Re: [PATCH] Remove absolute paths from gpg.rc
On Wed, Mar 21, 2007 at 05:32:55PM +0000, Dave wrote:
> On Wed, Mar 21, 2007 at 03:51:02PM +0100, Oswald Buddenhagen wrote:
> > this is silly. everbody makes mistakes.
>
> That doesn't matter. The user is in charge of deciding how many (if
> any) limits he wants to place on his own decisionmaking authority.
> The question is outside of the domain of the programmer.
>
i sure agree that the programmer has no right to forbid the user to do
something utterly stupid, but he definitely has the "moral obligation"
to guide the user away from doing it. the sillier the thing, the
stronger the guide should be. simple principle.
> > confirmation dialogs are a typical example of a measure to prevent
> > small mistakes from having big effects.
>
> That's why mv(1), for example, offers the -i option. [...]
>
in which case it is perfectly ok. however, when pressing F8 instead of
F7 means as much as deleting all of /home instead getting a dialog to
create a directory, you really start to appreciate confirmation dialogs.
;)
i cut the rest of the quote, as it just doesn't make sense. the example
simply doesn't fit. ;)
> > but like any other safety measure, they have to be placed wisely.
>
> You just hit the nail on the head: the user himself is the only one in
> a position to reverse engineer his own psychology in order to place
> prompts wisely.
>
it might surprise you, but hardly anybody is able to do that.
apart from that, you are completely misinterpreting my statement. ;)
> A programmer should write programs that simply do their job without
> asking qusetions, and leave Psychology assignments to Psychology experts.
>
surprisingly (not really, at least to me), those psychology experts found,
that confirmation dialogs in sensitive places are really sensible. ;-)
in less critical places, confirmation dialogs with a "do not ask again"
checkbox have proven useful.
undo functions (to which i account the trash bin) have also proven to be
very useful, because they don't disrupt the workflow and still even big
mistakes can be reverted. however, this only works closed systems. and
is useless if you don't realize you made a mistake, which is often
enough the case in security context.
> A programmer shouldn't have to be a security expert and a psychology
> expert, in addition to being an expert at whatever task he's actually
> hoping for his program to perform after all the prompts.
>
don't you think that the programmer is quite more likely a security
expert than the user? also, in every professional software development
environment which takes its users seriously, there is a psychology
expert (usually called usability expert ;). of course it is not their
task to take away the gun from the user, but pointing out to him that
pointing it at himself is no good idea is perfectly within scope.
> > dude, it is a config file that can be overridden, so such dogmatic
> > argumenation is completely pointless.
>
> As Robin Hood would put it, it's the principle of the matter, if nothing else.
> (We don't know if it's anything else, because once you start violating user
> rights, all bets are off. [...]
>
i give up. it's a lost case.
--
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Chaos, panic, and disorder - my work here is done.