Basically, a Monk's home node is their personal space (albeit freely granted by The Everything Development Company) and I can understand why they customize it. I can understand these things being security issues, but part of the problem here is striking a balance between diligence and freedom. Let's face it, one of the things that so many people find appealing about Perlmonks is the customization we can do.

I support free speech, but your right to free speech ends right at my browser, thank you. Browser programmability is unnecessary here at the monastery. If you wanna do that, link to your own website and put stuff there and invite us. I'd like the monastery to be a safe place.

-- Randal L. Schwartz, Perl hacker

Should embedded CSS become common, I will have to start consistently avoiding home nodes. If they become used elsewhere on a regular basis, I will stop visiting PM.

BTW one concern of mine. I use a lot of Netscape. It is very easy to cause serious problems for Netscape without knowing it, and some here do not care. Should that become common, you will lose a lot more than just me...

I already avoid home nodes. Several load off-site images, some of which are actually documented as being used to track visits to their home node. Several now grab the userpass cookie, one forwarding it to another site (after stripping the password -- last time I checked). I don't want to be the one who finds the first truely nasty home node.

At least non-home nodes very rarely have any interesting HTML (and those that do usually get voted down -- probably why this is still rare).

As for home-node buttons that send public chat requests, I thought the first one was cute but got tired of it before I even noticed a second one. I've been waiting for the fad to die but am disappointed so far. I don't mind the buttons that post private messages back to the node's owner (though I wonder what the denial-of-service-attack potential for the node owner or the site is). I particularly like Adam's random node button. Posting private messages back to the button pusher is probably harmless.

It is ironic that my favorite web site has also become my most worrisome. I'm about to switch to my former paranoid ways of disabling javascript and autoloading of images and only turning them on for the few sites that both become useless without them and are important.

A compromise did cross my mind. I'd love to see only specific HTML tags allowed in posts and home nodes. Then I could be curious about a monk and not worry about what tricks they might think are cute today...

But each monk (level 5 and above) could have a "play node" where they can post any HTML they want to. Then you could go look at their tricks with the relative safety of knowing who did it (and that they risked throwing away the time it took them to get to level 5 if they did something truely nasty).

As for off-site links, the browsers I use make it easy to see where a link is going before I click on it. Plus, there are plenty of legitimate reasons to have an off-site link in a post or home node. So I'd not ban those.

        - tye (but my friends call me "Tye")

Along these lines I think a possible solution would be to give the user the choice of what to filter out.

In their settings page, give them options to filter out the following:


• Javascript
• CSS
• Font customizations
• advanced tags (<layer>, <embed>, <iframe>, etc...) # personally I would remove these all the time
• other tags...
• user customized tag entry

Perhaps each of these could even be set via a dropdown. Where the dropdown contains the minimum level of monk you want the tags to be enabled for.

So tell me...do you have an image in your home node again?

IMO it is safest to by default filter out everything you are not positive you want and then start being permissive. Though if some really want their own CSS I would prefer an option to turn it off rather than accept it all of the time...

I agree that a home node is a personal space, per se. But, it can be exploited. I don't want to check out someones home node (like a new users) and have a barage of windows opening, or be stuck in some Yes/No dialog box loop. Or have someone setting cookies, etc... We have various privileges at certain levels, and maybe using CSS and JavaScript should be privileges. I still think anything like Java apps or ActiveX should be disallowed. Use those things on your own pages off of this site (IMO).

Let's keep the charm, but keep down the (possible) harm.

Cheers,
KM

I find that interesting--the allowance for additional priviledges. The only priviledges I am aware of (I don't know where a list is to be found) is at level 5 you can post a picture, at level 10 you can approve nodes for posting, but at level 5 you lose your bonus for casting all your votes.

It might make for interesting discussion as to what some monks suggest as to new priveledges. Maybe:

• An option for random pictures in home nodes at level 7
• Regular columns for the top ranking saints
• Doing away with the "Think Geek" banner at level 2 :)
Just some ideas. I am sure there are more out there.

That privilege is available to anyone who bothers to use Firefox with the Adblock Plus extension. :)

---

I like computer programming because it's like Legos for the mind.

You can approve as early as by level 6 - you needn't wait till level 10 for that. You can also post any HTML you like on your homenode past level 5, which means you can make an image tag that points to a script which returns a random image. Most of the top ranking saints already post something or other every once in a while; and some of them are quite busy outside Perlmonks and might not jump at the chance to take yet more duties..

And why do we need more privileges anyway? Just because? The system ain't broke, so why fix it?

Makeshifts last the longest.

I was under the impression that you voted down poorly written nodes, not those that you disagree with.

Only rarely, but I do use -- votes for clearly incorrect nodes that I felt showed a lack of willingness to learn something I thought was important. Something that should have been obvious from what else was going on. (Such as the surrounding conversation.)

So I vote down nodes almost entirely on content.

BTW I use a similar (though far more generous) criteria for ++ votes...

EDIT
Ugh. The "similar" comment is unclear. :-(

I meant that I vote nodes up based almost entirely on content. I am particularly generous when it is something that I thought was important, or something that I learned from.