TorBrowser's NoScript is breaking other addon

Post a reply


In an effort to prevent automatic submissions, we require that you complete the following challenge.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: TorBrowser's NoScript is breaking other addon

Re: TorBrowser's NoScript is breaking other addon

by barbaz » Sun Jan 28, 2018 12:04 am

MacLover wrote:What do you feel if I broke your browser? You did same thing to me.
If the local teenage hooligan deflates your car's tires, would you complain to the tire manufacturer that their tires broke your car?

Re: TorBrowser's NoScript is breaking other addon

by MacLover » Sat Jan 27, 2018 11:52 pm

Re: TorBrowser's NoScript is breaking other addon

Postby Giorgio Maone » Sat Jan 27, 2018 10:52 pm

MacLover wrote:
I am working as Software support team and my rule: accept bugs, apologize before making any excuses.


If you really do, I suppose you accept only bugs which are your own.
And you don't consider correct practice abusing a review system in order to blackmail developers into hurrying up fixing bugs that are not even their own to fix, in days.
Anyway, hilarious (English is not my first language, so I can only guess spelling this word with two Ls is some kind of funny Trumpite joke, is it?)
If you only scroll to the very bottom, you'll find this was NOT my problem, and notwithstanding this (and your bad manners) I've just provided a diagnosis, a fix and a temporary work-around.

Before:
It's a Tor Browser issue, why are you doing this?

After:
you'll find this was NOT my problem, and notwithstanding this (and your bad manners) I've just provided a diagnosis, a fix and a temporary work-around.

See, you're improving a little.

And you called me 7 times. An famous add-on NoScript developer is attacking innocent loyal user.
I wish I could vote 0 star on that issue. You're still attacking instead of apologize.

What do you feel if I broke your browser? You did same thing to me.

Re: TorBrowser's NoScript is breaking other addon

by Giorgio Maone » Sat Jan 27, 2018 10:52 pm

MacLover wrote:I am working as Software support team and my rule: accept bugs, apologize before making any excuses.
If you really do, I suppose you accept only bugs which are your own.
And you don't consider correct practice abusing a review system in order to blackmail developers into hurrying up fixing bugs that are not even their own to fix, in days.
Anyway, hilarious (English is not my first language, so I can only guess spelling this word with two Ls is some kind of funny Trumpite joke, is it?)
If you only scroll to the very bottom, you'll find this was NOT my problem, and notwithstanding this (and your bad manners) I've just provided a diagnosis, a fix and a temporary work-around.

Re: TorBrowser's NoScript is breaking other addon

by barbaz » Sat Jan 27, 2018 4:32 am

Thanks. I've added the source link to your post so that people know you're quoting Giorgio.

Re: TorBrowser's NoScript is breaking other addon

by MacLover » Sat Jan 27, 2018 4:27 am

barbaz wrote:
MacLover wrote:Hillarious.

If only if you scroll down a bit, you should realize this is YOUR problem.

It's a Tor Browser issue, why are you doing this?

This is not even a NoScript bug, but a Tor Browser one, see
https://trac.torproject.org/projects/to ... #comment:2

And it's been reported less than 3 days ago, what's exactly your standard for bug fixing times in a project like Tor?
MacLover, where did you see that quote?
Hi barbaz. Here...
https://addons.mozilla.org/en-US/firefo ... t/reviews/

Re: TorBrowser's NoScript is breaking other addon

by barbaz » Sat Jan 27, 2018 4:22 am

MacLover wrote:Hillarious.

If only if you scroll down a bit, you should realize this is YOUR problem.

It's a Tor Browser issue, why are you doing this?

This is not even a NoScript bug, but a Tor Browser one, see
https://trac.torproject.org/projects/to ... #comment:2

And it's been reported less than 3 days ago, what's exactly your standard for bug fixing times in a project like Tor?
MacLover, where did you see that quote?

Re: TorBrowser's NoScript is breaking other addon

by MacLover » Sat Jan 27, 2018 4:09 am

You know, I really liked your add-on. I really do.

I was hoping you apologize first, like "I'm sorry for breaking other add-ons" or "I'm sorry to hear that" and ask for more info.
Instead you chose to cry out loud; "Why are you doing this".

This is a big minus and I won't give you 5 star for now.
I am working as Software support team and my rule: accept bugs, apologize before making any excuses.

Re: TorBrowser's NoScript is breaking other addon

by MacLover » Sat Jan 27, 2018 4:05 am

Hillarious.

If only if you scroll down a bit, you should realize this is YOUR problem.

https://addons.mozilla.org/en-US/firefox/addon/noscript/reviews/1040126/ wrote: It's a Tor Browser issue, why are you doing this?

This is not even a NoScript bug, but a Tor Browser one, see
https://trac.torproject.org/projects/to ... #comment:2

And it's been reported less than 3 days ago, what's exactly your standard for bug fixing times in a project like Tor?

Re: TorBrowser's NoScript is breaking other addon

by MacLover » Fri Jan 26, 2018 8:56 am

Hello, I can confirm this issue too. I have updated my TBB to 7,5 and all other add-ons stopped working.
I've disabled NoScript and installed uMatix for script blocking. 7,5's NoScript bought me a headache.

Re: TorBrowser's NoScript is breaking other addon

by Guest » Thu Jan 25, 2018 3:13 pm

It's okay to ignore, but many add-on developers will suffer 1-star review - "NOT WORKING".
I know some Tor users using uBlock or other 'add-ons'.

You also can try to convince Tor Browser to forbid installation of any Firefox add-on from any source, including file://.

That's all. I just hope I don't get another 1-star related to this bug.

Re: TorBrowser's NoScript is breaking other addon

by Guest » Thu Jan 25, 2018 3:03 pm

> And btw your example user is quite frankly not a reasonable person, with unhealthy expectations, and the exaggerated ego to back it up.

Actually this happened on MY addon I developed last year.
It's 100% WebExtensions, can work with 52+, and available on mozilla site with 1000+ users.
(I don't say which one for the sake of anomity)

He asked me to "fix" the add-on because I use 'storage.local' API and Tor Browser
clearly flush the form each time the user tried to save the config.

I told him it's not my fault because I use plain vanilla API and asked him to talk about this on Tor forum.
Result? One star. "Not Working".

Give me a break.

Seriously though, when I tried Tor Browser for the first time I thought 'WTF'.
My code is not a problem but yours, because as I wrote above, any add-ons including
mine work exactly AFTER I disabled your NoScript addon.


If Tor Browser really blocking the add-on, any attempt to install the addon should fail
with or without NoScript. This is clearly NoScript problem.


Georg, Admin, or whatever. Someone say something already.

Re: TorBrowser's NoScript is breaking other addon

by Pansa » Thu Jan 25, 2018 1:15 pm

Guest wrote:
Pansa wrote: In a sense that is like arguing that Noscript shouldn't by default block scripts, "break" pages and require the user to do something to view other people's webpages.
Is that sensible?
You're misleading because I'm not talking about websites' script. This is about Add-ons.
I was talking about security standards in general, and then gave an analogy.
Your point was that regardless of a security default of a security software, if you want to do something, that should be the standard, so that nothing is preventing you to do what you want without user interaction.

It works for any context.
If a firewall doesn't allow incoming connection by default, but you want to run a server, the default should be to allow servers without user interaction instead of breaking the ability to connect, regardless of whether that is less secure.
If No script blocks scripts by default, but you want a website to run, the default should be to allow scripts, because otherwise it breaks the website for you, requiring user interaction.
If Tor blocks writing to the file system by default, breaking the saving of settings in not included addons, the default should be not doing that, because it requires user interaction to get what you want.
Are you working at Tor? I already know that and I know what I am installing add-on X.

If this is true, then they must add a code to stop downloading ANY addon from mozilla add-on page.
A) No, and I don't think I acted like I did.
B) That is marvellous that you know what you want to install, but that doesn't change anything about a "default" position a provider might implement.
C) If Tor only blocks specific access to the file system, seeing that as vulnerability, they wouldn't block ALL addons, just the ones that want to write their config in a specific way.
User X downloaded add-on A from mozilla page.
It didn't work on Tor Browser because of this bug.

X wrote a 1-star review on AMO, saying this addon didn't work.

Tor Browser is based on Mozilla Firefox, and your add-on is completely breaking the add-on.
Can't you call this a bug?
If an addon requires features that are disabled in a security focused browser, because that feature is evaluated as security risk, then it not working in said browser is not a bug, but a incompatibility based on divergent visions of security.
I agree with you that said browser should have a feature to disable this security feature at their own risk (or make an exception), but that has to be implemented by requiring user interaction.
The base position that no software should have any security standards (by default), because it might prevent a user from automatically doing something that specifically is seen as risky, or else call it a bug is in my opinion untenable.

And btw your example user is quite frankly not a reasonable person, with unhealthy expectations, and the exaggerated ego to back it up.

And may I add that I think you have a flawed perspective on "open source"? Just because Tor is built on Firefox doesn't mean it should behave EXACTLY like FF. If it did, there'd be no point for the fork. Tor exists because of people NOT wanting it to behave exactly like Firefox; just in this instance you'd prefer it to, and their default position is that what you'd expect to work only works if they allow a security risk by default.
OK look, I'm tired of not receiving any help. That's why I wrote this here.
I will leave if you felt annoyed by this. Sorry about this.
But you aren't asking for help, exactly.
You are demanding a fix to a supposed failure on someone's part, and insisting on them being wrong, before they get to address the issue.
That is a huge difference.

You don't have to leave, I hope someone knows/finds a workaround to allowing you to run the addon.
But you have to be open to the idea that how it works by default is not "wrong", it is just not what you want.

Re: TorBrowser's NoScript is breaking other addon

by Guest » Thu Jan 25, 2018 8:35 am

Pansa wrote: Is that sensible?
Okay you helped me.
https://trac.torproject.org/projects/tor/ticket/25018

Re: TorBrowser's NoScript is breaking other addon

by Guest » Thu Jan 25, 2018 7:57 am

Pansa wrote:
Guest wrote:I didn't modify anything. Just downloaded a fresh Tor Browser.
All I changed is setting a "High" level in TorButton.

I'm guessing you are going by Cypherpunks over there?
Maybe if you had a less "agressive" tone, that would work better?

If Tor is not supposed to do certain things, because it is a risk, and you even choose to run it on "high", that might prevent foreign unkown things to run.
They provide a specific bundle to work in a specific way, and if you want something different, then maybe they don't agree with opening a Layer-8 vulnerability by default.
Besides why the user have to do something in order to use other people's addon?
Breaking other addon is not acceptable.
Because maybe the user wants something that isn't supposed to be allowed by default.

In a sense that is like arguing that Noscript shouldn't by default block scripts, "break" pages and require the user to do something to view other people's webpages.
Is that sensible?

I mean I hope there is a workaround for you to get what you want, but acting like a browser-bundle focused around security is completely "off base" in enforcing that (for instance) unknown things don't get to write to a file/filesystem in that manner is maybe a bit "demanding".

Here's an example.

User X downloaded add-on A from mozilla page.
It didn't work on Tor Browser because of this bug.

X wrote a 1-star review on AMO, saying this addon didn't work.

Tor Browser is based on Mozilla Firefox, and your add-on is completely breaking the add-on.
Can't you call this a bug?

Re: TorBrowser's NoScript is breaking other addon

by Guest » Thu Jan 25, 2018 7:55 am

Pansa wrote: I'm guessing you are going by Cypherpunks over there?
Maybe if you had a less "agressive" tone, that would work better?
OK look, I'm tired of not receiving any help. That's why I wrote this here.
I will leave if you felt annoyed by this. Sorry about this.
Pansa wrote: If Tor is not supposed to do certain things, because it is a risk, and you even choose to run it on "high", that might prevent foreign unkown things to run.
Are you working at Tor? I already know that and I know what I am installing add-on X.
Pansa wrote: Because maybe the user wants something that isn't supposed to be allowed by default.
If this is true, then they must add a code to stop downloading ANY addon from mozilla add-on page.
Pansa wrote: In a sense that is like arguing that Noscript shouldn't by default block scripts, "break" pages and require the user to do something to view other people's webpages.
Is that sensible?
You're misleading because I'm not talking about websites' script. This is about Add-ons.

Top