When Does Usability Become a Liability?
nasteric asks: "I caught myself in the middle of a very interesting discussion last Friday over Krispy Kreme donuts and coffee. The discussion had to do with usability and security. Many of the Microsoft Administrators I work with argued the more user friendly Linux becomes, the more vulnerable it becomes. They claimed making Linux a friend of Joe User will require it to 'open itself up' and become more susceptible to attack. Needless to say, this became an endless debate between our Microsoft Administrators and our Linux/Unix Administrators that will undoubtedly continue into the morning. Therefore I pose this question to the Slashdot community. Will making Linux more user friendly result in it becoming less secure? Hopefully your expertise will help shed some light on (and bring to and end) our discussion." Does decent usability necessarily imply the presence of vulnerabilities? Macs seem to have this area down pretty well, with little in the way of vulnerabilities. Can Linux software follow the same route?
I think that the claim has very little validity. I think the truth is that it "becomes more vulnerable" when the average user is less educated about security issues.
Making Linux more user friendly, in my mind, means improving upon the features that revolve around the GUI. The great thing about Linux is how much you can customize it; you can strip away the GUI and have a powerful production-level server environment. This is different from Microsoft products, as the ease of usability encompases the operating system.
Linux is much more "modular", in that you can build exactly what you want; an installation could take up anywhere from a few megs to a few gigs. The security and vulnerability lies in the end user.
Wireless News www.DailyWireless
windows, linux it doesnt matter... Lusers will FIND a way to screw things up... If linux had the larger market share, worm writers would tailor code for it. I dont really think it would change the world as we know it.
Depends on how the make it more user friendly. Most of microsofts flaws come from coding errors and automaticaly opend ports and services that aren't used.
I think linux can be user friendly without all that but with anything the more layers you add to it the complexity and ability to keep it secure will become harder. Not impossible but harder. At least with linux you will know were the problems are instead of having it for 2 years and then finding a patch for it one day.
Take the basic Linux safety measure. Having to log in as root to do anything significant. Win has this as well (admin, power user, etc) , but most people run as admin, partly because of crappy, admin-rights demanding software, partly because Win doesn't really tell you not to, but also partly because its a PITA to remember, and log in with, that secure PW to do any installs or maintenance.
A "user friendly Linux" (Lindows, anyone?) will have to be very, very careful not to end up down this same path.
- user-friendly
- vulnerable
and so they think anything that's user friendly must be vulnerable. A classic logic error, whose name I forget right now.User friendly does NOT imply vulnerable, nor vice versa. I've posted before about building secure systems and securing existing ones. The techniques are, for the most part, well known albeit tedious, though I do anyway. (I even posted a security advisory to BUGTRAQ today...)
As long as the people making Linux user friendly keep security in mind when designing and implementing the new features, there will be no problem.
How am I supposed to fit a pithy, relevant quote into 120 characters?
Usability doesn't mean "avoids security." It means the interface is easy to use. You can do this *with* security. For example, just asking the user to re-type their password before running admin tools, even if they have rights to run them. (No su'ing to root; no process should *ever* run as root with user input/control.) That means that a virus can't just start running admin commands without the user knowing.
SELinux (or, hopefully, a similar system with a sane configuration/management interface) can also assist with this by limiting what vulnerabilities can do.
And the interface design itself helps. Microsoft's attempts at usability equate to "do everything automatically." Compare this to GNOME where the design is based not on automation, but on streamlining. I fully believe GNOME is *more* usable than Windows in almost every way, yet it hasn't the security problems as apps don't try to auto-run executables from untrusted sources, embed scripting languages with system-modification abilities, etc.
In truth, the interface can be designed such that it makes using security easier, vs hiding security away.
One nice trick Apple discovered is to have the users be non-root, yet still administrative. (Did you hear that, Lindows?) They did this by creating tools that run as root, but which require authentication to run. For example, a mortal user who is an administator can't trash the whole filesystem by dragging and dropping important items, because they are not root. But they can run Software Update, an application for downloading patches, by supplying a username and password.
On Linux you can add users to the group "wheel" and make them sudoers with much the same effect.
Apple also made many important directories like /etc invisible from within the GUI, which I think is a great idea as long as power users can turn it off.
Seems easy and secure to me...
This approach has been tried, and is extremely annoying to those of us who do know what we are doing. Last time I checked, Fedora Core doesn't even install gcc if you go with the typical installation (yet of course the Games and Entertainment package was installed). I guess this approach works to an extent, but be careful about carrying it too far. I also noticed several other things about Fedora Core that were designed with Windoze users in mind, and several of the features that they tried to make easier to find ended up being hidden from me; eg they changed the name of GAIM into Messaging Client...took me quite a while to figure this one out.
eBayDig 1s a typo saerch engien
Does any of that make sense? ;-)
Nope. Any system that doesn't allow the user to do whatever they want to do is going to is not user friendly. We've got two somewhat paradoxical concepts here.
Users will always want to be runing at root at all times. Some won't grasp the security implications until it's too late.
Except under amazing cirumcstances (Steven Hawking, the blind, etc) would you hire an author that did?
Tracy Hickman (of Dragonlance fame.) has professed to using a "help you write" tool. Despite using what ammounts to a novel-wizard, his last four or five books were all NYT best-sellers. And he probably wrote the manuscripts in a GUI environment.
As for the CLI itself--it's not that CLIs can't be user-friendly, it's that they simply aren't. A user-friendly, intuitive command line would:
* Have plain-language redirects to all commands (swipe some code from a twenty-year old Command-line game if you must!)
* Have a help-file that's intuitively found and starts with the basics--file maniuplation, directory navigation, et al.
* Give immediate and clear feedback that something is working.
Because commandline is NOT END-USER FRIENDLY
It depends. The command line can be quite user friendly.
copy a b
That's a fairly easy way to understand how to copy a file in dos. But in the gui world, a person has to remember to right click and say copy (or ctrl+c) and then right click on the destination and say paste (or ctrl+v). Or remember that if dragging files between folders not on the same drive, the file is copied by default but if dragging between folders on the same drive move is the default in windows. KDE does this better, always asking the user what to do with files drug from one location to another.
As far as your example goes, it really depends on the os. In my copy example above, linux would have the user us cp. Well, how does the user know that? If the os let a person say:
burn song.wav to cd1 as audio-cd
burn all songs in c:\mp3 to cd1 as data-cd
that would be pretty easy and friendly. But no os does that AFAIK. No reason you couldn't make a bash alias to do that and then it would be easy for people.
On the other hand, I just found a really handy little program called sequoiaview that gives you a visual representation of how much space your files and folders occupy on a drive or network share. There's no way a command line utility could convey the amount of information in the sequoiaview window in as easy a fashion.
The thing to remember is that usability is Hard. Very Hard. But it isn't the medium that's restrictive, it's the capabilities of the person creating the interface.
This means that yes, a trojan horse could run, and yes, it could keep running until the user logs out, and maybe even add a login item on a per-user basis, but it can't install anything into the system that runs at startup unless the user explicitly enters a password to say that "yes, I really expected this to be installing something". This simple authentication requirement would have prevented 99% of what has made Windows viruses so virulent.
In fact, the best form of user-friendly security basically amounts to having a bunch of policies for things that shouldn't generally happen, then shouting at the user and asking if you really want to do that. This concept has been popping up repeatedly on the Mac platform ever since the classic "GateKeeper" virus checker extension. I remember saying that I wanted to see an OS do exactly this sort of sanity checking (don't let an application modify the OS without user permission) back when I was still in elementary school (mid-eighties).
So here's what I don't get.... If this was obvious to me at about age 10, what does that say about companies that still haven't figured out how to implement such a basic security measure? And why would anyone in his/her right mind use an OS like Windows whose security policies haven't caught up to what seemed obvious to a 10-year-old kid almost 20 years ago?
For shame.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Natural language are also exactly that - natural. Our brains evolved to support them and our languages evolved over millenia to suit our brains.
;)
/. post now.
I agree, but not with your inference. You suppose that a computer language does not have this property, but as it is produced by the human brain without constraints upon it, surely it is an even purer reflection of the human brain's inherent language ability (however much it is inherent). There might have been constraints in the old days, but have you tried Python yet?
More on-topic however, I agree with the original poster but for not for his reasons. The picture / point-and-click approach is more of a use-base method rather than one based on underlying theory.*
The danger with this is you get people who do things by the step-by-step book instead of through a true understanding. Like how a mechanic used to have a good grasp of how an engine worked and nowadays tends to just follow the official process.
*Doesn't have to be, but it is.**
**My gods, I'm using footnotes in a
Aide-toi, le Ciel t'aidera - Jeanne D'Arc.
Talk about an asinine knee-jerk reaction!
The whole point of bringing up OS X was as a proof-of-concept that the sort of user-friendliness which Linux is moving towards does not automatically mean weak security. It has nothing to do with flame-wars, and everything to do to paying attention to what others in the industry are doing. (Something everybody should do, unless they want to lose in the long run.)
let me add to the discussion... Windows and Linux admins in the same organization? What organization is this?!
Damn near every Linux-centric organization I've ever been a part of, for a start. If you are a software company, you are going to have customers on Windows. If you are going to support those customers at all, you need to make your shit work in a Windows environment, which means maintaining a Windows environment.
Mixed environments are the norm, not the rule. A lot of companies even have a few Novell systems lying around doing stuff. Show me a "pure" Linux shop, or a "pure" Windows shop, and I'll show you an IS department run by a raging platform bigot.
Why do people think that the command line is *not* "user friendly"?
The command line is extremely user friendly. Having to remember the names and locations of dozens of config files in order to perform basic upkeep and maintenance of your server is not. I don't know about you, but I need to crack a book open to remind myself how to add a virtual host to my Apache web server each time I do it. If I was constantly editing the httpd.cnfg file (or whatever the hell it is), I wouldn't need to look it up every few months just to remember all the lines that need to be changed, but since it's only an occational change, a GUI front-end that held my hand through the process would not be entirely unwelcome. Granted, a badly designed GUI tool which lacked the flexibility I expect from raw config file edits would be ignored, but do it right and I would never need to open that file in vi again. That's what people mean when they say "user friendly."
Information wants to be anthropomorphized.
To quote a musician I know... "I'm an amateur. I don't need to practice."
The only difference in quality of output between a lot of amateur musicians and a lot of professional musicians is the amount of practice. With more practice a musician makes fewer mistakes and can repeat the same music more consistently every time.
One pottery class I heard about divided the class into two groups. One group was given the job of making just one pot in a semester, but it had to be "perfect". They spent the entire time studying and preparing for that one pot. The other group was told not to worry about quality but to make as many pots as they could. Each group would be graded differently. At the end of the semester the group that made one pot each had made their pot, and the group that made as many as they could had made a lot of pots. The pots made by the people who were aiming for quality were consistently bad. They had made mistakes in their pot making, come across issues that they hadn't encountered in their research and so on. The other group had a range of pots. Their first pots were awful. Their final pots were excellent. They had learned from their mistakes throughout the course and had continually experimented with different firing temperatures, glazes, and so on.
So, what am I trying to say here? The professional who doesn't practice is not going to be any better than the amateur who works hard at it his art. I've been involved in printing from an amateur stand point and I would be confident enough with some (but not all) of the "home-brew print jobs" that I have done that I would quite happily pass them to a pro with no expectation that they "squeem" in pain. Some talented amateurs will always be better than untalented pros, the best output from untalented amateurs will beat the worst output from untalented pros and vice versa. Talented pros and talented amateurs will both produce good and bad work, but the best work of both will be on a par.
Z.
p.s. I used an 1854 Albion letter press for fine press printing. I can set type by hand using a case of type and a compositors wand, I can ink and run the (hand) press well, but I can't prepare the paper. My father (the owner of the press) can prepare the paper, and is better at page layout and adjusting the form. We both have our strengths and weaknesses but for rank amateurs our "home-brew print jobs" have done remarkably well. I also have a degree in Applied Physics and another in Software Technology, I am definitely no more than an amateur printer.
-- Under/Overrated is meta-moderation, and therefore is Redundant.
Why is this modded as insightful? Anybody who knows how to run something as root (and how to do it) would know how to look at the script and decide what it's doing. It's not like OS X has a "Run as Root" button on the toolbar or anything.
Yes, people can do stupid things. But if you sent that to your average OS X non-power-user, they would do absolutely no damage whatsoever, no matter how much they tried.
True, but only because you both share a common frame of reference. Communicating outside of a common frame of reference becomes much much more difficult and thus a much larger volume of data. Try getting food from a blind man in france.
It depends what you mean by increased usability. A linux expert can do almost anything on Linux right now. Aunt Tillie can't check her e-mail, without risking creating an open SPAM proxy. Increasing usability has very little to do with the underlying code functions, and far more to do with the visual communication of relevant information. As long as the interface does not rely on security through obscurity, improving the interface will only improve security, with things like:
"Warning: Setting Up a SendMail Daemon without checking for security patches may risk increasing the world supply of electronic Junk Mail (SPAM). Perform check for securely signed patches (Default: Yes)? Use Default trusted patch Server patchserver.ThisLinuxVendor.com (Default: Yes)?"
Of course, increasing accessibility also increases accessibility to potential shoot-yourself-in-the-foot things like filesharing. Right now, Security through Obscurity usually protects Aunt Tillie from setting up a SMB share of her entire hard drive. On the other hand, if she does do it somehow, she'll never figure out that her DSL is slow because she's been turned into the leading WAREZ distro for Podunk. Security through Obscurity is generally considered harmful-- but it is Security. Good interfaces can be designed to provide the users with warnings to educate them as to hazards, while letting them shoot themselves in the foot if they really, really want to.
Now, if you talk about increasing the functionality, so the Linux users can do things like install spyware, or DirectX components to reformat their hard drive, then yes, that's likely to decrease security.
//Information does not want to be free; it wants to breed.
Says who? A lot of GUIs are not end-user friendly either. Just because some CLI programs require the user to know arcane options does not mean that the CLI itself is broken. In fact, there is anecdotal evidence to suggest that the command line is easier to learn for people who have never used computers before.
Come on, you have to do more than click an icon. At the very least, you have to select which files you want to burn from a list. More likely, you drag and drop the files you want to burn. That's easy for you, but not necessarily intuitive to someone who's never used a mouse before. With a CLI, a you at least have the option to write a script. Aunt Tillie might find it easier to type "burn file1.wav" than figure out which mouse button to press, and which icons to drag where.
My future's determined by Thieves, thugs, and vermin -- The Offspring
This reminds me of something I've read. When Apple was engineering the GUI back in the early 1980's, early tendency in testing was to just use icons and imagery for buttons and functions, testing showed that this was disatrous however, and the best approach in terms of speed to learn and usability was to use both descriptive text and an icon.
Apparently, the lead engineer is quoted as saying "a word is worth a thousand pictures" when it comes to GUI design.
This sig has been deprecated.
With SELinux, it can be setup so that even root can't do anything it wants. Instead, there will be multiple administration accounts, each with particular permissions. The level of granularity is up to the users (or the distros), and with some experience, you'll see some pretty user-friendly installations with SELinux running (FC2 is coming up)
We'll soon be able to run apache securely, even with a gaping security holes that allow browsers to execute arbitrary code. We'll be able to download code and run it in harmless environments where privilege escalation is impossible and the bounds for operation are clearly set. And this will be the default setup for every linux user.
The radical sect of Islam would either see you dead or "reverted" to Islam.
Even a true or false question offers a question with options. A blank command line does neither. Even knowing to type man and a command requires
/u/s" command - your argument is not representative of typical usage. Also, icons are generally easy to associate visually with an application - if not, you run it and see what comes up. As a general rule, most applications will not mess with your data just by loading them up and MOST applications will not negatively affect your hardware - thus poking around is good.
a. To know that there is a `man' command
b. To know which command to even bother looking up.
Then expecting a n00b to dicipher a man page is a leap. I also have never seen an icon or have I even seen anyone make a shortcut to the "format c:
Also, you imply there are 'wrong' choices, when in fact, there is not really a 'wrong' choice per se, just not the specific function you're looking for. If this is the case, you choose one of the other choices and move forward. Now you know what that other function does for when you do need it and have also completed what you set out to do. Not likely to get the same quick understanding on cl.
The main benefit of a gui is the flattening of the learning curve. It is not as efficient as knowing exactly what you want to do at the cl - this is true, but gets you to a point to where you can be somewhat productive. Obviously being adept at the cl will make you more efficient.
ymmv
I can probably answer this - the main advantage to a GUI is ease of learning what to do without reading a manual. I don't know if you ever read some of the old DOS manuals, but they were written in a way that my Dad or Grandma would never be able to figure out what to do, so they'd try the hunt and peck method.
/lib/help: Permission denied
for instance...
Dad sits down to a computer for the first time ever and see this:
#linux>
In his head - What is the first thing to do? Maybe type a sentence?
#linux>Show me what you do.
Show: command not found
#linux>What the heck does that mean?
What: command not found
Hmm - looks like the first word I type does something. I should try help
#linux> help
#linux> linux
linux: Command not found
At this point, dad tries to read the manual, but it's all so much techno-gibberish that he is lost by the third page. He smashes monitor with his typewriter.
Icons:
Dad starts computer and sees a screen with three pictures and a menu bar with Start on it. He clicks Start, and some more pictures appear. He selects one of the pictures from the menu and it starts the program. He tries to click a picture on the Desktop and it does nothing. He's not really sure what to do with those, but he can run them from the Start menu, so he ignores them.
So what did we learn from this?
GUIs have multiple solutions to the same task while CLIs usually don't (aliases break this slightly, but require being a little less noob)
CLIs require directions to learn at least the basics, and often those directions aren't easy enough to understand for the computer illiterate.
GUIs facilitate learning by showing the options, where with CLIs you need to find the options, and then usually the options for the options.
CLIs have a lot of configurability that GUIs have, but not ease of learning. Even once learned, the options need to be remembered, where a GUI will put them all in front of you if done correctly, although it has a tendency to get buried in submenus (like Preferences).
As far as I can tell, there is no word in everyday English that means 'being unable to speak the local language'.
This is quite a common occurance nowdays. Hop on a plane and within a few hours you can be in a place where you can't speak the local language. But we don't have any word for that condition.
Allow me to propose the new word:
illinguate
from 'illiterate' and 'linguistics'.
Below is the truth, the whole truth and nothing but the truth.
Windows was originally designed as a single-user, game-playing operating system. It had no concept of networking or segmented user space or file permissions, etc. These things, among others, were added on later as the need arose.
Windows was originally marketed to home users who wanted to play games and small businesses who wanted to track a few dozen or perhaps a few hundred accounts/clients.
Today, MS has positioned Windows as an Enterprise class OS. People who grew up playing games on Windows should know that this doesn't make sense.
I used to laugh when looking for patches for an NT4 domain that I administered a few years ago. I'd skip all of the new video (DirectX) enhancements that were constantly avaiable. What did gaming/video drivers have to do with domain controllers?
In short, you can't make something into something it's not... at least not without many problems. MS Windows is a classic example of this.