From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-ig0-x236.google.com (mail-ig0-x236.google.com [IPv6:2607:f8b0:4001:c05::236]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id 2849E21F325 for ; Sun, 26 Apr 2015 07:01:06 -0700 (PDT) Received: by igblo3 with SMTP id lo3so44890772igb.1 for ; Sun, 26 Apr 2015 07:00:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=5VJqwPixSt5UNqpRKyEzUusOF1GJZUusVL7ZdK0B40I=; b=aHQqK29jkfTRZ4XKiv30Ij95Jhrx8+8AqpG0LWCRLOCllm+P8IZzdzYHHcqX2UUIZI Fu9+X/xT4Z3OQgSWweRQJDy8ZQUEFeqww/zIE0gGg60nDu8htvlcRcq1Nyn4tMQX+r36 /G1HxsNokLaad7YoYHLWg/MhNwhxIg0Gehfoz655PZl8L3x7PqHGZpeCwF+4ml1ZP/p7 yuqGUGLJ4wGnQtoy/jHkfswal2BVW9SgFvFFKSMIpA/BPTKV4eOHpqy2Yfd5XAtrHQTw v75RnP5+xRBYi5tO8ZjJnQ3Ntq1eXzEONl3e/OiGfNCwBfgIfXGHConlJSlBXzEE/NnH 0o1A== MIME-Version: 1.0 X-Received: by 10.107.169.160 with SMTP id f32mr8042136ioj.83.1430056831544; Sun, 26 Apr 2015 07:00:31 -0700 (PDT) Sender: justinbeech@gmail.com Received: by 10.50.107.42 with HTTP; Sun, 26 Apr 2015 07:00:31 -0700 (PDT) In-Reply-To: <553C84FE.5070101@gmail.com> References: <553B2863.2020600@gmail.com> <553BA193.1030907@gmail.com> <553C84FE.5070101@gmail.com> Date: Mon, 27 Apr 2015 00:00:31 +1000 X-Google-Sender-Auth: uQnTfEeCqrXs2JC2QudHLYtllls Message-ID: From: jb To: Jan Ceuleers Content-Type: multipart/alternative; boundary=001a1142646c73f75b0514a10db1 Cc: bloat Subject: Re: [Bloat] Adblock - or another extension - is incorrectly blocking the speed test X-BeenThere: bloat@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: General list for discussing Bufferbloat List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Apr 2015 14:01:50 -0000 X-List-Received-Date: Sun, 26 Apr 2015 14:01:50 -0000 X-List-Received-Date: Sun, 26 Apr 2015 14:01:50 -0000 X-List-Received-Date: Sun, 26 Apr 2015 14:01:50 -0000 X-List-Received-Date: Sun, 26 Apr 2015 14:01:50 -0000 X-List-Received-Date: Sun, 26 Apr 2015 14:01:50 -0000 X-List-Received-Date: Sun, 26 Apr 2015 14:01:50 -0000 X-List-Received-Date: Sun, 26 Apr 2015 14:01:50 -0000 X-List-Received-Date: Sun, 26 Apr 2015 14:01:50 -0000 X-List-Received-Date: Sun, 26 Apr 2015 14:01:50 -0000 X-List-Received-Date: Sun, 26 Apr 2015 14:01:50 -0000 --001a1142646c73f75b0514a10db1 Content-Type: text/plain; charset=UTF-8 No, I'm not going to do that. I absolutely hate even _considering_ changing how I want to do something for an extension that doesn't know the difference between an IP address and a script. There are no "Scripts" on the remote IP addresses. Putting everything into DNS would be a problem. They are ephemeral IPs (not all, but some), literally the cloud may bring some up for an hour and then take them down, then bring them up with another IP. And keeping DNS uptodate even with low TTL is a problem plus I have fast learned that many people do not have reliable ISP DNS servers. Some are missing info, some are very slow, some are flaky. The test is not testing DNS reliability. There are other tests that do that pretty well. So .. No. lol. I have however made the error crystal clear, it now instructs the user to set the noscript option to "Cascade" permissions from the page to "3rd party scripts" (lol). To give an example of the kind of ridiculous stuff these extensions do: a user wanted to know why something was broken on the site because they "did not trust cloudflare.com" (which hosts jQuery for everyone). Now if I change the location of that resource to "cdn.dslreports.com", it would be approved by noscript because the user trusts us. However cdn.dslreports.com is run by.. Amazon CDN. Exactly and perfectly the same, from a privacy/security viewpoint. Another example, the people spending days tinkering with their noscript or other security setup will one-click accept flash (if they wanted to run a speed test). Or more probably, just whitelist flash, because youtube was all flash and they want their videos. Right, that's real secure. flash is a black box to noscript. Alright I'm going to go away and bang my forehead against the wall now it is more productive than thinking about NOSCRIPT ! /rant On Sun, Apr 26, 2015 at 4:26 PM, Jan Ceuleers wrote: > On 26/04/15 06:17, jb wrote: > > The warning is correct in that it is probably NOSCRIPT. I think. > > All the speed test knows is that an API call to all servers was brutally > > failed > > in an unexpected way. There is no visibility into what caused the > > failure, only > > that it should not occur in a clean browser. If you open the console > > you can probably see more than the javascript gets told. > > Hi Justin, > > I think the problem is that you may be referring to the test servers by > IP address rather than by DNS names. Here is why I think that: > > I picked Noscript's "disable everywhere" option, then successfully ran > the test. I was then able to see in Noscript which sites were running > scripts and saw a number of IP addresses among them. I then added these > IP addresses to the whitelist, re-enabled Noscript and verified that I > was able to still run the test. > > If you are able to put all of these servers in a DNS domain under your > control then a single whitelist entry in Noscript would make them all > work, and not just the ones that are being picked at my location. > > By the way: I then re-enabled Adblock and was still able to run the > test. So I recommend blaming Noscript in the error message rather than > Adblock (and then perhaps also mentioning the whitelist rule that fixes > it). > > Thanks, Jan > > --001a1142646c73f75b0514a10db1 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
No, I'm not going to do that. I absolutely hate even _= considering_ changing
how I want to do something for an extension that = doesn't know the difference
between an IP address and a scrip= t.

There are no "Scripts" on the remote = IP addresses.

Putting everything into DNS would be= a problem. They are ephemeral
IPs (not all, but some), literally= the cloud may bring some up for an hour
and then take them down,= then bring them up with another IP.
And keeping DNS uptodate eve= n with low TTL is a problem plus I have
fast learned that many pe= ople do not have reliable ISP DNS servers.
Some are missing info,= some are very slow, some are flaky. The
test is not testing DNS = reliability. There are other tests that do that
pretty well.

So .. No. lol.

I have however= made the error crystal clear, it now instructs the user
to set t= he noscript option to "Cascade" permissions from the page
to "3rd party scripts" (lol).

To give= an example of the kind of ridiculous stuff these extensions do:
= a user wanted to know why something was broken on the site because
they "did not trust cloudflare.com= " (which hosts jQuery for everyone).
Now if I change the= location of that resource to "c= dn.dslreports.com",
it would be approved by noscript =C2= =A0because the user trusts us.
However cdn.dslreports.com is run by.. Amazon CDN. Exactly and
perfectly the same, from a privacy/security viewpoint.

=
Another example, the people spending days tinkering with their n= oscript
or other security setup will one-click accept flash (if t= hey wanted to run
a speed test). Or more probably, just whitelist= flash, because youtube
was all flash and they want their videos.= Right, that's real secure. flash
is a black box to noscript.=

Alright I'm going to go away and bang my fore= head against the wall now
it is more productive than thinking abo= ut NOSCRIPT !

/rant

On Sun, Apr 26, 2015 at 4:26 PM, Jan= Ceuleers <jan.ceuleers@gmail.com> wrote:
On 26/04/15 06:17, jb wrote:
> The warning is correct in that it is probably NOSCRIPT. I think.
> All the speed test knows is that an API call to all servers was brutal= ly
> failed
> in an unexpected way. There is no visibility into what caused the
> failure, only
> that it should not occur in a clean browser. If you open the console > you can probably see more than the javascript gets told.

Hi Justin,

I think the problem is that you may be referring to the test servers by
IP address rather than by DNS names. Here is why I think that:

I picked Noscript's "disable everywhere" option, then success= fully ran
the test. I was then able to see in Noscript which sites were running
scripts and saw a number of IP addresses among them. I then added these
IP addresses to the whitelist, re-enabled Noscript and verified that I
was able to still run the test.

If you are able to put all of these servers in a DNS domain under your
control then a single whitelist entry in Noscript would make them all
work, and not just the ones that are being picked at my location.

By the way: I then re-enabled Adblock and was still able to run the
test. So I recommend blaming Noscript in the error message rather than
Adblock (and then perhaps also mentioning the whitelist rule that fixes it)= .

Thanks, Jan


--001a1142646c73f75b0514a10db1--