Slashdot Mirror
NoScript Awarded $10,000
An anonymous reader noted an interesting bit of information about a tool a ton of Slashdot users make use of every day: "NoScript has been chosen as the recipient of the DRG Security Innovation Grant. This is a great honor and a spur to keep making the Web a safer place. I feel the urge to thank the committee for recognizing NoScript as a pioneering force in browser security, and the community of contributors, researchers, translators, beta testers, and loyal users who keep this project alive day after day. The grant will fund the effort to merge the current two development lines, i.e. 'traditional' NoScript for desktop environment."
Does this mean web designers will start making their web sites actually work when users without javascript try to use them?
(The list of offenders is too long to name.)
Maybe not. But, it definitely raises questions about the guy's integrity. And, you can't help but wonder if this hadn't been noticed and created massive outcry, whether he would have apologized at all, or whether he was just imitating large corporations policy of "hope they don't notice, apologize if they do."
Oh yeah, and why one addon is able to make changes to another in Firefox without notifying the user. I haven't used Firefox much (prefer Opera), but is this still possible? If it is, why? Seems like a pretty large security problem. The answer is obviously only to install trusted addons, but if even a major addon like this has a history of doing it, what can you really trust?
"None can love freedom heartily, but good men; the rest love not freedom, but license." --John Milton
Well I love the Neutered web experience because I absolutely Hate flash/silverlight and iframes because they've been exploited to many times. As to the usability of a website, I feel that any site that absolutely depends upon flash/silverlight to be usable is one I don't need to visit again. For those business sites like Asus or HP, I've begun filing ADA (american disabilities act) complaints that the websites are no accessible to disabled users (flash doesn't support screen readers - nor does it work worth a damn for those who have even a mild vision impairment).
Hopefully, we'll start seeing companies getting it right by sticking with Standards compliant HTML for their main pages with proper links to the various departments. There is absolutely no reason for a website to depend on anything except HTML for functionality, as it is the lowest common denominator.
Mod me up/Mod me down: I wont frown as I've no crown
No Script helped in stemming the amount of infected PCs I received. I'd install it on my customer's PCs and showed them how it worked and that they should turn it off only when doing stuff like online banking, otherwise leave it on.
It was of tremendous help and a lot of repeat customers stopped coming back with the same infection.
Previewing comments are for sissies!
What NoScript really needs is a way of blacklisting domains manually so that I have to manually enable them if I decide I want them.
You mean like 'mark as untrusted'?
I'd like to see domain-based functionality, so for example I can allow Facebook Javascript when I'm actually using Facebook, but block if when I'm at any other site.
Ah, I still remember the early days of Javascript when we were telling people what a horrible insecure pile of crap it would be and they were assuring us that nothing could possibly go wrong.