Re: RFC - file chooser dialog API for sandboxed apps

On Fri, May 23, 2014 at 11:56 AM, Dodier-Lazaro, Steve <s dodier-lazaro 12 ucl ac uk> wrote:
Hello Allan,

... snip ...
A couple of thoughts on CSD:

I prefer file systems as a primary method of storing and retrieving files because they're well understood by all current users, flexible enough to allow a per-activity organisation (in spite of their rigidity when you'd rather have several ways to index the same set of files/folders, to view a whole folder as a timeline, etc.), and they're rather raw structure, so that means users can appropriate themselves this structure in ways we hadn't anticipated. File systems also already sit in an existing ecology of tools readily available to organisations, so that means GNOME is also a workplace option. Providing per-app content selection as a primary means of interaction may create extra "noise" for organisational contexts where CISOs can't afford to let users rely on their apps to store and exchange data but would rather impose a contracted service provider.

I just want to make a few remarks here about this. Maybe this is a bit off-topic for a security thread, but I think it's worthwhile to talk about.

This is personal anecdotal evidence, but one of the big issues I've seen with less-computer-savvy folks (relatives, parents, friends) is that they don't grasp a full understanding the filesystem. It's difficult for them to visualize an infinitely nesting set of folders, since that obviously can't happen in real life.

So they tend to think of the system as flat, with a few folders, and if they can't see the proper in the immediate explorer window, they think the files that they had were lost forever.

They think of the "desktop" not as just another folder, but as the working set, almost. This is rarer, but I've seen several people drag files out of folders and onto the desktop, then open it in Word, and then when they're done, they file it back away.

They're always losing their files: "where did I put my files?"

At this point, even on my computer, I don't care about properly categorizing and filing things, unless I'm doing a big project across 200 or so files where filing and categorization helps. For the most part, if I'm downloading a stray file (album I bought off of Bandcamp, .exe file, other random media files), I just save it to the default location, which is most likely the Desktop, Downloads folder, or my user folder, and rely on search to help me find my stuff again.

At some point later, if I need to categorize stuff better, I'll search for it and drag it to a new folder. So while the GNOME apps "Collections" designs aren't perfect for that use case, they do make it easy for me to go back to my random assortment of files and start organizing them.

I think this sort of behavior makes sense for our users, too. Users who grasp the organizational power of nested folders should be able to use them, but we shouldn't force other users to choose where to put their files. They should be able to have a dumping ground and find things through search, and maybe categorize and clean up later if it gets too messy.

Windows 7 tried to approach both problems with its idea of aggregate folders, "Libraries", which I thought was a clever solution, but I never used it that much.

The other point I want to make is that the filesystem mixes up user data and system internals, to the point where it's common for people to hide their porn collection in folders C:\Windows\System32 like they would between a mattress boxspring, because it's "internals".

It's dangerous for less-computer-savvy users to be able to see the system internals and poke around in there. We can try to partition user data away from the dangerous parts of the filesystem: C:\Windows and C:\Users, but it's not a true separation to its core.

The filesystem is an *excellent* data structure for O(1) keyed hierarchical local data storage, and we shouldn't throw that away, because it makes sense to build a bunch of system internals on, but I don't think we should expose it directly to the user. It shouldn't be completely inaccessible -- hackers and engineers like ourselves won't stop using it, but we should start thinking of new, more user-centric models.

You touched upon this a bit as well, but with the advent of cloud storage services like Dropbox, Google Drive, ownCloud, iCloud, etc. the whole model of "O(1) keyed hierarchical local data storage" breaks down, since now you have networking in the middle. Dropbox had a brilliant solution to the problem: they have a little program in the background that notices new files and old files and syncs your data automatically, so it integrates seamless with existing filesystem-based apps, and it's still O(1).

The way I look at it, and the way Dropbox looks at it too, is that the program is only a backwards-compatibility thing for desktops. Dropbox's new technology is all about new content pickers you can add into your web or iOS or Android apps.

Plenty of user research is being done in this area at UX labs. I'd love to see more research and studies done on better data storage models for average users.

... snip ...
Steve Dodier-Lazaro
PhD student in Information Security
University College London
Dept. of Computer Science
Malet Place Engineering, 6.07
Gower Street, London WC1E 6BT
OpenPGP : 1B6B1670
desktop-devel-list mailing list
desktop-devel-list gnome org


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]