Terminally Incoherent

I was catching up on my backed up on my feeds, and I stumbled upon a link to some whiny post that tabs are redundant. I’m not sure if you knew (and if you didn’t - welcome to the internet!) that there is no better way of letting the world know that you are a stupid n00b than complaining that you do not understand the tab paradigm in the modern browsers, and that IE 6.0 had it right. But this post was actually made by a blogger I usually respect and often link to - Jeff Artwood.

Jeff usually has lot’s of interesting, and thought provoking things to say and thus the frequent linkage from here. I mean, maybe he is getting old and can’t keep up with the way things are done these days or something? I don’t know. But I’m trying to take what he says seriously out of respect.

So what is he saying there exactly? He is complaining that it is really hard for him to find his GeeeeMail across his 16 monitors and 57 instances of the browser open. I’m not surprised. If I had a million monitors and kept opening multiple instances of Internet Exploder all over the place I would also get confused. Fortunately I do not have this problem for several reasons:

1. I use Gmail Manager extension for Firefox which shows me if I got any new emails in every instance of the browser
2. I hardly ever have more than one instance of the browser open - and if I do, it’s usually for testing so the second browser is probably IE or Opera - so no confusion there
3. My virtual workspace is organized by task - so I always know where my primary browser instance lives
4. Within the browser my tabs are organized:
   1. First tab is always Google Reader
   2. Second is always Twitter
   3. Third is always the Wordpress dashboard
   4. Rest are random websites
5. I bookmark and close the tabs I don’t use

So for me finding Gmail is trivial - jump to the nearest FF instance, and hit the bottom right corner of the browser where the Gmail Manager lives. Then I close it after use. If I want Google Reader, I just click on the very first tab in my browser. I never get lost on my own desktop because I usually try not to run millions of applications at once, and if I do, I find ways to logically separate them for fast access.

This statement kills me though:

(…) if GMail had been in its own browser window, I could have found it instantly by looking in the taskbar, or at worst, by visually selecting it from even a smallish thumbnail image. Because GMail was in a tab, I wasted my time trying to find it, and I wasted even more time needlessly launching another browser. And this isn’t an isolated incident. This happens to me every day. More times than I’d care to admit.

So how can we fix this? How can we integrate tabs with the existing navigational features of the operating system, such as the taskbar, and Exposé? I keep coming back to search as the dominant computing metaphor. The only thing I can think of is a plain-text search facility where I type “Gmail”, and the OS would automatically highlight that tab (or window) and bring it to the front. That presupposes a very high level of integration between the application tabs and the operating system, however.

Or, and correct me if I’m wrong - this suggestion might be way out there, you can just open frequently used applications in their own dedicated windows. So you would like have your Gmail in it’s own solitary instance of IE, your Twitter in another one and your Bloglines in yet another. Who said that since IE 7.0 has tabs you must use them? If you feel they are a productivity drain, use them sparingly.

Then there is this:

I wish I could “tear off” tabs into standalone windows on demand, too.

Jeff, have you ever heard of the KISS principle? When I want to “tear-off” a tab in Firefox I use the mysterious secret context menu function known as “Open in New Window”. Alternatively I can always do something like:

Ctrl+L Ctrl+C Ctrl+W Ctrl+N Ctrl+V Enter

It is a short sequence with one finger firmly planted on Ctrl that most Firefox users will find easy to follow. Jump to the address bar, copy URL, close tab, open new window, paste URL and go to it. If I remember correctly, IE 7.0 opens new windows with the contents of the current tab preloaded by default - so you can actually save like 3 keystrokes out of the above if you use it.

It’s funny but I can’t figure out what exactly Jeff wants. He says he likes tabs and uses them all the time. But then he says they are hard to use, and can’t be searched easily and they should be more like modular little windows that can be snapped in and out of place. But at the same time he says he hates the way Office implements exactly that kind of a feature.

I guess he is ranting for the sake of ranting. Personally, I love tabs. Tabbed interfaces create uniform workspaces that save screen realestate and prevent taskbar clutter. Right now I have 10 tabs open in Firefox, and two terminals open on the same virtual desktop. If each tab was a separate window, my taskbar would be full right now and would start grouping things, or scrolling in some annoying way. And I instantly know that first 3 or 4 tabs are my goto web apps, while the rest are just random. When I start a blog post, and do a lot of tab switching I drag it’s tab close to the front so it’s my 5th one on the tab bar for easy access.

But then again I’m working here with just a single display - not 1757 of them like Jeff has. So perhaps I’m just behind times.

Then I found a telling clue to what is Jeffs problem deep in the comment thread:

Again, the disconnect between Alt+Tab and Ctrl+Tab– it’s highly modal, and users hate modes. It’s so hard to remember which one you’re in at any given time. Is this a tab? Is it a window? Why should *I* have to worry about treating them so differently?

Ah! So this explains it. Jeff hates modal behavior. That’s why he seems to have a stick up his butt about the whole tabbing deal. I call this syndrome Vi Envy. There are three kinds of users in these world - those who understand vi, those who wish they could understand vi and those who are to clueless to know what vi is. Jeff seems to be one of those people who never really figured out how to deal with the modal approach of the Vi and it left him scarred for life, always seeking that unified UI experience.

Me - I don’t mind the modal behavior. Hell, I jump between operating systems all the time and it doesn’t bother me much. I adjust my behavior to the limitations and strengths of the system and/or environment I’m working with. For example - people always cry that Eclipse is slow, but I never notice. I used to use it all the time on a 700 MHz machine with 256 MB of tam, and the speed was acceptable for me because I figured out how to be gentle with it. If you know your OS, and know your applications then working efficiently within them becomes a second nature.

I just wanted to thank the folks at NBC Dateline for all the LULZ:

Kinda reminds me of that whole Internet Haet Machine failure produced by Fox. And here I thought that “investigative journalism” means that one has to objectively investigate the story. But there is nothing objective about what this woman did - and she was not investigating anything.

She went to Defcon with preconceived notions of what it was, and aimed to capture specific footage of people confessing to committing crimes, and undercover federal agents being outed by the crowd. This indicates a complete lack of understanding of why people go to conferences like Defcon.

Let me put it this way - if you own a large spamming botnet, and run a successful pishing operation, a credit card fraud, an identity theft racket, or if you are breaking into systems for profit, then Defcon is the last place you want to be. Who goes to Defcon then? Security researchers, sysadmins, government security specialists and geeks who have active research interest in security field. Those who go there to learn how to h4x are most likely some poor misguided script kiddies that would get bored by all the talks and happily incriminate themselves into crimes they never committed on the Dateline hidden cam.

Dateline NBC probably had the segment written long before they even sent that girl to the conference: “Hackers gather at an underground conference Las Vegas to learn how to break the law using technology. See the shocking footage of the secret computer criminal meeting, only on NBC Dateline.” Sigh… It’s kinda like trying to catch rapists at a pr0n convention, or murderers at a NRA gun show.

The worst part is that shit like that riles up the technologically-illiterate masses of voting citizens, who then push their representatives to create more anti-circumvention legislation. And, seriously - more laws that make security research illegal is the last thing we need.

Thanks to Travis for bringing this story to my attention.

I have always said that the biggest problem with Windows security is that everyone is running as an Admin by default. I never really preached the LUA principle on Windows machines though. Unfortunately, I’m guilty of using an account with administrative privileges for my day to day stuff too. In fact I have been running windows boxen with Admin rights for years. So I can I really advise or recommend it to anyone if I haven’t tried it? I decided to put my money where my mouth is and try to live in the XP Home environment as a “Limited User” for a little while. I figured that if I can do it, it will give me the right to get on my high horse, and preach LUA to everyone around. This post is sort of a wrap up, describing my week long experience.

Installing software, and performing administrative tasks as a limited user is not a big problem. At least not as big as I expected. There are many tools out there that help you to temporarily elevate your privileges so that you don’t have to log out and log in as a different user to accomplish something. For example I used LaunchAdmin to open up terminal windows, and control panel with appropriate privileges which was working relatively well for a while. And I have to say, I didn’t really have many issues installing software or tweaking my system configuration this way.

But there was a problem I could not solve. You see, I’m a lazy bum. I do not like to do tedious administrative tasks such as downloading and installing patches. I schedule that stuff to occur when I’m asleep, or at work. When I come back home, I want my machine all to myself. I don’t want it wasting cycles on updates, I don’t want to be prompted to reboot. That shit is supposed to be done when I’m not around.

Unfortunately, automatic windows update does not work if you are a limited user. Neither does the McAfee auto update feature - or at least not every time, because some updates require write access to the Program Files folder. So the only reliable way to update your system is to switch to administrative account, and run manual updates on all the software that usually updates itself automatically. There is no real way to schedule these things to run with elevated user privileges.

Oh, and did I mention that the only way to run Windows Update manually is by logging in as Admin? Apparently, by design, the update system requires the current user to be an administrator. You can’t use the Run As feature, and by extension most of the tools mentioned above. It also seems to have issues when you elevate your privileges using the MakeMeAdmin script which is what LaunchAdmin was using.

I don’t want to do system and AV updates manually. It is a waste of my productive time and an annoyance. I tend to procrastinate and forget about things like that. And so, I will sooner or later end up with a system that is un-patched, and behind on anti virus updates.

For me, this whole experiment boils down to a simple choice. Do you want:

1. A patched system, with up-to-date AV, running as Admin
2. An un-patched system, with outdated AV running as Limited User

On one hand, this may seem like a fair trade-off, especially considering the fact that running as Limited User makes you inherently more secure. So perhaps keeping your system up to date is not that important when you are not running as Admin on regular basis. Or is it?

As I said earlier - I have been running as Admin for years. The only time I got 0wned was back in 99 when the CIH virus totally destroyed my Win 95 machine. It overwrote my MBR, and messed up the BIOS making the machine completely unusable. And guess what - I didn’t have any backup plan in place back then. So in a blink of an eye I lost everything, and ended up with an unresponsive, unusable piece of junk on my desk.

That was my big wakeup call. Ever since then I have been anal about security, and extremely careful of what I run on my machine. In over 8 years now I haven’t been infected by a single virus, or contracted a single piece of spyware. Looking back at that track record, its fairly obvious that the chances of me catching some random piece of malware that requires Admin privileges to install itself is fairly low. Good instincts, browsing habits and software choices can and will protect you from most of the malicious crap out there.

Of course, at one point or another I will get exposed to some sort of malware. However, that if the creators of this thing are smart enough to trick me into running it on my machine, they are also smart enough to use one of the numerous privilege elevation hacks that are out there. And if the do, it won’t really matter if I run as Admin or not. I’ll get owned anyway.

At least with an up-to-date system, there is a hope that whatever security hole the attacker chooses to use was already patched, or that my AV can detect and stop the attack.

So, will I be continuing to run as Limited User? Nope. I switched back to Admin. While there are good reasons to run with LUA, the security gain for a power user like me is not big enough to make up for all the annoyances, and all the hoops you have to jump through to perform normal day-to-day activities. And I’m actually concerned that because of my laziness, and procrastination running as non-admin would effectively lower my systems security instead of increasing it.

I hear Vista is actually a little bit better about this with it’s new security access model. But I’m not switching yet. I’ll wait till after they release Service Pack 1, and DirectX 10 becomes ubiquitous till I even entertain the thought of purchasing a Vista OEM with a new gaming computer.