Page 2 of 3

Re: "NoScript users are stupid!"

Posted: Sun Jun 14, 2009 12:49 pm
by Mike-RaWare
therube wrote:Hey, you want to watch a Youtube video (on Guess what, you need to enable JavaScript on two different domains to do so. I would be far more worried with youtube being hacked, then some relatively obscure netticat site out there.

Well the people YouTube doesn't call users who disable JavaScript stupid and that you need a 'browser'.

Re: "NoScript users are stupid!"

Posted: Sun Jun 14, 2009 3:25 pm
by therube
Well Comcast calls people like me, a SeaMonkey user, stupid & suggests that I change to a different browser, like FF - cough, cough.

So hell, because comcast does not know how to properly sniff a browser, & because usage of my comcast service (i.e. internet) can lead me to porn & warez & malware, & because they do not support Net Neutrality (whatever that is), & because it's cloudy outside, & because I'm having a bad hair day, I'll just call comcast & cancel service immediately.

And what does that have to do with anything. Right. Absolutely nothing.

Maybe Ingo is simply a stupid user & doesn't understand the ramifications of his statements (comments coded within some of his web pages no less - & so note that an average person would then never see). So we with our infinite wisdom should Contact him & set him on the one & only true path (whatever that is) to righteousness.

Now isn't this a ridiculous post.

Maybe would should just accept the fact that if we want to visit his webpage, & because of the way he decided to code it, we may have to change how we have our browsers configured. After all, when one clicks the "Installation" button for an extension, we want it to do what ...? Or we could decide to not visit his site all.

Re: "NoScript users are stupid!"

Posted: Sun Jun 14, 2009 9:06 pm
by GµårÐïåñ
Mike-RaWare wrote:Yes, thinking that JavaScript is the savior of the internet is really stupid and posting a link to him wasn't too smart of me either. :oops:

Just making clear that my post wasn't a dig at you. Just at the generals of ignorance and improper attention to fools.

Alan Baxter wrote:Please don't even joke about hacking someone's site here. It's not funny and reflects badly on the NoScript community.

Agreed with Alan. I might be in support of a proof of concept to shut him up and teach him but nothing like this and certainly not under the NoScript banner. Especially that Hackers have a negative stigma due to the ignorance of the public and Giorgio having been a hacker himself and other members of our panel (myself included) this will reflect badly on us and further fuel the ignorance.

Re: "NoScript users are stupid!"

Posted: Sun Jun 14, 2009 11:20 pm
by luntrus
Hi GµårÐïåñ,

I agree with you here wholeheartedly . But allow me to refer to this here (I do not like my remarks to give the suggestion of being off-topic) - this is a common reaction you find with trolls and in trolling, and in a sense we could find some characteristics here that are typical for the conduct of a troll, and then you warn for it here, you see that users here fall for this trap - react, get angry, feel annoyed and that is what the troll wants, he laughs there in his virtual surroundings, because he does not have to react and is rewarded for his trolling. The best advice given in this thread then (and also by you) is to give it no attention, best way of action to trolls is "Do not feed the troll!" So I think the man that comes up with the credo: "NoScript users are stupid" is just somebody who wants attention, no more no less, and the contents of what he has to say can be considered void if there is no reply or no reaction. Can you agree with this view in some sense?


Re: "NoScript users are stupid!"

Posted: Sun Jun 14, 2009 11:45 pm
by GµårÐïåñ
I am going to operate on the good faith principle that the OP, Mike-RaWare, did not intend to troll or provide attention for himself. I am operating on the benefit of a doubt that he observed something and reported it here (hence the quotations in the title) and although I feel it was an unwise attention given to an apparently ignorant point of view, this is a place to share and discuss matters.

However, I do not condone or feel that adverse reactions or behavior would be indicative of our more mature user base and we should strive to tolerate the ignorant and hopefully lead by example to educate them or all else fails, leave them to their own vice to learn by their own experience. That being said, I would like to see less of these posts that bring attention to someone's minority and ignorant views unless it pertains directly to function or reputation of NoScript.

As a supposed extension developer, I expect more from this person but to each their own. He has alot of extensions, most of them rather useless, some ok but ultimately he spends more time playing with kitty animation on the site (hence the need for js) and provides little to no support when contacted, assuming he replies to you, its usually offensive, insulting and somehow like his better than you. I choose to ignore people like this and let them be, everyone is entitled to being a dick. We saw this with the whole ABP fiasco that maturity is subjective and credibility an even bigger premium with people who can hide behind the shades of anonymity and spew whatever their heart desires. Some battles are worth fighting and some are just distractions to the bigger goal of providing an invaluable service.

That's why in all my years, my usernames, aliases, handles, screen names, and avatars have been distinct as to allow people to know they are indeed dealing with me, I consider it a matter of honor to say what I say and have everyone know it was ME who said it, backlash or not; after all if you can't own what comes out of your mouth, then its not worth coming out.

Re: "NoScript users are stupid!"

Posted: Mon Jun 15, 2009 2:20 am
by Tom T.
therube wrote:
slurring Giorgio's

He's not. He's made no mention of "Giorgio". Giorgio <> JavaScript.

Whom else does NS equal? (aside from the translators, bug reports, etc.) Let's use logical dissection (Logic 101, not Computer Logic 101):
"All NS users are stupid" (see the OP)
"JS is perfectly safe" (a ludicrous statement on its face, given the hundreds of exploits and the tens of thousands of instances of such exploits)
Logically implies: "Anyone who blocks JS is stupid," (as per (1)
Logically implies: "Anyone who wastes half or more of his waking hours developing a tool to block JS is stupid, or wasting his time and his users' time and resources".

Sorry, but IF we assume that all of NC's statements are true, it logically follows that Giorgio has been a fool for wasting his time, and is hurting users with his program.
why are you defending this FIREFOX ADD-ON DEVELOPER?

I'm not. But we're beginning to sound like the AdblockPlus faithful, aren't we?

I *knew* that would come up. But the two are not related. The ABP issue involved sites interfering with each other. I don't want to open old wounds, but I don't believe Palant ever said that JS is harmless or that NS is useless. He objected to a specific feature in NS. I don't believe GM ever said that ABP is useless or harmful in general. He objected to a specific feature of ABP. In fact, he recommended ABP before, and now that the dust has settled, he still recommends it.

NC is telling everyone to "get a real browser", e. g., a browser without NS. That is totally different from the above, so the analogy doesn't hold.
Does he have a right under free speech to say this? Certainly. Just as I can call you an idiot (THOUGH I AM NOT). The thing is, if I call you an idiot, you can shrug it off, quit speaking to me, call me something back, whatever, but you haven't suffered any real harm, unless I specifically libel or slander you.

But NC will be doing immense harm to everyone who takes his advice. He has a free-speech right to do that. If he were a nobody, fine. *But* as an AMO-trusted add-on dev, his words will carry some weight. WP and GM eventually settled their differences, and all is well. If someone can convince NC to change his insulting page and page source language, fine. I find it unlikely. Furthermore, if he is *truly* that ignorant of the dangers of JS, one must vet everyone of his add-ons for possibly-malicious or -exploitable JS. This person has no business offering add-ons through AMO.

How about the opinion of luntrus, who works for AV-developer Avast?:
luntrus wrote:Well there should be a penalty for this misguiding information, because the denial of malcode is a serious offense.

Let me give an example by reductio ad absurdum, using NC's own statements and underlying premises, and using them in an extreme example, but one that still follows his logic and premises:

Giorgio says, "If you wish to visit my site, you must disable your AV. Viruses cannot hurt you if you use NS and don't click on email attachments from unknown sources, and don't install sw from untrusted sources." (Which NC is a trusted source HAHA!) "AV is a waste of your resources and blocks your use of the Web".

Still think that's OK? Tell everyone viruses are not a threat? Is that stupider or more harmful than telling everyone that JS is not a threat? (Yes, I know that JS can be used non-maliciously, while viruses are expressly malware. --- many of them delivered by JS and other vectors blocked by NS.)
I am uninstalling Better Privacy immediately

Isn't that just what the ABP faithful said.

Yes, it is. Heinrich Himmler probably said, "Gesundheit" when someone sneezed, and so do I. So?
I am uninstalling NS immediately. (And why? Because it no longer works or does what I want? No, because in their holier then thou opinion, it is no longer holier then thou.

I don't expect my sw devs to be holy. I expect them to be knowledgeable. And if their tool in any way impacts on security, or could provide a security flaw (which is pretty much dang near all of them), I expect them to have at least a working awareness of the major security threats, so that they don't introduce any new ones. This is so unreasonable?
And so, you end up taking something that is beneficial to you & discard it. Why?)

It isn't all that beneficial. As mentioned in my previous post, when I first became aware of the Flash Cookie issue, I created a desktop shortcut to the Flash folder (took less than a minute). After using Flash, would open the folder and delete the objects. Two clicks and two keyboard shortcuts, or two menus. Less than ten seconds. When BP appeared, ok, does it automatically, why not? When I started using Sandboxie 100%, BP became somewhat redundant. In the safest config, the sandbox is emptied every time the browser is closed, or can be manually emptied from the menu. All Flash cookies would disappear along with anything else. But maybe I'm too lazy to do that, so BP did it when I left the site.

The only other things that BP did were to block <a ping, which NS does, and to disable DOM storage, which would be good for users who don't know how to do that in about:config and aren't aware of the issue so as to learn the 30-second process to make the change. I don't need those.

So, still being lazy, I wrote a 153-byte batch file that deletes the Flash cookies in two clicks, nothing more. I might post it in Web Tech or Security. AFAIK, Flash cookies are only a privacy issue, but if anyone knows of a way that they could be exploited for security purposes, then it should go in Security. It will contain no mention of NC or this controversy, just "Here is a very small, light, simple tool to delete your Flash cookies, without using Javascript, and at 0.153k vs. 67k for Better Privacy".


Re: "NoScript users are stupid!"

Posted: Mon Jun 15, 2009 2:27 am
by Tom T.
@luntrus and Guardian:
I think you two are talking about two different people as "trolls". luntrus was calling NC and his site a troll. I believe Guardian misinterpreted that luntrus was calling OP a troll, which he most *definitely* is not.

However, luntrus, my friend, this time I must disagree with you that ignoring NC is best. A troll makes a post at a forum and leaves. NC is many levels above that: a web site and a *trusted AMO developer". Please see your quote in my above post that denying the existence of malcode is a serious offense to the net community. Someone in his position spouting such dangerous nonsense cannot be ignored, as your first post said. At the very least, he should lose his AMO standing, then he can say whatever he wants and offer whatever tools he wants, just like any other foolish or malicious person who can afford web hosting and can write sw. But he will not have Mozilla behind him.


Re: "NoScript users are stupid!"

Posted: Mon Jun 15, 2009 2:57 am
by GµårÐïåñ
If I was wrong in what luntrus meant, I am sorry but given he referenced the title of the post, I assumed he meant the OP. That was a small portion of my reply anyway, the rest still hold. One other thing to add, what a developer says in his source code, however ignorant it may be, is not officially public (although anyone can look at a source) and therefore cannot be held against them as a public statement. Although, there is alot that can be inferred from the statements that are displayed which are just as ignorant.

It seems that one point, these comments were part of the displayed text and was later commented out showing this person obviously doesn't have the courage to stick to their convictions. Another reason why not to take this person seriously, because if they can't bravely defend their position and must resort to hiding it and passively asserting it, then they either don't believe it or have not backbone to defend it.

Code: Select all

<!--<p><b>Javascript disabled? Using an addon that turns the web into a torture?</b><br>
Well, for sure, so you're surfin' 125% safer than anyone else ;-)<br>
Seriously: If you believe that javascript is a threat, then you are not well informed about browser security.<br>
... and anyway, experience showed that most users re-enable script: So why the effort in trying to disable it?<br>
<p><font size="-2">A little hint to improve your web experience. Web technology is used to make your life easier</font></p>

Re: "NoScript users are stupid!"

Posted: Mon Jun 15, 2009 3:51 am
by Tom T.
If anyone can look at it, legally, then it's officially public. Like your property taxes and their payment record, or the mortgages on your home.

I agree with his lack of courage to post what he hides in his code, but that is not reason to ignore him. It is all the more reason to disown him from AMO - he is not only ignorant of security, but a coward who sneaks in ignorant and insulting comments. But what is visible is enough. Fx with NS is not a "real" browser? Then go somewhere else besides Fx/AMO.

Re: "NoScript users are stupid!"

Posted: Mon Jun 15, 2009 12:07 pm
by luntrus
Well TomT & GµårÐïåñ,

This discussion of ours is shedding some light on the matter at hand and we can sit back and think about the consequences.
Another aspect of it is "Why do we see this as a growing more general attitude?" As a malware fighter and helper at the virus and worms section of the avast web forum we see a new trend developing users that find all sort of excuses not to use malware protection whether it is an active two way software firewall (yes and they have no alternate protection of a router in this case), no resident av solution, at best some on the fly non-resident scanning, and certainly no multi-layered anti-malware protection installed on the OS.
The excuses may vary - too heavy on the cycles, a malware infection is for others, not for me, and a thousand other reasons.
But the main thing is we see this trend more and more and why interpreting a hjt logfile we see that there is no active firewall running, third party software not updated etc. etc. even in a lot of cases no Service-packs installed. Has this new trend also influenced the author of "NoScript users are stupid" in his convictions, so this could be part of a i.m.h.o. new dangerous general trend to surf in the nude and where this opinion was fed (here in this case?) Question(s) where I certainly like you to give your views on?


Re: "NoScript users are stupid!"

Posted: Mon Jun 15, 2009 2:41 pm
by therube
Well you know I surf naked, literally & figuratively ----------------------------------------------------------------------------------->

Either MS Firewall or an old version of ZoneAlarm, & the NAT firewall in my router.
SeaMonkey, NoScript & thats it.

Now. How about we start investigating EVERY extension listed on AMO (lets call it a witch hunt) & any that don't me our "standards" (which I would think would be EVERY extension) we should see about getting de-listed.

And tomorrow we can all start using Chrome.

Don't you think we should invite Ingo into this discussion? Maybe he can put things into perspective for you all.

Re: "NoScript users are stupid!"

Posted: Mon Jun 15, 2009 5:28 pm
by Alan Baxter

Re: "NoScript users are stupid!"

Posted: Tue Jun 16, 2009 2:32 am
by Tom T.
therube wrote:Well you know I surf naked, literally & figuratively -
TMI! :shock:
Now. How about we start investigating EVERY extension listed on AMO (lets call it a witch hunt) & any that don't me our "standards" (which I would think would be EVERY extension) we should see about getting de-listed.

I believe you're misreading the issue. It isn't that NC's extensions "don't meet our standards". I was using Better Privacy, until coming up with my own replacement which does the same thing in 1/1000th the space.
The issue is that he's spreading dangerous disinformation about the innocuousness of JS, encouraging people to uninstall NS and allow JS globally, etc. That isn't "against our standards", it's an offense against the entire Internet community. Having the sanction of AMO gives this dangerous crap far more credibility.

If any other AMO dev did the same, yes, we should object.
Don't you think we should invite Ingo into this discussion? Maybe he can put things into perspective for you all.

Who's Ingo?

@luntrus: IMVHO, part of the motivation is web site owners who don't want you to block their *and their advertisers'* scripts etc. So they tell people it's ok, no risk. At a board that is not at all cumputer-related, just entertainment, somebody mentioned that a linked site loaded spyware. I mentioned NS as part of making it safe to visit that site without harm. Every time I've mentioned NS, the admin has deleted the post. He doesn't want NS used at *his* site.

Part of it is a younger generation reared with TV sets in their cribs (known to cause changes in brain development) who have ADD and need constant sensory stimulation. A book is too dull, because there are no dancing frogs running around the page. In my objections to F3 at MZ forum, one user responded that F2 was "dull". Uh Dude, ... it's the *site* that's supposed to entertain and/or inform you, not the browser. The browser is just a tool to get you there. Go someplace that you find interesting, then the browser doesn't have to have gold stars like you got from your third-grade teacher.

Also, as you've mentioned before, luntrus, younger people have less desire for privacy, and freely reveal intimate details of their lives on Facebook, etc. Perhaps they are confusing privacy with security, though the two overlap in places. If you want to tell everyone in the world about last night's date and the drugs you took, fine. But keep your browser secured, and *don't put your birth date in your profile*, as one of my younger relatives did. I "explained", and she removed it promptly. Anyway, the whole attitude is changing. If you don't care about your privacy, fine, but don't let your machine become botnetted or your bank account and identity stolen.

Perhaps schools should teach "safe hex". It's certainly a major part of life, and becoming more and more so.


Re: "NoScript users are stupid!"

Posted: Tue Jun 16, 2009 4:07 am
by therube

Ingo Krüger the author of your aforementioned (& now not used) extension?

Lets see. I go to his "scripts" page, & I see (emphasis mine):
Warning: You disabled Javascript - In order to use all page functions it is recommended to re-enable Javascript!

I go to his "extensions" page & I see (oh my, such language :roll:):
You need a browser to access those sites!

Choose a browser here (What is a browser?):
Get Firefox
Get Opera
Get Internet Explorer

The following sites are powered by Java-Script and CSS

The nerve of him, not including SeaMonkey on his list!

Well NOW I'M PUT OFF! Lets call in the troops.

Now damn if I'm going to let him get the best of me. I'm enabling JavaScript - SO THERE.

This site uses cookies, LSO's and javascript

Then he gives further details on this. Humphf!

In this article, How to correctly measure Firefox memory consumption, (which you don't need JavaScript to read & the contents of which I might take issue with) someone noted back in 2008 ...

people been w2ondering why you dont put contact details for your mozilla add ons people dont know how to report bugs and give feedback, could you please go back to each of them and add some details for this site and contact details please.

And guess what? At some point, he must have put contact information on his board so that one can report bugs & give feedback. Geez. Whats the world coming too?

*and their advertisers'*

Are there ANY ads on his site? I don't see any. (Maybe I'm missing them?) He has a few innocuous looking links, like - how dare him.

Could his site be harboring malware? Well couldn't ANY site be harboring malware. Of course.
Don't we use NoScript. Isn't that the idea - we do! So we go there & something doesn't work or is "blocked" from us. So we make a decision. DO YOU FEEL LUCKY, PUNK! If so, we enable JavaScript & things work. If we get a bad vibe, we say, CYA ***.

*** I thought I was going to see Bambi. Instead I see this:

Code: Select all!flashvars#configURL=;DM51030813MR38EN3;DM5103083LCA38EN3&oAccount=disneycom&oCategory=dcore&oSite=dcom&oSiteSection=&oPageName=home&oContentType=homepage&oHCSCustVar=dcom_home&oProperty=


How did all this nonsense start?

Re: "NoScript users are stupid!"

Posted: Tue Jun 16, 2009 6:05 am
by Tom T.
therube wrote:I go to his "extensions" page & I see (oh my, such language :roll:)

If you *read* the thread, you'll see that the issue was what was in his Source comments -- which presumably either were in the page at one time, or were intended to be, but in any event, reveal his attitude and terrible misinformation about js and security in general.

I'm not going to spend any more time on this debate. You think he's fine, cool.