Rubénerd Blog :)

Macslocum over at O’Reilly Answers is asking people to submit their favourite browser plugins and extensions. No prizes for guessing which one I chose!

Read this post >

Hehe Safari 4.0.4… I suppose if it doesn’t download properly you get a 404 error? HA!

Moving on, I just finished downloading the new Safari 4.0.4 release. Reviewed in one sentence: its one slick, fast browser. As I said on MacRumors though (and was promptly ignored) there’s still one huge reason why I can’t use it.

Read this post >

As I said with the Ghostery Firefox extension back in May (Ghostery Mozilla Firefox extension review), it bowls me over when I go to some sites to see just how much sneaky crap is going on behind the scenes, and how most people simply have no idea. With NoScript, I’m starting to see the same thing, and it’s rapidly getting much worse.

Read this post >

Another great reason for using NoScript in Firefox if you didn’t think it was useful before is that it blocks embedded media such as Flash unless you specifically choose to unblock it on individual pages (which for me is almost never!). With HTML5 elements like <video> and <audio> now being supported in Firefox 3.5 I was worried I’d be losing this control and that there would be an unguarded vector for attack… not to mention being annoyed and irritated by pages that start playing jingles and animated advertisements!

Suppose Firefox employed an external library to play media which turned out to be vulnerable; it’s happened in the past. Any malicious hacker could embed a specially crafted video or audio file into a page and your browser would start playing it automatically when you visited the page. By the time you realised what was going on, it’d be too late.

Well it’s time to breath easier again (that sounded like an introduction to a cheap infomercial). I just noticed this evening after updating to version 1.9.8.1 that NoScript now blocks HTML5 media elements on pages that aren’t on your NoScript whitelist just like JavaScript, Flash and the like which is fantastic news. I understand selectively enabling JavaScript may be a bit troublesome for some people to cope with, but HTML5 media filtering should be a mandatory part of Firefox in my opinion.

In any event, it’s one less thing to make me nervous and to worry about, which for someone always buzzing with social anxiety and caffeine is a good thing :).

I noticed this afternoon while going through my comment moderation queue that Rubenerd.com was running a bit sluggishly. Like I would if I ever ran anywhere presumably.

The culprit? A line of JavaScript designed to download and display my latest photos from Flickr. Seems it was hanging on that particular part of the page and deciding not to go any further. So I got rid of it, and now my site is running faster than it ever has! Not sure whether I’ll do something server-side to replace it’s function, or whether my link to my Flickr page in the header along with linked images in posts here like I’ve done above will suffice.

Aside from some Ajax websites that behave more like applications than web pages such as Google Docs, I dislike JavaScript on pages. It’s cool now I can say I don’t have any on my own site. Have NoScript in Firefox or CamiNoScript in Camino? My site will work exactly the same!

I’ve had to temporarily disable the BetterPrivacy extension because since I upgraded to Firefox 3.0.8 I get the above error message every single time I close the browser. Upon clicking it, all the browser windows disappear but Firefox stays active for anywhere between 5 to 30 seconds in the dock before finally quitting. It’s quite irritating!

Given it’s a JavaScript error I suspect perhaps it’s having a conflict with NoScript but disabling that extension still renders the above error. I’m running Firefox 3.0.8, BetterPrivacy 1.25, NoScript 1.9.1.6, Cookie Monster 0.97.0 and SSL Blacklist 4.0.30: as far as I know all the latest versions.

The error mentions NS_* (stands for NeXTSTEP, what Mac OS X was built from) which leads me to believe it may be a local problem. Anyone else having this issue?

Given I’ve been obsessively talking about NoScript over the last few weeks, I thought I’d share something fun about their logo. According to their FAQ, the NoScript logo has a name and some history!

What is that strange, evil blue being in the NoScript logo?

It is Jesse the JavaScript Worm, an extra-dimensional menace trapped by NoScript. He’s said to be the evil cousin of Trogdor, but I swear by the Flying Spaghetti Monster I did not know anything about StrongBad and his dragon when I designed NoScript logo

I love these guys, they clearly know what they’re doing, they’re Pastafarians like me and they have a sense of humour to boot!

As I’ve eluded to previously, the primary reason why I use Mozilla Firefox is for it’s security and privacy extensions as I’ve discussed previously here; in particular NoScript. My cousin Nim can’t stand it when I say killer, so I’m going to say Firefox and NoScript are a killer combination. I really mean it!

Two random points from my family’s use of NoScript I thought I’d quickly share here:

1. It dawned on me though that when I upgraded my sister’s MacBook to the latest version of Firefox that it should have been doing it for her automatically along with her plugins. She’s a NoScript user too but both her Firefox and her NoScript installations were woefully out of date. Checking the Update tab under Advanced in her preferences pane, I noticed her automatic updates were turned off. I don’t quite know why, she claims she never unchecked the boxes, but be that as it may it meant she was running older and potentially less secure versions of software for a while now.

2. NoScript is updated on a very regular basis! Because I just put my MacBook to sleep instead of turning it off I can go for days without closing Firefox, and when I reopen it, it almost always has updates available for NoScript.

Two important lessons to take away from this post: if you’re a very, very happy NoScript user make sure firstly you have automatic updates enabled by default and that if you leave Firefox open for longer periods of time to check for updates more often. Again NoScript and Firefox are a match made in heaven, but they need constant updating to work optimally and securely.

A public service announcement from the Department of Ruben Schade Redundant Language Department, a red tape subsidiary of the Bureau of Oversight and the Ministry of Hot Air.

I’ve been promising for a while to list all the extensions I use for Mozilla Firefox. Given I have a stack of homework to do and other chores and errands, it seems now is as good a time as any.

Each of these are reasons why I use Firefox over other browsers!

NoScript

If you’re only ever going to install one add on, make it this one. NoScript cops a lot of nonsense and flack from people for being tedious and a pain to use, but it really is very simple and with a few days of using it, it becomes second nature.

NoScript works as a whitelist by blocking all dynamic content on pages by default such as Flash and JavaScript, but when you go to a page you trust you click the NoScript icon and choose "Allow Site". You can even "Temporarily Allow" pages that you suspect aren’t working properly without JavaScript but that you don’t necessarily want to permanently add to your whitelist.

As for customising, I suggest disabling the "Show message about blocked scripts" because it’s a bit redundant. I also suggest removing the NoScript icon from your toolbar and accessing it from the status bar instead, it takes up less space and will be conveniently located next to other extensions with menus.

SSL Blacklist

This protects you for suspect root certificate authorities, and if you prefer not pinging their server every time you access a secure page, you can also download their database as a extension. As a bonus in the newest version it will also warn you if you’re accessing a site that uses the now vulnerable MD5 hash that I’ve talked about before, very cool.

BetterPrivacy

Protects you from so called Super Cookies such as Adobe Flash LSOs [Wikipedia link] which can be used to track you. Spooky stuff.

Cookie Monster

NoScript got me used to the idea of blocking everything by default and only allowing sites I trust to execute code. Cookie Monster is a lightweight extension that does the same thing for cookies.

Another such pair of extensions are CookieSafe and CS Lite, the latter of which I used to use for a while. They’re both extremely sophisticated but I found I never used any of their advanced features.

BlockSite

BlockSite is a simple, lightweight and very easy use blacklist utility which does what you think it does. The only thing I wish it did was allow you to right click (or CTRL click on Mac) a link and add the target site to your blacklist.

Adblock Plus (discussed on my usability Firefox extensions post) used to be able to block entire websites, but later versions removed this functionality for some reason: BlockSite fills this void nicely.