lame dialog boxes?
fantasai
of the plan for FF2.0? It might be a useful thing to make a list,
and offer them up as starter projects for new coders.
~fantasai
who just ran across the drag-bookmark-to-home-button Yes/No dialog
Joe Hughes
> Just wondering if systematically fixing lame dialog boxes is part
> of the plan for FF2.0? It might be a useful thing to make a list,
> and offer them up as starter projects for new coders.
I for one am very interested in making sure "lame dialog boxes" get
improved. Would you care to post a list of dialogs that you think
qualify, and why?
.joe.
Mike Beltzner
> I for one am very interested in making sure "lame dialog boxes" get
> improved. Would you care to post a list of dialogs that you think
> qualify, and why?
I think my post from my BlackBerry didn't make it onto the NNTP group
(I've opened a bug about that, it appears to be related with the way
that mobile devices encode their email for transmission over the air,
so if you use one of those, please be warned!) but I am also very
interested in this, so much so that I made sure it was expressed as a
requirement in the planning documents.
So indeed, let's seed a list. I'll start us out:
- reloading forms that resubmit post data (bug 112848)
- warning dialogs about going from encrypted to unencrypted pages
- dialog for choosing what to do with a file download
- options/preferences > advanced > security layout
I'm hitting a mental wall, but I blame the fact that it's a weekend
and my animal hindbrain is resisting work on a weekend. There's also
some great bugs that have the "polish" keyword which I'm hoping to
whack at post A2 as part of a general shine and polish effort for the
UI. Some have been languishing for a long time.
cheers,
mike
Daniel Schierbeck
> Joe Hughes wrote:
>> I for one am very interested in making sure "lame dialog boxes" get
>> improved. Would you care to post a list of dialogs that you think
>> qualify, and why?
> - warning dialogs about going from encrypted to unencrypted pages
> - dialog for choosing what to do with a file download
> - options/preferences > advanced > security layout
I'd like to add the HTTP/FTP authentication dialog.
Cheers,
Daniel Schierbeck
Mike Connor
> On 31-Mar-06, at 12:38 PM, Joe Hughes wrote:
>
>> improved. Would you care to post a list of dialogs that you think
>> qualify, and why?
>
> (I've opened a bug about that, it appears to be related with the way
> that mobile devices encode their email for transmission over the air,
> so if you use one of those, please be warned!) but I am also very
> interested in this, so much so that I made sure it was expressed as a
> requirement in the planning documents.
>
> So indeed, let's seed a list. I'll start us out:
>
> - warning dialogs about going from encrypted to unencrypted pages
the leaving a secured area dialog? One is necessary, the other probably
isn't with good SSL UI.
> - dialog for choosing what to do with a file download
what app to open with? no other browser I'm aware of does this, seems
like massive overkill)
> - options/preferences > advanced > security layout
-- Mike
Boris Zbarsky
> I think someone filed a bug on me about this one (why do we actually ask
> what app to open with? no other browser I'm aware of does this, seems
> like massive overkill)
IE certainly does this if there's no app registered for the type. At least last
I checked.
As for why we ask to start with, historically Linux distros have had really
crappy default handlers set. Things like "lpr" as the handler for PostScript
files, for example. So we prompted to give users a chance to sanity-check the
setting, basically. Similar reasoning applies on Windows/Mac if the handler has
known security issues -- it allows users to not suffer from a drive-by exploit.
Of course a typical user probably has no idea what apps on their computer have
security issues (even if they happen to know what "lpr" does)....
At this point I suspect that distros are shipping reasonable defaults on Linux,
so we could probably just use the default setting if there is one (assuming
there's a way to change that in preferences). But if there is no helper set,
asking the user still seems like the way to go rather than forcing save-to-file.
-Boris
Mike Connor
> Mike Connor wrote:
>> I think someone filed a bug on me about this one (why do we actually
>> ask what app to open with? no other browser I'm aware of does this,
>> seems like massive overkill)
> IE certainly does this if there's no app registered for the type. At
> least last I checked.
it downloads the file and then tries to open it, and hands off to the OS
program picker (just like what happens if you open a saved file without
a handler from the download manager).
> As for why we ask to start with, historically Linux distros have had
> really crappy default handlers set. Things like "lpr" as the handler
> for PostScript files, for example. So we prompted to give users a
> chance to sanity-check the setting, basically. Similar reasoning
> applies on Windows/Mac if the handler has known security issues -- it
> allows users to not suffer from a drive-by exploit.
>
> Of course a typical user probably has no idea what apps on their
> computer have security issues (even if they happen to know what "lpr"
> does)....
package and get a different handler. If my distro sucks, I should get a
new distro.
> At this point I suspect that distros are shipping reasonable defaults
> on Linux, so we could probably just use the default setting if there
> is one (assuming there's a way to change that in preferences). But if
> there is no helper set, asking the user still seems like the way to go
> rather than forcing save-to-file.
download the file to /tmp, and call nsILocalFile.launch(), and let the
OS handle things from there. It makes no sense to have a different
helper app setting within another app, that's why we have OS-level
handlers. I think that downloading and opening a file should end with
the same results regardless of path taken (open from web, save and open
from dlmgr, save and open from file manager, etc).
-- Mike
Daniel Schierbeck
like to provide some more context of what I think we could replace the
dialog with :)
This is what I'm thinking:
*Relatively safe authentication methods*
.============================================.
| Authenticate |
|============================================|
| @@@ Enter username and password for Test |
| @@@ at example.com |
| |
| Username: [________________________] |
| Password: [________________________] |
| [x] Remember ... |
| |
| [ Authenticate ] [ Cancel ] |
'--------------------------------------------'
*Unsafe authentication methods (HTTP Basic)*
.============================================.
| Authenticate |
|============================================|
| @@@ Enter username and password for Test |
| @@@ at example.com |
| |
| Username: [________________________] |
| Password: [________________________] |
| [x] Remember ... |
|--------------------------------------------|
| /\ *Warning*: your username and password |
| will be sent in an insecure manner! |
|--------------------------------------------|
| [ Authenticate ] [ Cancel ] |
'--------------------------------------------'
The bar in the middle could have another color, to emphasize its importance.
The dialog icon (the @'s) should be something like a set of keys, and
not just a question mark. Furthermore, the dialog window title shouldn't
be "Prompt", but rather something like "Authenticate" or "Login".
Cheers,
Daniel
Mike Beltzner
some rationale:
>> - reloading forms that resubmit post data (bug 112848)
The rationale for this one is in the bug, but essentially, the
terminology used in here is too technical and the question itself
seems unrelated to the task. The user wants to go back or forward,
and is all of a sudden being asked about resubmitting data.
>> - warning dialogs about going from encrypted to unencrypted pages
> That's rather non-specific. Are you talking about the form submit
> or the leaving a secured area dialog? One is necessary, the other
> probably isn't with good SSL UI.
The one that pops up whenever I submit a form that takes me to a non-
secure page. What I meant, however, was that the message being given
was again confusing and unrelated to the task at hand.
>> - dialog for choosing what to do with a file download
> I think someone filed a bug on me about this one (why do we
> actually ask what app to open with? no other browser I'm aware of
> does this, seems like massive overkill)
Connor even filled in my rationale here. He's such a sweetie.
>> - options/preferences > advanced > security layout
> Lipstick on a pig? Sure, I'm game!
That *was* almost my job title, yes! :)
cheers,
mike
Mike Beltzner
> As for why we ask to start with, historically Linux distros have
> had really crappy default handlers set. Things like "lpr" as the
> handler for PostScript files, for example. So we
^^
in case anyone ever gets curious, this is where I stopped finding the
historical rationale compelling :)
> in preferences). But if there is no helper set, asking the user
> still seems like the way to go rather than forcing save-to-file.
As mconnor pointed out, that seems like an OS-level issue for things
that aren't browser plugins. When I get a WMV, I want that WMV to be
played with VLC as I do with all WMVs on my system. Once I've
configured that, it will be consistent across the browser and the
system.
cheers,
mike
Boris Zbarsky
> IE doesn't ask, it only gives Save/Open. I'd bet without looking that
> it downloads the file and then tries to open it, and hands off to the OS
> program picker (just like what happens if you open a saved file without
> a handler from the download manager).
That has the same effect in the end -- the user gets to pick an app to open the
file with.
> IMO, open from location (or whatever the UI actually does) should just
> download the file to /tmp, and call nsILocalFile.launch()
1647 NS_IMETHODIMP
1648 nsLocalFile::Launch()
1649 {
1650 return NS_ERROR_FAILURE;
1651 }
is the Linux implementation, for what it's worth. ;)
But yes, this would work, more or less, if this method were implemented somehow.
See below, however.
> It makes no sense to have a different
> helper app setting within another app
Actually, it makes a world of sense in some cases. See the numerous bug reports
we've had where people are doing precisely that.
As a simple example on Windows, when opening a text/x-c++ file locally I'd
probably want it to open in my IDE (MSVC++ say), whereas opening one from the
web I'd be happier to have it open in Notepad or possibly even inline as
text/plain in my web browser.
Similarly for cases where programs have more and less secure modes depending on
whether they are dealing with "trusted" content (not that we do well with that
now, but we have bugs filed on it for Linux).
> I think that downloading and opening a file should end with
> the same results regardless of path taken (open from web, save and open
> from dlmgr, save and open from file manager, etc).
This part I actually sorta agree with. What's really needed on the OS side is a
concept of trusted vs untrusted files, with untrusted files possibly being
opened in a different way, and a way to mark files as trusted. Files coming in
off the web would start off untrusted, of course.
Until that happens, what can I, as a user who _is_ aware about security, do to
prevent drive-by execution of insecure programs that are just fine for handling
trusted content? Microsoft Word with macros enabled comes to mind, for example.
-Boris
Boris Zbarsky
>> As for why we ask to start with, historically Linux distros have had
>> really crappy default handlers set. Things like "lpr" as the handler
>> for PostScript files, for example. So we
>
> ^^
> in case anyone ever gets curious, this is where I stopped finding the
> historical rationale compelling :)
Does that mean that you think Linux distros are a lot better now, or that "lpr"
is a great handler for PostScript? ;)
-Boris
Boris Zbarsky
and surrounding setup. I think this is the sort of place where we should make
the simple things easy and the complicated things possible without hand-editing
mimeTypes.rdf. That is, have the default UI, preselected options, etc be the
thing that will give the right answer most of the time for most users (and all
the time for those who don't know better), while allowing users who _do_ know
what they're doing with helper apps to do it.
Of course I realize that the Firefox philosophy is that there should be two or
three different extensions, all slightly broken, supplying the power-user
functionality. ;)
-Boris
scratch
>
>> - dialog for choosing what to do with a file download
> I think someone filed a bug on me about this one (why do we actually ask
> what app to open with? no other browser I'm aware of does this, seems
> like massive overkill)
well i'm sure i'm on the power-user end of things, but i use that
functionality all the time. thinking about it now, though, about half
of the time i use it to open the file in notepad, so i suppose an "open
as plain text" option would be almost satisfactory.
-scratch
Philip Chee
> Mike Beltzner wrote:
>>> As for why we ask to start with, historically Linux distros have had
>>> really crappy default handlers set. Things like "lpr" as the handler
>>> for PostScript files, for example. So we
>> in case anyone ever gets curious, this is where I stopped finding the
>> historical rationale compelling :)
> Does that mean that you think Linux distros are a lot better now, or that "lpr"
> is a great handler for PostScript? ;)
I use lp with the appropriate postscript filters.
Phil (Solaris/SunOS5 guy)
--
Philip Chee <phi...@aleytys.pc.my>, <phili...@gmail.com>
http://flashblock.mozdev.org/ http://xsidebar.mozdev.org
Guard us from the she-wolf and the wolf, and guard us from the thief,
oh Night, and so be good for us to pass.
[ ]Never judge a man by his taglines.
* TagZilla 0.059
Boris Zbarsky
> I use lp with the appropriate postscript filters.
You mean every time you click on a link to a PostScript file it gets dumped to
your printer?
-Boris
Philip Chee
[Context: Solaris server running Oracle RDBMS+Oracle Financials]
I mean the SysV lp printing system comes with various filters (i.e.
drivers) including several for printing to postscript printers.
Integrating the Oracle Financials printer drivers with the Solaris lp
print filters was more fun than open heart surgery without anesthetics.
Which is why I don't do Oracle Financials these days.
Phil
--
Philip Chee <phi...@aleytys.pc.my>, <phili...@gmail.com>
http://flashblock.mozdev.org/ http://xsidebar.mozdev.org
Guard us from the she-wolf and the wolf, and guard us from the thief,
oh Night, and so be good for us to pass.
[ ]Sex is not the answer. Sex is the question. "Yes" is the answer.
* TagZilla 0.059
Joe Hughes
> Just wondering if systematically fixing lame dialog boxes is part
> of the plan for FF2.0? It might be a useful thing to make a list,
> and offer them up as starter projects for new coders.
I just created a tracking bug, 333520, to organize these, and I've
started adding the candidates from the thread for which I could discern
relatively clear proposals.
> who just ran across the drag-bookmark-to-home-button Yes/No dialog
So, what would you want to do with the drag-bookmark-to-home button?
Mike Beltzner wrote:
> dialog for choosing what to do with a file download
> I think someone filed a bug on me about this one (why do we actually ask what app to open with? no other browser I'm aware of does this, seems like massive overkill)
>
> options/preferences > advanced > security layout
Mike, would you care to file bugs blocking 333520 detailing what you'd
like to do about these?
.joe.
fantasai
> fantasai wrote:
>> Just wondering if systematically fixing lame dialog boxes is part
>> of the plan for FF2.0? It might be a useful thing to make a list,
>> and offer them up as starter projects for new coders.
>
> I just created a tracking bug, 333520, to organize these, and I've
> started adding the candidates from the thread for which I could discern
> relatively clear proposals.
Thanks, Joe.
>> who just ran across the drag-bookmark-to-home-button Yes/No dialog
>
> So, what would you want to do with the drag-bookmark-to-home button?
Design it so that the buttons aren't Yes and No.
mpt posted a pretty nice design way back.
http://groups.google.com/group/netscape.public.mozilla.ui/msg/bba55ba1b9098b27
I'd get rid of the checkbox, though.
~fantasai