There is a scary discussion on the Ubuntu Developers mail list.

[RAV TUX]

kind of like the once unknown cola that decided to go in direct competition with the major cola.

The once unknown cola: Pepsi
The only major cola: Coca Cola

Marketing genius that worked for Pepsi, lets hope it works for Ubuntu also.

I was just envisioning the taste test commercials between Coke & Pepsi.

Taste test commercials between: Windows & Ubuntu would be classic. Set up booths around the world with two computers one with Ubuntu, one with Windows and film it, publish it on YouTube, and have a grass roots homegrown ad campaign.

[Frak]

I was just envisioning the taste test commercials between Coke & Pepsi.

Taste test commercials between: Windows & Ubuntu would be classic. Set up booths around the world with two computers one with Ubuntu, one with Windows and film it, publish it on YouTube, and have a grass roots homegrown ad campaign.

I may do just that. I have alot of old unused laptops that run Ubuntu fine, Windows not so much...

I'd give away a bunch of laptops by the end of the day after people have tried out both booths.

A test, with a reward.

[fireworksshow]

The approach is flawed.

1) Assuming Ubuntu will have any real penetration to guarantee attempts against users is absurd: Surely this developer and anyone on his side thinks too much of himself if he thinks he can achieve 0.1% market penetration within the next decade or so. ( and thats me being nice to him since he made the ridiculous claim "When Ubuntu is as popular as Windows" ) So right off the bat, appealing to users so dumb that their wreck windows installations with spyware is already appealing to users that wont ever switch to Linux unless somebody successfully stops windows from being on virtually every single consumer PC preinstalled

2) Assuming that any security team anywhere will be able to keep up with all the software people want to install. Limiting people to just the repositories they approve ( or making the OS jump through many hoops in order to enable third party repositories ) will just create a bottleneck. Do we really need more bottlenecks to development when they are already on only a fixed 6 month release cycle which pretty much limits the distro greatly? ( I.E. K/ubuntu will be very late to officially support KDE 4.0 since it will come out in mid cycle, completely losing momentum )

While they are concerned with security, im concerned with their wishful thinking, overly active imagination and naiive optimism. Should this find its way to the distro I would probably find my way to another distro, a distro that can fit both a power desktop user and is accessible enough for less advanced users. If I wanted something as paranoid Id get a server oriented distro with little or no upgrades.

I agree with you're first point, but I personally think that KDE 4.0 coming out in mid cycle is perfect, it gives enaught time to the developers/betatesters to give kubuntu polish and work out the early bugs. I found out that recently the linux marked started to lose some major bugs in they're distro's because of hurrying new released software without proper testing.

[RAV TUX]

I may do just that. I have alot of old unused laptops that run Ubuntu fine, Windows not so much...

I'd give away a bunch of laptops by the end of the day after people have tried out both booths.

A test, with a reward.

cool but lets not get this thread off track....

post about that here:
Grass Roots homegrown ad campaign ThinkTank Thread for Ubuntu

http://ubuntuforums.org/showthread.php?t=563075

[Kilz]

What everyone is missing is that there are no nefarious intentions here.

And this crap about Ubuntu developers "history of not listening to users" is pure and utter nonsense.

As someone who has had the privilege of moving from user to developer I can say in all honestly the users (which they are also and everyone forgets) are first on their minds. Go to a UDS. The are free for anyone to come and participate in and will show you how important we all are.

People ask for alot of impossible things that simply can't be done.

This was probably a mistake posting because alot of people on the board now a days rather hold on to and feed the crappy FUD and rumor but oh well.

Everyone wants to complain. If you don't like it actually get off your duff and do something about it or use another distro.

***MMA shakes head.

Kilz - This isnt aimed directly at you, more this general attitude that to me is all too common on these forums lately.

My opinion is that the developers have secluded themselves. Try making a new account and joining the developer's list this is on. Also from personal experience. IMHO the developers believe they are above us mere users.
Thats what makes this post so scary. Its like it should have came from Microsoft.

[Kilz]

By the way, while I don't agree that this is a scary discussion, I will say that the proposal is a bit misguided. There's only so much you can protect users from themselves without educating them. Any uneducated user who has an administrative password (either root or sudo) is a security risk. Social engineering evolves. Right now, there may seem to be an easy way to thwart attempts to hijack security, but the ultimate solution is educating users, not constricting them.

I was just talking about this with some co-workers yesterday at lunch regarding wire transfers to Nigeria, PayPal asking you to verify credit card information, etc. Those social engineering scams mainly have to do with personal/financial security and less to do with operating system security, but the principle remains the same--these 30-something and 40-something co-workers of mine (who are not necessarily tech-savvy) had to wise up to the ways of the world, and they lamented how they were not always as wise as they are now.

Just as you tell a child not to take candy from strangers, you also have to tell computer users of any age not to download software from just anywhere. Teach them to be discerning. Yes, it's true--a warning pop-up will almost always go unread--but it's not up to the developers to think for you what is "trusted" or "not trusted" software. It's up to users to educate each other, just the way we do about looking both ways before crossing the street or not touching the stove when it's hot. Imagine if stove/oven manufacturers had to prevent users from turning on the stove because people might just touch it and burn themselves. It's ridiculous!

This post I can agree with, IMHO anything that takes power away from users is a bad thing. Loosing things under the guise of security just leaves a bad taste in my mouth. If all it was were a popup or some such , it would be ok, but the topic on the mail list seems to be going further down a bad path. You might want to read the replies.

[p_quarles]

This post I can agree with, IMHO anything that takes power away from users is a bad thing. Loosing things under the guise of security just leaves a bad taste in my mouth. If all it was were a popup or some such , it would be ok, but the topic on the mail list seems to be going further down a bad path. You might want to read the replies.

The measure that was described doesn't take any power away from the user. It simply forces the user to go through more steps to accomplish something that could compromise the computer. There are already many similar measures built in to the typical Linux distro. Some examples:

-A normal user does not have root privileges.
-If you want to compile something in the absence of the necessary dependencies, you have to override the default behavior
-If you want to delete a directory without getting an earful, you have to type out "rm -Rf"
-To use apt-get to do something dumb, you have to use "--force-yes"

I agree with aysiu on this, that this isn't really a very sensible proposal. All the same, the concerns they have are legitimate, and as near as I can tell they are trying to add some newbie-proof security measures without compromising the functionality and power of the system as a whole.

[Frak]

A better idea would be to just do like many anti-virus and build up an immunity against the invaders. Then if something goes wrong, we can examine the ruble of the machine and find a solution. Mainly to blacklist the offender. Risk one to save many. Plus all we have to do is enact some recovery measures, Just In Case.

Thats why we have GPG keys folks. To filter known "good" people, from "bad" people.

[Warren Watts]

There are a *lot* of folks in the Linux community that feel that Ubuntu has already gone too far in regards to making Linux idiot proof.

All I can say on the subject is that there are plenty of Linux flavors out there, and if as a Linux user you are unhappy with the direction your particular Linux flavor is going, it's not at all difficult to switch to another distro that better suits your needs and personal beliefs about the way you want your OS to treat you.

I personally have Ubuntu installed on the family PC because it is easy to use and user friendly, and use Archlinux on my personal PC.

[ryanVickers]

Idiot-proof doesn't have to mean it's lacking features; why, just look at my split rar maker! - they could do this intelligently...