Re: Flames over -- Re: Which is simpler?

[Kyle Moffett]

On Feb 14, 2006, at 13:39, Phillip Susi wrote:
> > > I think most users prefer a system that works right when you use  
> > > it right to one that doesn't break quite as badly when you do  
> > > something stupid.
> >
> > I think you just proved my point.  Running the "sync" command a  
> > couple times then unplugging the USB stick basically never results  
> > in data loss even if the filesystem is mounted.  Spontaneously  
> > switching block devices under a mounted filesystem is guaranteed  
> > to either panic the machine or cause massive data corruption or both.
>
> But who cares?  There are plenty of really stupid things users can  
> do to hose their system, it isn't right to prevent them from doing  
> something perfectly reasonable just because it reduces the damage  
> done when they do something completely unreasonable.

How is swapping USB devices while suspended unreasonable?  Come to  
think of it, I did it inadvertently about 15 minutes ago with my  
PowerBook (while booted into Mac OS).  I had a USB key that I was  
copying a file to for someone.  After shutting the lid, I unplugged  
mouse, USB key, and power block.  About 30 minutes later I had  
somebody else with a key who wanted to give me a file.  I had the key  
plugged in before the laptop was finished waking up from sleep.  Now,  
I don't know for certain that neither key had a serial number, but  
the two I have here in my hand certainly don't, and I could _easily_  
see somebody swapping USB keys not knowing that they're "not supposed  
to do that" and getting massive data corruption when the filesystem  
reads and writes pages from a completely different block device.

> > SCSI != USB.  Users generally don't expect to hotplug SCSI devices  
> > while booted and running (with the exception of some _really_  
> > expensive hotplug-bays where we expect the admin to know what the  
> > hell they're doing).  On the other hand, users _do_ expect to  
> > hotplug random USB devices whenever they feel like it.
>
> So because SCSI is more expensive than USB, it is ok to assume it  
> will only be used by people who know what they are doing?  And  
> since USB will be used by people who don't know what they are  
> doing, we must assume they will always do silly things ( swap or  
> modify the drive while suspended ), at the expense of those who don't?

Did you read what I wrote?  People don't generally expect to randomly  
plug and unplug SCSI drives whenever they feel like it.  They _do_  
expect to randomly plug and unplug USB drives, mice, keyboards,  
tablets, network adapters, etc, because _everything_ supports such  
random plugging.

Creating an extremely odd and hard to predict failure mode (when you  
reconnect USB devices while suspended on hardware that doesn't  
support proper USB suspend) with a high probability of causing data  
corruption or crashes is wrong.  Especially since you could easily  
teach users that "You need to eject USB things before you sleep the  
computer _or_ just fix the kernel to do it for you.  That's probably  
something we should be doing for all network filesystems anyways.

Cheers,
Kyle Moffett

--
I didn't say it would work as a defense, just that they can spin that  
out for years in court if it came to it.
  -- Rob Landley



-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/