« Quartz Composer: visual programming environment in Tiger | Main | Pileup, a trashy widget »
May 07, 2005
Thoughts on Dashboard and ambient information
UPDATE: anyone interested or even using Dashboard widgets ought to take seriously the security problems uncovered by the same Stephan I mention below. Basically, it’s possible and even easy to do some unpleasant, even spyware-like things with widgets. Pete’s linked to a summary and you’ll want to follow the link there, although it will automatically install a widget when you do.
Some thoughts about Dashboard widgets. My first reaction—cute, but not that interesting—has definately evolved. The more I see of these, the more I like the idea. So far, there’s not been too many that really exite me. The Dashboard downloads section of Apple’s site is so far largely full of varieties of RSS readers and search tools. In general, these strike me as pointless. What’s the appeal of switching to Dashboard to run an Amazon search when you could do it with about as much effort by just going to Amazon.com?
Is it really worth installing and running a little piece of software to get information that might already be in your RSS reader? Maybe the better question is: what type of information delivered via RSS hasn’t worked too well in your regular RSS reader? There was already Ben Hammersley’s FedEx Package Tracker RSS feed tool, but the Monkey Business package tracker is the more elegant solution, despite the awful visual design. (More on breaking out of the rectangle below). Why? Because “subscribing to a feed” is the wrong interaction for tracking a package. No RSS reader I know allows you to set a lifespan for a subscription, but once my package arrives, I’ll never need that “feed” again. (Jeff Veen has a recent post on “disposable feeds”.) And “tracking a package” is really monitoring a series of states: now it’s at the dispatch center, now it’s at the local office, now it’s on the truck. I never care about previous states, all that’s important is that I can see “ah, it was signed for at 4:15.”
For the same reasons, the Yahoo Local Traffic widget shows me information I could get in my RSS reader, but again, who cares about this morning’s traffic at 5:00 pm? I’d prefer that information simply go away as it’s outdated. And I actually don’t want those local traffic feeds announcing their updates the way other feeds in my reader do; no, I want to look at this stuff fifteen minutes before I get in my car, and at no other time. A dedicated tool to display this kind of only-current information makes a lot of sense.
Another interesting widget that’s just appeared is the “Opie and Andy” Live Feedback widget. This widget lets listeners of this radio show quickly send messages to the hosts during airtime. Obviously, that’s a tool that could easily be (and probably already is) stuck onto a website. Arguably this might be even better simply as an IM bot, which would naturally prevent users from sending comments when the show’s not on the air. But the idea is appealing: a single-purpose branded communication tool.
Two of the most creative widgets I’ve seen are the ambient mail notification widgets, “coras” and “flores”, both by Stephan (dude, your resume doesn’t have your last name on it). “Coras” represents your inbox as a stack of coins, the higher the stack, the more unread messages. “Flores” does the same with a vase of flowers. These are zero-interaction widgets, simply sitting there to turn an integer into a picture.
I’m not sure how “ambient” these really are, but at least they break out of the drop-shadowed rectangle of most other widgets. It would be easy to build a widget version of the Ambient Orb. Matt Webb’s Glancing project could be built as a widget, though wouldn’t be terribly “glanceable” to have to jump to the Dashboard to check it.
I’d love to see that kind of thing, especially for important information that otherwise might be background noise. True “ambient widgets” would be useful in making visible the ebbs and flows of all kinds of processes. I’m thinking of something like Natalie Jeremijenko’s Dangling String physicalization of live network traffic in a flapping, whirling hunk of Ethernet cable. Why not ambient information that’s ugly, like piling up garbage in the corner of the screen to represent how full my trash can is, or how much spam my spam-blocker finds?
Or why not growing organic tendrils, gradually inching their way down from the top of the screen as a deadline approaches, or as some important email goes unanswered?
Posted by Andrew at May 7, 2005 02:54 PM
Comments
Two words: yes please!
Great thoughts Andrew. It will be great to see Dashboard evolve.
Posted by: Joshua Kaufman at May 7, 2005 07:33 PM
Ever since Dashboard was announced this has been something I’ve been worried about, because a widget is just a special kind of web page, but widgets can run Cocoa (native code) elements. Being able to run native code elements from a browser window has been the BIG security hole at Microsoft for getting on for a decade now.
Being able to run a widget that doesn’t contain any native code elements from a browser is not inherently any more dangerous than displaying a web page from a browser. Because a widget is just a packaged fancy web page. It would have been surprising if you couldn’t run at least some widgets from the browser. Because, again, it’s just a web page.
But… as far as I have been able to tell, you can only run the special kinds of widgets that include native code elements from Dashboard. So what you’re looking at isn’t a security hole. That doesn’t mean there is one, or there isn’t one, but this isn’t a sign one way or the other.
As for “open safe files after downloading”, well, in my opinion that’s not something that should even exist as an option, let alone being enabled by default. That’s a much bigger security hole and general annoyance than the fact that widgets can be installed if it’s enabled.
Posted by: Peter da Silva at May 7, 2005 08:04 PM
Do you really think Apple didn’t consider something as obvious as this when creating Dashboard?
Posted by: Dale at May 8, 2005 12:28 AM
Hahah, I’m writing virtually the same piece about ambient interfaces, but mainly about Quartz Composer (and the way it creates screensavers). I’ve nearly finished software versions of the Ambient Orb, Ambient Dashboard, and a mix of Glancing and the networked emoticon device[1].
One thing that turns dashboard into more of an ambient display is Dasher[2]. This lets you fire up Dashboard instead of a screensaver. One thing with Dashboard for prototyping such things is that the widgets are generally small. When things are computer-sized, they lose their ambientness, especially given the 2D screen. One thing computers have got going for them is that they produce quite a lot of light, which calls to attention far more rapidly than a russling of a plastic flower. It would be nice to be able to control the backlight brightness programmatically…
[1] http://www.we-make-money-not-art.com/archives/005635.php [2] http://www.splasm.com/products/productdasher.html
Posted by: Chris at May 8, 2005 03:00 AM
“Do you really think Apple didn’t consider something as obvious as this when creating Dashboard?”
Apparently not. You really ought to follow Pete’s link above and see the behavior of the auto-installing widget Stephan made. Given how little warning users are given, it would be trivial to get them to agree to install a widget that does system-level stuff. Just asking “are you sure you want to install this widget” to prompt the install and running of a widget that can run system commands is inadequate.
Posted by: Andrew at May 8, 2005 10:26 AM
“You really ought to follow Pete’s link above and see the behavior of the auto-installing widget Stephan made… it would be trivial to get them to agree to install a widget that does system-level stuff.
I already read the link and commented on it. Your comment shows you understand Dashboard development or the Mac OS X security model. Do your homework before scaremongering with claims of “does system-level stuff”.
Posted by: Dale at May 8, 2005 07:37 PM
From Dashboard programming guide, emphasis mine:
“Dashboard provides you with a method for using command-line utilities and scripts within your widget. With this capability you can use any standard utilities included with the system or any utilities or scripts you include within your widget.”
And “If your widget is working with resources that pose a security threat to the user, the user must approve before access is granted. “
At best, that’s vague. It implies that once you get the user to click “Accept” at the “This widget is being run for the first time” dialog, you can do whatever you want. The “Security” section of the Dashboard reference guide is not too clear. In fact their own example of calling a command line program (“/usr/bin/id -un”) doesn’t seem to work.
Posted by: Andrew at May 8, 2005 09:58 PM
Auto-installers on pages just seem a little rude to me. And that should definitely be turned off by default. How is this different from Windows’ old Active Desktop?
Posted by: Ali at May 8, 2005 11:32 PM
The security thing is blown out of proportion. Yes, there is in fact a real problem now. But it’s only because widgets are easy to install and hard to remove. What they do is no big deal. They are risky, maybe, in that they make it easier for people to write Mac software., including baddies. But you have always been able to download and run a trojan horse type program. We just need to get rid of auto-install.
Also, yeah, 99% of widgets are absolutely pointless. I don’t need a widget front end to a web site. Something like Sogudi for Safari (there are loads of equivalents for other browsers) where you type “az booktitle” in the browser window or “wp topic” to search Wikipedia are way more convenient and useful than having to go to Dashboard and look at the information presented poorly in some dinky little widget.
Posted by: jhn at May 9, 2005 09:02 AM
One of the best analyses of what widgets ought to be about - thank you. You seem to be one of the only people who really gets it.
I look at the widget sites every day, checking on how my stuff is doing, and I’m terribly disappointed by the choices, most of which seem to be focused on “what can I hack,” rather than “what does the user need?” Someone today just came out with a SHELL WINDOW, for chrissakes! I don’t think I can come up with anything FURTHER from the point of Dashboard than that!
The only really good non-apple widgets I’ve seen are Package Tracker (needs USPS!), Countdown Calendar, My Yahoo and of course Hula Girl and Maya Cards :) There’s so many that just search a web site; who needs that?
Please go check out my new effort, locket. “iChat. personalized”
http://stephan.com/widgets/locket/
I’ve designed it as a hand-made product - try the demo, then have me make one for you at a reasonable price. I decided that the programming and customer support required to make a half-assed ugly thing based on the Address Book or IM picture was a lot more work than just making a nice thing by hand for people, a process I can partly automate. A simple shell script assembles the widget on my end.
I eagerly solicit your commentary.
Oh, and as for my last name, what’s wrong with “com”? :)
Posted by: stephan.com at May 16, 2005 01:42 PM