On Sat, May 4, 2013 at 2:37 AM, Michael Scherer <misc@xxxxxxxx> wrote: > and I think that even Bruce Schneier have gave his opinion in favor of > the proposal : > http://www.schneier.com/blog/archives/2009/06/the_problem_wit_2.html > http://www.schneier.com/blog/archives/2009/07/the_pros_and_co.html Which he later took back. > I can add to that that I have seen more than once people setting a > password which was not the one they believed due to : > - keyboard layout ( ie, qwerty vs azerty in France ) > - small usage difference with Windows way, again on azerty keyboard > ( people using capslock on french keyboard to type numbers while they > should use shift, as capslock just type capital letter like À or É and > not 0 or 2, and if you do not understand, just look on the web to > compare how different it is from qwerty-based keyboard ) The installer should detect the keyboard automatically. In fact you can even tell it what type of keyboard you have on the first screen. > Or I could also speak of the small non standard keyboard such as macbook > one where ~ or | are not printed and where using the wrong keyboard > could result in wrong characters if you are unaware of the problem. I think people that have Macs have learned how to use their slightly different keybaords by now. > But the discussion is not about that, even if I think the rational > around the defaults. > Showing by default will help people who are less familiar, hidden by > default will satisfy people who think that's a security issue. Showing by default helps no one. > Hidden by default and showing it on demand is likely to still be a > hindrance to people who may not know they type their password wrong > ( because I think most assume that it will work fine, we are not to a > point where people assume by default this will fail ). Straw man argument. > So what about hiding on demand, and having it visible by default ? This > way, people who prefer to have it hidden will be happy, and we are still > friendly to non technical users. Absolutely wrong. On Sat, May 4, 2013 at 11:10 AM, Michael Cronenworth <mike@xxxxxxxxxx> wrote: > On 05/04/2013 02:29 AM, Stef Walter wrote: >> >> There's already this exact phoneish password hint capability in GTK+ >> with the 'gtk-entry-password-hint-timeout' setting. Turn it on in >> $XDG_CONFIG_HOME/gtk-3.0/settings.ini, or use >> gtk_settings_set_string_property() I guess this is somewhat of a reasonable compromise.. if I was installing Fedora on my phone/tablet. On Sat, May 4, 2013 at 2:48 PM, David Woodhouse <dwmw2@xxxxxxxxxxxxx> wrote: > Or a forum where said decisions can be overridden with a little more > sanity, such as FESCo. Has it come to that? Do we really need a committee to decide "sanity" and how ridiculous this is? On Sat, May 4, 2013 at 9:35 AM, Adam Williamson <awilliam@xxxxxxxxxx> wrote: > http://it.slashdot.org/story/13/05/04/1248242/fedora-19-to-stop-masking-passwords > > Well, that escalated quickly. As it should have. So where do we go from here? I think the vast majority of people here have agreed that this was wrong. I guess does this now go to FESCo and let a few people vote on it? Why can't there be a wider community approval be able to vote on things like this? As I stated earlier there are a list of things that have changed without any real widespread community approval. I kind of feel helpless, and powerless. Great. I brought the attention to a wider audience and the general public and something may or may not get done about it, but what about the next UI change I think is ridiculous or the ones I think that already are? I don't feel like if I filed a bug anything would get done about it besides a "too bad" response. I'm really lost. Dan -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
