Privacy and passwords

Stephen J. Gowdy Stephen.Gowdy at cern.ch
Wed Mar 5 06:00:59 EST 2008 

Or even;

4. Pay someone to do it

but that is probably more expensive than a single license for Quicken or 
whatever.

On Wed, 5 Mar 2008, Keith A. Milner wrote:

> On Tuesday 04 March 2008 23:01:19 Davey Jones wrote:
>>>> J. Alex Aycinena alex.aycinena at gmail.com wrote
>>>> Even in
>>>> a household situation you should have seperate accounts and passwords
>>>> for each family member
>>>>
>>>> On Sunday 02 March 2008 21:00:43 Robert Heller wrote:
>>>>
>>>> This is fact a 'wrong thing to do' and only happens because people
>>>> became 'used' to the non-existent security of MacOS Classic and Win
>>>> 3.11/Win 9X.  With Win2K, WinXP, WinVista, Linux, and MacOSX, there
>>>> really is NO reason to have separate login accounts
>>>>
>>>> At Mon, 3 Mar 2008 23:33:59 +0000 "Keith A. Milner" <kamilner at
>>
>> superlative.org> wrote:
>>>> If someone cannot even do something as simple as set up different login
>>>> accounts for their sensitive data then they haven't got a clue about
>>>> security and "the real world".
>>>>
>>>> Andrew Sackville-West andrew at swclan.homelinux.org Sun Mar 2 15:20:41
>>>> EST 2008 As a fringe developer on this project, I don't give a rat's
>>>> ass whether gnucash becomes mainstream or not.
>>
>> My point was that pointing out what people "should" be doing or what
>> is "the wrong way" to use your computer isn't very helpful when in the
>> real world most people don't have separate accounts for each user.
>> That's a simple fact, the fact that you don't agree with it doesn't
>> change that. The majority of home users trade a certain amount of
>> security for convenience, and not having to log off and log on again
>> within in the confines of your own home is one of those conveniences.
>
> Most of the people I know (and most are not technical users) do have separate
> login accounts for each user. This is partly because they want to keep things
> like personal email and IM away from their kids.
>
> Admittedly some of them have started out with the single account, but most
> have switched over quite quickly when they've realised that they have
> important or personal info that they don't want their kids snooping around.
>
>>
>> Again, I know a simple password would not provide a high degree of
>> security, but it *would* be enough to deter most casual passers by,
>> including family members.
>
> As Andrew points out elsewhere, it might be a good "marketing" feature,
> although it probably has negative value in terms of increasing security.
>
> Note that Gnucash isn't "competing" against Quicken and the like and,
> therefore, doesn't need to put pseudo-features in just to attract users. If
> people want to use Gnucash because of the excellent features it provides,
> that's great. If they would rather use a different package because of
> different features, support, or (in this case) because the marketing is more
> glossy, that's not going to have a major impact on the Gnucash project. there
> are no shareholders to please.
>
>> I keep my personal diary in a drawer in my
>> house with a simple lock. It could easily be picked with just a
>> hairpin, but I know that that this minimal amount of security make a
>> huge difference compared to me leaving it out on the desk where
>> curiosity may well prove too tempting for anyone who walks by.
>
> One assumes you have (or could have) other private items in that drawer.
>
> Having a separate user account is that locked drawer. Separate user accounts
> (as pointed out elsewhere in this forum) is not a security panacea, but it
> provides a far greater level of security than a simple application-level
> password and has many other benefits besides.
>
>>
>>  If you were concerned about it providing people with a false sense of
>> security, you could put a warning on the option stating that it was a
>> simply a minor deterrent and would not stop someone who was determined
>> to access your data. This approach is used in several other apps.
>
> Yeah, and very few people read or understand those.
>
>>
>> In any case, it is clear that the developers have their own priorities
>> (fair enough, it's your project after all), and are aiming Gnucash at
>> users who are have the same amount of technical knowledge as they do.
>
> I'll point out that this is an Open Source project. The reason this facility
> is not there is because noone has developed it. Basically all of the
> developers who have contributed to this project either think it's not
> required, or is very low priority. Given the effort required to develop this
> I would agree: I would far rather more fundamental capabilities were
> developed (and bugs fixed) than having one of the current, talented,
> developers waste time on a feature that few want.
>
> But, as I said, it's Open Source. There's nothing to stop you implementing
> such a feature if you feel it's. Go ahead and submit a patch.
>
>> So I guess I'll haul my "lazy" and "clueless" ass back to Quicken and
>> leave you guys to play with your toys the way you want to.
>
> It seems you don't understand what Gnucash is.
>
> This is a community, not customer-supplier relationship. You have part-share
> in Gnucash (if you want it) and can influence it's direction (if you want
> to). One way to influence this direction is to make feature suggestions, but
> the current dev team have limited time, and their own priorities. You can
> argue that their priorities are wrong (as you have) but expect disagreement.
> That's all part of being in a community.
>
> Remember, the developers on Gnucash are largely doing it because they have
> certain requirements they want or need themselves. They will have their own
> priority list. you cannot expect one person's view to override that priority
> list. In fact even if a hundred people have the same view, that developer may
> still not change his/her priority list. Remember, the dev has no boss to
> report to, no shareholders to please. They do it to please themselves. In a
> lot of cases this also means pleasing those in the community with similar
> requirements.
>
> You make a lot of claims about why you think this particular feature is so
> important. From the responses you've had, your view is in the minority in
> this community. Of course you can make claims about "what normal people" do,
> but the reaility is many of us are "normal people" and what you describe is
> not what we do.
>
> I repeat again, this is an Open Source community. Most of the rest of this
> community do not appear to want this feature. If this was commercial
> software, you would be stck. It's not, and you have some choices:
>
> 1. Live with it
> 2. Develop the feature yourself and contribute it
> 3. Flounce off in a huff
>
> If you don't want to be part of this community, that's fair enough. I'm sure
> the shareholders won't lose any sleep.
>
> Cheers,
>
> --
> Keith A. Milner
> _______________________________________________
> gnucash-user mailing list
> gnucash-user at gnucash.org
> https://lists.gnucash.org/mailman/listinfo/gnucash-user
> -----
> Please remember to CC this list on all your replies.
> You can do this by using Reply-To-List or Reply-All.
>

-- 
  /------------------------------------+-------------------------\
|Stephen J. Gowdy                     | CERN     Office: 32-2-A22|
|http://www.slac.stanford.edu/~gowdy/ | CH-1211 Geneva 23        |
|                                     | Switzerland              |
|EMail: gowdy at cern.ch                 | Tel: +41 22 767 5840     |
  \------------------------------------+-------------------------/

More information about the gnucash-user mailing list