[sugar] perceived sugar performance
Tue Apr 29 16:46:04 EDT 2008
Michael Stone wrote:
> Personally, I have found extensible autostart mechanisms which process
> third-party data to be more useful to trojan authors than to users so
> I'm mildly inclined to consider such mechanisms to be a misfeatures
Then don't make it easily extensible. I already manually change the
python scripts to tell rainbow that certain (admittedly mis-written)
activities should be allowed to write their configuration files to
an "improper" location. If making another change to a python script
will save me having to perform a series of cursor moves and manual
clicks after each boot, that's worth it to me to set up "autostart".
My bigger point is - how does not "autostarting" an activity keep
away trojan authors? If the trojan author is worth his salt, he
will have superseded the legitimate activity. That trojan will
still be activated when the user clicks on the associated icon.
To me, whether one mechanism or another is used to launch such a
thing makes little difference.
Remember - one intent behind the OLPC is "to make it easy for a kid
to program". I know of no way to screen out trojan authors.
> On an XO running a recent build (including 703), almost all activities
> are prevented from writing to interesting places like .xsession.
I see no reason why "autostarted" activities should not be given the
same protections by rainbow as "clickstarted" activities.
> Avoiding autostart means that reboot is much more powerful - rebooting
> will actually have some chance of restoring your system to a workable state
I'm not intending to "restart" everything the system was running
when it was shut down. But I do want a 'clean' version of Terminal
to be available to me right after booting - so I can for instance
look at system internals (I prefer Terminal to the text console).
Having it come up automatically makes my life easier.
More information about the Sugar-devel