I’ve just been installing on my laptop the de-scummed version of Real Player that the BBC offers to it’s public service listeners. At the end of the install it asks what file types I want to associate with the player.
You might think this is a good thing. Hey! At least it didn’t just over-write his current settings.
I think it’s awful. And here’s why.
Installing third party software is a form of transaction. (At least, if modern operating systems were designed better, it would be in the technical sense). I want to be able to repudiate any or all of this transaction, since the hardware is 100% mine to control. But to repudiate the over-writing of my file type preferences, I have to do one of three things.
I can ask the very application that installed it to undo the mess. This is a totally broken trust model.
I can hope there is a UI in Windows to undo it. Good luck in finding it, and knowing what changed so you can reverse the damage.
Or I can edit the Windows registry. This is the modern equivalent of programming a computer with a 5V battery and piece of wire. Entertaining for very limited periods.
What should happen is that Real Player should just go ahead and make the change. Shazaam. But Windows should intercept the request, and pop up a standard dialog box to ask me if I want this change to happen. Because Windows is representing me (hoho) this won’t be in light-grey on white in 6 point font below three layers of navigation.
But Windows is dumb. It believes that the job of the computer is to execute programs. It isn’t. The job of the computer is to server the user. These aren’t congruent. Any program the user didn’t write (i.e. virtually all of them) may not represent the user’s best interests.
Many of the problems with Windows come from a “trust everything the program tells you to do” model. All those browser bugs where a scripted page can email spam to your address book contacts come from the broken security model of Windows. Next time you hear “security bug in Internet Explorer” think “design flaw in Windows trust model”. It just did whatever the (faulty) application asked, without stopping to ask you if that’s what you want.
Ah! The irony of it. The biggest failure of Windows is it’s reluctance to present the user with windows.
The telecom angle is that trust requires active middlemen. You’re increasingly putting a general-purpose computing device with a radio and TCP/IP stack in user’s hands. It’s like handing our razor blades in the school playground. Some people are going to get cut. And unless you’ve got an airtight monopoly, your operator brand is going to get trashed in the process. Every time a mobile application is about to do anything that might be contentious in the user’s eyes, it’s imperative that your application environment intercepts the request. Seek user permission, and make that act of authorization reek of your brand.
The end-to-end principle for network design says that the default place for intelligence is at the edge, and the middle shouldn’t mediate the flow in any way. But within the edge, the bit flow should and must be mediated. The job of an operating system is to act as guardian to the computing and information resources of a computer. The job of any carrier with ambitions beyond connectivity is to act as guardian to the user’s privacy and security.
UPDATE: See this. Why doesn’t your phone ask your permission before autodialing a premium service?
Posted by Martin Geddes at 12:17 AMTrackBack URL for this entry:
http://www.telepocalypse.net/cgi-sys/cgiwrap/mgeddes/MT/mt-tb.cgi/279.