On 9/6/13 04:25, Henri Sivonen wrote:
We do surface such UI for https deployment errors
inspiring academic papers about how bad it is that users are exposed
to such UI.
Sure. It's a much trickier problem (and, in any case, the UI is
necessarily more intrusive than what I'm suggesting). There's no good
way to explain the nuanced implications of security decisions in a way
that is both accessible to a lay user and concise enough to hold the
average user's attention.
On Thu, Sep 5, 2013 at 6:15 PM, Adam Roach <a...@mozilla.com> wrote:
As to the "why," it comes down to balancing the need to let the publisher
know that they've done something wrong against punishing the user for the
publisher's sins.
Two problems:
1) The complexity of the platform increases in order to address a fringe case.
2) Making publishers' misdeeds less severe in the short term makes it
more OK for publishers to engage in the misdeeds, which in the light
of #1 leads to long-term problems. (Consider the character encoding
situation in Japan and how HTML parsing in Japanese Firefox is worse
than in other locales as the result.)
To the first point: the increase in complexity is fairly minimal for a
substantial gain in usability. Absent hard statistics, I suspect we will
disagree about how "fringe" this particular exception is. Suffice it to
say that I have personally encountered it as a problem as recently as
last week. If you think we need to move beyond anecdotes and personal
experience, let's go ahead and add telemetry to find out how often this
arises in the field.
Your second point is an argument against automatic correction. Don't get
me wrong: I think automatic correction leads to innocent publisher
mistakes that make things worse over the long term. I absolutely agree
that doing so trades short-term gain for long-term damage. But I'm not
arguing for automatic correction.
But it's not our job to police the web.
It's our job to... and I'm going to borrow some words here... give users
"the ability to shape their own experiences on the Internet." You're
arguing _against_ that for the purposes of trying to control a group of
publishers who, for whatever reason, either lack the ability or don't
care enough to fix their content even when their tools clearly tell them
that their content is broken.
--
Adam Roach
Principal Platform Engineer
a...@mozilla.com
+1 650 903 0800 x863
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
