therube wrote:slurring Giorgio's
He's not. He's made no mention of "Giorgio". Giorgio <> JavaScript.
Whom else does NS equal? (aside from the translators, bug reports, etc.) Let's use logical dissection (Logic 101, not Computer Logic 101):
"All NS users are stupid" (see the OP)
"JS is perfectly safe" (a ludicrous statement on its face, given the hundreds of exploits and the tens of thousands of instances of such exploits)
Logically implies: "Anyone who blocks JS is stupid," (as per (1)
Logically implies: "Anyone who wastes half or more of his waking hours developing a tool to block JS is stupid, or wasting his time and his users' time and resources".
Sorry, but IF we assume that all of NC's statements are true, it logically follows that Giorgio has been a fool for wasting his time, and is hurting users with his program.
why are you defending this FIREFOX ADD-ON DEVELOPER?
I'm not. But we're beginning to sound like the AdblockPlus faithful, aren't we?
I *knew* that would come up. But the two are not related. The ABP issue involved sites interfering with each other. I don't want to open old wounds, but I don't believe Palant ever said that JS is harmless or that NS is useless. He objected to a
specific feature in NS. I don't believe GM ever said that ABP is useless or harmful in general. He objected to a
specific feature of ABP. In fact, he recommended ABP before, and now that the dust has settled, he still recommends it.
NC is telling everyone to "get a real browser", e. g., a browser without NS. That is totally different from the above, so the analogy doesn't hold.
Does he have a right under free speech to say this? Certainly. Just as I can call you an idiot (THOUGH I AM NOT). The thing is, if I call you an idiot, you can shrug it off, quit speaking to me, call me something back, whatever, but you haven't suffered any real harm, unless I specifically libel or slander you.
But NC will be doing immense harm to everyone who takes his advice. He has a free-speech right to do that. If he were a nobody, fine. *But* as an AMO-trusted add-on dev, his words will carry some weight. WP and GM eventually settled their differences, and all is well. If someone can convince NC to change his insulting page and page source language, fine. I find it unlikely. Furthermore, if he is *truly* that ignorant of the dangers of JS, one must vet everyone of his add-ons for possibly-malicious or -exploitable JS. This person has no business offering add-ons through AMO.
How about the
opinion of luntrus, who works for AV-developer Avast?:
luntrus wrote:
Well there should be a penalty for this misguiding information, because the denial of malcode is a serious offense.
Let me give an example by
reductio ad absurdum, using NC's own statements and underlying premises, and using them in an extreme example, but one that still follows his logic and premises:
Giorgio says, "If you wish to visit my site, you must disable your AV. Viruses cannot hurt you if you use NS and don't click on email attachments from unknown sources, and don't install sw from untrusted sources." (Which NC is a trusted source HAHA!) "AV is a waste of your resources and blocks your use of the Web".
Still think that's OK? Tell everyone viruses are not a threat? Is that stupider or more harmful than telling everyone that JS is not a threat? (Yes, I know that JS can be used non-maliciously, while viruses are expressly malware. --- many of them delivered by JS and other vectors blocked by NS.)
I am uninstalling Better Privacy immediately
Isn't that just what the ABP faithful said.
Yes, it is. Heinrich Himmler probably said, "Gesundheit" when someone sneezed, and so do I. So?
Continuing....
I am uninstalling NS immediately. (And why? Because it no longer works or does what I want? No, because in their holier then thou opinion, it is no longer holier then thou.
I don't expect my sw devs to be holy. I expect them to be knowledgeable. And if their tool in any way impacts on security, or could provide a security flaw (which is pretty much dang near all of them), I expect them to have at least a working awareness of the major security threats, so that they don't introduce any new ones. This is so unreasonable?
And so, you end up taking something that is beneficial to you & discard it. Why?)
It isn't all that beneficial. As mentioned in my previous post, when I first became aware of the Flash Cookie issue, I created a desktop shortcut to the Flash folder (took less than a minute). After using Flash, would open the folder and delete the objects. Two clicks and two keyboard shortcuts, or two menus. Less than ten seconds. When BP appeared, ok, does it automatically, why not? When I started using Sandboxie 100%, BP became somewhat redundant. In the safest config, the sandbox is emptied every time the browser is closed, or can be manually emptied from the menu. All Flash cookies would disappear along with anything else. But maybe I'm too lazy to do that, so BP did it when I left the site.
The only other things that BP did were to block <a ping, which NS does, and to disable DOM storage, which would be good for users who don't know how to do that in about:config and aren't aware of the issue so as to learn the 30-second process to make the change. I don't need those.
So, still being lazy, I wrote a 153-byte batch file that deletes the Flash cookies in two clicks, nothing more. I might post it in Web Tech or Security. AFAIK, Flash cookies are only a privacy issue, but if anyone knows of a way that they could be exploited for security purposes, then it should go in Security. It will contain no mention of NC or this controversy, just "Here is a very small, light, simple tool to delete your Flash cookies, without using Javascript, and at 0.153k vs. 67k for Better Privacy".
Cheers.