Remember Robert McCloskey’s story of Homer Price and the doughnut machine? The thing made doughnuts beautifully, but they couldn’t figure out how to turn it off. Complications ensued, and elementary school teachers wound up with an example that they could use to teach principles of supply and demand.
Homer and his Uncle Ulysses, just trying to make the machine stop, came to my mind upon reading this morning’s @RISK bulletin from the SANS Institute. One item caught my eye, a discussion of a “window injection vulnerability” in which “an untrusted website can inject content into a window opened by a trusted site.” Affecting multiple browsers, the tactic can be dodged by using a separate browser session for sensitive data: that is, “the user should exit from their browser program, launch the browser program for use exclusively in visiting an important site (such as a bank), and again exit from their browser program after use of this single site is completed.”
Well, thats a blast from the past. Remember the earliest days of the IBM PC, before we all had hard disks, when every application came on its own “boot disk”? And the normal way to start an application was by putting a task-specific floppy disk in the A: drive and giving a Control-Alt-Delete salute? Today, an open browser session is at least as much an entry point to my next task as the COMMAND.COM interpreter session was in the days of DOS. Restarting the browser from scratch is almost as much of a nuisance as restarting my entire machine. It usually means bookmarking an entire group of tabs, representing research that Ive been doing and action items that Ive been trying not to forget—but kudos to Mozilla and Opera for letting me do this—and reloading them all when I get my life back, thanking goodness for broadband connections.
But is it even enough to halt and restart the browser, given the proliferation of Quick Launch convenience features that keep some of an applications code loaded at all times for more rapid startup of a new session? Short of keeping a Task Manager list on the screen at all times, or an equivalent Activity Monitor session on the Macintosh desktop, were never really sure any more whats actually running on our machines. Whats next, an instruction to reboot the machine before and after logging in to your 401(K) management page?
Or perhaps this is the next great marketing opportunity for the virtual-workstation folks at VMware. Why limit ourselves to multi-tasking operating systems when we can just buy a whole bunch more memory and have multi-operating-system-session environments? Instead of starting up something as fragile and insecure as an application, we can start up a completely separate environment. Oh, wait a moment, these things would still be sharing a hard disk: wed better have separate disks as well. I dont like the direction that this is going in.
Pretty soon Ill need a banking appliance, a writing appliance, an imaging appliance, and a network to connect them. Or perhaps thats actually the best way to do things? Im sure that Sony or Apple would be happy to see the market evolving in this direction, but it doesnt seem cost-effective to me. I hate to think that were in the golden age of the universal machine, and that were headed back to the days of separate devices for every task.
If I cant turn something off, Im unlikely to turn it on ever again once I realize the possible problems. And I was already thinking about the problem of code that wont stop running when the @RISK bulletin hit my inbox at the crack of dawn. I had, as I often do, more than two dozen tabs open in a Mozilla window: I was researching an article, following a tree of references in which one site led to several others in a compound-growth way. Hey, thats what memory is for.
But my processor utilization was hovering at nearly 100 percent, even though I was merely typing while switching among the various open reference pages. Why? Apparently, because so many of those pages were running endless-loop Flash content in the form of animated advertisements. On my 1GHz Pentium III laptop with Win2K and 256MB RAM, I find that opening just one such page increases Mozillas CPU burden from just a few percent to a little over 10 percent. Having more than a dozen open tabs with Flash content appeared to be bringing my machine to its knees—but if “personal computer” still means anything, it ought to mean a machine whose resource allocation I can control.
Having my CPU hijacked by Web ads, most of which are running in the background while I work, is simply unacceptable. To some extent, this can be mitigated with browser preference settings and other stratagems that distract me from what Im trying to do, but what will I encounter tomorrow? What about a Web-service-based, distributed application environment in which too many tasks are running; too many of them demand excessive CPU time; too few of them have an accessible and well-behaved “off ” switch?
I dont know if anyone ever had the nerve to ask Robert McCloskey why Homer and Uncle Ulysses didnt just pull the plug on their runaway contraption. I don’t want to mess up the lesson plans of all those elementary-school teachers: teaching actual economics in the grade schools seems to me like a real win.
But Ill be happy to mess up the business plans of anyone who wants to push a process onto my machine that I cant stop, or at least suspend at will, without unpredictable effects on the job Im trying to do. Like any developer, Im pleased when my code can run forever without a strain. As a user, though, Im starting to be just as insistent that code should be able to stop—and should make it easy for me to do that.
The eWEEK Excellence Awards for 2004 are now accepting entries. Products and services that I can turn off at will can be entered, before the deadline of Jan. 31, 2005, at www.excellenceawardsonline.com.
Tell me what youd like to turn off at firstname.lastname@example.org