Featuritis as Threat to Computer Security

posted by Roy Schestowitz on Jun 10, 2024

They say too much of a good thing can be bad for you. And "apropos OpenSSH," an associate said, "I suspect traces of Microsoft in that growing mess".

Like Mesa and Linux, Microsoft has in effect infiltrated (by payment) OpenSSH, which puts it at risk. They add Windows code to otherwise-simple and relatively secure bits of software to "extend" them to platforms with NSA back doors.

Here are some old articles about creeping featurism, featuritis, or feature creep [1, 2, 3].

Featuritis, also known as feature creep or creeping featurism, refers to the phenomenon in technology wherein a product does many things poorly rather than doing one thing well. At the very least, features will be “hidden” from the user among other features. In UX terms, this might manifest as poor information architecture, but it could lead to an unusable product.

When I think about avoiding featuritis I’m thinking about minimalism. What’s my MVP? How does “less is more” apply to my design? Of course, there are a certain number of affordances and features that belong to this product, but it’s my job to make sure users are not overwhelmed by a product that is poorly thought out.

1. Describes a systematic tendency to load more chrome and features onto systems at the expense of whatever elegance they may have possessed when originally designed. See also feeping creaturism. “You know, the main problem with BSD Unix has always been creeping featurism.”

2. More generally, the tendency for anything complicated to become even more complicated because people keep saying “Gee, it would be even better if it had this feature too”. (See feature.) The result is usually a patchwork because it grew one ad-hoc step at a time, rather than being planned. Planning is a lot of work, but it's easy to add just one extra little feature to help someone ... and then another ... and another.... When creeping featurism gets out of hand, it's like a cancer. The GNU hello program, intended to illustrate GNU command-line switch and coding conventions, is also a wonderful parody of creeping featurism; the distribution changelog is particularly funny. Usually this term is used to describe computer programs, but it could also be said of the federal government, the IRS 1040 form, and new cars. A similar phenomenon sometimes afflicts conscious redesigns; see second-system effect. See also creeping elegance.

“Creeping featurism is the tendency to add to the number of features of a product, often extending the number beyond all reason. There is no way that a product can remain usable and understandable by the time it has all of those special-purpose features that have been added in over time.”

― Donald A. Norman, The Design of Everyday Things

K.I.S.S. (Keep It Simple, Stupid) is essential for real security and outsourcing is the very opposite of security because it is compromising oneself based on trust in some unverifiable, inauditable entity, i.e. the antithesis of self-determination. It is imperative that we collectively reject the doctrine of fake security, wherein people controlling their computers is "sideloading". This morning we mentioned this in relation tom CAs. █