Eyes Above The Waves

Robert O'Callahan. Christian. Repatriate Kiwi. Hacker.

Friday 15 June 2007

15 Minutes With A Tucked-In T-Shirt

Being picked on by bullies at school is one thing, but to achieve supreme nerd credentials, try being ridiculed in the press for the way you dress. (BTW Juha, Chris was wearing jeans and a sweatshirt... stay alert mate!) Perhaps I should get an extreme makeover and expense it to Mozilla.

The Auckland Web meetup was a lot of fun. The talk seemed to go down well. After a slow start the audience warmed up and asked some good questions, although none of the tricky ones I was expecting. I hope I didn't seem rude to the person (Cindy?) who asked about CSS styling of scrollbars! ("No, because we have taste!"*) Thanks also to Nigel for being a good sport when I had to make a few remarks about the dominant browser vendor.

The demos went well, although in the run-up before the talk we discovered some interesting issues with Chris' video patch. We really need someone to maintain a set of Firefox/Gecko demos that we can share ... it's quite a bit of work and no doubt there's cool stuff I could have shown that I just didn't know about or have time to pull together.

The other talks were interesting. Electrocity is a lot of fun; really cool project. Nigel's WPF/Silverlight talk was really good. The lead-in slides were a bit wooly to be honest, but the meat of the talk and the demos were awesome even though I'd seen or heard about most of them already. The C# vs Javascript chess match demo was a bit annoying just because it's portrayed as a contest between languages when it's more about implementation techniques. Yes, untyped Javascript is harder to write a good compiler for than a statically typed language, or even other dynamic languages, thanks to dynamic properties and the prototype chain, but there's no reason to believe it can't be done.

One thing that was a concern was that it appears Silverlight allows any (untrusted) app to create a full-screen window. This makes a good demo but is very bad news for security: we work hard to ensure that untrusted content is always enclosed in browser chrome, to give a visual clue to the reduced trust level and reduce the chance of spoofing. I think Nigel said Flash 9 allows untrusted full-screen too; if so, this is something we need to look at. Another problem is that there is no visible way to get out of full-screen mode; a "Press Esc to exit full screen mode" cue is displayed briefly during the transition to full-screen, but it would be easy for users to miss or forget that.

I'm afraid in the rush to create "compelling experiences" and offer more to application developers, people are glossing over important issues of trust. People keep talking about blurring the boundaries between the desktop and the Web, but a key difference is that generally desktop apps are highly trusted and Web apps have little to no trust. (This is a good thing for Web apps, because a trust decision is a major barrier to use ... although often not high enough!)

One way to look at things is that traditionally desktop apps have had a set of capabilities that Web apps have lacked: rich graphics, offline capability, native-looking user interface, media support. Now we can bring those features to Web apps, that's cool. Likewise there's features that Web apps have had and desktop apps lacked, like zero installed footprint and trivial auto-update, and they're travelling in the other direction. But there's another set of capabilities that desktop apps have, like access to your local file system, your address book, your webcam, and your intranet, that we will never want to give to random Web apps. And although policies for granting some kind of limited access to some Web apps are worth talking about, I suspect that a simple "trusted/not trusted" binary model is about as complex as most people can handle, and maybe too complex already.

* That was a lie actually. Well, we do have taste, but the real reason we've never supported IE-style scrollbar coloring is that a) it was never high enough priority and b) you can't really do that and get the correct platform look using the theme APIs we have access to. As far as I know.

PS, sorry Ulrika, but the Computerworld article A Kiwi sits 'on the edge of tomorrow' at Google infuriates me! This person is naive and condescending ... fortunately unlike the Googlers I know.



Comments

Peter
Not sure what the scrollbar question was about but we do have XUL scrollbars that can be CSS styled. Just that they are a bit broken on trunk (Bug 345609).
Laurens Holst
Do you ever use flash video players? Most of them have full-screen buttons, including the one on YouTube. I�m not sure whether there are any restrictions placed on the content though, but it would seem it doesn�t.
Robert O'Callahan
Is that full-screen mode invokable by script automatically, or can only the user invoke it? That's the big question.
Nigel Parker
Can't speak for flash but with Silverlight...
A Silverlight control can only enable full-screen mode in response to a set of user-initiated actions. These actions correspond to the MouseLeftButtonDown, MouseLeftButtonUp, KeyDown, and KeyUp events. If you try to set the FullScreen property to true in a Loaded event, the property setting is ignored. This condition on limiting the actions that enable full-screen mode ensures that the user is always the initiator of full-screen mode behavior.
When in full-screen mode, with no shell showing, you can use the mouse on the canvas provided by the application, but can't enter keystrokes with the keyboard. This is designed to avoid someone spoofing passwords or behavior on the user.
http://msdn2.microsoft.com/en-us/library/bb412397.aspx
Juha
Nobody was ridiculing you... seriously. It was a cold night, and I have no idea why you didn't die of frostbite :).
I enjoyed your presentation very much, which you can probably tell if you read a bit more of the FryUp newsletter. The FryUp has a humorous bent, so please take it for what it is.
The scrollbars comment was a joke by the way.
Robert O'Callahan
Juha: no worries, I wasn't taking it seriously.
Nigel: that's good! Maybe not good enough though. It's probably quite easy to use DHTML to make an tiny or invisible Silverlight applet follow the mouse cursor around and receive the click whenever the user tries to click on something.
Nigel Parker
Robert wrote "It's probably quite easy to use DHTML to make an tiny or invisible Silverlight applet follow the mouse cursor around and receive the click whenever the user tries to click on something."
Not sure about that but I doubt it as an invisible Silverlight applet would not be hitable
http://blogs.msdn.com/msmossyblog/archive/2007/06/16/performing-a-hittest-with-silverlight.aspx
John Dowdell
Adobe Flash Player 9 introduced the fullscreen, "kick out the browser chrome" mode. Microsoft later used added the exact same interface conventions to their future browser plugin. Remarkable coincidence.... ;-)
Last time I checked, though, Silverlight didn't lock out user input the way Flash does, leading to possibilities of spoofed sites. They'll probably fix this before release... sounds like Nigel's referring to it now.
Info on security changes when using all your monitor's pixels for Adobe Flash video:
http://www.adobe.com/devnet/flashplayer/articles/full_screen_mode.html
jd/adobe