|CS493: Web Browser Seminar|
CS493: Web Browser Seminar
MW 5:00-6:15 MEC 216
Office hours by appt
Beginning of Course Memo
Note that all assigned papers are posted on toolkit.
27 Mar - Chickenfoot/Automation
Presenter: Adam Ahmed24 Mar - Browser spoofing
(1) What hassles does Chickenfoot eliminate for script-writers? What problem does it solve for script-users? (2) The authors call Chickenfoot a crucial step toward casual users automating/modifying web pages without needing to know syntax. What do you think will end up being the ultimate/ideal method for casual page customization? Is Chickenfoot really a crucial step toward syntax-ignorance or just a side street on the road to that ideal? (3) Chickenfoot is Greasemonkey with additional functionality, so why isn't Chickenfoot more popular than Greasemonkey? What are some criteria for adoption (not necessarily technology-based) that might explain the dissonance?
Presenter: Tommy Murphy27 Feb - Web surfing for the visually disabled
(1) Have you ever come across a spoofed interface and how did you tell? Do you think "evil people" could benefit from more/better browser spoofing? (2) The paper stated that "Web spoofing attacks can work because no clear difference exists between the graphical elements of status and the graphical elements of content." What are some ways to restrict content from displaying status information? (3) What do you think about adding a thick, alternating, border around your browser window? Do you think that its effectiveness would wear off when you became accustomed to it?
Presenter: Mark Rawls25 Feb - Adapting web pages to hand held devices
(1) What are some accessibility problems that make a screen-reader's job difficult (or otherwise impair a disabled person from easily using a web site)? (2) Describe the paper's scheme for context identification. (3) What other features (in the language of support vector machines) might help identify block relevance? [See Table 1: Description of Block Features]
Presenter: Michael Thomas20 Feb - Semantic Web
(1) What are the general approaches to displaying web pages on small screen devices? (2) Describe the approach advocated by the paper. (3) What are the advantages and disadvantages of this approach?
Note: slides with info about course project are posted on Toolkit18 Feb - PwdHash
Presenter: David Farmer
(1) Describe two things that make the Semantic Web different from traditional websites. (2) What are some of the things you might want to describe in an ontology language, and what problems could this produce for the consumer of your web service? (3) Were the vision of the "Piggy Bank" publishers realized, what would you store in your piggy bank?
Presenter: Eric Bradbury13 Feb - Automated cookie management
(1) In only a few sentences, how does PwdHash work? (2) What are the limitations of client-side password protection. Do you think that PwdHash is a complete solution to password theft, or must something also be done server-side? (3) Would you use PwdHash to manage your passwords?
Presenter: Jack Wilson6 Feb - Academic papers
Due: read paper #1, answer questions
(1) Are targeted ads based on tracking cookies a bad thing? (2) Doppleganger assumes excess network bandwidth and excess CPU power to operate. Based on your surfing habits is this a good assumption? Do you think it is a good assumption for average browsers? For your grandparents? (3) Would you use Doppleganger to manage your cookies?
Due: read Declaration of Independence, answer 3 questions4 Feb - Mashup security problem
Lecturer: David Evans
(1) The Declaration does not have sections and section headers. Divide it into 3-6 sections, more typical of a technical research paper (you can use the Subspace paper as a starting point for the Sections). (2) The Subspace paper and the Declaration obviously had very different goals and presentation styles, but there are many similarities between them. Identify at least three similarities between the Subspace paper and the Declaration. (3) Identify at least one thing that is different, but could have been more similar. Ideally, this would be something that would make the Subspace better if it were more like the Declaration (or the other way around, but that is harder!).
Due: play with the XSS attack game30 Jan - Mashup security problem
Due: read Subspace paper, bring written answers to class
Lecturer: Adrienne Felt
We're going to talk about research initiatives with the goal of fixing Same Origin Policy problems, e.g. MashupOS and BEEP. The reading should illustrate why the current SOP scheme is inadequate.
For class, answer the following three questions (1-2 paragraphs per question): (1) What is the purpose of Subspace? (2) What are the limitations of the Subspace design? (3) Why might a web developer not be satisfied with this design option?
Lecturer: Adrienne Felt28 Jan - Firefox Extensions
We're going to talk about the Same Origin Policy and its ramifications. Lots of hacks stem from poor browser enforcement of the SOP. We will also discuss cross-site scripting and how it's related.
Due: look through the extension tutorial (linked below)
There's a five-part guide: Basic setup (1-PDF), Adding visible browser elements (2-PDF), Creating a dialog box (3-PDF), Accessing the DOM (4-PDF), and Packaging your extension (5-PDF). My copies of the final files and extension can be found here. For your own extension, the developer documentation will be very useful.