17 May 2000
There's safety in numbers
When you learn to divide
How can we be in
If there is no outside
-- "Not One of Us", Peter Gabriel, Peter Gabriel (melt), 1980
|
A design thought: When using footnotes on web pages (and I'll leave aside the arguments about whether one should use them or find some alternative, hip hypertexty way of doing it instead), standard practice seems to be to make the little number [1] a link that jumps down to the footnote itself.
That's fine as far as it goes, but once you're down there you're kind of stuck. It would make sense (to me) to make the expanded footnote's number a link back up to the item in the text that you're footnoting.
I was reading Tim O'Reilly's You Must Read this Book: Lessig's Code (seen on Camworld), reached the bottom and found a footnote that I had missed the reference to above. A quick way to jump to the text it was annotating would have been really handy.
It would be a pain to make them manually, I know, especially if you use footnotes a lot... maybe someday web writing toolmakers will include the ability to easily set up text anchors that mirror each other like that. I'm trying to think of another application for such a construct ["bi-directional intrapage links"?], but footnotes are the only thing that come to mind right now.
Hitting the 'Back' button works in most browsers if you got to the footnote by clicking, but not if you got there by scrolling.
Anyway. Just thinking out loud.
Some ILOVEYOU followups:
Thanks to Dan Hartung for tracking down this handy reference to the many versions of Outlook and their levels of riskiness:
- How Active is Active Content in E-mail? [NTBugTraq]
In case you weren't aware of it, Outlook (all versions except Outlook 97) relies on the Security Zone Security Settings from Internet Explorer (Tools, Internet Options, Security). Outlook lets you specify one of two zones to use as the security settings for dealing with email messages (Tools, Options, Security). You can use the Internet Zone (default), or the Restricted Sites Zone (more secure).
Obviously you should be using the Restricted Sites Zone. However, the zone, as configured by default, isn't strict enough. For example, Active Scripting is still enabled in the Restricted Sites Zone (with hindsight, what an oversight that was, eh?).
...the two most obvious changes that you should make to the Restricted Sites Zone are;
- Change Script ActiveX controls marked safe for scripting to disable or prompt
- Change Active Scripting to disable or prompt
Outlook relies on IE's security zone settings? How... competely... unintuitive to the casual user.
Phil Agre's Red Rock Eater mailing list had some valuable commentary too:
- May 5 notes and recommendations [The Commons]
Mr. [Scott] Culp read on the radio the text of a warning that the users who spread the virus had
supposedly ignored. That warning concludes with a statement to the effect that you shouldn't execute attachments from sources that you do not trust. He read that part kind of fast, as you might expect,
given that the whole point of this virus is that people receive an attachment from a person who has included them in their address book. This particular blame-shifting tactic is particularly disingenuous given that the virus spread rapidly through Microsoft itself, to the point that the company had to block all incoming e-mail (Wall Street
Journal 5/5/00).
Do these "customers" really specifically ask for fully general scripts that attachments can execute, or do they only ask for certain features that can be implemented in many ways, some
of which involve attachments that execute scripts? Do the customers who supposedly ask for these crazy things understand the consequences of them? Do they ask for them to be turned on by default, so that every customer in the world gets the downside of them so that a few
customers can more conveniently get the upside?
- May 13 notes and recommendations [The Commons]
The problem ... is not scripting languages, but email clients that can execute attachments that contain scripts that can perform a wide variety of potentially damaging actions. Blaming "the social phenomenon of virus writing" is not reasonable. A product that can be subverted by a random college student to cause massive worldwide damage is not secure. That's what "secure" means.
Mr. Culp thinks he is playing a game. Look everyone! I've managed to spin this situation into being something good about Microsoft!
This is the company whose products are being used to rebuild the productive infrastructure of the entire world, including large parts of the US military. We are insane to be doing business with them.
In that last post he referenced a good article by Hiawatha Bray with more clueless statements from Microsoft. here it is:
- Windows OS: Pheromone for the Love Bug [boston.com]
It's not as if this hadn't happened to Microsoft before. Back in 1997, I interviewed a student ... who'd discovered that Microsoft's Web browser had a security flaw that could wreck a user's computer. ... I could create a link that would start up a computer's Format program, and delete every file on the computer's hard drive. ... When I asked Microsoft about this appalling security flaw, one of their engineers assured me that it wasn't a flaw at all. The company had deliberately designed the browser with this capability, because some corporate users would find it handy.
In the end, Microsoft saw reason and modified the browser to prevent this feature from working. But the underlying attitude that convenience matters more than security has never changed.
Oh my. Found through Tiger Beat: Anybody curious what gifts Newt and Callista want for their wedding?
Privacy? What privacy? This is the Net.
I'm going to a wedding out of town, so no more updates until at least Monday...
|