There are many things which could be said to be a part of the Unix
philosophy. One of those, certainly, is that the operating system should
stay out of the user's way to the greatest extent possible, even if said
user is intent on doing something harmful. There is a classic quote
attributed to Eric Allman:
Unix gives you just enough rope to hang yourself -- and then a
couple of more feet, just to be sure.
Anybody who has administered Unix-like systems for long enough has probably
ended up swinging from that rope at least once. So one would think that
there might be support for work which reduces the potential for
self-hanging. And indeed there is, but that doesn't mean that all such
changes are welcome.
Readers with a lot of spare time and a desire to wander into email
flamewars could probably occupy themselves with this
fedora-devel thread for quite some time. It seems that the X.org developers recently
decided that the three-finger salute (alt-control-backspace) should no longer, by
default, immediately kill the X server. The reasoning behind this change
is clear enough: it can be really irritating to hit the wrong key sequence
and watch all of one's work evaporate before one's eyes. Besides, the
environmental costs of replacing all of those thrown-across-the-room
keyboards is increasingly hard to justify.
Unfortunately for the polar bear population, the change inspired a rather
severe storm of flying keyboards in its own right. A certain Gerry Reno complained on fedora-devel that Fedora should
have overridden X.org's decision regarding this key sequence. Unsatisfied
with the hundreds of responses found there, he took the discussion to the X.org development
list, wherein he claimed:
I read in the Fedora Release Notes the assertions that this change
was due to users complaining about confusion regarding the control
key sequences relating to the X server. That argument was no doubt
made by some in the Emacs community who find that the Emacs key
sequences are similar to the Xorg sequences... I am concerned
because it appears that a tiny minority of Emac [sic] users have managed
to lobby for a very significant change in default behavior for X
server control to the detriment of the majority of users and
administrators in the Linux community.
So, it seems, we have a conspiracy of Emacs users working to deprive the
wider user community of a useful tool. Daniel Stone, the developer who
committed this change, denies
I don't use Emacs myself, and I don't recall a single Emacs user
complaining about accidentally triggering Ctrl-Alt-Backspace on
their way to M-C-E-A-S paste-output-of-doctor-into-irc. Most of the
grumbling came from actual users (i.e. people who don't know what
an X server is, let alone how to configure it, let alone to email
xorg-devel@ about it), rather than people who are perfectly capable
of changing the default.
(It's worth noting that the Fedora Weekly Webcomic blames
a different conspiracy for this change).
In truth, it's clear that a number of reasonably capable users have, at
times, lost work as a result of hitting this key sequence by mistake.
Enough of those users complained that the X.org developers looked at the
issue, and, according to Matthew Garrett,
"Everyone involved agreed that not having a keystroke that caused
immediate data loss was a sensible idea." So, while many of the
world's ills can legitimately be blamed on Emacs users, that would not
appear to be the case this time around.
A reversal of this decision is unlikely. But the development community
would still like to accommodate users who feel the need for the full length
of rope. Said users can reverse the default in their xorg.conf file now,
of course. The openSUSE approach has been to require that the sequence be
hit twice before bringing the world to an end, but it's not clear that
other distributors will follow suit. There has been discussion of moving
the action to a key sequence which is harder to hit by accident. There may
eventually be a per-user configuration option to enable this behavior as
well, though that will require some X server changes first.
Meanwhile, Ubuntu developers have cut
off a classic piece of Unix rope by boldly disabling the
"rm -rf /" command. It seems that the rm
command has a --preserve-root option which prevents the removal
of the root directory. In Ubuntu, this option was not enabled by default,
leading to the bug filed by a concerned user. The distribution's
developers agreed that the ability to remove the root directory was not a
particularly useful feature, and, additionally, that issuing an
"rm -rf /" command was easier than one might expect -
poorly-written scripts are evidently a common source of that kind of
mistake. So, in October, 2008, they made
--preserve-root the default for the Intrepid and Hardy releases.
Some months later, we have started to see complaints like this:
Life is full of dangerous choices. Using rm is one of them, or at
least it should be. It's the price you pay to learn to be careful.
It's the cost of being in control of your system.
Linux only makes one promise and that is your computer will do what
you tell it to, not ask if you're sure, not safeguard you from your
Those who are concerned about this change have more to worry about: it
would appear that Fedora has followed suit. Even so, the rope has not been
shortened by any great length; those wishing to hang themselves can use any
of a number of alternatives, including:
rm -rf /.
rm -rf ~
rm -rf *
and so on. And, of course, the --no-preserve-root option remains
available for those to can't think of any other way to destroy their
But is this contrary to the Unix philosophy? If so, one should certainly
complain about the much more obnoxious
alias rm='rm -i'
.bashrc entries that Fedora has been inflicting on the root account for years.
That is the sort of change that trains users to blindly agree to
anything the system asks; your editor (who immediately removes such things)
feels that overall user safety is not improved by asking "really do this?"
questions all the time.
The truth of the matter, though, is that Linux has moved beyond the "hardy
pioneers on the dangerous frontier" stage. Simple ability to hang one's
self is of limited value even to pioneers; it is positively detrimental to
those who come after. It is not surprising that developers and
distributors are trying to disarm some of the most surprising and least
useful booby traps in the system. That process is likely to continue. But
this is still Linux, so those of us who feel the desire will always be able
to break out the full length of rope; we'll just have to remove the warning
to post comments)