Slashdot Mirror

← Back to Stories (view on slashdot.org)

NoScript Awarded $10,000

Posted by CmdrTaco on from the useful-little-tools dept.

An anonymous reader noted an interesting bit of information about a tool a ton of Slashdot users make use of every day: "NoScript has been chosen as the recipient of the DRG Security Innovation Grant. This is a great honor and a spur to keep making the Web a safer place. I feel the urge to thank the committee for recognizing NoScript as a pioneering force in browser security, and the community of contributors, researchers, translators, beta testers, and loyal users who keep this project alive day after day. The grant will fund the effort to merge the current two development lines, i.e. 'traditional' NoScript for desktop environment."

13 of 178 comments (clear)

  1. Should have been a default in browsers from day 1 by elrous0 · · Score: 5, Insightful

    The fact that this ever had to be an *add-on* is just shameful. The fact that IE and Safari still don't have it (or something very similar) is close to criminal. Okay, Chrome has NotScripts, but that apparently requires some weird hacking to use securely.

    And, no, the non-default ability to turn *all* scripts on or off isn't even close to the same thing. As the great Jules would say--it's not the same ballpark, not the same league, not even the same sport.

    --
    SJW: Someone who has run out of real oppression, and has to fake it.
  2. Recognition vs usefulness by DeHackEd · · Score: 4, Interesting

    Does this mean web designers will start making their web sites actually work when users without javascript try to use them?

    (The list of offenders is too long to name.)

    1. Re:Recognition vs usefulness by 6031769 · · Score: 5, Insightful

      JavaScript [...] is extremely helpful for making useful, clean, modern websites.

      I'll see your "useful, clean, modern" and raise you "glacial, bloated, bug-ridden".

      Both JS and non-JS sites can be written well or poorly, and I'm not averse to a little javascript where it demonstrably improves the user experience, such as auto-focus into form fields for example. However, the problem is that some designers/developers just don't know when to stop, and seemingly only test their results on a gigabit LAN with a browser on their quad-core monster. As a consequence they think nothing of pulling in scripts and libraries from half a dozen sources and then proceed to use only one tenth of that code in the page. Frequently I see JS code where the whole way through it keeps testing over and over again for specific user agents so that it can choose which hackish workaround to employ instead of testing once and pulling in a brower-specific library. I have a 10Mbps broadband connection here and some pages take longer to load and render than they did 15 years ago.

      Good designers and devs can produce excellent JS-based sites. But the other 99% are just a struggle to use and a good proportion of those are close to unusable.

      --
      Burns: We're building a casino!
      McAllister: Arrr. Give me 5 minutes.
    2. Re:Recognition vs usefulness by hedwards · · Score: 4, Insightful

      Javascript itself isn't the problem so much as the tendency to need to allow javascript from 20 or 30 sites just to view a page in its entirety. Typically they don't tell you what sites they genuinely use so if you don't recognize the domain name then you don't have any way of knowing if it's intended to be executed by the web devs.

  3. Re:Did they also get a grant... by Anonymous Coward · · Score: 5, Insightful

    Yes, two fucking years ago the guy made a poor decision in the heat of the moment which he later apologized for. We should definitely crucify him for it forever.

  4. Re:Why I don't use NoScript by JBMcB · · Score: 4, Insightful

    That's too bad, because it's awesome. I haven't found anything else that comes close to how flexible and easy to use it is.

    As far as trust goes - I trust the developer of NoScript over the entirety of the javascript code injected by advertising and tracking agencies out there.

    By the way - did you read the NoScript developer's mea culpa?

    --
    My Other Computer Is A Data General Nova III.
  5. Re:Did they also get a grant... by twocows · · Score: 5, Insightful

    It certainly was a while ago and he did apologize (after the backlash), and I agree that we shouldn't hold it against him forever. Still, I tend to be wary of NoScript these days because of it. I'm not sure I would trust someone who abused his position like that with a $10k grant is all. Maybe I'm being unreasonable, but I don't think it's a big leap to think that someone who abused their position for monetary gain once might do so again. And it's definitely something that I think people who use NoScript should know about, old or not.

  6. Re:Should have been a default in browsers from day by uigrad_2000 · · Score: 4, Informative

    Ghosteryexists for Firefox/Chrome/IE/Safari, and can be taught to behave as noscript.

    --
    Free unix account: freeshell.org
  7. Re:Did they also get a grant... by Microlith · · Score: 4, Insightful

    So he has a stupid spat with the guys at AdBlock Plus. So what?

    People make stupid mistakes every once in a while. He apologized, and hasn't done anything dumb since. In the meantime, NoScript has continued to be a valuable tool that I add to every Firefox installation I use (well, all once he adds support for Firefox Mobile.)

  8. Re:Should have been a default in browsers from day by nabsltd · · Score: 5, Informative

    This, exactly. I would rather backup my machine properly and practice safe browsing habits then put up with NoScript's bullshit. Ive read for years people extolling its virtues, but i personally cannot stand the neutered web it presents.

    The whole point of NoScript is to allow you to control whether scripts run on a finer level than the "off/on" that browsers support natively, and it does that easily, with one click per domain.

    If you use NoScript to deny scripts globally, then you are using it wrong. Instead, you enable each domain (just once, as NoScript remembers the setting) that you deem safe. This makes browsing much more secure, although you can still be caught if a trusted domain starts serving malware scripts, but it's better than being open to attack from every domain.

  9. Helps prevent trojan infections by madhatter256 · · Score: 4, Interesting

    No Script helped in stemming the amount of infected PCs I received. I'd install it on my customer's PCs and showed them how it worked and that they should turn it off only when doing stuff like online banking, otherwise leave it on.

    It was of tremendous help and a lot of repeat customers stopped coming back with the same infection.

    --
    Previewing comments are for sissies!
  10. Re:Not the holy grail of browser security by CCarrot · · Score: 4, Insightful

    There are plenty of vulnerabilities found that do not need scripts, lets not make NoScript out to be more than what it is.

    I'm sorry, I've got to call BS. That's like saying "There are plenty of illnesses out there that aren't virus-based or bacterial, so let's not make washing our hands out to be more important than it is."

    Fact is, NoScript is an invaluable resource, with a clear, easy-to-use interface, and even the less-than-tech-savvy user can use it to vastly reduce their chance of 'catching' something. Yes, it does not provide perfect protection from everything, but I'm afraid the only way you can achieve that is to pull the plug on teh interwebs and live in your own virtual 'bubble'.

    I for one applaud this award as well-deserved. Good on them!

    --
    "I love animals! Some are cute, others are tasty, what's not to like?" - Betsy Schroeder, Jeopardy contestant
  11. Re:Should have been a default in browsers from day by Jah-Wren+Ryel · · Score: 4, Insightful

    Government. Is there anything it can do that does not hurt the economy? If it can, I haven't found one example yet so far.

    +5 ironic for writing that on the internet.

    --
    When information is power, privacy is freedom.