Domain: informaction.com
Stories and comments across the archive that link to informaction.com.
Comments · 22
-
Re:Anti-extension Narrative Ramping Up?
You just don't remember correctly at all. Here's the developer discussing it with other people it made uncomfortable: https://forums.informaction.com/viewtopic.php?f=7&t=4743
I think NoScript is great, but I also think that kind of background network behavior is a very poor design feature in a privacy/security product.
-
Side Tabs
Been waiting for that 5 years now...
http://forums.informaction.com...And the three years since some dude called 'glen' took out side tabs; which is why I went back to firefox (treestyle tabs ftw)
-
Does it have an API for NoScript yet? 5 years?
Been waiting for that 5 years now... http://forums.informaction.com...
-
Re:more downgrades
-
Re:No Script
For Firefox fans there is an add on called "no script" that prevents Javascript from running automatically. There should be an equivalent for Chrome folks too.
It's called NoScript.
And there's no "NoScript equivalent" for Chrome folks, sadly.
-
Re:Agreed
There is ZERO chance I'm going to use a browser which doesn't allow me to default JS to being disabled. NoScript is also FAR advanced beyond other similar tools, so it would REALLY SUCK to have to use Chromium's lame equivalent, but I will if it is the only choice. At least in other respects Chromium is pretty good.
In what ways is NoScript more advanced than ScriptSafe?
Besides some "minor" features first introduced by NoScript, which advanced the state of the art of browser security (such as the most effective in-browser XSS filter, the ClearClick anti-Clickjacking technology and the Application Boundaries Enforcer module), NoScript holds a modest advantage over all its Chrome-based "clones": basic script blocking which actually works
;) -
Re:Social media AdBlock list
This makes me nervous:
http://forums.informaction.com/viewtopic.php?f=8&t=3869#p16295
It indicates that ghostery is owned by an ad company, and it itself may collect some info?
-
Re:NoScript?
Almost, but not really.
-
Re:Did they add noscript yet?According to the creator of NoScript (Giorgio Maone) Chrome is incapable of running NoScript http://forums.informaction.com/viewtopic.php?f=10&t=1676&sid=23a681ccbaa7d58b3c03c444af2de8f6&start=60
At this moment one of the major obstacles is the multi-processing design choosen by Chromium, which forbids every kind of synchronous communication between chrome and content and therefore prevents critical configuration data (e.g. NoScript's whitelist) from being safely and reliably shared across the application. Other APIs, especially in the networking area, are missing as well. By comparison Electrolysis (E10s), the new multi-processing design choosen by future Firefox (and current Firefox Mobile betas) poses challenges, but they're not impossible ("code just needs to be written") and in fact NoScript is being adapted.
NotScripts user interface is laggy and often misses domains. NotScripts does not have anywhere near the thorough level of protection that NoScript has.
-
Re:NoScript?The NoScript author makes this objection to privoxy:
there are so many ways to obfuscate active content while it goes through the pipes (i.e. before it gets parsed by the browser) that trying to block it through a proxy (even though it's been attempted by proxomitron and similar projects) is futile.
I don't know enough about this to be able to evaluate his statement.
-
Re:NoScript?
And here's a thread in the NoScript forum explaining why it's not available yet.
-
Re:AdBlockPlus and Ghostery
Ghostery seems to be fishy, being owned by an advertising company. Easy Privacy filter for Ablock Plus might be a better solution.
-
Re:Results and flash cookies
Exactly. That's why I just suggested on the NoScript Forum that they replace the default user agent with minimal info (Browser name and browser major/minor version) if scripting is not enabled for a site.Go add a supporting post if you also think it's a good idea.
-
Re:Show me the violation.
Since they are shipping source code with their plugin, and the complainant themselves states that the files are unchanged, they again, are compliant.
No, if that were the case then there would be no need for the LGPL. If the combined work would reasonably be considered (from the user's perspective) to be a single product then the entire work must be GPL'd.
The bundled code (OS-level) exemption reads as follows (Term 2):
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.That's a very long way away from the library/main.c relationship.
All we have so far is a developer complaining that their code was used without attribution.
to quote the code's author in TFA:
http://forums.informaction.com/viewtopic.php?f=6&t=1654&p=6396#p6396
I said "illegally" because FlashGot is open sourced under the GPL license, and this means that anybody incorporating code from FlashGot (which is otherwise freely reusable) must release their code/modifications under the GPL as well, which they're not doing.Sounds to me like he's complaining about a license violation, I don't hear anything about wanting to see his name in big bright letters.
It requires Several things, but advertising where you got the code is not one of them.
(irrelevant...)
It requires that you advertise to the end user that they are using GPL code, and what that means for them.
The act of creating a running image of a software program is considered copying
The idea that "copying" a program into memory in order to run it is an act of redistribution for the purposes of copyright law* is so completely absurd and asinine that we debase ourselves to do anything but openly mock the purveyors of such drivel. I don't really care who's saying it.
/Especially/ if they have an army of lawyers this will be your best (if only) long term defense.[*] (even ignoring any Fair Use, Natural Purpose, or alfresco-user arguments for now)
wrt the kernel: Users of GPL code are free to use non-GPL drivers with a GPL OS (or do whatever the hell they want with it as long as they don't redistribute anything), but the key is that they have to add it in on their own, the kernel devs and distros can't ship with it linked.
I'm outta here..
-
Re:I Would Have Allowed It
Had NoScript asked me if I wanted to whitelist adds on their site (in my AdBlock preferences) to support NoScript development, I would have happily clicked "Yes."
Exactly. The NoScript author has a point, and I understand he has to generate some revenue to fund his work, but going behind the users' backs is unacceptable.
As it is, I've left the NoScript whitelist intact in my AdBlock preferences, because I do want to support their development (NoScript leaves a comment in the AdBlock preferences indicating that this whitelist can be disabled easily).
I've immediately disabled the filter set, and prevented the NoScript site from being displayed. I will however re-enable it soon, because the next version of NoScript will ask for permission (even retroactively), and allow its modifications to ABP to be reset:
From a post by Giorgio Maone on his forum:
However I hope all this mess will be at least partially cleaned by NoScript 1.9.2.5, which adds the prompt that has been stupidly omitted in 1.9.2.4. It's 6.57 AM here, and I stayed up all night to speed this update scheduled for tomorrow evening before Wladimir's explosive post.
v 1.9.2.5
+ One-time startup prompt to ask users if they wants to install/keep
the AdBlock Plus "NoScript Development Support Filterset" deployed
with NoScript 1.9.2.3 and above
x Fixed filterset bug: it could be disabled but not removed.
x Fixed "Attempt to fix JS links" not working for drop-down lists on
Gecko < 1.9 (thanks therube for report)
x Updated zh-CN translation
x Updated el-GR translationHe SHOULD have done so in the first place, and I still feel he should apologize for his error in judgement, but at least he's doing something about the problem. NoScript is an invaluable extension (much more so than ABP, as long as I've got FlashBlock), and I'm grateful for his efforts. I hope next time he'll think twice before he tries a stunt like this.
CJ
-
Back to 1.9.1, don't update until this is resolved
Here's the direct link:
http://software.informaction.com/data/releases/noscript-1.9.1.9.xpi
-
Giorgio Maone
-
NoScript's side of the story
Since NoScript recently put up a forum I figured I would go over to see what people on there had to say. Here's a thread which starts with a discussion of noscript breaking adblock and then turns into a discussion of the specific issue: http://forums.informaction.com/viewtopic.php?f=7&t=877
Here's a post where the NoScript guy asserts his reasoning for it: http://forums.informaction.com/viewtopic.php?p=2777#p2777 basically he says that the update to the filterset broke noscript.net making things like the menus unusable.
In this post http://forums.informaction.com/viewtopic.php?f=7&t=877&start=90#p3162 he claims that the inability to remove the noscript filterset is a bug and that the next update to noscript will fix that and prompt users beforehand. -
NoScript's side of the story
Since NoScript recently put up a forum I figured I would go over to see what people on there had to say. Here's a thread which starts with a discussion of noscript breaking adblock and then turns into a discussion of the specific issue: http://forums.informaction.com/viewtopic.php?f=7&t=877
Here's a post where the NoScript guy asserts his reasoning for it: http://forums.informaction.com/viewtopic.php?p=2777#p2777 basically he says that the update to the filterset broke noscript.net making things like the menus unusable.
In this post http://forums.informaction.com/viewtopic.php?f=7&t=877&start=90#p3162 he claims that the inability to remove the noscript filterset is a bug and that the next update to noscript will fix that and prompt users beforehand. -
NoScript's side of the story
Since NoScript recently put up a forum I figured I would go over to see what people on there had to say. Here's a thread which starts with a discussion of noscript breaking adblock and then turns into a discussion of the specific issue: http://forums.informaction.com/viewtopic.php?f=7&t=877
Here's a post where the NoScript guy asserts his reasoning for it: http://forums.informaction.com/viewtopic.php?p=2777#p2777 basically he says that the update to the filterset broke noscript.net making things like the menus unusable.
In this post http://forums.informaction.com/viewtopic.php?f=7&t=877&start=90#p3162 he claims that the inability to remove the noscript filterset is a bug and that the next update to noscript will fix that and prompt users beforehand. -
Re:I Would Have Allowed It
Currently you can't actually delete the list, only disable it. If you delete the list, it will come back the next time you load firefox. I have actually tried this myself and it is very obnoxious.
I was looking on the noscript forums, and I did find this:
On the other hand, I guess I'll have to work overnight to release 1.9.2.5 immediately: it prompts users beforehand (something I announced 10 minutes after 1.9.2.4's release), and also fixes the bug which allows the filterset only to be disabled, rather than removed. That's a genuine bug, but is being nonetheless singled out as a malicious behavior by Wladimir...
While I don't know if I believe this or not, it's at least the way it should have been from the start.
-
Timeline of events
When the Easylist filter was made for Adblock Plus, it generically blocked ads for many websites, with some specific rules for other sites. Giorgio Maone (creator of NoScript) relies to a certain extent on ad revenue on his websites, without which he may spend less time working on the extension. He made a workaround on the ad blocking, and though the filter could have been updated to counter this, no attempt was made to update it.
When Rick Petnel died, they needed a new maintainer for the filter. Ares2 continued where Rick left off. He decided to fix the workaround made on Giorgio's sites.
What then followed was a game of cat-and-mouse. Giorgio would attempt a new workariound, and Ares2 would attempt to block the ads. It reached the stage where large parts of Giorgio's sites weren't working due to false positives.
Here, it seems clear that Ares2 has gone too far, and a compromise should have been reached. ABP and NoScript are a good pair when working together, though the people behind them have different philosophies. Unfortunately, things start to take a turn for the worse.
In an attempt to defend his site and ad revenue, he makes an update of NoScript to version 1.9.2. This version contains a file called MRD.js, which adds a CSS stylesheet rule to his websites that overrides the filter, by adding -moz-binding: none after the filter has loaded, which the filter depends upon. Furthermore, the file is obfuscated to hide what it does. No warning is given to Firefox users of what the extension has added in this tit-for-tat battle.
When this addition started breaking users ABP installations, version 1.9.2.3 instead adds his websites to the ABP whitelist, calling it a "NoScript development support filterset". The user isn't informed of what this is, and isn't given a choice on whether to accept it.
At present, the filter has removed its false positives, though leaves the ad blocking in place. The NoScript behaviour still remains in the latest version.
Ares2 was overzealous in attempting to block ads, and shouldn't have made Giorgio have to make excessive changes to his site. But the larger concern is that while Easylist is a filterset, which can be removed and updated by the user, NoScript went further and started to modify existing extensions, executing code without user's consent or awareness, and acting in a way that resembled malware, to display ads on his websites.
Extensions can be great for giving people freedom to control how they view the web. But creators of extensions need to be careful in what they do with them, especially with those with a large user-base like Adblock Plus and NoScript. If not handled correctly, Firefox extensions could become the next vector of malware, and that would be a shame for all.