Am Sonntag, 27. April 2008 schrieb Basil Chupin:

...

I can live with that, too, but is this a good thing really? Is this feature one of those "good things" that the other OS is said to have?

Don't forget that Novell and MS are in a "marriage made in Heaven".

Microsoft is not offering OS X afaik. You're confusing operating systems, but thanks for trolling. Greetings, Stephan --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Don't forget that Novell and MS are in a "marriage made in Heaven".

The wife always tries to please the husband.

Hi Henne, I think repeating on trolling is a good reason for banning, no? Basil troll, why dont you go try to get a life and leave us alone? Your trollism, complete lack of understanding of anything computer related and childish behavior doesn't belong to this list. Thanks Marcio --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

On Sun, Apr 27, 2008 at 10:40 AM, Basil Chupin wrote:

Oh, HELLO!

Basil troll of the year --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Am Sonntag, 27. April 2008 schrieb Felix-Nicolai Müller:

some very bright and all knowing light(s) at novell thought this through for us already (to the fullest and absolutely correct extend). What fool are you to question those decisions? Don't you see that ubuntu is the way to go? It is by far and to utmost certainty the most usable and

Weren't you the one suggesting to use sudo as secure default without any root password? Please give a reason why this should be different other than "user passwords are generally way weaker" - especially as you declare with this the exact reason why it's nonsense to ask for two passwords. The user is much more likely to accept the "your password is weak" message box if this is the second password. Greetings, Stephan --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Felix-Nicolai Müller wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

Stephan Kulow schrieb: | Am Sonntag, 27. April 2008 schrieb Felix-Nicolai Müller: |> some very bright and all knowing light(s) at novell thought this through |> for us already (to the fullest and absolutely correct extend). What fool |> are you to question those decisions? Don't you see that ubuntu is the |> way to go? It is by far and to utmost certainty the most usable and | | Weren't you the one suggesting to use sudo as secure default without any | root password? I was suggesting to use sudo in order to make the point that this is worse than sudo and _even_ sudo would be the better way to go. | | Please give a reason why this should be different other than "user passwords | are generally way weaker" - especially as you declare with this the exact | reason why it's nonsense to ask for two passwords. Having a weak user password is not the best thing, but it's bearable. Having a weak root password is not a good idea at all. I have a relatively weak user password (as most people do) because it is in fact annoying to type in your 23 character user password each time you want to log in. Depending on how you use sudo, this becomes even more annoying. So it does make sense to ask for two passwords. It makes sense to show the user that there is a root user and that there is a difference between a normal user and root. It makes sense to the ones already knowing there is root to let them know what the root password is. You are focusing on those just clicking next (I assume from the line of your argumentation). But those are exactly the users who do not care about a weak password box.

Microsoft has realized that and worked around that in Vista. Security normally comes with a trade off in usability. This is just something the user has to learn instead of being pampered into a dumb state. Why should we make the same mistakes Microsoft has made in the past (and already done away with it)?

|The user is much more | likely to accept the "your password is weak" message box if this is the second password.

True, but they do not care about the first box either. | | Greetings, Stephan

Greetings Felix | ---------------------------------------------------------------------

When I saw I needed to use the "user" password for root, I thought it was due to inattention on my part during install. Like the man said, Novell is not about the mass user desktop and corporate users are more security conscious, so there is no reason to dumb down to the least common denominator of use. I have not read a single review where the long time and accepted Unix password setups have been given as a reason why anyone has decided Linux is not for them. Dumb idea for Ubuntu and dumber still for openSUSE to follow such a crass deviation. Regards Sid. -- Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach Microsoft Windows Free Zone - Linux used for all Computing Tasks --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

On Mon, 2008-04-28 at 12:56 +0200, Oddball wrote:

Sid Boyce schreef:

...

When I saw I needed to use the "user" password for root, I thought it was due to inattention on my part during install. Like the man said, Novell is not about the mass user desktop and corporate users are more security conscious, so there is no reason to dumb down to the least common denominator of use. I have not read a single review where the long time and accepted Unix password setups have been given as a reason why anyone has decided Linux is not for them. Dumb idea for Ubuntu and dumber still for openSUSE to follow such a crass deviation. Regards Sid.

I totaly agree, as i mentioned it weeks ago, when encountered that for the first time.. Simple: Don't change the better for the worse... (Ubuntu is *not* it, so why follow it? I did not know SuSE was in an identity crisis..)

This ml is about factory, not your lazy speculations about why something might have changed. Feel free to post those sort of things to the offtopic ml instead cause most people here could not care less. Thanks, Magnus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Magnus Boman schreef:

This ml is about factory, not your lazy speculations about why something might have changed. Feel free to post those sort of things to the offtopic ml instead cause most people here could not care less.

Thanks, Magnus

Who are you? What are you suggesting? What is lazy about testing? If you read this list more, you should know.. -- Enjoy your time around, Oddball (Now or never...) Besturingssysteem: Linux 2.6.25-rc9-17-default x86_64 Current user: oddball@AMD64x2-sfn1 System: openSUSE 11.0 (x86_64) Beta1 KDE: 4.0.3 (KDE 4.0.3) "release 17.1" --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephan Kulow schrieb: | Am Sonntag, 27. April 2008 schrieb Vahis: | | Not sure what you're talking about, but the reason is simple: it's easier | for the average user to remember _one_ cryptographically strong password | than two. So what we've seen is that people take either one very weak password | for either root or user (both being bad with us having ssh on by default - | which the majority of this list refused to change) or used the same password | for both. | | And we want to strengthen the message: the better way is to have one _GOOD_ | password in the average case openSUSE is installed - on people's home | machines. I disagree. Having two passwords is highly sensefull. Once a machine is set up and software installed you basically never really need the root password any more, as updating can be done passwordless using suid or sudo. Those users only using one password are also likely to use very weak passwords (as strong passwords are "hard" to use). | | If you see a good reason to force the average home user to remember two | passwords let me know. I don't know of any. As stated, a user does not need the root password frequently after lets say two weeks after having installed the box. Even I don't. Maybe it would be a good idea instead to integrate a password generator into the installer, which proposes a root password to the user. Of course, like in truecrypt, the user would really be made to either write it down or to choose one password himself. This is still less annoying than disregarding the "password is to weak" and the "password is in list" boxes which no one seems to read. | | Greetings, Stephan Cheers Felix | --------------------------------------------------------------------- | To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org | For additional commands, e-mail: opensuse-factory+help@opensuse.org | | | -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIFE6maQ44ga2xxAoRAkDvAKCS+9IsCh9zzBNyZk+DJSqcVqXEswCcCPMI Psq8BBtHAN7jiRxkh5bOil4= =yRXa -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephan Kulow schrieb: | Am Sonntag, 27. April 2008 schrieb Felix-Nicolai Müller: |> Those users only using one password are also likely to use very weak |> passwords (as strong passwords are "hard" to use). |> | |> This is still less annoying than disregarding the "password is to weak" |> and the "password is in list" boxes which no one seems to read. | | Hi, | | You seem to have a study on user's passwords on your hand. Where do you got | your data from? I study psychology. This is basically what I heard in a lecture about password usage. I will have to check with my prof to get the exact articles he was refering to, but I should be able to do that. For starters there is a study that is openly accessible: http://psychology.wichita.edu/surl/usabilitynews/81/pdf/Usability%20News%208... Sadly, the access to psychinfo/index is broken right now ( http://rzblx4.uni-regensburg.de/dbis_error//?bib_id=ubtr ). Sadly, I used the system to mark some interesting articles about password generation and usage among different user types which I cannot get to atm (for obvious reasons). Once it is working again I am happy to provide you with some literature. If you want to make further inquiries, you might want to check with Prof. Dr. Naumann from the university of Trier. HTH Felix | | Greetings, Stephan | --------------------------------------------------------------------- | To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org | For additional commands, e-mail: opensuse-factory+help@opensuse.org | | | -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIFFf8aQ44ga2xxAoRAg1eAKCswK1scad0m8yZbd8P0ttNrLaXCACeOH08 LyqPaYTnuoe3lrJ8IEiq+yo= =HXEj -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stephan Kulow schrieb: | Am Sonntag, 27. April 2008 schrieb Felix-Nicolai Müller: |> Those users only using one password are also likely to use very weak |> passwords (as strong passwords are "hard" to use). |> | |> This is still less annoying than disregarding the "password is to weak" |> and the "password is in list" boxes which no one seems to read. | | Hi, | | You seem to have a study on user's passwords on your hand. Where do you got | your data from? | | Greetings, Stephan | --------------------------------------------------------------------- | To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org | For additional commands, e-mail: opensuse-factory+help@opensuse.org | | | I just remebered the name of the journal the most articles were in: International Journal of Human-Computer Studies Again, can't find the articles due to the broken dbis, but you might have access to it, so now you can check yourself :-) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIFFkLaQ44ga2xxAoRAhRAAKCXKmKW4kF3CpSUV6w3xlR10hiP+gCdGNKy di4nto4ekshVI3l2t5koxkc= =05Kx -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Am Sonntag, 27. April 2008 schrieb Vahis:

...

The new installer defaults feel even more strange than the old ones.

In the old ones there was automatic login as default which I never accepted. I got used to remove automatic login as well as turn on receiving root mail.

Now the new defaults go even further towards the other OS. If there must be automatic login as default, so be it, I can live with that But why is the user password also the sysadmin pw as default?

I can live with that, too, but is this a good thing really? Is this feature one of those "good things" that the other OS is said to have?

Not sure what you're talking about, but the reason is simple: it's easier for the average user to remember _one_ cryptographically strong password than two. I meant what I wrote. I'm used to have strong user passwords and I'm also used to have strong root passwords. I keep talking about that to everybody. I also keep teaching them how

Stephan Kulow wrote: they can easily remember even the strongest passwords. I was just wondering why this is (IMHO) being weakened. Strong passwords for users and root being _the_ ultimate_ allmighty_ and therefore as well protected as possible is how I think. It's my opinion, that's all. You have answered my wonderings and I'm accepting your reasoning.

So what we've seen is that people take either one very weak password for either root or user (both being bad with us having ssh on by default - Having ssh on is good.

which the majority of this list refused to change) or used the same password for both.

And we want to strengthen the message: the better way is to have one _GOOD_ password in the average case openSUSE is installed - on people's home machines. Two is even better :) For servers and company work stations this might be very different and there is the checkbox to easily disable it and enter a separate root password (most often already defined by team guidelines).

Agreed.

If you see a good reason to force the average home user to remember two passwords let me know. I don't know of any.

I see no reason to force anybody to do anything. I'll keep my routines, the new users learn their own :)

Greetings, Stephan --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Cheers, Vahis --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Stephan Kulow wrote:

Am Sonntag, 27. April 2008 schrieb Vahis:

...

...

And we want to strengthen the message: the better way is to have one _GOOD_ password in the average case openSUSE is installed - on people's home machines.

Two is even better :)

You're very right and I bet everyone you talked to will disable the checkbox and thinking just as you "why the hell did they make it default, didn't they talk to Vahis". So "they" is you and the rest of openSUSE? And I'm the only one wondering this? I'm obviously very lucky to have only wondered and kinda asked, not _questioned_ what "they" do...

I said already I can live with that default.

Now the problem is: Not everyone is aware of what you wrote and those that are aware are way more likely to uncheck the checkbox. And those not aware are better off in having one they can remember.

Just as you uncheck autologin - for most people it's annoying to not autologin on their home machines, How can you know that? Oh, you must be talking about _all_ home computers, not just nix ones.

but those caring for security will always prefer having to type a strong password - even for mounting their hard drive.

I must admit that I have some partitions that I mount manually when need them. The rest of the time "they don't exist" I also lock my desktop when I leave the machine alone and I boot only for a reason. Cheers, Vahis --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Stephan Kulow wrote:

Am Sonntag, 27. April 2008 schrieb Vahis:

...

...

And we want to strengthen the message: the better way is to have one _GOOD_ password in the average case openSUSE is installed - on people's home machines.

Two is even better :)

You're very right and I bet everyone you talked to will disable the checkbox and thinking just as you "why the hell did they make it default, didn't they talk to Vahis".

You're quite a little character, aren't you? Being sarcastic towards Vahis is not the solution - nor is it something a person of quality is brought up to do. I found this part of the installation process totally unacceptable and was going to put in a 'bug report' or whatever it is called to point out this serious deviation from past practices used in SuSE.

Now the problem is: Not everyone is aware of what you wrote and those that are aware are way more likely to uncheck the checkbox. And those not aware are better off in having one they can remember.

What a lot of codswallop! Having 2, separate and distinct, passwords REINFORCES the idea that Linux is not a piece of crap where security is some fancy word. I don't suppose you have some scheme in mind to start a 3rd-party business putting together and flogging applications which will provide a Linux distro with security by giving users the opportunity to create separate passwords for the Administrator as opposed to the 'user'?

Just as you uncheck autologin - for most people it's annoying to not autologin on their home machines,

Again, what a lot of codswallop. Who have you been listening to? What "facts" are at your disposal and which you are now asked to quote here to show that "most people [are annoyed] to not autologin on their home machines"?

but those caring for security will always prefer having to type a strong password - even for mounting their hard drive.

And isn't this something that Linux has been trying to do- to educate people that security is an essential part of computing and that Linux provides security? And yet your comments are indicating that you are not a Linux person, don't understand the philosophy of unix/Linux, and have little regard to the principle of security for the common user. Ciao. -- If you want to know what a man is like, take a look at how he treats his inferiors not his equals. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

And yet your comments are indicating that you are not a Linux person, don't understand the philosophy of unix/Linux, and have little regard to the principle of security for the common user.

Yes, basil troll, the opensuse release manager, long time kde developer, and member of the opensuse board is not a linux person, he doesnt understand linux like you, oh, great linux overlord you are, he is just a newbie who doesnt know what he is doing. You are so cute you must poop rainbows. Oh not to mention the great security expert you are. Lots of papers published, right? Understand the very basics and frameworks of linux security, right? Oh wait, no, you are just a troll trolling in the opensuse list, someone that thinks that because you are in the internet and people cant check, you must be some kind of computer god expert master of the universe, right? But your idiotic talk about everything really gives you away, you need more practice pretending you are an expert. Seriously someone ban this idiot, its getting really tiresome. Basil, as I've said before a couple of times: go back to the circus, where people appreciate your clown acting. Marcio --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

On Sun, Apr 27, 2008 at 10:46 AM, Basil Chupin wrote:

Basil troll of the year --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

On Sun, Apr 27, 2008 at 10:57 AM, Basil Chupin wrote:

Basil troll of the year --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Look, opensuse-factory is a serious forum.

If you want to play silly kiddie games then take your nonsense to where it belongs- opensuse-offtopic.

And after you do, I will add your monicker to the other names of my bit-bucket brigade.

hahaha, I think you have mental problems, aside being a troll. You come here, troll for half a dozen of emails, call coolo a "guy that doesnt understand linux", despite you being a troll and he being the opensuse release manager, and then you come talking like a serious people like nobody read your little clown show in this thread? Serious, you are too dumb or have some mental condition. Either way, go to the doctor and not to this list. "oh look, this is a serious forum, dont troll" hahaha, you are amusing. Whats funny is that you really seem to believe everybody is dumb and nobody will realize your idiotic troll behavior. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

...

It is not that i want to mix in this conversation, but why can Basil not be who he is? Why does he have to leave the list, for being what he is?

Because he is a troll? Re-read the emails, please. He is a troll trolling and harassing the list, so he has to go, its that simple. Because factory is not a list to talk about "microsoft and novell are in bed mimimimi" stupidity, which he does in every thread in a periodic way, but not so often because then people would identify him as a troll. He is a clever troll, but the fact that he thinks people are too stupid to notice makes him a not so smart troll. Let the developers do their work. Best regards Marcio --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-04-27 at 13:31 +0200, Stephan Kulow wrote:

And we want to strengthen the message: the better way is to have one _GOOD_ password in the average case openSUSE is installed - on people's home machines. For servers and company work stations this might be very different and there is the checkbox to easily disable it and enter a separate root password (most often already defined by team guidelines).

I think it would be better the other way: use the checkbox to enable equal passwords instead, the default being separate passwords. Or have some kind of setting somewhere at the start for easy/experienced/very experienced setup, o simple/secure/more secure/very secure/paranoid, that changes those defaults.

If you see a good reason to force the average home user to remember two passwords let me know. I don't know of any.

I guess many people use a relatively simple user password and a hard root password. And in any case, if you force a strong password, they will just write it on a postit stuck to the keyboard of monitor :-p - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIFFjEtTMYHG2NR9URAi0/AKCXyVxUhob6WhjnxjhAdKHlS2GNLQCeN/ty +ZINgBvIP6doTrdoY0TcxqI= =Mnpu -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

2008/4/27, Kevin Dupuy :

On Sun, 2008-04-27 at 13:31 +0200, Stephan Kulow wrote: Not sure what you're talking about, but the reason is simple: it's easier

...

for the average user to remember _one_ cryptographically strong password than two. So what we've seen is that people take either one very weak password for either root or user (both being bad with us having ssh on by default - which the majority of this list refused to change) or used the same password for both.

And we want to strengthen the message: the better way is to have one _GOOD_ password in the average case openSUSE is installed - on people's home machines. For servers and company work stations this might be very different and there is the checkbox to easily disable it and enter a separate root password (most often already defined by team guidelines).

If you see a good reason to force the average home user to remember two passwords let me know. I don't know of any.

Greetings, Stephan --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

+1 Absolutely. -- Kevin "Yo" Dupuy | Public Mail | Yo.media: 225-590-5961 Swift Change for a Green Future: Kat Swift for President www.VoteSwift.org

+2 --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org