Friday 15 June 2007
Being picked on by bullies at school is one thing, but to achieve supreme nerd credentials, try being ridiculed in the press for the way you dress. (BTW Juha, Chris was wearing jeans and a sweatshirt... stay alert mate!) Perhaps I should get an extreme makeover and expense it to Mozilla.
The Auckland Web meetup was a lot of fun. The talk seemed to go down well. After a slow start the audience warmed up and asked some good questions, although none of the tricky ones I was expecting. I hope I didn't seem rude to the person (Cindy?) who asked about CSS styling of scrollbars! ("No, because we have taste!"*) Thanks also to Nigel for being a good sport when I had to make a few remarks about the dominant browser vendor.
The demos went well, although in the run-up before the talk we discovered some interesting issues with Chris' video patch. We really need someone to maintain a set of Firefox/Gecko demos that we can share ... it's quite a bit of work and no doubt there's cool stuff I could have shown that I just didn't know about or have time to pull together.
One thing that was a concern was that it appears Silverlight allows any (untrusted) app to create a full-screen window. This makes a good demo but is very bad news for security: we work hard to ensure that untrusted content is always enclosed in browser chrome, to give a visual clue to the reduced trust level and reduce the chance of spoofing. I think Nigel said Flash 9 allows untrusted full-screen too; if so, this is something we need to look at. Another problem is that there is no visible way to get out of full-screen mode; a "Press Esc to exit full screen mode" cue is displayed briefly during the transition to full-screen, but it would be easy for users to miss or forget that.
I'm afraid in the rush to create "compelling experiences" and offer more to application developers, people are glossing over important issues of trust. People keep talking about blurring the boundaries between the desktop and the Web, but a key difference is that generally desktop apps are highly trusted and Web apps have little to no trust. (This is a good thing for Web apps, because a trust decision is a major barrier to use ... although often not high enough!)
One way to look at things is that traditionally desktop apps have had a set of capabilities that Web apps have lacked: rich graphics, offline capability, native-looking user interface, media support. Now we can bring those features to Web apps, that's cool. Likewise there's features that Web apps have had and desktop apps lacked, like zero installed footprint and trivial auto-update, and they're travelling in the other direction. But there's another set of capabilities that desktop apps have, like access to your local file system, your address book, your webcam, and your intranet, that we will never want to give to random Web apps. And although policies for granting some kind of limited access to some Web apps are worth talking about, I suspect that a simple "trusted/not trusted" binary model is about as complex as most people can handle, and maybe too complex already.
* That was a lie actually. Well, we do have taste, but the real reason we've never supported IE-style scrollbar coloring is that a) it was never high enough priority and b) you can't really do that and get the correct platform look using the theme APIs we have access to. As far as I know.
PS, sorry Ulrika, but the Computerworld article A Kiwi sits 'on the edge of tomorrow' at Google infuriates me! This person is naive and condescending ... fortunately unlike the Googlers I know.