On Mon, Dec 03, 2001 at 10:36:01PM +0000, Michael Brown wrote:
On Mon, 3 Dec 2001, Chris Howells wrote:
It always irritates me when I have to use a system on which the user interface has been locked down in the interests of 'security'. This is, as far as I can tell, a practice that originates from the days of Windows 95, when you had to lock down the user interface simply because the underlying system didn't provide any security itself. This is not the case with Linux; even if you leave the full user interface exposed there is very little that users can do that will affect anything beyond their own personal settings. Absolutely true. But would you really want users changing their personal settings (and possibly making a mess -> wasted time for the administrator) when they could be doing more productive things?
I have no problem with people customising their desktop. In fact, one of our primary schools uses this as the "introduction to the computer suite" lesson: the students are shown how to log on and how to play around with their wallpaper etc. It's a good way for them to get familiar with the interface without being distracted by anything extraneous (typing exercises, etc.).
I do have a problem with people customising their desktops - it's an inordinate waste of time. OK it might be a good way for them to familiarise themselves with the interface but in the long run it means that they'll end up wasting huge amounts of time prettifying and re-prettifying their desktops - I know since I'm guilty of it too. Time and motion studies of people at work at their PCs show that they spend >25% of their time doing just that.
Out of well over 1000 users of systems that I have configured, used by ages 5 to 60, I have yet to have any of my time wasted by users making a mess by changing their personal settings.
You obviously lock down the important stuff so your time isn't wasted but that doesn't obviate the fact that their time is.
We have had no problems with providing "unlocked" user interfaces to both primary- and secondary-age students on both Linux and WinNT platforms. Not a single issue has yet arisen due to students playing around with settings, in over four years. I personally find that very interesting -- and I doubt it would be that simple in most places. Certainly from my experience, just leaving it like that would be a recipe for disaster.
My experience has taught me otherwise. In addition, I have heard many more tales of problems caused by locked-down systems than I have heard tales of problems caused by systems left 'open'. (Obviously I'm talking about just the user interface here, not the underlying system security).
What sort of problems? <snip>
My view is that if users have to do anything other than (double-)click to start up an application, then this should be viewed as a bug. This is one of the major gripes I have with programs such as KDevelop that go through an extensive setup routine the first time the user runs the program. A user interface that requires you to just repeatedly click on "Next" shouldn't be there!
Agreed. When you're installing the program on a number of machines you should be just able to copy an rc file to all the users home dirs, which in a way comes back to my pro-`locked down' argument. The policy editor which others on this list are discussing seems like a cool idea - it sounds like it would suit both liberal admins like you and BOFHs like me ;-) <snip> -- Frank *-*-*-*-*-*-*-*-*-*-* Boroughbridge. Tel: 01423 323019 --------- PGP keyID: 0xC0B341A3 *-*-*-*-*-*-*-*-*-*-* http://www.esperance-linux.co.uk/ Plumbing is one of the easier of do-it-yourself activities, requiring only a few simple tools and a willingness to stick your arm into a clogged toilet. -- Dave Barry, "The Taming of the Screw"