On Thu, Jul 30, 2009 at 11:09 AM, Maciej Stachowiak <span dir="ltr"><<a href="mailto:mjs@apple.com">mjs@apple.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">On Jul 29, 2009, at 3:05 PM, Robert O'Callahan wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
What happened to my idea for browsers to have a special window containing tabs for "background apps", which save screen real estate by just showing an icon and title (and a URL or domain?) and no actual tab content? You might modify the UI so that quitting the normal browser leaves this window open, possibly as a separate OS app. Seems to me that this would provide almost exactly the desired functionality but without introducing new security concerns and without requiring a trust decision.<br>
</blockquote>
<br></div>
I haven't thought through this option in sufficient detail, but I'm not sure that it resolves all of the risks I mentioned or the risks of content outliving the page or the browser in general. Here's some questions that come immediately to mind:<br>
<br>
1) What exactly does the window look like? Just a normal tabbed browser window with a window in each tab? I think users would find that confusing.</blockquote><div><br>I'm not a good person to design the appearance, but I was thinking of a specialized view, perhaps a narrow vertical list containing the favicon and the window title, with the domain or URL displayed on mouseover, plus a close box. Like a vertical list of tab headers.<br>
<br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">2) What happens if users close the magic window (which likely they will, if it's not obvious what it's for and just seems to be wasting real estate)? Are all the background tasks killed or do they secretly keep running? Either seems like a bad option.</blockquote>
<div><br>They die, that's the whole point I guess. There could be an alert before the window closes, like Firefox has today to warn about closing a window with many tabs.<br><br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
3) In what way are users alerted to a new item being opened in the magic window - is there a UI for this that can avoid being either too distracting or too subtle?</blockquote><div><br>Again, I'm not the best person to design this, but the OS standard "window bounce" notification and highlighting of newly-inserted tabs until the window gets focus. Similar to the way, say, an IRC client like Colloquy alerts for a personal message being received.<br>
<br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">4) Is it really ok for web content to survive browser quit and possibly even reboot just because there is a visible indicator on screen, without some explicit heavyweight form of user opt-in (like Prism)?</blockquote>
<div><br>I hope so, since you get that in Firefox today if a Web app opens a new window or tab and then you quit Firefox or reboot the machine. Firefox's session restore will offer to reopen the tabs and windows next time Firefox runs (along with a "don't ask me again" checkbox).<br>
<br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">I'm not sure it is. Especially if the magic window has tabs, if a number of popular web apps start using it, then users will start to blank it out and be vulnerable to the same kinds of risks I described (use for a botnet, waiting for exploits to be found, etc).</blockquote>
<div><br>Possibly, I don't know how that would work out.<br><br>But if a user has 100 tabs open that get automatically saved and restored across browser restarts, aren't we already faced with the same problem? (That is not an unusual scenario, apparently.)<br>
<br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Given the risks I cited for the original form of the feature, I think we need to keep in mind that a lot of the security risks are subtle and insidious, and we need to be really cautious with any feature of this type.<br>
</blockquote><div> </div></div>I agree.<br clear="all"><br>Rob<br>-- <br>"He was pierced for our transgressions, he was crushed for our iniquities; the punishment that brought us peace was upon him, and by his wounds we are healed. We all, like sheep, have gone astray, each of us has turned to his own way; and the LORD has laid on him the iniquity of us all." [Isaiah 53:5-6]<br>