Thread: Check your Windows 10 block settings
View Single Post
  #54   Report Post  
Posted to alt.home.repair
Mayayana Mayayana is offline
external usenet poster
  
Posts: 1,033
Default Check your Windows 10 block settings

| I pay $1/month for a paper statement. I doubt
|
| You're lucky. I've closed accounts when each notified me that
| they wanted $8.95/month to mail me a single sheet of paper
| with 1, 2 or, at most, *3* transactions on it! Note that
| one of the banks was 1500 miles from here -- so its not
| a "local phenomenon".
|

TD Bank. And they're open on Sundays, too.
I'm not sure I even want to know why you have
numerous bank accouts on the other side
of the country.

| Do you own any securities? Do any "trading"?
|

No. I'm not a gambler. Frankly I think straight gambling
on the stock market should be illegal, with something
like a 90 day minimum period that stocks would have
to be held and no option for buying options, which
are merely bets. Then people would be investing in
companies rather than just a big, glorified gambling hall.

| You sound like you know what you're doing, so I
| wouldn't be inclined to tell you that you should change,
| but my way also works. Nearly all possible online attacks
| require javascript.
|
| If you look at the history of vulnerabilities, you'd realize that's
| not the case. Buffer overflow exploits are still common -- despite
| EVERYONE knowing about this sort of potential problem (yet
| continuing to write NEW code that has the same flaws).
|

Buffer overflows require executable code. The point is
to go back to what the Web was meant to be: A resource
that can be accessed. Not remote software.
However you look at it, nearly all risks online require script.
It's true that there has been at least one issue with JPGs.
That was actually a vulnerability in gdiplus.dll, the
Windows extended graphics library. There was also once
an issue with EMF files. It's not impossible to face a
vulnerability with script disabled, but it's *very* unlikely.
With script enabled, on the other hand, you're a sitting
duck.

PDF exploits, as well as Flash, are also script issues.
The MP4 bug you link to is a Flash problem. Likewise,
the MP3 bug you linked to is with script in iTunes. What
you're talking about is all executable code. The point is
to get executable code out of the browser. Don't use
Adobe crap at all. Don't enable script. Don't install Java.
Don't run videos and music in browser plugins like Flash.
Don't enable script in your PDF viewer.
(For me this is easy. I don't like things moving on webpages
while I'm trying to read. If I want to see a video I'll
download it, so I can save a copy, and play it in VLC. If
I can't download it I can't be bothered. I'm not going to
sit around "watching TV" on my monitor.)

| Having NoScript block all domains, here, means I often
| have to take several attempts to view a site -- successively
| enabling more and more domains until the site "appears"
| to work. Some sites are very deliberate in refusing to work
| without Jscript enabled. Some refuse to work without Flash.
|

Yes. I guess it depends a lot on what sites you visit. I
have noticed lately that more sites design to break without
script. Maybe not all deliberately. The code has gotten to
be such a mess that it's hard to tell. I don't use highly
interactive sites, so I've never needed Flash. I've never
even had it installed. And fortunately it's being phased out.

One of the increasing problems I've seen is kiddie sites
hosted by Wix and Squarespace. They get small business
people to set up sites for free or cheap. It's all a very
simple, drag-drop-and-choose-options kind of operation.
People think it's clever that they made their own site. But
the pages are actually pseudo-JSON muck that directs
the loading of the page from the Wix or Squarespace
server. It's completely broken without script. The nasty
thing about it is that it breaks because it's using client-
side processing to put the page together. PHP and ASP
would work just fine server-side, but Wix and Squarespace
are cutting corners.

I was looking at a site yesterday by some very talented
designers and engineers. Heatherwick.com. Their website
is a mess, with the noscript code inside script blocks! These
people are award winning designers with big gallery shows,
yet they can't build a website with the most basic
functionality.

Another one I've noticed recently is Forbes.com. I used
to go there sometimes for news. Now there's actually no
webpage at all. Their pages are either built from script or
hide the content inside script. They're actually, in some cases,
embedding the entire HTML string inside script variables!
That's so idiotic and wasteful that it can only be a case
of trying to make their site break without script.

It's got so bad, and some of the script I see is so bizarre
and convoluted, that I recently wrote a tool to sort it out:

http://www.jsware.net/jsware/scrfiles.php5#jsdeob

It's only for people who are familiar with webpage coding,
but I find it can come in handy sometimes.


Reply With QuoteReply With Quote