Michael Stone wrote: > Personally, I have found extensible autostart mechanisms which process > third-party data to be more useful to trojan authors than to users so > I'm mildly inclined to consider such mechanisms to be a misfeatures
Then don't make it easily extensible. I already manually change the python scripts to tell rainbow that certain (admittedly mis-written) activities should be allowed to write their configuration files to an "improper" location. If making another change to a python script will save me having to perform a series of cursor moves and manual clicks after each boot, that's worth it to me to set up "autostart". My bigger point is - how does not "autostarting" an activity keep away trojan authors? If the trojan author is worth his salt, he will have superseded the legitimate activity. That trojan will still be activated when the user clicks on the associated icon. To me, whether one mechanism or another is used to launch such a thing makes little difference. Remember - one intent behind the OLPC is "to make it easy for a kid to program". I know of no way to screen out trojan authors. > On an XO running a recent build (including 703), almost all activities > are prevented from writing to interesting places like .xsession. I see no reason why "autostarted" activities should not be given the same protections by rainbow as "clickstarted" activities. > Avoiding autostart means that reboot is much more powerful - rebooting > will actually have some chance of restoring your system to a workable state I'm not intending to "restart" everything the system was running when it was shut down. But I do want a 'clean' version of Terminal to be available to me right after booting - so I can for instance look at system internals (I prefer Terminal to the text console). Having it come up automatically makes my life easier. mikus _______________________________________________ Sugar mailing list [email protected] http://lists.laptop.org/listinfo/sugar
