Comment 24 for bug 174283

On Tue, Apr 14, 2009 at 22:07, Andrew Hohenstein <email address hidden> wrote:
> I found another bug in Ubuntu... It actually allows you to install the
> system to a hard disk! This means that not only does it leave the system
> open to 'sudo rm -fr /' commands being run accidentally, but anyone
> passing by with an active electro-magnet could corrupt the entire
> system. Other distros (Knoppix, etc) circumvent this by being a live-CD-
> only distribution. Ubuntu already has live-CD functionality, so all we
> need to do is just cut out all the installable stuff, and it's good to
> go! Right? We could also include a requirement of lead shielding in the
> chassis.
>
> ..end sarcastic portion of update..

I can see you're quite passionate about this idea. I confess that I
don't understand why it's such a big deal to you. It's very simple to
use --no-preserve-root in your aliases. Anyway, it might make for
better discussion if we avoided sarcasm. Let's keep our common goals
in mind: we all want to improve Ubuntu.

> I obviously don't really know what all is involved in the physical act
> of firing a nuke, but if the movies are to be believed, it takes the
> right person giving the proper authorization (sudo) and giving the
> command to fire (rm -fr).. Usually it takes more than one person doing
> it at the same time, but short of forcing two different admin users to
> confirm file deletions so that it lives up to this standard, at some
> point the engineers make the determination that any more safeguards
> preventing execution would be too much (even unsafe), because after all
> the weapons (commands) are there to be used, not look pretty.

I didn't want to mention the movies, because I'm sure they leave a lot
to be desired in the Reality Department. But even in the movies, it
usually takes multiple physical keys to unlock the Big Red Button. :)

> This single feature is not destructive by itself, the precedent it sets
> is. Users will expect the system to save them from themselves doing
> anything potentially destructive, citing this 'bug' as 'proof' just like
> everyone here did ("Sun is doing it why shouldn't we?" is, I'm sorry, a
> glaring logical fallacy).

Respectfully, I think your argument in this paragraph is a logical
fallacy, along the lines of a Slippery Slope argument. Just because
the rm command by default prevents the deletion of / doesn't mean that
users "will expect the system to save them from themselves doing
anything potentially destructive." Just because a car has seatbelts,
airbags, and anti-lock brakes doesn't mean that people believe they
can safely aim their car towards the edge of a cliff. We're talking
about one minor option that prevents accidents, an option that can be
easily disabled by anyone who is bothered by it.

> So upon installation, should the disk partitioner not actually allow a
> user to format a partition that has a certain amount of files with 'last
> modified' dates of today's date, for fear that the user is actually
> choosing the wrong partition to format? I bet a lot more people have
> made that mistake than have accidentally run 'sudo rm -fr /'... And the
> answer is still no, the partitioner shouldn't just refuse to format the
> partition it was told to format during install because the user didn't
> run it with the --actually_format_stuff flag, or something.

We're not talking about the partitioner; only the rm command. Since
you brought up logical fallacies, is this an example of a Red Herring?

> Someone always deserves a broken foot when they ask themselves, "Hmm, I
> wonder what will happen if I drop this bowling ball on my foot?" and
> then does it. Even if they meant to drop it an inch to the left of their
> foot, and not right on it. It's not the bowling ball manufacturer's
> fault for making a bowling ball that hurts your foot when dropped upon
> it. Nail guns don't come with built-in sensors that detect living tissue
> in front of it and refuse to fire if there is. You're just not supposed
> to aim it at yourself, the safety button (sudo, -f, etc) is considered
> to be enough.

If my foot was at risk of being hit by a bowling ball unless I typed
with perfect accuracy and faultless thinking, I would want the system
to prevent the bowling ball from falling onto my foot by accident.
Even nail guns have safeties that prevent discharge unless the gun is
pressed against a surface. Thankfully, neither is usually controlled
by something as complex as a computer.

> The Ubuntu home page says "Ubuntu is designed with security in mind" and
> that it's made to be easy to install and get up and running on most
> computers, for free. When did Ubuntu become the distro made for
> inexperienced users, or self-proclaimed 'experienced users' who don't
> think things through all the way because it saves people from
> themselves? Where is this claimed? I don't see that in the "Code of
> Conduct," "What is Ubuntu?", anywhere.

What does the word "ubuntu" mean?

> Nowhere does it say "we strive to eventually implement every lame
> Windows-type security 'feature' that is already proven ineffective,
> because Ubuntu deep down really just wants to be Windows some day." It
> actually says the opposite, boasting cutting-edge security features, not
> ineffective ones.

I don't think anyone has asked for every lame Windows security feature
to be implemented; just --preserve-root on rm.

>> Is that even how we should treat other people? I don't understand what
> your goal is with Ubuntu.
>
> This isn't a person treating another person like anything, this is a
> computer doing what it's told (or rather not, it seems).

But the system is designed by people, for people to use. Surely we've
all had the experience of using well-designed systems and
poorly-designed ones.

> but nowhere
> do I see "It's for beginners and scatterbrains because they couldn't
> possibly mess anything up! It even saves experts from their own
> destructive type-os! Also it makes you feel loved like no other OS can!"

Respectfully, you seem to be taking the argument to absurd extremes.
No one's calling for Ubuntu to be like that.

> All but one company I've worked for in the past 10 years demanded full
> daily backups of all critical systems, and I can guarantee you the
> people making these executive decisions were not experienced Linux
> users.

Ubuntu is not aimed only at business and corporate environments.
Individual home and family users are a huge part of the target
audience.

Even that is beside the point, in my opinion. To me the point is that
anyone, even the most experienced user, can hit a key by accident, or
be tired and forget to proofread a command. If one really needs to
delete /, it's no trouble to type --no-preserve-root.

>> Maybe you'd be happier with something like Arch Linux?
>
> Of all the things said in this thread, "you need to go use a different
> distro," Is the least useful and community-minded, and least
> humane/forgiving thing of them all. You can't claim to be for the OS
> treating users with 'compassion' or 'respect' or whatever, and then say
> stuff like this.

He made a gentle suggestion; he didn't ask you to go away. It
honestly sounds like you would be happier with a less user-friendly
distro. I think he was trying to be helpful to you.

>> There's protecting the user against pasting malicious commands, and
>> there's protecting the user from the results of an unfortunate typo. Even
>> experienced users make stupid mistakes like this
>> (http://www.justpasha.org/folk/rm.html)
>
> Key words being "stupid mistakes." If you actually read that story, they
> had a backup but they only did them once a week, and they didn't have
> anyone on staff that knew how to recover from it. That isn't the rm
> command's fault, it's the company/engineer's fault. Ubuntu doesn't need
> to be built to prevent companies that hire uninformed engineers from
> losing their data. You might as well let it refuse to power the computer
> on because the user might have plugged it into an outlet with the wrong
> voltage.

I don't understand your point; shouldn't a power supply refuse to work
if supplied with the wrong voltage? Why are we even talking about
power supplies? :) Let's confine our argument to the topic:
accidental typos or missing variables when using the rm command; human
fallibility, something we are all subject to.