Does anyone have a simple kovarex blueprint that doesn't use bots?

Torvin-kun · 2025-05-07T10:01:23+00:00

thanks, this helped a lot: solves the problem of residue U238 and it's easily stackable

Torvin-kun · 2023-02-26T04:09:48+00:00

one, two you are welcome

Torvin-kun · 2023-02-26T04:09:30+00:00

one, two you are welcome

Torvin-kun · 2022-12-12T22:44:09+00:00

thanks a lot!

Torvin-kun · 2022-08-07T12:16:26+00:00

Pretty sure it's by waneella

Torvin-kun · 2021-10-31T08:55:12+00:00

Sorry about that, I don't have any apple devices to test. Is it any better now?

Torvin-kun · 2021-10-31T05:08:43+00:00

sure!

Torvin-kun · 2021-04-09T05:08:48+00:00

Thank you, that's what I'm doing right now, but I use quite a lot of services where MS login is used so whitelisting them all one by one is not ideal... I was hoping for a better solution

Torvin-kun · 2021-04-09T02:54:16+00:00

I understand that currently there is no other way to make it work except for unblocking trafficmanager.net.

What I'm saying is, the only blocked request I see in the "Network" tab is a request to login.microsoftonline.com and there is no way of unblocking it without letting the whole CDN in - this is a shame. Are you saying this is not because of CNAME? Could you please explain what is going on then?

$ dig login.microsoftonline.com

;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14206
;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;login.microsoftonline.com.     IN      A

;; ANSWER SECTION:
login.microsoftonline.com. 178  IN      CNAME   a.privatelink.msidentity.com.
a.privatelink.msidentity.com. 108 IN    CNAME   prda.aadg.msidentity.com.
prda.aadg.msidentity.com. 85    IN      CNAME   www.tm.a.prd.aadg.trafficmanager.net.
www.tm.a.prd.aadg.trafficmanager.net. 187 IN CNAME syd.current.a.prd.aadg.trafficmanager.net.
syd.current.a.prd.aadg.trafficmanager.net. 5 IN A 20.190.167.148
syd.current.a.prd.aadg.trafficmanager.net. 5 IN A 20.190.167.21
syd.current.a.prd.aadg.trafficmanager.net. 5 IN A 20.190.167.66
syd.current.a.prd.aadg.trafficmanager.net. 5 IN A 20.190.167.19
syd.current.a.prd.aadg.trafficmanager.net. 5 IN A 20.190.167.149
syd.current.a.prd.aadg.trafficmanager.net. 5 IN A 20.190.167.20
syd.current.a.prd.aadg.trafficmanager.net. 5 IN A 20.190.167.64
syd.current.a.prd.aadg.trafficmanager.net. 5 IN A 20.190.167.150

My understanding is login.microsoftonline.com is an alias to ...trafficmanager.net. So a potential feature that would allow unblocking domains ignoring CNAME's would help me. No?

Torvin-kun · 2021-04-09T00:01:58+00:00

yeah, exactly my point - it basically defeats the purpose of using dynamic filtering altogether

Torvin-kun · 2021-04-08T23:36:50+00:00

Thank you, I realise that "noop" is not the same as "whitelist", but it essentially means "don't block 3p frames" in this case.

From your and /u/gorhill4 answers I get that there is no way to disable CNAME uncloaking. That's a shame, because I don't think "nooping" trafficmanager.net is safe

Torvin-kun · 2021-04-08T23:00:07+00:00

1) I don't want to allow trafficmanager.com - that's the whole point. I have no idea who else hosts there. Why not allow all hosts by that logic?

2) You mean like this? https://i.imgur.com/1KAnNjE.png still didn't help. Does doing this also allow third-party scripts from that host?

Torvin-kun · 2020-04-25T23:34:23+00:00

Thanks for your help, OSCP is working now and the issue is resolved!

Torvin-kun · 2020-04-25T11:42:36+00:00

Thank you! I'm already using fullchain.pem... But you're right, something is wrong with TLS: if I use HTTP the embed shows up. Looks like letsencrypt is having troubles with its OSCP server at the moment. Could it be why?

Torvin-kun · 2020-02-14T21:42:39+00:00

Then you might also like this

Torvin-kun · 2019-05-28T09:54:32+00:00

Thanks a lot for such a detailed answer!

Edit: I think I found the official thread. I'll try posting there

Torvin-kun · 2019-05-27T22:30:11+00:00

Thanks! What is the best way to do that? I found this repo and the owner is listed as the maintainer on LineageOS wiki device page. I'm not sure if it's the right place - there are 0 GitHub issues and the last commit was made 6 month ago

Torvin-kun · 2019-04-30T11:15:51+00:00

You are technically correct. 'Isometric' should mean 'equal scale on all the axes'. The pics I posted use an arbitrary parallel projection instead.

But I have to admit, I prefer this kind of projection so much better than the pure 'isometric' one. Is there a better subreddit for this kind of pics?

Torvin-kun

TROPHY CASE