Saturday 23rd July, 2011
I've been thinking about people being tricked into doing things by web pages.

How about a sort of distance metric from user decisions to help filter out things like the idiot FaceBook video spam that's been going around?

I warn you: this is currently on an incredibly vague conceptual level.

Let's take a webapp as an example, with a number of widgets that have onClick handlers; and let's say that some lovely lovely person has worked out how to exploit some XSS hole in order to programatically simulate a series of user actions to - for example - spam all their friends.

So - how about each time an actual UI event (or at least a UI event generated by partially trusted code, such as the kernel mouse driver, or something authorised to send messages between applications [1]) occurs, we set a dynamically scoped variable which nothing can ever increment to be 1.0; and then each time an event takes place which deals with alters the user-visible context [2], it gets halved. So - a piece of Javascript that loads a new page, fills in a form then submits it generates a distance from agency of about 0.25, compared to 1.0 if the form submission directly results from the click, and 0.5 if there's one piece of JavaScript in the way.

This metric is then sent back with every HTTP request.

Thoughts? I know this is hopelessly naive, but it may be a starting point worth examining?

[1] I know this is ducking the problem slightly, but it's a thought experiment, dammit!

[2] Obvious examples: anything that causes a reload or relocation of the window; anything that changes the DOM; anything that performs an action on a user's behalf.

posted by Rob Mitchelmore, 14:36 (anchor)
Saturday 9th July, 2011
Ophelia in the frozen river: you breathe and the soundless bubbles are trapped beneath the cold surface. They burst inconsequentially, all soaked in half-hidden revelation. You are covered in leaves: "There's rosemary, that's for remembrance. Pray you, love, remember." There's Salvia. That's against sanity. Fingertips melt the surface, but there's no arguing with ice. There's Yew, that's for churchyards. Your face is white, and close, and far.

The far-flung eyes of Orion are closer than you are to living breath. On a winter's night steam from my lips can reach upwards and make them shiver. I have spent hoarfrost midnights singing to Jupiter rising, and he has moved across my sky to reach me. But breath cannot fight winter; warmth cannot fight cold; and a single momentary presence from which you turned away cannot fight a defined absence. Entropy is the last dance spoken, in the greatest and the least; and if you drift away from me in complex currents, your hair caught and fractal with the weed, I can do nothing, not even follow.

Here's ash.

I would cut into living stems to find you, curled up like a pearl, in the seed-pod of a poppy, and bring you back. A ghost in the rings of an oak; a conversation I had with a distant autumn morning, 4 AM and sodium. I would have come to you or brought you home or filled your heart with grammatical dreams, had you let me. But you are Ophelia in the frozen river; your silences are your ice, and your flowers.

posted by Rob Mitchelmore, 14:07 (anchor)
June 2015May 2015April 2015June 2014
January 2014November 2013October 2013July 2013
April 2013March 2013January 2013November 2012
older posts