/g/ - Technology » Thread #51079796

[42 / 3 / ?]

18KiB, 300x300, noscriptaddon_logo-300x300.jpg

Anonymous Thu 29 Oct 2015 18:01:54 No.51079796 View Reply Report Delete

Quoted By: >>51079818 >>51079853 >>51079997 >>51080567 >>51080933 >>51081146 >>51081173 >>51082314 >>51082351

My webdev instructor with 20 years of experience started going over javascript today. I asked him if javascript is dangerous/exploitable and he said it was not harmful to users, but can be used to inject code into websites that aren't sanitized

Why is /g/ so insistent on noscript if it isn't dangerous? Why have i been cucking myself from websites working 100% over a meme?

Anonymous

Anonymous Thu 29 Oct 2015 18:03:17 No.51079818 Report Delete

Quoted By: >>51079997

>>51079796
Keep drinking the koolaid, kid.

Anonymous

Anonymous Thu 29 Oct 2015 18:05:27 No.51079853 Report Delete

Quoted By: >>51079896 >>51079997

>>51079796
Because of tracking and bloat tbh. A lot of websites that use JavaScript really don't need to, and NoScript can also make sure js is ran from the actual website.

Anonymous

Anonymous Thu 29 Oct 2015 18:08:58 No.51079896 Report Delete

Quoted By: >>51079975 >>51079997

>>51079853
>and NoScript can also make sure js is ran from the actual website.
how do you do this? I keep seeing google-analytics fucking everywhere

Anonymous

Anonymous Thu 29 Oct 2015 18:10:45 No.51079930 Report Delete

Quoted By: >>51079997

It's not harmful in the sense that it can't infect the user's computer, however it can be used for tracking.

Anonymous

Anonymous Thu 29 Oct 2015 18:13:08 No.51079975 Report Delete

Quoted By: >>51079997 >>51080036

>>51079896
Are you allowing the whole page, or just parts of the website?

Allow this page enables everything.

Anonymous

Anonymous Thu 29 Oct 2015 18:14:33 No.51079997 Report Delete

Quoted By: >>51080006 >>51080363

>>51079796
>>51079818
>>51079853
>>51079896
>>51079930
>>51079975
WHY THE FUCK ARE YOU STILL USING NOSCRIPT

IT'S 2015 - UNMATRIX ERA NOW

GET WITH THE TIMES HOLY FUCKING SHIT

Anonymous

Anonymous Thu 29 Oct 2015 18:15:15 No.51080006 Report Delete

Quoted By:

>>51079997
>trusting gorhillware

Anonymous

View Same Google ImgOps iqdb SauceNAO Untitled.jpg, 49KiB, 238x451

Anonymous Thu 29 Oct 2015 18:16:51 No.51080036 Report Delete

Quoted By: >>51080292 >>51080523

>>51079975
How am i supposed to know which ones are trackers? I usually enable the script that matches the url, but if i do that a bunch more scripts appear on the list.

Anonymous

Anonymous Thu 29 Oct 2015 18:29:33 No.51080292 Report Delete

Quoted By:

>>51080036
You should have enough common sense to know that the ones with "CDN" are important and should be allowed. Especially if the primary content your watching derives from that source. In this case Curse.

Anonymous

Anonymous Thu 29 Oct 2015 18:33:04 No.51080363 Report Delete

Quoted By: >>51080513 >>51080553

>>51079997
How is UMatrix any better?

Anonymous

Anonymous Thu 29 Oct 2015 18:33:47 No.51080377 Report Delete

Quoted By:

>falling for shitty bait

Anonymous

Anonymous Thu 29 Oct 2015 18:38:59 No.51080481 Report Delete

Quoted By: >>51080593 >>51080594

Sure, JavaScript isn't harmful to users. As long as we assume that browsers are 100% secure. Is that a good assumption? Probably not.

Even a jpg can be a viral vector if there's a security exploit in the image viewer.

Anonymous

Anonymous Thu 29 Oct 2015 18:40:37 No.51080513 Report Delete

Quoted By:

>>51080363
It's much easier to use than NoScript for one.

Anonymous

Anonymous Thu 29 Oct 2015 18:40:59 No.51080523 Report Delete

Quoted By: >>51080687

>>51080036

PROTIP:
Middle click on the site, check out the reviews on WoT. Don't just go off the rating, actually read what people write. The tracker companies will pay shills to say "This tracker is actually OK!" on WoT so the over-all rating is generally overly-trusted for ad trackers.

If there are a bunch of people saying "It's another tracking domain," then hit the button on the middle click page that says mark as untrusted, and it will stop showing up as an option to allow (except in the "Untrusted" sub-menu).

Anonymous

Anonymous Thu 29 Oct 2015 18:42:34 No.51080553 Report Delete

Quoted By:

>>51080363
It offers a much greater degree of control, and can be used for a variety of things beyond simple Javascript blocking, such as cookie management.

Anonymous

Anonymous Thu 29 Oct 2015 18:43:21 No.51080567 Report Delete

Quoted By:

>>51079796
because if im looking up cool pics on pinterest i can browse their website by blocking some scripts without having to make an account.

Anonymous

Anonymous Thu 29 Oct 2015 18:44:59 No.51080593 Report Delete

Quoted By: >>51080717

>>51080481
>2015
>writing programs in memory unsafe languages

COME ON

Anonymous

Anonymous Thu 29 Oct 2015 18:45:03 No.51080594 Report Delete

Quoted By: >>51080749

>>51080481
This is true, and NoScript will stop some drive-by attacks, but it's worth mentioning that NoScript is far from perfect in this regard. It comes with a whitelist, and the defaults are pretty shitty (people have found unregistered domains in it before, which is obviously really really bad, since any attacker could just buy the domain and completely circumvent noscript). Beyond that though, a skilled attacker will be able to find ways to get trusted JS in the page, always. So unless you never run any JS (ha, good luck with that), don't think that you're safe from JS exploits and can ignore browser updates for more than like, a day, if that.

Anonymous

Anonymous Thu 29 Oct 2015 18:48:46 No.51080667 Report Delete

Quoted By: >>51080749

My firefox has always noscript equiped - i'm 'malware hunter' but sometimes i'm just too lazy to turn on vmware

Anonymous

Anonymous Thu 29 Oct 2015 18:49:48 No.51080687 Report Delete

Quoted By: >>51080712 >>51080933

Quick informal headcount, how many people here use NoScript and actually use
>>51080523
? I get the feeling most users don't even know about it, which is why it gets such a bad rep for usability.

Anonymous

Anonymous Thu 29 Oct 2015 18:50:59 No.51080712 Report Delete

Quoted By:

>>51080687
i use it.

Anonymous

Anonymous Thu 29 Oct 2015 18:51:12 No.51080717 Report Delete

Quoted By:

>>51080593
>managed languages don't have security exploits

Anonymous

Anonymous Thu 29 Oct 2015 18:52:57 No.51080749 Report Delete

Quoted By:

>>51080667
This is pretty risky, see
>>51080594
You're basically saying "Yeah, I seek out people with HIV, but when I have sex with them, I make sure I have a condom." Sure, it may work most the time, but all it takes is one fuckup.

Anonymous

Anonymous Thu 29 Oct 2015 18:57:44 No.51080832 Report Delete

Quoted By: >>51080971

Is there a difference between blocking scripts with ublock and noscript?

Anonymous

Anonymous Thu 29 Oct 2015 19:03:21 No.51080933 Report Delete

Quoted By: >>51080971

>>51079796
Anything that's automatically downloaded and executed in your computer could compromise it.

>>51080687
>how many people here use NoScript

Complete lack of JS completely mutilates the web, so unfortunatelly not many.

Anonymous

Anonymous Thu 29 Oct 2015 19:05:56 No.51080971 Report Delete

Quoted By: >>51081098 >>51082249

>>51080832
ublock blocks ads, not scripts. For example, when I unblock the google analytics script in noscript, ublock doesn't start blocking it. Noscript also blocks XSS attacks, which ublock doesn't.

>>51080933
>>how many people here use NoScript>how many people here use NoScript
That's not the question I asked.

Anonymous

Anonymous Thu 29 Oct 2015 19:12:35 No.51081098 Report Delete

Quoted By: >>51081125

>>51080971
>ublock blocks ads,
By default it blocks domains and subdomains but you can block specific things from domains also. You can tell it to block scripts, stylesheets, media(video/audio), images, objects, and frames.

Anonymous

Anonymous Thu 29 Oct 2015 19:13:53 No.51081125 Report Delete

Quoted By: >>51081212

>>51081098
Really? Is there some UI for this that I'm missing?

Anonymous

Anonymous Thu 29 Oct 2015 19:14:59 No.51081146 Report Delete

Quoted By:

>>51079796
Because JavaScript is annoying, and potentially dangerous.

Anonymous

Anonymous Thu 29 Oct 2015 19:16:46 No.51081173 Report Delete

Quoted By:

>>51079796
>I asked him if javascript is dangerous/exploitable and he said it was not harmful to users, but can be used to inject code into websites that aren't sanitized
Remember the imgur exploit just a few months ago? If combined with other exploits you could be in a botnet right now.

Anonymous

View Same Google ImgOps iqdb SauceNAO Untitled.png, 21KiB, 688x370

Anonymous Thu 29 Oct 2015 19:18:28 No.51081212 Report Delete

Quoted By:

>>51081125
Bring up dynamic blocking view and then click the little button on the side to bring up element blocking.

Anonymous

Anonymous Thu 29 Oct 2015 19:26:46 No.51081356 Report Delete

Quoted By:

yet another quality /g/ thread

can we please get a /prog/ board for people with at least basic CS knowledge

Anonymous

Anonymous Thu 29 Oct 2015 20:12:57 No.51082249 Report Delete

Quoted By:

>>51080971
>ublock blocks ads, not scripts. For example, when I unblock the google analytics script in noscript, ublock doesn't start blocking it.
Literally retarded

Anonymous

Anonymous Thu 29 Oct 2015 20:16:01 No.51082314 Report Delete

Quoted By:

>>51079796
Autism.

Noscript is pointless.

Anonymous

Anonymous Thu 29 Oct 2015 20:18:10 No.51082351 Report Delete

Quoted By: >>51082378

>>51079796
Enabling Javascript dramatically increases browser attack surface. Most browser vulnerabilities aren't exploitable without Javascript. Even if you don't mind the tracking it's still an unacceptable risk.

Anonymous

Anonymous Thu 29 Oct 2015 20:18:55 No.51082370 Report Delete

Quoted By: >>51082402

Javascript is cancer. HTML5 and CSS ftw.

Anonymous

Anonymous Thu 29 Oct 2015 20:19:31 No.51082378 Report Delete

Quoted By: >>51082408

>>51082351
only if u are a pedo

Anonymous

Anonymous Thu 29 Oct 2015 20:20:53 No.51082402 Report Delete

Quoted By:

>>51082370
only if u use firefox

kek

Anonymous

Anonymous Thu 29 Oct 2015 20:21:04 No.51082408 Report Delete

Quoted By:

>>51082378
Remember the recent Firefox PDF.js exploit? Active in the wild for an unknown time before it was fixed, on a mainstream news website. NoScript blocked it.

Any site that won't function without Javascript is probably shit anyway.

Anonymous

Anonymous Thu 29 Oct 2015 20:23:28 No.51082453 Report Delete

Quoted By: >>51082549

Seriously wtf you tinfoil cucks are fucking shitting about?
Why wouldnt you allow javascript on your everyday normal browsing on linux?
Literally the only plugin I use is ABP.
How does your fucking pages even work without js?
oh and if you're not using linux dont answer to this

Anonymous

Anonymous Thu 29 Oct 2015 20:28:22 No.51082549 Report Delete

Quoted By:

>>51082453
by not visiting shitty websites that require js loaded from 30 other different websites just to work.

Subject

Name

E-mail

Password

Capcode	All Only User Posts Only Verified Posts Only Moderator Posts Only Manager Posts Only Admin Posts Only Developer Posts Only Founder Posts
Show Posts	All Only With Images Only Without Images Only Spoiler Images Only Non-Spoiler Images
Deleted Posts	All Only Deleted Posts Only Non-Deleted Posts
Ghost Posts	All Only Ghost Posts Only Non-Ghost Posts
Post Type	All Only Sticky Threads Only Opening Posts Only Reply Posts
Results	All Grouped By Threads
Order	Latest Posts First Oldest Posts First

On these boards

Your latest searches