Slashdot Mirror
NoScript Awarded $10,000
An anonymous reader noted an interesting bit of information about a tool a ton of Slashdot users make use of every day: "NoScript has been chosen as the recipient of the DRG Security Innovation Grant. This is a great honor and a spur to keep making the Web a safer place. I feel the urge to thank the committee for recognizing NoScript as a pioneering force in browser security, and the community of contributors, researchers, translators, beta testers, and loyal users who keep this project alive day after day. The grant will fund the effort to merge the current two development lines, i.e. 'traditional' NoScript for desktop environment."
The fact that this ever had to be an *add-on* is just shameful. The fact that IE and Safari still don't have it (or something very similar) is close to criminal. Okay, Chrome has NotScripts, but that apparently requires some weird hacking to use securely.
And, no, the non-default ability to turn *all* scripts on or off isn't even close to the same thing. As the great Jules would say--it's not the same ballpark, not the same league, not even the same sport.
SJW: Someone who has run out of real oppression, and has to fake it.
Yes, two fucking years ago the guy made a poor decision in the heat of the moment which he later apologized for. We should definitely crucify him for it forever.
That's too bad, because it's awesome. I haven't found anything else that comes close to how flexible and easy to use it is.
As far as trust goes - I trust the developer of NoScript over the entirety of the javascript code injected by advertising and tracking agencies out there.
By the way - did you read the NoScript developer's mea culpa?
My Other Computer Is A Data General Nova III.
It certainly was a while ago and he did apologize (after the backlash), and I agree that we shouldn't hold it against him forever. Still, I tend to be wary of NoScript these days because of it. I'm not sure I would trust someone who abused his position like that with a $10k grant is all. Maybe I'm being unreasonable, but I don't think it's a big leap to think that someone who abused their position for monetary gain once might do so again. And it's definitely something that I think people who use NoScript should know about, old or not.
JavaScript [...] is extremely helpful for making useful, clean, modern websites.
I'll see your "useful, clean, modern" and raise you "glacial, bloated, bug-ridden".
Both JS and non-JS sites can be written well or poorly, and I'm not averse to a little javascript where it demonstrably improves the user experience, such as auto-focus into form fields for example. However, the problem is that some designers/developers just don't know when to stop, and seemingly only test their results on a gigabit LAN with a browser on their quad-core monster. As a consequence they think nothing of pulling in scripts and libraries from half a dozen sources and then proceed to use only one tenth of that code in the page. Frequently I see JS code where the whole way through it keeps testing over and over again for specific user agents so that it can choose which hackish workaround to employ instead of testing once and pulling in a brower-specific library. I have a 10Mbps broadband connection here and some pages take longer to load and render than they did 15 years ago.
Good designers and devs can produce excellent JS-based sites. But the other 99% are just a struggle to use and a good proportion of those are close to unusable.
Burns: We're building a casino!
McAllister: Arrr. Give me 5 minutes.
So he has a stupid spat with the guys at AdBlock Plus. So what?
People make stupid mistakes every once in a while. He apologized, and hasn't done anything dumb since. In the meantime, NoScript has continued to be a valuable tool that I add to every Firefox installation I use (well, all once he adds support for Firefox Mobile.)
There are plenty of vulnerabilities found that do not need scripts, lets not make NoScript out to be more than what it is.
I'm sorry, I've got to call BS. That's like saying "There are plenty of illnesses out there that aren't virus-based or bacterial, so let's not make washing our hands out to be more important than it is."
Fact is, NoScript is an invaluable resource, with a clear, easy-to-use interface, and even the less-than-tech-savvy user can use it to vastly reduce their chance of 'catching' something. Yes, it does not provide perfect protection from everything, but I'm afraid the only way you can achieve that is to pull the plug on teh interwebs and live in your own virtual 'bubble'.
I for one applaud this award as well-deserved. Good on them!
"I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
Javascript itself isn't the problem so much as the tendency to need to allow javascript from 20 or 30 sites just to view a page in its entirety. Typically they don't tell you what sites they genuinely use so if you don't recognize the domain name then you don't have any way of knowing if it's intended to be executed by the web devs.
Government. Is there anything it can do that does not hurt the economy? If it can, I haven't found one example yet so far.
+5 ironic for writing that on the internet.
When information is power, privacy is freedom.