Dear Adblock Plus and NoScript Users, Dear Mozilla Community
Posted by: Giorgio in Mozilla, NoScriptI screwed up. Big time.
Not just with Adblock Plus users but with the Mozilla community at large.
I did something extremely wrong, which I will regret forever.
I abused the power and wasted the enormous trust capital gained by the NoScript add-on through the years to prevent Adblock Plus from blocking stuff on four internet domains of mine, without asking an explicit preemptive user consent.
This is absolutely inexcusable. Something I would never conceive again for the life of me.
Please let me apologize first, then briefly explain what happened from a slightly different point of view than Wladimir Palant's, then apologize again.
You may ask why it took me so long to post something about the infamous Adblock Plus whitelisting incident here.
I've been quite busy all Friday night up to 11 AM of Saturday, apologizing with NoScript users one by one through facts, by hurrying out the 1.9.2.6 update which automatically removes any Adblock Plus related configuration with no questions asked. Then, after a couple hours of sleeping, I tried to answer some questions left open in the public forum thread where discussion about my admittedly stealthy and borderline reaction to EasyList's attack on my web sites had been politely going on and leading to an acceptable solution, before Wladimir decided to invite Reddit, Slashdot and Digg to the party. Furthermore I'm still coping with a huge backlog of email messages: I've never left a NoScript-related email unanswered, and the fact some are (legitimately) less kind than usual now is not a good reason to give up.
Preamble
The development of NoScript is sustained both by donations and advertisements published on a few related web sites in four domains (noscript.net, flashgot.net, informaction.com and hackademix.net). I've never tried to hide the latter revenue stream, as you can see in this very old FAQ about NoScript's default whitelist, which Wladimir loves to rehash every time he has a chance to depict me as a hypocrite driven by greed. What I really think is that while ads are important to support NoScript development, users' ability to block anything displeasing them is much more important. Deciding what is their prerogative.
Adblock Plus is meant to block ads, but it doesn't block anything by default. In facts, according to its own author, it's meant to block obnoxious ads, implying it's up to users to choose which ads are acceptable and which deserve to be annihilated. I couldn't agree more with this "user choice is the king" principle, even though I recently abdicated to it myself by doing the odious thing we're talking about here.
When users install Adblock Plus, though, they are encouraged at subscribing so called filtersets, which choose for them what's good and what's bad. EasyList is the most popular of these filterset subscriptions. When something is blocked by a filterset like EasyList, stuff just disappears from the page without notice. There's a "blockable items panel" you can open to check what's going on, but you never get any notification. This is still good as long as either what disappears has been a choice of yours, or the filter subscription did a perfect job guessing what can interest you and what cannot. Otherwise you don't even get to know something is missing and why.
For some time my sites used a publicly known Adblock Plus bug to work-around EasyList's generic filters against Adsense and display their Google Ads boxes, even though Adblock Plus users could still easily block them if they wished to by adding their own custom filter. Furthermore, NoScript users could even more easily remove those ads all at once by just forbidding googlesyndication.com. In other words, this "trick", as Wladimir calls it, put the choice back in users' hands.
About 2 weeks ago Wladimir decided this had been going on long enough: the Google boxes supporting NoScript had to be shut down for good. So, rather than fixing his Adblock Plus bug, he asked Ares2 (the new Easylist maintainer, after Rick752 passed away) to nuke them by specifically targeting NoScript sites. When I noticed this, I thought it was Ares2's own initiative (new person, new mentality), but Wladimir finally clarified this point in his Friday's post:
I suggested that EasyList should be extended by a filter to block ads specifically on NoScript’s domains. This finally happened two weeks ago.
All this time I couldn't imagine that he had been behind Ares2 from the start, otherwise I would have just asked Wladimir why he was sniping my sites, rather than coding a more reliable Adblock Plus version. Instead I began tracking EasyList changes and counterreacting. Of course Ares2 didn't stop, nor I did, so we engaged in an escalation through more than 30 EasyList updates (even 4-5 per day) specifically aimed at my sites, with filters like these (yes, stacked all together):
/flashgot.net/*$script,subdocument,xmlhttprequest
/hackademix.net/*$script
/noscript.net/*$script,subdocument,xmlhttprequest
/oss.informaction.com/*
informaction.com/*$script,subdocument,xmlhttprequest,domain=flashgot.net|noscript.net|software.informaction.com
flashgot.net#*(href*=informaction)(href*=com)(href*=%62)
flashgot.net#*(href*=informaction)(href*=com)(href*=flashgot)
flashgot.net#*(href*=oss)(href*=informaction)(href*=com)
flashgot.net#ul(class=tla)
noscript.net#*(href*=informaction)(href*=com)(href*=%62)
noscript.net#*(href*=informaction)(href*=com)(href*=noscript)
noscript.net#*(href*=oss)(href*=informaction)(href*=com)
If you've got some familiarity with Adblock Plus filters, you'll notice any standard web technology beyond basic HTML/CSS (scripting, frames, AJAX) was completely disabled.
They got to the point where users could no longer even see the regular links to install NoScript or FlashGot.
Crossing the Dirty Line
As you can imagine I was quite pissed off then. Blocking my ads was one thing (it's EasyList's job, after all -- I was just surprised of being so popular to deserve such a dedicated treatment), but disabling any dynamic feature and destroying essential site functionality such as install and development build links was a different story.
Mind you, I'm not trying to justify my actions here. They are unjustifiable, and anger is hardly a justification for anything, but since I've been accused of having acted out of pure greed I need to clarify that it was not my prevalent feeling at all, even though I won't hide that EasyList's crusade had actually cut the NoScript development funding by a substantial amount.
So I had this crazy idea of retaliating against EasyList "from the inside", and in my blindness I did not grasp that I was really retaliating against my own users and the Mozilla community at large. Even worse, my hacker attitude led me to dig directly in the low level Adblock Plus internals where filters are enforced, assuming there was no "interesting" API to hook (more on this later). Therefore, while I was about to release a long awaited feature (bookmark-based synchronization), I took 10 minutes to add a small piece of code (mrd.js) which implemented my own "hand made" whitelist, working around those filters targeted to my sites but leaving the Adblock Plus functionality otherwise intact.
I included also an about:config preference (noscript.mrd) to deactivate this "feature": it was meant for an user interface to follow up, but I've been foolish enough to defer its implementation and perform a stealthy "test drive" instead, while trying to figure out the best way to go public afterward.
When I pushed the "release" button, my soul was already damned.
Digression 1: AMO
Some of the thousands who commented on this issue so far argued that AMO should have reviewed the code or at least test the package before releasing it to the public. This did not happen, and I want to clarify it's not AMO's fault. Nobody from AMO even saw the release passing by, because the extension was considered "trusted", i.e. not needing any approval for exiting the so called "Sandbox".
This kind of "trust" is not related to malware, but to quality assurance: if an extension demonstrates to be tested enough (e.g. because it has already many beta testers) it gets approved automatically, alleviating AMO editors' huge workload. Either way, with my insanity I betrayed this "trust" as well and put AMO in an awkward position.
I apologize with to the AMO staff people, whose hard and continuous work constantly improves the Mozilla ecosystem, and with all the other add-on developers: now I realize that the general security of the Mozilla extensibility system is being questioned because of this incident. Believe me: I didn't even considered such a fallout as a remote risk. I've been too much enraged and stupid to think about all these consequences. Please forgive me.
Digression 2: Obfuscated(!)
Wladimir wrote:
When I investigated this issue I couldn’t believe my eyes. NoScript was extended by a piece of obfuscated (!) code to specifically target Adblock Plus and disable parts of its functionality.
There are several parts of his post and comments who would need an accurate rebuttal, either because overstretched, subtly smearing, spreading FUD or just plainly false. But this post is about my sins, repent and begging forgiveness, so that will have to wait.
However the "obfuscation" argument deserves to be treated right now, because it's very pertinent to the facts we're discussing here and hinting about the real nature and extent of my intentions (while no way this is meant to mitigate the judgment on my actions). I already answered in the forum to direct questions about this so called obfuscation, but let me summarize here.
While writing readable code may not be my primary skill, the code Wladimir analyzed was hardly obfuscated, not at least in the traditional computer-related meaning of "making it unreadable to fellow coders": in facts it's even nicely indented, and identifiers (function and variable names) are concise but yet meaningful enough. Some data had been actually made harder to read (i.e. ABP's id and the CSS rules template for element unhiding) even though by a very simple and recognizable method (unicode hex encoding), not to target code reviewers (who would understand it at first spot, like Wladimir did) or users (who would not read it anyway): the quite self-evident recipients of this "obfuscation" were EasyList maintainers and Ares2 specifically. My (ingenuous and stupid) intent was checking how the system worked "live" but far from his eyes, and in the meanwhile searching for the best way to turn it into a public "feature", e.g. by building an user interface around the noscript.mrd preference.
NoScript's Black Friday
The rest of this story is quite well known and documented: while I was on a disconnected weekend trip, I took some time looking more broadly at Adblock Plus code, and I slapped my head when I found a public API meant to allow just that after all: adding external filtersets from another extension (it was meant for Filterset.G, apparently) and making them visible and easily manageable from Adblock Plus' own user interface. So when Wladimir contacted me with a friendly mail about my alleged malware, I offered using that API as a quick solution. He answered that it was OK by principle, but since NoScript was a security add-on users should have been asked and a prominent disclaimer about this "feature" be added on the AMO description. Since I had no problem with giving users all the information in the open, included detailed removal instructions (two clicks), but was concerned about the annoyance of a blocking nag box on startup, I replied
I'll inform users about the added whitelist filter both in the AMO description and on the landing release notes page [automatically shown after updates], where I'll provide them also with instructions to remove it.
He did not answer anymore, so I assumed he had no objections. And this was my second big mistake.
This "open" approach went in a beta (1.9.2.3) and then in a stable release (1.9.2.4). But almost immediately after releasing it, I realized that this was not enough and expressed my intention to add to NoScript an explicit startup prompt asking once forever if user wanted to keep/install or permanently remove (also retroactively) the filterlist. This was announced on friday morning (Italy time), and was planned to be done in 24-36 hours (on Saturday), but unfortunately 10 hours later was already too late. The email from an AMO representative, suggesting to add an opt-in dialog in the next version, found me (at 3 AM local time) already working like a night owl to hurry out NoScript 1.9.2.5 which implemented it retroactively (more than what AMO was actually asking for). At 7.05 AM I finally announced to him 1.9.2.5 was in the AMO Sandbox, waiting for approval. Unfortunately in the meantime too much stuff had already hit the proverbial fan, so he informed me that adding the opt-in dialog was not enough anymore (something I had been realizing myself while I was coding and my inbox kept growing with a bad smell):
We've given this some thought and came up with the following policy after internal discussion as well as discussion with the community:
http://blog.mozilla.com/addons/2009/05/01/no-surprises/
From what we understand of your filterset install, your filter change is unrelated to the functionality of your add-on and will be rejected. I'm asking you to remove this functionality and retain the retroactive box. You can include a link to the filterset on your first run page but as far as in-extension functionality, we won't allow this on AMO. Please let me know your thoughts.
At that point my answer was immediate and almost relieved, because 1.9.2.5 was already available on my site, but 1.9.2.6 (with much more drastic cleanup measures) was already in my mind as the most honorable offer to make my users as a sign of repent:
I'm OK with removing the functionality.
If you don't mind, could you explain what exactly you mean by "retaining the retroactive box"? Could I just delete the filterset on startup, or I need to do something else?
Sorry to waste your time, but I'd want to be sure before creating other useless code at 7:34 AM after having spent all the night on this issue (for my fault, of course).Many thanks!
After receiving an enthusiastic OK on this resolution, I wrote the apology that every NoScript user (even those who didn't know about all this mess yet and/or had no Adblock Plus installed) was meant to read on automatic update page, dared a (painful) look at Slashdot, Reddit, Digg, NoScript's AMO page and my own forums, had a much needed shower, kissed my spouse and my child and finally headed to bed (about at 11AM) to sleep a couple of hours.
Saturday Night Fever
When I woke up, the sky was still falling (especially on AMO, where NoScript had received more ratings than in 4 full years of life). But I also noticed some unexpectedly encouraging email was coming in and, incredibly, donations were skyrocketing. Maybe the sincerity of my sorrow for this incident was arriving to someone. So I started multitasking between the forum and this very writing, and here we are.
Obviously there are still many things to do, but I desperately hope abandoning NoScript development is not among them.
One is this blog post, which I should finally be able to publish in minutes.
Another is setting up a publicly accessible code repository for my extensions, something I procrastinated too long but suddenly became a top openness priority.
Other ways to try regaining NoScript's user base's trust will probably come to my mind later, and any suggestion is welcome.
But back to the main topic of this post.
I beg you to accept my most sincere apologies and believe in my shame and contrition.
I know I've done something horrible, creating a scandal like the Mozilla community never had faced before and betraying the trust of many, many people.
Please help me to repair the damage I've caused with my errors.
May 4th, 2009 at 3:45 am
As both a NoScript user and an Adblock Plus user and overall Mozilla user, I am glad to see this and thank you for taking every step to remedy this. Kudos.
May 4th, 2009 at 4:26 am
Disculpa y explicación del creador de Noscript
"I screwed up. Big time." Giorgio Maone, creador de Noscript, escribe un post ofreciendo su punto de vista acerca de la modificación de los filtros de Adblock por parte de su extensión. Relacionada: meneame.net/story/creador-add-on-noscript...
May 4th, 2009 at 4:35 am
I personally don't use NoScript so I'm just an observer here, but I think it's good that you're coming clean like this. What you did was stupid and you're admitting it. I think a fair portion of your user-base will forgive you, though another large hunk of them are the paranoid-type so I wouldn't expect this to all go away so quickly.
I think a large part of the outrage associated with this is merely users realizing that extensions are not, never were, and never are going to be sandboxed from the browser and eachother. Much of the shock I've heard is just that one extension disabling another was even possible. Yes folks, extensions can do anything... that's sorta the point.
Adblock plus blocks ads and EasyList lists ads to block. It's fairly straightforward. Trying to go against this is futile. My guess is no one would have minded if you had just asked nicely with a prompt for a whitelist, but then again I don't know how many people would actually agree to it. Truth is that trying to be ad-supported in Firefox is an idea which was bound to run into this problem sooner or later. The entire concept of Internet ads has long since worn out its welcome to most people, way past the point at which anyone cares who's ads are blocked. People are well aware that many ads murder their system performance and some have been known to even do rather malicious things. The sledgehammer method of just disabling everything, no exceptions, is what is now commonly employed. That philosophy is what began this drama when applied to you, and frankly with regard to scripts that's NoScript's philosophy as well. Only difference with ABP is that while you can just right-click on the icon and whitelist anyone you like, very few people feel the need to. You can ask nicely and maybe you'll get a few, but doing anything more than that is clearly not going to be tolerated by your users.
May 4th, 2009 at 4:36 am
Thanks for stepping up here.
May 4th, 2009 at 4:36 am
Thanks for putting your side of the argument Giorgio, and for the apology. Don't despair or let this get you down, just work to ensure that Noscript survives this hiccup. The whole episode has certainly provided a catalyst for changes to be made in AMO development, both technically and on a protocol-level. One thing is for sure, in future We need to resolve disputes like this in-house in AMO. Keep hanging on in there.
May 4th, 2009 at 4:43 am
Thank you, you still have my support
May 4th, 2009 at 4:50 am
Hi, NoScript is an excellent addon. With this post, clear and honest, I'll trust NoScript (and you) even more.
Everyone makes mistakes, not everyone admits them.
Regards, Ale.
May 4th, 2009 at 4:57 am
I hope I speak for most everyone when I say: All is well.
You do good work. You're human, and you make mistakes. Such is life. Don't stress out about it too much!
In the end, I think this will have sparked a debate that's good for the community as a whole. So at least there's that =)
May 4th, 2009 at 5:00 am
I'm still using and loving NoScript.
May 4th, 2009 at 5:14 am
Thank you for your apology and your determination to make up for the damage you caused.
May 4th, 2009 at 5:23 am
"For some time my sites used a publicly known Adblock Plus bug to work-around EasyList’s generic filters against Adsense and display their Google Ads boxes, even though Adblock Plus users could still easily block them if they wished to by adding their own custom filter. Furthermore, NoScript users could even more easily remove those ads all at once by just forbidding googlesyndication.com. In other words, this “trick”, as Wladimir calls it, put the choice back in users’ hands."
When users installed AdBlock Plus and subscribed to EasyList, they consciously decided to block ads regardless of whether they were on your sites. It's awfully presumptuous of you to say that you were giving users a "choice" by using a known weakness in AdBlock Plus to display ads anyhow. Furthermore, what does it matter that the weakness was a public one? Exploiting a known problem is as dishonorable as exploiting an undisclosed one. It seems to me that you could have avoided this whole mess by not resorting to these underhanded tactics in the first place.
Regardless, I wish you well in the future. As a fan of yours, it was very sad to watch you lose esteem in the eyes of so many and to watch your add-on lose its recommended label and drop two stars. I am thankful for the countless hours you've spent on NoScript and will continue to use it to make my browsing safer.
May 4th, 2009 at 5:33 am
Reading your post and the comments is certainly very relaxing (at least so far), compared to, you know, the rest of the internet and its mindless mobs.
May 4th, 2009 at 5:38 am
[...] Pittsburgh-Hopkinton-Boston: the Boston Marathon added an interesting post on Giorgio Maone: Dear Adblock Plus and NoScript Users, Dear MozillaHere’s a small excerptBlocking my ads was one thing (it’s EasyList’s job, after all — I was just surprised of … And this was my second big mistake. [...]
May 4th, 2009 at 5:50 am
[...] Day Trading added an interesting post on Giorgio Maone: Dear Adblock Plus and NoScript Users, Dear Mozilla…Here’s a small excerptI thought it was Ares2’s own initiative (new person, new mentality … was on a disconnected weekend trip, I took some time looking more broadly… [...]
May 4th, 2009 at 5:50 am
I just want to say thanks for your work for the community and that, for me, your apology is more than enough.
May 4th, 2009 at 6:11 am
Apology accepted! :)
Thanks for all the work that you do, and for making the browsing experience infinitely safer.
Also have to agree with your retort on 'obfuscation.' Clearly the original author of that word in the context has never seen truly obfuscated javascript.
May 4th, 2009 at 6:28 am
You have raped my innocence with your thick AIDS-infested nigger cock in a way which I will never recover from.
Just kidding, I don't know or care WTF you're talking about, sounds like a nerd fight.
May 4th, 2009 at 6:28 am
[...] Biz Article Zone placed an interesting blog post on Giorgio Maone: Dear Adblock Plus and NoScript Users, Dear Mozilla…Here’s a brief overview…by the NoScript add-on through the years to prevent Adblock Plus from blocking stuff on four internet domains of mine, without asking an… [...]
May 4th, 2009 at 7:03 am
Giorgio, thanks a lot for the work you’re doing with NoScript. I’ve been using your extension for ages and I wouldn’t use Firefox without it — not because I’m paranoid, but rather to keep Firefox as fast as possible even when I have 100+ open tabs. And having a secure browser doesn’t harm.
You made a mistake but you’ve corrected it very quickly: there’s nothing to be ashamed of, in my humble opinion. I’m more worried by the attitude of these ABP folks.
Keep up the good work!
May 4th, 2009 at 7:18 am
Giorgio, we're with you. You're not hated, the anger is explainable and everything is fine. Really.
May 4th, 2009 at 8:09 am
A nice summary of events thanks Giorgio. Just stick with NoScript development please is all I require. It is and will remain the most significant Firefox addon.
May 4th, 2009 at 8:15 am
The community needs AdBlock AND NoScript. Both parties handled the situation poorly. It seems Eeasylist and ostensibly ABP started the real trouble by getting carried away trying to block ads on NoScript’s page and disabled it’s propper functioning. Why make such a big deal about ad’s appearing on that one site? Sure they weren’t being blocked by ABP but they weren’t particularly irritating and NoScript is a great tool and a boon to the community. On the other hand You definitely should not have added a filter to ABP to unblock the site without asking user permission up front. You have apologized, it would be nice to hear some admission from ABP and Easylist that perhaps they need not have been so aggressive in the first place. We need these tools, we don’t need a lot of drama. At the end of the day NoScript is a better security measure than ABP is. If you both set your add-ons to interfere with each other and I had to pick one it would be NoScript, and I’m sure I’m not the only one that feels that way. You seem genuinely sorry and NoScript has been a surpassingly excellent tool for as long as I have used Firefox so I will continue to recommend it to others. Just please don't do anything like this again. Lastly, thanks for making such a great add-on whatever else you have definitely drastically improved browser security for everyone who uses your tool. :)
May 4th, 2009 at 8:20 am
[...] was meant to read on automatic update page, dared a (painful) look at Slashdot, Digg, Reddit, [...]Brenda Song is a Cupcake Cutie Just Jared Jr.I'm always reading! I always carry a book in my [...]
May 4th, 2009 at 9:47 am
[...] (2009 May 04): Giorgio writes a long mea culpa, where he still equivocates more that I would like, especially trying to act like the code was [...]
May 4th, 2009 at 9:52 am
[...] was meant to read on automatic update page, dared a (painful) look at Slashdot, Digg, Reddit, [...]Brenda Song is a Cupcake Cutie Just Jared Jr.I'm always reading! I always carry a book in my [...]
May 4th, 2009 at 10:11 am
2+2=5 is a mistake. You did not a mistake, you planned and executed something that clearly shows you aren't trustworthy. This is not an accident, it is you. My personal opinion is You can stop worrying about money for developing extensions since I would never install something made by you. Regardless the technicalities about the good and the bad of the extension itself.
And after reading this: "my hacker attitude led me to dig directly in the low level Adblock Plus internals where filters are enforced" if I was in charge of AMO I would forbid you to publish more stuff over there.
May 4th, 2009 at 10:15 am
Thank you for this apology and explanation. I am following this discussion closely, but I have not uninstalled NoScript, nor do I intend to over this mistake. Thanks for your work on NoScript, Giorgio.
May 4th, 2009 at 10:19 am
@LorenzoC: What else do you call a, "I made a decision because of emotional circumstances that I might not have otherwise made and that I regret terribly" moment besides, "a mistake". Whatever you call it, Giorgio's doing the right thing by apologizing.
Let he who is without sin cast the first stone.
Thanks, Giorgio. You did make a mistake and there will certainly be consequences, but you are handling it exactly the way you ought to at this point. Best of luck, please keep up the wonderful work on NoScript.
May 4th, 2009 at 10:46 am
I know Giorgio, I know he did something wrong but I know also that he didn't do this mistake intentionally or with a malicious intent. He was wrong of course, but in good faith. So I accept his apology and I forgive him as I usually do with good friends who make mistakes.
May 4th, 2009 at 10:48 am
You know people get jailed for decisions made under emotional circumstances. It is not like "apologies" and regret make any difference. In fact I do not care. Somebody who is not trustworthy can't have the keys of my house to go in any time and do whatever his "hacker attitude" suggests at the moment.
May 4th, 2009 at 10:50 am
Thanks for the apology. If anything, the whole incident shows how NoScript and AdBlock are now considered such critical pieces of infrastructure by the Firefox userbase, that their maintenance responsibilities and development process need to be made clearer. A public code repository would be a good step in the right direction -- AdBlock is on MozDev already, NoScript should be as well.
Everybody need money to live and feed their families, and makers of security-related programs have to be seen clean of any conflict of interest. Why don't you ask the Mozilla Foundation or the FSF, or some other organization, to sponsor you?
May 4th, 2009 at 11:14 am
I think everyone can make a mistake. Its more important to admit it and then correct it. That is a true test of courage and you have passed.
But I also want to say that what Wladimir did by bringing up this matter in public was the correct thing to do..
May 4th, 2009 at 11:23 am
Thanks, Giorgio. I have used ABP longer than I use NoScript, but I never trusted ABP's feature to subscribe to blacklists maintained by others. Anyway, I just whitelisted your domains in ABP. Your advertisements were never "obnoxious"; unlike those of some other add ons available at amo. Hope you can regain trust by others, you did not loose mine. NoSrcipt is the single most important add on, and one I always recommend.
May 4th, 2009 at 11:44 am
@LorenzoC:
"Let he who is without sin, cast the first stone"
It seems like the words of Jesus have no effects on you. And it seems like nothing will.
I don't consider myself a Christian, yet I too know that lesson.
You're already the most stubborn person around here, and I sense that you've not come here with good intentions. Dare I say you're malicious? Please don't join the mindless mobs on the internet. Everyone has had enough of them.
May 4th, 2009 at 11:54 am
You're still not taking responsibility for your mistakes. Nobody except your little crowd of followers commenting here, which doesn't include me in spite of this comment, is going to trust you until you grow a pair and quit passing the buck off on the (ex-)users of your extension(s).
May 4th, 2009 at 12:04 pm
As a Mozilla Firefox user, a NoScript and ADP user, an EasyList subscriber, I'm really pissed off disappointed by this "war" between extension developers.
I think Wladimir did a bad thing blocking advertisment on your sites without discuss/notify anything to you.
I think you did a worst think modifying ADP code via NoScript.
I hope some day you two will find a way to cooperate than to fight each other.
Now I'm going to donate some money to both of you for your excellent work in developing Firefox extensions.
May 4th, 2009 at 12:16 pm
As somewhat oldtimer here, I am really disappointed by what happened, Giorgio. Both of us know that security is pretty much all about trust. All those other things are a farce, in the end it boils down to trust. Who do I trust. I trusted you, now I can't. I want to- but I can't.
What I do like about this whole mess is that it has awakened everybody to all the bad things that extensions CAN do - and make them think before installing every damn extension they can.
The fact that they didn't before just shows how good a job AMO was doing. In the end, I just feel sorry for them - the people who maintain the conducive environment for such addons.
May 4th, 2009 at 12:20 pm
Thanks for the detailed response and explanation. My trust is restored. If only the rest of world could work like this? I have sent a small donation your way.
W
May 4th, 2009 at 12:32 pm
Apology accepted, you have my support. Thanks for the detailed blogpost, keep up the good work.
May 4th, 2009 at 12:34 pm
I like turtles!
May 4th, 2009 at 12:54 pm
@ #35 Anonymous: Cool story, bro.
You look like a troll, and you talk like one, but I'll bite. Let's just say I want to tell this not just to you, but to others too.
"You’re still not taking responsibility for your mistakes"
Ok. If only you would elaborate just a little more. That is, if you could, after spending less than 15 seconds at best reading his post to come up with that statement.
"Nobody except your little crowd of followers commenting here"
A fish doesn't know where the sea is until it's seen the blue sky.
May I describe you, together with lots of other people on Slashdot, Digg, and other places on the internet as a mindless bunch who only take the words of others, or maybe one person as in this case, without working things out by themselves?
And even then people can't accept that everything is over and have to stir up more trouble because the internet allows the brainless and unreasonable masses too much freedom. Crowd mentality and terrorism anyone? They can never be pleased no matter what he does. Resigning from being NS developer? Committing seppuku? Even then they'd just be as stubborn, and some would probably laugh at him being the latest an hero. It's how the culture is.
I doubt this anon will ever come back, let alone see my reply. No one should take the internet seriously, but even then this fiasco just shows how thankless this job can be. Luckily there are still a lots of reasonable people around here. Better move on, guys.
May 4th, 2009 at 12:55 pm
@ #36 RNiK
I think you can imagine what the answer would be if Giorgio had been notified before about the blocking.
Regarding you donation: "However you might choose to contribute to Adblock Plus — it will be appreciated. Oh, and please don’t look for a way to donate money — there is none. Money is nowhere near as useful as the points listed above." http://adblockplus.org/en/faq_project#contribute
May 4th, 2009 at 12:57 pm
Further to my post #21 I should add that I've whitelisted Giorgio's sites on ABP.
May 4th, 2009 at 1:00 pm
It must be particularly hard to have a lesson in ethics from AdBlock, that charmingly unethical piece of software based on the principle that 'other people should look at ads so that *I* can enjoy content without inconvenience'. Suck on that, Categorical Imperative :)
May 4th, 2009 at 1:06 pm
It doesn't seem right to me that ABP deliberately and willingly fucked up your websites, failed to communicate properly at several points and yet you're the one getting all the abuse.
I've been using NoScript for as long as I can remember, and just took the opportunity to donate. Keep up the great work.
May 4th, 2009 at 1:16 pm
To err is human
To own up is divine.
Please carry on the good work. I have been a noscript user for ages
(no offense here - I call it the condom of the browser).
May 4th, 2009 at 1:42 pm
For the record, I'm not a user of NoScript or AdBlock Plus, but as an outside observer I blame Wladimir and Ares2 for starting this debacle by targeting your site specifically.
Keep up the good fight (but keep it clean this time!)
May 4th, 2009 at 1:51 pm
Thank you for the follow up. You did a mistake, but it was a very forgivable one. Your work didn't deserve to be trashed for such a non-story. I hurled with the wolves as well and I regret it, even before your post I fixed my review because I knew I over-reacted along with the self-righteous mob. Everybody makes mistakes, you did one, but if we honestly think about it, it is a small one. The ABP guy really lit the fire by calling your work a "Malware", it instantly shut off the critical mind of the so-called geeks who should have remembered what is a malware in the first place, and why the ABP guy crossed the line by using such a strong word.
May 4th, 2009 at 1:54 pm
> In other words, this “trick”, as Wladimir calls it, put the choice back in users’ hands.
So in this "apology", you seem to be saying that working around a user's ad filters is actually somehow HELPING them?
You don't seem to realize that THIS is where you got yourself into this mess in the first place, and everything else was just digging yourself in deeper.
May 4th, 2009 at 1:59 pm
Thanks for noscript, thanks for doing The Right Thing. I'm doing The Right Thing too now... I've manually "whitelisted" your sites in my adblock preferences.
May 4th, 2009 at 2:07 pm
It looks like 6 of one and a half dozen of the other to me. Wladimir has to take some responsibility for this: as a member of the same 'community' he should have dealt with his concerns first either with you or through Mozilla.
You both made mistakes, which happens to all of us. The critical thing is to learn from them. What you both do is important and greatly appreciated. You have dealt with your mistake honourably (ignore Anonymous - the choice of name says it all) and I hope Wladimir is man enough to face up to his part of this and apologise also.
May 4th, 2009 at 2:27 pm
Why in the hell are you apologizing for trying to keep people from blocking your ads? I think it is actually quite providential that Ad-Block users would both be prevented from seeing your ads or downloading your amazing free product. The rip off occurs when they block your ads and get your extension.
If Ad-Block and EasyList are willing to even screw fellow FF extension developers (including the venerable NoScript), they don't deserve your apology.
May 4th, 2009 at 2:29 pm
Thanks for NoScript. It is my favorite addon. Please carry on the good work.
May 4th, 2009 at 2:35 pm
Get yourself and family on holiday Giorgio and after! Keep calm and carry on.
May 4th, 2009 at 2:38 pm
I have used Noscript in the past and I have to say that despite your subtle knocks of ABP, I still believe your apology. I hope you understand that it always wise to err on the side of caution versus doing live 'test drives'. Great work with Noscript and it really does keep my browser more secure. :)
May 4th, 2009 at 2:54 pm
I read both sides of the argument and I would say that the AdBlock dude was at fault here. I mean you did make what you made, but the guy was being a douche. For sure his site is whitelisted in AdBlock.
Anyways, powaaah to the peopoool.
Good job.
May 4th, 2009 at 3:00 pm
hackademix.net » Dear Adblock Plus and NoScript Users, Dear Mozilla Community
I screwed up. Big time.
Not just with Adblock Plus users but with the Mozilla community at large.
May 4th, 2009 at 3:18 pm
Hi Giorgio,
I'm a noscript and a ABP user and I must admit I didn't notice at all
what was happening until I read your blog, which I already followed via feeds.
Thanks for apologizing, everybody does mistakes, i renew my trust in NoScript and in you as a developer.
P.S. Compà un ti siddiari!
May 4th, 2009 at 3:20 pm
[...] raise so much money for schools why remove them? Wouldn't it make more sense to just... hackademix.net Dear Adblock Plus and NoScript Users, Dear Mozilla Community Seriously, this is complete bullshit. 2 Teens murdered a legal Mexican immigrant and are [...]
May 4th, 2009 at 3:28 pm
The cook has certain privileges, such as, eating the ends and testing the prime rib. Though your scant indiscretion might be worthy of scoff, it hardly merits an apology of this scope. Just sayin, it's your code, we're lucky to have it, you make the rules.
May 4th, 2009 at 3:30 pm
Hey Giorgio, I've been using ABP and NoScript for awhile now. I was disappointed when I heard about what happened, but reading this has helped me understand.
You admitted that you made a mistake and that you apologized for it, and as a NoScript user, that was all I needed to hear.
I've whitelisted your domains in ABP.
May 4th, 2009 at 3:34 pm
[...] Homebusiness-Facts.com placed an observative post today on Dear Mozilla community: I screwed up. Big time.Here’s a quick excerptComments… [...]
May 4th, 2009 at 3:44 pm
"Mind you, I’m not trying to justify my actions here."
If that were remotely true this mea culpa would have started and ended at "i made a mistake, i'm sorry, never again". Instead, its preceded and proceeded by paragraphs of nothing but justification attempts.
This isn't a heartfelt apology and you've learned nothing from the incident.
May 4th, 2009 at 3:50 pm
[...] die IT-Medien ging. Der Macher des beliebten Add-Ons NoScript für Firefox Giorgio Maone musste zu Kreuze kriechen, nachdem Wladimir Palant von Adblock Plus festgestellt hat, dass NoScript still und heimlich die [...]
May 4th, 2009 at 4:01 pm
You made a mistake. (Boo, hiss)
You fixed it. (Hurrah!)
Even including the mistake, noscript is a useful, nay essential addon. I'm pleased you've recognised the mistake and fixed it, but please don't think everyone feels like comment #63. I've read both sides of the story, I've heard you explaining your side, while saying your behaviour was still wrong. I have no problems with this; you recognised the mistake and put it right.
Everyone makes mistakes. Not everyone acknowledges them. And for that matter, not many people write plugins as useful as NoScript (or Adblock Plus).
May 4th, 2009 at 4:11 pm
Thank you so much and gratulation.
May 4th, 2009 at 4:25 pm
I'm user of NoScript, I've donated once (and will donate more times) and find it a good job.
Of course, apologies accepted. I don't fully understand the issue, just some of it, and I think that anyone can make a mistake.
Then again, the reaction after to your mistake is great. I don't think I'm losing any confidence in NoScript.
Keep the good job
Cheers
May 4th, 2009 at 4:29 pm
I meant 'I am NOT losing any confidence in NoScript'
May 4th, 2009 at 4:33 pm
Kudos on holding your hands up to this.
May 4th, 2009 at 4:37 pm
I agree that you crossed the line on the whitelist. Extensions often cause enough problems between each other with unintended bugs, that I don't need an arms-race my browser on top of that.
However, I disagree with many comments above that leveraging an ABP bug is itself malicious. ABP and NoScript are in an arms-race against advertisers and they also somewhat compete for how well they do in that arms-race. Leveraging bugs is fair game, here.
The one good thing about all this mess, is that I'm more cognizant about my beloved NoScript's revenue model, and I'll try to contribute on that front better.
May 4th, 2009 at 4:38 pm
Fixing code is quick. Fixing a breach of trust isn't.
I don't feel that 'the other side' is totally without blame,but at the same time I don't feel that they've violated my trust. And given that ABP isn't security software, a lower level of trust is required in the first place.
I may reinstall NoScript at some point, but it won't be today...
May 4th, 2009 at 4:47 pm
[...] The author of the NoScript extension now apologises in this post. [...]
May 4th, 2009 at 5:01 pm
In my opinion you did nothing wrong simply enabling ads on your website. I am an user of adblockplus but I have never had any problems with ads on your site being shown in spite of that. Noscript is an extension I do not imagine using Firefox without. Keep on doing your great job and don't pay extension to the critical voices. I also think that opening the changelog after update is a great idea, which saves me a lot of time I have to spend finding what has been changed in other software.
May 4th, 2009 at 5:10 pm
As an ex-user of this useful extension, I want to congratulate the developer for his sincerity. However, all is not well. Trust is very fragile thing and the fact that the apologies came after being caught red-handed doesn't make it any better. The developer is obviously talented at what he does and I sincerely wish him success at his future endevours. I just choose not to be part of them.
May 4th, 2009 at 5:26 pm
The Mozilla community at large forgives you. We all have public enemies and bad days.
May 4th, 2009 at 5:36 pm
I am an avid NoScript user. I don't quite understand what you were talking about but I'm glad you're admitting to doing something wrong if you really did. I don't use AdBlock, because I feel that Some ads should make it through to my screen.
But NoScript serves a secondary purpose which is to keep bad third party scripts off my browser and my computer. I don't have to worry as much about visiting sites because of NoScript.
May 4th, 2009 at 5:43 pm
I agree wholeheartedly with Toe and vassilis. I disagree with Bueller. It's my computer and my rules. The issue is small enough in scope that I don't think AMO should take action. I'm disappointed in the easylist maintainers for the latter end of the war leading to breaking the noscript pages too.
May 4th, 2009 at 5:44 pm
[...] off of advertising had to back down, after taking a substantial reputational hit. Major mea culpa here. The whole mess reminds me of the adware fights, where one program would act to disable another. Or [...]
May 4th, 2009 at 5:52 pm
>I beg you to accept my most sincere apologies and believe in my shame and contrition.
For your "most sincere apologies", this post has a lot of whining about circumstances.
After all your backpedaling and explaining, you were still exploiting a bug to deny users the functionality that they wanted from an extension. The blacklist might have been a bit too restrictive. It is silly to consiter that an attack on you personally. False positives are going to happen a lot, and are the main reason I don't subscribe to any blacklists. However, had you never tried to exploit abp you would never have gotten over-aggressive blacklists on your domain by somebody who probably didn't mean the harm.
You qouted that abp is about giving control to tue user, part of that control is the ability to use a list _and have it work_.
May 4th, 2009 at 5:59 pm
[...] hackademix.net » Dear Adblock Plus and NoScript Users, Dear … [...]
May 4th, 2009 at 6:04 pm
Interesting read. I still uninstalled it, but still a good read. The AddOn was getting too bloated and was requiring more and more attention to maintain anyway. You seem to have forgotten KISS in the strive to make an all-powerful addon.
May 4th, 2009 at 6:07 pm
Your insincerity in this whole matter is downright appalling. It is so horrible that I've decided to fork my own version of NoScript instead of trusting you or NoScript ever again. Shame on you!
May 4th, 2009 at 6:14 pm
Hi,
Thanks for coming forward with this post. I forgive you, now please go back to work :)
Cheers.
May 4th, 2009 at 6:18 pm
Thanks for the apology and swift rectification of the problem. It's definitely not too clever to mess with ABP, it's the one thing that's kept me away from Chrome!
Thaks also for NoScript, been very happy with the additional security I have received from it.
May 4th, 2009 at 6:28 pm
While the majority of this apology seems sincere and well thought out, it appears that you still wish to lay blame on Wladimir and Ares2. You complain about their targeting of your website's ads in particular. Simply put, I am glad that the do not give up just because attempts are made to stop their ad blocking, or because requests are made for exceptions. If every site that didn't like having their ads blocked could simply ask to have their ads unblocked, the extension wouldn't block any ads. It is meant to be blind and heartless. It is meant to leave white-listing entirely up to the user's discretion. YOU escalated your resistance to ad blocking, so exactly WHAT did you think would happen? Were you hoping that Ares2 would simply give up? From the beginning it is YOUR actions that led to YOU getting angry and allowing YOU to make that grave mistake. Blaming others for this to ANY extent is simply wrong.
Also, obfuscation does not require the quotes around it. You ADMIT in your post that you were trying to keep Ares2 from figuring it out, hence it WAS obfuscated! Just because someone like Wladimir could understand does NOT change its purpose. You were trying to hide something, and obfuscation does not care about the intended recipient of this hiding.
I do thank you for this to an extent. Now the change in AMO's policy should help ensure that something like this NEVER happens again, and it couldn't have happened without you. I'm just sorry that the trust of such a nice extension had to be broken in the process.
May 4th, 2009 at 6:36 pm
When I went to the update site I whitelisted it.
Which is to say: Hey, man, you coulda just asked.
May 4th, 2009 at 6:43 pm
Nice post, got some balls there. text has too many excuses for my taste, but i guess the community needs it ;)
keep going, i still prefer noscript over any other extension.
May 4th, 2009 at 6:46 pm
I'll be honest - I was shaken when i initially read about what you did, cooled down when i read the context, and finally felt good after reading this blog entry.
Its hard to be the bigger man online,especially when no one else has any sort of qualms slinging mud, untruths and such.
Something which i'm sure you appreciate now is that you have the distinct honor of being an "auto trusted application" - people like me will install your add-on without feeling the need to read all the small text everywhere. I also feel comfortable installing your add-on in computers of people i work with, blindingly trusting future updates won't be self-servingly harmful.
I'll freely admit what you did wasn't "horrible" - you didn't install spyware, muck around with people's computers or anything. but you are held to a VERY high standard which reflects the respect people hold for you [even if they are more occupied with mudslinging than saying thank you]
you are right - we should have read the text on the site. but we are also right in that no add-on should affect another - its too easy to update noscript without reading the release notes.
all in all - thank you for a wonderful program and your sincere apologies. that means more than i can begin to say.
-Josh
p.s. - the email i posted isn't real, its not that i don't trust you but i'm sure you have enough emails to send out as is. besides, i'm sure you are used to noscript users being paranoid :-P
May 4th, 2009 at 7:04 pm
@many people who are saying/implying this is EasyList/Ares2's fault, including Giorgio:
From the gigantic forum thread where the discussion took place, when Ares2 was informed that EasyList had *accidentally* broken some of the functionality of the noscript website, he fixed the filters. I'm not sure if it is your intent to imply this, Giorgio, but I've read from many comments here and elsewhere (and this post does have a bit of it) that people are convinced EasyList deliberately broke functionality on the noscript website, which is false, at least by observation of the last couple of days.
Since you took the choice *out of* the hands of users, by attempting to work around a filter they installed because you decided that your shit doesn't stink as much as the rest of the internet's, you started this arms race. I agree (to a limited extent) with your sentiment elsewhere that EasyList shouldn't target specific websites, but I think it is better stated that it shouldn't *have to* target specific websites. However, if I were still an ABP user, I would be *grateful* that the maintainer of EasyList took the time to find websites that circumvented ABP. It is entirely disingenuous to characterize your actions as being in the best interests of users.
I'm going to have to agree with a few other commenters here: if you were truly sorry for your actions, and not just distraught over the loss of trust, then you would hopefully show some understanding of where and how you screwed up. Your are still describing this as how you were protecting users choice from the evils of Ares2 and fighting against the grave unfairness of Wladimir and the rest of the internet. It doesn't matter how many times you use the phrase "I'm sorry". Like: "I'm sorry I hit you, but you were asking for it."
Also, the obfuscated argument you keep using needs to stop - just because you were only trying to fool *some* people and not *everyone* doesn't make it less obfuscated. We understand it wasn't a "real" encryption scheme, but it doesn't mean it wasn't obfuscated (rendered unclear).
May 4th, 2009 at 7:37 pm
Giorgio, you just earned back more trust than you lost before, at least from me. I can't think of any other time any developer has apologized for their mistakes as profoundly and self-effacingly as you just did.
The problem with contests of ego in software development is that once a developer is invested too heavily, it's nigh on impossible to get them to change, even if it's for the good of the users. It's a rare person who will sacrifice their ego for the general good, and for that I thank you. You didn't have to be so verbose about it; Microsoft, for example, has a long history of retconning mistakes and getting away with it.
I trust you more now than I did before, now that I have proof that you'll go that far for your users. (I'd suggest that you put an install link for the NoScript Development Support Whitelist somewhere on your site for those of us who'd like to thank you by reinstalling it... but I figure that in this climate, you'd get a lot of shit for even somthing like that.)
May 4th, 2009 at 7:49 pm
[...] NoScript’s author reply on the matter. Discussion, [...]
May 4th, 2009 at 7:58 pm
Everyone makes mistakes, but it takes a bigger man to step up to the plate, take responsibility, admit mistakes, and fix them publicly. I trust you now more than before this has happened. Thank you for your response and honesty.
May 4th, 2009 at 8:01 pm
I didn't have the time to actually read all comments but I have a hard time understanding why some people here blame Ares2 for this situation by adding the noscript site specifically to EasyList. Blocking ads on English speaking sites is the raison d'être for EasyList and making exceptions for specific sites would be hypocrisy as other sites are equally affected. It is not EasyList's task to preserve noscript's business model and would undermine the trust in the list.
May 4th, 2009 at 8:18 pm
no lo vuelvas a hacer hijito
May 4th, 2009 at 8:18 pm
Everyone makes mistakes, not everyone admits them.
As a user of both extensions, thank you for fixing the problem, your apology and your explanation. It certainly seems much less one-sided than it appeared. I admit I was one of the many who heard the story through digg/slashdot/reddit. In those atmospheres of outrage, it was hard to keep an even mind. I'm glad I did NOT uninstall Noscript.
May 4th, 2009 at 8:32 pm
[...] ziceam, conflictul pare sa se fi stins. Autorul NoScript si-a turnat cenusa in cap, iar ultima versiune NoScript nu mai blocheaza AdBlock [...]
May 4th, 2009 at 8:41 pm
That was not the way to go but I'm with you. I'm a user of both, NoScript and Adblock plus, and what they've done with Easylist filter seems worse to me. It's abusing they power, after all, I use and trus that filterset, I don't want to take part in any personal problem with a particular site.
May 4th, 2009 at 8:43 pm
I ask the NoScript author to just stop pushing his so called updated
add-on with every letter (even a word correction is enough for a new release) you add.
- You have a DUMB add-on that will break almost anything on the web, you spend nearly no time actually optimising it, since it's principle stays the same : Dumb enablind/Disabling.
- Wladimir and the whole ABP community are constantly updating their SMART rules, yet these people are not interest in making money from it at all.
- You crossed the line at messing around with other people's code BEHIND OUR BACK.
- There is no need for an excuse, seeing you release new versions for every fart you make, your only intentions is drawing people to your spam infested site.
- It really is a shame to see all those unknowing users spreading proud of you because someone caught you while cheating, yet you made a (quite) laughable excuse, only trying to blame AdBlock Plus another time.
- You probably thought the time was right to shoot on the competition, just after Rick passing away. Coincidence ? Definatelly NOT.
- Please remove your Add-on from the official mozilla site. Time has come that people need to understand : Once a cheater, always a cheater.
May 4th, 2009 at 8:48 pm
I started reading... found the letters too small, increased the size of the letters, text disappeared off the right hand side of my screen... stopped reading.
May 4th, 2009 at 9:14 pm
Too little too late. You KNEW better. You KNEW what kind of users install things like Firefox, adblock, and no script: the kind that like control and you abused it. You should neer have done it. It should should never have occurred to you. It should never have entered your mind. When you program, you do so for only two reasons: for pay, for users. That's it. You took both reasons and screwed over everyone that trusted you. They'll never trust you again. Apologizing doesn't make you a bigger man. Standing up from the start was what would have made you bigger. My heart strings were neither stirred nor plucked by an overly long "retraction." Apologies are something you give when you get caught doing something you knew better than to do. You, sir, are scum. Just like spammers and advertisers.
May 4th, 2009 at 9:22 pm
Stop being a sissy dude. If Wladimir hadn't brought it up, I'm sure you would have just quietly bombarded everyone with ads and eaten the money. You got greedy asshole.
May 4th, 2009 at 9:25 pm
DUDE UR JUST BITCHING AT WLADIMIR COZ YOU GOT CAUGHT!!! THANKS TO WLADIMIR WE SAW YOUR CHEATING WAYS WHORE. U DESERVE ALL THE NEGATIVE PUBLICITY THAT YOU'RE GETTING...AND MORE. I HOPE MOZILLA BANS YOU FROM THEIR SITE AND ALL YOUR WORK. GO FUCK URSELF U CHEATING GREEDY BASTARD.
May 4th, 2009 at 9:28 pm
I have just installed NoScript as I've been meaning to try this addon for some time. Your honesty is refreshing and your apology unnecessary. Keep up the good work
May 4th, 2009 at 9:48 pm
Hopefully you can find a new revenue stream. While it sucks that your ads will most likely stay blocked, I still think that what Wladamir did was shitty and underhanded as he obviously could not get his "special" block of your domains put in place until the guy who ran EasyList died. However, you'll be the one crucified for your error in judgement.
I've chosen to remove ABP from my add-ons and will never use it or recommend it to anyone.
Do all of your supporters a favor a NEVER pull a stunt like that again, ok?
May 4th, 2009 at 9:51 pm
I'm with Loser, you're only owning up to this now because you got caught. I'd say you have a far ways to go to regain our trust at this point; I just wanted to comment to tell you that you're a fucking idiot.
Fuck with the community again and there will be much harsher repercussions.
May 4th, 2009 at 9:51 pm
[...] Giorgio Maone, der Programmierer von NoScript, hat sich nun ausführlich geäußert: Dear Adblock Plus and NoScript Users, Dear Mozilla [...]
May 4th, 2009 at 9:57 pm
A Matter of Trust
AdBlock Plus was doing what it was meant to do - block Advertisements.
The developers of NoScript acted in a malevolent, evil way.
They betrayed my trust in them.
Never again - I have just un-installed NoScript.
I always was a little unhappy with the constant updates which seemed mainly to be designed to generate page views... now I know.
Are these guys related to any other projects?
May 4th, 2009 at 9:59 pm
Hi Giorgio,
thank you for presenting your point of view on the whole affair and for coming clean with your community. I wish this happened earlier, it would have saved both of us this extremely awkward situation.
I want to clarify some things however. Users install Adblock Plus to block ads, most of them expect it to work without their intervention. As it is now, this means that any major filter subscription should be able to block most ads out there. I do however actively inform users about the possibility of whitelisting some sites. Even though more solutions to let users choose the kind of ads they want to block are under discussion, the current state of affairs is just this - to support a particular website the users must become active themselves. I cannot put matters into the hands of webmasters, they will necessarily make the wrong decision (at least from user's perspective).
While the bug you are referring to was public, very few people were actually aware of it. In fact, to my knowledge you were to only one to use it to work around Adblock Plus. That was the only reason why it wasn't a high priority for me until now and why I preferred working on more important changes. However, since your site is shown so prominently to every NoScript (and FlashGot) user regularly, it generated quite a few Adblock Plus bug reports and might also lead to other sites copying the same approach. Which is why I asked EasyList maintainer (Rick752 back then) to add a filter specifically for you - not two weeks ago but actually a year ago. Rick didn't want to have a filter for a small site, I didn't insist too much. Ares2 however thought that this went on long enough and added this rule - and I think he was in his right there, users choose EasyList to see ads blocked, not to see all ads but Giorgio's blocked.
As mentioned in the comments above, you shouldn't imply that the breakage on your site was intentional. It was rather caused by your evasive maneuvers making targeted blocking harder. Ares2 fixed false positives as soon as he became aware of them (plus some delay because nobody is permanently online).
By the way, I stand by my point: your code targeting Adblock Plus was obfuscated. It doesn't matter how easy it was to read that code in the end - the point of the obfuscation was to make finding that code harder. You know very well that NoScript has lots of code, most of which is hard to read. So you made sure nobody can search by the obvious strings and that this file doesn't look much different from the rest of the codebase.
Finally, our mail communication sounded pretty much like you were willing to do anything - other than giving users a choice. Put a note in the extension description? Sure, almost nobody reads it. Another note in the changelog? Nobody will look at that one too closely either, it shows up every week. Asking users before adding the filters? But declining is only a matter of one click then, better ignore that suggestion. That's not a reaction I expected from somebody caught with his pants down.
I waited for you to release an official build to see what your final solution would be. And when it came out I was sadly disappointed, it still went behind the back of the users - and users had to pay attention and become active to undo the changes you've done to their configuration. I really gave this lots of thought but in the end I decided that warning users must be done. Yes, I was naive to hope that this wouldn't go any further than planet.mozilla.org. But I still think that this was the right thing to do.
Ok, maybe you already intended to release a better version to AMO later. But you were surely aware that by this time most users would have already updated meaning that the damage would be done (damage that wouldn't even go away if NoScript was installed). If this was a rushed release to "improve" the situation - why not just remove the malicious code, make a release and then work on a better solution without hurry, allowing your community to test and submit feedback? I am just writing that to explain that at that point I had no reason whatsoever to expect further improvements from your side.
regards
Wladimir
May 4th, 2009 at 10:04 pm
I wouldn't take it too hard, mate. You've done the hard part, admitting the mistake. I know what it is like to make poor decisions, as does everyone else posting replies. Fortunately for 99% of us, our mistakes go relatively unnoticed. In this case, asking the user was a better way to go, but in the heat of the moment it seems easy to say to one's self "nobody will mind."
You've done us all a service by 1- creating noscript (thank you, thank you) and 2- rectifying (at least attempting to) your mistakes. In the end, Firefox, Firefox extensions, Adblock and NoScript will all be better because of this scuffle.
Best of luck.
May 4th, 2009 at 10:12 pm
I'm sorry, but apology or not, I hope NoScript gets forked with someone a bit more trustworthy in charge.
Forget all the viral BS about this incident.
The facts are... you mucked with MY browsing experience without MY permission. That makes it PERSONAL. Trust is not given, it is earned. You blatantly violated that trust. For What? So people have to view your ads every time you update your extension? I got news for you, buddy... most of us close the tab before the page is even rendered, because the frequent updates are so annoying. Was it worth it? I've now set the about:config to not even launch your changelog page, and will refuse future updates until they are scrutinized.
Quit Blaming ABP and Easylist... they didn't touch YOUR NOSCRIPT code to do what their plugin is SUPPOSED to do. Block Ads. Yeah... they may have gotten over-zealous on the filters... but only because you were exploiting a weakness in their plugin in the first place. You started this crap, plain and simple. - Not the ABP / Easylist folks.
Again... I hope someone forks this Extension. Although I praise the work done on it so far, I also thoroughly condemn the underhanded tactics you used to force people to do what YOU want. Unlike others... I find it unforgiveable.... especially in the "security scene"... "emotional outburst or not"... totally unprofessional on your part.
-BeenViolated
May 4th, 2009 at 10:33 pm
I'm tired so I do it quickly. I may reply again or write you a mail.
Read both sides (sites) read all comments.
Use both addons. Like both. Wouldn't drop any. The ads would be too much for me. The unwanted JS would be too much too.
I had problems with EasyList sometime ago and so I removed it from ABP.
What you've done was false in the way how you did it.
As someone said both sides have handled it badly. I'll use NoScript and trust you. Keep up your good work. (Don't hack a addon again please)
Your sites are white listed (execpt hackademix)
Don't let this get you down.
May 4th, 2009 at 10:38 pm
It's good that you apologized. I've used NoScript for quite a while now, and really appreciate all of the work you put into it. Keep up the good work!
May 4th, 2009 at 10:42 pm
Nice apology! However, I wish you could see what started all this:
"For some time my sites used a publicly known Adblock Plus bug to work-around EasyList’s generic filters against Adsense and display their Google Ads boxes, even though Adblock Plus users could still easily block them if they wished to by adding their own custom filter. Furthermore, NoScript users could even more easily remove those ads all at once by just forbidding googlesyndication.com. In other words, this “trick”, as Wladimir calls it, put the choice back in users’ hands."
Do you not see any problem here? This is a big error in my book. It may be more difficult to apologize for it I guess, since it was not just "a mistake" -- it was a concious strategy executed by you for quite some time?
It'd be nice if you could address this if possible. Do you still consider behaviour like that to be "trustworthy" and all ok? To what extent can you see that people may be put off by this, especially coming from an author of a security extension?
See also comments #49, #79, #85 and #89. I'll keep NoScript uninstalled.
But still, aside from the above, a nice apology! I am sure you'll be able to keep a reasonable user base, at least judging from the comments here. Good luck!
May 4th, 2009 at 10:45 pm
Nobody is perfect.
Thanks for you plugin. I'm using it and a I'll continue for a long time.
Thanks,
May 4th, 2009 at 10:52 pm
Noscript has to disappear, as an example to prevent us from the malware plague in firefox.
Die noscript, die.
May 4th, 2009 at 10:58 pm
As an ABP user and a former NoScript user this apology rings hollow. You seem to only resent your actions because of the backlash. You still claim it was an "attack" on your site by EasyList. As an ABP user I appreciate EasyList's efforts to block ads on most sites. I find it very annoying when a site specifically goes out of its way to circumvent ABP. This whole thing started with your obsession with circumventing ABP and annoying its users by getting your ads through it. You have still not apologized for this, and still use it as your justification for your actions.
The changes to EasyList were not an "attack" they were improvements to the list based on your constant attempts to circumvent the list. You still don't seem to have learned the lesson that some of us don't want to see any ads. I'd prefer to donate if I so choose. If projects fail due to lack of donations, as much as it sucks, I'd still prefer it over seeing ads.
May 4th, 2009 at 11:05 pm
The battle between an ad blocker and NoScript to me is plainly silly.
But for me -being a webmaster myself- those blocking ads are exactly like those pirating movies and music.
So if I'd have to choose sides: NoScript it is. Ignoring ads is easy, asp the google adsense ones as they're anything but in you face annoying and aggravating moving images.
OTOH you can't ignore malicious scripts hitting your browser at all.
That brigns us to who started the fight ... breaking NoScript's website by targetign it individually deserves an apology just as well, not what you see above in #110, what is essentially a very shameful reply.
Grigorio: hang in there.
May 4th, 2009 at 11:07 pm
Apology accepted. Keep up the good work.
May 4th, 2009 at 11:11 pm
@ #41 melarte
Same anon here bud. Yes I came back, yes I read your comment. Your comment isn't worth any more of a reply than this.
May 4th, 2009 at 11:15 pm
I will continue to use both add-ons. I appreciate your apologies.
May 4th, 2009 at 11:17 pm
[...] guidelines for what extension behavior is and isn’t kosher. NoScript’s developer has published an apology and agreed to follow the new rules. And I, for one, will be a tad paranoid from now on when installing new extensions–especially [...]
May 4th, 2009 at 11:21 pm
[...] guidelines for what extension behavior is and isn’t kosher. NoScript’s developer has published an apology and agreed to follow the new rules. And I, for one, will be a tad paranoid from now on when installing new extensions–especially [...]
May 4th, 2009 at 11:29 pm
[...] plugins (like most software) don’t make that much on a per user basis from donations. Here’s the story of the writer of a noscript plugin “confessing all”, only to be followed up with more [...]
May 4th, 2009 at 11:36 pm
I disabled adblock+ on your domain, just to support you.
No, I dont think you should have done what you did, But Im glad you came clean and fixed it.
I hope both of you guys will survive and thrive. Because you are both valuable part of the mozilla community.
You are 100% forgiven, I suggest you put a paypal donation banner on top of your page, I know I donate from time to time, Im sure there are other people doing it as well. We appreciate the contribution from you, adblock+ and other developers.
Chris
May 4th, 2009 at 11:40 pm
No i agree I don't see why you should apoloigize. Adblock is a nuisance and if things keep going the way they are I'm going to start inserting popups on all my sites.
I already have the spyware installer to make up for lost profits and I don't care because people are going to block my ads deserve to get hit by it.
May 4th, 2009 at 11:55 pm
Wow, I had no idea about any of this until reading on DSLReports.com.
First, I'll go ahead and say, um, ABP is nice, and I kind of agree w/them wishing to block all kinds of ads.
I guess lesson learned... on both sides.
What I don't agree with is their attitude - it's very uppity. Sure, you crossed a line in the sand, but I admire GREATLY the fact that you've come clean on things and made amends.
It still irks me that ABP's comments in the blog talk smack on your work entirely - and claims of "breaking the web" are pretty laughable... It's not you who's doing the breaking... you're just putting on (and giving us) some protection before diving in ;)
'PissOff' - calling something dumb does not make it so. If you'd rather not use it, that's fine. Others DO wish to use it - even after this.
Also, it's certainly NOT a competition - these addons perform VASTLY different functions.
---Assaulting the guy here with a claim that "...the time was right after Rick passing away..." is offensive. You only serve to further illustrate the need for this flaming to STOP. Both sides have valid points here - both of them. Taking one side so fully isn't going to do anyone any good.
And for the sake of moving things forward instead of wasting energy being mean, let's leave Rick completely out of this and let him R.I.P. please. His work was much appreciated by many. NoScript is not, and has never been any sort of "competitor" to AdBlockPlus. They are complimentary if anything...
Being uppity about "OMG it changed this little bit of code on another add-on, I'm done" won't help anyone either. It did cross the line, but it did not destroy the line... and he's stepped back...
To EVERYONE who is too arrogant to "trust" the author or this extension anymore, consider the following:
-Most people didn't know this was even happening
-Both addons still worked 'together'
-You used it at one point, though many of you probably don't understand quite why... for a reason... DENY ALL first, then allow what you'd like.
------Your arrogance is only as bad a disservice to the internet as the programmer's was with this mistake. ----- (two wrongs don't make a right... and turn the other cheek)
-The programmer here fully admits, takes responsibility for, apologizes for, and FIXED his errors/mistakes/wrongdoings ...to the world... instead of either a) cowering in fear b) giving the world the finger.
THAT says something.
-He is also the only one in the WORLD who has created this software, which STILL cannot be beat by any other addons.
-I'd rather trust this guy than many programmers - the core functionality of the software is sound, the reasons for using it are sound, and the dust will eventually settle. I can only hope that logic, reason, and better things come from this instead of more bashing, flaming, and uneducated users taking all of this for worse than what all of it is. It's over, let's move on, and work towards a better place for everyone.
Thank you sir for making this software, and for owning up to everything.
May 5th, 2009 at 12:03 am
[...] seemed that people came to their (common) senses after that. Maone basically apologized to the Mozilla community, removed the changes that blocked Adblock Plus, and said: So I had this [...]
May 5th, 2009 at 12:11 am
Aww, poor guy. It was an honest apology, well written.
May 5th, 2009 at 12:33 am
Sinceramente non uso EasyList (ma uso Adblock Plus) però utilizzo a volte NoScript e tantissimo FlashGot e mi ritengo assai soddisfatto come utente.
Questi sono i risultati quando si è troppo estremisti e poco aperti di mente: veder chiamare NoScript adware mi ha fatto veramente sbellicare.
Massimo rispetto per te e quello che fai, e per aver chiesto scusa con estrema umiltà.
Ti faccio i migliori e più sinceri auguri per tutto.
I don't use EasyList (but using Adblock Plus), but I sometime navigate using NoScript and download a lot with Flashgot and I'm a real happy user.
What the author of Adblock did is a clear show of what happens when you are close minded and an extremist: seeing NoScript called an adware really made me laugh.
May 5th, 2009 at 12:35 am
Well, having now read both sides of the argument and multiple forum posts, comment streams, etc..I feel I am informed enough to make a decision.
Im sorry, but you've lost my trust. I immediately uninstalled your plugin on my browser, the rest of the browsers in my home, and the ones I am responsible for at my place of employment.
This sort of behavior is inexcusable and unforgivable. It is now time for someone else to take up the reigns of development on this project and for you to step aside.
May 5th, 2009 at 12:37 am
[...] Giorgio did apologize, but this does not look good for Mozilla’s blessed add-on model for its flagship browser and struggling mail client. Mozilla quickly responded, but the obvious question is “How many other add-ons are doing this?” I’m not familiar with the add-on submission process, but it would seem Mozilla could implement a Public/Private key encryption system for each add-on based upon a given domain name or author ID. A given add-on could not alter another unless it was capable of exchanging keys. I wonder if the Moz team saw this coming and was the topic of many heated debates over dark beer. More to come… Posted by penkapp Filed in adverts, mozilla, privacy, security, software No Comments » [...]
May 5th, 2009 at 12:38 am
DO YOU EVEN KNOW THE AESTHETICS OF USING COLOURS IN A BLOG?
I could't even read 3 lines here..the colour here raped my eyes!!!
May 5th, 2009 at 1:01 am
Hi,
I just made a donation via Paypal. Thanks for clearing everything up. we all do stupid things out of anger that we regret later on. NoScript is one of my most useful extensions, and I really should have donated before. Thanks for your work over the years, and hopefully yopu can learn from this and put it behind you. I hope all the users out there take a deep breath and put things in perspective.
May 5th, 2009 at 1:09 am
@Wladimir/#109: Giorgio has given us his mea culpa. Some do not find it perfect enough. I happen to think he's now done a very difficult but honorable thing to address his wrongs. I looked not for perfection but sincerity and I believe I see that in both his words and actions. It was high time you admitted that you'd been after Giorgio's site a year ago already. Although I cannot understand how this can be, you seem utterly oblivious to how absurd it sounds when you add Giorgio-specific filters after you've had a full year to fix the bug in your own code instead. It is abundantly clear that you and Ares2 have a deep-seated hatred for Giorgio, otherwise you would have quietly fixed your bug a long time ago and in all likelihood none of us would have had to suffer at your hands, those of Ares2, and Giorgio's. You, Wladimir and Ares2, have demonstrated exceptionally poor judgement, as did Giorgio, but Giorgio has demonstrated that he can learn from his mistakes, extend a hand to those he's wronged, and behave like a gentleman again. Wladimir and Ares2, you both owe mea cuplas of your own. You have wronged us all, every bit as much and probably more than Giorgio did. The question is, do you have the maturity, humility, and honesty for such a difficult task? So far the answer appears to be a resounding "no".
@Giorgio: You know better than all of us that you are now on probation with many of your user base. This includes myself. You also know that you well earned this position. But take heart, as it is your response to the improperly organized outcry and your apologies that won the day for those of us willing to give you another chance. You didn't execute it flawlessly, but the underlying sincerity is apparent. You have my forgiveness, however small a thing that may be. My complete trust is what you'll be working on during your probation. I have NoScript installed, I never uninstalled it, and I will not be doing so if you continue on your corrected course.
FWIW, the appearance of your changelog following updates of NoScript never once annoyed me - it is not the only add-on that does this to me. I could do without it, but would probably end up visiting your website to find it at least some of the time. I do like to know why add-ons are changed. I will admit that for as long as I've used NoScript, I've always deleted your whitelisting of your own sites. No disrespect intended, but I take "deny all" as the first step in security very seriously. I also have a strict policy of *never* clicking on ads no matter the source and no matter how interested I may be in the product, so I know I am not depriving you of any revenue. I also use ad-blocking, not as a security measure (since it hardly qualifies), but to clean my visual landscape on the web. I have never used AdBlock Plus for this duty and now never will since I cannot bring myself to support a group so filled with hate and malice-driven in its decisions.
You've seen the Internet's gutter rise up in response to Wladimir's call. Giorgio, those are *not* representative of the bulk of your user base, nor of ABP's - they are merely the loudly ignorant and primarily juvenile mob, so do not take their hurtful words to heart.
May 5th, 2009 at 1:10 am
Everyone makes mistakes. Not everyone admits them and apologizes. You're good. Haters gonna hate.
May 5th, 2009 at 1:18 am
[...] was meant to read on automatic update page, dared a (painful) look at Slashdot, Digg, Reddit, [...] Brenda Song is a Cupcake Cutie Just Jared Jr.I'm always reading! I always carry a book in my [...]
May 5th, 2009 at 1:21 am
If i still used Firefox, i would likely be concerned.
Howewver, it is still very good that you came out with this in the open.
NoScript and RIP were the only ad blocking tools i ever used, cant say i cared for ABP. I know some people swear by it, but i found it a bit…cumbersome.
May 5th, 2009 at 1:26 am
Everyone makes mistakes every now and then, it is how they handle them that is most important. A mistake was made, yes. But another was made by Wladimir, and I believe after that Giorgio was more on track with my interests, and more open about the process. Everyone needs to make a living after all and he was making a useful addon for many of us and was now in danger of losing what little income he got from our ad views?
An apology was not needed for me, just a good explanation. Though, I do agree with the AMO directive mentioned here, and Giorgio's corrective action, I was actually fine with the filterset. Noscript is the single most important addon to Firefox for me. Without it, I may as well run Opera, or, IE.
I've suspended my Adblock usage until this is straightened out. This has made me reevaluate why I use it, and I believe, as Giorgio, that I only want the obnoxious ads blocked, as well as those that can be exploited with malware. So, I may not even resume using it, nor install it on my customers' PC's.
At least I am not the only one who thought that the loss of ad revenue required us to step up an donate. $10 is far more than he'd make from my page views anyway. He has my support now, as long as it doesn't go to his head. :)
May 5th, 2009 at 1:28 am
Dear Security First
What on Earth are you talking about? To quote you: "Wladimir and Ares2, you both owe mea cuplas of your own. You have wronged us all, every bit as much and probably more than Giorgio did."
...um, no they didn't. They CHAMPIONED us. The whole point of AdBlockPlus is to, y'know, BLOCK ADs. It's really very simple. It doesn't require a genius-level IQ. One might say it is SELF-EVIDENT from the name of the software.
I don't want to see ads. Not Giorgio's ads, not your ads, not whinging, petty, money-obsessed webmasters' ads--I don't want to see ANY ads. Thus I install a piece of software called ADBLOCK--are you with me so far? And I subscribe to a filterlist that is designed to--take deep breaths--BLOCK ADs. As many Ads as possible. On as many sites as possible. Do you see?
So when someone else comes along and SHAFTS MY COMPUTER because of their desire for ad-revenue--when Wladimir and thousands of other site maintainers on the 'net (including myself) have proved that it is possible to run a site or a forum WITHOUT THE NEED FOR ADVERTS--I am, I would say UNDERSTANDABLY, irate. Not at the designer of a piece of software that DOES WHAT IT IS SUPPOSED TO DO (i.e. block Ads, do you recall?), but rather I am angry at the software that does things it SHOULDN'T.
Does that make any sense to you at all? Probably not, which is a shame for you, but maybe I have helped you closer to seeing the facts of the matter.
May 5th, 2009 at 1:49 am
Apology accepted. I appreciate you manning up and your explanation hit me as complete truth. All of us who code should be able to relate to "the hacker mentality". It's a trap the logical mind gets into where you are trying to solve the problem, win the fight, and lose sight of the big picture (and usually other small things like eating, sleeping, listening to the wife, etc.) I don't know anyone who codes that hasn't done this before. Thanks for the honesty.
May 5th, 2009 at 1:49 am
I accept your apology but only just, referring to #108 by which Wladimir is right.
However you did the right thing with this blog entry/apology..
May 5th, 2009 at 1:53 am
I used noscript at one time, but I am afraid it will be a long time before I try it again...
We expect more from users supporting freeware and adware... specially those working so hard to make Firefox so much better...
If you removed all the code that countered any of the ABP functions (including the ability to opt in/out) I would be more likely to believe your apology, but at this point it looks like you are trying to avoid further embarassment and keep up the revenue stream rather than do the proper thing.
Admittedly, I de-installed noscript a while back when I noticed some oddities on my own and thus probably need to remove everything and cleanly install Firefox again with whatever pieces I want to add to it...
Also, I have to admit I use IE a lot because I have to use it at work, so yet another reason not to worry about what I think...
Maybe some time in the future I will look at noscript again, but for now, I choose to run without it.
Regards -
May 5th, 2009 at 2:04 am
The entire point of a user installing ABP is to block ads. Trying to circumvent this functionality makes you no worse than a website that tries to circumvent ABP, or popup blocking, or the right-click context menu, etc. Never mind the demagoguery of "but *my* ads are *necessary*" or protestations of "*my* ads are *good* ads" -- ABP's entire purpose is to block ads. Yes, including yours.
The purpose of a user installing NoScript is to turn off Java and Javascript (for similar reasons, often, to installing ABP). The point of a user installing NoScript is *not* to override ABP.
That's the long and short of it.
May 5th, 2009 at 2:14 am
Very disheartening development. Especially considering that even with the apologies given there still seems to be a lack of recognition over what all constitutes the sketchy behaviour on the part of NoScript.
For example, refuting that the code was obfuscated is somewhat bizarre. If there was no obfuscation, what was the purpose exactly of converting the strings to HEX? The immediate thought that comes to mind is that you were trying to avoid getting caught out by a quick grep. You went out of your way to hide what you were doing which = intent.
I also find it more than a little troubling that you would consider the rest of the Internet suspect as far as Javascript goes but for some unknown reason we are supposed to trust doclix.com ads on your site.
It also appears that you by default whitelist jar files from a sub-domain under your control (samples.noscript.net which currently is not active). How do we know that you will not at some point activate this domain or add others to increase your monetization?
From reading through the correspondence so far, it appears that AdBlock regardless of whether they were being polite or not were very much in the the right here. They were doing what users expected of them - to block ads. NoScript however was going well out of its way to both interfere with an external application and arguably its sole reason for existence.
I for one would sure like to know what sort of monetization you are getting from your ad clicks. If keeping those flowing is important enough to you that you would risk compromising the trust you have built up over the years, how small a number does a malware gang (or state actor) have to kick in to get you to intentionally do something undesirable for them?
This situation SUCKS.
Cheers
May 5th, 2009 at 2:16 am
#139 expresses my thoughts in a better way than I ever could.
You used a bug to circumvent ABP, you were the only site using it so they blocked your site. To restore your adverts you break ABP's core function for your own personal gain.
I used to champion NoScript but now I've lost all trust with you and your extensions (Flashgot included) and have now uninstalled them all.
I agree with others, you've abused your position of power and trust. It's time for you to step aside and allow other more trustworthy people to develop NoScript for the good of the community and not financial gain.
May 5th, 2009 at 2:38 am
I have an adblocker installed because I do not want to see ads. I use a filterset, because it's not always straightforward to block the ads on my own. I recognize that if I really do want to see ads on a particular website, all I need to do is disable Adblock for that site.
With that in mind, I find the actions of Giorgio disgraceful. NoScript has been removed from my computer, and will not return anytime soon. Trust is something slowly gained, but quickly lost. Giorgio has lost my trust.
I do accept his apology. However, I do not believe he has fully accepted that his actions were wrong. He does not believe that his inital act (which triggered this cat-and-mouse) of using the initial "work-around" to display ads to Adblock users was wrong (it is not "giving users choice" - we already made the choice when we installed Adblock, installed the filterset, and chose not to whitelist the site).
I can only hope something good will come of this, and Firefox and the related software ecosystem grow stronger as a result.
May 5th, 2009 at 3:00 am
>Please help me to repair the damage I’ve caused with my errors.
May 5th, 2009 at 3:02 am
Here's the other half of my comment, which got cut off:
One helpful suggestion:
Stop bringing up other people when you talk about what YOU did.
I always think a person that does this isn't not taking full responsibility for their actions.
May 5th, 2009 at 3:07 am
"If you’ve got some familiarity with Adblock Plus filters, you’ll notice any standard web technology beyond basic HTML/CSS (scripting, frames, AJAX) was completely disabled.
They got to the point where users could no longer even see the regular links to install NoScript or FlashGot."
Its an irony of sorts. NoScript breaks (scripting, frames, AJAX) on other sites. If someone does the same on the noscript domains it should not really be a problem. You should be using only HTML/CSS on your pages and things should work without using JavaScript.
May 5th, 2009 at 3:09 am
Steve A.:
putting things in context when you think they had been misrepresented, even if you're guilty, doesn't implies not taking full responsibility.
He did both, and I appreciated both his balls (reverting his errors first, then apologizing publicly) and the extra info he put on the table.
I'll keep NoScript.
Giorgio, keep up the good work!
May 5th, 2009 at 3:12 am
@117
Quote:
"breaking NoScript’s website by targetign it individually deserves an apology just as well, not what you see above in #110, what is essentially a very shameful reply."
NoScript's site wasn't "broken" until the filtering was escalated after several back and forth attempts between Giorgio and Ares2.
Giorgio shouldn't have been exploiting a weakness in ABP IN THE FIRST PLACE. (Talk about user choice, here... If someone is using Easylist... that means they don't want to see ads AT ALL.)
Ares2 was attempting to "cover the weakness in ABP" which is what a filter update is SUPPOSED to do.
Giorgio persisted exploiting the wekness and circumventing the Filter set, until finally a filter update by Ares2 broke Giorgio's site.
Who's fault is that? Giorgios. Period. He's been doing slimeball moves for a while now... and the crap that just hit the fan was the slimiest.
Yeah... I'm going to trust someone like that with my browsing security.
May 5th, 2009 at 3:20 am
[...] Dear Adblock Plus and NoScript Users, Dear Mozilla Community (2009-May-04) [hackademix.net] [...]
May 5th, 2009 at 3:28 am
Computer programming has always been divided into two groups of developers: those that believe the computer belongs to the user and that the user has a right to choose how to use it and those who believe the computer belongs to the programmer and that programmer has the right to decide how the user uses it.
I believe the sincerity of your explanation but I'm afraid that, for me, you've shown which camp you belong to by crossing a line that I can't accept. I won't be using your products any more.
May 5th, 2009 at 3:59 am
Your mea culpa comes off too contrived & defensive to be believed. No reduction in offense level for acceptance of responsibility for you.
May 5th, 2009 at 4:42 am
I am a NoScript user, and I can tell you that I also learned something from this incident. I never realized how blindly I, and everyone trusted you. No one seemed to be checking your code to see if you were doing anything suspicious. But by breaking peoples trust, you actually made the addon more secure because now people wont trust you as easily, and will be more likely to investigate.
And I accept your apology. I am sure you really care about peoples trust in you, and probably won't do something like this again.
May 5th, 2009 at 4:44 am
It's hardly a bug, I've never seen an adsense box since I've used ABP
May 5th, 2009 at 5:13 am
[...] seemed that people came to their (common) senses after that. Maone basically apologized to the Mozilla community, removed the changes that blocked Adblock Plus, and said: So I had this [...]
May 5th, 2009 at 5:15 am
Excellent write up. I say that as a user of adblock and NOT noscript.
Why adblock targeted your little site to the point of ruining it (as you write) is beyond me. Extremely petty of them. I understand your brief competitive desire to block their petty targeting of you.
Of course what should have been done is expose why adblock is deliberately going after your tiny site to the point of ruining its display. For the ads alone, you're not cnet or something. Crazy of them to specifically add you to the main filter set. They provide a tool, not rid the world of all ads on our behalf on every little website they don't like.
May 5th, 2009 at 5:18 am
[...] was meant to read on automatic update page, dared a (painful) look at Slashdot, Digg, Reddit, [...]Brenda Song is a Cupcake Cutie Just Jared Jr.I'm always reading! I always carry a book in my [...]
May 5th, 2009 at 5:21 am
[...] Ars Technica has a good post up about the catfight between extension developers that prompted the proposed policy changes. In a nutshell, the developers of the NoScript Firefox add-on, which polices content from "untrusted" versus "trusted" sites, faced an uproar last week when people who used the AdBlock Plus extension found it disrupting AdBlockPlus in the background. This heated blog post from AdBlockPlus.org discusses how the whole problem escalated. Since then, the NoScript extension has been modified to agree with the Mozilla policies, and this apology post went up. [...]
May 5th, 2009 at 5:32 am
Mr Maone deserves kudos for his straight forward apology.
However, in future please respect USERS. People instal AdBlock Plus for a reason, and just because this reason puts your business at a disadvantage, that does not give you the right to deny us our objective. I used NoScript happily in the past, but after this episode I took off your extension from all my computers.
May 5th, 2009 at 5:33 am
I'm sort of tuning in late, here, so I'm responding directly to the post (and not reading the comments-- not that I do, on most sites).
I saw the update with the ABP work-around. I installed it. I assumed it was to restore legitimate functionality. That it wasn't, I'm not precisely ecstatic to learn... but I'm not angry, either. It was a breach of trust, yes, but it was repaired relatively quickly, and the real harm caused by the change itself was minimal at best. It's also over. Done. Been and gone.
I'm about half-way through your apology, and I have to take a moment to say that, even if (or especially if) it's entirely heartfelt, it's too much. No one's soul seems likely to be damned over a design change that-- let's be clear --did not actually *break* anything. It didn't put people out of work, wipe backups, eat small pets, or cause minor dandruff.
Just don't do it again.
After reviewing some of Palant's older posts, he seems to me to be a reasonably nice and idealistic person (I like that), but likely overzealous. I'm regularly annoyed by nice, idealistic, and overzealous people, sometimes to the point that I have to leave rooms, or possibly just IRC channels, before I boil over. I understand the irritation.
I suspect you already realize that you should have presented your case to your userbase before making a misleadingly-named change. You'd probably have gained a lot more support by presenting the facts and asking for help. (Could be worse, though. You could have marked WGA Notifications as a Critical Security Update.) Make a different mistake next time, if there's a next time.
Now, if you're still reading: where's that whitelist? I'd like to add it back to my ABP database, where it belongs.
(If merely loading/displaying the ads helps, that is. It's incredibly rare that I click on an ad, unless I'm paging through Google shopping results on purpose, and happen to catch a relevant-seeming text ad. If it doesn't help, or not enough for one guy displaying ads a couple times a week to make a difference, I'll look at a modest donation.)
(Donation-wise, can you provide some basic information on your financial goal for the project, your current or average shortfall, and what sort(s) of thing(s) the donations are used for? I'm always more comfortable donating money when I have a clear idea just what it'll be used for. I'm not asking for a flashy PowerPoint show (hate PP anyway), but really a few sentences, a few numbers and possibly a modest graph or chart.)
Thanks for all the hard work on NoScript!
May 5th, 2009 at 6:18 am
[...] NBE Basketball Report put an intriguing blog post on Dear Mozilla community: I screwed up. Big time.Here’s a quick excerpt Comments [...]
May 5th, 2009 at 6:41 am
Many props for taking the step to apologize. I think the AMO blog title sums it all up "No Surprises"
May 5th, 2009 at 6:48 am
Dear Giorgio,
You are not the victim so please stop trying to say that you are. People didn't want to see ads yet you decided to work around their wants by exploiting a bug in the Adblock addon. When someone finally got around to trying to stop you, you decided your wants were more important than the users. At that point you lost any moral backing you may have had. You, for whatever reason, decided that your site shouldn't be made to play by the same rules as all others and should be allowed to have ads displayed against the users wishes. You say that Adblock users that really didn't want to see your ads could have just disabled googlesyndication.com to not show them, but they shouldn't have had to. You say that you felt singled out and just retaliated in kind. Well I hate to break this to you but all sites that try and do something tricky to get ads to show get special rules to block them. All you had to do was not try and get your ads to show against Adblock users wishes and none of this would have happened. So in effect, you caused all of this. So yet again, you are not the victim so stop trying to gain sympathy by playing as if you are.
PS: Unlike some people I am not going to stop using your addon because of this whole mess. I like it and it is useful. But I would like you to know something. After this whole mess I have added your sites to my Adblock whitelist. If you wanted me to look at your ads, all you had to do was ask. I would have gladly done it before since I don't mind supporting sites I like.
May 5th, 2009 at 6:51 am
[...] was meant to read on automatic update page, dared a (painful) look at Slashdot, Digg, Reddit, [...]Brenda Song is a Cupcake Cutie Just Jared Jr.I'm always reading! I always carry a book in my [...]
May 5th, 2009 at 7:07 am
[...] for what extension behavior is and isn’t kosher. NoScript’s developer has published an apology and agreed to follow the new rules. And I, for one, will be a tad paranoid from now on when installing new [...]
May 5th, 2009 at 7:28 am
If only politicians would have the courage like you and say sorry instead of saying they're the solution, I think the world would be a much much nicer place to live. Apology accepted from a Adblock n NoScript user. I'll whitelist your site for support.
May 5th, 2009 at 8:10 am
[...] Der NoScript-Entwickler gibt zu, ziemlich blind gehandelt zu haben und entschuldigt sich. Und dank der vielen Aufmerksamkeit sind wohl auch die Spendeneinnahmen gestiegen.. 0 Kommentare [...]
May 5th, 2009 at 8:17 am
(why are this comment box labels right from the input fields!?! thats sick)
Tsstss, Are2 seems to be also some kind of jerk. He also played with his power, in my opinion beyond the border. When he makes your site no longer working, it isn't about Blocking Ads in General anymore. Still your reaction sucks, but its actually matching the shitty behaviour of AdBlock before ...
May 5th, 2009 at 9:15 am
I haven't used NoScript in years because I find it a little too restrictive, and sometimes it slows down my surfing which confuses me because you would expect it to speed up with such an extension, BUT! please, stop beating yourself up over this. After reading both sides of this (on each of your respective blogs) I'm siding with you, not Wladimir.
Facts:
1) Wladimir doesn't fix a bug in his own code that allows you to continue to run ads that ABP filters normally block out
2) Instead Wladimir adds your domains to basic filtersets
3) Then Wladimir blames YOU for having to do this
4) Wladimir gets angry when you update your code to circumvent his circumvention of your circumvention of his own broken code
5) After war breaks out between you and he breaks your add-on, he throws a public fit when you break his
6) And somehow YOU'RE at fault for all this? BOLLOCKS.
I'm sorry; I love ABP,, I use ABP, and I'll recommend both ABP and NoScript to anyone, but Wladimir had to be somoking crack to go public with any of this. If anyone should get sandboxed (and God, I hope he doesn't, but it's too late now to change how I *feel* about it!) it should be him. Not you. Lose other's trust? It should be him. Not you.
This isn't about who makes money, who doesn't, who runs ads, who doesn't (which on top of everything else, he tried to make this about) it's about who's right and who's wrong. My opinion? it's him. He instigated this and he should be ashamed.
Where is *his* contrition? At this point, he strikes me as slick, a shyster. Kudos to you for what you do, and please don't let this unfortunate brouhaha deter you from it.
May 5th, 2009 at 9:15 am
[...] will be approved.It seemed that people came to their (common) senses after that. Maone basically apologized to the Mozilla community, removed the changes that blocked Adblock Plus, and said:So I had this [...]
May 5th, 2009 at 9:31 am
It's good you have come clean, but to be honest my trust in the extension community has been damaged. Perhaps for good.
Of recent I have experienced some severe stability problems with FF3 and despite LOTS of help over at MozillaZine forums I have not been able to resolve those problems. See here:
http://forums.mozillazine.org/viewtopic.php?f=38&t=1199145&st=0&sk=t&sd=a
I had a sneaking feeling that it was extension related as my system stability went to shit after upgrading to FF3 and after updates to these two extensions. FF certainly seemed to be more stable without my two favourite extensions (Adblock Plus and NoScript) being installed, but it was hard to come up with numbers to actually support that, especially as the problems continued despite uninstalling them. As I had no proof and was unable to prove that these extensions were causing me a problem I said nothing, but a system rollback to FF2 and no extensions resolved the problems...until I upgraded again.
This is really bad for the community. We rely on you guys and your good publically minded spirit. It's very easy to destroy trust, it's not so easy to win it back again and in future I will be very much more cautious when it comes to the use of add-ons.
May 5th, 2009 at 10:14 am
[...] der herzzerreißenden Entschuldigung von Montag gab Giorgio Maone zu, ein kleines Stück Code für sein Tool NoScript geschrieben zu haben, das um [...]
May 5th, 2009 at 10:31 am
[...] hackademix.net » Dear Adblock Plus and NoScript Users, Dear Mozilla Community [...]
May 5th, 2009 at 12:05 pm
I thank you for coming clean on this and explaining your side of the story without any spinning and twisting of the other side's argument.
I hope NoScript does not fail as an add-on... it is already difficult to get some people to use it effectively (many of the people I helped configure their systems do "Allow Scripts Globally" not to have to learn how to browse more cautiously) and if the trust behind this extension gets compromised I do not think the Firefox community will be served well by a declining use and support of NoScript (which has evolved a lot).
I do not want to go talking about the effects of users setting an extremely aggressive ad blocking strategy with Adblock (and how that might not be the best for free sites those same users enjoy [greed or not, people need to eat])... that is a whole other can of worms to open.
May 5th, 2009 at 1:10 pm
I've used both products for a long time. I can fully understand your frustration and I'm glad you've talked about it here.
At least it's all out in the open, no-one got harmed and it opens a good and needed discussion on add-on security.
I still maintain no-script is one of the best internet security tools going.
May 5th, 2009 at 1:14 pm
If I had just learnt about your fault (more than a mistake) and if I had not read this apology and seen that you have taken action to correct your fault, you would have immediately passed to the darker side of the force in my mind. I would have felt betrayed, I would have uninstalled NoScript, I would have told everybody Giorgio Maone is a #*@$£~¢ (insert your most abject insult here).
If.
However you admitted your fault, you corrected it, you apologized, etc etc, and now my trust in you and your extension is bigger than it was before the extension, because now I somehow feel there is a human writing the NoScript, with qualities and defects, but with honest and laudable intentions.
Giorgio, we have already shared emails some months ago about some incompatiblity of NoScript with Google Toolbar 5 beta, and you were very supportive and reactive, I really appreciated the way you cared about my problem report. I remember thinking "this guy seems to be a good guy, if we were developers in the same company I would appreciate if he was a colleague of mine".
Adblock Plus and NoScript (in no particular order) have been my 2 favorites extensions as far as I can remember, and they continue to be. Hope ABP and NS developers can collaborate and restore peace because both are doing great work (and, as this story shows, sometimes mistakes).
Giorgio, Wladimir, Ares2, please continue your great work, don't forsake your respective extensions, and please come up to the table and reconciliate yourself. I think I will make a donation to whoever of you 3 accepts them, just to thank you and encourage NS and ABP development.
May 5th, 2009 at 1:27 pm
What you did was unforgivable. Adblock Plus blocks ads, you tried to cicumvent that because you don't want your ads blocked - you want people to see them. If people don't want to see them, that is up to them - you tried to force your ads upon visitors to your site. It is not your choice whether people see your ads or not.
I never used noscript, and I certainly won't now after seeing this. Adblock Plus was doing what they should be doing - blocking ads. You were using noscript for your own agenda obviously because you want to make more money. You deserve to lose all donations and revenue from ads because of this.
If you want to make money, you shouldn't try to do such things as this. That certainly doesn't make me trust you, or your extension.
May 5th, 2009 at 1:28 pm
[...] Firefox plugins (like most software) don’t make that much on a per user basis from donations. Here’s the story of the writer of a noscript plugin “confessing all”, only to be followed up with more [...]
May 5th, 2009 at 1:59 pm
Giorgio, to follow on my post #178:
-just donated a small quantity to show up my restored trust in you and thank you for the hard work on NoScript
-this is no big quantity but should more than make up for the money you won't earn by the ads I won't be viewing on your sites (because I still won't enable ads on your sites)
-I would love to make the same donation (same quantity) to ABP if that was possible because I also want to thank ABP team and support them
-please never do the same fault again because it won't be forgivable twice
-please do what you wrote about in this blog post; I mean, please setup a code repository for NoScript so that it really becomes OpenSource and therefore, more trustworthy
-I read Wladimir Palant's post, and his position is also very understandable, so I believe you should reconciliate and each make a step in direction of the other because you 2 have good arguments, good intentions, and good extensions
-please continue your nice work on NoScript (and only the 'nice' part)
-thanks again
-as you can probably see, I spoke and I acted, I really donated some money, because I really support your work and I am really grateful for NoScript
-I know I didn't give a lot but when I donate more, I do it for more important causes, like Red Cross, MSF (Médecins Sans Frontières, Doctors without borders)
-Again I didn't give a lot, but still, you are the first person I donate money to to support his work, so you have earned a special position.
-thanks again
-again, I urge you to never reproduce the same fault
May 5th, 2009 at 2:06 pm
[...] hackademix.net » Dear Adblock Plus and NoScript Users, Dear Mozilla Community [...]
May 5th, 2009 at 2:28 pm
>Marah Marie #171
I completely agree, I won't lose my trust in this useful add on because this issue. Even though adding noscript.net to a filterset is more politically correct than modifying the behaviour of another extension, it personally think that is worse the first one.
If there was a bug in ABP, they should've correctet it, nothing more and nothing less. Starting a personal war was out of the question.
May 5th, 2009 at 2:29 pm
We all make mistakes, I utilize both extensions on Firefox. You're apology goes a long way.
May 5th, 2009 at 2:34 pm
[...] yayınlayan NoScript, bahsi geçen AdBlock Plus filtrelemesini kaldırarak, geri adım attı. Bir özür yazısı da yayınlayan NoScript yetkilisi Giorgio, yaptığı hatayı kabullendi ve AdBlock Plus [...]
May 5th, 2009 at 2:54 pm
it has been quite irritating with your too-frequent updates always diverting me to the homepage and for this reason i stopped using NoScript some time ago.
After reading your story, I can understand how your reactions came about and how, in a short period of time, you overreacted without consideration (not malice towards firefox users).
I'm going to use NoScript again and be happy to view the project homepage whenever you put out a useful update.
At the end of the day its still a tremendously useful extension and it seems you're copping too much of a beating for a mistake you quickly remedied with no harm to anyones health or wallet.
Thank you for your maturity and your fantastic work.
May 5th, 2009 at 3:08 pm
[...] “I screwed up. Big time” dice el autor de ambos plugins -FlashGot y NoScript- comentando el serio dilema que viene ahora que es explicarle a la comunidad de usuarios de Firefox el porqué lo hizo y, como no hay respuesta aparente, todo queda en una disculpa del creador y una actualización del plugin que ahora permite configurar si se desea agregar los sitios del creador a la whitelist de Adblockplus. [...]
May 5th, 2009 at 3:18 pm
From what I can tell, you work extremely hard, you've exhibited genuine repentance, and this has been a wonderful opportunity for your own personal growth. I pray that great things come out of this for you, and I hope you are able to forgive the nastiness of others. God bless.
May 5th, 2009 at 3:19 pm
Seems to be unfortunate behaviour by developers of both extensions, and it's good that it's been resolved quite quickly with a full apology. Hopefully the lasting impact of this will be minimal for both of these popular add-ons, for Mozilla and for Firefox.
But it seems to me that it shouldn't have been possible for it to get as far as it did. Individuals in general are always going to make mistakes of this kind or other kinds. No individual should have the power to do that stuff without some kind of authorisation or review. I guess AMO's new policy on "surprises" will help.
Anyway, it is good that the same passion and effort that went into this unprofessional behaviour has also gone into fixing it and apologising, and will hopefully continue to drive the development of NoScript (not to mention advocating to Mozilla for tighter built-in controls)
(I'm not a user of Adblock Plus or Noscript, only of Firefox)
May 5th, 2009 at 3:26 pm
So AdBlock deliberately targeted your sites. You added functionality to NoScript to undo that. And you are the one offering profuse apologies? Certainly you are a better man than Wladimir. I'll continue to support and recommend NoScript. It's a great tool that offers excellent security for Firefox users. NoScript betters the Web for everyone who uses it.
I can't say the same about AdBlock, a tool that turns Web surfers into the virtual equivalent of shoplifters. And apparently a tool that its developers are using to target competitors and block their revenue.
You may have made a simple mistake. But what AdBlock has done is, imo, criminal.
May 5th, 2009 at 3:49 pm
I don't feel you're the bad guy in this. Wladimir specifically targeted your site, and you did what you felt was required. Stupid moves on both sides, though I understand yours (Defensive) and do not understand his (Blatantly offensive).
It's clear that the freeloaders of the web, who are denying advertising revenue to services they apparently expect to receive for free (bandwidth isn't free, bastards), are more cranky than they have a right to be about this issue.
A couple points I would like to make:
1- NoScript isn't meant to block advertising, it's security software.
2- Frequent updates of security software do not denote poor coding practices, they simply reflect the mutating world of trying to keep our machines safe from drive-by downloads, malware, etc. It's an arms race, people, and like it or not, Giorgio is one of the good guys.
3- We owe the people who develop the tools that they GIVE AWAY FOR THE PUBLIC GOOD at least some respect, if not a click or two on their ads.
4- Blocking ads isn't necessarily wrong, but to do it indiscriminately will eventually send the decent folks who spend their free time and energy working towards the greater good, off to more, how should I say it, commercial pastures.
5- Even after meddling with the ABP filters, NoScript does not deserve to be tagged "Malware" by every turd with fingers and five minutes to spend giving ratings on AMO but without the 5 minutes to get both sides of the story.
Soldier on, friend. The people who understand and appreciate your work are not likely to be swayed by this incident. In my opinion, if people would like to uninstall NoScript over this issue, they're entitled to the landslide of crap they'll likely end up accumulating by simply browsing the web.
May 5th, 2009 at 4:20 pm
[...] In a nutshell, Giorgio Maone, the developer of NoScript modified Wladimir Palant’s Adblock Plus (APB) add-on so that APB would not block the ads on the NoScript website. This was a really bad thing to do as it was done on user’s computers without their knowledge or consent. Effectively, NoScript behaved as malware. In retaliation APB enlisted the aid of Easylist to block access to the NoScript web site, ensuring that users of both ABP and NoScript could not update their version of NoScript. Where NoScript’s “damage” was causing users to see advertisements, ABP actually prevented users from getting security updates. Palant has his explanation of the events at http://adblockplus.org/blog/attention-noscript-users. Maone has his explanation and profuse apologies at http://hackademix.net/2009/05/04/dear-adblock-plus-and-noscript-users-dear-mozilla-community/ [...]
May 5th, 2009 at 4:25 pm
@ #134 Security First: Well said, just like on Wladimir's site, your comment is among the few that I take seriously.
But, as if to prove your point, for one reply that's worth reading, there are 15 other stupid ones from the "loudly ignorant and primarily juvenile mob" you mentioned (#139 & #145 for example, the former especially).
I don't believe there's one single NoScript user among those who just took the words of one person, quickly jumped on the bandwagon and uninstalled the add-on. And I don't intend to argue this any further, seeing that people need to come up with their own decision here, no matter how wrong it may be.
May 5th, 2009 at 5:08 pm
Giorgio,
you did something that you shouldn't have done. But I accept your apoloyg, and you still have my support.
May 5th, 2009 at 5:39 pm
I read every word.
I applaud acknowledgement of your errors and for asking forgiveness within the community.
May 5th, 2009 at 5:42 pm
Kudos for standing up and talking honestly about what you did; I have used and will continue to use your extension, because I still trust you far more than a random web site I visit. Your motive was also understandable, if not acceptable. Thank you for your past and future work!
May 5th, 2009 at 5:44 pm
@zenitenth
People who don't agree with you aren't necessarily stupid. The two posts you mentioned are an example (the former especially). The last paragraph of your useless post is actually an invitation for people to forget their own best judgment and common-sense and rally behind a man who acted dishonestly and in very bad faith. What he did was wrong, it still is and it will be, regardless of your lame try to label everyone who disagree with your opinion as simply a "juvenile mob and loudly ignorant". If you tolerate a wrong decision or is willing to forget it, don't blame others for not have the same low moral standards as yours!
Get a life.
May 5th, 2009 at 6:34 pm
[...] was meant to read on automatic update page, dared a (painful) look at Slashdot, Digg, Reddit, [...]Brenda Song is a Cupcake Cutie Just Jared Jr.I'm always reading! I always carry a book in my [...]
May 5th, 2009 at 6:51 pm
I'm a long time noscript user. Shame on you for what you did. But since you backpedaled and show repent, I think you deserve just another chance. I'll install noscript once more, but don't think a simple apology will make up for all the harm done. You better work your ass off improving noscript,.
May 5th, 2009 at 7:05 pm
In the end, your apology is worthless, because no sooner have you started to make it, than you try to weasel out of it by claiming that your site was being "sniped". The fact of the matter is that you completely disrespected the wished of the users of AdBlock Plus and engineered a workaround to try and get the ads on your site seen despite the *intention* of the AdBlock filter. You've admitted this yourself, so anything extra that you write is pure fluff to try and make you feel better about what you did. The countermeasures taken on the part of ABP are potentially questionable, given that they could have achieved the same end by fixing the bug. However, the assumption that I would have made in their place is that the site maintainer is trying to game the system and something needs to be done straight away.
Unfortunately, if you were the man you think you are, instead of escalating this into a tit-for-tat situation you would have contacted the list maintainer, found out why it was happening, and hopefully realised that you were being a selfish prick.
You didn't, which says more about you than any amount of insincere grovelling.
At least there's one good thing that came of it and that is I now know why the NoScript and FlashGot update pages have been popping up on an irritatingly regular basis (I switch between 4-5 machines on a regular basis, so it's not just a simple matter of dismissing the page after an updated, it's having to do it on every machine when I log in and start up the browser!)
It's debatable now whether I'll continue to use either of your extensions on my machines from now on, or indeed whether I'll install them on machines I set up for other people. Obviously I'll have to evaluate whether their functionality will be better served by other extensions, as NoScript especially is an extremely useful tool.
I hope that I will look more favourably on your work in future, but with the prevarication and finger-pointing displayed in your so-called apology, I'm not sure whether you've learned from your experience of being the instigator of a rather sorry episode. I hope you have, but time will tell. At least you seem to realise that what you did is all the worse because you did it from a position of trust.
Anyhow, I do wish you luck - I know we all make mistakes and you've been unfortunate enough to have made yours in such a public manner. Let's just hope that you can accept that it was of your own doing and what you did was provoke the progressively more extreme countermeasures.
May 5th, 2009 at 7:18 pm
@#198 Killy says: "but don’t think a simple apology will make up for all the harm done. You better work your ass off improving noscript."
Get over yourself already! Who are you to tell anyone anything? Just another anonymous stranger on the Internet who happens to use a free addon for a free browser. Yes, I dare say you would like people to scurry around for nothing, as many of you would, but for what? So you can feel big and order people around!
How many of you died or lost someone close to you by having to see a few ads on the author's site? None. That is all that happened, some ads were visible on one site on the huge Internet. Now we get this Cyber-bullying here by total nobodies eager to seize on someone saying sorry as an opportunity to bully someone, which they would be petrified to do in real life.
Shame on you.
May 5th, 2009 at 7:52 pm
Enough with the apologies, etc, already.
How about now we focus on something productive for the future?
For example, developing behavioral profiles for dangerous crimeware toolkits, such as LuckySploit, and extending NoScript to detect and block them.
http://www.finjan.com/MCRCblog.aspx?EntryId=2213
http://www.malzilla.org/tutorial06/index.html
Cheers!
May 5th, 2009 at 8:27 pm
I wanted to thank you for this apology. I do not believe it is "worthless" as others have said, simply because I don't think you'd try anything like this again - at least I sincerely hope you don't. You have kept my computers safe for years, and for that I am grateful, but I feel like you may have lost track of the incredible trust that you have garnered across the 'net. More than anything else, I hope you learned the sheer power you have across this userbase, and the necessity to always act in the best interests of your users above all else.
As a side note, I think you need to seriously consider getting rid of sponsors. As long as you have sponsors, they'll always come first.
May 5th, 2009 at 9:27 pm
Um, looks to me like both you and Wladimir have been sneaky. The similarity ends there, since he's also been sloppy (failing to fix the original ABP bug you made use of) and still refuses to accept he did anything wrong by going behind users' backs and getting others to do his dirty work. You fessed up and fixed the problem at your end. Good job.
That said, I blocked the Google ad scripts as soon as I installed NoScript, and I won't be unblocking them just to help you, when I'd be allowing them everywhere. Maybe selfish, but it's my computer. I *will* donate once I have some cash spare, but I'm a fairly penniless student, and the fact is you've not got anything back from me yet.
Maybe you should start charging for updates, and force my hand...?
Chris
May 5th, 2009 at 9:35 pm
Why do so many seem to think that Giorgio somehow OWES us an apology. He subverted a program that was crippling HIS websites. Not a single person was damaged or harmed in any way. I am utterly floored by the sheer sense of entitlement so many folks seem to have. And so smug and holier than thou to boot. Giorgio has provided FOR FREE one of the single most important security tools for the average joe. He doesn't owe US anything. WE owe him. Giorgio, don't listen to the stupid people.
May 5th, 2009 at 9:48 pm
how could you do this to your own users man... We were literally getting punished for using your addon.
hope your apology is as sincere as it sounds.
Big-picture-wise... you're still standing - though on shaky ground imo.
Keeping the faith n the addon (for now)...
May 5th, 2009 at 9:48 pm
Thanks for NoScript Giorgio! :-)
While I don't 100% agree with the decision you made (and promptly unmade), it could have been a lot worse. I personally think an extension that lifted passwords and bank details would have been truly malicious; this was just a silly thing, especially compared to the perils of the Internet that I have been protected from over the years.
May 5th, 2009 at 10:06 pm
Thanks for the applogy.
Some points for some commenters:
- If you used NoScript as a AdBlocker, you missed its point. Install ABP.
- If you go Fork this plugin, be sure you get skilled people. Its not easy.
- If you remove NoScript, be sure to have another way of disable Javascript or get owned fast.
- If you want no updates, disable them in the prefs. If i use a security plugin, i want updates as fast as possible. Even if this means twice a day.
Keep up the good work maone.
May 5th, 2009 at 10:07 pm
This was written to be mailed to you, but I considered a public letter for a better way.
Something that's skyrocketing here are the comments
Dear Giorgio,
Good that you come clean with it.
I'm a NoScript user as I'm a ABP user too. I read both sides and created my own sight of the things. First I saw the release notes of NoScript where this feature got officially implemented, without knowing how it works. Then I read news about NoScript injecting code into ABP... I read something one-sided as the author reflected ABPs side only. There was the word 'obfuscation'... something I read if there is malicious attempt to hide something (or in Games). Then I started reading your apology, but stopped to read the ABP blog first, to get back and read the apology again with all the replies to # 197 at time of writing. (read #206 before posting)
I can't say all is well. That's simply not true. You abused my trust, but didn't broke it. It's damaged but you fixed it with a good explanation of your sight. I guess what really made me loose some faith is the Firefox-addon-system. You showed me how blind I was. You showed that the addon-system is vulnerable and that I'm vulnerable, too. This is one of the good points about this. People should have learned now that trust can be abused. Whatever... you haven't lost my trust, because you stepped out in front of people and briefly explained it. Maybe not as main reason, but it's quite a good reason for me. Things would have developed worse if you'd said “I did noting wrong.”
The apology was necessary in my eyes as you've crossed a line.... not only you, but that will be ignored by me. It was also necessary as the approach was too hard and hidden. Thank your for apology... I have forgiven you if I really needed too... there was no reason to hate or despite you. We are all humans.
Whoever begun this war, or what led to it, is not important to me. Just that you came clean.
ABP blocks ads and your sites display ads. You tried to bypass the filter what resulted in updated filters.... you attempted to bypass the filter again and the filter got updated.... that's a damn circle and it never ends if no one wants to end it.
You apologized for what you did in relation to the last attempt to show the ads by whitelisting your domains in ABP. But you haven't pointed out how it will go on. Could you do this please? Someone has to brake the chain and this should be you IMO. You should leave your ads as they are and Easylist will block just them, to leave your sites intact. Then the users will decide if they whitelist your domains or not or they don't subscribe to Easylist. If you had asked for it you wouldn't have this mess. Some people would have whitelisted your domains just to support you, Your ads aren't annoying or even offending. I use ABP to get rid of disturbing ads, that are moving or imitate a cursor. I don't mind to see ads if they don't disturb me. I subscribed to filtersets to lay the work on other shoulders as mine. I still add my own filters. NoScript has a different way to work. It blocks all scripts until I allow them.
Maybe things would have developed totally different if you'd chosen a public approach.
I couldn't agree to the obfuscation theory at first, but I thought about it. It was intentionally written to be hidden for a quick look at it. It doesn't matter how easy the obfuscation was it was hidden to the Average Joe. You can't say a bank robbery isn't a bank robbery, because the safe wasn't locked. (Bad comparison, you are one of the few good ones) Although I have to say that I think if you really wanted to hide it you would have done that. It could have been much worser.
What you did was wrong in the way how you did it. Just to review it and say it in my own words.... You have written code for NoScript in order to cut ABPs function (deeply, where filters are applied) to block ads on your domains.
Now let's say some guy has a site that uses JavaScript, but it's blocked by default with NoScript. Users are complaining so he does a addon for Firefox with a useful function plus a function that cuts NoScript function by whitelisting his domain. Well the guy would have some trouble. Or if bad guys would have done that.... what a disaster.
Just to show you that your attempt to get your nuked (intentionally or not) sites back to work (plus having the ads shown) was the same way an attacker would have gone. I wonder how you could have considered this as good way. You should have known that someone will find out what you did. You wouldn't give up if some reports a glitch in NoScript.
I hope you allow me this question: Does AMO still trust you? What you didn't wasn't bad, the way how you did was. You fixed it quickly, but I would understand if your code would be analyzed before users get it. I wouldn't like such a step especially as you seem to have learned from all that.
Before you do something next time. Ask yourself what would be if someone does what you want to do. Some things got misinterpreted... Look at your child and ask it if you're in doubt... it will tell you even if it can't speak.
Someone said something about politicians here... and I agree. I've they would have the courage to go out and be responsible for their faults the world would be much better.
Someone also said that it would be unforgivable if you try something else again. I agree to this. (just the way)
You may lost some users, but those remaining are loyal and times will get better.
Thank you for explaining everything. Thank you for NoScript. You haven't lost my respect. I asked two questions in this comment and would like to get the answers. As you have my mail you can write me or simply do it in public with a new blog entry. Well you don't owe anybody to answer, but it would be nice.
Whitelisted hackademix and maone today.
Basti (bastik)
May 5th, 2009 at 11:36 pm
Ironic that a tool used to protect yourself was doing something without the user's permission. Still, the author has righted the wrong, and I respect him for that - and for devoting so much of his time to the plug-in. I see updates nearly every week, so there is some true dedication behind this guy. I am really grateful.
As for blocking ads, I believe the type of person that blocks advertisements probably doesn't click on them much either. For this reason, I think the effect of ad-blocking is overstated.
May 6th, 2009 at 1:36 am
leggi qui, purtroppo è VERO.
http://punto-informatico.it/b.aspx?i=2615915&m=2616231#p2616231
ciao...
May 6th, 2009 at 4:55 am
I continue to use and support as well as promote NoScript. I use both add-ons and I didn't mind the update because after all, the EasyList was adding new filters specifically targeted toward InformAction domains.
Thanks for providing us with a wonderful and free extension! It is a vital part to my computer's security and is on my must have Firefox extension list.
May 6th, 2009 at 6:11 am
[...] seemed that people came to their (common) senses after that. Maone basically apologized to the Mozilla community, removed the changes that blocked Adblock Plus, and said: So I had this [...]
May 6th, 2009 at 6:24 am
All this craziness has done is make even more clear to me that you really are developing NoScript out of the goodness of your heart. This was really brought home by a comment from Tom T. I found on NoScript.net about the very real possibility of charging a small fee to every user for this crucial extension. I'll be making my small contribution shortly and suggest all satisfied users do so and also go to addons.mozilla.org and give NoScript the 5 stars it deserves as well (just did this myself, unfortunately NoScript iss down to a 3 star average currently). Maone, thank you for all your efforts to keep browsing the web safe.
May 6th, 2009 at 7:59 am
What point an apology so full of self-pity and self-justification? How can we be sure that you won't do something bad again as soon as you get "angry" or the "hacker" in you gets the upper hand, or you think you have a good enough (self-beneficial) reason to do so?
I am angry that you thought you were entitled to force your users to become part of Google's massive behavioral database.
It also worries me that before you "whitelisted" your site within AdBlock you had tried to manipulate AdBlock's functionality silently and invisibly (build 1.9.2 of NoScript). It was only after that attempt failed that you chose the more obvious (and easily detected from within AdBlock's own interface) route of adding your "whitelist". I doubt that you would have suffered a crisis of conscience and removed that early trickery at your own behest if it had remained undiscovered, nor do I believe that you would have removed your later trickery because of a crisis of conscience if it had not been discovered.
You see Giorgio - this entire sorry tale boils down to one important fact. Yes, you are entitled to display advertising, but your users are also entitled to install and use software that blocks said advertisements. You do not have, and have never had, the right to stop them from doing that. Nobody has the right to force their wishes upon others in such a way. AdBlock, on the other hand, were within their rights to do what they did to ensure that their software worked as promised for their users - that is, that it would block advertising if that was what their user wanted. Your site, and your software product, is not so special that it is deserving of some sort of special treatment. Nor should those behind AdBlock have turned a blind eye to your shenanigans. To do so would have betrayed their own users.
If your advertisements are so important to you, then make it a condition of your license terms that we can only use NoScript if we are willing to accept advertising in return. Then, you would be within your rights to disable ***your own software*** if you detected that condition being bypassed, but you would not be entitled to interfere with any other software on the computer in any way, shape or form.
I would not, however, recommend that you make the display of advertising a condition of use of your software unless and until you can guarantee that the adverts you display will not lead your visitors to malware of any description - and you and I both know that the chances of that never happening are negligible. How ironic it would be if an advertisement on your site led one of your users or visitors to to a malicious web page, or to a site offering fraudware or scareware for sale.
May 6th, 2009 at 9:49 am
Maximum respect to you for having the balls to fix your mistake, and to post this. Maximum respect.
May 6th, 2009 at 10:13 am
Just heard about this thing and there's no apology that can make this right!! What you have done and cannot be justified:
1) changed settings without users consent
2) 'attacked' other apps for financial gain
3) misused user's trust to do as you please!!!
4) make a 'statement' of how sorry you are, while you are just continuing to misuse your users trust!
5) resleasing a free app does not give you the right to tamper with user's settings! These are your 'source of income'.
From now on, Noscript is unpredictable and untrustworthy and i will never trust any of your apps ever again. Big mistake. Boo-hoo.
May 6th, 2009 at 10:26 am
you suck, dude! go whine in a corner or something. you did this to yourself.. greedy bitch
May 6th, 2009 at 11:55 am
[...] Maone ha risposto con altrettanto fomento sul suo portale Hackademix.net. Giustamente la Mozilla è dovuta intervernire personalmente per limitare i danni, ma sopratutto [...]
May 6th, 2009 at 12:53 pm
Let me the first to point out that this situation would be severely different if noscript didnt operate under the GPL License. Even if Maone said nothing, someone else would have figure it out. This is a message to all those who still love how microsoft and apple operate.
May 6th, 2009 at 1:06 pm
[...] hackademix.net » Dear Adblock Plus and NoScript Users, Dear Mozilla Community (tags: adblock noscript mozilla fight explanation interesting) [...]
May 6th, 2009 at 2:04 pm
let's make it simple guys:
- do you still like noscript? use it
- don't you? remove it
ps: giorgio, you're still #1, and... you're still a man.
many compliments.
May 6th, 2009 at 4:26 pm
Giorgio, when I first heard about this I was furious. Your actions, though understandable, were not justifiable. Nonetheless, there are a few good things which came out of this entire fiasco:
1. The Mozilla foundation are being forced to confront their own hubris and implement more thorough vetting of extensions.
2. Users are being made to realize that extension developers, theme makers, and all of the other hardworking people who contribute to these fantastic Mozilla products that we all love cannot exist on compliments and virtual beer. We have families to support and bills to pay just like everyone else. (Folks, please donate if you can; every little bit helps.)
Giorgio, that apology took balls. In consideration of all of the good NoScript has brought me over the years, I forgive you... but NEVER abuse our trust again.
May 6th, 2009 at 4:27 pm
I can not trust you anymore. Adios.
May 6th, 2009 at 5:06 pm
http://adblockplus.org/blog/extension-update-patterns#comment
May 6th, 2009 at 6:08 pm
Tanto di cappello!
E' cosa davvero lodevole il tuo comportamento; un esempio da seguire.
Considerando poi che in Italia la colpa non è mai di nessuno...
E comunque grazie per quello che fai.
( o.t.: col mio indirizzo di lavoro che ha l'apostrofo mi ha segnalato Error... )
May 6th, 2009 at 6:24 pm
@Giorgio: Italians should not have stolen 2006 World Cup. You paid for that. :-)
I'm pleased to see you have had a lot of (well-deserved) support.
May 6th, 2009 at 6:54 pm
One of the saddest things about this is if you had just ASKED or alerted the users upon install, 90% of them would have complied because we appreciate NoScript so much. What a shame to see all of that goodwill flushed down the toilet.
May 6th, 2009 at 8:05 pm
Your actions were reprehensible. You acted as a petulant, whiny baby. This incident has really shown me the difference between a professional demeanor (Adblock Plus) and amateur hour (you). Your attempt to cover yourself with this defensive "apology" is indicative of someone who still, even now, feels that they have been wronged, when in reality it's you who wronged us.
Scum like you are why I do not, ever, donate to software developers. If I had donated to you in the past, I would be disgusted with myself. Happily I am only disgusted by you.
May 6th, 2009 at 10:14 pm
You lost another user. noscript will never be installed on any of my computers ever again
May 6th, 2009 at 10:57 pm
Man, it takes ball to do what you did. Retaliating against Mr. Palant who was breaking your install links was right, but the way you did it was wrong.
Anyway your public apology earned you 100 integrity points in my book.
I'll be a loyal NoScript user for a long time yet.
May 6th, 2009 at 11:58 pm
You made a mistake, but we learn from them, keep it up Giorgi!
Ignore the users (I'm lol'ing at them) who call it malware and giving a rating of 1.
Been, and still am a user of NoScript!
May 6th, 2009 at 11:59 pm
You made a mistake, but we learn from them, keep it up Giorgi!
Ignore the trolls who call it malware and giving a rating of 1.
Been, and still am a user of NoScript!
May 7th, 2009 at 12:34 am
[...] further evidence of overreaching activities by the author of NoScript came to light, forcing a public apology, which appears after the [...]
May 7th, 2009 at 12:40 am
I never believed the doubters, and nothing has changed. If I could install only one add-on, it would be still be NoScript; no other add-on comes close. You have my very best wishes.
BTW: I would donate, but I am not a wealthy man. If you can incorporate some kind of opt-in feature to future versions of NS, I will happily accept ads on your domains.
Warmly,
Craig
May 7th, 2009 at 1:47 am
Giorgio Maone... ma quanti anni hai? 36 anni buttati al vento!
Che perdente, non immaginavo che a questo livello una persona matura potesse arrivare... fare le ripicche come i bimbi dell'asilo... mi chiedo che diavolo di educazione ti hanno dato... MA CRESCI, DIO MIO! CRESCI e impara a vivere!
May 7th, 2009 at 3:40 am
#225 and all the rest of you who blindly and stupidly follow Wlad like puppets, read my comment here and see that he is a despicable liar but just knows how to hide it behind others.
http://adblockplus.org/blog/extension-update-patterns#c002201
May 7th, 2009 at 5:52 am
I really don't care that you did this, Giorgio. NoScript is an excellent add-on, coding it takes time, time costs money, your ads generate money. What kind of an ingrate would I be if I used your add-on and then balked at your attempts to get the support you need to keep updating the add-on, thereby making my browsing experience much safer and more controlled? Sure, it may seem "underhanded," and I know you regret doing it, but none of your ads are obnoxious and none of them contain any malware. All you wanted was to keep making NoScript better and better. Anyone uninstalling NoScript because of this is overreacting and, let's face it, being a bit of a baby.
Much respect for the in-depth apology, but I personally wouldn't have needed it. You've still got my full support!
-Gavin
May 7th, 2009 at 6:19 am
Apology accepted! NoScript remains to be the most useful add-on I've ever installed, so this doesn't dampen my affection for it one tiny bit. Besides, it already does ABP's job. Much more effectively at that.
So thanks, and don't worry about it too much. We all learned something from this. And you've actually proven yourself to be the more honorable party here, while Wladimir sticks to his perceived lack of guilt in this affair. He seems to have it in for you, man!
May 7th, 2009 at 8:31 am
you know what? this all made me lose my trust on... easylist.
how dare they hunt down an ad to the point the site becomes unusable?
where is their courage to step back AND tell everyone they screwed up?
i feel comfortable with noscript now. but a lot uneasy with easylist.
May 7th, 2009 at 9:12 am
Unfortunate incident, and it could have been avoided if both parties would have taken their heads out of their asses. Still, it takes a dedicated man to apologize as publicly and openly as Giorgio did, I wish the other parties would have the same dedication and decency to do likewise.
If you have a problem with a person, take it to the person, don't try to punish them like a 14 year old schoolgirl with a grudge.
May 7th, 2009 at 12:07 pm
Still using both extension :)
May 7th, 2009 at 12:22 pm
Hey, the red mist sometimes hits us all, its life, but I agree with post 241, its takes a lot to say 'look I messed up and I'm sorry' SO publicly.
I for one appreciate Giorgio's work, I use NoScript EVERY time I install Firefox.
This is a debate that the OS community should learn from, we cannot get away from the economic necessity of making a living, Google ads are just one way of contributing to putting a roof over our kids heads and putting food on the table, with the state of the world's economies we all need every bit of help we can get.
May 7th, 2009 at 2:19 pm
Seems to me, as all the hate-postings above are coming from one single shitfa...uhm person.
Still using NoScript.
May 7th, 2009 at 3:56 pm
Such a behaviour must not be tolerated in my eyes. I vote for no more NoScript. I go first. Period.
May 7th, 2009 at 4:07 pm
Don't normally take this much interest but way too one-sided on the apology front. I end up installing FF several times a year and NoScript is and will remain the first Add On on my list. I'll even rate it this time.
May 7th, 2009 at 6:52 pm
I have uninstalled NoScript.
This is a case of greed, pure and simple, on Giorgio's part, by using underhand tactics for personal gain.
May 7th, 2009 at 10:17 pm
AdBlock has been removed from my systems, never to be installed again. NoScript will remain on my systems, all 140+ of them. NoScript will remain one of the recommended tools for the thousands of others I influence.
Why?
It's simple. Though your actions were improper, they were also excusable, particularly given your contrition and provocation.
However, the actions of the creator of AdBlock, and his given explanations thereof, strike me as being unworthy of my trust, or forgiveness. In fact, though is actions were also improper, and the impetus of the entire mini-war, he still has not accepted responsibility, nor admitted fault or wrong-doing.
May 8th, 2009 at 10:11 am
I've never installed Adblock because it's dumb to deprive sites which provide valuable content of a means to generate revenue. I can't understand the mentality of people who do this. Before broadband, ads were an issue and genuinely affected the performance of a browser but these days it makes so little difference that it makes no sense for people to actively undermine web resources that they use. How are these sites meant to survive if they don't have ads?
No script on the other hand adds real value to my browsing experience and is THE must install addon. I think the real issue here is that the adblock dev is jealous of the huge support noscript gets and the fact that in some ways noscript already does adblock's job.
Noscript will ALWAYS be installed first on my systems and I really appreciate the honesty in your apology
May 8th, 2009 at 11:48 am
You have really turned my opinion of you with this whole-hearted apology. Thank you for being so honest, everything's all right. I think we users shouldn't forget that you are spending a lot of your time on the development of a great extension like NoScript only to make it available to all of us for free! Thank you!
May 8th, 2009 at 9:19 pm
You have stolen my trust, like a big bad wolf stealing my little cherry. How will I ever dance again...blah-blah-blah. Give me a break, the ad-block turds were jacking with your revenue generation stream, you just got a little "nerd-mafia" on them. And they should be apologizing, for jeopardizing the ability of No-script to stay afloat. For every idiot that is removing No-Script, there is an aspiring script kiddie that smiling at the sally. Fuck em' all Giorgio, just keep up with those updates!
May 9th, 2009 at 12:08 am
Thank you for this very thoughtful post. As a long time No-Script user
it's good to see you have the guts to admit an error in judgment. It happens we are all human so let's move on. Get of the "greedy" BS and donate a few dollars to these people that bring us these great addons. You want it free yet you call the person devoting countless hours greedy? Come on get real, everyone deserves to eat donate something people.
May 9th, 2009 at 4:14 am
I've been a NoScript user for what seems like forever now, and have always appreciated the hardwork that went into it, and have been envious of the genius that is Giorgio.
(BTW - I don't use ABP - relying on NoScript for most purposes.)
However, I must say that I'm very disappointed by this development. Your contrition notwithstanding (and I'm convinced that it is heartfelt and genuine), it still feels awful to know that the software that I trusted so much has clay feet.
The really sad part for me personally, is that every time I see the familiar and comforting blue S with the stop sign, I'll feel a twinge of discomfort. I might ignore it, but it'll be there all the same.
I sincerely hope that you'll learn from this, and be able to put this all behind you. You are one talented individual, and I'm rooting for you.
Regds
Damodar
May 9th, 2009 at 7:53 am
I am not personally a NoScript user, but I am glad that you were willing to apologize and admit fault. I have seen too many that get defensive when confronted. We all get angry and we all make mistakes, but I want to personally thank you for choosing to apologize, fix things up, and move on.
May 9th, 2009 at 7:20 pm
Dear Giorgio,
thanks a lots for the explanations on this matter.
I highly appreciate your courage and honesty in taking full responability for your own actions.
Its very easy to make mistakes for everybody everyday, but its not easy and common at all to take publicly full responsability as you did for doing such a mistake.
Your actions after realizing the problematic matters speak for themselfs. Thats why I really still trust in your integrity and accept your apologies.
Keep up your good work for the community!
Sincerely yours,
andi blumer from Switzerland
May 9th, 2009 at 11:58 pm
I was linked to here from the Adblock page (which i followed from Ars Technica) and disgusted as I was I immediately uninstalled NoScript. I read this post afterwards and I have to say I'm glad you stood up for it.
Mistakes are easily made but a good apology is less common, well done. Thanks for your honesty.
Time to reinstall. :)
May 10th, 2009 at 12:06 am
I've stopped using your software and removed it from all of our machines across the national group. Glad you apologized finally but I'm sorry to say it's too little too late.
May 10th, 2009 at 3:30 am
#257, you are obviously a moron and if you are in charge of the security of a national group, god help them, because its ignorant fools like you dressed in know it all clothing that ruin the world. You can't buy security like this provided to you for free, so you want to be an idiot and take users who wrongly trust your judgment down with you, then do it but stop whining about it because personally I don't think he owed you (or anyone like you) anything.
May 10th, 2009 at 11:25 am
NoScript is an awesome addon and I appreciate all your efforts on it. I am still going to use it on all my machines. I understand why you did what you felt you had to do and although I feel like it never harmed me personally, I still think in the future you should remember to always take the high road when making decisions like this.
As a side note, I use both NoScript and Adblock Plus. I wanted to say that I have NEVER had an issue with NoScript. I cannot say the same for Adblock Plus. I still have problems pretty regularly with it and it seems from what I read around the web that I am not alone in this experience. Seems to me someone should spend more time troubleshooting issues and less time blocking one specific site's ad's.
Keep up the great work and keep your chin up. We forgive you. :)
May 10th, 2009 at 11:48 am
big deal.
not!
Wladimir Palant is a self righteous Life-Troll, trolling up and provoking trouble just to get his quivering adrenaline junkie high.
There's too many like him already.
He is now blacklisted and will be Justice Blocked to this to this time era.
May 10th, 2009 at 12:38 pm
I can't believe some of the reactions here. You screwed up big time, yes, but let's recuperate:
You are the only person in the WORLD who has written the singlemost useful browsing security tool. When I first heard about this situation, my first reaction was to uninstall. My second reaction was "then what?" I could for the life of me not think of any other plugin providing the same functionality.
At the end of the day, you owe no one anything. You just wrote a great piece of software that you made available for free. Someone called you unprofessional. I couldn't agree more, because anyone with a professional attitude would make this commercial software, and not freeware.
So here I am, using your software for free and being more secure because of it. Thank you thank you thank you.
Anyone who suggests forking NoScript to "punish" you, should at least have the decency to start from scratch and not use the code that you worked so hard on for a long time. If they hate you so much, why use your code anyway? Because they're too dumb to come up with anything decent themselves?
Sure, this whole blip has had concequences, all of them good ones IMO:
-ABP is now exposed for conciously not fixing an exploit, which makes it less reliable than IE IMO
-The process of accepting addons is reviewed to prevent this kind of thing in the future
-People are more wary of plugins and don't trust them blindly anymore
-There is less chance of at some point you being bribed by the bad guys to not block them, as your code will be under more scrutiny now. Again a good thing, this may help find bugs sooner as well.
Anyone who uninstalls NoScript out of principle, will expose himself to other threats because of it. Good thinking people.
If I would uninstall Noscript, I would probably switch to IE. Kudos Giorgio!
May 10th, 2009 at 1:35 pm
Well, it's a good thing you realized that you made a mistake. However it doesn't change the fact that I am uninstalling NoScript for good, after years of using it. When a plugin starts modyfying installations and settings on my system in that way without my explicit permission, it's begun a travel into rogue software territory as far as I'm concerned. And once you dabble with that path (even just a little), there's not really any chance of coming back to being respectable software. Sorry :-/
May 10th, 2009 at 9:07 pm
How do I disable the noscript hi-jack/redirect to the whats new site after updating? I dont like that behaviour. Colorfultabs used to do it to and I uninstalled that spammer right away.
May 10th, 2009 at 9:17 pm
@Somebody #263, if you bothered to actually read the "what's new" page, you would have found a link to this FAQ.
Giorgio, please don't give up developing this wonderful tool.
NoScript FTW!!!
May 10th, 2009 at 11:06 pm
@ the people who argue that ABP was just doing its work in blocking ads, and had the responsibility to their users to do this with any means:
Instead of fixing a well-known exploit they rather block complete web sites who use the exploit. To me, that is either incompetence or laziness. Probably both.
To block a web site of a security plugin could be considered criminal IMO.
May 11th, 2009 at 9:19 am
Thanks for the explanation. Good to see that people can be honest.
In fact, I'm sufficiently impressed that I'm going to stop procrastinating and finally make a donation to NoScript when I get paid next week (since I've been using NoScript for the past year or so).
Thanks again, both for the apology and for the excellent software. Keep up the good work!
May 11th, 2009 at 2:22 pm
@Giorgio,
Being a user of Noscript, I am really satisfied with it and it has saved my OS several times.
Being a coder myself I know that problems can be solved in many ways.
Good of you to take the blame, you choose a solution that did not have everyone´s best interest in mind.
Alas, this whole issue should have been addressed by both you and ABP as adults, but it hasn´t. Until now.
Let´s bury the incident.
As for the haters among here:
Go develop your own extension if you're so paranoid. There must be brilliant coders there, having developed all their security extensions themselves instead of relying on the hard, free work of others.
I know none.
I just hope they won't be hit by a botnet infection.
Keep up the good work, and don't be so stupid ever again..
Cheerio
May 11th, 2009 at 3:14 pm
[...] Some may want to read the official statements on this conflict that were written by the authors of these extensions. ABP creator Wladimir Palant’s comments about this issue can be found in this blog post. Maone’s response can be read here. [...]
May 11th, 2009 at 5:08 pm
[...] plugins (like most software) don’t make that much on a per user basis from donations. Here’s the story of the writer of a noscript plugin “confessing all”, only to be followed up with more [...]
May 11th, 2009 at 5:19 pm
[...] words and code took place. In the end, however, it had a (generally) happy ending with NoScript backing down and apologizing. Regardless, Mr. Dzuiba doesn’t like the way things played out: The real cause of this [...]
May 12th, 2009 at 5:46 am
I just want to add my name to the list of people who disapprove 100% with what you did. But I am quite pleased with how you handled the aftermath of your actions. I don't think you should be angry towards Ad-Block, they were doing their job.
May 12th, 2009 at 8:41 am
[...] a heart-felt apology posted Monday, Giorgio Maone admitted that he added a small piece of code that worked around the EasyList filter [...]
May 12th, 2009 at 5:07 pm
Hey Giorgio,
Thanks for regaining your sanity, and thanks for doing it so publicly. I'm glad I don't have to go and tell all my customers to ditch NoScript. For God's sake don't make it a dead project. It's a beautiful thing.
For what it's worth: whether or not my browser uses ABP to block ads on your sites or any others makes no difference at all to my click-through rate, which was always going to be zero whether I can see the ads or not. I'm sure the majority of ABP users feel the same way - we install ABP because advertising is *useless* to us, and it's that *attitude* that makes us useless to advertisers rather than any technical countermeasures we happen to be employing. So any hit to your revenue stream resulting from a change in the way ABP or its filter lists treat your sites can only be a blip - I can't see it having any real effect on your actual click-through rate, which ultimately is going to determine how much your advertisers are willing to pay you per ad served.
Also for what it's worth, I have personally slung dollars in your direction and encouraged my own customers to do likewise.
May 12th, 2009 at 6:08 pm
I am just clearing some points on the issue btw NoScrpit, ABlockPlus and EasyList.
They are all Open Source, developed and maintained by dedicated and knowledgeable developers that needs to put food on the table. We as users benefit from their long working nights for granted without putting much attention to the time, effort or knowledge required to make such a soft. In short we reap the benefit without any considerations.
We as users should help the development of those dedicated soft using many methods (Ads, Help, publish etc...).
As a user of the 3 previously stated soft, I believe in your goodwill and dedication and I trust you all to keep up the good work for the community.
I already whitelisted your Domains Giorgio.
Please Support them and others by donating/click Ads etc...
This hiccup won't alter my trust in any of my beloved extensions
May 12th, 2009 at 8:12 pm
Ok The best way to fix this whole delima, and what I would do actually, since the ads run from a script why not use noscript to block ads as well, then no one would even need to use ABP.
May 13th, 2009 at 1:30 am
Hi
All of you doing good(I hope) things for the community (add-on , Noscript)
Someone here said :"people are (i-net)-paranoia". I agree, I'm one of them :-) stories like these do not help to get rid of that feeling. I respect people like Giorgio (if that would be the case). And what is wrong in being greedy and doing something good for a community. Most of them are just greedy
As a open source comm. we have to stick together, solve problems in a different way.We al know that if you turn on your TV enough samples are shown how its not to be done.
I wish you (Add-on, Noscript) the best of wisdom to solve this.
May 13th, 2009 at 1:33 am
"I respect people like Giorgio (if that would be the case). And what is wrong in being greedy and doing something good for a community. Most of them are just greedy"
should be:
I respect people like Giorgio . And what is wrong in being greedy and doing something good for a community.(if that would be the case) Most of them are just greedy
May 13th, 2009 at 3:04 am
I'm sure I'm not alone in saying to not let the 'bastards' get you down. I've been in similar shoes -- where under the 'irrational grip' of emotional-needs to 'react' to perceived "attacks" (Vlad adding special filters for your domains would feel personal to most).
I don't think anyone should think less of no-script NOR adblock-plus for what's basically a hissy-fit between developers that got a bit too much light shined on the 'fit'. It's very much a a big tempest over something that affects the average user, "zero" .. and really boils down to some personal grudge-drudge for reasons 'unknown'. Perhaps Vlad thought he was on some moral high ground for putting in deliberate attacks (filters) for a fellow-mozilla-community developer's websites, but I find his deliberate adding of special cases to sabotage the creator/maintainer of what has become a VERY crucial and very successful extension to be both childish and heinous.
If I remember, there is already the option to NOT be taken to the Noscript-update page after an install -- if one wishes to turn off being taken to the website for a list of changes, (just like FF does after every update -- and AFAIK, it isn't as easily toggled off as is documented for NoScript).
(Not that I choose to toggle off noscript NOR Firefox if that was available, but the option is there -- and if that isn't good enough for 'Vlad', it seems he has some personal issue or bone too pick. Dunno. Like I said -- maybe he thought he was operating from moral high ground, but I don't see anything in your(author of NoScripts) actions that wasn't both understandable and reasonable, even if it might not have been the 'wisest' and 'best considered' actions one might have taken had one not been _*human*_ (and had emotional reactions to the direct targeting).
So don't stress -- and certainly don't let it affect your family life. In 10 years, will anyone even remember? In 100 years, will there even be anyone to remember? :-)
May 13th, 2009 at 5:54 am
I came here to read this thinking you were a douchebag.
Well, you've been a douchebag, but I accept your apology.
May 13th, 2009 at 12:40 pm
Naah, that was just a little step at the dark side.
Now u're with us again. U know, me, Yoda, Ben... ;)
Good luck and may the Force be with u! ;)
May 14th, 2009 at 1:09 am
As a NoScript user, I appreciate that you're apologizing and I accept your apology, but please don't attempt to whitewash this. It's all well and good that writing readable code isn't your strong suit, but surely you don't encode your strings in hexadecimal by default? This is obfuscation; you're attempting to make it harder for people to skim or grep through your code and see what it's doing. It's what spyware authors do, it's what the people who write the suspect Javascript I use your extension to block do, it's what you did.
Here's the deal: I won't block your ads if they do not annoy me. You will NOT mess with my ad-blocking configuration. If I choose to subscribe to an automatic ad-blocking list (I don't, but I set up those for my family), that is part of my configuration and it is NOT to be touched.
I'm willing to forgive this once, but if you do it again I will uninstall your extension for good -- and probably switch browsers, since extensions like yours are the only things keeping me on Firefox.
May 14th, 2009 at 4:59 pm
I use NoScript and ABP, but mostly rely on NoScript, because it doesn't just block ads, it blocks everything and gives control of my browsing back to me.
At least it did. Then you went along and did something like this. I would have probably allowed ads to appear on your sites if properly asked, but I didn't see any message (despite this apparently being added in version v 1.9.2.5).
So you've squandered a lot of trust built up around this (admittedly) excellent plugin. Which is a shame, because if this dispute damaged the take-up of NoScript use, it will make a lot of people less safe.
Which is why I'll still use the extension. It's the best (the most usable) security extension around for Firefox, which means I'm not going to uninstall it because of this issue. I just don't think the web is safe enough to do that - and I do get some sort of satisfaction from blocking Google Analytics.
So keep up the good work - but don't try anything like this again, otherwise you may find your plugin loses its userbase entirely.
May 14th, 2009 at 8:29 pm
In the nicest possible way: What a ruddy plonker! Man alive, I bet you wish you could turn back the clock now, eh? And, you'll remember this mind-bending pain, because it will haunt you and NoScript for a long time to come...
...but on the bright side, you are pretty eloquent, you've come clean, and 'second chances' advocates will let this go, and besides that, NoScript is pretty unique and considered indispensable for a lot of people, for obvious reasons. So I suspect that you'll be forgiven for your crimes pretty readily, although the trust still needs repairing.
I can see both sides here (as most people should be able to), and to be honest, I wouldn't torture yourself too much: Wladimir isn't exactly squeaky clean either. You were bound to be on the wrong side of the fence doing what you did, but I can perfectly understand your anger at having your revenue stream hammered, deliberately...not that your actions are justifiable, as you say, just explainable.
I do hope you continue to develop NoScript, I'm a supporter of your efforts, Wladimir's too, so good luck to you, and I hope you can find another way to fund NoScript Development in the long term, because that would solve this problem once and for all.
Good luck to you, and a quick recovery.
POC
May 15th, 2009 at 4:27 am
@ #264 ... yeah right, I toggled the noscript.firstRunRedirection option on 4 computers, but NoScript on all of those computers stopped updating, staying at 1.9.6.
FAQ 2.5 *HAS BEEN CHANGED*. It used to say (as per Google Cache dated 8 May 2009) "If you're a power user and you feel you don't need such heads up, you can disable this feature by opening about:config (just like it was a normal web address) and toggling off the noscript.firstRunRedirection preference." Now it says "If you feel you don't need such heads up, you can disable this feature by opening FlashGot Options|Advanced and unchecking "Display the release notes on update".
Why the hell should I have to install FlashGot to disable the first run redirection, and why did NoScript stop updating when I disabled the first run redirection?
Author's note:
that was a typo. FAQ 2.5 currently says
May 15th, 2009 at 10:48 am
1st of all, let me say your addon is the best to safely surf the web & I recommended it to all my friends & will continue to do so.
This incident, if anything, only makes me prefer NoScript over AdBlock Plus even more, because mistakes were made on both sides, but the difference is, you owned up to yours & apologized, while Wladimir's agenda seemed to me to provoke you into making the very mistake you made, so he could then exploit it, to eliminate NoScript support.
To me it's obvious, this was premeditated on AdBlocks part.
Some ppl will go to any lengths to eliminate the competition.
I've also always agreed with your viewpoint, that it should be the user's choice, wich ads are allowed & wich aren't.
Don't lose anymore sleep over it.
You're doing a great job & I (& A LOT of other ppl) really appreciate this.
Confed
May 16th, 2009 at 6:02 am
Giorgio Maone se disculpa por lo sucedido con Ad Block Plus
Después de haber lanzado una versión de NoScript que agregaba sus sitios web a la lista blanca de Ad Block Plus sin concentimiento del usuario, Giorgio Maone pidió disculpas a los usuarios y la gente de AMO. Relacionada: chuenga.net/story/mozilla-ev...
May 16th, 2009 at 12:44 pm
Thank you for your apology. I do appreciate it. I do not appreciate hacking my computer without letting me know. Applying settings and allowing sites without my permission, without informing me, on what is supposed to be a security add-on borders on the criminal.
Your apology is appreciated, but I believe one a criminal, always a criminal. This time, you were caught, next time, you will hide it better.
I remove all traces of this malicious add-on.
Better luck with other suckers.
May 16th, 2009 at 7:38 pm
If only everyone who make a mistake would be so open to admit it.
I hope you will find some rest in the coming days.
May 20th, 2009 at 8:17 am
If you hadn't of been found out I doubt we would of seen such a blog post. Apology accepted. Your actions were not. As such I have stopped using noScript.
May 20th, 2009 at 2:32 pm
Apolgies accepted.
Noscript was and still is an essential extention.
I think many of the "haters" will start silently using it again.
Like most things people take for granted, onces it's gone one discovers the real value!
Keep up the good work!
May 21st, 2009 at 10:44 am
Consider this; thousands of website owners who use ads and scripts to obtain revenue are just as angry as you are/were, because both NS and ABP are hurting them financially. To this I say "tough" -- just because someone makes a living that way does not change the fact that this is my computer and I get to decide what is displayed on the screen. The only difference between the owners of those other websites and you is that you are in a position to do something about it -- or rather you *were* in a position to do something about it until you got caught and it became clear that AMO will not allow such behavior. I have the same advice for you that I have for all the websites who are losing revenue because of NS and ABP. Figure out a better business model. For example, there are hundreds of Firefox addons that somehow manage to fund their development without forcing users to an add-filled page every week or so. As far as I can tell, you are the only one doing that. Figure out how they manage to get by without doing such things and imitate them, because the day will come when such behavior by an addon creator is no longer allowed by the Mozilla community.
May 22nd, 2009 at 3:48 am
Huh.
I had actually uninstalled NS because of the initial reports. I read this page and decided to put myself into the author's shoes. I wouldn't be surprised if I had made a similar mistake.
I don't think it'll happen again, and with that, I'm reinstalling NS.
May 24th, 2009 at 11:17 pm
bud, it's all over now. please keep developing noscript, we really do need you out here. when i get some money ahead, i will donate.
god bless you and your family, thanks for the work you do and share with us.
May 26th, 2009 at 4:07 am
i love NoScript, but i wonder why you dont have version rules like 1.9.2.10 or 1.9.2.11 instead of x.x.x.90 or x.x.x.91 .This doesnt make sense to me.
May 26th, 2009 at 6:37 am
As both a Noscript and Adblock Plus user I am glad you came clean. I can see where you are coming from though, you still need to get revenue from somewhere. Something I have seen more recently is people putting a banner up the top or in place of the non-loading ads that simply says please support my site and unblock its ads, this way user choice is returned to the user.
June 4th, 2009 at 1:22 am
Use both and gotta say that you're a better person than many in the sense that you even bothered writing this up, let alone writing up such a detailed and sincere apology, I always liked your work and hope that only the best comes back from the community to you again.
June 4th, 2009 at 5:28 am
youre the best
fuck all those other dudes
keep writing my fucking noscript and it wont be any different
yep
June 4th, 2009 at 6:26 pm
I've always preferred no-script to ad-block, ad-block makes hundreds of links to the ad's it's supposedly blocked in the about:config page. Ad-Block f***ing sucks, no-script f***ing rock's.. end of line.
June 5th, 2009 at 11:51 am
trust lost, trust regained
cheers
June 5th, 2009 at 6:36 pm
Personally, this seems like an argument that escalated from a general dislike, Easy list was doing what it was supposed to and blocking ads, but went too far in blocking your AJAX capability and download links, the same with you using a bug was okay, until started to continue to work round it
June 5th, 2009 at 10:06 pm
People can frame this as they see fit, but ultimately some truths remain.
1. You exploited a vulnerability in another extension.
This is a travesty. Don't know why? Replace "another extension" with "an operating system". To put this in perspective, this is actually *illegal* in the US and older EU states. Consider someone motivated by the prospect of financial gain - they may be using this to enjoy life, or to feed a family. Either way, it's a dishonest living. The means, as we've seen, is the vulnerability in someone else's software. The opportunity was in tricking users into executing this code by concealing it in something desirable. Rarely do criminals escape punishment by pleading "noble ends".
2. It is questionable whether the vulnerability was actually a bug.
Some statements by Wladimir suggest that the "bug" was deliberately not fixed in order for extensions to be able to install additional (blacklist) filters in order for them to "co-operate". It remains open whether or not this is a useful "feature", but it stands nonetheless.
3. EasyList did what it was designed to do.
Describing it as a "targeted attack" is hardly fair, and bordering on the libellous. For good reason, AdBlock Plus gives whitelist entries precedence over others. A whitelist entry indicates that someone wants to make an exception to the rules. This is one of the reasons why the well-used Filterset.G fell out of favour - it whitelisted all stylesheets, and resulted in some clever advertisements being unblockable. A significant number of people have objections to Google ads that are valid and well-founded. Presumably your entire site was blocked as a specific filter would be useless. Your conduct leading up to this makes it clear that you would attempt to change filenames, etc. to avoid it, therefore common sense would dictate that in the face of such interference the only option would be to take the matter out of your control.
4. Your ads were revenue-generating.
Some people have moral objections to other people making money off the back of their own actions (they argue that if you can make money off their actions you owe them a cut). Some object to the idea of actively seeking to make money from voluntary effort (they argue that a donation is not a donation if something is expected in return).
Nobody is going to suggest you're not entitled to feed your family. Nobody is going to suggest that you can't take advantage of good fortune in a hobby endeavour. What some will object to is being used effectively as a source of income against their will. Many will suggest that you find a more willing source of funding. Out here in the real world, we have this concept of "employment", wherein you do things for someone and they pay you. I imagine you might find this concept revolutionary, but many people (including myself) make a good living from it, and find plenty of time to devote to other things.
In short, while you've been decent enough to admit it, you acted like a dick (and potentially broke the law), and the so-called "war" purely amounts to a reasonable response to said escalating dickishness.
June 5th, 2009 at 10:57 pm
x, thank you very much for sharing your "truths", but you're the dick here:
1 & 2:
Adblock Plus suffered of a bug which Mr. Palant was too careless to fix or work around:
https://bugzilla.mozilla.org/show_bug.cgi?id=431782
The bug has been publicly known for a long time, and NoScript was not affected because, as a security extension, it couldn't afford any kind of bypass.
If you look carefully at that bug report, you'll see that Giorgio himself suggested Wladimir Palant a way to "fix" it more than one year ago (comment 5, https://bugzilla.mozilla.org/show_bug.cgi?id=431782#c5 ) but Mr. Palant has been apparently too lazy until now.
So stop with this idiotic rethoric: Adblock Plus was publicly buggy, and the fact it was unable to stop ads on NoScript sites was Wladimir's fault.
3:
EasyList was not doing what was designed to do when it prevented me from installing NoScript. Breaking the NoScript site to the point it was unusable it broke my browser as well, period.
I may say it launched a DOS attack on my ability of installing NoScript. This is illegal in the US and older EU states, and even prevented me from following US CERT's recommendations about safe browsing.
4:
Giorgio's ads were revenue generating. And so what? Do you mean he wasn't working hard enough at providing and keeping up-to-date for free a tool which is consider essential for safe web browsing by all the web security experts and recommended by the US CERT?
Go back to your "employment" and shut the fuck up, please.
June 7th, 2009 at 4:59 pm
"Adblock Plus suffered of a bug which Mr. Palant was too careless to fix or work around:"
From the bug report: "Product: Core" That generally means a bug in the browser itself, not the addon. That's not entirely the fault of AdBlock Plus. If you even read the summary, you'll see Giorgio agreeing with Wladimir's assessment of the situation. You're effectively suggesting that bugs are fair game. They're not. As "x" correctly points out, it's illegal, certainly in the US and UK at least. By your logic, the 3000 people killed on 9/11 were fair game, since those guys were able to get on the plane, and those towers were pretty tall. That's like an attack just waiting to happen, right?
There are varying accounts of what was happening, and lots of opinions on both sides, but the underlying facts are that Giorgio was exploiting a browser bug for personal gain.
"EasyList was not doing what was designed to do when it prevented me from installing NoScript."
You've missed the point that was being made. EasyList was designed to help people block ads. Giorgio was employing tactics that would generally be regarded as foul to work around it to ensure his ads were displayed. If this was being done on the site by using something called "foo.js", they could block that, and usually that is that. On the other hand, if someone discovers this and renames it to "bar.js", you can change the filter. If the very next day, they change it to "baz.js", then you've got a problem. It appears Giorgio was doing something similar, actively trying to by-pass the EasyList filters, thus they did what they would do with anyone else that tried the same trick - block everything. They could have perhaps whitelisted the script that is responsible for the download link, though Giorgio could then have moved the adblock-dodging code to there, and the problem returns. All of which leaves the question of why the AJAX was necessary, when a straightforward plain-HTML link would have done the job.
"I may say it launched a DOS attack on my ability of installing NoScript."
Have you considered a career in comedy?
"Do you mean he wasn’t working hard enough at providing and keeping up-to-date for free a tool which is consider essential for safe web browsing by all the web security experts and recommended by the US CERT?"
This is a red herring. If he wants to maintain the tool for free, then he does so for free. Sticking ads on the page to raise cash makes it no longer "for free", since he's then making money from it. Granted, "for free" doesn't pay the bills, but it's not supposed to. I've seen people in the voluntary sector that have done it for over 30 years. In that time, they've noticed that those who do the best in and gain the most from voluntary work are those that realise from the outset that it's not going to pay the bills.
Giorgio's behaviour wasn't that of someone who was making a little extra on the side as a result of voluntary effort. His actions were those of a business that felt that a revenue stream was threatened. While there may have been noble intentions, it's difficult to see how deliberately interfering with someone else's software can be seen as acting in good faith, and quite frankly I wish the apologists would stop trying to justify it.
Let's remind ourselves of the facts:
1. Giorgio exploited a browser bug. When his effort was stymied, he worked around it. The evidence shows that this was deliberate.
2. The greater good was not involved. The only factor at hand was Giorgio's own finances.
3. As the author of NoScript, Giorgio had something of a privileged position in the community.
I agree "x"'s tone on employment was a bit faceitious, I suspect it is also misguided. Companies like to hire developers associated with well-known products, it makes for a great reference. However, if I had Giorgio's CV on my desk, I wouldn't hire him. My thoughts would be "Gee, that was nasty, I wouldn't want him doing that to our customers. I've only got his word that he won't try this again."
I don't wish any ill on Giorgio, but I do think too many people have let him off far too lightly with this, and he will be very lucky if this doesn't come back to haunt him in future. His business will suffer (there's no justice if it doesn't) - I just hope that he won't be silly enough to blame anyone other than himself for it.
June 9th, 2009 at 6:32 pm
Bob, I can't believe you managed to put all that bullshit all together.
If you even could read, you'd see that:
1. Mozilla developers said "it's too risky to fix, and not worth the risk because it's not a security issue for the vanilla browser"
2. Wladimir said "yeah, too risky to fix in the browser and I don't care to fix it in Adblock Plus either because we're talking about ad blocking, no security sensitive stuff, and final users can block the evading ads anyway."
3. Giorgio said "I concur, that's too risky to fix in the browser, but there's no reason not to fix it in the add-ons which rely on the buggy browser code." Giorgio responsibly "fixed" it in NoScript because it's a security tool, and Wladimir could do the same, if he cared enough to.
Wladimir preferred not to fix Adblock Plus. Yes, I'm suggesting bugs like that are fair game because Wladimir himself decided it was not worth to fix, and because it did not cause any damage to end users who could still block any ad either in Adblock Plus or NoScript.
Have you considered a career in comedy?
So you're comparing mass murdering with working around an adblocking subscription whose maintainer was acting like a prick... Yeah, it works for me. Did Giorgio rape your children too, BTW?
Did you read the post and the forums links?
Do you realize the NoScript install links were just plain-HTML links, which were killed by brain-damaged element hiding rules like
?
Wladimir Palant's and the Easylist gang's actions were just as evil and/or childish as Giorgio's, but Giorgio at least had the decency and the balls to recognize his faults and apologize.
I'm confident he will never do anything like that again (I couldn't say the same about the Adblock Plus guys), and that's a real blessing because the web is too much a dangerous place without NoScript.
June 13th, 2009 at 4:09 am
NoScript = Bad sofware!
After installing, it raped my dog and infected her with metamorphic-trojans.
Btw: Removing filtersets may cost 10 percent from your income (adds).
1000 hits = 1 US$ , 2 updates/month with ~25.000.000 users (not blocked) -> 50.000 US$/month. (yearly 600.000$...)
Giorgio's mistake -> not paying 5.000$/month and choosing a no cost option.
---------------------
Money rules the World(Wide Web)!
╔═════════════════════════════════════════════════════════════════╦
╠ Fictional story
╠
╠ Mobster: "You have to pay 10k every month for our service."
╠ Armani: "I'm working for this money and will not pay the mafia"
╠ Mobstre: "Sir, he will not pay."
╠ Godfather: "Go and destroy his virtual store!"
╠ Boom, Bang, Drama
╠ Armani: "Dang! Ok, i will pay."
╠ Mobster: "Fine."
╚═════════════════════════════════════════════════════════════════╩
June 18th, 2009 at 12:08 am
The two extensions I find primary and indispensable in FF are Adblock plus and NoScript. Together they make FF ... far superior to IE. I feel this may be true for many people, judging that these two extensions are both near the top in popularity and downloads. Try not to get upset at one another, for the future of FF.
June 20th, 2009 at 7:06 am
I am glad you came out clean. Apology accepted. We all do stupid things at times and we must learn from our mistakes and move on.
June 24th, 2009 at 6:27 pm
[...] NoScript’s author reply on the matter. Posted in Discussion, News Tags: [...]
June 25th, 2009 at 12:46 pm
Don't be discouraged, we love you anyway!
You know... this kind of things append and you resolved it in the most beautiful way.
Keep up the good work. ;-)
July 2nd, 2009 at 10:31 pm
Anyone suggesting the apology is not sincere is just being silly. Try writing a "sincere, heart-felt apology" yourself! "Ooo, I say you didn't convince me, neiner neiner." Dolts.
Does it really matter why he apologized? That is, motivated out of "OMG my cash flow plummeted" or "OMG I just fubared trust!" Actions speak much louder than words and for that we have two things to go by:
1. He did something bad
2. He "un-did" it
This, by the way, is not the first time. When I first installed noscript I thought it was great and excellent. Except that he whitelisted his own sites and googlesyndication. And did so in a way that they could not be un-whitelisted. You *do* realize that his code is not compiled? I just went in and undid that. Eventually, he saw the error of his ways and removed the forced whitelisting and offered an "apology" -- basically that if you didn't allow the scripts it would negatively impact his ad-based income.
Sorry, he's not entitled to that. If I *want* to donate I can, but don't *have* to. Ad-based income is *not* an entitlement.
Is noscript a good, useful extension. Sure, in fact I'd say it is essential -- as long as you can trust the author to not fuck with things.
At which point I'd like to point out that he has tried twice to secure his ad revenue and would appear to be quite bribable. To which I'd rebut, "who isn't?"
Let's put it another way: he has taken significant time to write and support this script. You can use it for free. Or not. Your choice. Don't bother with high-and-mighty truisms like "trust is earned." Really? How many people are viewing this page by a computer running Windows. Do you trust Microsoft? Really? After their history of doing far worse things than Giorgio?
whatever
July 5th, 2009 at 1:05 pm
[...] Articolul cu scuzele prezentate de Malone este aici. [...]
July 14th, 2009 at 8:05 am
How to I get adblock to start working again ? I only have partial use and can't add new items to be blocked.
July 25th, 2009 at 4:52 pm
The whole tone of this "apology" makes me think this is not an apology at all, rather, it's an attack against that vladimir guy and you only (at least apparently) feel sorry you got caught.
Power brings corruption. Your addon's fame is skyrocketing and this success got on the top of your head and made you think that we are stupid.
I have tried in the past reporting to you the excess of updates this addon has , and all I found was replies on the lines of "door this way --->" , but finally all makes sense.
Good luck and enjoy the money you will get when you sell noscript to norton or whatever other bigger fish out there when the time comes.
July 27th, 2009 at 2:59 am
noscript is pointless, you can block js and other content per site using hostperm which is understood universally by all gecko browsers. there's a much better non-hyped extension to do that through a gui called policy manager which creates security zones with your black and whitelists..easily configurable ui and without hacking in your browser functions. it simply leaves all power to the user and the developer of that extension can be trusted and not 'in the business' for ad revenues and without a hidden hacking agenda like mr. maone. the policy manager extension supports all versions of firefox and other gecko-based browsers. you can download it from there:
http://piro.sakura.ne.jp/xul/_policymanager.html.en
July 27th, 2009 at 10:41 am
marc..it's funny how you think those so frequent (almost weekly) updates are for your benefit or the benefit of the users. the updates are just to make you go to the noscript's page.. right maone? you know exactly what i'm talking about..
July 28th, 2009 at 5:31 pm
now if only some former presidents of the usa had the courage to confess their mistakes....
August 2nd, 2009 at 4:38 am
yes it was very bad that you did,
the power of Mozilla is transparency and openness which builds up trust among the users . we accept your apologies now but all we know that there will not be a 2nd time , keep doing good job and then all we are with you .
August 5th, 2009 at 4:36 pm
The fact that you acknowledge your wrongs and corrected them, is admirable. Ofcourse, you made mistakes, but that doesn't mean you're doomed.
Keep up the good work, and {Thumbs Up}.
August 12th, 2009 at 8:51 pm
I would just like to say that I use both AdblockPlus and NoScript in Firefox. I personally believe that at the most fundamental level, the Internet is one of the most revolutionary and monolithic forces of the 21st century. All rhetoric and clichés aside I can honestly say that at least 50% of what I know now has been acquired from the Internet. Sure, some of the stuff I might be better off not knowing, ie. 2 girls 1 cup, Furgie's new music video, and why some slacked-jaw yokel in Texas thinks president (I'm Canadian, we don't capitalize "president") Barak Obama is related to Osama bin Laden. I have learned how to write C++, JavaScript, HTML etc. I can take apart my car and put it back together again. I can play the new (and incredibly complicated) Dillinger Escape Plan song on guitar. I can grill a killer chipotle steak. I know that the capitol of Malta is Valletta. All of these things (and much more) make up who I am, my view of the world, my thought process, my convictions, my strengths, and my short comings. The examples above (and much more) are skills that I have learned 100% from the Internet. If there was no such thing as "the Internet", I would not be privy to the above (and much more) information, and as such would be a very different person today. That being said, most of my skills and knowledge that I deem to be most important to me, was learned from the Internet for free (excluding my monthly Internet carrier fee.) Most of the tutorials, videos, and blogs that contain this knowledge are hosted on websites that are run by individuals and groups that do this as a hobby, not a source of income. The reality is that these services cost money. Money that those individuals who provide and maintain these websites do not have. The bulk of the money used to operate these websites is generated from donations from users and ads.
Now, that aside, as mentioned in the first sentence I use AdBlockPlus and NoScript in Firefox. This is because the majority of sites I visit are overzealous with there ads. I am not talking about decent sites that are just trying to get by. I am talking about sites that spam your ass with pop-up windows, banner ads, flash ads etc. There are legitimate cases in which websites that you frequent and support do display ads that are tasteful, relevant to the content of the webpage, and safe (ie no malicious code, downloads, and tracking). These legitimate ads allow for legitimate websites to off-set the cost of maintaining the website. And thus allow them to provide you with the content and services that you love for free. Everyone can probably agree with this. Then there is the “Ad Nazi’s” that will spam your ass (yes, I like saying that) with every type of ad imaginable to man (and women), irregardless of there relevance, annoyance, and detriment to the user. These companies DO NOT GIVE A SHIT ABOUT ANYTHING EXCEPT MONEY (excluding the ones that want your money, and your personal information (in the end just to sell and make more money)). This was one of the many driving forces behind the free and open-source movement (and its inherent popularity (and opposition from those that do not gain from it, ie big conglomerates like Microsoft and Intel)). This is one of the reasons why I use Firefox with add-ons like AdblockPlus and NoScript.
I believe that my mentality and the mentality of the majority of the Internet web surfers (Geeks and Casual Users alike), is that this is “THE Internet”, NOT “YOUR Internet” (ie. Microsoft, Intel, Cisco, etc.) Utilizing tools like AdblockPlus and NoScript allow us to view what we want to view. Simply put making it “OUR Internet” (not as an individual, but as a community.) Now, sitting in front of my computer, I have two classifications for People/Webmasters/Companies/Groups/Organizations alike. There are Friends and then there are Douche bags. Friends are just that; friends. They are there to help, contribute to the overall wellbeing and environment of the Internet, as a whole (the Internet Community) and on an individual level (the Internet’s individual user (for example me, and all the great things that I have learned on the Internet that make me who I am.)) Then there are the Douche Bags {duh, duh, duh}. Who are here to make money by exploiting this awesome technology and the people that use it. There occasionally is a grey area in-between, which sometimes it is hard to decide if someone is a Friend or Douche Bag.
Now, I realize that this is a really long and convoluted rant but there is a very specific point to all the above and following sentences. So try to bear with me.
One of my most prominent convictions is: “Intent”. I will illustrate this point with the following scenario: while playing soccer someone swings there leg in an attempt to kick the soccer ball in the general direction of the opposing team’s net. Whilst doing so, the player “inadvertently” kicks me in the balls, causing me to fall to the ground, assume to fetal position, and whimper like a little girl. After which I get to my feet and __________________ (that’s a fill in the blank).
Choice 1: Beat the shit out of him.
Choice 2: Let it go and continue playing.
Choice 3: Give him a warning and tell him if it happens again I will beat the shit out of him.
Although Choice 1 would be the easiest (and most satisfying), as a civilized (in my opinion) human being, my reaction would be 100% based upon his “intent” (or, more accurately, my interpretation of it.) What was his intent? Possible Intent:
Intent 1: Belligerence: Intentionally kicked me in the balls with the intent to hurt me and cause me damage.
Intent 2: Innocence: Shit happens. He did not do it on purpose, is genuinely sorry for doing it, and will make sure it does not happen again.
Intent 3: Feigned Innocence: Did it with the intent to hurt me and cause me damage, however, when he realized there would be consequences (me beating him up) he apologized and said it was an accident. But was not really sorry and only did it to avoid the consequences of his actions.
I believe that illustrates my point of “intent” quite well.
Now, how does all this arbitrary, unstructured rambling fit together? Quite simply put “what is/was Giorgio’s original intent?”. Simple, yet profound. NoScript is a great tool that can be utilized by an advanced computer user, effectively greatly improving their web surfing experience and security with custom rules; all the way to your average person that can surf the web, but has no knowledge of what is going on behind the scene, yet using NoScript for free to cut down on ads, tracking, and malicious code, which improves there overall Internet experience. Now, what is NoScript doing there in the first place? Where did it come from? Who designed it? Why did they design it? What did they hope to gain from sharing their product with others? What is the “owner” of NoScript receiving in return to justify the time spent making the product, updating the product, and distributing the product?
All these questions are important, yet futile. This is because 1) I highly doubt Giorgio will send me a personal e-mail explaining all the answers to the above questions to me 2) Even if he did, why would I believe him? That being said, I trust Mozilla and the Mozilla Foundation more than any other entity on the Internet that I will never physically see and interact with in such a way that I can use my 23 years of experience on this Earth to make an informed decision about there motives, intent, and end goals. I trust them because I have been using there services (for free) for years and I whole heartily agree with most of there views, opinions, and actions. Which is why I trust them to certify add-on and extensions as safe. Not just safe as in “spyware free” but also in the sense of no hidden agenda; stable; and in general, no bullshit (by that I mean Microsoft type bullshit.)
I believe that as a person sometimes the most important thing you can do is fuck up. By fucking up a particular situation you will learn lessons that will otherwise have not been learned (that can be applied to any aspect of life), and you gain a new perspective that you would not have other seen. And you learn to appreciate things that you previously took for granted.
In my opinion there is nothing wrong with releasing NoScript to the public through the Mozilla Add-on Site (providing it fits into their criteria and philosophies), and displaying banner ads on your site to pay for the cost of maintaining the site and developing the product. I don’t think anyone here will disagree with that. What question interests me is Giorgio’s intent. Was NoScript released to generate revenue for Giorgio above and beyond the maintaining of the website and the development of NoScript? By directing every download to a particular NoScript webpage that contains ad banners that generate Giorgio money. Then every update (every couple of days or so) redirecting them to said page to make even more money. If so, is there anything wrong with that? Is everyone free to use NoScript (provided they abide by the EULA) or does Giorgio only want you using NoScript if he gets paid for it, ie banner ads; going so far as to engage in nefarious actions to ensure he gets paid (via the banner ads) for you to use the “free” NoScript?
Now onto AdblockPlus. No matter how you look at it AdblockPlus’ job is to block ads. End of story, period.
So. Giorgio is happy to provide NoScript for “free” as long and he gets paid for it via the banner ads on the NoScript websites, that users are automatically re-directed to every update (every couple of days). However, if you wish to use the “free” product NoScript and use AdblockPlus, thereby effectively blocking Giorgio’s revenue stream, Giorgio will retaliate by exploiting a venerability in AdblockPlus to ensure he gets his money right?
************************************************************************************************************************************************
In the end this is what I think: Giorgio made a great product with good intentions. He made a mistake by all this AdblockPlus shenanigans. But so did Wladimir Palant. It would be difficult for NoScript to generate operational revenue from the banner ads and AdblockPlus to retain integrity and block all (try to) ads, while still respecting the rights and operational revenue of a fellow Mozilla add-on developer. I believe that this situation could have been handled much more maturely (that is not an insult to anyone.) However, I think that this is/was a very good learning experience for everyone (ie developers, Mozilla, users etc.)
In the end here is what I think: Free Is Good. We are entitled to the option (and ideals) of free and open-source software. However, it cost money to develop and maintain software. It is hard to balance these two facts, and still abide by the general Mozilla, open-source philosophies. And sometime you need to fuck shit up to make things better. Right now after all the bullshit I think individually NoScript and AdblockPlus are better products. And the free and open-source community has learned a lot from this “situation”.
August 31st, 2009 at 4:42 am
[...] hackademix.net » Dear Adblock Plus and NoScript Users, Dear Mozilla Community hackademix.net/2009/05/04/dear-adblock-plus-and-noscript-users-dear-mozilla-community – view page – cached Giorgio Maone’s answers to the Web, the Universe, and Everything * Home * Why * Me, ma1 — From the page [...]
December 24th, 2009 at 4:31 pm
[...] still collecting my thoughts and reading thoroughly Wladimir Palant exposure, Giorgio Maone’s apology, and Mozilla’s response. The situation reminds me of the fiduciary duties that we Chartered [...]
January 8th, 2010 at 4:37 pm
[...] a heart-felt apology posted Monday, Giorgio Maone admitted that he added a small piece of code that worked around the EasyList filter [...]