hackademix.net https://hackademix.net Giorgio Maone\'s answers to the Web, the Universe, and Everything Wed, 19 Nov 2014 23:18:20 +0000 http://wordpress.org/?v=2.2.3 en s/http(:\/\/(?:noscript|flashgot|hackademix)\.net)/https\1/ https://hackademix.net/2014/11/20/shttpnoscriptflashgothackademixnethttps1/ https://hackademix.net/2014/11/20/shttpnoscriptflashgothackademixnethttps1/#comments Wed, 19 Nov 2014 23:16:20 +0000 Giorgio https://hackademix.net/2014/11/20/shttpnoscriptflashgothackademixnethttps1/ I'm glad to announce noscript.net, flashgot.net and hackademix.net have been finally switched to full, permanent TLS with HSTS

Please do expect a smörgåsbord of bugs and bunny funny stuff :)

]]>
https://hackademix.net/2014/11/20/shttpnoscriptflashgothackademixnethttps1/feed/
Avast, you're kidd... killing me - said NoScript >:( https://hackademix.net/2014/11/19/avast-youre-kidd-killing-me-said-noscript/ https://hackademix.net/2014/11/19/avast-youre-kidd-killing-me-said-noscript/#comments Wed, 19 Nov 2014 13:20:04 +0000 Giorgio https://hackademix.net/2014/11/19/avast-youre-kidd-killing-me-said-noscript/ If NoScript keeps disappearing from your Firefox, Avast! Antivirus is likely the culprit.
It's gone Berserk and mass-deleting add-ons without a warning.
I'm currently receiving tons of reports by confused and angry users.
If the antivirus is dead (as I've been preaching for 7 years), looks like it's not dead enough, yet.

]]>
https://hackademix.net/2014/11/19/avast-youre-kidd-killing-me-said-noscript/feed/
No Free Professional Service https://hackademix.net/2014/05/13/no-free-professional-service/ https://hackademix.net/2014/05/13/no-free-professional-service/#comments Mon, 12 May 2014 22:32:33 +0000 Giorgio http://hackademix.net/2014/05/13/no-free-professional-service/ This is a real exchange from NoScript “User Reviews” section at AMO, copied here as a memento and a caveat (for NoScript potential “customers”? for free software developers?), since some or all of it may be edited by its authors or deleted by those nasty AMO editors in a near future.

  1. Deception and rude treatment of users

    Rated 1 out of 5 stars
    by JamesOnTheWay on May 12, 2014

    My negative review was deleted; therefore, I no longer have confidence in NoScript or its developer. I was not looking for a bug fix. I was warning potential users away, which is permitted in the review guidelines. I will report this to Mozilla and blog about this treatment. Deleting negative reviews is pure deception!

    NoScript was slowing my Firefox and freezing it, and the worst was in GMail. It became non-functional every time a NoScript update was released, which was often daily. FanMaderWeb reported this same issue on April 9, 2014 and his/her 1-star review was not removed. I removed NoScript, which solved all of those problems. I have since discovered that I had unknowingly been switched to beta versions. Whether this was the cause of all those issues, I will never know; because my review was rudely deleted, as I expect this one will be.

    (no title)

    by FanMaderWeb on April 9, 2014
    translate

    Sehr schlecht. Ständig muss das AddOn eingestellt werden bei Seiten, die nur JavaScript oder ähnliches benutzen. Man kann noch nichtmal sein E-Mail-Postfach damit abgreifen!

  2. Non-reproducible (yet) bug report

    by Giorgio Maone (Developer) on May 12, 2014

    Review guidelines don’t allow bug reports because they cannot be discussed and followed up here, since this is not a tracker / forum. Since you’re the only one (at this moment) reporting this issue (out of millions of users), it is likely related to your specific configuration and worth investigating, but you choose to scare other users away instead, which is not a very constructive approach (it doesn’t help other users in your situation, nor the product to improve). This is anyway still a “misplaced bug report”, no matter if you were looking for a fix or not. That’s why yes, this review will likely be deleted again. Notice that I cannot delete any review by myself: this decision is up to AMO’s editorial staff. You can still go ahead and “report this to Mozilla and blog about this treatment” if it makes you feel better, but sharing more details at noscript.net/forum would be the right thing to do for everyone’s benefit.

  3. No Free Professional Services

    Rated 3 out of 5 stars
    by JamesOnTheWay on May 12, 2014

    Maone, I am a retired computer professional. My training began with machine language in 1972. I do not debug other people’s work for free. I was taught to never release a buggy product and that customers are only kept with good customer service. Belittling customers drives us away.

  4. Refund

    by Giorgio Maone (Developer) on May 12, 2014

    Dear “customer”, you’ve got a point. I’ll be happy to fully refund the price of the buggy software you paid for. Then I’ll go back in my cubicle trying to blindly reproduce the problem you (alone, so far) have experienced, but whose details you rightfully refuse to reveal unless paid for this service. Thank you for your business!

]]>
https://hackademix.net/2014/05/13/no-free-professional-service/feed/
NoScript and FlashGot Unsigned https://hackademix.net/2013/07/20/noscript-and-flashgot-unsigned/ https://hackademix.net/2013/07/20/noscript-and-flashgot-unsigned/#comments Sat, 20 Jul 2013 18:36:29 +0000 Giorgio http://hackademix.net/2013/07/20/noscript-and-flashgot-unsigned/ Notice to mariners: starting with NoScript version 2.6.6.9 (ATM still a RC) and next version of FlashGot (1.5.5.6, most likely) the packages (XPIs) of my Firefox add-ons won’t be signed anymore.

Almost no other Firefox extension gets signed these days (NoScript and FlashGot had been among the earliest and few for a long time), and AMO being the only authorized repository you can install the add-on from by default, there’s little or no point in keeping the relatively expensive and clunky signature machinery in place.

You probably noticed AMO lags quite a lot behind stable versions. That’s because the editorial staff manually checks every line of code published as “stable” for security issues and known performance problems. Therefore, if you’d like to always run the latest and safest (a good idea for a security tool like NoScript), you may want to switch to the fast lane, i.e. the automatically up-to-date beta channel, by installing 2.6.6.9rc1 now.

]]>
https://hackademix.net/2013/07/20/noscript-and-flashgot-unsigned/feed/
NoScript's "Security and Privacy Info" Feature https://hackademix.net/2013/04/06/noscripts-security-and-privacy-info-feature/ https://hackademix.net/2013/04/06/noscripts-security-and-privacy-info-feature/#comments Sat, 06 Apr 2013 19:59:20 +0000 Giorgio http://hackademix.net/2013/04/06/noscripts-security-and-privacy-info-feature/ NoScript: Site Security and Privacy InfoMaybe you haven’t noticed yet (and I admit it’s not an exceedingly discoverable thing), but for a long time now NoScript has offered a “Security and Privacy Info” page.

This feature is meant to help you assess the trustworthiness of any web site shown in your NoScript menu.

You can access this service by middle-clicking or shift-clicking the relevant menu item.

Furthermore, power users can customize it by changing the value of their noscript.siteInfoProvider about:config preference to any URL template of their choice.

]]>
https://hackademix.net/2013/04/06/noscripts-security-and-privacy-info-feature/feed/
YAM (Yet Another Maone) https://hackademix.net/2013/04/03/yam-yet-another-maone/ https://hackademix.net/2013/04/03/yam-yet-another-maone/#comments Wed, 03 Apr 2013 20:53:13 +0000 Giorgio http://hackademix.net/2013/04/03/yam-yet-another-maone/ Alberto Giuseppe Maone
Annuntio vobis gaudium magnum:
Habemus Pupum;
Eminentissimum ac reverendissimum Dominum,
Dominum Albertum Maonem,
Qui sibi nomen imposuit Einstenium.

Timestamp: 201304030735UTC.

Previous releases:

]]>
https://hackademix.net/2013/04/03/yam-yet-another-maone/feed/
So Unicredit, Doesn't My Visa Make Me Human Enough?! https://hackademix.net/2012/11/05/so-unicredit-doesnt-my-visa-make-me-human-enough/ https://hackademix.net/2012/11/05/so-unicredit-doesnt-my-visa-make-me-human-enough/#comments Sun, 04 Nov 2012 22:43:32 +0000 Giorgio http://hackademix.net/2012/11/05/so-unicredit-doesnt-my-visa-make-me-human-enough/ No kidding, this is what I’ve been shown this afternoon by Unicredit’s payment processor when I was trying to make a payment with my own credit card (which, incidentally, is itself fed by a Unicredit bank account) on behalf of my sister:

Unicredit's captcha to demonstrate you're human before paying with your credit card

]]> https://hackademix.net/2012/11/05/so-unicredit-doesnt-my-visa-make-me-human-enough/feed/ NSA++: NoScript is Back on your Android Smarphones https://hackademix.net/2012/11/04/nsa-noscript-is-back-on-your-android-smarphones/ https://hackademix.net/2012/11/04/nsa-noscript-is-back-on-your-android-smarphones/#comments Sat, 03 Nov 2012 23:32:46 +0000 Giorgio http://hackademix.net/2012/11/04/nsa-noscript-is-back-on-your-android-smarphones/ NSA++, NoScript on Android

NSA++ (NoScript Anywhere Plus Plus, or NoScript 3.5 alpha for Android Native) has been in the works for a while now, and it’s finally ready for prime time, thanks also to the continuous help of the NLNet Foundation.

Even if it’s not as complete as its legacy Electrolysis-orphaned obsolete predecessor (NSA, designed for the now discontinued XUL Fennec, AKA Firefox 4 Mobile) yet, NSA++ already provides the best security you can get in any mobile browser: beside its trademark flexible script blocking facility, it features the first ever and still strongest XSS filter available, plus partial but functional portings of the unique ClearClick anti-Clickjacking technology and ABE’s firewall/LAN CSRF protection.

You can read more or try it with a recent Firefox Nightly (mobile or desktop, too!) on the NSA project page.

]]>
https://hackademix.net/2012/11/04/nsa-noscript-is-back-on-your-android-smarphones/feed/
WYSIWYP (Re: Printing a Web Page) https://hackademix.net/2012/06/19/wysiwyp-re-printing-a-web-page/ https://hackademix.net/2012/06/19/wysiwyp-re-printing-a-web-page/#comments Mon, 18 Jun 2012 23:03:21 +0000 Giorgio http://hackademix.net/2012/06/19/wysiwyp-re-printing-a-web-page/ Answering yesterday’s <Glazblog/> post: here’s your WYSIWYP (What You See Is What You Print) bookmarklet, to be dragged onto your bookmarks bar and used as an alternate Print button which strips away all the printer-specific styles and restores them after printing.

Tried on Firefox only, it’s likely buggy as hell: the W3C FAQ page comes out fine and dandy, complete with its logo and all, but the ERCIM page looks remarkably ugly. Anyway I’m confident my audience can amend and give back :)

]]>
https://hackademix.net/2012/06/19/wysiwyp-re-printing-a-web-page/feed/
AntiGareth V2 (Sniper Edition With Scanner) https://hackademix.net/2012/06/08/antigareth-v2-sniper-edition-with-scanner/ https://hackademix.net/2012/06/08/antigareth-v2-sniper-edition-with-scanner/#comments Thu, 07 Jun 2012 23:34:25 +0000 Giorgio http://hackademix.net/2012/06/08/antigareth-v2-sniper-edition-with-scanner/ As promised, I refined the AntiGareth bookmarklet I introduced yesterday by making it aim precisely at those Unicode code points (mostly combining characters) which are found to bleed vertically by this canvas-based scanner.

Warning: I’m hosting the scanner on evil.hackademix.net because it amounts to a quite effective DOS attack against your CPU, especially on Firefox (which, on the other side, finds much more “overbleeders” than Chrome): you’ll probably want to click the “STOP” button after \u20d2. Could anybody explain the awful speed difference, by the way?

However, I’m sure the script can be improved, both accuracy and performanc wise, hence patches and forks are welcome. Enjoy :)

]]>
https://hackademix.net/2012/06/08/antigareth-v2-sniper-edition-with-scanner/feed/