.comment: Are We Asking for It? - page 4
Phantom Pictures from Out of Nowhere
Let's consider some of the results that advances in computer ease of use have brought the world recently.
There are exploits aplenty, and they call for more, rather than less, user control. Yet the trend in Linux development is in the opposite direction: automatically downloading things without having to know anything about them.
Much has been made of the "features" in Windows applications, notably Outlook, that make the system vulnerable to all kinds of mischief. There are at least two Outlook-like projects for Linux in the works. I do not know how carefully they are built with security in mind. But unless they include unignorable warnings everytime a non-text message reaches out to a website or does anything other than display plain text on the screen, they'll be too dangerous for serious people to use.
There are at least a couple of services in the planning stages that will put stuff on your desktop. The hot new trend is in automatic software upgrades. And who would expect a screensaver to reach deep into the Internet while the user is not around?
Somehow, I don't think that any of these projects will include the guarantee that no harm can come from their use. No, stuff will get pumped into your machine and you'll have little knowledge or control of what it is or does except in the broadest terms, and if something goes wrong you'll have only yourself to blame. The potential for misuse here is breathtaking.
The Price of Ease of Use
As is true of anything in life, there is a risk-reward ratio when it comes to ease of use. One of the aspects of Linux that drew many of us to it is the extent to which we're not required to take things on faith, the fullness of our ability to exercise control over the system. Yes, this requires some investment in learning (though anybody who can't make it through, say, "Running Linux," probably ought to stay away from computers, heavy machinery, and television shopping channels). Yet this ability is rapidly being sacrificed at the altar of ease of use, which in many respects is simply pandering to the Windows crowd. Linux wasn't all that difficult to begin with, and that which you do not know you can easily find out. But it has become more difficult. Knowing a distribution is possible; knowing "Linux" now means knowing a multitude of disparate distributions, and it's getting worse.
As the "trust us" generation of Linux applications, installers, and data delivery systems take command, it is crucial that Linux users insist on knowing in unmistakable terms just what is being done, how to undo it, and for every automatic configuration option its manual counterpart, for it is the manual counterparts that separate Linux from Windows. What's more, nothing should go to the Web for data without the user's explicit permission. Yeah, I should have remembered that there was an XScreenSaver module that did this. But I should, too, have gotten notification of it better than a brief mention in the changelog. Going out into the world to get data and importing those data into your machine is taking liberties, and no program should do that without making its intentions clearly known and giving you the opportunity to decline.
Those of us who pay attention to such things know that common Linux applications are frequently the subjects of security alerts, and many of us rush to replace the offending programs. But the most tightly buttoned machine in the world will still be unsafe if the user, through applications (and perhaps accidentally through applications), actually invites unknown material to come aboard.
The idea of automatic upgrades is an exciting one; so is the notion of a stream of data. So was the automatic execution of macros--until it produced an unwanted variety of excitement. So, even, is the possibility of a screensaver that might get pictures someplace and display them, or deliver the news, or perhaps even provide some kind of streaming video. All of these things, though, produce special security concerns. Whether those concerns have been adequately met is not rightfully up to the vendor or developer. That appraisal must come from the user--for it is the user who pays for a bad call.