Mike McGrath wrote:
On Wed, 11 Mar 2009, Lyos Gemini Norezel wrote:
Mike McGrath wrote:
I think we shouldn't go too far out of our way for people that can't
follow directions. Harsh? Yes, but what we asked of people was
incredibly trivial. I'd be fine with asking people to log in but I'd
think we'll find lots of people find that confusing. Logging in and
setting your password is a task that has a clear begining and end. I can
see people logging in expecting to see further directions and then asking
"now what"?
Why tell them at all? If you change it to 'activity shown on account' (which,
IMNSHO, is
NSHO? who are you?
*Sigh*...
I did not really wish to reveal this, in public, however, since you asked...
I'm a former blackhat hacker, whom the government has banned from
working ANY security and/or government job.
Suffice it to say, I understand security (or lack thereof) better than
most, though I may be rusty/out of date in some areas.
I do not tell you this to brag, I actually regret my past more and more
as I get older.
My 'prior life' has bought me more pain than glory.
the proper way)... the only reason for having people login will be immediately
obvious via
a properly worded email (ie., "Due to inactivity on your FAS account, your
account will be
terminated in 1 month, unless the following steps are taken...").
The only common point of entry for all of our services is the account
system and people rarely use it without being asked to so we'll still have
to do some emailing.
Aren't pkgdb, koji, bodhi and other services all apart of FAS?
If I'm right here... then I suspect people are logging into FAS more
often than you believe.
We've just got so much else to do I'd hate to spend a lot of time and
effort to please a few people that can't spend less then a minute a year
(15 seconds every 2 months) to log in and type their password a couple of
times and the people that complained couldn't do that.
Many fail to realize that the same password they used before could be used
again.
Hence the complaints.
Ehh, no. Almost no one has complained that they actually had to change
their password to something else. And you can be damn sure I'll spell
that out explicitly in the next email so everyone gets it.
-Mike
As Toshio has already brought up on this list (after I brought it to his
attention)... people
have a tendency to select progressively weaker passwords every time they
are forced to change one.
So your idea of 'security' is actually INTRODUCING more holes than it's
plugging.
This is where my contribution to this argument ends.
I am not interested in fighting and the raised blood pressure that goes
with it.
I have enough stress in my life... I am not about to add another
debate/argument to that list.
Take my advice or don't... just don't expect me to do anything other
than laugh and say 'told ya so',
when I prove correct.
Good luck (despite my 'tone' above, I mean that),
Lyos Gemini Norezel
begin:vcard
fn:Lyos Norezel
n:Norezel;Lyos
org:GBES, LLC
adr:;;;;Ohio;;United States
email;internet:lyos.gemininore...@gmail.com
title:Computer Repair Technician
note;quoted-printable:"Those who hunt monsters beware, lest they become monsters themselves.Ify=
ou stare long into the abyss, the abyss stares back into you." --Nietzsch=
e=0D=0A=
=0D=0A=
Mundus Vult Decipi et Decipiatur -- Latin Proverb
version:2.1
end:vcard
_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
