Subject: bbcdocs website problem

<< Previous Message	Main Index	Next Message >>
<< Previous Message in Thread	This Month	Next Message in Thread >>
Date   : Tue, 27 Jul 2010 15:04:16 +0200
From   : rick@... (Rick Murray)
Subject: bbcdocs website problem

On 27/07/2010 10:58, Rob wrote:

> I guess that's me ...

:-)


> Whilst it's perhaps not quite as easy to use as NoScript apparently is,

I looked up blocking stuff and it seemed to involve a lot of faffing 
with files and options buried in menus. It's like the so-called security 
was added as an afterthought.


> Opera does offer a per-site customisation of blocking Javascript, or
 > limiting it's rights, blocking plugins, [...]

So does, I think, Firefox. Never needed to look as I take a more active 
role in stamping my foot. ;-)

Some of the powers of NoScript are:
   * It separates domains, so if you give theregister.co.uk permission
     to run, *ONLY* that domain will run, those linked from it (such as
     google-analytics) need their own permission. Or not. Most of that
     sort of stuff is auto-blacklisted. This is extremely useful as
     giving a site permission to run starts to fail if said permission
     allows the sites to pull in code from *other* sites.

   * By default, all PDFs and Flash is blocked, except from sites that
     have permission. I can click to allow, or back out. It would be nice
     to have a SaveAs link, but nevermind...

   * Extremely flexible interface, with pop-up notification. I can see in
     an instant what NoScript is allowing/blocking, and give permission
     on a temp (this time only) or permanent basis.

   * Lots of other cross-site things are checked, like XSS clickjacking.
     Not sure what that is exactly, it looks like if a link is set by
     XSS to be one thing, but the link actually goes somewhere else - the
     Orange.fr site constantly causes this. A really poor design...


> I've taken to running default with most off, and only enabling as needed.

Us old-timers have fond memories of when it was safe to walk around the 
web alone at night... Now you need a dozen deadbolts on the door.


> The ad blocking is a learning type

AdBlockPlus works using subscription lists. Seems to be pretty 
effective, though what the ad blocker would let through is pretty much 
blocked by NoScript.


> I had terrible trouble with both of these being unstable, non-intuitive
> and not having features I've got used to ..

I think we can agree that the serious competitors to IE are Firefox or 
Opera. While I would strongly recommend Firefox, and you Opera, I think 
the best approach is to download both and give them a trial...

Remember - you can't judge based upon simply installing the browser, 
you'll need to add a few things. For Firefox, as described in my 
previous article. And yes, NoScript is a monumental pain in the backside 
when it first starts, but after a day or two of normal browsing you'll 
be likely to have your blacklist and whitelist set up. The only sticking 
point is that many major sites have multiple domains, for example the 
YouTube thumbnails are hosted at yimgs...


 > Oh, and I've not even got IE installed...

How'd you manage that, given that Explorer (the filer), is based heavily 
on MSIE.


> This is probably the wrong place for a browser war, however..!

Not a browser war, just trying to persuade one of our little family to 
take online security a little more seriously.


Best wishes,

Rick.

-- 
Rick Murray, eeePC901 & ADSL WiFI'd into it, all ETLAs!
BBC B: DNFS, 2 x 5.25" floppies, EPROM prog, Acorn TTX
E01S FileStore, A3000/A5000/RiscPC/various PCs/blahblah...
<< Previous Message	Main Index	Next Message >>
<< Previous Message in Thread	This Month	Next Message in Thread >>