[opensuse-factory] User and root defaults
The new installer defaults feel even more strange than the old ones. In the old ones there was automatic login as default which I never accepted. I got used to remove automatic login as well as turn on receiving root mail. Now the new defaults go even further towards the other OS. If there must be automatic login as default, so be it, I can live with that But why is the user password also the sysadmin pw as default? I can live with that, too, but is this a good thing really? Is this feature one of those "good things" that the other OS is said to have? I'm in the middle of installing and configuring, so I don't have a real opinion on that yet, though :) I have made the first installation using KDE4 defaults all the way and that's no biggie personally cos it can be changed but I'm wondering... Vahis --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Vahis wrote:
The new installer defaults feel even more strange than the old ones.
In the old ones there was automatic login as default which I never accepted. I got used to remove automatic login as well as turn on receiving root mail.
Now the new defaults go even further towards the other OS. If there must be automatic login as default, so be it, I can live with that But why is the user password also the sysadmin pw as default?
I can live with that, too, but is this a good thing really? Is this feature one of those "good things" that the other OS is said to have?
Don't forget that Novell and MS are in a "marriage made in Heaven". The wife always tries to please the husband. In other words (just like it has happened to TV programs) SuSE is being dumbed-down to the level of the intelligence of the husband's friends. Ciao -- If you want to know what a man is like, take a look at how he treats his inferiors not his equals. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am Sonntag, 27. April 2008 schrieb Basil Chupin:
I can live with that, too, but is this a good thing really? Is this feature one of those "good things" that the other OS is said to have?
Don't forget that Novell and MS are in a "marriage made in Heaven".
Microsoft is not offering OS X afaik. You're confusing operating systems, but thanks for trolling. Greetings, Stephan --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Stephan Kulow wrote:
Am Sonntag, 27. April 2008 schrieb Basil Chupin:
I can live with that, too, but is this a good thing really? Is this feature one of those "good things" that the other OS is said to have?
Don't forget that Novell and MS are in a "marriage made in Heaven".
Microsoft is not offering OS X afaik. You're confusing operating systems, but thanks for trolling.
Is ok, no problemo, glad to be of service. Ciao. -- If you want to know what a man is like, take a look at how he treats his inferiors not his equals. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Don't forget that Novell and MS are in a "marriage made in Heaven".
The wife always tries to please the husband.
Hi Henne, I think repeating on trolling is a good reason for banning, no? Basil troll, why dont you go try to get a life and leave us alone? Your trollism, complete lack of understanding of anything computer related and childish behavior doesn't belong to this list. Thanks Marcio --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Druid wrote:
Don't forget that Novell and MS are in a "marriage made in Heaven".
The wife always tries to please the husband.
Hi Henne,
I think repeating on trolling is a good reason for banning, no?
Basil troll, why dont you go try to get a life and leave us alone? Your trollism, complete lack of understanding of anything computer related and childish behavior doesn't belong to this list.
Thanks
Marcio
Oh, HELLO! There you are, Marcio/Druid! What took you so long to get around to writing? Just got out of bed, did we? Looking forward to more of your inspirational chatter as the day progresses. Don't forget that it is still Sunday, 27 April, at this point in time and it is Easter and I hope that the Easter Bunny brought you some nice multi-coloured eggs and some 'koolich' as well. Ciao. -- If you want to know what a man is like, take a look at how he treats his inferiors not his equals. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Sun, Apr 27, 2008 at 10:40 AM, Basil Chupin
Oh, HELLO!
Basil troll of the year --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Druid wrote:
On Sun, Apr 27, 2008 at 10:40 AM, Basil Chupin
wrote: Oh, HELLO!
Basil troll of the year
You're a rude little man. I am being polite and friendly and you call me names! Not nice. Which part of the world do you come from, BTW? Ciao -- If you want to know what a man is like, take a look at how he treats his inferiors not his equals. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vahis schrieb: | The new installer defaults feel even more strange than the old ones. | | In the old ones there was automatic login as default which I never | accepted. | I got used to remove automatic login as well as turn on receiving root | mail. | | Now the new defaults go even further towards the other OS. | If there must be automatic login as default, so be it, I can live with that | But why is the user password also the sysadmin pw as default? | | I can live with that, too, but is this a good thing really? | Is this feature one of those "good things" that the other OS is said to | have? | | I'm in the middle of installing and configuring, so I don't have a real | opinion on that yet, though :) | I have made the first installation using KDE4 defaults all the way and | that's no biggie personally cos it can be changed but I'm wondering... | | Vahis | --------------------------------------------------------------------- | To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org | For additional commands, e-mail: opensuse-factory+help@opensuse.org | | | Hi Vahis, some very bright and all knowing light(s) at novell thought this through for us already (to the fullest and absolutely correct extend). What fool are you to question those decisions? Don't you see that ubuntu is the way to go? It is by far and to utmost certainty the most usable and easiest distribution and we have to do what they do. See bug https://bugzilla.novell.com/show_bug.cgi?id=381420 Kind regards Felix -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIFEWyaQ44ga2xxAoRAoRXAKCZQr/u+eXsDe/0YqzuL2D+tIrdbgCfXgm8 UcegT1hEMryZDuSyledCU3A= =GSZ8 -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Felix-Nicolai Müller wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Vahis schrieb: | The new installer defaults feel even more strange than the old ones. | | In the old ones there was automatic login as default which I never | accepted. | I got used to remove automatic login as well as turn on receiving root | mail. | | Now the new defaults go even further towards the other OS. | If there must be automatic login as default, so be it, I can live with that | But why is the user password also the sysadmin pw as default? | | I can live with that, too, but is this a good thing really? | Is this feature one of those "good things" that the other OS is said to | have? | | I'm in the middle of installing and configuring, so I don't have a real | opinion on that yet, though :) | I have made the first installation using KDE4 defaults all the way and | that's no biggie personally cos it can be changed but I'm wondering... | | Vahis | --------------------------------------------------------------------- | To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org | For additional commands, e-mail: opensuse-factory+help@opensuse.org | | | Hi Vahis,
some very bright and all knowing light(s) at novell thought this through for us already (to the fullest and absolutely correct extend). What fool are you to question those decisions?
Alright already, which fool (= ass, birdbrain, dimwit, dolt, dunce, idiot, ignoramus, moron, et al) are we to question about 'those' decisions? I - and quite a few more people I have no doubt - would be most interested in questioning that fool.
Don't you see that ubuntu is the way to go? It is by far and to utmost certainty the most usable and easiest distribution and we have to do what they do. See bug https://bugzilla.novell.com/show_bug.cgi?id=381420
Ah, a possible indication.... Sad......but not unexpected.... Ciao. -- If you want to know what a man is like, take a look at how he treats his inferiors not his equals. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am Sonntag, 27. April 2008 schrieb Felix-Nicolai Müller:
some very bright and all knowing light(s) at novell thought this through for us already (to the fullest and absolutely correct extend). What fool are you to question those decisions? Don't you see that ubuntu is the way to go? It is by far and to utmost certainty the most usable and
Weren't you the one suggesting to use sudo as secure default without any root password? Please give a reason why this should be different other than "user passwords are generally way weaker" - especially as you declare with this the exact reason why it's nonsense to ask for two passwords. The user is much more likely to accept the "your password is weak" message box if this is the second password. Greetings, Stephan --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephan Kulow schrieb: | Am Sonntag, 27. April 2008 schrieb Felix-Nicolai Müller: |> some very bright and all knowing light(s) at novell thought this through |> for us already (to the fullest and absolutely correct extend). What fool |> are you to question those decisions? Don't you see that ubuntu is the |> way to go? It is by far and to utmost certainty the most usable and | | Weren't you the one suggesting to use sudo as secure default without any | root password? I was suggesting to use sudo in order to make the point that this is worse than sudo and _even_ sudo would be the better way to go. | | Please give a reason why this should be different other than "user passwords | are generally way weaker" - especially as you declare with this the exact | reason why it's nonsense to ask for two passwords. Having a weak user password is not the best thing, but it's bearable. Having a weak root password is not a good idea at all. I have a relatively weak user password (as most people do) because it is in fact annoying to type in your 23 character user password each time you want to log in. Depending on how you use sudo, this becomes even more annoying. So it does make sense to ask for two passwords. It makes sense to show the user that there is a root user and that there is a difference between a normal user and root. It makes sense to the ones already knowing there is root to let them know what the root password is. You are focusing on those just clicking next (I assume from the line of your argumentation). But those are exactly the users who do not care about a weak password box. Microsoft has realized that and worked around that in Vista. Security normally comes with a trade off in usability. This is just something the user has to learn instead of being pampered into a dumb state. Why should we make the same mistakes Microsoft has made in the past (and already done away with it)? |The user is much more | likely to accept the "your password is weak" message box if this is the second password. True, but they do not care about the first box either. | | Greetings, Stephan Greetings Felix | --------------------------------------------------------------------- | To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org | For additional commands, e-mail: opensuse-factory+help@opensuse.org | | | -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIFFFcaQ44ga2xxAoRAuLdAKC+B5Xf13Uy2eO85PxPeDeym3MUYgCeJtrv ZLxtj/arSMFeJw7cwYs5llo= =bJmM -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Felix-Nicolai Müller wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Stephan Kulow schrieb: | Am Sonntag, 27. April 2008 schrieb Felix-Nicolai Müller: |> some very bright and all knowing light(s) at novell thought this through |> for us already (to the fullest and absolutely correct extend). What fool |> are you to question those decisions? Don't you see that ubuntu is the |> way to go? It is by far and to utmost certainty the most usable and | | Weren't you the one suggesting to use sudo as secure default without any | root password? I was suggesting to use sudo in order to make the point that this is worse than sudo and _even_ sudo would be the better way to go. | | Please give a reason why this should be different other than "user passwords | are generally way weaker" - especially as you declare with this the exact | reason why it's nonsense to ask for two passwords. Having a weak user password is not the best thing, but it's bearable. Having a weak root password is not a good idea at all. I have a relatively weak user password (as most people do) because it is in fact annoying to type in your 23 character user password each time you want to log in. Depending on how you use sudo, this becomes even more annoying. So it does make sense to ask for two passwords. It makes sense to show the user that there is a root user and that there is a difference between a normal user and root. It makes sense to the ones already knowing there is root to let them know what the root password is. You are focusing on those just clicking next (I assume from the line of your argumentation). But those are exactly the users who do not care about a weak password box.
Microsoft has realized that and worked around that in Vista. Security normally comes with a trade off in usability. This is just something the user has to learn instead of being pampered into a dumb state. Why should we make the same mistakes Microsoft has made in the past (and already done away with it)?
|The user is much more | likely to accept the "your password is weak" message box if this is the second password.
True, but they do not care about the first box either. | | Greetings, Stephan
Greetings Felix | ---------------------------------------------------------------------
When I saw I needed to use the "user" password for root, I thought it was due to inattention on my part during install. Like the man said, Novell is not about the mass user desktop and corporate users are more security conscious, so there is no reason to dumb down to the least common denominator of use. I have not read a single review where the long time and accepted Unix password setups have been given as a reason why anyone has decided Linux is not for them. Dumb idea for Ubuntu and dumber still for openSUSE to follow such a crass deviation. Regards Sid. -- Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach Microsoft Windows Free Zone - Linux used for all Computing Tasks --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Sid Boyce schreef:
When I saw I needed to use the "user" password for root, I thought it was due to inattention on my part during install. Like the man said, Novell is not about the mass user desktop and corporate users are more security conscious, so there is no reason to dumb down to the least common denominator of use. I have not read a single review where the long time and accepted Unix password setups have been given as a reason why anyone has decided Linux is not for them. Dumb idea for Ubuntu and dumber still for openSUSE to follow such a crass deviation. Regards Sid.
I totaly agree, as i mentioned it weeks ago, when encountered that for the first time.. Simple: Don't change the better for the worse... (Ubuntu is *not* it, so why follow it? I did not know SuSE was in an identity crisis..) -- Enjoy your time around, Oddball (Now or never...) Besturingssysteem: Linux 2.6.25-rc9-17-default x86_64 Current user: oddball@AMD64x2-sfn1 System: openSUSE 11.0 (x86_64) Beta1 KDE: 4.0.3 (KDE 4.0.3) "release 17.1" --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Mon, 2008-04-28 at 12:56 +0200, Oddball wrote:
Sid Boyce schreef:
When I saw I needed to use the "user" password for root, I thought it was due to inattention on my part during install. Like the man said, Novell is not about the mass user desktop and corporate users are more security conscious, so there is no reason to dumb down to the least common denominator of use. I have not read a single review where the long time and accepted Unix password setups have been given as a reason why anyone has decided Linux is not for them. Dumb idea for Ubuntu and dumber still for openSUSE to follow such a crass deviation. Regards Sid.
I totaly agree, as i mentioned it weeks ago, when encountered that for the first time.. Simple: Don't change the better for the worse... (Ubuntu is *not* it, so why follow it? I did not know SuSE was in an identity crisis..)
This ml is about factory, not your lazy speculations about why something might have changed. Feel free to post those sort of things to the offtopic ml instead cause most people here could not care less. Thanks, Magnus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Magnus Boman wrote:
On Mon, 2008-04-28 at 12:56 +0200, Oddball wrote:
When I saw I needed to use the "user" password for root, I thought it was due to inattention on my part during install. Like the man said, Novell is not about the mass user desktop and corporate users are more security conscious, so there is no reason to dumb down to the least common denominator of use. I have not read a single review where the long time and accepted Unix password setups have been given as a reason why anyone has decided Linux is not for them. Dumb idea for Ubuntu and dumber still for openSUSE to follow such a crass deviation. Regards Sid. I totaly agree, as i mentioned it weeks ago, when encountered that for
Sid Boyce schreef: the first time.. Simple: Don't change the better for the worse... (Ubuntu is *not* it, so why follow it? I did not know SuSE was in an identity crisis..)
This ml is about factory, not your lazy speculations about why something might have changed. Feel free to post those sort of things to the offtopic ml instead cause most people here could not care less.
Thanks, Magnus
Not wishing to start this all off again. The topic was on this list and still rumbles on. I just added to it. End of my LAST POST on topic. Regards Sid. -- Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach Microsoft Windows Free Zone - Linux used for all Computing Tasks --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Magnus Boman schreef:
This ml is about factory, not your lazy speculations about why something might have changed. Feel free to post those sort of things to the offtopic ml instead cause most people here could not care less.
Thanks, Magnus
Who are you? What are you suggesting? What is lazy about testing? If you read this list more, you should know.. -- Enjoy your time around, Oddball (Now or never...) Besturingssysteem: Linux 2.6.25-rc9-17-default x86_64 Current user: oddball@AMD64x2-sfn1 System: openSUSE 11.0 (x86_64) Beta1 KDE: 4.0.3 (KDE 4.0.3) "release 17.1" --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am Sonntag, 27. April 2008 schrieb Vahis:
The new installer defaults feel even more strange than the old ones.
In the old ones there was automatic login as default which I never accepted. I got used to remove automatic login as well as turn on receiving root mail.
Now the new defaults go even further towards the other OS. If there must be automatic login as default, so be it, I can live with that But why is the user password also the sysadmin pw as default?
I can live with that, too, but is this a good thing really? Is this feature one of those "good things" that the other OS is said to have?
Not sure what you're talking about, but the reason is simple: it's easier for the average user to remember _one_ cryptographically strong password than two. So what we've seen is that people take either one very weak password for either root or user (both being bad with us having ssh on by default - which the majority of this list refused to change) or used the same password for both. And we want to strengthen the message: the better way is to have one _GOOD_ password in the average case openSUSE is installed - on people's home machines. For servers and company work stations this might be very different and there is the checkbox to easily disable it and enter a separate root password (most often already defined by team guidelines). If you see a good reason to force the average home user to remember two passwords let me know. I don't know of any. Greetings, Stephan --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephan Kulow schrieb: | Am Sonntag, 27. April 2008 schrieb Vahis: | | Not sure what you're talking about, but the reason is simple: it's easier | for the average user to remember _one_ cryptographically strong password | than two. So what we've seen is that people take either one very weak password | for either root or user (both being bad with us having ssh on by default - | which the majority of this list refused to change) or used the same password | for both. | | And we want to strengthen the message: the better way is to have one _GOOD_ | password in the average case openSUSE is installed - on people's home | machines. I disagree. Having two passwords is highly sensefull. Once a machine is set up and software installed you basically never really need the root password any more, as updating can be done passwordless using suid or sudo. Those users only using one password are also likely to use very weak passwords (as strong passwords are "hard" to use). | | If you see a good reason to force the average home user to remember two | passwords let me know. I don't know of any. As stated, a user does not need the root password frequently after lets say two weeks after having installed the box. Even I don't. Maybe it would be a good idea instead to integrate a password generator into the installer, which proposes a root password to the user. Of course, like in truecrypt, the user would really be made to either write it down or to choose one password himself. This is still less annoying than disregarding the "password is to weak" and the "password is in list" boxes which no one seems to read. | | Greetings, Stephan Cheers Felix | --------------------------------------------------------------------- | To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org | For additional commands, e-mail: opensuse-factory+help@opensuse.org | | | -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIFE6maQ44ga2xxAoRAkDvAKCS+9IsCh9zzBNyZk+DJSqcVqXEswCcCPMI Psq8BBtHAN7jiRxkh5bOil4= =yRXa -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am Sonntag, 27. April 2008 schrieb Felix-Nicolai Müller:
Those users only using one password are also likely to use very weak passwords (as strong passwords are "hard" to use).
This is still less annoying than disregarding the "password is to weak" and the "password is in list" boxes which no one seems to read.
Hi, You seem to have a study on user's passwords on your hand. Where do you got your data from? Greetings, Stephan --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephan Kulow schrieb: | Am Sonntag, 27. April 2008 schrieb Felix-Nicolai Müller: |> Those users only using one password are also likely to use very weak |> passwords (as strong passwords are "hard" to use). |> | |> This is still less annoying than disregarding the "password is to weak" |> and the "password is in list" boxes which no one seems to read. | | Hi, | | You seem to have a study on user's passwords on your hand. Where do you got | your data from? I study psychology. This is basically what I heard in a lecture about password usage. I will have to check with my prof to get the exact articles he was refering to, but I should be able to do that. For starters there is a study that is openly accessible: http://psychology.wichita.edu/surl/usabilitynews/81/pdf/Usability%20News%208... Sadly, the access to psychinfo/index is broken right now ( http://rzblx4.uni-regensburg.de/dbis_error//?bib_id=ubtr ). Sadly, I used the system to mark some interesting articles about password generation and usage among different user types which I cannot get to atm (for obvious reasons). Once it is working again I am happy to provide you with some literature. If you want to make further inquiries, you might want to check with Prof. Dr. Naumann from the university of Trier. HTH Felix | | Greetings, Stephan | --------------------------------------------------------------------- | To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org | For additional commands, e-mail: opensuse-factory+help@opensuse.org | | | -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIFFf8aQ44ga2xxAoRAg1eAKCswK1scad0m8yZbd8P0ttNrLaXCACeOH08 LyqPaYTnuoe3lrJ8IEiq+yo= =HXEj -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am Sonntag, 27. April 2008 schrieb Felix-Nicolai Müller:
Stephan Kulow schrieb: | Am Sonntag, 27. April 2008 schrieb Felix-Nicolai Müller: |> Those users only using one password are also likely to use very weak |> passwords (as strong passwords are "hard" to use). |> |> |> This is still less annoying than disregarding the "password is to weak" |> and the "password is in list" boxes which no one seems to read. | | Hi, | | You seem to have a study on user's passwords on your hand. Where do
you got
| your data from?
I study psychology. This is basically what I heard in a lecture about password usage. I will have to check with my prof to get the exact
Your article is about user's passwords. Hard to read anything into it about users using strong passwords for root if asked to type in two passwords. The only possibly reference I found was that ~80% use the same password for multiple accounts. Greetings, Stephan --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephan Kulow schrieb: | Am Sonntag, 27. April 2008 schrieb Felix-Nicolai Müller: |> Those users only using one password are also likely to use very weak |> passwords (as strong passwords are "hard" to use). |> | |> This is still less annoying than disregarding the "password is to weak" |> and the "password is in list" boxes which no one seems to read. | | Hi, | | You seem to have a study on user's passwords on your hand. Where do you got | your data from? | | Greetings, Stephan | --------------------------------------------------------------------- | To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org | For additional commands, e-mail: opensuse-factory+help@opensuse.org | | | I just remebered the name of the journal the most articles were in: International Journal of Human-Computer Studies Again, can't find the articles due to the broken dbis, but you might have access to it, so now you can check yourself :-) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIFFkLaQ44ga2xxAoRAhRAAKCXKmKW4kF3CpSUV6w3xlR10hiP+gCdGNKy di4nto4ekshVI3l2t5koxkc= =05Kx -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Stephan Kulow wrote:
Am Sonntag, 27. April 2008 schrieb Vahis:
The new installer defaults feel even more strange than the old ones.
In the old ones there was automatic login as default which I never accepted. I got used to remove automatic login as well as turn on receiving root mail.
Now the new defaults go even further towards the other OS. If there must be automatic login as default, so be it, I can live with that But why is the user password also the sysadmin pw as default?
I can live with that, too, but is this a good thing really? Is this feature one of those "good things" that the other OS is said to have?
Not sure what you're talking about, but the reason is simple: it's easier for the average user to remember _one_ cryptographically strong password than two. So what we've seen is that people take either one very weak password for either root or user (both being bad with us having ssh on by default - which the majority of this list refused to change) or used the same password for both.
You have "seen" all this!? You have looked inside my system, and other users' systems, to come this conclusion?! You are implying that you have been spying inside our systems to know what passwords we use as root and user?
And we want to strengthen the message: the better way is to have one _GOOD_ password in the average case openSUSE is installed - on people's home machines.
Oh, PU-LEEZE, Stephan don't come up with a wimpish and weak excuse for coming up with a reason for having a single password for a user and root! SuSE *always* ensured that the pwd for user was different to the user's pwd. Your explanation for the change is totally inane -- sorry to be blunt, but it is assinine! It may be acceptable for someone using MS rubbish but it is not OK for someone installing and about to use a Linux OS. (Sacrebleu! Are you people really getting brainwashed through your association with MS?!) Ciao. -- If you want to know what a man is like, take a look at how he treats his inferiors not his equals. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am Sonntag, 27. April 2008 schrieb Vahis:
The new installer defaults feel even more strange than the old ones.
In the old ones there was automatic login as default which I never accepted. I got used to remove automatic login as well as turn on receiving root mail.
Now the new defaults go even further towards the other OS. If there must be automatic login as default, so be it, I can live with that But why is the user password also the sysadmin pw as default?
I can live with that, too, but is this a good thing really? Is this feature one of those "good things" that the other OS is said to have?
Not sure what you're talking about, but the reason is simple: it's easier for the average user to remember _one_ cryptographically strong password than two. I meant what I wrote. I'm used to have strong user passwords and I'm also used to have strong root passwords. I keep talking about that to everybody. I also keep teaching them how
Stephan Kulow wrote: they can easily remember even the strongest passwords. I was just wondering why this is (IMHO) being weakened. Strong passwords for users and root being _the_ ultimate_ allmighty_ and therefore as well protected as possible is how I think. It's my opinion, that's all. You have answered my wonderings and I'm accepting your reasoning.
So what we've seen is that people take either one very weak password for either root or user (both being bad with us having ssh on by default - Having ssh on is good.
which the majority of this list refused to change) or used the same password for both.
And we want to strengthen the message: the better way is to have one _GOOD_ password in the average case openSUSE is installed - on people's home machines. Two is even better :) For servers and company work stations this might be very different and there is the checkbox to easily disable it and enter a separate root password (most often already defined by team guidelines).
Agreed.
If you see a good reason to force the average home user to remember two passwords let me know. I don't know of any.
I see no reason to force anybody to do anything. I'll keep my routines, the new users learn their own :)
Greetings, Stephan --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Cheers, Vahis --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am Sonntag, 27. April 2008 schrieb Vahis:
And we want to strengthen the message: the better way is to have one _GOOD_ password in the average case openSUSE is installed - on people's home machines.
Two is even better :)
You're very right and I bet everyone you talked to will disable the checkbox and thinking just as you "why the hell did they make it default, didn't they talk to Vahis". Now the problem is: Not everyone is aware of what you wrote and those that are aware are way more likely to uncheck the checkbox. And those not aware are better off in having one they can remember. Just as you uncheck autologin - for most people it's annoying to not autologin on their home machines, but those caring for security will always prefer having to type a strong password - even for mounting their hard drive. Greetings, Stephan --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Stephan Kulow wrote:
Am Sonntag, 27. April 2008 schrieb Vahis:
And we want to strengthen the message: the better way is to have one _GOOD_ password in the average case openSUSE is installed - on people's home machines.
Two is even better :)
You're very right and I bet everyone you talked to will disable the checkbox and thinking just as you "why the hell did they make it default, didn't they talk to Vahis". So "they" is you and the rest of openSUSE? And I'm the only one wondering this? I'm obviously very lucky to have only wondered and kinda asked, not _questioned_ what "they" do...
I said already I can live with that default.
Now the problem is: Not everyone is aware of what you wrote and those that are aware are way more likely to uncheck the checkbox. And those not aware are better off in having one they can remember.
Just as you uncheck autologin - for most people it's annoying to not autologin on their home machines, How can you know that? Oh, you must be talking about _all_ home computers, not just nix ones.
but those caring for security will always prefer having to type a strong password - even for mounting their hard drive.
I must admit that I have some partitions that I mount manually when need them. The rest of the time "they don't exist" I also lock my desktop when I leave the machine alone and I boot only for a reason. Cheers, Vahis --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Vahis wrote:
Stephan Kulow wrote:
Am Sonntag, 27. April 2008 schrieb Vahis:
And we want to strengthen the message: the better way is to have one _GOOD_ password in the average case openSUSE is installed - on people's home machines. Two is even better :)
You're very right and I bet everyone you talked to will disable the checkbox and thinking just as you "why the hell did they make it default, didn't they talk to Vahis". So "they" is you and the rest of openSUSE? And I'm the only one wondering this? I'm obviously very lucky to have only wondered and kinda asked, not _questioned_ what "they" do...
I said already I can live with that default.
Now the problem is: Not everyone is aware of what you wrote and those that are aware are way more likely to uncheck the checkbox. And those not aware are better off in having one they can remember.
Just as you uncheck autologin - for most people it's annoying to not autologin on their home machines, How can you know that? Oh, you must be talking about _all_ home computers, not just nix ones.
but those caring for security will always prefer having to type a strong password - even for mounting their hard drive. I must admit that I have some partitions that I mount manually when need them. The rest of the time "they don't exist" I also lock my desktop when I leave the machine alone and I boot only for a reason.
Cheers, Vahis
Wise move and something in corporate shops that is strongly demanded. I had a colleague who left his laptop unlocked for a while allowing someone to send an email saying he was leaving the company, inviting everyone in UK Field Engineering to his leaving do for a drink. It could have been worse, like that someone sending an abusive email to the MD on his behalf. He would have been instantly dismissed for at least flouting the rules on security, immaterial in any case as it would have been proven to be an email from his ID. Regards Sid. -- Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach Microsoft Windows Free Zone - Linux used for all Computing Tasks --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Stephan Kulow wrote:
Am Sonntag, 27. April 2008 schrieb Vahis:
And we want to strengthen the message: the better way is to have one _GOOD_ password in the average case openSUSE is installed - on people's home machines.
Two is even better :)
You're very right and I bet everyone you talked to will disable the checkbox and thinking just as you "why the hell did they make it default, didn't they talk to Vahis".
You're quite a little character, aren't you? Being sarcastic towards Vahis is not the solution - nor is it something a person of quality is brought up to do. I found this part of the installation process totally unacceptable and was going to put in a 'bug report' or whatever it is called to point out this serious deviation from past practices used in SuSE.
Now the problem is: Not everyone is aware of what you wrote and those that are aware are way more likely to uncheck the checkbox. And those not aware are better off in having one they can remember.
What a lot of codswallop! Having 2, separate and distinct, passwords REINFORCES the idea that Linux is not a piece of crap where security is some fancy word. I don't suppose you have some scheme in mind to start a 3rd-party business putting together and flogging applications which will provide a Linux distro with security by giving users the opportunity to create separate passwords for the Administrator as opposed to the 'user'?
Just as you uncheck autologin - for most people it's annoying to not autologin on their home machines,
Again, what a lot of codswallop. Who have you been listening to? What "facts" are at your disposal and which you are now asked to quote here to show that "most people [are annoyed] to not autologin on their home machines"?
but those caring for security will always prefer having to type a strong password - even for mounting their hard drive.
And isn't this something that Linux has been trying to do- to educate people that security is an essential part of computing and that Linux provides security? And yet your comments are indicating that you are not a Linux person, don't understand the philosophy of unix/Linux, and have little regard to the principle of security for the common user. Ciao. -- If you want to know what a man is like, take a look at how he treats his inferiors not his equals. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Basil Chupin wrote:
And isn't this something that Linux has been trying to do- to educate people that security is an essential part of computing and that Linux provides security?
And yet your comments are indicating that you are not a Linux person, don't understand the philosophy of unix/Linux, and have little regard to the principle of security for the common user.
Ciao.
+1 I thought one of the major points of linux was it's security and resistance to viruses, adware and spyware. Regards Dave P --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
And yet your comments are indicating that you are not a Linux person, don't understand the philosophy of unix/Linux, and have little regard to the principle of security for the common user.
Yes, basil troll, the opensuse release manager, long time kde developer, and member of the opensuse board is not a linux person, he doesnt understand linux like you, oh, great linux overlord you are, he is just a newbie who doesnt know what he is doing. You are so cute you must poop rainbows. Oh not to mention the great security expert you are. Lots of papers published, right? Understand the very basics and frameworks of linux security, right? Oh wait, no, you are just a troll trolling in the opensuse list, someone that thinks that because you are in the internet and people cant check, you must be some kind of computer god expert master of the universe, right? But your idiotic talk about everything really gives you away, you need more practice pretending you are an expert. Seriously someone ban this idiot, its getting really tiresome. Basil, as I've said before a couple of times: go back to the circus, where people appreciate your clown acting. Marcio --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Druid wrote:
And yet your comments are indicating that you are not a Linux person, don't understand the philosophy of unix/Linux, and have little regard to the principle of security for the common user.
Yes, basil troll, the opensuse release manager, long time kde developer, and member of the opensuse board is not a linux person, he doesnt understand linux like you, oh, great linux overlord you are, he is just a newbie who doesnt know what he is doing. You are so cute you must poop rainbows.
Oh not to mention the great security expert you are. Lots of papers published, right? Understand the very basics and frameworks of linux security, right? Oh wait, no, you are just a troll trolling in the opensuse list, someone that thinks that because you are in the internet and people cant check, you must be some kind of computer god expert master of the universe, right? But your idiotic talk about everything really gives you away, you need more practice pretending you are an expert.
Seriously someone ban this idiot, its getting really tiresome.
Basil, as I've said before a couple of times: go back to the circus, where people appreciate your clown acting.
Marcio
There you go again....if I told you once I told you a million times: flattery will not get you anywhere! (But it doesn't mean that I don't appreciate your efforts....) Ciao. -- If you want to know what a man is like, take a look at how he treats his inferiors not his equals. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Druid wrote:
On Sun, Apr 27, 2008 at 10:46 AM, Basil Chupin
wrote: Basil troll of the year
How absolutely nice! That's 2 votes in the one night! Ciao. -- If you want to know what a man is like, take a look at how he treats his inferiors not his equals. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Druid wrote:
On Sun, Apr 27, 2008 at 10:57 AM, Basil Chupin
wrote: Basil troll of the year
Look, opensuse-factory is a serious forum. If you want to play silly kiddie games then take your nonsense to where it belongs- opensuse-offtopic. And after you do, I will add your monicker to the other names of my bit-bucket brigade. Ciao. -- If you want to know what a man is like, take a look at how he treats his inferiors not his equals. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Look, opensuse-factory is a serious forum.
If you want to play silly kiddie games then take your nonsense to where it belongs- opensuse-offtopic.
And after you do, I will add your monicker to the other names of my bit-bucket brigade.
hahaha, I think you have mental problems, aside being a troll. You come here, troll for half a dozen of emails, call coolo a "guy that doesnt understand linux", despite you being a troll and he being the opensuse release manager, and then you come talking like a serious people like nobody read your little clown show in this thread? Serious, you are too dumb or have some mental condition. Either way, go to the doctor and not to this list. "oh look, this is a serious forum, dont troll" hahaha, you are amusing. Whats funny is that you really seem to believe everybody is dumb and nobody will realize your idiotic troll behavior. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Druid schreef:
Look, opensuse-factory is a serious forum.
If you want to play silly kiddie games then take your nonsense to where it belongs- opensuse-offtopic.
And after you do, I will add your monicker to the other names of my bit-bucket brigade.
hahaha, I think you have mental problems, aside being a troll.
You come here, troll for half a dozen of emails, call coolo a "guy that doesnt understand linux", despite you being a troll and he being the opensuse release manager, and then you come talking like a serious people like nobody read your little clown show in this thread? Serious, you are too dumb or have some mental condition. Either way, go to the doctor and not to this list.
"oh look, this is a serious forum, dont troll"
hahaha, you are amusing. Whats funny is that you really seem to believe everybody is dumb and nobody will realize your idiotic troll behavior.
It is not that i want to mix in this conversation, but why can Basil not be who he is? Why does he have to leave the list, for being what he is? He has his opinions, same as you... he has his way of sayings and speak, and you have yours.. Nobody says to you that you have to stop calling names to others? What is wrong about having a 'troll number one' as you say, in our midst? He is, same as more of us, concerned about the 'new ways', SuSE seems to go, which are not for the better, if it comes to weaken the way, to become as the weakest.. Same as he, i do not think it wise to conform to things less as we are used to.. -- Enjoy your time around, Oddball (Now or never...) Besturingssysteem: Linux 2.6.25-rc9-17-default x86_64 Current user: oddball@AMD64x2-sfn1 System: openSUSE 11.0 (x86_64) Beta1 KDE: 4.0.3 (KDE 4.0.3) "release 17.1" --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
It is not that i want to mix in this conversation, but why can Basil not be who he is? Why does he have to leave the list, for being what he is?
Because he is a troll? Re-read the emails, please. He is a troll trolling and harassing the list, so he has to go, its that simple. Because factory is not a list to talk about "microsoft and novell are in bed mimimimi" stupidity, which he does in every thread in a periodic way, but not so often because then people would identify him as a troll. He is a clever troll, but the fact that he thinks people are too stupid to notice makes him a not so smart troll. Let the developers do their work. Best regards Marcio --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Hi, This thread ends here. Henne -- Henne Vogelsang, openSUSE. Everybody has a plan, until they get hit. - Mike Tyson --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-04-27 at 13:31 +0200, Stephan Kulow wrote:
And we want to strengthen the message: the better way is to have one _GOOD_ password in the average case openSUSE is installed - on people's home machines. For servers and company work stations this might be very different and there is the checkbox to easily disable it and enter a separate root password (most often already defined by team guidelines).
I think it would be better the other way: use the checkbox to enable equal passwords instead, the default being separate passwords. Or have some kind of setting somewhere at the start for easy/experienced/very experienced setup, o simple/secure/more secure/very secure/paranoid, that changes those defaults.
If you see a good reason to force the average home user to remember two passwords let me know. I don't know of any.
I guess many people use a relatively simple user password and a hard root password. And in any case, if you force a strong password, they will just write it on a postit stuck to the keyboard of monitor :-p - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIFFjEtTMYHG2NR9URAi0/AKCXyVxUhob6WhjnxjhAdKHlS2GNLQCeN/ty +ZINgBvIP6doTrdoY0TcxqI= =Mnpu -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Sun, 2008-04-27 at 13:31 +0200, Stephan Kulow wrote: Not sure what you're talking about, but the reason is simple: it's easier
for the average user to remember _one_ cryptographically strong password than two. So what we've seen is that people take either one very weak password for either root or user (both being bad with us having ssh on by default - which the majority of this list refused to change) or used the same password for both.
And we want to strengthen the message: the better way is to have one _GOOD_ password in the average case openSUSE is installed - on people's home machines. For servers and company work stations this might be very different and there is the checkbox to easily disable it and enter a separate root password (most often already defined by team guidelines).
If you see a good reason to force the average home user to remember two passwords let me know. I don't know of any.
Greetings, Stephan --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
+1 Absolutely.
--
Kevin "Yo" Dupuy | Public Mail
2008/4/27, Kevin Dupuy
On Sun, 2008-04-27 at 13:31 +0200, Stephan Kulow wrote: Not sure what you're talking about, but the reason is simple: it's easier
for the average user to remember _one_ cryptographically strong password than two. So what we've seen is that people take either one very weak password for either root or user (both being bad with us having ssh on by default - which the majority of this list refused to change) or used the same password for both.
And we want to strengthen the message: the better way is to have one _GOOD_ password in the average case openSUSE is installed - on people's home machines. For servers and company work stations this might be very different and there is the checkbox to easily disable it and enter a separate root password (most often already defined by team guidelines).
If you see a good reason to force the average home user to remember two passwords let me know. I don't know of any.
Greetings, Stephan --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
+1 Absolutely. -- Kevin "Yo" Dupuy | Public Mail
| Yo.media: 225-590-5961 Swift Change for a Green Future: Kat Swift for President www.VoteSwift.org
+2 --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (13)
-
Basil Chupin
-
Carlos E. R.
-
Dave Plater
-
Druid
-
Felix-Nicolai Müller
-
Henne Vogelsang
-
Kevin Dupuy
-
Magnus Boman
-
Oddball
-
Sid Boyce
-
Stephan Kulow
-
Vahis
-
¡ElCheVive!