nuABE (the quickening) - FAQs?

Discussions about the Application Boundaries Enforcer (ABE) module
Mad_Man_Moon
Senior Member
Posts: 75
Joined: Fri Oct 27, 2017 12:02 pm

nuABE (the quickening) - FAQs?

Post by Mad_Man_Moon »

Ello!

Would like to start out by saying that this is a HUGE add to nuNoScript, and I'm *so* glad that it's finally on the table. You folks are bluddy geniuses!!

So, I just thought I'd put up a thread here to ask if there were any key differences (perhaps under the hood) to how nuABE differs to the old, text based, ABE, that had us building incomprehensible (!) text rules like the ones at the end of this post. Asking at a high level, of course, for dummies like me ;-).

I also appreciate that there's a description of nuABE on the site, now ... & This thread is more me asking (hopefully for the benefit of others) to see how this handles/does things differently, and if there's things that we should ensure that we do differently as a result with this.

For example, questions that quickly jump into my head (I'm not literally asking these for response, just examples):
  1. Is the "Enable these capabilities when top page matches" broadly equivalent to "Deny" or is it more like "Deny INC" / "Deny INCLUSION" in old ABE, or does it work slightly differently to either option?
  2. Regarding #1, though, does it handling that differently, and should we do anything differently as a result?
  3. Similarly, if for example, I'm setting lets say ampproject.org for independent.co.uk, then later, also set it for hackademix.net. Would this affect other sites?
  4. Is an improved editing of these more granular options on the map for the GUI's future?
If you do think some of those questions are valid, though, I'll happily break them out into separate topics if it helps with both forum admin, and building a new FAQ for nuABE. :-) Or perhaps a thread or temporary subforum is required to build an FAQ for nuABE? I dunno ... just thinking aloud.

Just to show that I'm using them as examples, I've done my best to try to explain/understand:
  1. I believe it's broadly a Deny INC/INCLUSION. Since we can clearly pick and choose *various* elements that INC handled as a whole in the 'custom' options there. I may obviously be missing stuff here, as I don't understand the underlying technology at play.
  2. No idea. ;)
  3. Based on the below export excerpt it's done on a per parent site basis, then *within* the scope of that domain it has fields for each parent domain that uses it, and their functionality level inherently.
  4. No idea, obvs. 8-)
Export Excerpt:

Code: Select all

        "https://cdn.jsdelivr.net": {
          "capabilities": [
            "script",
            "object",
            "media",
            "frame",
            "font",
            "webgl",
            "fetch",
            "other",
            "ping",
            "lan"
          ],
          "contextual": {
            "§:cclonline.com": {
              "capabilities": [
                "script",
                "object",
                "media",
                "frame",
                "font",
                "webgl"
              ],
              "temp": false
            },
            "§:meshcomputers.com": {
              "capabilities": [
                "script",
                "object",
                "media",
                "frame",
                "font",
                "webgl"
              ],
              "temp": false
            }
          },
          "temp": false
        }
One real question occurred to me, whilst writing all this, which I had to search my old ABE list for something that's pervasive enough to exemplify. I hope shows where I'm going with this in terms of 'how to use' / 'what should we do differently' with the new functionality.

---
Partially Blocking Specific Domains
So, I'll phrase using recaptcha as an easy example, since it's now bloody everywhere. However, I might wish to separate the 'Accept'/'Anonymize'/'Sandbox' listings from Google's other services.

If I wanted to ensure that the Google-owned recaptcha service only worked on certain sites, I needed to also preface my main google rule.

So, I would have (not my actual rule) this Google rule:

Code: Select all

### google.com containment rule
Site ^(.*)google\.com((?!recaptcha).)*$ ^(.*)gstatic\.com((?!recaptcha).)*$ .blogspot.com .gmail.com
Accept from .google.com .gstatic.com .google.co.uk .gstatic.net .googleapis.com .youtube.com .ytimg.com insertSomeSiteYouWantThatUsesSiteSearch.com
Anonymize from .startpage.com
Deny INC
Then I would have this in my Recaptcha *specific* rule:

Code: Select all

#fucking recaptcha
#https://www.google.com/recaptcha/api.js
Site .recaptcha.com .recaptcha.net .google.com/recaptcha/* .gstatic.com/recaptcha/* https://www.google.com/recaptcha/api2/
Accept from .recaptcha.com .recaptcha.net .google.com/recaptcha .gstatic.com/recaptcha ajax.googleapis.com
Anonymize from .pornhub.com .yahoo.com .fightcade.com
Deny INC
Is there a way to achieve this in the new system? Or should I edit an export, and then import it? (if so, would I use some similar tricks?)

(I appreciate that I may have some of the above wrong, and happily accept corrections! :lol: Like, I'm pretty sure that 'Anonymize' doesn't work, but worry that Sandbox from .pornhub.com would potentially group it in with yahoo and fightcade allowing big G to associate my use away from obvious IP stuff).

If no-one could follow that, then put basically: I am pretty sure that I'm essentially specifically calling out the recaptcha service for a very separate set of allowed sites. As opposed to the domains that I allow Google's to access otherwise. Doing so by *restricting* the Google rule (^(.*)google\.com((?!recaptcha).)*$) from applying itself to recaptcha.

---

Either way again, supreme congrats on getting this going in nuNoScript, it's a HUGE undertaking and I'm sure everyone is super happy and proud of you lovely lot!

And again, I'm happy to break out my question to a separate thread to be more specifically answered if you like.

Best
MMM

((( incidentally the linked changelog - https://classic.noscript.net/abe/changelog - appears to be blank, and removing the 'classic' redirects to the abe page )))
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
barbaz
Senior Member
Posts: 10841
Joined: Sat Aug 03, 2013 5:45 pm

Re: nuABE (the quickening) - FAQs?

Post by barbaz »

ABE has not yet returned to NoScript. The LAN protection and per-site permissions features referenced in that blog are only being compared to ABE, because in NoScript Classic the only way to achieve those things was to use ABE.

NoScript does not currently have the functionality required to implement the ABE rules you wrote.

To answer your 4 questions:

1) I guess it's sort of like INC that can only apply to the specific types listed, where checked is like Accept and un-checked is like Deny.

2) Not quite sure I understand the question? Image
Guessing what you mean: This new feature is part of the script blocking feature, unlike ABE which was a separate component. I don't think this requires you doing anything differently.

3) No.

4) I don't know. There are at least these threads requesting some -
viewtopic.php?f=7&t=26551
viewtopic.php?f=7&t=26549
*Always* check the changelogs BEFORE updating that important software!
-
Mad_Man_Moon
Senior Member
Posts: 75
Joined: Fri Oct 27, 2017 12:02 pm

Re: nuABE (the quickening) - FAQs?

Post by Mad_Man_Moon »

Heh, cheers, @barbaz, those were just examples (as you saw - and responded - the real meat was later), but I think I'll have to shelve this thread for a future date. :mrgreen:

I'll resist trying to convert all my old ABEs over. ;-)

I mean, this thread will hopefully be useful one day, though! XD
Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Post Reply