-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Conscious User wrote on 14/12/09 14:50: >... > Matthew, he did say the example was very crude. Showing the status bar > and/or the address bar was a valid solution some years ago. Today, with > Javascript pop-ups, ubiquity of flash applets and rise of integrated > web+desktop frameworks like Air, the game has changed a little bit.
Defending against UI spoofing is a fascinating topic for browser and plug-in developers. It would be great if there was a reliable way to distinguish between real self-opening windows and fake ones, and new ideas for this are always welcome. But requiring people to click a panel icon to access real windows succeeds mainly in hiding them altogether. See for example the aggravation caused by Empathy's behavior in Ubuntu 9.10, where people try to message you and get ignored because the only visible effect is a changed icon in the panel. <http://arstechnica.com/open-source/reviews/2009/11/good-karma-ars-reviews-ubuntu-910.ars/3> > In fact, a lot of javascript libraries have a resource to dim the page > before showing a popup, exactly like gksudo does. >... Sure, but that has nothing particularly to do with Update Manager (which soon, maybe in Lucid, will use PolicyKit rather than gksudo). I could just as well put up a gksudo-imitating window saying "Sorry, the program gconfig-spi closed unexpectedly. Enter your password to access the error report". Cheers - -- Matthew Paul Thomas http://mpt.net.nz/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAksnTH8ACgkQ6PUxNfU6ecq6YwCgjpwHpdEvDY8CXbU/MvQzUX2p 9GMAoKewM3iaYNG0dSjLckuPlTT/Igvl =m7Pt -----END PGP SIGNATURE----- _______________________________________________ Mailing list: https://launchpad.net/~ayatana Post to : ayatana@lists.launchpad.net Unsubscribe : https://launchpad.net/~ayatana More help : https://help.launchpad.net/ListHelp
