On Tue, 2012-04-03 at 16:10 +0900, Joel Rees wrote: > Well, there is a reason some people don't want universal ID, for example. > It's a lot broader topic than you may want to believe. It's similar to the > reason your httpd and ftpd (ntpd, nfs daemon, database daemons, etc.) > are operating as separate users, and are run by yet another daemon > operating as yet another user. But those /are/ separate users, to apply the user analogy to machines rather than people. On the other hand, when I'm browsing, typing, reading, mailing, downloading, whatever, I am just one person. You seem to be advocating changing user logons from what they are, to something else. Muddying things up with application sandboxing. Tim: >> Sure, there's /some/ added security in separated accounts for different >> activities, and some added privacy > s/some/a lot of/ > > if you set it up right. Until you have to do something that crosses over from one to the other (such as an email that requires website confirmation), and at that point all your quarantining gets instantly negated, past and present. >> (just recently it's become even more >> annoying how if you've logged into one service, you suddenly find that >> other things you're looking at have you "logged in as a user" rather >> than an anonymous browser). > Not a particularly recent phenomenon. I know it's not a new thing, but *recently* it seemed to have become worse. In the past, there was the outcry against Microsoft's Passport, as the universal logon, and one login to the system, of which people will probably remain logged into during their entire session, fingerprints everything that they do. Between then and now, it seemed that most major online services were quite independent from each other (e.g. what you did on eBay wasn't reflected on Amazon, etc.). More recently, the same sort of thing (as Passport) happened again with Google, YouTube, Yahoo, and probably some others becoming joined in one way or another, behind the scenes, as they've bought into each other. You log into one, e.g. so you can leave a comment on something in YouTube, and suddenly you notice that you're logged into Google, databasing every thing you do from then on, personally. >> But there's a lot of mess in when you need >> to be able to bridge between those different accounts (read and write to >> the files you saved in the other account). > Unless you have per-user groups and set the permissions right, > in which case it becomes a small, non-repetitive matter of navigation. Which a lot of people are probably not going to get right (no surprise there, because you have to understand it, how to implement it, and how not to negate your efforts). And having commonly accessible data through a particular user group may well be a hole in that security model. And we're rapidly getting into tinfoil hat territory. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
