pythonaro.com

Pythonaro blog

02 May 2009

You should update to NoScript 1.9.2.6

Quick recap:
  1. NoScript is a Firefox extension. Its author makes money from ads on his webpages (from what he says, pretty much his entire income depends on those adsUPDATE: from his bio: "I'm currently teaching Web Programming at the University of Palermo"... yet another blow to his credibility UPDATE: the bio was outdated).
  2. AdBlock Plus is a Firefox extension that stops ads. It also allows users to subscribe to third-party lists of sites to block.
  3. The maintainer of one of those services, "EasyList", took a very zealous approach and targeted NoScript.net (and other sites from the same author) because he found that it implemented some basic workarounds to avoid AdBlock Plus.
  4. Escalation ensued, and after a series of tit-for-tat eventually the NoScript developer went too far. NoScript, when installed in Firefox, would now check if AdBlock Plus was installed, and if so, force it to whitelist its sites... basically "hacking" ABP client-side.
  5. The ABP developer (who up to now was not involved who apparently instigated the whole thing) got angry, and denounced the behaviour in various forums, including Slashdot.
  6. The NoScript author backtracked, removed the offending code in the latest update (NoScript 1.9.2.6) and apologized

Now, I'm sympathetic to the NoScript author's circumstances -- he has a family to feed, he gives his work away for free, and NoScript really is a piece of extremely useful and complex code that most Firefox users enjoy (including me). It seems fair that he should get some compensation for his effort.

However, clearly NoScript can be (and is) used as an ad-blocker, and the developer even runs AdBlock himself, but then he gets all worked up when these technologies are used against his own sites. There is a bit of hypocrisy there.

In any case, client-side modification of other people's extensions is just unacceptable, no matter how "transparent" it is. There is a line, and the NS author crossed it. Kudos to him for the eventual backtracking, but he shouldn't have put himself in that position in the first place. NoScript is a security-related extension, and in the security world trust is precious currency. His reputation is now tarnished, and it will take time for people to forget.

All this, someone pointed out, highlights the need for a mechanism to reward extension authors. I agree. Mozilla could easily implement a micropayment system on addons.mozilla.org (like the iPhone AppStore), or build some sort of subscription infrastructure in FF (so that people can install extensions, then decide if they are worth paying). My guess is that the world of extension development would literally explode, and that would make FF even more attractive.

Labels: , , ,

posted by GiacomoL @ 9:42 AM   6 comments links to this post

04 January 2009

NoScript + PingFire = problems

Note to search engines: the PingFire extension for Firefox doesn't work when NoScript is also installed. Check the official PingFire support thread for more info.

Update: I removed PingFire and replaced it with a simple bookmark-in-sidebar hack:

  1. Create a bookmark pointing to http://ping.fm/m (the "mobile" site for Ping.fm) and place it on your Bookmarks Toolbar
  2. right-click on it, select Properties
  3. check the option to "Load this bookmark in sidebar"
This is one of the very few occasions in which I found the Firefox sidebar quite useful.

Labels: , , ,

posted by GiacomoL @ 10:36 AM   0 comments links to this post