Project

General

Profile

Bug #16117

Change warning about virtual machine pop-up time of appearance

Added by mercedes508 7 months ago. Updated 3 months ago.

Status:
Confirmed
Priority:
Low
Assignee:
-
Category:
Virtualization
Target version:
-
Start date:
11/11/2018
Due date:
% Done:

0%

QA Check:
Feature Branch:
Type of work:
User interface design
Blueprint:
Starter:
Affected tool:

Description

Hi,

we received a bug report claiming that the pop-up notification of "warning: non-free wirtual machine detected" is disappearing too fast for people to read its full content and then understand why this warning is about.


Related issues

Related to Tails - Feature #12003: Set a warning message in RCs and alpha releases In Progress 11/28/2016
Related to Tails - Feature #7439: Decide whether to remove the "clock synchronization" notification Confirmed 06/22/2014

History

#1 Updated by mercedes508 6 months ago

  • Status changed from New to Confirmed

#2 Updated by intrigeri 6 months ago

  • Assignee changed from intrigeri to sajolida
  • Type of work changed from Code to User interface design

we received a bug report claiming that the pop-up notification of "warning: non-free wirtual machine detected" is disappearing too fast for people to read its full content and then understand why this warning is about.

It's not 100% clear to me whether this report is about the lifetime of this notification or about the time when it is initially displayed.

I've tried to reproduce this and in my test VM, that notification remains displayed for 1min20s, until it is replaced with the "Tor is ready" one. I guess that with a faster network connection this duration would be shorter. It may also be that when Tails is set up to display other notifications (e.g. Additional Software), then the virtualization warning notification is replaced much faster.

The reasoning behind making this notification "transient" (i.e. it'll eventually expire even if the user does not dismiss it explicitly) can be found in 79af9c3a6fe353e8cc44a009d37d9683bc27e191 and a257e520382d96de9a00a2905794b3dd2cf93c84. The alternative is to leave this notification around forever until the user manually dismisses it, at the cost of ~20MB of RAM if they don't. Given a user of Tails in a VM will see this warning every time they start Tails, I'm still leaning towards the current choice (transient). Sadly, in this specific case we can't even write anything hopeful like "once we can detect first boot or let the user choose to not display a specific notification ever again, we can make this notification non-transient" because I'm pretty sure that most users of Tails in VMs start from DVD or USB without persistence.

#3 Updated by sajolida 6 months ago

  • Related to Feature #12003: Set a warning message in RCs and alpha releases added

#4 Updated by sajolida 6 months ago

  • Assignee changed from sajolida to intrigeri
  • QA Check set to Info Needed

Reading this, I also think it's best to leave the notification transient than to make it permanent.

Another option would be to do something similar as for #12003: Make the warning permanently visible somehow, without relying on the notification system. We might consider this again after implementing #12003 which seems more important to me (giving the low impact of this particular issue).

Also, is there a rationale behind warning people about a non-free VM but not about a non-free host operating system? I understand that technically it might be much more complicated to know what the host operating system is, but from a user's perspective wouldn't a non-free operating system deserve as much of a warning? And if we don't warn about a non-free operating system only because we can't, then we might relax about notifying about a non-free VM (or make the VM warning stronger for everybody, maybe similar to #12003).

So I'm on the verge of rejecting this ticket, unless we think that it would be worth reusing the work on #12003 to improve the warnings on virtual machines in general.

#5 Updated by intrigeri 6 months ago

  • Assignee changed from intrigeri to sajolida

Another option would be to do something similar as for #12003: Make the warning permanently visible somehow, without relying on the notification system. We might consider this again after implementing #12003 which seems more important to me (giving the low impact of this particular issue).

Agreed.

Also, is there a rationale behind warning people about a non-free VM but not about a non-free host operating system? I understand that technically it might be much more complicated to know what the host operating system is, but from a user's perspective wouldn't a non-free operating system deserve as much of a warning? And if we don't warn about a non-free operating system only because we can't,

Unfortunately, we can't tell for sure what the host OS is.

then we might relax about notifying about a non-free VM

OK, this is a 2×2 matrix:

  • free OS, free virtualization software: we do the right thing
  • free OS, non-free virtualization software: almost not a thing in the real world ⇒ does not matter much; and anyway, I think our current phrasing is OK
  • non-free OS, free virtualization software: we don't tell anything specific about software freedom; this is a problem
  • non-free OS, non-free virtualization software: we do the right thing

So there's only one among these 4 situations in which we don't perform as well as we could. Now, I understand what you're suggesting is not really about whether we handle each specific case correctly, it's more about consistency between the warning level we raise.

Therefore I propose this:

  • notification title: "Warning: virtual machine detected!" or "Warning: non-free virtual machine detected!", as we do now
  • notification body in all cases where we've detected virtualization: "Both the host operating system and the virtualization software are able to monitor what you are doing in Tails. Only free software can be considered trustworthy, for both the host operating system and the virtualization software.", i.e. what we currently display when we detect non-free virtualization software.

This improves consistency, lowers a bit the relative warning level of "non-free virtualization software on free OS", better communicates the risks of "free virtualization software on non-free OS".

But that's off-topic here so if you agree we could/should change this, please file a dedicated ticket or ask me to :)

(or make the VM warning stronger for everybody, maybe similar to #12003).

Let's please not do that: I meet lots of people who were lead to believe (by this warning + our corresponding doc) that we recommend against running Tails in VMs. Every time I have to explain that it's not what we intend to do and it's a trade-off: running Tails in a VM gives some safety benefits at the cost of some safety drawbacks. Feel free to file a ticket about that problem if you think it's worth it.

So I'm on the verge of rejecting this ticket, unless we think that it would be worth reusing the work on #12003 to improve the warnings on virtual machines in general.

As long as this ticket is about one single user report, I'm leaning towards rejecting as well. If/once help desk gives us aggregated data that tells us the problem is more widespread, then yeah, I like the approach you're suggesting.

#6 Updated by sajolida 6 months ago

  • Status changed from Confirmed to Rejected

Therefore I propose this:

  • notification title: "Warning: virtual machine detected!" or "Warning: non-free virtual machine detected!", as we do now
  • notification body in all cases where we've detected virtualization: "Both the host operating system and the virtualization software are able to monitor what you are doing in Tails. Only free software can be considered trustworthy, for both the host operating system and the virtualization software.", i.e. what we currently display when we detect non-free virtualization software.

This improves consistency, lowers a bit the relative warning level of "non-free virtualization software on free OS", better communicates the risks of "free virtualization software on non-free OS".

But that's off-topic here so if you agree we could/should change this, please file a dedicated ticket or ask me to :)

Ok, see you on #16195.

Let's please not do that: I meet lots of people who were lead to believe (by this warning + our corresponding doc) that we recommend against running Tails in VMs. Every time I have to explain that it's not what we intend to do and it's a trade-off: running Tails in a VM gives some safety benefits at the cost of some safety drawbacks. Feel free to file a ticket about that problem if you think it's worth it.

Ok.

As long as this ticket is about one single user report, I'm leaning towards rejecting as well. If/once help desk gives us aggregated data that tells us the problem is more widespread, then yeah, I like the approach you're suggesting.

I'm rejecting then.

#7 Updated by sajolida 6 months ago

  • Assignee deleted (sajolida)
  • QA Check deleted (Info Needed)

#8 Updated by sajolida 5 months ago

  • Related to Feature #7439: Decide whether to remove the "clock synchronization" notification added

#9 Updated by sajolida 5 months ago

  • Status changed from Rejected to New
  • Assignee set to intrigeri
  • Target version deleted (Tails_3.11)
  • QA Check set to Info Needed

Sorry but I'm reopening this ticket after doing more tests to answer: http://lists.autistici.org/message/20181212.142717.81378a93.en.html.

I did some more tests on my Mac and the notification is only displayed for a few seconds until I get the time sync notification.

The notification is also not visible in the notification area.

So indeed, this notification is way too short living to be able to read it, despite multiple boots.

intrigeri: How come your tests differ (#16117#note-2)? Didn't you get the time sync notification?

Could we get the virtual machine notification stick to the notification area?

#10 Updated by intrigeri 4 months ago

Sorry but I'm reopening this ticket after doing more tests to answer: http://lists.autistici.org/message/20181212.142717.81378a93.en.html.

Thanks! No need to be sorry :)

This is on my radar, I'll look into this post-3.12 as it seems way less urgent than tons of other things we need to fix in 3.12.

#11 Updated by mercedes508 4 months ago

  • Status changed from New to Confirmed

#12 Updated by intrigeri 3 months ago

  • Assignee changed from intrigeri to sajolida

I did some more tests on my Mac and the notification is only displayed for a few seconds until I get the time sync notification.
The notification is also not visible in the notification area.

So indeed, this notification is way too short living to be able to read it, despite multiple boots.

intrigeri: How come your tests differ (#16117#note-2)?

I tested again and I see the same results as last time. Note that I am not interacting with the system in any way when doing these tests, e.g. I don't click on the clock to see what's in the notification area. Note that the "Tor is ready" notification replaces the VM warning notification only once the latter disappears, but I'm pretty sure it's already there in the notification area earlier (GNOME Shell will only display one notification at once).

But I can reproduce what you've observed if I click on the clock to display the notification area while the VM warning notification is visible: for some reason, doing this seems to make the VM warning notification go away much earlier. Maybe this explains your test results? Could you please redo your tests, making sure not to interact with the system at all, so we get results we can compare?

Didn't you get the time sync notification?

I did not. But that's not particularly relevant here: the time needed for bootstrapping Tor vastly dominates the total time before "Tor is ready" (bootstrap + time needed to sync the clock) so wrt. making the VM warning disappear, the time sync notification and the "Tor is ready" one are almost equivalent.

Could we get the virtual machine notification stick to the notification area?

If it were made permanent (which costs RAM when the notification must react to actions such as clicking a link), yes; but not as long it's transient.

Taking a step back, I'm not quite sure about what would be a good UX here: fixing the problem this ticket is about will make other things worse (e.g. the user will see "Tor is ready" much later unless the click the VM warning one). I'm not convinced that flooding the user with 3+ notifications after every login is an efficient way to communicate them what we want them to be aware of.

#13 Updated by sajolida 3 months ago

  • Assignee deleted (sajolida)
  • QA Check deleted (Info Needed)

I did more tests and I got the same results. I'm not touching anything. Sometimes the notification is displayed a couple of second, sometimes less, sometimes more. It's replaced by the time sync notification and is not present in the notification area if I go there to try to read it afterwards.

But anyway, I don't think that this ticket is of a particularly high value, even if VM people can't really read this notification.

I spent way too much time doing these tests already...

Also available in: Atom PDF