On Sat, May 4, 2013 at 2:37 AM, Michael Scherer misc@zarb.org wrote:
and I think that even Bruce Schneier have gave his opinion in favor of the proposal : http://www.schneier.com/blog/archives/2009/06/the_problem_wit_2.html http://www.schneier.com/blog/archives/2009/07/the_pros_and_co.html
Which he later took back.
I can add to that that I have seen more than once people setting a password which was not the one they believed due to :
- keyboard layout ( ie, qwerty vs azerty in France )
- small usage difference with Windows way, again on azerty keyboard
( people using capslock on french keyboard to type numbers while they should use shift, as capslock just type capital letter like À or É and not 0 or 2, and if you do not understand, just look on the web to compare how different it is from qwerty-based keyboard )
The installer should detect the keyboard automatically. In fact you can even tell it what type of keyboard you have on the first screen.
Or I could also speak of the small non standard keyboard such as macbook one where ~ or | are not printed and where using the wrong keyboard could result in wrong characters if you are unaware of the problem.
I think people that have Macs have learned how to use their slightly different keybaords by now.
But the discussion is not about that, even if I think the rational around the defaults. Showing by default will help people who are less familiar, hidden by default will satisfy people who think that's a security issue.
Showing by default helps no one.
Hidden by default and showing it on demand is likely to still be a hindrance to people who may not know they type their password wrong ( because I think most assume that it will work fine, we are not to a point where people assume by default this will fail ).
Straw man argument.
So what about hiding on demand, and having it visible by default ? This way, people who prefer to have it hidden will be happy, and we are still friendly to non technical users.
Absolutely wrong.
On Sat, May 4, 2013 at 11:10 AM, Michael Cronenworth mike@cchtml.com wrote:
On 05/04/2013 02:29 AM, Stef Walter wrote:
There's already this exact phoneish password hint capability in GTK+ with the 'gtk-entry-password-hint-timeout' setting. Turn it on in $XDG_CONFIG_HOME/gtk-3.0/settings.ini, or use gtk_settings_set_string_property()
I guess this is somewhat of a reasonable compromise.. if I was installing Fedora on my phone/tablet.
On Sat, May 4, 2013 at 2:48 PM, David Woodhouse dwmw2@infradead.org wrote:
Or a forum where said decisions can be overridden with a little more sanity, such as FESCo.
Has it come to that? Do we really need a committee to decide "sanity" and how ridiculous this is?
On Sat, May 4, 2013 at 9:35 AM, Adam Williamson awilliam@redhat.com wrote:
http://it.slashdot.org/story/13/05/04/1248242/fedora-19-to-stop-masking-pass...
Well, that escalated quickly.
As it should have.
So where do we go from here? I think the vast majority of people here have agreed that this was wrong. I guess does this now go to FESCo and let a few people vote on it?
Why can't there be a wider community approval be able to vote on things like this? As I stated earlier there are a list of things that have changed without any real widespread community approval.
I kind of feel helpless, and powerless.
Great. I brought the attention to a wider audience and the general public and something may or may not get done about it, but what about the next UI change I think is ridiculous or the ones I think that already are?
I don't feel like if I filed a bug anything would get done about it besides a "too bad" response.
I'm really lost.
Dan