Easy Restarts Are a Security Feature

Posted Tuesday, March 15th, 2011 at 7:09 pm

The more stuff you have open (or habitually leave open) in an application, the more it becomes part of your consciousness, an extension of your mind. For many of us, the question “What are you doing right now?” could best be answered by, “Here’s a list of the tabs I have open in my web browser.”

Hackers* use the word “state” to describe “information being maintained in non-permanent memory”, whether that memory is in a human skull or a computer’s RAM chips. In fact, that ambiguity over exactly where the state is being maintained is one of the word’s strengths — as the browser-tabs example shows, there’s getting to be less of a distinction between the two. The stuff in my browser’s tabs is a reflection of what’s in my own brain, and a nearly-seamless extension of it.

Like every other web developer, I recently got a message from Firefox saying it needed to upgrade. (Because security researchers found yet another hole in Adobe Reader.) Despite the fact that I had over a dozen tabs open, I knew I wouldn’t have to worry about performing the upgrade, because Firefox would remember all my tabs and reopen them after restart. It’s basically a momentary hiccup in my workflow; I can start the upgrade and then use that 30-second break to refill my teacup or go to the bathroom. Come back, sit down, close the spare “You’ve just successfully upgraded Firefox” tab, and just keep working.

Compare that with Windows Update.

For one thing, I can no longer in good conscience advise people to allow Windows Update to automatically install things. Not after Microsoft used it to push “Windows Genuine Advantage”. With Firefox, a security update really is just a security update, not an excuse to push crapware on one’s customers. With Windows Update, I need to scroll through the list of updates and make sure they’re not sending me something I don’t want (but which I can never uninstall if I accept it once).

More importantly, though: You never know when a Microsoft security update will include some component that forces a reboot. Sometimes, you’ll just get a message that your update isn’t complete until you restart, and would you like to do that now? Other times, you get the annoyingly insistent dialog box that pops up every five minutes, nagging at you to restart your machine. And it won’t go away until you restart. Trying to get anything useful accomplished between that thing’s interruptions is like trying to concentrate with a Harrison Bergeron-style mental handicapper on. Which means that before you even start the process, you’d better be ready to save and close all your work in every single application.

Is it any wonder people hate installing Windows security patches?

The problem is that if you make security updates annoying, people will try to avoid them. And one of the biggest annoyances these days is breaking people’s train of thought. Now that half of my train of thought is in the computer — in “state” that the software is maintaining for me — making the software continue to maintain it across sessions turns out to be a big win.

The E Text Editor is another example of an application that makes it really easy to leave state in the computer’s memory instead of cluttering up your own wetware with it. E’s philosophy is to never discard data unless the user explicitly requests it. It takes the concept of an Undo history far beyond what most people are used to.

Back in ’90s, people got used to having an “Undo button”: you could reverse one action. Then we got the “Undo history”: you could work backward through multiple steps of undo. Finally, we got the “Undo/Redo history”, which allowed one to step forward as well as back in that timeline… but it was still just a line. If you went back 50 steps, then did something new — something different from stepping forward — those 50 steps were all immediately discarded.

E doesn’t discard information so casually. If you do something new, you now have a new branch in the history of your document. It has an “Undo/Redo tree”. (This results in a lot of data being maintained on your hard drive. So what? Hard drive space is cheap. Way cheaper than human attention, which means trading off a bunch of disk space in order to maintain some human attention is a very good deal.)

And, of course, it maintains this state across sessions. If I’ve been working on a complicated image in Photoshop for a few hours — or for a week or two, without closing the program (and hence not applying any Windows security updates, because they might force a reboot!) — one of the last things I want to do is close that file unless I’m positive that I won’t ever feel like going back to a previous version of it. (This is why graphic artists get so used to hitting “Save a Copy” a whole lot.) The moment I close the file, even if I leave Photoshop itself open, I’ve lost that history.

Not so in E. I can close the program, apply my Windows patches, then reopen E… and it will reopen the files I had open when I exited it, with all that Undo/Redo tree-history still there.

And this also means that shutting down and restarting E is an easy action. It has no ill effects. I can do it any time, and not have to worry about what I’m losing. Which means that if E ever comes out with any security patches, I won’t be at all worried about applying them.

Having nothing to lose by a shutdown makes your program a lot more likely to be upgraded.

* In case it isn’t already obvious, I’m using the word “hacker” to mean “a computer programmer who loves programming for its own sake, not someone who’s just punching a clock to pay the bills”. This is similar to the programmer-enthusiast culture’s classical definitions that include “A person who enjoys exploring the details of programmable systems and stretching their capabilities” and “A person who delights in having an intimate understanding of the internal workings of a system, computers and computer networks in particular.” It should be very obvious that I don’t mean someone who breaks into computer systems.

Post a Comment

Your email is never shared. Required fields are marked *

*
*