I'm guessing the lack of a "/" after the "html" part is intentional? Seems inconsistent with being on the previous page of https://duckduckgo.com/html/

Let Me DuckDuckGo That For You
a reply to a comment on the General Rambling Fix Ability to Parse URL Parameters without Javascript (/html/) 5 years and 2 months ago
Awesome, thank you!

However, the bug mentioned in EDIT2 still exists.

Let Me DuckDuckGo That For You
a reply to a comment on the General Rambling Problem with SSL connection when only ephemeral cipher suites enabled in client 5 years and 2 months ago
First off, DuckDuckGo now supports Forward Secrecy, which can be checked here.

In Firefox's about:config you can manually enable specific ciphers combinations. I went through this list and disabled all of them except each line and tested loading https://duckduckgo.com/

'NO' designates it did not work, and 'YES' designates it did work.

(Note these are listed by searching for "security.ssl3" in Firefox 22.0)

security.ssl3.dhe_dss_aes_128_sha NO (FS)
security.ssl3.dhe_dss_aes_256_sha NO (FS)
security.ssl3.dhe_dss_camellia_128_sha NO (FS)
security.ssl3.dhe_dss_camellia_256_sha NO (FS)
security.ssl3.dhe_dss_des_ede3_sha NO (FS)
security.ssl3.dhe_rsa_aes_128_sha NO (FS)
security.ssl3.dhe_rsa_aes_256_sha NO (FS)
security.ssl3.dhe_rsa_camellia_128_sha NO (FS)
security.ssl3.dhe_rsa_camellia_256_sha NO (FS)
security.ssl3.dhe_rsa_des_ede3_sha NO (FS)
security.ssl3.ecdh_ecdsa_aes_128_sha NO (FS)
security.ssl3.ecdh_ecdsa_aes_256_sha NO (FS)
security.ssl3.ecdh_ecdsa_des_ede3_sha NO (FS)
security.ssl3.ecdh_ecdsa_rc4_128_sha NO (FS)
security.ssl3.ecdh_rsa_aes_128_sha NO (FS)
security.ssl3.ecdh_rsa_aes_256_sha NO (FS)
security.ssl3.ecdh_rsa_des_ede3_sha NO (FS)
security.ssl3.ecdh_rsa_rc4_128_sha NO (FS)
security.ssl3.ecdhe_ecdsa_aes_128_sha NO (FS)
security.ssl3.ecdhe_ecdsa_aes_256_sha NO (FS)
security.ssl3.ecdhe_ecdsa_des_ede3_sha NO (FS)
security.ssl3.ecdhe_ecdsa_rc4_128_sha NO (FS)

security.ssl3.ecdhe_rsa_aes_128_sha YES (FS)
security.ssl3.ecdhe_rsa_aes_256_sha YES (FS)
security.ssl3.ecdhe_rsa_des_ede3_sha YES (FS)
security.ssl3.ecdhe_rsa_rc4_128_sha YES (FS)
security.ssl3.rsa_aes_128_sha YES
security.ssl3.rsa_aes_256_sha YES

security.ssl3.rsa_camellia_128_sha NO
security.ssl3.rsa_camellia_256_sha NO
security.ssl3.rsa_des_ede3_sha NO
security.ssl3.rsa_fips_des_ede3_sha NO
security.ssl3.rsa_rc4_128_md5 NO

security.ssl3.rsa_rc4_128_sha YES
security.ssl3.rsa_seed_sha YES


Enabling RC4 does help in mitigating the BEAST attack, and that's probably why it is enabled on the server.

This blog post has a nice write up about forward secrecy.

Let Me DuckDuckGo That For You
a reply to a comment on the General Rambling Bizarre bug: "! bbc" goes to a porn site 5 years and 2 months ago
Shouldn't the safe-search filter caught it even if it was spammed to Wikipedia? Or are zero-click boxes not filtered by safe-search?

Let Me DuckDuckGo That For You
a reply to a comment on the General Rambling not?bug 5 years and 2 months ago
Short answer: unable to reproduce.

In Firefox 22.0 with DuckDuckGo default settings the link, https://duckduckgo.com/?q=ppa.launchpad.net%2Fnilarimogard%2Fwebupd8%2Fubuntu loads a search result page.

What browser and version are you running, and are you running any extensions/addons that don't come with the browser?

Let Me DuckDuckGo That For You
a reply to a comment on the General Rambling Full referer leaking to site even though DDG appears to use https. 5 years and 2 months ago
I can confirm this is a problem and I was able to reproduce it.

Here are the steps I followed to reproduce it.

1.) Load up https://duckduckgo.com/
2.) Searched for my full name
3.) Clicked on the result for my personal domain
4.) tail'ed my web server logs and noticed the full URL

However, upon further examination, I did notice some peculiar. This was a problem because I have set my region to uk-en when working out someone elses issue. When I set the region back to "no region (default)" I then got the referer to begin with "https://r.duckduckgo.com/l/?kh=-1&uddg=" and it listed the site I was clicking on rather than the search terms.

Let Me DuckDuckGo That For You
a reply to a comment on the General Rambling problems with search 5 years and 2 months ago
Hello, your site does appear to be "index" by DuckDuckGo, https://duckduckgo.com/?q=site%3Abaretouch.com.au However, the reason it may not be number one for searching for the URL site specifying "site:" may be lack of relevant links back to your site using your domain name. DuckDuckGo pulls from many resources so this may or may not be the only way to help increase your relevancy in the search results.

Let Me DuckDuckGo That For You
« 1 2 3 4 5 6 7 8 »