27 Mar - Chickenfoot/Automation
Presenter: Adam Ahmed
(1) What hassles does Chickenfoot eliminate for script-writers? What problem does it solve for script-users? (2) The authors call Chickenfoot a crucial step toward casual users automating/modifying web pages without needing to know syntax. What do you think will end up being the ultimate/ideal method for casual page customization? Is Chickenfoot really a crucial step toward syntax-ignorance or just a side street on the road to that ideal? (3) Chickenfoot is Greasemonkey with additional functionality, so why isn't Chickenfoot more popular than Greasemonkey? What are some criteria for adoption (not necessarily technology-based) that might explain the dissonance?
24 Mar - Browser spoofing
Presenter: Tommy Murphy
(1) Have you ever come across a spoofed interface and how did you tell? Do you think "evil people" could benefit from more/better browser spoofing? (2) The paper stated that "Web spoofing attacks can work because no clear difference exists between the graphical elements of status and the graphical elements of content." What are some ways to restrict content from displaying status information? (3) What do you think about adding a thick, alternating, border around your browser window? Do you think that its effectiveness would wear off when you became accustomed to it?
27 Feb - Web surfing for the visually disabled
Presenter: Mark Rawls
(1) What are some accessibility problems that make a screen-reader's job difficult (or otherwise impair a disabled person from easily using a web site)? (2) Describe the paper's scheme for context identification. (3) What other features (in the language of support vector machines) might help identify block relevance? [See Table 1: Description of Block Features]
25 Feb - Adapting web pages to hand held devices
Presenter: Michael Thomas
(1) What are the general approaches to displaying web pages on small screen devices? (2) Describe the approach advocated by the paper. (3) What are the advantages and disadvantages of this approach?
20 Feb - Semantic Web
Note: slides with info about course project are posted on Toolkit
Presenter: David Farmer
(1) Describe two things that make the Semantic Web different from traditional websites. (2) What are some of the things you might want to describe in an ontology language, and what problems could this produce for the consumer of your web service? (3) Were the vision of the "Piggy Bank" publishers realized, what would you store in your piggy bank?
18 Feb - PwdHash
Presenter: Eric Bradbury
(1) In only a few sentences, how does PwdHash work? (2) What are the limitations of client-side password protection. Do you think that PwdHash is a complete solution to password theft, or must something also be done server-side? (3) Would you use PwdHash to manage your passwords?
13 Feb - Automated cookie management
Presenter: Jack Wilson
Due: read paper #1, answer questions
(1) Are targeted ads based on tracking cookies a bad thing? (2) Doppleganger assumes excess network bandwidth and excess CPU power to operate. Based on your surfing habits is this a good assumption? Do you think it is a good assumption for average browsers? For your grandparents? (3) Would you use Doppleganger to manage your cookies?
6 Feb - Academic papers
Due: read Declaration of Independence, answer 3 questions
Lecturer: David Evans
(1) The Declaration does not have sections and section headers. Divide it into 3-6 sections, more typical of a technical research paper (you can use the Subspace paper as a starting point for the Sections). (2) The Subspace paper and the Declaration obviously had very different goals and presentation styles, but there are many similarities between them. Identify at least three similarities between the Subspace paper and the Declaration. (3) Identify at least one thing that is different, but could have been more similar. Ideally, this would be something that would make the Subspace better if it were more like the Declaration (or the other way around, but that is harder!).
4 Feb - Mashup security problem
Due: play with the XSS attack game
Due: read Subspace paper, bring written answers to class
Lecturer: Adrienne Felt
We're going to talk about research initiatives with the goal of fixing Same Origin Policy problems, e.g. MashupOS and BEEP. The reading should illustrate why the current SOP scheme is inadequate.

For class, answer the following three questions (1-2 paragraphs per question): (1) What is the purpose of Subspace? (2) What are the limitations of the Subspace design? (3) Why might a web developer not be satisfied with this design option?
30 Jan - Mashup security problem
Lecturer: Adrienne Felt
We're going to talk about the Same Origin Policy and its ramifications. Lots of hacks stem from poor browser enforcement of the SOP. We will also discuss cross-site scripting and how it's related.
28 Jan - Firefox Extensions
Lecturer: Adrienne Felt, Michael Thomas
Due: look through the extension tutorial (linked below)
Today we're going to go over how to build a Firefox extension. I'm going to talk about how to access the DOM to change pages, make dialog boxes and windows, and hook page loading events. Mike Thomas will then talk about objects in JavaScript and how they can be useful in extensions. The code samples used in lecture will be posted to Toolkit.

There's a five-part guide: Basic setup (1-PDF), Adding visible browser elements (2-PDF), Creating a dialog box (3-PDF), Accessing the DOM (4-PDF), and Packaging your extension (5-PDF). My copies of the final files and extension can be found here. For your own extension, the developer documentation will be very useful.
23 Jan - Intro to JavaScript
Lecturer: Tom Horton
Due: an idea for a Firefox extension.
You may want to look at next class's material to get a feel for how extensions work. Some useful links: official directory, sorted by category, and the Lifehacker "featured" list.