Discussion in 'other software & services' started by Nanobot, Nov 14, 2017.
Thank you Bo.
FYI. Updated Features Page.
Thank you for posting, J R.
Bo, you're welcome! Take care.
Updated and trying to adjust.
Working great so far.
Thats what you got to do, thats all.
They are going to keep rolling fast (I guess).......Version 10.1.3rc1 has been released.
Release notes for 10.1.3c1
+ Work-around for Firefox not displaying NOSCRIPT elements on
pages where scripts are blocked by CSP
+ The Alt+Shift+N shortcut now opens the NoScript UI also on
windows with no toolbars containing NoScript's icon
x "unsafe" (non-HTTPS) matching is now automatically selected
on non-HTTPS pages (fixes the perception that you set a
site to TRUSTED and it reverted to DEFAULT)
x Full addresses are shown again to be choosen in UI, together
with base domains
x Better auto-reload logic
x Fixed NoScript back-end to work also if sync storage is
disabled (thanks Rob Wu for reporting)
x Fixed potential fingerprinting through placeholder icon
(thanks Rob Wu for reporting)
There have been 2 updates to NoScript in the last few hours. I tested version 10.1.3rc2 last night, it was a regression. In less than 5 minutes, I knew it was bad. Right away, I discovered I couldn't play videos in YouTube or CBS Sports. I didn't get to install it in my real system, thanks to Sandboxie (tested sandboxed)..
But this morning, I found a new update being available, version v 10.1.3rc3. And is solid. The problems I found with 10.1.3rc2 are gone, neither cant replicate other issues I read been reported by other users. Anyway, its already installed in my real system and its got my zeal of approval.
Release notes for 10.1.3c3
x Fixed immutable permissions for TRUSTED and UNTRUSTED
presets negating all the others (thanks Stefan Scholl for
x Work-around for Moz Bug #1402110 (thanks David Ross for
x Fixed XSS whitelist not being cleared from Options
x Fixed XSS whitelist trying to using sync even if disabled (
thanks Rob Wu for reporting)
Growing pains..............by Giorgio.
Understandable, and I like the direction that's being taken.
I like it also, J R. NoScript is going to be fine.
I had used Noscript for years before I switched to uMatrix - and quite frankly, I cannot understand the brouhaha about Noscript. The scope concept in uMatrix (which has been improved recently) is absolutely brilliant, the matrix displays the 1st- and 3rd-party requests neatly and clearly, its logger is excellent, and uMatrix is much more flexible and versatile and can be configured in many ways to your liking (thankfully @gorhill has recently added several guides to the uMatix wiki which demonstrate its possibilities).
Yes, Noscript has an XSS filter and a clickjacking protection, and that's why I still have it installed with all scripts allowed. But hey - I haven't seen an XSS warning in years so I really doubt that it's really worth it. After all uMatrix also protects against most XSS variants as all 3rd party scripts are blocked by default, most adservers/trackers/malware sites (the usual suspects for such attempts) are explicitly blacklisted via the integrated hosts files, and any impacts are limited anyhow if you're using the domain-specific scope.
That's why I couldn't understand those statements by some people made before Nov. 14, that an update to FF 57 was out of question before Noscript was ready.
NoScript (is on a roll) version 10.1.3 has been released.
x Hotfix for wiped TRUSTED permissions
x Hotfix for NoScript failing to load if XSS was disabled in
I just tested it, and I think I found a little problem, I ll check around and see if other people are reporting it.
@summerheat. I am just going to tell you this. Some of you guys (you, included), using Umatrix or UBO, in your, "I cant believe you choose NoScript over Umatrix" comments, sound like you need reinforcement or approval for your choice. Unconsciously thats what you do when you continuously keep writing that type of comment. You need other users to move over to Umatrix to reinforce your choice and make you feel confident that you made the right choice.
You're really funny, Bo
Just in case you're serious about what you wrote: I had been a using Noscript for years and I have been using uMatrix for years, too. So I'm rather confident that I know what I'm talking about. And believe me - I definitely do not need any reinforcement of my choice. But thank you very much for your concern about my mental health.
Yes, here it is. Likely, a fix will be released in the next few hours.
Lack of confidence in decisions you make is not a sign of bad mental health. I didnt mean nothing bad, but it usually is what I said when someone continuously attempt to convince another person on making same decisions and choices.
Anyway, the other day (about a week ago), I read someone (I remember who) say in the UBO or Umatrix thread that videos start on their own when he visited ESPN. Thats not the case with NoScript (perhaps he is doing something wrong, I dont know).. I could it wrote something in that thread but I didnt have to, didnt feel the urge to "prove" anything. He mentioned brightcove.net, a domain I black list and doesnt run and is not required to watch videos. But kicks in when you click on the video. Take a look.
When I open the page.
When I click to play the video.
In the pictures I just posted, we see domain go.com (a domain thats required for watching videos and ESPN working properly) in green as trusted, and also see domain go.com in red as Default. Thats the new security feature thats getting a lot of complains from users who dont understand the purpose of the feature, but in those pictures we see the feature at work. What is it doing? only connections from https go.com are allowed to load scripts, etc. Unsecured http go.com is forbidden to load or run anything. I could allow go.com http to run, but I choose not to, thats my choice. If I had trusted go.com with the the lock in red instead of green, all connections, secured and unsecured would run. But is not required and NoScript gives me the ability of picking, for better security.
Summerheat, this post is not meant for you.
At first, I didn't realize the usefulness of this feature or what it was doing but after a couple of days, started clicking. After that, I went and look over every domain that I have as Trusted, and changed the ones with the Red lock that in my personal case use, only required the Green https lock for the websites to work as I require them and were https. If a site is http, you got to go Red, Perhaps, this is not a big deal in sites like ESPN, but what about yahoo mail or google mail, or your bank sites. Useful feature. You dont want your bank site or when making purchases to be trusting Red when all you need is Trust and allow green. Hopefully, I am making sense.
Yes, Configuring rules for http vs https is very good. Especially important for sensitive sites. However, the sites i came across, i had to allow connections via http
I do this in uBO, when nooping rules in Medium mode..
Your phrasing is still close to an ad hominem attack (and not for the first time). This is my last comment on this matter.
The latest version of NoScript (10.1.3) is virtually unusable in its current form. Clicking the NS icon restores down Firefox when set to maximised and NS pops up full screen.
I know the developer has been busy working away on NS 10.x but maybe he needs some sleep too.
Krusty, looks like it's a known issue: NoScript Resizes Firefox when clicked on and NoScript 10.1.3 (not RC) un-maximizes FF57.
Krusty, you can install version 10.1.3rc3 (the previous version than the one you installed). Thats a solid version. There is an update supposed to be released today that fixes what you found, I being busy today but I just looked for it and surprises me that is not out yet. Install 10.1.3rc3, you ll be good. Verify that settings for Trusted, Untrusted and Default are set as you want them after installing the (for the moment) solid gold version .
I am sorry I hurt your feelings but now you are putting the martyr act. When you wrote what I am quoting (below), you were teasing me, you wanted a response and you got it. And you wrote it in this thread, you knew I would not miss it and wrote the words that you knew would get a response from me.
How I plan to carry on Firefox updates is my choice, not yours. Same with the programs I use. I have the right to use what I want without being attacked. You seem to have a hard time understanding that not everyone does as most people do. I am a rebel with a cause.
Regarding Firefox updates? I am doing it again. I havent updated to Firefox 57.0.1 yet. Basically same reasons as before. I want to update to the next NoScript release before updating to 57.0.1. I got my reasons, you dont have to accept them, but understand that I should be able to follow my instincts without being mocked about. Greetings.
I see this has been discussed on the link that @bo elam posted earlier too.
Separate names with a comma.