[sugar] perceived sugar performance

Mikus Grinbergs mikus
Tue Apr 29 16:46:04 EDT 2008


Michael Stone wrote:
> Personally, I have found extensible autostart mechanisms which process
> third-party data to be more useful to trojan authors than to users so
> I'm mildly inclined to consider such mechanisms to be a misfeatures

Then don't make it easily extensible.  I already manually change the 
python scripts to tell rainbow that certain (admittedly mis-written) 
activities should be allowed to write their configuration files to 
an "improper" location.  If making another change to a python script 
will save me having to perform a series of cursor moves and manual 
clicks after each boot, that's worth it to me to set up "autostart".


My bigger point is - how does not "autostarting" an activity keep 
away trojan authors?  If the trojan author is worth his salt, he 
will have superseded the legitimate activity.  That trojan will 
still be activated when the user clicks on the associated icon.
To me, whether one mechanism or another is used to launch such a 
thing makes little difference.

Remember - one intent behind the OLPC is "to make it easy for a kid 
to program".  I know of no way to screen out trojan authors.


> On an XO running a recent build (including 703), almost all activities
> are prevented from writing to interesting places like .xsession. 

I see no reason why "autostarted" activities should not be given the 
same protections by rainbow as "clickstarted" activities.


> Avoiding autostart means that reboot is much more powerful - rebooting
> will actually have some chance of restoring your system to a workable state

I'm not intending to "restart" everything the system was running 
when it was shut down.  But I do want a 'clean' version of Terminal 
to be available to me right after booting - so I can for instance 
look at system internals (I prefer Terminal to the text console).
Having it come up automatically makes my life easier.


mikus




More information about the Sugar-devel mailing list