back to article Firefox users caught in crossfire of warring add-ons

A protracted war between authors of two of the most popular add-ons for the Firefox browser has prompted calls for changes in the way extensions are written, after one of them admitted he added camouflaged code that disabled features in the other's program. In a heart-felt apology posted Monday, Giorgio Maone admitted that he …

COMMENTS

This topic is closed for new posts.
  1. dr2chase
    Unhappy

    All I know is that in the last few weeks,

    Firefox has been unstable as heck for me. There's one site in particular (work-related open-source project) that, about 10-20% of the time I visit it, Firefox crashes -- and this started after I upgraded a bunch of plugins. Mere correlation? or cause?

    So yes, effing well cut this crap out. Software's buggy enough without this added nonsense.

  2. tuna
    Coat

    Nerd Fight! After School Behind The Gym!

    Disgusting turn of events, hopefully some oversight @ AMO will keep this chit from happening again. Read G's apology, I'll accept that. Where's Wlad's apology? I trust(ed) both for my Intertubes security, will be losing the ABP if it turns out he's just another prima donna programmer who can "do no wrong".

    Mine's the one w/ the bulls-eye on the back.

  3. Paul Barnfather
    Happy

    A solution

    Uninstall both, try RequestPolicy instead.

    It won't protect you against malicious scripts on a website, but it blocks ads and 3rd party scripts.

    Better security and far less annoying than NoScript.

  4. raving angry loony

    Firefox

    Works for me - mostly. More stable than Safari or I.E., certainly. Main reason I use it is... NoScript and AdBlock. Until other browsers have similar functionality that allow me to control what gets onto my desktop, I'll probably stay with Firefox. I hate, despise and loath flashy adverts, and that seems to be the only kind that the insane running the asylum seem to understand. I occasionally try to surf with other browsers, and very quickly retreat behind my NoScript/AdBlock shields again to avoid the headaches caused by the epilepsy-inducing CRAP that the fucking morons want to spew at me.

  5. Andy
    Thumb Down

    Firefox addons....security nightmare

    This is something I've never understood with FF addons. The hardcore FF fan bois bleat on about how secure their beloved browser is, yet to enhance it (and this is apparently what makes FF so great) you get to install 3rd party addons that you have absolutely no idea what they are doing. Sure it says it's going to block some flash adverts and make you a hit with the girls but what's it really doing.....? Opening up some lovely big security holes? Skimming your contact list for juicy email addresses? Who knows.....?

    But that could never happen because it's all been vetted by some Mozilla flunkey's who approve addons and they never let anything get past them......oh hang on..... No wait they've got that covered now "..... each add-on would have to explicitly spell out all changes it makes to any other add-ons." A malicious code writer whould never lie would they!

    Or how about just host your crummy 3rd party addon away from Mozilla. Whose going to check it's been certified by Mozilla? A large majority of users, who FF are trying to aim at, will go "Oh wow! This addon changes every occurence of the letter "P" on a webpage into an animated GIF of an ejaculating penis! I must have this addon!" Great they now have penile websites and a whole truck load of malware too. Hooray the great security of FF

  6. Destroy All Monsters Silver badge
    Unhappy

    facepalm.jpg

    Ego wars? In my Browser?

    Oh well...

  7. Mike Powers
    Thumb Down

    I'm sorry, but This Story Must Be Wrong (tm)

    Everyone knows that open-source software authors never ever do anything bad or mean or stupid, unlike icky old profit-driven Microsoft. Therefore This Story Must Be Wrong (tm).

  8. Anonymous Coward
    Happy

    Taking responsibility

    Well, good for Georgio to change his attitude and understand just how egregious and untrustworthy his actions were. As of last Friday he wasn't so willing to admit that anything he had done was wrong, and I'm glad to see he's now putting personal responsibility before his ego.

    Here's hoping NoScript users and the Mozilla community give Georgio another chance. We all make mistakes, and I give him full credit for publicly admitting what he did was wrong.

    Geoff

  9. Robert E A Harvey
    Alert

    @andy

    >"Oh wow! This addon changes every occurence of the letter "P" on a webpage

    > into an animated GIF of an ejaculating penis! I must have this addon!"

    You could charge money for that. It'd sell.

  10. Kanhef

    @ dr2chase

    "a bunch of plugins" might be the problem. Turn all the extensions off and see if it still crashes. This could be a good argument for requiring more disclosure of what plugins do, to help prevent conflicts. It's not a new issue; pre-OS X Macs had extension conflicts and installers that didn't version-check before overwriting existing ones, and Windows users have suffered through the similar 'dll hell'.

  11. Nebulo

    Ah ...

    but while they were squabblibg ...

    Peer Guardian kept on blocking. Thanks, PG.

    El Reg, you need a middle digit icon.

  12. Kwac
    Thumb Down

    @Mike Powers

    Its true alright, but all this story demonstrates is that developers are human.

    Oh, and if the source code is available others can find out any nasty little surprises an application might have.

  13. SilverWave
    Paris Hilton

    Bollocks

    >Palant has yet to admit that it was probably a bad idea for Adblock Plus to disrupt NoScript updates.

    No one should down load extensions from a web site direct, they should be downloaded from AMO direct, cause anything else wouldn't be *secure*.

    As another user on a different forum has said:

    "1. NoScript quietly added a whitelist subscription to AdBlockPlus to enable supporting ads on the NoScript site. That was sneaky, underhanded and despicable. 2. NoScript _patched the AdBlockPlus code_ to enable supporting ads on the NoScript site. This goes _way_ beyond the pale. One plugin modifying the code of another."

    AdBlock was blocking Advertising D'oh.

    NoScript was hacking AdBlock!!!

    The good guys and the bad guys are easy to see if advertising doesn't pay your wage.

  14. Anonymous Coward
    Coat

    Can't blame the guy...

    Can't blame the guy for being pissed that someone else's plugin is preventing his from working properly. Petty bullshit though. think I'll stick to my NoScript/Proxomitron combination. It blocks 99% of the garbage on most sites.

  15. Anonymous Coward
    Anonymous Coward

    zip files?

    Are not firefox plugin xpi files just zip files so that you can see the code within?

  16. Ian McNee
    Flame

    *bleat-bleat* *whine-whine*

    <rant>

    What's that? Oh...it's just Paul Barnfather, Andy and Mike Powers chirping out of their butts about what they can't fill a postage stamp with regarding browser security *yawn*

    Yes of course this is a stupid little spat between OSS developers, but who the fuck are you lot to judge? Both NoScript and AdBlock have a long record of producing quality (as judged by the community, not some bean counter in Redmond) plug-ins that make a mass-market browser even more superior in comparison to its main (proprietory and standards-busting) competitor. In other words they've actually done something worthwhile for the rest of us. So: STFU.

    </rant>

    To the matter in hand...I'm not really interested much in who did what when - nobody's perfect - the fact is that as one of the biggest (and fastest growing) on-line threats is legitimate websites that have been compromised, NoScript is important while AdBlock is just nice (yes I know - ad streams can be poisoned before some pedant points it out - but that's a less significant threat). So let's hope these two patch things up, but if they don't AdBlock is on a loser as it's just not as important as NoScript.

  17. William Boyle

    Nobody's perfect

    Everyone makes mistakes from time to time - perfection is to be striven for, but likely never attained. What differentiates the good from the bad is how one deals with ones mistakes. To accept the blame and work diligently to rectify the situation speaks of someone who is of the former rather than the latter class of person. Now, if everyone concerned will just take a breath, communicate, and figure out how to deal with the natural conflicts in a way that benefits all users of these add-ons, then we are all the better for it. FWIW, I use all of the mentioned Firefox add-ons except NoScript, which I stopped using a couple of months ago because it was causing the browser to hang too frequently.

  18. BlueGreen

    agreed: William Boyle & Ian McNee et al

    Nobody's perfect & at least one admitted their mistakes. Credit where it's due.

    Problem lies deeper and I've said it before & say it again here because it has to be worked out - ads support sites. Without ads most sites will fail. Ads are scummy but if we remove them then we *must* have an alternative.

    The only one I can think of is obligatory micropayments (for sites, and for services such as adblock)

    That or a deeply impoverished web effectively owned by the big business that can exploit it.

    That's my take but there likely others. Let's hear them. It *has* to be worked out.

  19. Jimbo

    certification?

    I really don't want to propose iPhone Style Censorship, but existing model shows that something is not working as it should .... myabe "certified plugin" where certification comes from community would work

  20. Anonymous Coward
    Anonymous Coward

    the honeymoon is finally over

    Yanno, I expect petty shit like this from Microsoft or Google. How sad.

  21. Flocke Kroes Silver badge

    @raving angry loony

    Konqueror: Settings->Configure Konqueror->Java & Javascript: Can turn off scripts globally, by site or prevent the most obvious objectionable behaviour.

    Konqueror: Settings->Configure Konqueror->AdBlock Filters: Block all ads, or block ads by source.

    You can also use a user style sheet to fix the colours and layout of ugly websites, turn all cookies into session cookies, not install the flash plugin, change the browser id, and do all sorts of other fun things without using any plugins.

    Another excellent browser is Lynx: no java, javascript, flash, images or CSS - all without having to configure anything. There are lots of fun things you can do with /etc/lynx.cfg. Links and w3m have similar advantages to Lynx.

  22. Anonymous Coward
    Joke

    Re: I'm sorry, but This Story Must Be Wrong (tm)

    I can see that you are confused here. But I can help. Open Source is perfect. However, some coders do lose their way and become unfaithful to The Revolution. A little re-education is all that is needed in this case. But I remind you that your criticism of The Revolution is even more dangerous and will be dealt with promptly.

  23. Anonymous Coward
    Anonymous Coward

    Source argument (again!)

    "Oh, and if the source code is available others can find out any nasty little surprises an application might have."

    It's amazing how often this type of argument is trotted out, along with the if you don't like it you can change it kind of thing - the vast majority of people using firefox or anything else have no clue whatsoever about programming, nor should they need to. If any software actually expects users to do this, then it is simply not ready for mass market. I take it anyone that follows this of course will never, for example, use their own car unless they can take it apart piece by piece, understand exactly how every component in it works and then put it back together again (in a way that works)

    Don't get me wrong, I love linux and firefox, but this sort of attitude is one of the things that holds back adoption of these platforms. Until there is a realistic understanding that users simply don't know, don't want to know and don't care about how something works then that will continue. If something doesn't work quite write on windows/mac, then users will generally either look for an alternative or wait for an update. If they got responses from telling them that if they don't like it then it's up to them to make the changes then they will just run away from that as fast as they can .

    One other key point about this story - as the code was written in such a way to hide it from other developers, a casual glance by most people would not find anything anyway: "The code, which was obscured so it wouldn't be noticed by people who maintain the Adblock filter"

  24. James O'Brien
    Joke

    @Firefox addons....security nightmare

    Andy i think I speak for everyone here when I say this.

    Granted you havent stated if you hate macs and Jobs as well. But you put together a nicely worded rant against FF and OSS. You could feel the agression level rising with each sentence. Also I have no idea if he is still here, personally I don't think so seeing as I havent read anything from him in a long time. But I nominate you for the tital of Webster Phreaky the Second :)

    But I do agree with you 100%

  25. This post has been deleted by its author

  26. Nigel Wright
    Thumb Down

    This explains a few things

    Recently FF3 got very unstable for me to the point of being unusable and it caused me to spend many hours trying to resolve the problem. In the end I had to vape my system and restore entirely from a disk image I made some while back.

    The problem was extension settings were being continually lost, preferences were being forgotten and my password database was being deleted.

    I was unable to specifically pinpoiint the cause of the problem and it continued to afflict my sysem even with all extensions removed, but I had a feeling that it had something to do with NoScript or Adblock Plus. Sadly, I was unable to prove it and therefore was unable to mention this at the MozillaZine forums where I was getting a lot of help.

    In the end a system rebuild was required which, I could ill afford the time for.

    I suspect that somehow my system integrity, and more specificallly that of FF3 had been compromised.

    It's a very very poor situation for Mozilla to find themselves in and the individual extension author ought to be ashamed of himself. I won't be using his add-on any longer despite the benefits it presents.

  27. Anonymous Coward
    Stop

    @ Michael

    I use AdBlock and:

    1) I am not a freetard.

    2) I take showers.

    3) I am not a hippie.

    So, to summarise: 'Work it up your dirtbox, Michael'.

  28. Anonymously Deflowered

    @Michael

    Good points, well made.

  29. Anonymous Coward
    Anonymous Coward

    @andy / @robert

    >>"Oh wow! This addon changes every occurence of the letter "P" on a webpage

    >> into an animated GIF of an ejaculating penis! I must have this addon!"

    >You could charge money for that. It'd sell.

    I'd pay good money for it to be installed on the mother-in-laws computer...

  30. Anonymous Coward
    Anonymous Coward

    @BlueGreen

    Re. ad-blocking

    I'm sure most of t'internet users would agree that non-invasive text adverts are fine.

    But the ones that overlay adverts, blocking the actual site content (and even those that rearrange the text so it is disjointed and badly laid out), and those that constantly flash are worth blocking. Anyone that needs to grab that much attention isn't selling anything worth buying. There's a reason why i'll never visit Ryanair's website (aside from the naff service and hideous colour scheme of their flights).

    Would you like it if when you opened a print newspaper someone kept putting a take-away menu over the article you were reading until you visited the restaurant? Ok, so not quite so inconvenient to close the ad, but the principal is the same.

    Unless advertisers and content providers realise this, i'll continue to block ads.

  31. /etc
    Thumb Down

    Hosts

    Clearly NoScript is in the wrong. The Adblock guys were just making their extension do what it's supposed to do, but he was making his extension directly attack theirs. It is concerning -- and bad publicity for Mozilla, since it demonstrates that extensions are not sandboxed in any way and *can* interact with each other, even if they usually don't, because most developers have ethics.

    But you don't need an "extension" for blocking unwanted content. Get a list of the real low-lifes and put them in your Hosts file. Then you won't have to look at their trash in *any* browser.

    And Safari users should try this nice little Flash-blocker:

    http://github.com/rentzsch/clicktoflash/tree/master

  32. Anonymous Coward
    Unhappy

    Divisions...

    There's one detail that's kinda been glossed over, here. ABP is more or less a two-part extension - the ABP extension itself and the EasyList filter set that's typically used with it. These two parts are maintained by different people, and EasyList recently got a new maintainer after its original maintainer passed away.

    The escalation was mainly between EasyList and NoScript, though I'm pretty sure ABP's maintainer was aware of what was happening on some level. It seems EasyList's maintainer got a bit ham-fisted in his attempts to block NoScript's ads, causing some non-ad parts of NoScript's websites to be blocked. AFAIK, though, these weren't active for very long - Giorgio (NoScript's dev) himself noted that EasyList was being updated around 5 times a day at one point.

    Still, from a user's perspective, it was NoScript that crossed the line. Ham-fisted or not, EasyList was doing exactly what the user installed it to do - block ads. Giorgio decided to covertly sneak in and subvert other user-installed software to achieve his goals. He markets NoScript as security software, which generally implies a greater level of user trust than with more general-purpose software like ABP.

    NoScript can 'fix' its code quickly. But this breach of user trust can't be fixed as easily.

  33. Jason Bloomberg Silver badge

    Wladimir Palant apologise ? Why should he ?

    His add-on is there to block adverts. Someone goes to extreme lengths to allow their adverts to get through so he takes extreme action in return to prevent them. That seems fair enough.

    If someone else's business model for supplying their add-on relies on adverts then that's their problem. Almost any business relying on getting their adverts through can claim it's essential their advertising is seen and will do whatever they can to ensure they are seen. That too is fair enough in a dog-eat-dog world.

    So it's a war of attrition, like the battle between those who impose DRM and those who try and circumvent it. Bottom line; state of play in the world, much the same as it was yesterday.

  34. Anonymous Coward
    Stop

    Malone

    I decide what goes on my screen, not you.

  35. Anonymous Coward
    Paris Hilton

    Ca-hee

    This is one of the reasons why I distrust nerds. I fully understand why the US government had to keep all those WW2 nuclear scientists under armed guard. Nerds lie and obfuscate, and do things behind our backs. They are angry with society for spurning them, and so they set out to dominate a little part of the world from the safety of their bedrooms. They have a self-righteous rage, and an inflated sense of their own importance and worth. They are secretly plotting against us, and this little spat is further proof of that. They have to be watched and corralled.

  36. foo_bar_baz
    Thumb Down

    @andy

    So much anger... Or is it envy? Not to worry, IE is getting plugin support.

    I'm taken by your implicit trust in commercial software vendors, considering their stellar track record in violating privacy, selling snakeoil and general ineptitude.

    The reality is that zero day exploits appear for all browsers and traditional AV products are useless against them and of limited use in general. Disabling scripts is the logical action.

  37. Doug Glass
    Go

    @BlueGreen

    Well, let's see ... my computer, my money, my connection, my, my, my ad infinitum. But, that being the case, it's also my decision. And that being the case I choose to block, well, whomever I choose to block. Those sites that can't make without putting ads on my desktop just can't make it and they should be gone... let 'em die. One thing's for sure, if it's an idea worthy of existing as an internet site, some enterprising person will make it work no matter how I choose to operate my geeky possessions in my home, using my equipment, using my electricity, blah, blah, blah.

    If you feel you have an obligation to keep the cyberworld afloat via your geeky possessions then more power to you. As for me, I'll do it my way. After all, I'm the boss of me.

    .. end ..

  38. Antony Riley
    Stop

    NoScript

    I stopped using noscript when I found that even when I turn it off, it still breaks sites. I distrust software which doesn't have a working "off" button, strikes me the developer thinks he knows what's best for me, more than I do.

    Regards ad block plus apologising, I don't see why they should, they're just following their remit to block advertising. Noscript's site was allegedly carrying the famous "You have a virus, install fake-av-which-asks-for-money" style adverts, which included pop ups.

  39. Hugh_Pym
    Happy

    At first...

    ... I thought 'Oh shit, this give ammunition to "open source is open to abuse" brigade' and then I thought what actually happened is that somebody tried to use a hidden function to gain market advantage, he was caught, lost credibility (the currency of open source work), and the code was quickly removed.

    This happens all the time in the proprietary closed source software industry - except for the getting caught and fixing it part.

  40. Paul Barnfather
    Happy

    @Ian McNee

    Whoa, chill out man.

    NoScript and AdBlock are pretty wonderful. A little criticism and/or competition isn't going to do them any harm.

    My problem with NoScript is that once I've enabled scripts on a page, I don't seem to have much control over what they actually do (and what sites they connect to). RequestPolicy gives me some of that control, which is the reason it is worth a mention. It also works fine with NoScript, if that's important to you.

  41. Charles King
    Thumb Down

    ABP already inserts its own whitelists

    This spat has prompted me to take a closer look at the ruleset actually installed by EasyList (the default ABP subscription). Hello, there's a reasonably large section devoted to whitelisting sites, some where blocking ads would presumably break the content, but others just seem to enable ads for the sake of it. I wonder what it takes to get on the EasyList whitelist? I have no doubt that there are some larger sites who'd pay good money to know that their ads won't get blocked.

    Maone did some naughty things, but he's confessed and apologised. Palant and Ares2 seem to be playing a game that's a bit more sinister though.

  42. John Angelico
    Coat

    @Andy

    Well, duh!

    You have merely re-stated the essence of the software problem.

    The ultimate question is: whom do you trust with your data?

    It has been a problem since Adam was a lad (or in IT terms since Ada was a lang...)

    Yes, yes, the one with the wiring patches in the pocket, please...

  43. Steen Hive
    Stop

    @AC

    "the vast majority of people using firefox or anything else have no clue whatsoever about programming, nor should they need to."

    Actually I think you are completely missing the point. Joe Public maybe can't look into the guts of software that he uses, but the people that can, do. That sort of thing is called peer-review in other disciplines and it goes some way to freeing software from having fatal flaws suppressed for marketing reasons. Binary-only software is Thalidomide.

  44. Anonymous Coward
    Flame

    Ads? I think not.

    Sorry to disappoint everyone, but I will cheerfully continue to block ads from websites, skip them in television, throw out the circulars I get in the mail, and hang up on any and all telemarketing calls. I too practice good hygiene and pay for (at least most of) the things in life worth having.

    I wouldn't be so adverse (no pun intended) to viewing ads if there were some standards and/or rules to delivering them. I don't want to see an idiotic blinking ad stealing my attention from what I'm trying to read or watch. Do the marketing fools that generate these think they make their product stand out? Any product that advertises in an annoying fashion immediately loses points and most of its desirability to me by being displayed in this fashion. This goes quadruple for TV ads that have twice the audio volume of the program I'm watching, and anyone telemarketing anything.

    If there were rules that advertisers were forced to follow, I could and would tolerate ads, but by being as annoying and intrusive as possible you guarantee that I'll go to the same lengths to block your idiocy. Most of us wouldn't hang around with people that are like this, why would we subject ourselves to it in any other portion of life if there's an alternative?

  45. Sarah Bee (Written by Reg staff)

    Re: Ads? I think not.

    Obligatory "Ultimately I only have a job because of ads and so if everyone blocked them I would be on the streets with my dog and he's not really the street-dog type although in theory he would be quite charming and possibly bring in some decent wedge but still let's hope it doesn't come to that eh" comment.

  46. Andy

    @James O'Brien @foo_bar_baz

    @James O'Brien - Yeah, it did get a bit ranty. To be honest it was just a bit of being tired of being told how wonderful FF is and how secure it is. Then opening up a big hole by saying "Hey plug whatever you want in here." Now don't get me wrong plugins for additional functionality\customization are nice, but this is what everyones been ranting on at Microsoft for years for by letting 3rd party stuff mess with your installed apps. To be honest FOSS, Microsoft, Apple, or whoever all make imperfect software to various extents. When it falls to the point of having the user clicking to install something there's noting anyone can do.

    @foo_bar_baz - No, certainly not. As I say above no one makes perfect software. Whether companies or individuals have their own agenda or the software written is bad or intentionally malicous then I wouldn't give my implicit trust to anyone. This was more just a bit of dancing around after being told how holy FOSS. Bottom line is FOSS, Microsoft, Apple etc are all run by people. People are all governed by their own interests. Their interests may not match yours all or any of the time.

    ---------

    BTW the ejaculating penis GIF "P" substitution is my idea and I retain all rights to it ;p. There's obviosuly money to be made there :o)

  47. Chronos
    Stop

    Eh?

    "Regards ad block plus apologising, I don't see why they should, they're just following their remit to block advertising. Noscript's site was allegedly carrying the famous "You have a virus, install fake-av-which-asks-for-money" style adverts, which included pop ups."

    Um, no, he had three Adsense ads. If what you say was on there actually was, then Google is to blame or someone/thing has redirected Adsense to something else on your machine (physician, heal thyself). Either way, Giorgio isn't responsible for the content.

    I'm not defending Giorgio's actions, although I am shocked at the way he's been savaged by people who one minute thought his plugin was essential (it is. There are so many holes in Fx - all software sucks - that you have to mitigate at least the simple to implement attacks between updates) and the next thought that whitelisting his domains so the install and changelog links worked made him the antichrist. Ares2 has admitted, on NoScipt's own forum, that Easylist was, perhaps, a little too zealous and that those problems existed with the links. No, the hyperbole and exaggeration coming from the detractors is getting a little ridiculous and fail-worthy now.

    And you can bet your Moon Macrosystem (still giggling, you bastards!) that Giorgio's code is going to be audited by many, many eyes for the foreseeable. Accepted, most users aren't code-monkeys [1], but there are a fair number (what's 0.01% of a metric arseload?) who are. NoScript may even have its trusted status removed and have to sit in the sandbox for approval in future. AMO has already noted this SNAFU (how could they not with all the torches and pitchforks?) and made some policy changes.

    [1] Saw some really clever folks talking about forking NoScript, a very ambitious project that I wouldn't contemplate taking on, and asking all and sundry where the code repo is. There must be one to comply with the GPL, apparently, but the code was nowhere in sight. Christ on a bike, these people are so smart! I was so impressed...

  48. Jimmy

    And the winner is........

    These two bruisers have been needling each other for quite some time now as you can see from this example on Maone's website.

    http://hackademix.net/2008/08/03/rasps-vs-entrances-whistlers-curse-not-dispelled-yet/

    Typically, the Italian Stallion issues a sincere and gracious apology to all the users of his software while the Russian Bear sits sulking in the woods because the frailty of his programming has been exposed. Hopefully the outcome of this childish feud will be that Wladimir strengthens the defences in his extension and Giorgio sticks to trading insults rather than sabotaging other people's code. If that happens then all 'Fox users will continue to benefit from the tranquil surfing experience of Adblock and the enhanced security of Noscript.

    As others have indicated, the real bad boy on the block is Mozilla who have consistently failed to address the problem of extension validation and integrity. You would think that with all the Google money swilling around Mozilla at the moment some attention would have been paid to elephant in the room.

  49. Dave

    Shame

    What a shame that there is no sign of anyone picking up on the fundamental problem here - Adverts pay for hosting. Very few sites get enough ad revenue to actually make serious money, but equally few could survive without it, and in that sense, both AdBlock and NoScript and their ilk are ultimately self-defeating.

    Both Google and Mozilla itself depend on advertising, to pretend that it is only Microsoft, Viagra and Big Business that benefit from advertising is patent non-sense.

    <pedant>

    @AC: "I wouldn't be so adverse (no pun intended)"

    No pun delivered, either. The word is 'averse' (with no D).

    </pedant>

  50. A J Stiles
    Thumb Up

    @ Flocke Kroes

    I'm with you. Konqueror FTW!

    This fast, customisable, extensible, standards-compliant browser doesn't get nearly enough mention.

  51. Richard
    Joke

    My job depends on ads!

    If you don't allow this, I'll have to turn to dog-fighting or selling crack or even going to law school! Think of the children! (Mm, delicious.)

  52. Anonymous Coward
    Anonymous Coward

    All I know is

    I tried out Chrome briefly and within mere minutes of commencing a pr0n sesh (in the much-vaunted pr0n mode) it dl'd a trojan installer. Which reminds me, I thought pr0n mode in Chrome was meant to be sandboxed?

    Bottom line is I don't care about how annoying addons like NoScript can be, or what feuds are causing minor inconvenience for their users, I went straight back to FF+NS+ABP.

    And to the person who claims FF addons are a huge security risk: If you balance the security risk vs the benefit of addons such as NoScript I think I'd still rather have them than not.

  53. Anonymous Coward
    Flame

    Taking issue Sarah......

    ...but all the ads in the world are not going to make me buy more stuff or even more of the stuff I already buy. When I need to research stuff I do but I read reviews not ads. Having lies about the stuff thrust into my face every time I go on line will only make me even more bitter and twisted than I already am.

    An example, when I read a Formula 1 site, having ads displayed for (spit!) football or (spit!) cricket or (spit spit spit!!!) boxing is pointless and will simply make me take my business elsewhere.

    And don't go on about click through payments, I have never clicked on an ad deliberately and am not about to start now.

    I don't watch ads on TV either, and zap through them on the PVR whenever I can. They certainly don't make me want to buy anything.

  54. Anonymous Coward
    Anonymous Coward

    Hmm...

    @Brian Morrison: Adverts don't affect you? so:

    What helps you work rest and play?

    What is good for you?

    What can you eat between meals without ruining your appetite?

    What colour is the gentleman of large stature who advertises sweetcorn?

    Who makes (made) computers that are 'designed well, built well'?

    Which company 'invent'?

    Who puts the dot in dot com? (well, not any more)

    What did Eva Hetzegover (can't spell) cuase car crashes with?

    Which company goes ding-cha-ch-cha-ching?

    I could go on, suffice to say that adverts do work on you, they work on everyone, even if just to raise awareness of brand.

  55. John Sanders
    Thumb Down

    What about not being able to uninstall commercial extensions?????

    Hey, have anyone else noticed those Microsoft .net extensions, Skype extensions and the like that can not be uninstalled????

    Why does Mozilla allow for unremovable extensions????

  56. Why

    Ain't nothin' goin' on but the rent.

    I didn't used to mind web advertising, but I got sick of pop-ups and when popup blocker was written I installed that. Animated gifs with the infuriating boxes with windows close x that would not shut when clicked, when okayed, when no'ed but would instead take you to some stupid site which would open six windows, that is not on!

    On old IEs multiple windows meant six separate instances of IE,which caused hangs! That sort of attention seeking behaviour, poorly written routines, bullshit about winning some prize - it all dictated my decision to install the addons. And why not?

    The presence of so many ads on a site slows my connection to a crawl, I have to have Javascript disabled by default in Opera because certain ad heavy sites crash the memory.

    Of course I went for ABP ABP and NoScript in FF keep me happily oblivious to that intrusive commercial nonsense. All of that crap - sails by me and my CPU and RAM. Any video on the beeb's site is not watched, any youtube link is not clicked, the background noise is tuned out.

    When the great Indie 103.1 radio station's flagship show "Jonesy's Jukebox" was on the web, host Steve Jones, Sex Pistols guitarist used to refer to the station's ads as "The Duke of Kent," which was Jonesy's Cocker-er-nee made-up rhyming slang for "The Rent." That's how the station was largely funded. By corporates. If corporates withdraw their vast backing from sites like the reg, would it too fade away?

    Perhaps I'm a freetard, maybe. A freecycler. :thumbsup There are occasions when I have visited a site and clicked on a link so that a guy can get his few click through the shekels by visiting his sponsors...

    To keep Sarah happy I will now disable ABP on the el reg page to see what I'm missing...I suspect its not a lot...

    That is all.

  57. W

    Even though the tongue was (as far as I could tell) only half in the cheek....

    Re: Re: Ads? I think not.

    The purpose of my letter box in my door on my flat is to allow the receipt of letters. What gets posted through it might end up being either from a previously approved source or it might be unsolicited mail.

    Unsolicited mail largely takes one of two forms. Either (a) the "junk-mail missives, telling you you've won a prize, professionally junk-mailed en-masse", or (b) the "flyer from local take-away, hand-delivered by the take-away itself".

    Codes of practice, such as the Mailing Preference Service (MPS) are in place to prevent the arrival of type (a). I can't do much about type (b), but the chances are that if a local company or charity has taken the trouble to physically post something through my letterbox then it'll at least be of passing interest. If not, the volume is such that binning the odd unwanted one does not become an annoyance.

    Sometimes mail of type (a) {e.g. a stack of yellow pages}, or (b) {e.g. a strewn pile of take-away flyers} gets dumped in my shared hallway. On those occasions, they all get put straight into the bin. I won't even keep a copy for myself. I don't support lazy, littering companies like that.

    Ironically enough, the letterbox analogy does not extend very well to my email inbox. There are ways to avoid spam, but it takes some doing to avoid it totally. This is why there is a big shift away from traditional email toward social networks and tools like facebook and twitter, where the influx of spam is overwhelmingly minimal in comparison (so far).

    At this point, it's worth mentioning that developing a mailing list (snail-mail, email or their modern counterpart, an RSS feed subscription) has proven to be one of the strongest ways to communicate with potential customers. They've specifically put you on the whitelist and asked to be informed. But beware. Do not abuse the trust extended to you by the subscriber, make your communication worth receiving or they will simply unsubscribe.

    So that's mail covered. What about the times I leave my house?

    Well, it could be said that many websites are much like a modern version of magazines or newspapers. Paid for mags and newspapers have adverts and often have inserts too (the equivalent of shouty Flash pop-overs on websites). Note that while inserts and flash ads have the most 'LOOK! LOOK AT ME!' effect, but they're also easily detached from core magazine content and thrown away quickly.

    This is where commercial websites relying on revenue from paid advertisers are abysmally undermined by those who are aware, willing, and able to deploy retaliatory technology.

    Private or small-scale websites can get away with adverts because they're hosted by the site themselves. Much like the hand-delivered take-away flyers in letterbox example (b) above.

    But now I hear you saying "Most websites are free, not paid for like national newspapers and magazines."

    Well it is accepted that the paid for mags and newspapers' star is seriously on the wane, and freebie magazines and newspapers are in the ascendancy. The freebies manage to get by simply by cutting corners on content by parroting stories already published elsewhere, by presenting thinly veiled commercial press releases as news, by running advertorials and by running heavily sponsored or syndicated editorial content.

    The freebies are primarily popular because they're free to the consumer (der!). Some of the consumers of these freebies can't tell the (ever decreasing and diminishing) difference in the quality of the news reporting and journalism. The others don't care. We can sneer at the quality of Shortlist Mag or The Metro all we want, but they're popular.

    El Reg and all other websites that rely on served ads are the online equivalent of the freebie papers. (Except online ad content is much more easily filtered out.)

    Though having said that, whenever I happen to read The Metro during my commute, I know that after the reviews and listings there will be a few full page adverts for car dealerships, Virgin balloon flights, and other assorted stuff that's never of any interest to me. Now, I've now gotten used to automatically skipping those pages. So when I've read the listings, pages, I Adblock by flicking to the back, and jumping to the sport section. Although lately, the use of disproportionately huge pictures of sportsmen holding Setanta Sports cardboard cutouts with telephone subscription numbers as an accompaniment to their sports stories has deterred me from reading the sports section. And elsewhere, there have been adverts with irregular edges that have spilled into the body text. They get a wide berth too. Is this ad-avoiding reading pattern *so wrong of me?*

    In fact, the more crude and automated the techniques used to serve ads become, the more likely it is that those ads can (and will) be blocked out by those that want them. Simples innit.

    Accept it. El Reg is not a peer reviewed journal. It's not a book. Aside from a few absolutely excellent articles, you're a casual diversion from my working life. Half of the enjoyment of the site is derived from (the unpaid labour of ) the comments section[1].

    Note to Reg moderation: I'm no 'freetard' p2p downloader, hippy, or any other other cliche that might spring to mind. I'm just someone who recognises the nature of supply and demand when it comes to the written word. Congratulations on the The Reg staffers' ability to earn a living doing what they enjoy doing. I enjoy reading it, and I wish you well. I might even go and buy one of your T-shirts in order to spread the gospel of El Reg. :-)

    [1] I wonder if Orlowski's articles don't have comments enabled due to because he's been such a critic of the something for nothing culture of the internet and doesn't want to be hypocritical... ;-)

  58. Anonymous Coward
    Anonymous Coward

    @Fraser

    What helps you work rest and play?

    Your mum

    What is good for you?

    Your mum

    What can you eat between meals without ruining your appetite?

    Your mum

    What colour is the gentleman of large stature who advertises sweetcorn?

    nope, yellow? That would make sense as sweetcorn is yellow...

    Who makes (made) computers that are 'designed well, built well'?

    Your mum

    Which company 'invent'?

    Your mum

    Who puts the dot in dot com? (well, not any more)

    Your mum

    What did Eva Hetzegover (can't spell) cuase car crashes with?

    Your mum

    Which company goes ding-cha-ch-cha-ching?

    Your mum when I show her a penny

  59. Eddie Johnson
    Linux

    For everyone who thinks you should always install new updates

    I'm assuming this never hit me because I'm still running NoScript 1.8.7 and it says 1.9.2.6 is available. From my point of view the whole OSS code review system worked. The news broke before I got around to installing the borked version.

    Maybe the lesson here is to slow down and not install every last update you are ever offered. Read the notes, determine if there is a clear benefit, and don't believe blanket, "more secure than the last version" type statements such as MS is prone to making.

  60. Eddie Johnson
    Happy

    @Fraser

    The ONLY one of those I know is "Invent" and that's not from ads, that's from visiting their website to download drivers. I too do not see ads on TV or the net. I read them in the newspaper when they interest me. I'll read a pulled ad but don't push them at me or I will rebel.

  61. Stevie
    Joke

    Bah!

    We demand Thunderdome!

    Two gits enter, one git leaves. Then we put that one on a donkey wearing a mardi-gras head and send them both into the desert.

    Better still, we put the mardi-gras head on the Git instead of the donkey.

    Let's face it: we don't need another hero like these idiots.

  62. Jim

    Adverts are not needed

    @Bluegreen and @Michael claim the web requires adverts, why?

    When I climbed onto the web back in 1996 there were effectively no ads. Granted the web was a much smaller place but, in my onion, it was a much better place. The sites that were there wanted to be there. They had few motives other than the desire to communicate free from the corruption of the big fat liars of the advertising industry.

    It was still easy to purchase goods and services. Retailers had their websites so if you wanted to buy something you located their website. You did not need to be conned into buying some shit you never knew you wanted in the first place.

    Some will say that there would be no news without ads, possibly meaning no Register, so be it.

    I recall places like Tom's Hardware in it's early days as an enthusiasts blog - before that dreadful word was invented. That is the legacy the current rubbish that is Tom's Hardware trades off. It's no longer worth reading since it has been corrupted by advertisers and business.

    I want the web back in the hands of the users not the corporations.

    It could still happen. The nice thing about the web is that ideas like Adblock can become widely known about so that enough people will start using it, or something like it, to make current web advertising redundant.

    Does this make me a Freetard?

    If that means the web is freed from the clutches of the unquenchably greedy parasites of big business and advertising, then I will wear the moniker of Freetard as a badge of honour.

  63. Anonymous Coward
    Thumb Down

    @Fraser...

    @Brian Morrison: Adverts don't affect you? so:

    What helps you work rest and play?

    No idea.

    What is good for you?

    Everything I'm told isn't.

    What can you eat between meals without ruining your appetite?

    Couldn't care less, I have a big appetite.

    What colour is the gentleman of large stature who advertises sweetcorn?

    No idea, don't eat the stuff seeing as it emerges unchanged it clearly is a waste of chewing effort.

    Who makes (made) computers that are 'designed well, built well'?

    No idea, that wouldn't be one of my criteria for purchase anyway.

    Which company 'invent'?

    One that probably doesn't, but thinks we need to be told it does. I have no idea who.

    Who puts the dot in dot com? (well, not any more)

    Bah! dot com, spare me puhleeeeze!

    What did Eva Hetzegover (can't spell) cuase car crashes with?

    I have no idea, Eva who?

    Which company goes ding-cha-ch-cha-ching?

    One I won't do business with, I care not a whit about that stuff.

    I could go on, suffice to say that adverts do work on you, they work on everyone, even if just to raise awareness of brand.

    I'll only accept branding if I can apply the hot irons to the marketroids.

  64. blue
    Stop

    Stop It

    Well, Maone did appologise (rightly) so I forgive him. It's easy to make mistakes and stupid to hold grudges once error has been admitted.

    I visited the noscript site after his retraction and appology and decided as a show of support to whitelist his site. I clicked on the adblockplus icon in my statusbar and selected "disable on noscript.net" and ...

    and...

    Instead of the adblockplus icon turning green, like it does in every other whitelisted website, it stayed red. The only thing that worked was to whitelist on a page by page basis - then it turned green.

    Congrats to the easylist people on breaking adblockplus. It's obvious who the bigger person is in this matter, and it's not Palant.

  65. Dave

    NoScript Adverts?

    I have to say I never really bothered looking at the page. I was aware that updates to NoScript caused it to open a tab when I restarted the browser, but most times I'd click the little X and close it before it had even finished rendering so I didn't even notice what was on the page. I guess if he's being paid per ad fetched then some money got made when I restarted the browser, but as I only tend to do that when it crashes, it's not often.

  66. Anonymous Coward
    Anonymous Coward

    @AC 14:55

    Let out of school early today then? Or did you just not bother to go?

  67. BlueGreen

    @AC 08:03, @Doug Glass, @Jim

    @AC: You're quite right to make that distinction between offensive and muted ads. I hadn't considered that, my mistake.

    @Doug Glass: "...my, my, my ad infinitum".

    "me, me me", yes I know your type. but anyway, let's see, you paid for the computer, your connection, your electricity - but not the websites which with your computer/electricity/connection you browse.

    And consider how is your "enterprising person" going to look on a market which has died through lack of a funding stream.

    Perhaps you'd best set up some of "my websites" and fill them with interesting stuff so you'll have something to look at if/when there's bugger all left.

    @Jim: please read my post again. I didn't say ads were required (I said it's either ads or micropayments AFAICS, and FTR micropayments seem preferable to me) and your "unquenchably greedy parasites of big business" is reminiscent of my "...deeply impoverished web effectively owned by the big business that can exploit it."

    There's too much good stuff out here. The web is genuinely one of the best things ever to happen (and the worst sink for free time imaginable). I'd like to keep it. And Ms. Bee would like to keep her job.

  68. Bob Starkey

    @Fraser

    I use FF primarily because of these two extensions so I'm dissapointed. But I'll still use them cuz the options are horrendous -- at least to me.

    And I don't know what ANY of your examples relate to. I'll read ads that pull me in. I stop visiting websites that push crap out.

    I've cut off Flash-driven sites because they don't let me use the web the way I want, only the way they want. What good is a tab-based browser if you can't right-click to open an item to a tab?

  69. Anonymous Coward
    Anonymous Coward

    Open Source!?

    I thought open source was all about coding for the good of mankind? Either you think all software should be free, or you expect to get paid. You can't have your cake and eat it

  70. Anonymous Coward
    Thumb Down

    Open source has its limitations, y' know

    Just suppose you were paying real money for a security suite and the company selling it to you pulled a stunt like this. Their reputation would be out the window and users would leave in droves for competitors' products.

    So what' s the different here? The lack of competitors, that's what. Open source works well while there's competition to be the best, but once a single product emerges as victor, you have to put up with carp like this. It's Microsoft all over again (except even they wouldn't be as blatant as this).

    I sometimes wonder what Linux will be like in the future once all the code's been written and it's defeated Microsoft and Apple on the desktop. It's a dream, of course, but is it even possible, or will all the coders lose interest in being the best once the element of competition has gone? Will they just sit around pulling stupid stunts like this to keep themselves amused instead?

    Utterly childish.

  71. SilverWave
    Go

    EasyList & EasyPrivacy nice :)

    Oh and for AdBlock Plus subscribers to the EasyList you may want to add a subscription to EasyPrivacy as well.

    http://easylist.adblockplus.org/

    Adding *$script,third-party maybe a good idea as well...

    http://adblockplus.org/blog/third-party-javascript-yes-it-is-a-security-risk

    Although RequestPolicy looks like it may do this job better.

    Oh well this whole mess may turn out for the best :)

    Booted NoScript as untrustworthy and learned a bit about AdBlock cool.

  72. SilverWave
    Linux

    Open Source is just like Open Science

    Peer review is the key.

    You can still do bad science and bad coding its just easier to spot and correct.

    Also just like in science you get to stand on the shoulders of giants.

    How may time have closed source apps tried to pull a NoScript and we just haven't known?

    The ones that are spoted are called malware.

  73. Wortel
    Pirate

    Heh

    So much fuss. He apologized and as far as I'm concerned he is forgiven with a pat on the head; he had the guts to stand up and admit his mistakes, now that's character.

    As far as Easylist goes, default what? I clearly remember being asked to pick from a list of providers when installing Adblock Plus, and I picked Dr.Evil. Does what it says on the tin. Together with NoScript I have a happy and fast, crash-free browsing experience on all my computers.

  74. Anonymous Coward
    Anonymous Coward

    Just Firefox users?

    It's not the only war going on in extension land, have a look at Foxmarks, which has recently been rebranded to Xmarks, and had a massive data mining feature enabled from which you can only opt-out after the fact. Much greater problem than this NoScript/Adblock war which has already fizzled, while 'Xmarks' is still happily trundling along ignoring the angry voices.

    Their little miner happily runs on other browsers too.

  75. Michael

    @ kwac

    "Oh, and if the source code is available others can find out any nasty little surprises an application might have."

    Only if you verify that the source code that was made available is in fact the code that was compiled to produce the extension you just installed. And what proportion of FF users do you think actually do that?

  76. OneTwoThreeFour
    Black Helicopters

    Uninstalled

    Enough said.

This topic is closed for new posts.

Other stories you might like