hackademix.net http://hackademix.net Giorgio Maone's answers to the Web, the Universe, and Everything Mon, 12 May 2014 22:45:24 +0000 http://wordpress.org/?v=2.2.3 en No Free Professional Service http://hackademix.net/2014/05/13/no-free-professional-service/ http://hackademix.net/2014/05/13/no-free-professional-service/#comments Mon, 12 May 2014 22:32:33 +0000 Giorgio http://hackademix.net/2014/05/13/no-free-professional-service/ This is a real exchange from NoScript “User Reviews” section at AMO, copied here as a memento and a caveat (for NoScript potential “customers”? for free software developers?), since some or all of it may be edited by its authors or deleted by those nasty AMO editors in a near future.

  1. Deception and rude treatment of users

    Rated 1 out of 5 stars
    by JamesOnTheWay on May 12, 2014

    My negative review was deleted; therefore, I no longer have confidence in NoScript or its developer. I was not looking for a bug fix. I was warning potential users away, which is permitted in the review guidelines. I will report this to Mozilla and blog about this treatment. Deleting negative reviews is pure deception!

    NoScript was slowing my Firefox and freezing it, and the worst was in GMail. It became non-functional every time a NoScript update was released, which was often daily. FanMaderWeb reported this same issue on April 9, 2014 and his/her 1-star review was not removed. I removed NoScript, which solved all of those problems. I have since discovered that I had unknowingly been switched to beta versions. Whether this was the cause of all those issues, I will never know; because my review was rudely deleted, as I expect this one will be.

    (no title)

    by FanMaderWeb on April 9, 2014

    Sehr schlecht. Ständig muss das AddOn eingestellt werden bei Seiten, die nur JavaScript oder ähnliches benutzen. Man kann noch nichtmal sein E-Mail-Postfach damit abgreifen!

  2. Non-reproducible (yet) bug report

    by Giorgio Maone (Developer) on May 12, 2014

    Review guidelines don’t allow bug reports because they cannot be discussed and followed up here, since this is not a tracker / forum. Since you’re the only one (at this moment) reporting this issue (out of millions of users), it is likely related to your specific configuration and worth investigating, but you choose to scare other users away instead, which is not a very constructive approach (it doesn’t help other users in your situation, nor the product to improve). This is anyway still a “misplaced bug report”, no matter if you were looking for a fix or not. That’s why yes, this review will likely be deleted again. Notice that I cannot delete any review by myself: this decision is up to AMO’s editorial staff. You can still go ahead and “report this to Mozilla and blog about this treatment” if it makes you feel better, but sharing more details at noscript.net/forum would be the right thing to do for everyone’s benefit.

  3. No Free Professional Services

    Rated 3 out of 5 stars
    by JamesOnTheWay on May 12, 2014

    Maone, I am a retired computer professional. My training began with machine language in 1972. I do not debug other people’s work for free. I was taught to never release a buggy product and that customers are only kept with good customer service. Belittling customers drives us away.

  4. Refund

    by Giorgio Maone (Developer) on May 12, 2014

    Dear “customer”, you’ve got a point. I’ll be happy to fully refund the price of the buggy software you paid for. Then I’ll go back in my cubicle trying to blindly reproduce the problem you (alone, so far) have experienced, but whose details you rightfully refuse to reveal unless paid for this service. Thank you for your business!

NoScript and FlashGot Unsigned http://hackademix.net/2013/07/20/noscript-and-flashgot-unsigned/ http://hackademix.net/2013/07/20/noscript-and-flashgot-unsigned/#comments Sat, 20 Jul 2013 18:36:29 +0000 Giorgio http://hackademix.net/2013/07/20/noscript-and-flashgot-unsigned/ Notice to mariners: starting with NoScript version (ATM still a RC) and next version of FlashGot (, most likely) the packages (XPIs) of my Firefox add-ons won’t be signed anymore.

Almost no other Firefox extension gets signed these days (NoScript and FlashGot had been among the earliest and few for a long time), and AMO being the only authorized repository you can install the add-on from by default, there’s little or no point in keeping the relatively expensive and clunky signature machinery in place.

You probably noticed AMO lags quite a lot behind stable versions. That’s because the editorial staff manually checks every line of code published as “stable” for security issues and known performance problems. Therefore, if you’d like to always run the latest and safest (a good idea for a security tool like NoScript), you may want to switch to the fast lane, i.e. the automatically up-to-date beta channel, by installing now.

NoScript’s “Security and Privacy Info” Feature http://hackademix.net/2013/04/06/noscripts-security-and-privacy-info-feature/ http://hackademix.net/2013/04/06/noscripts-security-and-privacy-info-feature/#comments Sat, 06 Apr 2013 19:59:20 +0000 Giorgio http://hackademix.net/2013/04/06/noscripts-security-and-privacy-info-feature/ NoScript: Site Security and Privacy InfoMaybe you haven’t noticed yet (and I admit it’s not an exceedingly discoverable thing), but for a long time now NoScript has offered a “Security and Privacy Info” page.

This feature is meant to help you assess the trustworthiness of any web site shown in your NoScript menu.

You can access this service by middle-clicking or shift-clicking the relevant menu item.

Furthermore, power users can customize it by changing the value of their noscript.siteInfoProvider about:config preference to any URL template of their choice.

YAM (Yet Another Maone) http://hackademix.net/2013/04/03/yam-yet-another-maone/ http://hackademix.net/2013/04/03/yam-yet-another-maone/#comments Wed, 03 Apr 2013 20:53:13 +0000 Giorgio http://hackademix.net/2013/04/03/yam-yet-another-maone/ Alberto Giuseppe Maone
Annuntio vobis gaudium magnum:
Habemus Pupum;
Eminentissimum ac reverendissimum Dominum,
Dominum Albertum Maonem,
Qui sibi nomen imposuit Einstenium.

Timestamp: 201304030735UTC.

Previous releases:

So Unicredit, Doesn’t My Visa Make Me Human Enough?! http://hackademix.net/2012/11/05/so-unicredit-doesnt-my-visa-make-me-human-enough/ http://hackademix.net/2012/11/05/so-unicredit-doesnt-my-visa-make-me-human-enough/#comments Sun, 04 Nov 2012 22:43:32 +0000 Giorgio http://hackademix.net/2012/11/05/so-unicredit-doesnt-my-visa-make-me-human-enough/ No kidding, this is what I’ve been shown this afternoon by Unicredit’s payment processor when I was trying to make a payment with my own credit card (which, incidentally, is itself fed by a Unicredit bank account) on behalf of my sister:

Unicredit's captcha to demonstrate you're human before paying with your credit card

Of course, there’s always a lot to learn from a big fat financial institution about information security…

NSA++: NoScript is Back on your Android Smarphones http://hackademix.net/2012/11/04/nsa-noscript-is-back-on-your-android-smarphones/ http://hackademix.net/2012/11/04/nsa-noscript-is-back-on-your-android-smarphones/#comments Sat, 03 Nov 2012 23:32:46 +0000 Giorgio http://hackademix.net/2012/11/04/nsa-noscript-is-back-on-your-android-smarphones/ NSA++, NoScript on Android

NSA++ (NoScript Anywhere Plus Plus, or NoScript 3.5 alpha for Android Native) has been in the works for a while now, and it’s finally ready for prime time, thanks also to the continuous help of the NLNet Foundation.

Even if it’s not as complete as its legacy Electrolysis-orphaned obsolete predecessor (NSA, designed for the now discontinued XUL Fennec, AKA Firefox 4 Mobile) yet, NSA++ already provides the best security you can get in any mobile browser: beside its trademark flexible script blocking facility, it features the first ever and still strongest XSS filter available, plus partial but functional portings of the unique ClearClick anti-Clickjacking technology and ABE’s firewall/LAN CSRF protection.

You can read more or try it with a recent Firefox Nightly (mobile or desktop, too!) on the NSA project page.

WYSIWYP (Re: Printing a Web Page) http://hackademix.net/2012/06/19/wysiwyp-re-printing-a-web-page/ http://hackademix.net/2012/06/19/wysiwyp-re-printing-a-web-page/#comments Mon, 18 Jun 2012 23:03:21 +0000 Giorgio http://hackademix.net/2012/06/19/wysiwyp-re-printing-a-web-page/ Answering yesterday’s <Glazblog/> post: here’s your WYSIWYP (What You See Is What You Print) bookmarklet, to be dragged onto your bookmarks bar and used as an alternate Print button which strips away all the printer-specific styles and restores them after printing.

Tried on Firefox only, it’s likely buggy as hell: the W3C FAQ page comes out fine and dandy, complete with its logo and all, but the ERCIM page looks remarkably ugly. Anyway I’m confident my audience can amend and give back :)

AntiGareth V2 (Sniper Edition With Scanner) http://hackademix.net/2012/06/08/antigareth-v2-sniper-edition-with-scanner/ http://hackademix.net/2012/06/08/antigareth-v2-sniper-edition-with-scanner/#comments Thu, 07 Jun 2012 23:34:25 +0000 Giorgio http://hackademix.net/2012/06/08/antigareth-v2-sniper-edition-with-scanner/ As promised, I refined the AntiGareth bookmarklet I introduced yesterday by making it aim precisely at those Unicode code points (mostly combining characters) which are found to bleed vertically by this canvas-based scanner.

Warning: I’m hosting the scanner on evil.hackademix.net because it amounts to a quite effective DOS attack against your CPU, especially on Firefox (which, on the other side, finds much more “overbleeders” than Chrome): you’ll probably want to click the “STOP” button after \u20d2. Could anybody explain the awful speed difference, by the way?

However, I’m sure the script can be improved, both accuracy and performanc wise, hence patches and forks are welcome. Enjoy :)

AntiGareth (Deunicodeized Twitter Bookmarlet) http://hackademix.net/2012/06/06/antigareth-deunicodeized-twitter-bookmarlet/ http://hackademix.net/2012/06/06/antigareth-deunicodeized-twitter-bookmarlet/#comments Wed, 06 Jun 2012 11:34:38 +0000 Giorgio http://hackademix.net/2012/06/06/antigareth-deunicodeized-twitter-bookmarlet/ Annoyed to death by unicode dickery like this?
Just drag AntiGareth on your bookmark bar and click it whenever nasty characters try to spoil your day :P

Note: I do know this bookmarklet currently replaces too much (everything higher than \u0100), and therefore is suitable only if your stream is entirely US English. I’ve got an idea for an automated HTML5-based method to detect misrendered code points and deliver selective killing, so stay tuned.


version 2, which replaces “overbleeding” characters only, can be found here, together with the scanner I created to find them.

All Speech is Free Speech http://hackademix.net/2012/03/08/all-speech-is-free-speech/ http://hackademix.net/2012/03/08/all-speech-is-free-speech/#comments Wed, 07 Mar 2012 22:16:59 +0000 Giorgio http://hackademix.net/2012/03/08/all-speech-is-free-speech/ Looks like the following quote is acceptable content under current Mozilla Planet’s policy, and a rather pertinent answer to this now extremely popular post:

“The irony of religion is that because of its power to divert man to destructive courses, the world could actually come to an end. The plain fact is, religion must die for mankind to live. The hour is getting very late to be able to indulge in having in key decisions made by religious people. By irrationalists, by those who would steer the ship of state not by a compass, but by the equivalent of reading the entrails of a chicken. George Bush prayed a lot about Iraq, but he didn’t learn a lot about it. Faith means making a virtue out of not thinking. It’s nothing to brag about. And those who preach faith, and enable and elevate it are intellectual slaveholders, keeping mankind in a bondage to fantasy and nonsense that has spawned and justified so much lunacy and destruction. Religion is dangerous because it allows human beings who don’t have all the answers to think that they do. Most people would think it’s wonderful when someone says, “I’m willing, Lord! I’ll do whatever you want me to do!” Except that since there are no gods actually talking to us, that void is filled in by people with their own corruptions and limitations and agendas. And anyone who tells you they know, they just know what happens when you die, I promise you, you don’t. How can I be so sure? Because I don’t know, and you do not possess mental powers that I do not. The only appropriate attitude for man to have about the big questions is not the arrogant certitude that is the hallmark of religion, but doubt. Doubt is humble, and that’s what man needs to be, considering that human history is just a litany of getting shit dead wrong. This is why rational people, anti-religionists, must end their timidity and come out of the closet and assert themselves. And those who consider themselves only moderately religious really need to look in the mirror and realize that the solace and comfort that religion brings you actually comes at a terrible price. If you belonged to a political party or a social club that was tied to as much bigotry, misogyny, homophobia, violence, and sheer ignorance as religion is, you’d resign in protest. To do otherwise is to be an enabler, a mafia wife, for the true devils of extremism that draw their legitimacy from the billions of their fellow travelers. If the world does come to an end here, or wherever, or if it limps into the future, decimated by the effects of religion-inspired nuclear terrorism, let’s remember what the real problem was that we learned how to precipitate mass death before we got past the neurological disorder of wishing for it. That’s it. Grow up or die.”
― Bill Maher, Religulous