Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.
Sign upsingle click by default is insecure #1064
Comments
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
|
(Talking about Debian based AppVMs here.) |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
nrgaway
Jul 14, 2015
nrgaway
commented
Jul 14, 2015
|
I just checked my setting in Debian and the `Nautilis` `'click-policy` is
set to `double-click`.
Therefore to open a file requires a `double click`; a `single right click`
will bring up context menu, then a `single click` to select menu option.
Maybe I have additional packages install though, since I use Debian with
gnome. Will look into it when I rebuild the next time
|
nrgaway
self-assigned this
Jul 14, 2015
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
adrelanos
Jul 14, 2015
Member
This happened to me as a user of https://packages.debian.org/jessie/dolphin, which is the KDE default and fine file manager.
|
This happened to me as a user of https://packages.debian.org/jessie/dolphin, which is the KDE default and fine file manager. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
nrgaway
Jul 14, 2015
nrgaway
commented
Jul 14, 2015
|
Qubes installs the gnome `Nautilus` package as the default file manager.
Did you manually install dolphin?
Maybe we should consider also setting KDE defaults then? I wonder why they
would default to a `single click` as per what you said that it is not what
a user would expect.
|
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
adrelanos
Jul 15, 2015
Member
Did you manually install dolphin?
Yes.
Maybe we should consider also setting KDE defaults then?
That's what I argue here.
I wonder why they would default to a
single clickas per what you said that it is not what a user would expect.
Speculation: I guess they have a different focus. It's not providing a great desktop environment to previous Windows users. That just happens by accident. Their focus also isn't hardcore security. And in their view, the historical double click approach is outdated and unnecessary. Their focus is to provide a great desktop environment with great usability. Boldly deprecating legacy ineffective designs (double click) in favor of usability.
Yes.
That's what I argue here.
Speculation: I guess they have a different focus. It's not providing a great desktop environment to previous Windows users. That just happens by accident. Their focus also isn't hardcore security. And in their view, the historical double click approach is outdated and unnecessary. Their focus is to provide a great desktop environment with great usability. Boldly deprecating legacy ineffective designs (double click) in favor of usability. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
unman
Jul 31, 2015
Member
This seems wrong headed to me.
It's evident from the lists that many users have come from windows with little linux experience - I dont recall anyone complaining about this because the current default works for them.Anyone who takes the step toward installing a different program is probably going to be savvy enough to check and change kde settings if they want.
What about previous linux users? The proposal to change default behaviour would run counter to their previous kde experience.
What about users from android or Mac? Or those windows users who are used to using a single click to run - a feature available since at least XP.
|
This seems wrong headed to me. |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
marmarek
Oct 8, 2015
Member
@bnvk any opinion on this? I think the issue here is whether to keep KDE default, or change it to something we think is more reasonable.
All this applies only to users manually installing dolphin, since default Fedora (and Debian) template uses Nautilus (with double-click by default) and Whonix have this already set to double-click.
|
@bnvk any opinion on this? I think the issue here is whether to keep KDE default, or change it to something we think is more reasonable. |
marmarek
added
C: templates
P: minor
task
labels
Oct 8, 2015
marmarek
added this to the Release 3.1 milestone
Oct 8, 2015
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
isislovecruft
Apr 21, 2016
isislovecruft
commented
Apr 21, 2016
| It would be great if Qubes gave users the same level of RSI as they're used to with Windows. |
marmarek
modified the milestones:
Release 3.1,
Release 3.1 updates
Nov 19, 2016
marmarek
unassigned
nrgaway
Nov 19, 2016
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
unman
Apr 16, 2017
Member
@andrewdavidwong Confirmed this issue still arises in 3.2 milestone.
As I commented, I think this approach is just wrong headed - there's nothing intrinsically insecure about using a single click to open a file. It's one of those cases where personal preference seems to guide policy.
|
@andrewdavidwong Confirmed this issue still arises in 3.2 milestone. |
adrelanos commentedJul 14, 2015
Since I have been a Windows user some time before in my life, I am accustomed to first left click a file, then right click on it to so something else. I would think many users are trained to work this way.
Recently I downloaded an untrusted PDF and wanted to open it in a disposable VM. Left clicked it. Boom. Opened. There are two usablity issues at work here.
(In Whonix this is solved by installing the https://github.com/Whonix/kde-mouse-doubleclick package during build before starting the desktop environment for the first time.)