Re: [SLUG] Google Chrome for Linux !!!
Mike wrote: Maybe I'm a little hard nosed when it comes to stuff like that but users should read the default security settings The problem here is that Facebook changed the defaults and applied the changed defaults to existing data. I don't use Facebook. Erik -- -- Erik de Castro Lopo http://www.mega-nerd.com/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Google Chrome for Linux !!!
Amos Shapira amos.shap...@gmail.com writes: 2009/12/14 Daniel Pittman dan...@rimspace.net: Amos Shapira amos.shap...@gmail.com writes: My main blocker against using it for now is that apparently it saves passwords in cleartext. More seriously, apply regular Unix permissions to the file, so that it is only readable to you. (Better, apply that to your whole home directory.) The idea is that if the keys are encrypted on the disk then even if the disk gets stolen (e.g. together with the laptop it's in) then the thieves won't gain access to my passwords. Maybe I should consider encrypting my entire home directory (I think ubuntu offers such an option) but there is really not much to hide there besides my online passwords. You could just encrypt the .config directory, I guess. That is a fair point, though, and not really one I was thinking much about when I wrote that. Besides - Firefox provides it (actually I think it's a separate module which is shared with other Mozilla projects) so why can't Chrome? Oh, there isn't any reason it can't. It just doesn't. :) Really, though, it should be a damn standard thing in Linux, rather than this crazy expectation that Firefox should have anything to do with securely storing secrets. Daniel -- ✣ Daniel Pittman✉ dan...@rimspace.net☎ +61 401 155 707 ♽ made with 100 percent post-consumer electrons -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Google Chrome for Linux !!!
this is completely off topic but you'd know if you used facebook that when those changes went through the users were prompted upon login that security settings were changed. For the users that clicked through those prompts without reading or customizing anything, they got the defaults. it's not as if Facebook changed the settings without telling the users. I wouldn't normally side with Facebook but this isolated incident was totally pebkac On Mon, Dec 14, 2009 at 7:35 PM, Erik de Castro Lopo mle+s...@mega-nerd.com wrote: Mike wrote: Maybe I'm a little hard nosed when it comes to stuff like that but users should read the default security settings The problem here is that Facebook changed the defaults and applied the changed defaults to existing data. I don't use Facebook. Erik -- -- Erik de Castro Lopo http://www.mega-nerd.com/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Google Chrome for Linux !!!
Mike Andy wrote: this is completely off topic but you'd know if you used facebook that when those changes went through the users were prompted upon login that security settings were changed. For the users that clicked through those prompts without reading or customizing anything, they got the defaults. it's not as if Facebook changed the settings without telling the users. .. and further, they nagged users about the fact that they were going to do it for at least two weeks before-hand. Terry -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Google Chrome for Linux !!!
Terry Dawson wrote: Mike Andy wrote: this is completely off topic but you'd know if you used facebook that when those changes went through the users were prompted upon login that security settings were changed. For the users that clicked through those prompts without reading or customizing anything, they got the defaults. it's not as if Facebook changed the settings without telling the users. .. and further, they nagged users about the fact that they were going to do it for at least two weeks before-hand. How? Messages when they logged into Facebook? Was there a tick box that said Yes, I understand the implications of these changes? What if someone wasn't able to log into Facebook between when the warnings started and the change was made (sick on vacation, whatever)? Did they send emails? Did they require an acknowledgement email saying Yes, I understand the implications? Erik -- -- Erik de Castro Lopo http://www.mega-nerd.com/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Google Chrome for Linux !!!
On Mon, Dec 14, 2009 at 10:39:32PM +1100, Mike Andy wrote: this is completely off topic but you'd know if you used facebook that when those changes went through the users were prompted upon login that security settings were changed. For the users that clicked through those prompts without reading or customizing anything, they got the defaults. it's not as if Facebook changed the settings without telling the users. I wouldn't normally side with Facebook but this isolated incident was totally pebkac Partly but not totally pebkac. You would expect that your settings not be changed - i.e the 'defaults' should have been the ones closest to your existing settings. It was pretty underhanded or at least lazy of facebook in my not so humble opinion. The facebook founder himself buggered it up and his profile was public for a while, which was ... nice :-) The details are all over the net. Matt -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Google Chrome for Linux !!!
Erik de Castro Lopo wrote: How? Messages when they logged into Facebook? Was there a tick box that said Yes, I understand the implications of these changes? There might have been. :) I can't remember to be honest. What if someone wasn't able to log into Facebook between when the warnings started and the change was made (sick on vacation, whatever)? Did they send emails? Did they require an acknowledgement email saying Yes, I understand the implications? There is a difference between telling people something and ensuring that they understand it. Frankly, ticking a checkbox means nothing more than than the user has read the message. That's important, but it's no proof of understanding. Terry -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Google Chrome for Linux !!!
Terry Dawson wrote: There is a difference between telling people something and ensuring that they understand it. Frankly, ticking a checkbox means nothing more than than the user has read the message. That's important, but it's no proof of understanding. What I was getting at was that Facebook sent a message but changed things without ensuring that the message had be received by the recipient. For recipients who they could not confirm receipt of the messages there should have no change. Erik -- -- Erik de Castro Lopo http://www.mega-nerd.com/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Google Chrome for Linux !!!
Erik de Castro Lopo wrote: Terry Dawson wrote: There is a difference between telling people something and ensuring that they understand it. Frankly, ticking a checkbox means nothing more than than the user has read the message. That's important, but it's no proof of understanding. What I was getting at was that Facebook sent a message but changed things without ensuring that the message had be received by the recipient. For recipients who they could not confirm receipt of the messages there should have no change. I don't think no change was an option. How long do you realistically wait? I suppose they figured that you hadn't logged in for two weeks you probably didn't care. What if it had been twelve months, would that have been better? Terry -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] Google Chrome for Linux !!!
Terry Dawson wrote: I don't think no change was an option. How long do you realistically wait? I suppose they figured that you hadn't logged in for two weeks you probably didn't care. What if it had been twelve months, would that have been better? Well maybe it should have defaulted to a more restrictive scheme rather than a less restrictive scheme. If your ssh daemon can't validate a user with LDAP should the daemon left them in anyway or deny the user entry? Erik -- -- Erik de Castro Lopo http://www.mega-nerd.com/ -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
[SLUG] Australian government to censor your internets
I'm not sure if this belongs here, sorry if it doesn't. Well looks like the government got it's way. Our Internet will be censored next year. http://www.minister.dbcde.gov.au/media/media_releases/2009/115 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
