Open Source Walks The High Wire - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

10:32 AM

Open Source Walks The High Wire

Linspire is pitching its desktop Linux distro to a tough crowd. Is it also courting trouble by bending a cardinal security rule? Or do the old rules no longer make sense in a market where many desktop Linux users are buying their first computer?

In my previous column, I stated that MySQL AB is taking some of the blame--unfairly, I think--for a recent worm attack that succeeded due to lazy administrators, rather than defective code.

Until the worm episode, the MySQL development team favored a setup process that left basic security decisions, such as whether to use a root password, completely up to the product's users. This approach has its risks: MySQL, like so many other open-source developers, deals today with a much larger user base that is also much less experienced on average than it used to be.

If MySQL makes a few more decisions for its users, such as forcing them to set a root password to improve security, few people are likely to complain about the tradeoff. This sort of thing is likely to happen more often, and it will involve more open-source products. In spite of the damage, both real and imagined, that may result, it's also a problem that will solve itself, as commercial open-source firms build more effective training programs and as today's beginners grow into tomorrow's veterans. In other words, this is a problem a lot of other industries would kill to have.

Does the same lassez-faire attitude apply to the desktop open-source market, and especially to efforts to win consumer Linux users? Security is half of the desktop Linux act, but usability is the other half--and this is a pair that doesn't always see eye to eye. Bear in mind that desktop Linux buyers aren't just converted Windows users; this group also includes a substantial number of first-time computer users who aren't convinced they need one at all. These are people for whom Linux must make a solid first impression, or there likely won't be a second.

Linspire is one of the Linux vendors with more chips riding on Joe Six-Pack than on the Fortune 500. The company's Linspire OS, and tie-in services such as its "Click-N-Run" software database and maintenance plan, are dedicated to turning people who have never touched a PC and who have no interest in technology into happy Linux users.

One trait intended to make Linspire more user-friendly has also raised some eyebrows among experienced Linux users: a setup process in which many new users end up running only the root account. Linspire's supporters--and there are a lot of them--argue that using a root account is no longer a problem, since most of these machines only serve a single user; in addition, Linspire PCs start up with a fully configured firewall and locked-down ports. It's also true that a user can set up non-root accounts quickly and easily, assuming they have some basic PC skills and know why this might be a good idea.

Linspire clearly believes that its setup process delivers a usability advantage that outweighs the security benefits of creating a user account. I personally don't like the idea--it makes me nervous, and most present or past Linux users I ask feel the same way.

We're not the people Linspire needs to reach, however, and I'm more interested in hearing what the rest of you think about the approach Linspire is taking, or about how other desktop Linux vendors have handled tradeoffs between usability and security. There are a lot of companies making up the rules of this game as they go along, and it will be fascinating to see who comes out ahead.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Future IT Teams Will Include More Non-Traditional Members
Lisa Morgan, Freelance Writer,  4/1/2020
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll