Adblock Plus and (a little) more

Yet another round of extension recommendations · 2007-04-16 10:04 by Wladimir Palant

ComputerWorld managed to generate quite a lot of buzz with its list of must-have extensions and extensions to avoid. But, as many commenters noticed, the extensions listed appear pretty random. The first list contains a number of extensions that are based on good ideas but either didn’t manage to implement these ideas properly or are simply useless to most Firefox users. On the other hand, some extensions that these users would really consider absolute “must-have” like Adblock Plus are simply missing which undermines the credibility of this article.

Read more Comment [16]

Tags:

Legal implications of security research · 2007-04-08 16:23 by Wladimir Palant

The Chilling Effect is quite interesting read (yes, the article is a few months old but I only discovered it now). It shows nicely how security research on web applications is different from research on software you install on your computer. It also shows why responsible disclosure of vulnerabilities is so rare in this field. I also find it very interesting how it explains that most software is of a low quality.

Read more Comment [4]

Tags:

Java and Firefox memory usage · 2007-04-04 15:59 by Wladimir Palant

I have been using Sun’s old Java 1.5.0_06 runtime for quite a while, there simply wasn’t a good reason to waste time updating it. When investigating a Java-related crash I decided to check whether it will happen with a newer runtime (1.6.0-b105 was current at that time). Surprisingly, the crash disappeared even though this crash happened in Gecko code and not in the Java plugin.

Read more Comment [13]

Tags:

Why you should not get married in Germany · 2007-03-31 02:32 by Wladimir Palant

Until recently I thought that the low number of marriages and the relatively high age of people getting married in Germany was solely an expression of the mentality where everybody only relies on himself. Now I have learned that there is another factor as well — getting married in Germany is just difficult, despite all the talk about “improving family-friendliness of the state”.

Read more Comment [24]

Tags:

80% of malware served through ads? · 2007-03-28 03:45 by Wladimir Palant

PC World published an article on the analysis done by security firm Finjan that shows that 80% of all malicious code is served through online advertising. Now as with every statistic their selection might not have been representative, I have strong doubts that this number is accurate. But the trend is clear — there is much to be gained by infiltrating advertising networks, it allows hackers to inject their code into many sites including the ones where users don’t expect it. So the common advise to avoid visiting “shady” sites has once again lost some of its appeal, ads are displayed on “serious” sites as well. But I guess it will not stop most webmasters from trusting third-party content unconditionally by embedding scripts from third-party servers into their web pages. If these third-party servers get compromised their web site will be automatically affected as well, with identity stealing being the least serious consequence.

Read more Comment

Tags:

Usability vs. Security · 2007-03-25 01:53 by Wladimir Palant

Disclamer: This post is only about using NoScript as a security solution, not as a way to block annoyances.

It seems that me pointing out the fundamental flaw in NoScript only inspired another round of madness — that’s the only name I can find for it. Giorgio Maone has developed a solution that will effectively stop untrusted sites from injecting JavaScript through XSS holes in whitelisted sites. He is currently testing it with a development build and from what I can tell it mostly holds what it promises. Is that an achievement? Giorgio has obviously put much thought into this feature but I still have to say: no.

Read more Comment [19]

Tags:

Encouraging innovation · 2007-03-16 23:28 by Wladimir Palant

I had to laugh out loudly on this one. The IEBlog announces the winners of the IE Add-ons Contest. Guess who won the Grand Prize?

Read more Comment [3]

Tags:

Blacklists, whitelists, and security · 2007-03-15 04:13 by Wladimir Palant

I had a lengthy discussion with Giorgio Maone (author of the NoScript extension) about what is a security solution and what isn’t. Starting point was my statement that, while being excellent for getting rid of annoyances, neither Adblock Plus nor NoScript are really security solutions. Both have the potential, so why not?

Read more Comment [9]

Tags:

Why "Save Page As HTML, complete" sucks · 2007-03-15 00:20 by Wladimir Palant

I read a forum question from an Opera user who was upset because Opera 9.10 now saves web pages “like IE and Firefox” – meaning saving them with all the included files. His problem was easily solved with a configuration change but it got me thinking. Generally this doesn’t seem to be such a bad idea, it allows you to open a saved web page and it will look exactly the same. So I tried to understand why this user was so upset and why I almost never use this feature myself. It seems there are three things.

Read more Comment [14]

Tags:

Status of "immediate unblocking" feature · 2007-03-07 03:28 by Wladimir Palant

My post about finding a way to unblock items immediately when the filters change was probably too optimistic. I am finished coding the basics but I hit some problems in Gecko.

Read more Comment [10]

Tags:

Cookie preferences

We use some cookies to give you the best experience on our website. Read more

Cookie preferences

We use some cookies to give you the best experience on our website. By using our site you are aware that we are using cookies and you can change this any time. Learn more

Necessary cookies

Used to remember your privacy preferences. They cannot be switched off.

Tracking cookies

We use these to analyze website traffic.