Re: Untrusted software and security click-through warnings
Alexander Sack writes (Re: Untrusted software and security click-through warnings): how about using a captcha-like mechanism to trigger this decisionmaking process? I assume this is some kind of joke but I'm afraid I don't get it. Ian. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Untrusted software and security click-through warnings
Alexander Sack writes (Re: Untrusted software and security click-through warnings): I completely agree. My point is: if captchas don't help then why would pasting commands from the net help to get the user think about the risk their actions imply? The point is pasting random commands from the net is inherently more scary than saying `yes' a few times. Although we cannot save all of our users, we can save that proportion of them who are likely to hesitate when a website says something like please type `wget thingy | sudo bash'. If you have a concrete suggestion for an approach which is likely to save _in practice_ a greater proportion of our users, please do suggest it. My opinion is clearly that we should come up with a decent and standardized way to add third party applications that we can actually _control_ and design in a way that at least gives our users a chance to educate themselves before taking any action. Absolutely. If we can't provide a sensible way for a users to accomplish their task, we train them to accomplish it in an insane way. So the removal of dangerous features which we have currently ineffectually protected by yes, yes, yes style confirmations should go hand-in-hand with the provision of sensible ways of achieving the same objectives. For tasks which involve third-party software this involves some kind of accreditation/approval process. If you just ignore the demand to install third party applications from third party repositories you will likely train our user-base to just google the internet and follow arbitrary instructions they find - which can't be what we want. Absolutely. Ian. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Untrusted software and security click-through warnings
João Pinto writes (Re: Untrusted software and security click-through warnings): 2 - fake software, or companion software ... Case 2 can only be addressed by educating people on how to use the internet on a safely manner, again, typing random commands from an untrusted web site is a major security risk for any OS, and it is a very common practice for Linux users in particular At the moment a user can unwittingly compromise their system just by clicking on one thing on a website and then saying `yes' a few times. What I'm suggesting is that if they want to do that they should be required to do something a little more complicated which is more likely to trigger an actual decisionmaking process. Like, for example, typing random commands they found on a webpage. I don't know if you've seen many naive users in front of computers but websites that ask them to type runes in when the user was trying to get some other work done will generally cause the user to smell a rat, in a way that something which requires them to say `next' four times doesn't at all. Ian. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Using standardized SI prefixes
shirish writes (Using standardized SI prefixes): Please look at http://en.wikipedia.org/wiki/Binary_prefix . Urgh, these things are ugly and an abomination. We should avoid them. Ian. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
