InformAction Forums

E.g.
http://www.heise.de/newsticker/meldung/ ... 01362.html

The video requires amazonaws but that domain is not in the list.

I can allow blocked objects from that domain or a specific object (I'd expect the video player) but that does nothing.

The only way to get the video player is to allow scripts globally (dangerous) and then allow amazonaws (which finally shows up in the list).


I wrote "e.g." because this applies to a quite a few domains (both viddler and vimeo embeds are particular crapshots) and frankly your plugin is now worse than scriptno for Chrome which does not have these issues.

I have www.heise.de allowed, I click the play arrow, I open the blocked objects menu, allow video/webm@[…]amazonaws.com, reload and click the play arrow again. This way it plays for me.

Here there's not even a play arrow.

The same with disqus comments on engadget and others.

On Firefox 15, only in RequestPolicy menu does amazonaws show at first. I allow that; also, ivvbox.

Of the "blocked objects", the one at the top of that sub-menu did not seem to work, but the third one in the next group did.

Starting over, if the Request Policy permissions are given first, then upon temp-allowing heise.de, an entry shows in Recently Blocked Sites,

http://eu-heiseonline-video.s3.amazonaws.com

Click that, and the video loads and plays without any "Blocked Objects" being needed.

It is another annoying multiple page-refresh issue, as described in Sticky Post, Why must I "Temporarily allow all this page" REPEATEDLY?

frankly your plugin is now worse than scriptno for Chrome which does not have these issues.

Because it does not provide anywhere near the same level of protection.
The Web has become more complex, as have browsers, plugins, etc. So, more complex tools are needed to protect us from more complex threats, and we need to take a bit of time to protect ourselves.

You have two choices:
1) Accept inferior protection, and become victim of these complex threats;
2) Be grateful that you have a free tool to protect you from them, with free support by volunteers such as dhouwn and Your Humble Servant.

Please do not insult the product before giving us the chance to help you with your issue. Thank you.

I'll just note that amazonaws.com does not show up until you press the Play arrow.
So you'll need to press it at least once (whereupon you get a <misleading> "The requested file does not exist." message), before amazonaws shows in the Blocked Objects menu.

Not sure why you're not seeing the arrow?

Tom T. wrote: Because it does not provide anywhere near the same level of protection.

It provides more protection because you don't have to allow all scripts to get most modern sites to work, e.g. comments on slate.

It's like passwords. Better the insecure pw you remember than the complex alphanumeric sequence on a post-it on your display.

Guest wrote:

Tom T. wrote: Because it does not provide anywhere near the same level of protection.

It provides more protection because you don't have to allow all scripts to get most modern sites to work, e.g. comments on slate.

Slate is just a horribly, horribly designed site, one of the worst examples of what was described in sticky post previously mentioned,
Why must I "Temporarily allow all this page" REPEATEDLY?
My most frequently-visited sites (webmail, banking, etc.) are whitelisted, and that is that. All third-party scripting remains denied.

At most sites visited for the first time, it takes only a couple of "temporarily allow", then you can decide to whitelist permanently, should you wish.

Still, if you can't be bothered, run NoScript in Globally Allowed mode (NoScript Options > General), then blacklist sites you do not wish ever to allow, such as perhaps some of those listed here. You will still have protection that ScriptNo does not offer, such as the world's best XSS and Clickjacking protections, ABE's default protection against CSRF and attacks on your LAN, ability to default-block other embeddings, including the repeatedly-exploited WebGL, etc.

It's like passwords. Better the insecure pw you remember than the complex alphanumeric sequence on a post-it on your display.

Even better is a complex alphanumeric sequence *plus* keyboard characers like @#$%^, conveniently and securely stored in a local database by Password Safe. Then you need memorize only *one* master password, which can be a memorable acronym, a Diceware phrase, or anything that you can remember, but no one else could possibly guess.

Guest wrote:It's like passwords. Better the insecure pw you remember than the complex alphanumeric sequence on a post-it on your display.

Is it really better? Microsoft's security expert Jesper Johansson disagrees.

dhouwn wrote:

Guest wrote:It's like passwords. Better the insecure pw you remember than the complex alphanumeric sequence on a post-it on your display.

Is it really better? Microsoft's security expert Jesper Johansson disagrees.

Better the strong password that you can easily remember, saved in an encrypted password database as a backup.