oscardejarjayes [comrade/them]

I mean, that’s why full disk encryption (FDE) is more important than a normal user password, so when someone successfully has access they can’t get your data. The US government can’t force you to decrypt data, since passwords are considered protected by the 5th amendment.

Most crimes are crimes of opportunity, it’s unlikely that someone is robbing a house specifically for whats in your computer, so if they can’t mess around with your computer they’ll just try to steal anything else valuable in a home. If they do just take the whole computer, with full disk encryption I wouldn’t have to worry about them looking through my files, or impersonating me on the internet, or whatever.

I guess with your threat model having no user password just isn’t a big deal for you, it’s probably fine. FDE though…

I use run0 and pkexec in the Terminal! Only sometimes though.

PolicyKit

Technically polkit now, after the breaking change. It’s really not equivalent to UAC, because UAC does this “secure desktop” thing. Y’know how it becomes just the UAC prompt and a background sometimes? With no taskbar or other programs? It does that to restrict access to UAC.

With polkit prompts, there’s nothing stopping a mouse automation tool from accepting the polkit elevation request, so passwordless would be a guaranteed escalation attack, I tested software clicking the polkit buttons. A tool can’t do that now only because it doesn’t now your password. Implementing a “secure desktop” in polkit would be a big change in the architecture of security for Linux.

What if someone guesses your password?

It’s randomly generated, brute forcing it should take years.

Why don’t you keep your computer in a custom built safe bolted to the floor?

I mean, I do keep it locked to stuff with a Kensington lock.

Sometimes I mistype, wasting 10+ seconds

Fair, sometimes caps lock will do that to me.

I’m not saying you have to use a password, I’m just curious. I don’t think I know anyone IRL that doesn’t use a password with their computer.

Nobody lives with you? Or visits you? You don’t use a laptop ever? What if someone does get through your locks?

You can set empty password up pretty easily, so you’ll just press enter to get through password prompts, just like how you’d click through password-less UAC prompts. Richard Stallman used to recommend that way back in the 80’s, on the big shared University machines.

I highly recommend a full-disk-encryption password even if you don’t have a traditional computer password, it’ll keep your data extra safe. Imagine the feds raid your house because Hexbear got designated a Foreign Terrorist Organization, the feds couldn’t get any Hexbear data off of the disk if it’s locked.

But it really feels like even if a password doesn’t add much security-wise, there’s basically no downside to it. My password is pretty long by conventional standards, but it takes a small fraction of a second to type it all out and login.

The idea of not having a password at all is just so foreign to me, did you at least use biometrics or something?

It seems like not having a password would make some UAC bypasses easier, too.

Physical access isn’t game over, it’s only game over to a determined hacker. The vast majority of people aren’t competent enough for it to be an issue. It’s just like how a determined thief can get through almost any lock or door, but it takes effort and time, and skill which many casuals just won’t have.

Full-disk encryption passwords are the most important password, they can prevent physical access from being game-over.

Unix was originally designed to be multi-user, so different passwords protect different users from each other.

Linux doesn’t have a UAC-without-passwords equivalent really, programs can interact with the Linux UAC equivalents just as much as you can, so the password makes sure it’s really you, and not a malicious program or person. UAC on Linux would require an almost fundamental architecture change, in a way contrary to most of how Linux is used now.

Did you really never use a password with Windows? That seems wild to me.

damn, that’s crazy. that money could’ve gone somewhere useful.

Damn, why do all these big companies with plenty of resources have to be using this stuff

Authoritarianism isn’t a very good measure of government, when a monopoly on violence is one of the defining characteristics of a state. The difference is often more perception than it is reality, and even then tyrants can be vastly different from each other. Abraham Lincoln had Northern dissenters killed, and suppressed peoples rights, yet he was still a peak president.

Richard Nixon is the Shah. Saddam Hussein is the Shah. Modern Spain had death squads killing political opponents in my lifetime. Where isn’t lead by the Shah?