Web Site Usability

[Bill Moran]

[You may not have been aware that your original post was to a mailing
list.  It's generally considered a good idea to keep conversations that
have relevence to the entire list on the list.  Use the "reply all" button.]

Mr. Arlen Britton wrote:
> Actually, the Apple web site refers to FreeBSD as being an organization 
> they partner with for various things, including security 
> vulnerabilities, etc. So, I naturally went to your web site and that of 
> CERT, looking for any identified flaws and info on their fix.

FreeBSD has no mechanism, that I am aware of, to distribute this kind of
thing to end-users.  Although I'm sure the Darwin projects and Apple work
closely with the FreeBSD developers to get fixes made quickly to all
vulnerable operating systems (this is traditional in the BSD world, if
you're curious, look at how OpenBSD, NetBSD, and FreeBSD work together
for these kinds of problems)

However, the code is just different (similar, though) and there are
undoubtably many cases where a FreeBSD patch would not work on your
OS X system.

> Since Darwin, etc is supposed to be an open source project, that means 
> users really don't have to wait for Apple to post a patch; they can 
> download and install it from open source sites such as CERT or FreeBSD.

I don't recommend this unless you're experienced in the ways of software
development.  Even pulling patches in from Darwin is liable to break your
OS X installation.  Unless you want to learn software development practice,
let the experts at Apple handle it for you.

Are you aware of any current vulnerabilities in OS X that can not be
patched with the tools Apple provides?  My experience has been that Apple
is very good at providing patches very quickly.  I'm curious as to why
you are even attempting to do it any other way.

If there is indeed anywhere on the Apple site that recommends that this
is a good idea, you should contact apple about the mistake.

> That's what I was hoping to find on either of your sites, but I didn't. 
> I found them convoluted, impossible to navigate with an certainty as to 
> where you'd end up; something only a system administrator could love.

First off, I'm a long-time FreeBSD user, so I'm blind to the problem you
are describing (for exactly the reason you're describing).

Secondly, I'm sure your complaints are valid, however, they're simply not
specific enough to fix.  I (for example) have no problem finding things
on the FreeBSD web site, but I already explained that I'm a long-time
user.

As a new visitor, your _detailed_ input would be invaluable to the site
developers.  However, comments like "it's too convoluted to find anything"
are not helpful to the site maintainers, because they're simply to
vague to fix.

> Of course, I am referring to Mac OS X, since Apple is or was working 
> with FreeBSD; perhaps their web site needs some updating in areas to 
> remove confusion.

It appears so.

> Still, I believe my main criticisms remain valid 
> regarding usability and navigation. Right now, it's just unworkable 
> unless you already know where something is that you want. Sadly, most 
> end users will not know this and cannot divine it from nothing.

As I said, specific examples of _how_ it is difficult and specific
examples of how it could be improved, _would_ be helpful to the site
maintainers.

> On Monday, November 10, 2003, at 10:32  AM, Bill Moran wrote:
> 
>> Mr.Arlen Britton wrote:
>>
>>> Your site needs some work to make it usable for the average person, 
>>> instead of the system administrators of these systems. For example, 
>>> if one were looking for security patches or vulnerabilities for Mac 
>>> OS X, there seems no way to search for them;
>>
>>
>> FreeBSD does not provide patches for OS X.  Apple provides patches for
>> OS X.  Use the utility built into OS X to get patches.
>>
>>> I tried and got no results that identified anything this way. Surely 
>>> you can do a better job of organizing and documenting these things so 
>>> that users can quickly find only what they are looking for, rather 
>>> than wade through a long list of cryptic descriptions that don't tell 
>>> them what they need to know.
>>
>>
>> I see a trend starting to develop here.  Perhaps there should be a very
>> visible section on the home page that points to a page describing the
>> differences/relationship between FreeBSD and OS X.
>>
>> This isn't the first time I've seen a user confused in this manner.
>>
>> Arlen, I assume where you're getting confused is the the brief 
>> explanation
>> that many give that "OS X is based on FreeBSD".  Please understand 
>> that a)
>> FreeBSD and OS X are two seperate softwares, b) OS X was originally based
>> on FreeBSD 3, but has now spawned a project of its own called Darwin, 
>> which
>> is seperate, but a cousin of FreeBSD and c) Apple has its own channels 
>> for
>> everything you are asking, if you have a valid OS X license, there is no
>> need to consult either the FreeBSD project, or even the Darwin project 
>> for
>> assistance.
>>
>> If you are actually asking about FreeBSD, then I am misunderstanding your
>> question, please restate it and ask again, and I apologize for the
>> confusion.
>>
>>> At the same time, if you have a patch for the specific 
>>> vulnerabilities in question, I don't think it would be too difficult 
>>> for you to identify whether or not the flaw exists in previous 
>>> versions of an OS (and which ones), and whether or not the patch 
>>> would fix it in those versions. I think working closely with the OS 
>>> vendors would enable them to provide this information to you.
>>
>>
>> I think you're still confused.  Which OS vendors are you speaking of?
>>
>>> Finally, you need to find a common method of identifying patches that 
>>> are specific to each OS version, rather than the cryptic names you 
>>> now give them; it certainly doesn't tell me anything at all, so I'm 
>>> sure a much less sophisticated end user would be even more confused.
>>
>>
>> I can't argue there.  Some sort of system to index them or allow a search
>> based on metadata would be nice, although somewhat complicated to get
>> going.
>>
>>> When can these changes be made?
>>
>>
>> The FreeBSD web site, like FreeBSD itself, is maintained by volunteers.
>>
>> If you have specific changes you'd like to see made, the normal way of
>> getting that done is to submit the changes to this list, where they will
>> receive peer review.  If what you submit is generally agreed to be an
>> improvement over what exists, a comitter will make the change very
>> quickly.
>>
>> If you'd like someone else to jump on the changes for you, there are
>> several options available to you.  One would be to sponsor a developer
>> to do them, by paying his fee while he does so.  Another would be to
>> generate enough overall interest and momentum in such a project, that
>> people get wrapped up in the excitement and start helping out of their
>> own free will.
>>
>> The first method can easily be done by contacting the FreeBSD 
>> Foundataion.
>> The second method requires social knowledge that I don't posess, and
>> therefore can not convey.
>>
>> Overall, volunteers' time is VERY valuable.  They work very hard to make
>> the web site the best possible, but their resources are not unlimited.
>> If you do have a specific improvement to the site, the site maintainers
>> would (honestly) be overjoyed for specific assistance in improving it.
>> That's what open-source is all about.


-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com