InformAction Forums

[GHOST]

sorry to hear that...

anyway good luck for the devs i heard lots of people are stopping to use this addon

[dan]

We all make mistakes. Yes, this was an egregious one. My guess is that it was made both in anger and without thinking through the consequences (which I'm sure we've all done at least once). I too was about to give up on No Script, but then I realized that the best learning opportunities come from mistakes. My guess is that this will simmer down once Giorgio admits to this mistake.

--dan

[This Week I Have Mainly Been Eating Carrots]

Oh my...

I was really annoyed at first Giorgio and I will admit I uninstalled NoScript, I had already (and always have done so) whitelisted NS in ABP blocking rules and vice versa with NS so I did not notice anything (I'm only and intermediate nerd and I'm not the brightest crayon in the box). I love ABP and that goes on Fx first and foremost then I love to add NoScript and feel secure with those two, your both important to keeping the internet safer and less annoying.

I don't visit dodgy sites but if some ejit sends a worm round Twitter how can I avoid it? If social networking site adds stupid ad on front / blog page how can I avoid it? By using these two add-ons so please please don't be at war with one another, shake and make up and go fight the real bad guys, please for the sake of everything Fx and what us users have come to know and love

We all make mistakes and argue, it's called being human.

I hope this gets sorted out soon, please

PS. I would hate to see a paid version of NS but I I guess many are doing that / offering that now at AMO, I want the "good ole days" back

[Guest]

PS: Tom -- That was a terrible title. It makes you seem desperate.

Thanks for the input. As we all know, everyone perceives things differently. My intent was to try to calm the situation -- it's fixed -- and to try to bring some reason to those who stomped off "threatening" to remove NS. Since it's not a paid-for program, (or if it was, you already bought it), this doesn't hurt the developer nearly as much as it hurts the user who removes it. That is the point I was trying to bring home to those who were angry -- you're only hurting yourself. I wouldn't think of browsing without NS, and I don't get paid to say that -- I'm a volunteer here, as we all are.

I just care about everyone's safety on the Net. I guess I could say, "Okay, get rid of it. Hope you're pwned within two hours." I'm not that kind of person -- not spiteful.

If other people perceive that title as sounding "desperate", I'm certainly open to editing the title. What would you suggest?

I understand where you are coming from. As an internet jackass I can see how some would perceive the title as as ploy/plea to keep users due to the fiasco that has gone on these past few days. Hence my commenting on it. At this point in time, due to the title being listed in each corresponding response, there is no longer any reason to alter the thread's title.

I would have titled the thread something along the lines of: "Controversy regarding NoScript & AdBlock resolved, See thread for details"

[Guest]

@ John the Jew and
@ The Original God of War,

We need to stay on topic and especially leave race, religion, nationality, and all other irrelevant factors out of this. Otherwise, the post will have to be deleted.
Please express your opinions calmly -- it gives them more credibility. Thank you for your cooperation.

Tom my use of racial devices is merely for satire. No actual discrimination or bigotry is intended.

Sincerely,
Jon the Jew

[Tester]

I think what the developer of Noscript did is not excusable and shows that he is not at all a trustworthy person. So logicly I just uninstalled Noscript. BTW: I m not 13 but 38. But I still think that I don't want to have anything to do with someone who tries to trick me just in order to make more $$$ CASH $$$ by betraying me behind my back.
If other people think that this behavior is normal or excusable they are free to do so. I personally hope that some laywer sues the Noscript-Author for what he did to computers of total strangers without ANY permission...

[Guest]

I think what the developer of Noscript did is not excusable and shows that he is not at all a trustworthy person. So logicly I just uninstalled Noscript. BTW: I m not 13 but 38. But I still think that I don't want to have anything to do with someone who tries to trick me just in order to make more $$$ CASH $$$ by betraying me behind my back.
If other people think that this behavior is normal or excusable they are free to do so. I personally hope that some laywer sues the Noscript-Author for what he did to computers of total strangers without ANY permission...

You should try harder next time. Obvious troll/sarcasm is obvious. Thank you for your hilarious post.

[Ricksterto]

So the noscript "filter adjustment" is gone....but those same sites in question remain whitelisted in noscript. I manually removed them.

I don't care who started what - this extension was about not trusting sites and blocking potentially harmful content. Now this extension's integrity itself is put into question by the motives of the developer. With the recent "whoops" of facebook for example, you would have thought that upfront disclosure would have been a no-brainer; but once again someone hoped that no one would notice the change.

I myself don't use flashgot (another extension by the same author) because there are way too many attempts to read / change the registry that can't be explained by normal operation, and the number of advertising related IP addresses attempting and inbound request increase dramatically with the extension installed. I haven't noticed this on noscript (yet) but seems to be where the extension was being taken.

It is also interesting that an older version of noscript allowed you to block references (for ads) - and now it doesn't because of "performance issues". I'll put money on it (or rather someone put money into someone's pocket) to take this feature out. This action a year ago is congruent with this attempt at advertising money.

There are other extensions that are clear from these intentions and are open-source so that you can review what is going on (if you either have the ability or time).

Now I will also add that I am not opposed to having the developer being paid in some manner for the work - noscript was a great product; however, getting paid by backdoor tactics just isn't good business - and even just wrong.

I have removed noscript as an extension, and highly encourage all to do the same.

[Guest]

Now I just need to wait for it to update, for some reason, it's impossible to remove the filter anyway because noscript just re-adds it on every iteration of start-up/refresh of the site.

[Ricksterto]

Just a slight clarification....noscript too can be seen as open source by editing the xpi...didn't mean to imply that it wasn't.

[Guest]

It is stupid how much people are being plain nasty on both sides in this thread, a very stupid mistake was made, it was fixed, I use both , and will continue to use both, but why can;t people admit a mistake was made, and why can;t people just accept hat and continue, without trying to cause trouble? it seems this thread is going into three camps,

Dev is allways right and flame anyone who says differently

the Everyone must now uninstall this exention

and the people who are trying to see it both ways

[Giorgio Maone]

I'm currently writing a post for Hackademix.net (notwithstanding I slept only 2 hours in the latest 48), apologizing with those users who (legitimately) didn't want to upgrade to 1.9.2.6, and therefore couldn't see my apologizes posted both on the AMO page and on the release note landing page shown to every updater.
As soon as I'm done, I'll try to trace back this thread for questions left unanswered and oblige.
However I happened to see this Ricksterto's one, and I thought it deserved some immediate clarifications.

So the noscript "filter adjustment" is gone....but those same sites in question remain whitelisted in noscript. I manually removed them.

It's your right but they're not misteryous at all: they've been there for 4 years, since the very first NoScript version, and they're well documented in this very old FAQ. On a side note, that FAQ documents that I've never tried to hide how a good slice of NoScript and FlashGot development is supported by ad revenue (even though Wladimir always tries to depict me as a champion of hypocrisy, when not a criminal) .

I don't care who started what - this extension was about not trusting sites and blocking potentially harmful content. Now this extension's integrity itself is put into question by the motives of the developer. With the recent "whoops" of facebook for example, you would have thought that upfront disclosure would have been a no-brainer; but once again someone hoped that no one would notice the change.

I agree with the principle, but nobody "hoped" something that stupid.
Please notice that a retroactive opt-in dialog (install/keep/remove) had been announced well before Wladimir's "explosive" post. But after that exploit I decided to throw it away and remove the filter directly, no question asked, as a peace offer.

I myself don't use flashgot (another extension by the same author) because there are way too many attempts to read / change the registry that can't be explained by normal operation,

This is pure FUD. FlashGot does read the Windows registry as part of its download manager auto-detection startup routines (it identifies the COM interfaces these product normally use to talk with IE and hooks them if found), but never changes it.

and the number of advertising related IP addresses attempting and inbound request increase dramatically with the extension installed.

Maybe with some adware download managers installed or P2P-capable ones, such as BitComet. FlashGot doesn't perform any network activity by itself, again that's FUD.

It is also interesting that an older version of noscript allowed you to block references (for ads) - and now it doesn't because of "performance issues". I'll put money on it (or rather someone put money into someone's pocket) to take this feature out. This action a year ago is congruent with this attempt at advertising money.

OK, that's plain wrong and offensive. I don't know what you meant by "blocking references (for ads)", but I'm pretty sure there's never been any feature with a similar name in NoScript. here's the full changelog (it's pretty long, despite what someone says about "fake updates"): would you mind to locate this "change" made to put money in "someone's pocket"? (Don't mind, if you think the changelog has been tampered I bet you can find copies of it in many linux distros).

Back to the Hackademix post now (I wonder if I should postpone it to tomorrow, after taking some sleep?)

[mattmccutchen]

Personally I was OK with the ABP filterset as long as the reason for it was stated honestly. But I believe the main point of Wladimir's post, which I agree with, is that it was unacceptable to add obfuscated code to NoScript 1.9.2 to interfere with ABP with no mention in the changelog. Giorgio, you will have to answer for that if you want to regain my trust.

[Ricksterto]

My last post for what I now see as an extension that just should not be used....period.

Firstly, I won't respond to your above comments; this is undoubtedly your business and source of income - it appears that you want to fix the issue and let's let your users decide.

Two last things:

FAQ's are not placed to put in important information such as when your coding bypasses the functionality of the programming. In addition, what exactly is the about:config line "noscript.xblHack with value http://hackademix.net/". I don't see that anywhere in your GUI lists.

and perhaps a bug?

I just ran a test on the latest release using Javascript Deobfuscator 1.5.3 - seems that permitted scripts are allowing calls to scripts that should have been blocked. Background, site has scripts on, adbrite is blocked however. The one that caught my attention was called from http://sitenamehidden/banners (runs a js for their banner - in that script, they call another script related to adbrite). Adbrite script runs perfectly and is not blocked.

var AdBrite_Iframe = window.top != window.self ? 2 : 1;
var AdBrite_Referrer = document.referrer == "" ? document.location : document.referrer;
AdBrite_Referrer = encodeURIComponent(AdBrite_Referrer);

Again, too bad about what was a good product.

[Alan Baxter]

Back to the Hackademix post now (I wonder if I should postpone it to tomorrow, after taking some sleep?)

Get some sleep and reread it before pressing Send.