LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Shuttleworth: Unity shell will be default desktop in Ubuntu 11.04 (ars technica)

Shuttleworth: Unity shell will be default desktop in Ubuntu 11.04 (ars technica)

Posted Oct 26, 2010 10:23 UTC (Tue) by callegar (guest, #16148)
Parent article: Shuttleworth: Unity shell will be default desktop in Ubuntu 11.04 (ars technica)

I wonder if after this we are going to have a gnomebuntu with the upstream gnome on the side of ubuntu, similarly to how we currently have kubuntu.

For some reason I tend to think that gnomebuntu, differently from kubuntu would be at risk of some opposition from inside ubuntu.

As an aside it is a pity that the name gubuntu is already taken! Otherwise we could have ubuntu (u for ubiquity), kubuntu (kde), gubuntu (gnome).
BTW, I now wonder if the U in Ubuntu for "ubiquity" from the very start :-)

A couple of notes on those specific things that are causing the fork.

1) Global menu.
This breaks the focus follows mouse model, being thus a bad idea.

2) Search centric OS (rather than file and directory organized).
This breaks multiuser systems and systems with solid state drives. The search database tends to double the users' space allocation. This is OK if you are a single user on a system with a 500 GB disk, which is largely space redundant. However, it is an issue if you are on a 80 GB solid state disk where space is precious. Similarly it is an issue if you run a system with 50 users, each with 20 GB space. Your required allocation grows from 1 TB to 2 TB for no reason.
This also burdens users to hell when their system stops working because of low disk conditions caused by the search engine.
To make matters worse, neither tracker nor strigi have explicit options to say "stop indexing these folders and give me back the space used to index them".
Finally there are privacy issues, when systems are given to other users without creating new accounts. Mr. A lends its system to Mr B. Before doing so he moves away data on which he has signed NDAs or which is anyway private (e.g. bank details). Unfortunately, Mr B. finds bits of that data in the search database (e.g. a password).

(Log in to post comments)

Shuttleworth: Unity shell will be default desktop in Ubuntu 11.04 (ars technica)

Posted Oct 26, 2010 14:53 UTC (Tue) by SEJeff (subscriber, #51588) [Link]

You know that ubiquity is the name of the Ubuntu installer, right? Do you mean s/ubiquity/une/ ?

bad practice

Posted Oct 26, 2010 19:32 UTC (Tue) by tialaramex (subscriber, #21167) [Link]

"Finally there are privacy issues, when systems are given to other users without creating new accounts. Mr. A lends its system to Mr B. Before doing so he moves away data on which he has signed NDAs or which is anyway private (e.g. bank details). Unfortunately, Mr B. finds bits of that data in the search database (e.g. a password)."

There are so many other ways for this to go wrong that I think it has to just count as bad practice anyway. For personal systems (e.g. laptops for employees) you will want to completely wipe them between users.

Shuttleworth: Unity shell will be default desktop in Ubuntu 11.04 (ars technica)

Posted Oct 26, 2010 23:12 UTC (Tue) by fandingo (subscriber, #67019) [Link]

#2 is way off the mark. Nepomuk on my SSD system is using 232MB on disk. It has indexed almost 1TB of data; I wouldn't say that the repository is using much space at all. The only situation where metadata could cause a problem would be the extremely unlikely scenario where your hard drive is filled with text that is completely stored in metadata, but that's not a realistic use model. Users hard drives are filled with movies, music, and other binary data; text is a very small part of that.

The privacy concerns are spurious. You can only index data where the indexer (running with your user permissions) has read access. If you give someone access to confidential files, then you should assume they have copies. It's no easy or more difficult with indexing. I suppose one could overlook sanitizing the indexed information, but I can't think of a situation where clearing ~/ wouldn't be done when transferring computers.

************************
As far as the larger issue of Unity, I don't have a problem with what Canonical has done. Canonical has hired several UI designers, and they obviously aren't happy with Gnome Shell. It's debatable how much Canonical tried to provide input, but in the end, it doesn't matter. Canonical either has or is developing what it thinks is a good UI, and that's different from where Gnome is going. I get the impression that Gnome doesn't have many UI experts, and they are going "radical" with Gnome Shell; Canonical is stuck in a tough spot because most of their work is targeted towards usability/experience (Ubuntu One, Ayatananananana, Volume control modifications for 10.10, Papercuts, etc.). If they think that Gnome Shell is a step backwards in usability, they have to do something about it. I'd say the horse has left the barn with 3.0 (all design decisions are complete), so what are they supposed to do?

Personally, I feel like Gnome Shell is a terrible mistake. It just doesn't make any sense to me.

Shuttleworth: Unity shell will be default desktop in Ubuntu 11.04 (ars technica)

Posted Oct 26, 2010 23:14 UTC (Tue) by jspaleta (subscriber, #50639) [Link]

And somehow Unity isn't also a terrible mistake in your opinion? It's not like the overall design goal are very different.

-jef

Shuttleworth: Unity shell will be default desktop in Ubuntu 11.04 (ars technica)

Posted Oct 28, 2010 14:36 UTC (Thu) by callegar (guest, #16148) [Link]

You have been more lucky than me.

I manage a machine where users have _only_ documents (text, PDF, openoffice, etc.) and I use kubuntu. After an OS upgrade that brought in nepomuk + strigi, all users all at a sudden started complaining about the machine being unusable. All of them had gone out of quota because of 2 - 4 GB of space taken by the indexer, which is close to the same space taken by their original documents.

With regards to privacy, I think I have not explained myself well enough. Among many people I know the following is common practice: I need to write a short document or to check the email and I do not have a laptop, so I ask a friend to borrow his laptop for 10 minutes. They give the laptop to me and they do not set up a new user account for this. So I happen to work in their account. Typically they just copy out one dir of sensitive data to a USB pen, to make sure that I do not have access to passwords, bank data, etc. I keep telling them that this is a dangerous thing to to, but it does not matter. In this condition I get a machine where they think there is no sensitive data, but in fact there is in the indexer. IMHO a machine with an indexer should assure that when something is permanently deleted, it is also immediately deleted from the indexer database too.

Shuttleworth: Unity shell will be default desktop in Ubuntu 11.04 (ars technica)

Posted Oct 28, 2010 15:02 UTC (Thu) by foom (subscriber, #14868) [Link]

> Among many people I know the following is common practice: I need to write a short document or to check the email and I do not have a laptop, so I ask a friend to borrow his laptop for 10 minutes. They give the laptop to me and they do not set up a new user account for this.

Okay, I'm with you up to here...

> Typically they just copy out one dir of sensitive data to a USB pen, to make sure that I do not have access to passwords, bank data, etc.

Say what? Your friends move data off their machines to a USB pen every time before lending it to you for 10 minutes? I have never heard of anyone doing that -- it sounds like a rather serious pain in the ass. If you're going to be paranoid like that, wouldn't it be easier to just make a new user account instead?

> In this condition I get a machine where they think there is no sensitive data, but in fact there is in the indexer.

Yeah...well...I just let people borrow my machine with the sensitive data still on it and trust that nobody is going to actually go searching through my stuff to find private data, when they were just borrowing my laptop to check their email...and I don't think I'm alone there.

Shuttleworth: Unity shell will be default desktop in Ubuntu 11.04 (ars technica)

Posted Nov 2, 2010 8:21 UTC (Tue) by buchanmilne (guest, #42315) [Link]

Among many people I know the following is common practice: I need to write a short document or to check the email and I do not have a laptop, so I ask a friend to borrow his laptop for 10 minutes. They give the laptop to me and they do not set up a new user account for this.

They shouldn't need to set up a new user account, they should let you use a guest user account, such as those present on a number of Linux distributions (implemented with the xguest package). This guest account has limited access, e.g. no access to subdirectories of /home except the temporary home directory, even if the subdirectories have lax permissions, and no persistent storage.

If indexing is a huge privacy concern, what about stored passwords in browsers, browser sessions/cookies, temporary files, ability to trojan the account etc. etc. ?

Shuttleworth: Unity shell will be default desktop in Ubuntu 11.04 (ars technica)

Posted Nov 4, 2010 9:17 UTC (Thu) by callegar (guest, #16148) [Link]

This is exactly the reason why:

- there is an option to erase the files in the trashcan
- tmp directories are typically erased at every reboot
- browsers have a nice friendly menu entry to erase sensitive data.

My point is precisely this one: _before_ systems with indexing enabled by default ship, indexing systems should include options to
_selectively erase the index database_ (and reclaim the used space). Which _none_ of the current indexing system has (certainly not nepomuk, where the only option is to erase a database file by hand, loosing all of the database, including file tags.).

I am not against indexing saying that it is a privacy concern tout court. I am against the fact that indexing is enabled by default and now made a central part of the system _before_ the indexing implementations are completed by adding ways of controlling what is actually indexed. This is IMHO a very gratuitious way to look for trouble.

Would you accept to have a desktop system with a trashcan, where the trashcan cannot be emptied? Or a browser where stored passwords cannot be deleted? So why do people tend to accept so easily the idea of an indexing system where the index database cannot be controlled?

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds