Grab bag: There’s a convention going on

Ubiquity: it’s big, big, big. For geeks, anyway.

I installed the new Firefox extension Ubiquity yesterday and just got around to going through the Ubiquity 0.1 User Tutorial today. It’s seriously like nothing I’ve ever seen. Well, not exactly true: it’s like putting a Unix command line together with Quicksilver and Greasemonkey and Google and Wikipedia and…

So OK, it’s amazing. The ability to highlight text and type commands like map, wikipedia, and translate isn’t a game changer–Microsoft’s Smart Tags in IE6 (which appear to be making a comeback in IE8) did the same thing, putting the commands into a tag with a dropdown menu on the web page–but the ability to put the results back into the web–replace an address with a Google map, inline translation–to affect the DOM of pages you’re viewing right now is.

Which makes me wonder: what’s the security model for Ubiquity? You clearly have to opt into downloading a Ubiquity command, but what guarantees do we have that it can’t do something malicious? Like, say, cross-site request forgery?

The other question, of course, is: outside the universe of people who care about things like Quicksilver, will anyone care? It’s probably too early to say, but it’s already made me more productive–every link in the article above was looked up via a search through Ubiquity with no tab switching, no leaving the WordPress popup, nothin’. There are some things that could be done to improve the process–I’d like a command that starts with a Google search, then ends with the URL on my clipboard or even inserting the link right into my WordPress text edit window–but that’s what “teaching Ubiquity new commands” is all about, I guess.