[conspire] NoScript

Paul Zander paulz at ieee.org
Wed Sep 26 09:12:21 PDT 2018 

On the general topic of security.
The other day someone from high up at Microsoft was on the television talking about how AI will be used to solve many big problems, like hurricane recovery.
Asked about security, he replied that Microsoft responds as soon as it learns about a threat.  No mention of actively looking for vulnerabilities or attempting to design them out from the start.

      From: Ivan Sergio Borgonovo <mail at webthatworks.it>
 To: conspire at linuxmafia.com 
 Sent: Tuesday, September 25, 2018 11:38 PM
 Subject: Re: [conspire] NoScript
   
On 09/20/2018 07:17 PM, Paul Zander wrote:
> Someone, not on the CABAL list, asked why I use No Script and didn't it limit my access to some fancy websites.  Below is my reply.  Did I get this reasonably correct?
> 
> 
> More and more websites use javascript.  Also many of those scripts link to other websites.
> 
> Loading other websites means more web traffic.  It takes time to establish the
> links.  What is the benefit to me to load facebook or
> googlesyndication?
> 
> 
> Javascripts take up CPU cycles on my computer.  Using my resources to serve up ads I am not interested in.  After I have bought something on line, why do I want to see ads for the same stuff?
> 
> Last, and most important, once a script is running on my computer, there are too many ways the bad actors can do things I don't want.

It seems that the WebExt version of NoScript is not going to get into 
Debian. Probably because of some controversies related to the revenue 
strategies of the author.

I know people in Palermo that knows Maone personally and they say he is 
a good person with a family etc... and he has to live on something...

Being able to install noscript as a package was a major plus since I 
didn't have to have multiple copies of the same plugin for every firefox 
profile, I didn't have to rely on users (my family) upgrading it, I 
didn't have to install it on every single profile my users have etc...

When firefox was moving from xul to webext extension probably some 
preparatory changes made xul noscript stop to work with older releases 
of noscript so thet you had to install the latest noscript and Debian 
was lagging behind. Out of frustration I even decided to set up my home 
debian repository and package the newer version of noscript.

Unfortunately it seems there is no shared method adopted by debian 
packager to package firefox plugins, so that every plugin comes with a 
different script to clone the git repo, patch etc...

So I lost interest in really learning the art.

Now since there's is no more reason to prefer noscript to alternatives 
I'm starting to consider uMatrix [1] that seems a bit more granular and 
thus may require more initial setup but should let people use websites 
properly with a better compromise for security.

Firefox has some "tool" for administrators to manage configurations but 
there seems no easy way to globally install plugins and I think letting 
untrained people surf the internet without something like noscript or 
ublock is crazy.

It seems that no browser has some easy way to globally manage plugins 
and that reminds me Rick's questions "Who is the customer? What pays for 
the costs of these things?".


[1] https://addons.mozilla.org/en-US/firefox/addon/umatrix/

-- 
Ivan Sergio Borgonovo
https://www.webthatworks.it https://www.borgonovo.net


_______________________________________________
conspire mailing list
conspire at linuxmafia.com
http://linuxmafia.com/mailman/listinfo/conspire


   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://linuxmafia.com/pipermail/conspire/attachments/20180926/fa4e4eaf/attachment.html>

More information about the conspire mailing list