LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Security implications for user interface changes?

Security implications for user interface changes?

Posted Nov 29, 2012 10:15 UTC (Thu) by hummassa (subscriber, #307)
In reply to: Security implications for user interface changes? by krakensden
Parent article: Security implications for user interface changes?

That is GOOD. Naysaying is not weaponized enough as it is. And yes, for many reasons, UI changes *are* security issues /per se/, especially if the user gets irritated or confused. The process of security is dependent on the usability of the tools, and usability *is* dependent on some interface conservadorism in 99% of the cases, the other 1% being exactly /exceptio probat regulam in casibus non exceptis/ :-D...

(Log in to post comments)

Security implications for user interface changes?

Posted Nov 29, 2012 17:43 UTC (Thu) by mathstuf (subscriber, #69389) [Link]

Why do security tools have the *worst* interfaces then? The nss and openssl command line tools use crazy abbreviations and acronyms without explanation and then the manpages approach uselessness via terseness.

Security implications for user interface changes?

Posted Nov 29, 2012 18:06 UTC (Thu) by dlang (✭ supporter ✭, #313) [Link]

because the people writing them are too close to the problem. As a result, they write things that are obvious to them and so they don't see a need for more documentation.

It also hurts that in many cases, the problem is actually hard, and if you tried to explain when you would want to use each option, as opposed to the terse explanations that they have, it's a very slippery slope to having books on the subject (with significant disagreements between the books over what the 'right' way to do things is)

Security implications for user interface changes?

Posted Nov 29, 2012 18:21 UTC (Thu) by mathstuf (subscriber, #69389) [Link]

I'm fine if they put "Beware: dissertations recommended" on some commands and options, but trying to find out what domain a certificate is for? If I hadn't remembered "x509" being so familiar, things would have taken a lot longer than they did (which was already too long, IMO). The certutil commands for inserting things into your nssdb are also crazy. AFAICT, you can't add the 'u' (a client-side certificate) flag to entries without actually using it as a client certificate. It's also sad when the easiest interface to your tool is the configuration pane of a browser (the Chromium family in this case).

Security implications for user interface changes?

Posted Dec 3, 2012 2:25 UTC (Mon) by giraffedata (subscriber, #1954) [Link]

... it's a very slippery slope to having books on the subject

You didn't finish the thought. The problem with having books on the subject is that people don't have time to read books on the subject.

It's actually impossible to explain some things - the time it takes to explain it is more than a person has to listen.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds