On Mon, 2002-04-29 at 03:04, Havoc Pennington wrote: > Rui Miguel Silva Seabra <rms 1407 org> writes: > > In dangerous evironments, it's bad to have automagical stuff going > > around. In other situations it's quite nice (like plugging an usb > > scanner, for instance). > What I'm worried about is for example those dialogs web browsers pop > up in various security situations, with "don't show this again" > buttons. So it pops up and says things like "any information you post > could be insecure" on web forms. Everyone I've ever seen just turns > the dialogs off and proceeds to post all information insecurely. > Another example is when ssh gives its warnings about unknown host key > or whatever. I've never seen anyone type "no" when it asks if you want > to continue connecting. Well, I never turn those warnings off and yes I do check the host key (or rather, I let ssh do that for me ever after the first time since I get the host key after installing the machine and I don't log on weird machines with my passphrase) :) Anyway, I see your point, however... read below. > The question then is, by making something more inconvenient have you > actually increased security or just made yourself feel better... 1. it is not that much more inconvenient, after all, you've already gone from editing a text file to a bad ui, to a great ui. it's just not automagical. > If there are hostile DHCP servers, is it really more secure if I have > to connect to them manually? 2. The dialog can remind the user wether he's connecting to a trusted network or not (maybe even a ghelp:// explaining in more detail the risks should be included). > I'm not saying it is or isn't, I'd just be hesitant to say > definitively that it is. 3. It is certainly more secure when you increase the user's general knowledge than by maintaining the user's ignorance of the risks. That way, you give him a chance to think twice. 3 ==> I do not believe in dumb users, just misinformed or ignorant users. Let's teach them, little by little, instead of just keeping them fully ignorant. For instance, John Harper's problem with different userlevels on sawfish: "user-levels didn't really work, one had to enable the higher levels to make common changes. (This couldn't be solved just by moving options around.)" Conclusion: wrong assumption of what are common changes. Configurations are not supposed to be there to make common changes, but to make the application customizable, and improve user experience. Keeping what is an heuristically good set of defaults is fine, what's bad is the erradication of pleasure from user experience of more advanced users. Basically, you guys are only thinking about two partly interssecting sets of uniform users: the "dumb" and the "curious" ones, leaving at large the more experienced users and absolutely leaving the experts with the last resource: changing the source --> what a time consuming thing to do! Those may be the majority, but those are precisely that majority that won't even change anything at all (so why have preferences at all for them?). A curious user will fiddle around with interesting menus like Personal Settings (specially since it has such interesting sub-menus such as Desktop Customization... A more experienced user will drive his curiosity even further: he will check what "Expert" allows him to change. JH's common changes where a sign that he was crossed with very different user levels, that each found some features more interesting and some were interssecting groups. So now you have two different kinds of choices: gconf "hidden" options --> dangerous because a) no one is documenting them but with source code (not many have the time to loose with that) b) gconf suffers from windows registry's problem of not forgetting unecessary keys, which makes it time confusing to change, for instance, panel applet's hidden features. feature diet --> dangerous because no one can precisely define what sets of features are the most desired/effective ones. The solution so far has been a mixture of these two. Yes, better defaults are needed, but what are better defaults? Better is quite subjective. Just as subjective as bad defaults. For instance: Using workspaces instead of a workspace/viewport combination meant a serious loss of productivity for me. Fortunately, John Harper came with a solution (albeit I didn't understand it quite well on the first time). Only it was worse than editing a gconf key... you had to type/paste some rep lisp into sawfish's rc file (not in ~/.sawfish/custom but in ~/.sawfishrc which I didn't even have/use). So, what gives? Heaven to those that don't change, hell to those that change? What next, windows? :) I'm not knit picking, I'm just worried about the current course of things. I wanted to make a capplet to start integration of gpg with nautilus, but now I am not so sure it would even be accepted into the gnome platform, because gpg may be considered too advanced for most users! Hugs, rms -- + No matter how much you do, you never do enough -- unknown + Whatever you do will be insignificant, | but it is very important that you do it -- Ghandi + So let's do it...?
Attachment:
signature.asc
Description: This is a digitally signed message part