When this metadata indexing was introduced in gnome/kde many users complained, because it pegged their cpu and was really unasked for. But some felt that this was something the MacOSX had and therefore some developers felt it was a good default. I'm not convinced, partly because of the increased attack surface.
The desktop environment itself is but a small part of the complete desktop. Some important differences between those specific desktops are are:
1) Clicking a file both runs the code and opens the file, and difference is hidden from the user. 2) Mail clients start pretty much any software automatically to open attachments. 3) Office software runs code embedded in documents with just a user prompt. 4) A lot of plugins are active by default. Flash and ActiveX used to be, but this is better now. 5) Code is run automatically on removable media insertion. 6) Users download software from random web pages instead of vetted archives.
These things are not technical but behavioral in nature and make desktops ownable. I hope the Linux desktop never emulates them. Web browsers have gotten so much better but one simple thing they could is stop downloading things automatically. That save dialog won't scare anyone, and users will stop having lots and lots of unknown files in their download directory.
I mean, competently implemented background indexing shouldn't be a security risk or a performance issue.
Microsoft had those problems, too, when they introduced their own indexer with XP. Doing desktop support for slow XP boxes, you rapidly learned to disable the indexer first. But by roughly mid- to late Vista, it had ceased to be a general problem. (Maybe earlier; I had ceased to be closely involved with support by then.)
The other thing about an indexer like this is that you need it well integrated into the UI to get the benefit. macOS has Spotlight, which is excellent. Windows has Start search, which is OK for programs if you don't misspell the name, and tolerable for documents if you use the MS default home directory structure. I haven't used desktop Linux since Ubuntu 8 or so, so I don't know what it has, but if it is indeed a Spotlight-like experience they're shooting for, file indexing is just the start.
> I mean, competently implemented background indexing shouldn't be a security risk or a performance issue.
Except ofcourse in the 100% theoretical, never ever seen in the wild, case of bugs in file-format parsers. It's not like Linux's "file" or "strings"-utility[1] has had a local exploits in the past or anything.
Uhm... So yeah... About that....
Back in the real world, this is a very real attack vector. Especially when it runs in the background on a large batch of files, automatically and unasked for.
Note: I'm not saying I'm against indexing content for easier access and help locating files. I'm just saying that you can't simply dismiss it as a security-risk because it runs in the background.
Showing dialogs is not a solution. Various studies have already shown users click any dialog which pops up without actually reading the dialog.
Loads of browsers do download automatically. Making things inconvenient and delegating security decisions to the user isn't good enough. Make it convenient and secure!
PS/Edit: Btw, under Windows 10 loads of things are indexed. It makes things very convenient. You use your pc like Google. Instead of knowing exactly where things are you just "Google" for it. With that I mean it has a good working search that's also really quick in giving accurate results.
>Showing dialogs is not a solution. Various studies have already shown users click any dialog which pops up without actually reading the dialog.
I can't count the number of times that I was in the middle of writing a sentence, a dialog showed up, I accidentally pressed space bar and I was left wondering WTF just happened.
Locate doesn't do what Windows 10 does with search (locate just does filenames). Plus it's slower than Windows 10 nor does it give the most relevant results first.
Windows 10 experience: you press start then type in a few letters and you already get good relevant results. This completely different from locate!
Yes, and there were a few implementations from different groups, as you would expect. I'm typing this on a current Arch and locate, mlocate and slocate are all available from the mlocate package.
I've used locate ever since I used Linux, my first distro was Slackware downloaded to oh so many stiffies (the hard plastic successor to floppies) circa 1994, I certainly won't die in a ditch insisting it was in there but I would be very surprised if it wasn't.
I'll put in somewhere in the middle of my "mildly interesting to maybe know" research list.
Indexing for search - it depends upon what you use your computer for. Some of us want to do stuff with our processors and memory and get very annoyed when the OS decides to use resources we were hoping would be used for our programs...
Sadly the big ones are. Because they consider this behavior "user friendly".
At the same time they think they can contain the threat by wrapping everything in sandboxes. Effectively infantilizing the owner/user of the personal computer.
The desktop environment itself is but a small part of the complete desktop. Some important differences between those specific desktops are are: 1) Clicking a file both runs the code and opens the file, and difference is hidden from the user. 2) Mail clients start pretty much any software automatically to open attachments. 3) Office software runs code embedded in documents with just a user prompt. 4) A lot of plugins are active by default. Flash and ActiveX used to be, but this is better now. 5) Code is run automatically on removable media insertion. 6) Users download software from random web pages instead of vetted archives.
These things are not technical but behavioral in nature and make desktops ownable. I hope the Linux desktop never emulates them. Web browsers have gotten so much better but one simple thing they could is stop downloading things automatically. That save dialog won't scare anyone, and users will stop having lots and lots of unknown files in their download directory.