Want to talk about NoScript? Post here. Topic is solved

General discussion, compatibility and contributed extensions.

Moderators: satrow, Lootyhoof, FranklinDM

BenFenner
Fanatic
Fanatic
Posts: 151
Joined: 2015-06-01, 12:52
Location: US Southeast

Re: Should NoScript be considered malware?

Unread post by BenFenner » 2018-09-20, 14:28

I hesitate to reply to the above post, because I don't want to give it any credibility.

Clearly prosecco, you don't know what malware is. And you clearly haven't followed the situation with NoScript and PaleMoon. Please get your facts straight before making such accusations.
Last edited by BenFenner on 2018-09-20, 14:48, edited 3 times in total.

User avatar
New Tobin Paradigm
Off-Topic Sheriff
Off-Topic Sheriff
Posts: 6182
Joined: 2012-10-09, 19:37
Location: Sector 001

Re: Should NoScript be considered malware?

Unread post by New Tobin Paradigm » 2018-09-20, 14:29

It is not considered malware. No one has ever said that. It is however known to specifically cause issues with software it was not specifically designed to work with and for us a support nightmare.

Please don't try making threads about such nonsense again and please keep all noscript discussion in the noscript megathread.

{Moderator note: threads merged}
Last edited by Moonchild on 2018-09-20, 14:34, edited 2 times in total.
Image
- Old and insecure for legitimate and reasonable purposes. -
http://binaryoutcast.com/ | http://thereisonlyxul.org/ | Freenode #binaryoutcast

User avatar
prosecco
Apollo supporter
Apollo supporter
Posts: 33
Joined: 2018-09-17, 16:45

Re: Should NoScript be considered malware?

Unread post by prosecco » 2018-09-23, 15:16

prosecco wrote:https://forum.palemoon.org/viewtopic.php?f=46&t=17619

It seems to me the measures earnestly advised by Moonchild seem to suggest we are in fact dealing with a full-fledged malware.

It is a shame having to use this word for an extension which has proven needed and useful for years and which has been so well maintained, isn't it?

But the fact is (this is what I assume anyway, trusting Moonchild's assessment) NoScript seems to very often behave like malware, causing numerous problems.

Did its maintainer ever reply to Moonchild's post?
In fact I posted this as its separate thread (Should NoScript be considered malware?), but apparently it was incorporated into this thread.
Last edited by prosecco on 2018-09-23, 15:17, edited 1 time in total.

User avatar
prosecco
Apollo supporter
Apollo supporter
Posts: 33
Joined: 2018-09-17, 16:45

Re: Should NoScript be considered malware?

Unread post by prosecco » 2018-09-23, 15:19

BenFenner wrote:I hesitate to reply to the above post, because I don't want to give it any credibility.

Clearly prosecco, you don't know what malware is. And you clearly haven't followed the situation with NoScript and PaleMoon. Please get your facts straight before making such accusations.
Excuse me?

No need to get hostile.

If you don't agree, provide arguments, state facts and data rather than use terms like "accusations".

I think I made perfectly clear why I was using the term "malware".

User avatar
prosecco
Apollo supporter
Apollo supporter
Posts: 33
Joined: 2018-09-17, 16:45

Re: Should NoScript be considered malware?

Unread post by prosecco » 2018-09-23, 15:22

New Tobin Paradigm wrote:It is not considered malware. No one has ever said that. It is however known to specifically cause issues with software it was not specifically designed to work with and for us a support nightmare.

Please don't try making threads about such nonsense again and please keep all noscript discussion in the noscript megathread.

{Moderator note: threads merged}
"No one has ever said that."

I never said or implied that anyone ever said NoScript is malware. Please respond to what I actually SAID.

And last but not least: I don"t need your putdowns. Keep your bickering for other people. I am just a Pale Moon user and a participant to this forum, not whatever it is you imagine I am.

In short, very disappointing reply, as usual!
Last edited by prosecco on 2018-09-23, 15:23, edited 1 time in total.

User avatar
JoeyG
Lunatic
Lunatic
Posts: 352
Joined: 2017-06-12, 13:27
Location: How can you be in two places at once when you're not anywhere at all?

Re: Want to talk about NoScript? Post here.

Unread post by JoeyG » 2018-10-05, 22:26

Though I guess some people won't share my exuberance, I'm happy to see that Giorgio Maone has apparently changed his mind about support for browsers besides Fx. He had previously announced that v. 5.1.7 would be the last for PM, Basilisk, and others, but I just got v. 5.1.9. of "NoScript Classic". :mrgreen:

His website now says,
You can still download NoScript "Classic" (5.1.9) for Palemoon, Seamonkey, Waterfox and possibly other "vintage" (pre-Gecko 57) Firefox forks here: we'll do our best to provide security fixes as long as supporting browser still guarantee their own security updates.
Bye-bye Firefox.
---------------------
Pale Moon x64 - 28.7.2 & 28.8.0a1 (portable/unstable - 2019.11.12) / Basilisk x64 - 2019.10.31 / Win7 SP1 x64 (English) / Lenovo S20, Xeon X5670, 12gb RAM / NEC PA272W on Matrox C420 / NEC SpectraView 241 and PA241W on Matrox M9120. Also using MyPal on a WinXP machine. Thanks to the devs.

User avatar
Pale Moon Rising
Knows the dark side
Knows the dark side
Posts: 3382
Joined: 2015-10-06, 16:59
Location: Los Angeles CA USA

Re: Want to talk about NoScript? Post here.

Unread post by Pale Moon Rising » 2018-10-06, 02:31

^ Just updated to v. 5.1.9 -- thanks for the heads-up! :thumbup: (Oh -- and that's good news about NS support continuing)
Last edited by Pale Moon Rising on 2018-10-06, 02:32, edited 1 time in total.
Current Pale Moon(x86) Release | WIN10 | I5 CPU, 1.7 GHz, 6GB RAM, 500GB HD w/ 20GB SSD

Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers

Knowing Pale Moon is indisputably #1 is defined by knowing the totality of browsers. - Pale Moon Rising

Nightbird
Fanatic
Fanatic
Posts: 218
Joined: 2016-07-18, 21:12

Re: Want to talk about NoScript? Post here.

Unread post by Nightbird » 2018-10-07, 23:07

JoeyG wrote:Though I guess some people won't share my exuberance, I'm happy to see that Giorgio Maone has apparently changed his mind about support for browsers besides Fx. He had previously announced that v. 5.1.7 would be the last for PM, Basilisk, and others, but I just got v. 5.1.9. of "NoScript Classic". :mrgreen:

His website now says,
You can still download NoScript "Classic" (5.1.9) for Palemoon, Seamonkey, Waterfox and possibly other "vintage" (pre-Gecko 57) Firefox forks here: we'll do our best to provide security fixes as long as supporting browser still guarantee their own security updates.
Thanks JoeyG for this news.
and
thanks Giorgio Maone of course.

but
what's happened here :think:
https://forums.informaction.com/viewtop ... 66a70b804b
Diversity is key.

User avatar
Lootyhoof
Themeist
Themeist
Posts: 1292
Joined: 2012-02-09, 23:35
Location: United Kingdom

Re: Want to talk about NoScript? Post here.

Unread post by Lootyhoof » 2018-10-07, 23:51

Nightbird wrote:what's happened here
It's exactly as it appears.

User avatar
JoeyG
Lunatic
Lunatic
Posts: 352
Joined: 2017-06-12, 13:27
Location: How can you be in two places at once when you're not anywhere at all?

Re: Want to talk about NoScript? Post here.

Unread post by JoeyG » 2018-10-08, 16:43

Nightbird wrote:... but what's happened here ...
The PM folks were consistent, which I think is fine.

By the way, I've just made a (small :oops:) donation to Giorgio for his ongoing support for the PM browser family. I think it would be nice if other people could do the same.

Of course a donation to PM every now and again is also a good idea.
Last edited by JoeyG on 2018-10-08, 16:56, edited 1 time in total.
Bye-bye Firefox.
---------------------
Pale Moon x64 - 28.7.2 & 28.8.0a1 (portable/unstable - 2019.11.12) / Basilisk x64 - 2019.10.31 / Win7 SP1 x64 (English) / Lenovo S20, Xeon X5670, 12gb RAM / NEC PA272W on Matrox C420 / NEC SpectraView 241 and PA241W on Matrox M9120. Also using MyPal on a WinXP machine. Thanks to the devs.

Lew Rockwell Fan
Fanatic
Fanatic
Posts: 174
Joined: 2017-06-14, 15:20

Re: Want to talk about NoScript? Post here.

Unread post by Lew Rockwell Fan » 2018-10-09, 05:17

ketmar wrote: . . . since when humanity started to loosing ability to get harmless (yet maybe somewhat edgy) jokes?
Hard to say, since it came on gradually, but I think I first noticed it as a definite trend in the oughts. I think it might be something in the water, or maybe just the drugs, I dunno. And the, ahem . . . funny thing is, there are probably people who will read this and totally not get the humor, and others who will totally not get the seriousness.

Anyway, may I ask about uMatrix compared to NS and some others here, since uMatrix has been touted here? NS has always been a total %$#@W to set up and get running right, and once you break it you pretty much have to retrieve your backup profile you made before installing it, so I'd welcome a better way.

Can NoScript fans point to anything it can do that uMatrix can't?

How does uMatrix compare to the other extensions with similar names, particularly uBlock Origin? Can they all do the same things?
Last edited by Lew Rockwell Fan on 2018-10-09, 05:20, edited 1 time in total.
"To attempt to silence a man is to pay him homage, for it is an acknowledgement that his arguments are both impossible to answer and impossible to ignore." - John Bryant

coffeebreak
Board Warrior
Board Warrior
Posts: 1914
Joined: 2015-09-26, 04:51
Location: U.S.

Re: Want to talk about NoScript? Post here.

Unread post by coffeebreak » 2018-10-09, 09:36

Lew Rockwell Fan wrote:anything it can do that uMatrix can't?

Specific protection against cross-site scripting attacks and clickjacking.
Lew Rockwell Fan wrote:How does uMatrix compare to the other extensions with similar names, particularly uBlock Origin?
"Similar names" - same developer.

Starting with a personal view: Nothing, no amount of posted opinion, can replace just installing these extensions and spending time using them and reading the wikis.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

uMatrix (uM wiki; most recent xul version, 1.1.4, or see thread on building from newer source):
It blocks or allows categories of requests (cookie | css | image | media | script | XHR | frame) on sites that you designate.

What it has that uBO lacks:
Some cookie management function; and it has some privacy settings that uBO lacks.
Also, v1.1.4 (and earlier) can spoof headers and user agents. Note: UA spoofing was removed in v1.1.14 based on the assessment that this task would be better performed by a dedicated extension.

uBlock Origin (uBO wiki; current xul version, 1.16.4.4):
It's both an adblocker and general purpose "wide-spectrum" blocker (see overview of what it blocks here).
The more general blocking function requires being in advanced mode.

Two things uBO has that uM doesn't: 1) cosmetic filtering (same as ABP-family element hiding function); 2) ability to block or allow individual requests - so eg., scripts from site.B are blocked on site.A, but you can still allow some specific script from site.B even though the others are blocked.

Off-topic:
Lew Rockwell Fan wrote:
ketmar wrote: . . . since when humanity started to loosing ability to get harmless (yet maybe somewhat edgy) jokes?
Hard to say...

This thing you quoted is from five months ago (whoever wants to see it in context, see pg 7 of this thread) -
(it concerned some users' reactions to some language in the release notes for PM 27.9.2, released 2018-05-18).
I'm kind of perplexed about what this quote has to do with anything else in your post. Just sayin'.

User avatar
Pale Moon Rising
Knows the dark side
Knows the dark side
Posts: 3382
Joined: 2015-10-06, 16:59
Location: Los Angeles CA USA

Re: Want to talk about NoScript? Post here.

Unread post by Pale Moon Rising » 2018-10-09, 15:26

^ Follow-up:
coffeebreak wrote:
Lew Rockwell Fan wrote:anything it can do that uMatrix can't?

Specific protection against cross-site scripting attacks and clickjacking.
Besides the 2 protections referenced above, NoScript also provides ABE protection ("Application Boundaries Enforcer" that protects against CSRF [Cross-site request forgery] and internet-to-intranet attacks) a level of security that some financial sites notoriously ignore and something I personally use among the other two security protections mentioned. And besides these protections there are dozens of parameters that can be set to restrict website structural functions (i.e. website embedding etc.) via NS's multiple options settings windows as well. All functions that other security add-ons mentioned here do not offer as far as I'm aware.
Last edited by Pale Moon Rising on 2018-10-09, 15:28, edited 1 time in total.
Current Pale Moon(x86) Release | WIN10 | I5 CPU, 1.7 GHz, 6GB RAM, 500GB HD w/ 20GB SSD

Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers

Knowing Pale Moon is indisputably #1 is defined by knowing the totality of browsers. - Pale Moon Rising

ron_1
Moon Magic practitioner
Moon Magic practitioner
Posts: 2043
Joined: 2012-06-28, 01:20

Re: Want to talk about NoScript? Post here.

Unread post by ron_1 » 2018-10-10, 00:40

The ABE feature broke quite a few websites for me, which is why I finally dumped NoScript.

User avatar
Pale Moon Rising
Knows the dark side
Knows the dark side
Posts: 3382
Joined: 2015-10-06, 16:59
Location: Los Angeles CA USA

Re: Want to talk about NoScript? Post here.

Unread post by Pale Moon Rising » 2018-10-10, 01:50

helloimustbegoing wrote:The ABE feature broke quite a few websites for me, which is why I finally dumped NoScript.
Rulesets need to be created to use (fix) trusted sites that you visit on a regular basis that break the rules:
As  you can see I have numerous rulesets for sites as a result of using ABE to make exceptions for sites that I trust and use on a regular basis.
As you can see I have numerous rulesets for sites as a result of using ABE to make exceptions for sites that I trust and use on a regular basis.
The important thing is that while specific rulesets might be needed to use websites you feel you can trust and use on a regular basis -- you remain protected as far as any website you might visit that you are not familiar with that could be a potential security threat. Unfortunately, staying protected is never convenient! ;)
Current Pale Moon(x86) Release | WIN10 | I5 CPU, 1.7 GHz, 6GB RAM, 500GB HD w/ 20GB SSD

Good judgment comes from experience and a lot of that comes from bad judgment. - Will Rogers

Knowing Pale Moon is indisputably #1 is defined by knowing the totality of browsers. - Pale Moon Rising

User avatar
therube
Board Warrior
Board Warrior
Posts: 1101
Joined: 2018-06-08, 17:02

Re: Want to talk about NoScript? Post here.

Unread post by therube » 2018-10-10, 02:20

The ABE feature broke quite a few websites for me, which is why I finally dumped NoScript.
By default, there is only 1 ABE rule enabled.
So if ABE breaks websites for you, then it was your doing that did the breaking.


If NoScript was to complicated, too confusing, too much trouble... that's different, but it was not ABE.

ron_1
Moon Magic practitioner
Moon Magic practitioner
Posts: 2043
Joined: 2012-06-28, 01:20

Re: Want to talk about NoScript? Post here.

Unread post by ron_1 » 2018-10-10, 02:31

Then it was something else that broke it, and it was not my doing. All I know is that even when I enabled all scripts, some sites still wouldn't work. I had to totally disable NS to get those sites working. And I used a "stock" install. The only one thing I did was add a clearclick exception for my son's online school website (which was not one of the sites that broke). There's a reason why MC did what he did in regards to NoScript.

EDIT
And it wasn't too confusing for me. I had used it for years with no troubles, until recently.
Last edited by ron_1 on 2018-10-10, 02:32, edited 1 time in total.

User avatar
therube
Board Warrior
Board Warrior
Posts: 1101
Joined: 2018-06-08, 17:02

Re: Want to talk about NoScript? Post here.

Unread post by therube » 2018-10-10, 02:45

clearclick
Enabled or not, will generally have no affect on a site behaving correctly or not.
even when I enabled all scripts, some sites still wouldn't work
Some sites can be a bear to figure out what they need.
Sometimes when Allow Globally doesn't work, there is some other blocker in the equation, like an ad blocker, that ends up being the actual culprit. (Possible that the ad blocker blocks things before they're seen by NoScript, so NoScript never sees them, so Allow Global has no affect, as the blocking, that which is negatively affecting the site, is being done elsewhere.

Ran into that just today, https://forums.informaction.com/viewtop ... =7&t=25247. At least that's the way it played out on my end, FF 62, NoScript 10. [SeaMonkey 2.45 & NoScript 5 reacted differently, easier to get things working.])

doofy
Astronaut
Astronaut
Posts: 561
Joined: 2017-08-14, 23:43

Re: Want to talk about NoScript? Post here.

Unread post by doofy » 2018-10-10, 02:49

helloimustbegoing wrote:All I know is that even when I enabled all scripts, some sites still wouldn't work.
An amusing feature of NS is that when you "allow all", other scripts (not included in the previous "allow all") try to come in. And are blocked.

I well recall my happy years with NS, where sometimes it would take 3 "allows" + 3 page refreshes before a site would work.

Now, with uMatrix, I simply do not miss that "functionality". One click to allow, one click to refresh, done.

Do I miss NS's ABE etc? No. They were only ever false positives.

ron_1
Moon Magic practitioner
Moon Magic practitioner
Posts: 2043
Joined: 2012-06-28, 01:20

Re: Want to talk about NoScript? Post here.

Unread post by ron_1 » 2018-10-10, 03:17

doofy wrote:
An amusing feature of NS is that when you "allow all", other scripts (not included in the previous "allow all") try to come in.
Yes I was aware of that. When I wrote I allowed all scripts, that's what I meant, repeatedly clicking allow all until there was no more "allow all." ;)
Last edited by ron_1 on 2018-10-10, 03:19, edited 1 time in total.

Post Reply