yujiri.xyz

Software

Stop trying to take the user's choice

A software practice that needs to die is artificially preventing the user from doing things "for their own good". Two examples come to mind.

HSTS

RFC 6797

HSTS aims to make it impossible to accidentally connect to a website over unsecured HTTP. But section 12.1, "No user recourse", reads:

So they're saying not just that the browser should warn you when it has a certificate error, but that it should *not offer you a choice*, even though there's no technical reason why proceeding is impossible. And indeed the browsers have implemented this; Firefox and Chromium both won't *allow* me to connect if there's a cert error.

This is a flagrant breach of respect for the user. There have been plenty of times where I wanted to connect anyway, such as because the cert is expired and I need to find the contact information to tell the webmaster.

An excellent quote from Linus: "... If you think your users are idiots, only idiots will use it." Unfortunately, this time, even the smart people have no choice but to use it.

Quote source

Tools like curl can be used to circumvent this for a single request, but that I need to get out of my browser to do so is absurd and makes some use cases unfeasible.

root

Another example is programs that don't allow running them as root. I have in the past lived as root, and have a quarrel with those who try to *prevent* me from doing that by writing special cases into their software to check if they're running as root and artificially fail.

If it prints a warning and then proceeds (like Tor), that's perfectly cool (and on seeing that message I made the necessary changes to make Tor not run as root). If it requires a flag to run it as root (like LMMS and Chromium), that's annoying, especially if the error message is very condescending (like Bower), but okay.

Bower error message

What really insults me is applications that outright don't allow it. For example, GTK. Well, funnily enough, GTK doesn't seem to have a problem with being run as root but *does* have a problem with running *setuid*. I once decided it would be good to have my browser - my least trusted application - have non-root privileges, so I tried to set Chromium to be owned by a guest user 'browser' and setuid, so I could be root but run my browser without those privileges. This plan initially failed with the following message:

Note that their attempt to stop insecure uses of GTK actually stopped me from *dropping* root privileges. So I gave up on it and just continued running my browser as root. This is a good example of the broader truth that taking away people's options often leads to the opposite of what you want.

Later on, I learned C and wrote a `browser_wrapper.c` that would let me do this, and later after that, decided it still wasn't worth the effort of making this actually work. since so many other files and directories had to be writable by `browser` for Chromium to work, and different browsers required different ones, and which ones seemed to change periodically, breaking my shell script to assign them. I'm not really worried about my browser compromising my OS. After all, it's open-source, and the odds that it will ever cause me harm that would've been prevented by not being root are pretty negligible.

contact

subscribe via RSS

Proxied content from gemini://yujiri.xyz/software/safety-choice.gmi

Gemini request details:

Original URL
gemini://yujiri.xyz/software/safety-choice.gmi
Status code
Success
Meta
text/gemini; lang=en
Proxied by
kineto

Be advised that no attempt was made to verify the remote SSL certificate.

What is Gemini?