2007-03-25
Fitts' Law and edge-flipping in window managers
Simplified and summarized a lot, Fitts' Law says that the four of the five easiest locations to reach with the mouse are the four corners of the screen, because they require very little precision. (There's a lot more to it than just that, of course; see AskTog.)
A number of window managers, fvwm2 included, have virtual screens and a feature called 'edge flipping': if you move your cursor to a screen edge where there's another virtual screen beyond it and keep 'pushing', the window managers flip you to the next virtual screen. I'm pretty fond of this feature in fvwm2; it's especially handy when moving or resizing windows.
(fvwm2 has a similar feature for Xinerama split screens when placing windows, which is really convenient.)
I have recently come to realize that the problem with edge flipping is that it shoots Fitts' Law in the head. With edge flipping in effect, the corners are usually not easy targets, because shortly after you hit them you flip to a new screen (which generally moves your mouse, among other things).
(Worse, fvwm2's implementation actually steals the edge pixel, so even if you have a very long delay on the edge flipping feature it doesn't help.)
This explains why I like my top left virtual screen so much; I have some useful stuff parked in the top left corner of the screen and in the top left virtual screen, that corner is not stolen by edge flipping. I also suspect that it explains why Gnome and KDE don't have this feature, despite how convenient it looks. (Of course, another reason would be the potential for user confusion: 'suddenly all the windows on my screen disappeared! what happened?' At least with explicit virtual screens the user had to click on something to make all their windows vanish.)
This is kind of depressing, since a few years ago I tried to reorganize my screen layout to make better use of the corners (although I didn't entirely succeed even without edge flipping). I'm not sure what to do; perhaps I should turn off edge flipping entirely for a while and see how much I actually use it and how annoying it feels to live without it.
(Thinking of Fitts' Law also makes me wonder how well the common Gnome and KDE desktops are using the corners these days. I suppose I should experiment and find out.)
2007-03-18
Why Unix setuid is incompatible with real network filesystems
One of the drawbacks of real network filesystems like AFS is that they don't support setuid. This isn't a feature that they've neglected to implement; it's a fundamental incompatibility.
The reason is ultimately simple: in a real network filesystem, the server doesn't trust the end nodes, and in particular it doesn't trust the end nodes not to lie to it. If an end node says 'the user X is doing this', the server must say 'prove it; show me that the user trusts you'. This trust is demonstrated through shared secrets; the user has a secret shared with the server, and the end node shows that it has the user's trust by showing it also knows the secret. And the whole problem is that setuid has no user there to share the secret with the end node.
This might seem unimportant, except that Unix uses the general idea
of setuid for a lot more than just setuid programs. If you don't have
setuid, you don't have anything that runs a program on behalf of the
user: .forwards, cron entries, web server CGI scripts, and often
even long-running daemons. You basically lose everything that wants to
operate unattended, and it turns out that this is a reasonably large
category of interesting stuff.
There are ways around this, but they are fundamentally hacks. They involve either the overall system trusting some carefully selected and authenticated end node to speak on behalf of users, or you outright giving your key to some end node that you trust. (Sometimes you are lucky and the system will allow you to create restricted sub-accounts, so that compromising the daemon or the system or whatever will not give access to your entire account.)
(There is a limited third way, which is subsystems giving you the ability to run limited programs or instructions inside themselves. It is probably not an accident that CMU's Andrew Project invented both AFS and Flames, an early in-server email classification program.)