unity-design team mailing list archive
-
unity-design team
-
Mailing list archive
-
Message #01466
Re: Farewell to the notification area
That is the reason while the pop-up/under/what ever is a BAD idea. And
the reason is that it is asynchronous, so the user is getting taught
to respond to (possibly fake) windows request their password. This is
a path for disaster if we ever get remotely close to solving Bug n. 1.
And, answering to Mark, yes it is much more difficult to fake an icon
in the system panel because the system panel. The reason is that we
are assuming that the system haven't been compromised yet, so there
isn't any malware running on the system. What Jim, and I, and others,
were talking about was websites spoofing the update-manager using the
browser and technologies like flash. In this case it is not trivial to
present a icon in the panel as there are only two possibilities for
it:
1) The panel is visible and outside the browsers' windows borders. In
this case the pop-up coming from the internet would need to ask the
browser to open a new window and position that window on the right
place to look like the update icon. Note that in this case the browser
would need a new window and, if I remember correctly, new windows are
always created with the windows decorations around it. Then the fake
icon (with window borders around it) would be easily recognizable.
2) The panel is hidden behind the browser window (which must be in
full screen mode). In this case the notification icon can not appear
in the right place because the browser toolbar is on top (and there is
no panel there).
I do believe that the system should only notify the user about
updates. If the updates are security updates the system could be a
pain (showing a notification bubble every 5 minutes if the user did
not apply the security updates for some days). But the user should
always be the one to call the update-manager window and hence trust it
to give his password.
Then we could go back to common sense: if you haven't started a
workflow where you know that you password will be required don't give
your password!
Paulo
On Sun, Apr 25, 2010 at 7:46 AM, Conscious User <conscioususer@xxxxxxx> wrote:
>
>> Disagree. Because update-manager does not require gksudo, there is no
>> screen dimming or anything else that indicates in an obvious manner
>> that it is an actual update window and not a popup coming from the
>> browser.
>>
>> (I'm not talking about popup in the browser window sense, I'm talking
>> about popups in the z-index sense, they can work because it is
>> very common for the user to use the browser fullscreen)
>>
>> Thinking better, *even* with screen dimming the user can be tricked:
>> all it needs is from him to have a dark theme (so the non-dimming
>> of the browser toolbar and the panel would be less noticeable)
>
> To illustrate my point, go to this site:
>
> http://www.huddletogether.com/projects/lightbox2/
>
> and click on an image.
>
> This pretty much convinces me that faking the update window is trivial.
>
>
>
> _______________________________________________
> Mailing list: https://launchpad.net/~ayatana
> Post to : ayatana@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~ayatana
> More help : https://help.launchpad.net/ListHelp
>
--
Paulo José da Silva e Silva
Professor Associado, Dep. de Ciência da Computação
(Associate Professor, Computer Science Dept.)
Universidade de São Paulo - Brazil
e-mail: pjssilva@xxxxxxxxxx Web: http://www.ime.usp.br/~pjssilva
Follow ups
References