On Aug 6, 2009, at 7:39 PM, Roman Shaposhnik wrote:
On Aug 6, 2009, at 12:33 PM, Daniel Lyons wrote:
It's easy for me to object to what they're coming up with but it
would be hard for me to describe in detail how exactly factotum +
all the other stuff encompass it, and I don't think that the paper
we have on factotum or the section in nemo's book are sufficient
either. As a devil's advocate, in my Mac keychain I have 13 keys
related to file shares and 22 WEP keys. I have my SSH key on 24
machines. Then I have 270 web form passwords or internet passwords
in my keychain. Does factotum handle web passwords? I'm presuming
not but I don't really know because I generally surf with Safari or
Firefox outside Plan 9. I'm not complaining about the browser
situation, I'm just saying, it seems to me that the average user
probably has more website usernames and passwords than everything
else combined. That's certainly the case with me. Could factotum be
adapt to integrate with a browser and store web form secrets? If so
that would be a compelling objection, since it looks like Firefox
isn't going to start using their security framework anytime soon.
And who can blame them? It already has a ton of dependencies and
porting issues and this can only exacerbate it.
These are reasonable questions (and many of them have "yes" as the
answer ;-)) but I have a more
fundamental objection here: the desktop is just NOT the place for
such a functionality to originate from. The very
concept of a fixed desktop that resides on a physical piece of
hardware that you own feels so 20th century
to me. One way or the other the online identity issue is going to be
settled. For contenders, though, I'd
rather look at: factotum or things like OAuth.
I agree, and I think this is one of the most attractive things to me
about Plan 9.
I don't think there's a reasonable conversation to be had with folks
struggling to provide solutions
for taking the pain out of managing plain text passwords. The pain
is there for a reason.
I couldn't agree more. One of the first things that piqued my interest
in Plan 9 was finding out that 9p's authentication system works a lot
like Kerberos. I am very annoyed by security theater, which is one
reason I don't object at all to the host-owner security model Plan 9
uses.
—
Daniel Lyons
