From mboxrd@z Thu Jan 1 00:00:00 1970 MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; CHARSET=US-ASCII; delsp=yes; format=flowed Date: Thu, 6 Aug 2009 18:39:28 -0700 From: Roman Shaposhnik In-reply-to: To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net> Message-id: References: <4250f2c330ba83eb6bfc7380766c17c3@quanstro.net> Subject: Re: [9fans] linux reinvents factotum, secstore ... Topicbox-Message-UUID: 3b56d60a-ead5-11e9-9d60-3106f5b1d025 On Aug 6, 2009, at 12:33 PM, Daniel Lyons wrote: > It's easy for me to object to what they're coming up with but it > would be hard for me to describe in detail how exactly factotum + > all the other stuff encompass it, and I don't think that the paper > we have on factotum or the section in nemo's book are sufficient > either. As a devil's advocate, in my Mac keychain I have 13 keys > related to file shares and 22 WEP keys. I have my SSH key on 24 > machines. Then I have 270 web form passwords or internet passwords > in my keychain. Does factotum handle web passwords? I'm presuming > not but I don't really know because I generally surf with Safari or > Firefox outside Plan 9. I'm not complaining about the browser > situation, I'm just saying, it seems to me that the average user > probably has more website usernames and passwords than everything > else combined. That's certainly the case with me. Could factotum be > adapt to integrate with a browser and store web form secrets? If so > that would be a compelling objection, since it looks like Firefox > isn't going to start using their security framework anytime soon. > And who can blame them? It already has a ton of dependencies and > porting issues and this can only exacerbate it. These are reasonable questions (and many of them have "yes" as the answer ;-)) but I have a more fundamental objection here: the desktop is just NOT the place for such a functionality to originate from. The very concept of a fixed desktop that resides on a physical piece of hardware that you own feels so 20th century to me. One way or the other the online identity issue is going to be settled. For contenders, though, I'd rather look at: factotum or things like OAuth. I don't think there's a reasonable conversation to be had with folks struggling to provide solutions for taking the pain out of managing plain text passwords. The pain is there for a reason. Thanks, Roman.