Ben Bucksch wrote:
>
> Xplo Eristotle wrote:
>
> > the majority
> > of the interface you describe is going to be utterly meaningless to the
> > majority of Mozilla's users (IMHO)
>
> That's true for many prefs. It might even be the nature of prefs.
All the rest of the prefs make sense to me.. well, not all the debug
stuff, but that's not supposed to be in a "real" public build. The
nature of open-source development makes things a little different, obviously.
> > and has nothing really to do with
> > the function of a browser
>
> *ring* Mozilla is not just a browser. It is also an email client.
And a newsreader, and a WYSIWYG HTML editor, and an IRC client, and a
Jabber client, and an "internet platform", and a George Foreman Lean
Mean Fat-Reducing Grilling Machine, and an aquarium. I'm familiar with
all that. But security also has nothing to do with the function of an
email client either, except in the (probably extremely rare) case that
someone wants to secure their email.
To put it another way, as a thought experiment, consider: if the
security were removed from email entirely, how many people would refuse
to use Mozilla's email client for that reason alone?
> User education (in Mozilla) can probably improved, but that's unrelated
> to our discussion of what options to include in the PSM prefs.
I complain that the prefs are too confusing; you say that the concepts
here *need* to be understood. I think education is possibly very
relevant here, since the level of complexity that's acceptable in a UI
is directly related to the users' expected ability to understand that UI.
Mozilla's users are not expected to be security experts, AFAIK.
> "its UI" primarily refered to the "Security Info" page you get after
> clicking on the lock icon.
>
> You are also supposed to adjust the trust in certs. This assumes you
> know what certs and CAs are, how trust is propagated. You also have to
> know what happens when https is used and how servers are authenticated
> (not the technical details, but the principle).
Amazing how Amazon.com gets all that business, isn't it?
> > how will I know which part to mess with
>
> That's a good point. Any suggestions?
Not at this time.
> > > I'm sorry, but this shows that you are lacking even enough knowledge for
> > > the 2. task above.
> >
> > I'm afraid not, since I have *done* #2, above.
>
> But it might not have done what you thought.
Well, that's possible, I suppose. But if Joe Bratwurstmuncher and his
ilk all across the country (and likely the world) can buy stuff online
and not get his credit card ripped off, then either the crackers out
there are extremely lazy and/or stupid, or you're overemphasizing the
average user's need to understand online security.
Knowing the effect that competence in a field has on the perceptions of
those who have it, I suspect it's the second one.
> > let alone
> > sifting through what seems to be an excessively complex and arcane UI to
> > do it...
>
> OK, if it is *excessively* complex and arcane, this needs fixing. But I
> fear that most of your points don't help with that task, because you are
> basically saying that almost all UI for PSM should be removed completely.
Yes, and therein lies the challenge.
> > even if the correct thing to do is ignore it?
>
> If you don't understand a pref, the correct thing is to ignore it. That
> is the priciple of almost all prefs in all apps.
>
> > Security through obscurity
> > is an exceptionally poor design philosophy, IMO.
>
> *ring* Quote used in the wrong place.
Hardly. The thing being secured here is the proper functioning of the
software, and the way in which you mean to secure it is by exploiting
the ignorance and fear of your users. You assume that they simply won't
touch anything that they're not competent to alter correctly, but that's
a dangerous assumption to make, IMO. Especially in the case of people
who are somewhat competent, but less so than they believe, or people who
have received the proper education, but who are too technophobic to
enjoy configuring an airplane panel filled with technical gobbledygook.
> > because you are obviously missing the point.
>
> Your point seems to be "I want to use this without prior knowledge,
> without external help and without reading the manual" (since Bob said
> that help is on the way).
Congratulations! You're starting to get the idea. (And if you don't like
me saying so, get mpt to tell you the same thing; he probably carries
more weight than I do, especially considering that he now owns part of Mozilla.)
> This point is wrong for browsers, computers in
> general and just as much so for PSM.
Believe it or not, you're preaching to the choir here. Nevertheless, it
should be as intuitive and self-explanatory as possible. Anyone who said
that good UI design was easy didn't realize that it frequently expects
the impossible.
> [quality meter]
> I'm not arguing about that, because almost everybody else seems to agree
> that it is a good thing.
Outvoted by the mob. Ah, c'est la vie...
-Xplo
