The Power of Defaults

I tend to see two extremes whenever there are arguments about what should be the default (I’m speaking specifically of arguments on the Ubuntu Forums, but this could be applied to really anything in technology or anything in life in general).

One extreme is that defaults don’t matter at all. It’s not worth arguing about. Just put whatever as the default. Then people can just choose to change the default to something else if they don’t like the default. The other extreme is that defaults matter enough to have 500-post forum threads about arguing back and forth. Somewhere in the middle is some sanity.

Defaults matter. But defaults are only defaults. People can choose options other than the defaults.

Why do defaults matter? Here are some examples:

  • I love that on my wife’s Macbook Pro, you just press the function keys, and they do something right away (lower the volume, adjust the brightness). My netbook by default needs to have the blue Fn key pressed in combination with the function keys to get that behavior to happen. I can easily change that. But if I change it, it’s confusing for anyone else using my netbook, because the instructions on the physical keys themselves indicate the function keys are normal functions and that you need the Fn key in combination in order to do anything. In other words, whole products sometimes have fixed parts built around the assumption that defaults will go unchanged.
  • I use VLC for playing individual sound bits or videos. When I dug into the settings for VLC, I didn’t understand half of what that stuff is, and there were a lot of options to configure. Very confusing for a multimedia newbie like me. Good thing I didn’t have to configure all those settings. I just used the defaults. Sane defaults save the user from having to understand unnecessary minutiae.
  • As far as I can tell, every Linux user has a list of things she does immediately after a fresh installation. I usually change the wallpaper to a picture of my cat, replace Evolution with Thunderbird, add in some proprietary codecs, and delete the bottom Gnome panel. Sane defaults should make the sense for the most users. Even though I personally delete the bottom Gnome panel, the vast majority of Gnome users like to have both a top and bottom panel, so to have the top panel only wouldn’t make sense, because it would mean more people would have to take more time configuring things. If defaults are well-thought-out, less time is spent tinkering and adjusting and more time is spent using.
  • Linux live CDs can come in handy, especially if you need to help a Windows user recover deleted data. What happens in a default installation is the first impression that non-Linux user is going to have of Linux and may be the only impression she has. So if an ugly noise or splash screen appears, that’s the impression she’s going to get. It doesn’t matter if that noise or splash screen can be changed. Likewise, if you are using the live CD to show someone what Linux is like, you don’t want to have to “uninstall” and then “install” in the live session a whole bunch of software, especially if the computer you’re using has very little RAM.
  • And don’t forget that even though power users like to tinker and explore, most people just stick with defaults. 99% of Windows computers I see have the taskbar on the bottom, even though you can easily drag it to the top or the sides. 99% of Windows XP computers I see have the stupid blue theme, even though you can easily change to a silver or classic theme. Even though Firefox’s marketshare has skyrocketed in the past five years, Internet Explorer is still, globally the more-used browser over Firefox, Opera, Chrome, and Safari. It being the default web browser in Windows probably had something to do with that.

Yes, if you have an absolutely unbearable default, many people will probably just ditch it anyway, but instead of thinking “I’m so glad I have the freedom to change this setting,” they’ll most likely be thinking “What a terrible default! Who thought of that? Now we’re all going to have to change this!”

Sometimes defaults can have ethical considerations, too. For example, making people have to opt out of sharing information with a company or third-party corporation “partner” is a bad default (people should always have to opt in for that sort of thing), because it means if people forget to change the defaults or don’t investigate all of their basic settings and advanced settings, they will end up sharing more than they intended to share.

So if I see a bad default in Ubuntu, I’m going to make a point to say it’s a bad default. Good defaults matter. I will not, however, spend hours of my time arguing the point back and forth. Some things are a deal… they may not be a big deal, but they are still a deal.

Apple and Mac OS X Computers Life Ubuntu Windows

The limitations of car-computer analogies

I’m less understanding of those who don’t want to learn how to take care of and fix their own computers than of those who don’t want to learn how to take care of fix their own cars. In many ways, cars and computers are similar—both cars and computers are complicated machines made up of various hardware pieces and some software (newer cars have software, anyway).

Nevertheless, there are some important differences between the two as well.

  • Even if you’re getting ripped off for car repair services, rarely will the cost of a repair rival the cost of buying a new car. The same cannot be said for computers.
  • While there are certainly communities and jobs that involve a lot of driving and no computer work, we are increasingly living in a digital age. If you work an office job of any kind, chances are you spend upwards of 50 hours a week on the computer, combining work and home use. Unless you are a truck driver, it’s very unlikely you are spending upwards of 50 hours a week driving.
  • Car repair is often more involved than computer repair. Yes, there are exceptions. It’s much easier, for example, to change an air filter in a car than to change a processor in a computer. That said, if you regularly do your own repairs on a car, you need an extensive workshop of tools and a dedicated garage. And it’s sad to say, but cars these days are being made so as to make it difficult to do your own maintenance. When I was growing up, my dad showed me how to change the oil and oil filter on my car. When I got a newer car, the oil filter was positioned in such a way that it wasn’t possible to get to it without a car-lift and specialized tools. Usually, with a computer, if there are hardware repairs or replacements that need to be done, all you need is about nine square feet of space, two screwdrivers, and your own two hands.
  • Computer repair is less physically dangerous. Yes, it’s possible if you do something stupid, you could probably electrocute yourself with some of the electronics inside the computer, get a minor cut from some of the sharp metal edges of the computer frame, or get a bruise on your pinky if you stick it in the fan while it’s running (shame on you for not unplugging the computer first). Still, I know of no one who has suddenly died from interaction with a home computer. I do, however, know people who have been seriously injured or killed by cars. If a car isn’t in proper working order (particularly the tires and brakes), you could kill someone. It’s okay to fiddle with your computer, as probably the worst you’ll do is fry your motherboard or cut a wire. It’s not okay to fiddle with your car unless you know what you’re doing.

The other thing to keep in mind is that almost all problems with a car are hardware-related. If there is a software problem with a car, you can’t just boot your Linux CD into the car and scan for viruses or edit configuration files. Computers can have hardware problems (loosely connected cords, failed hard drives, dusted-up fans), but the vast majority of computer problems are software-related.

Not everyone repairs her own car or computer, and that’s fine. Nevertheless, the level of ignorance of basic, common sense computer use I see goes way beyond the ignorance of good driving practices I see. Not everyone obeys traffic signals, changes their motor oil regularly, or drives defensively. But almost everyone I know who drives knows to fill up the tank when it’s low on gas or petrol. Drivers know to turn off the car if they aren’t using it for extended periods of time. They know not to drive 100 Km per hour in 1st gear.

I don’t see this same level of common sense amongst most computer users I know. They don’t think it’s worth their time to get to know how to take care of their computers (back up important data, learn how to navigate menus, avoid social engineering).

I’m not saying all this to be some kind of snob. I was in that place before, not long ago. I was a computer user who lacked common sense for a long time. Eventually I finally embraced computer literacy, because I realized it makes sense to do so since I had to spend a lot of time using the computer at work and began increasingly spending more time using it at home as well. I don’t think it’s that most computer users are stupid or lazy. I think it’s mainly that they’re scared.

To most computer users I know, computers are mystifying. When you’re scared of something and don’t understand anything about how it works, it’s easy to use it only for what you need it for and then ask for help whenever you need help instead of exploring things for yourself. I’ve had to teach a Mac OS X user how to install VLC, teach another Mac user how to add songs to iTunes, teach a Windows user how to change her Firefox homepage—these are all things that can be easily explored through the GUI if you just click on a few menus and read the directions.

If we do want to make an analogy between cars and computers, let’s consider a little bit of social engineering. Someone goes to a website and sees she “needs” to download an “ActiveX plugin” to view the site properly. All of a sudden, the computer slows down and there are pop-ups everywhere, and if she closes one pop-up two more pop up in its place. This is like driving to a store and having someone in front of the store say “Can you give me the keys to your car? You’ll need someone to watch your car while you go in the store.” Would you give that person your key? If it’s not a store and it is a restaurant, do you quickly learn to tell the difference between a genuine valet and a con artist valet? Maybe not with 100% accuracy, but I’d say most computer users indiscriminately click on things without considering what is trustworthy and what is untrustworthy, while they’ll at least consider whether a valet might be a real valet or not.

I’m not really sure what the solution to the problem is. How can we demystify computers for computer users who are afraid of computers? How can we convince them it’s okay to explore menus and read the messages in those menus? How can we get them to recognize that it’s worth getting to know how to take care of something you spend 50+ hours a week using? All I know is that the car-computer analogy doesn’t fly in terms of maintenance and repair.

Apple and Mac OS X Computers Ubuntu Windows

Freedom for the short-term or the long-term?

As a Ubuntu Forums veteran, I’ve seen many disgruntled potential migrants return to Windows from Ubuntu because they wanted things to “just work.” They would say things like “I don’t really care about software freedom. I just want to be able to play video files and do what I need to do. The computer is just a tool.”

Just as in debates about feminism, there needs in software freedom discussions to be a distinction between short-term freedoms and long-term freedoms. If you use a proprietary operating system like Windows and use proprietary formats like .doc and .wmv, you will have a lot of short-term freedom. Buy any device from a consumer-oriented electronics store, and it will be Windows-compatible. Visit any website with Internet Explorer, and it will probably work. Watch any video online, and it will probably play. You can buy from the iTunes store. You can use Netflix’s Watch Now! Any commercial software will be available for purchase for your computer. It seems as if you can do anything. Isn’t that freedom? Yes, it is—it’s short-term freedom.

My wife isn’t really into the whole software freedom thing, and she uses a proprietary operating system (Mac OS X) and lots of proprietary software (Adobe CS3, Safari), but she recognized the other day the importance of long-term software freedom and open standards when she tried to watch a video at on her Mac. It couldn’t be done. It was an embedded Windows Media Player video, and she tried downloading some helper software, but that didn’t work either. Eventually she gave up, frustrated. Why would they make it Windows-only? That’s stupid. Why couldn’t they make it Quicktime?

Well, in that moment (just as when we both found out Netflix wouldn’t support either of our operating systems with its streaming video feature), she knew what it was like to be a Linux user. You don’t get any support. But why should you have to switch to Windows just to play a video? Is that really freedom? If I’m free, shouldn’t I be free to choose what operating system I want to run? My wife loves Mac OS X and would never want to switch back to Windows. She considers running Mac a software freedom, even if it means sacrificing the short-term freedom of watching a video. I love Ubuntu and would never want to switch to Windows, either. I’ve made many sacrifices of short-term freedom as well.

What proprietary formats (yes, Quicktime is one of them, too, as I explained to my wife) do is tell you “You have the freedom to do what you want… as long as you play by our rules.” That’s not long-term freedom. That’s bait and switch.

Take, for example, someone else I know who loves her Mac Mini but feels compelled to get a Windows computer for her new job, because they use Windows-only software, and she’s worried about .docx files not working on Mac. When you get dictated to what operating system you have to run and what computer you have to get, that is also not freedom. And this .docx business is the most ridiculous thing I’ve ever heard of. It’s not even backward-compatible. If you have Microsoft Office 2003, you can’t handle .docx without some helper program to convert the file.

Open standards are good, and some short-term sacrifices along the way have to be made in order to get them adopted. In 2003, very few people were using Firefox, and there were many sites that didn’t work with Firefox, because there was very little incentive to follow W3C standards since “everyone” used Internet Explorer. Now, there are very few sites that don’t work with Firefox, since smart businesses realize they will lose potential customers if their sites work with only Internet Explorer. And increased Firefox compatibility has benefited Safari and Opera indirectly as well. Now people have a lot more long-term freedom on the web in terms of web browser choice.

You could argue, of course, that open standards and formats are not the same as open source, and that is true. Frankly, I’d be down with that. If people wanted to use proprietary software to create .odt word processing files and .ogg music and video files, I think even open source software users would benefit, and there would be very little software restriction.

If we are to get to that point of long-term software freedom, there have to be some people (like those early Firefox users) willing to make a few short-term software freedom sacrifices in order to have open source software and open formats more widely adopted. That’s why I like what Mark Shuttleworth and the Ubuntu community are doing with Ubuntu. It’s one of the few distributions that is treading a thin line on the free/proprietary line. It wants to be as free as possible while also recognizing that people are still very much reliant on proprietary software. Other Linux distributions tend to be overzealously long-term freedom-oriented or overzealously short-term freedom-oriented.

Yes, the computer is a tool, but if someone dictates which tool you use for a task, is that really freedom?

Further reading
Ubuntu’s Shuttleworth blames ISO for OOXML’s win

Computers Web Browsers

Giving OpenDNS a try

With stories in the tech news about a recently discovered DNS flaw that allows malicious parties to redirect even properly-typed-in URLs to spoof sites’ IP addresses, I got curious about this OpenDNS I keep hearing about. Supposedly it’s faster and also blocks phishing sites, has patched the DNS flaw, has 100% uptime, and allows configuration for blocking other categories of sites as well.

If the terms DNS, IP address, URL, and phishing have you confused, I’ll give you a quick explanation of at least my basic understanding of them. If you have a cell phone, it’s very likely, you store your friends’ and family’s phone numbers in there, but you don’t browse by phone number—you browse by name. If you see Aunt Myrtle and call her, your phone has a translation for itself that says “Aunt Myrtle is really 212-867-5309.” That’s basically how DNS and IP addresses work, too. When you want to go to Google, you type (the URL) in the address bar of Firefox, Opera, Safari, or Internet Explorer; you don’t type (the IP address). The DNS server translates the URL to the IP address. If there’s an exploitable flaw in the DNS server, the people exploiting the flaw may be able to take the proper URL you typed in and point it to an improper IP address. In the analogy I gave before, it would be as if someone messed with your phone and made it so Aunt Myrtle really called 911 instead of 212-867-5309.

Well, I think I see a slight increase of speed, but maybe it’s just a placebo effect. I don’t know. I’m giving OpenDNS a go, and we’ll see if I can live with it hijacking my keyword URL search in Firefox. I know some people have privacy concerns, but really my privacy isn’t any more secure with my ISP’s DNS server than with OpenDNS’s DNS server.

Apple and Mac OS X Computers Linux Ubuntu Windows

The effectiveness of “security through obscurity”

I don’t believe that security through obscurity is ideal or ultimately effective. I don’t believe it’s a generally good security approach. Nevertheless, it is not often the same as no security at all. Security through obscurity can have its place.

A few years ago, when it was brought to light that the newest (at the time) Ubuntu version stored the administrative password in plain text, that incident was a huge embarrassment to Ubuntu developers, and they fixed the security hole within hours of it having been brought to their attention. Nevertheless, it had been in place for months prior to being brought to the developers’ attention. Were any Ubuntu installations compromised because of this bug? Probably not.

Likewise, most people don’t know that physical access to a computer means (except in rare cases) total administrative access. If you encrypt your drive, you can prevent unauthorized access to your files. If you put a password on the BIOS and disable booting from CD, you can slow down or make more inconvenient the unauthorized access. Maybe that’ll stop people from compromising your computer if you’re away from it for only a few minutes.

Many users are naive to just what prolonged physical access means, though, in terms of security, and that’s dangerous, because then security through obscurity works against you. I used to believe (before I started using Linux) that having my laptop prompt me for a password upon waking the computer would mean that if my laptop were ever stolen, no one could get my files. Before I booted a Knoppix CD on his laptop, my dad used to think a fingerprint scanner would prevent people from seeing his files. In these cases, the “security” is obscured for the user and not the thief.

If a thief makes her living by taking the data off your computer (probably for the purposes of identity theft) and not solely by selling the hardware, she probably knows exactly how to access your data, whether it be resetting the BIOS password, booting from a live CD, or even moving the hard drive to another computer.

There have been quite a few debates about whether recovery mode in Ubuntu should exist or perhaps be hidden by default. In Windows, if you need emergency administrative access, you need to boot a CD. In Mac OS X, you have to know the relatively obscure hold-down-Cmd-S-while-booting procedue to get into recovery mode. In Ubuntu, though, it’s right there in the boot menu. Just press the down arrow once and you’re in recovery mode, which means you have root (or total administrative) access to the computer.

On the one hand, obscuring recovery mode might give people a false sense of security (thinking it’s difficult to gain root access). On the other hand, having it in the boot menu kind of advertises it, and you might have a curious sibling or roommate who selects it and starts getting playful on the command-line, and she might not have done so if it weren’t in her face the way it is.

Outside of the computer world, it’s a bit like keeping the key to your house underneath the welcome mat. Doing so is definitely bad security. On the other hand, most people won’t know exactly where you keep your key or if you keep it under the welcome mat at all. If you post up a big sign next to your door saying “Hey, the key is underneath this welcome mat!” you’ll be sure to have your home broken into.

When it comes to computer security, definitely encryption and restriction of physical access should be publicized more as real security options, but I do believe there are tradeoffs to embracing and eschewing security through obscurity. Just make sure you are obscuring access for others and not for yourself.