NoScript Awarded $10,000 178
An anonymous reader noted an interesting bit of information about a tool a ton of Slashdot users make use of every day: "NoScript has been chosen as the recipient of the DRG Security Innovation Grant. This is a great honor and a spur to keep making the Web a safer place. I feel the urge to thank the committee for recognizing NoScript as a pioneering force in browser security, and the community of contributors, researchers, translators, beta testers, and loyal users who keep this project alive day after day. The grant will fund the effort to merge the current two development lines, i.e. 'traditional' NoScript for desktop environment."
Recognition vs usefulness (Score:4, Interesting)
Does this mean web designers will start making their web sites actually work when users without javascript try to use them?
(The list of offenders is too long to name.)
Re:Did they also get a grant... (Score:3, Interesting)
Maybe not. But, it definitely raises questions about the guy's integrity. And, you can't help but wonder if this hadn't been noticed and created massive outcry, whether he would have apologized at all, or whether he was just imitating large corporations policy of "hope they don't notice, apologize if they do."
Oh yeah, and why one addon is able to make changes to another in Firefox without notifying the user. I haven't used Firefox much (prefer Opera), but is this still possible? If it is, why? Seems like a pretty large security problem. The answer is obviously only to install trusted addons, but if even a major addon like this has a history of doing it, what can you really trust?
Re:Should have been a default in browsers from day (Score:4, Interesting)
Well I love the Neutered web experience because I absolutely Hate flash/silverlight and iframes because they've been exploited to many times. As to the usability of a website, I feel that any site that absolutely depends upon flash/silverlight to be usable is one I don't need to visit again. For those business sites like Asus or HP, I've begun filing ADA (american disabilities act) complaints that the websites are no accessible to disabled users (flash doesn't support screen readers - nor does it work worth a damn for those who have even a mild vision impairment).
Hopefully, we'll start seeing companies getting it right by sticking with Standards compliant HTML for their main pages with proper links to the various departments. There is absolutely no reason for a website to depend on anything except HTML for functionality, as it is the lowest common denominator.
Helps prevent trojan infections (Score:4, Interesting)
No Script helped in stemming the amount of infected PCs I received. I'd install it on my customer's PCs and showed them how it worked and that they should turn it off only when doing stuff like online banking, otherwise leave it on.
It was of tremendous help and a lot of repeat customers stopped coming back with the same infection.
Re:Recognition vs usefulness (Score:3, Interesting)
Re:Why I don't use NoScript (Score:4, Interesting)
What NoScript really needs is a way of blacklisting domains manually so that I have to manually enable them if I decide I want them.
You mean like 'mark as untrusted'?
I'd like to see domain-based functionality, so for example I can allow Facebook Javascript when I'm actually using Facebook, but block if when I'm at any other site.
Ah, I still remember the early days of Javascript when we were telling people what a horrible insecure pile of crap it would be and they were assuring us that nothing could possibly go wrong.
Re:Recognition vs usefulness (Score:4, Interesting)
I leave sites when they require JS, and follow up by sending them a screenshot of me placing an order on a competitor's web site (with certain identifying information blanked out).
Depending on their site design, I also point out how they spent more effort blocking script-less usage than it would have taken to have a graceful fallback. That's not always the case, but it helps.
I never get a reply, but I don't expect one either.