«
»

How to convince people you have no clue what you are talking about

(Rules taken from an email thread I’m reading right now).

The email thread was trying to ascertain if there are effectively things equivalent to Apple Keychain on Linux.  Here’s how my favorite response went:

  1. Be a Windows security guru, claiming to answer a question about linux
  2. Start your post off with a link/mention to a book you’ve co-authored, which has little to do with the subject at hand.  Also, for the sake of completeness, have at least 2 links to other books you’ve written in your signature.  As a general rule, the amount of space spent on book references should be greater than the amount used to answer the actual question being asked.
  3. Back up your response by claiming that you “researched this area”.  Bonus points for using this an excuse for a book reference.
  4. Call “Keychain” “KeyRing“.
  5. Say that there aren’t any Linux solutions, even though you accidentally gave the name of one (Gnome Keyring and KDE KWallet are two popular ones).
  6. Take this opportunity to explain that the best solution EVAR is Windows’s solution, even though it isn’t helpful for the question asked.
  7. Oh, and actually have no clue what you are talking about.

My favorite part, really, is #6.  You see, when I first read this, I was quite perplexed.  I had no idea that Windows had an equivalent of Keychain.

A few google searches later and I figure out what he is talking about: “Stored Usernames and Passwords”.

WTF?

The first page I found on this (from searching for various combinations of “Windows”, “passwords”, “keychain”, and some other words) was this one, a KB article on how to manage storedpasswords: http://support.microsoft.com/kb/306992.

Time for a new list:

How to write a shitty analog of Keychain:

  1. Require a long article on how to manage stored passwords, since it non-obvious
  2. No hierarchy – your database is a list of passwords, and the only “hierarchical” information is whether or not the password is a Windows credential or “A Web site or program credential”
  3. Use really strange formats for the “log on to” portion (i.e. don’t use a consistent URI format throughout)
  4. Make a UI lack utility utility (mostly due to the above 3)
  5. Don’t allow the user to store arbitrary data in entries
  6. Don’t allow the user to lock portions of the tree under a different password, or import/export portions of the tree
  7. Provide only the equivalent of the “login” keychain (a set of entries that is automatically unlocked when you login)
  8. Give it a name that is four words long, basically making it annoying to say or type in any type of conversation
  9. Be completely unconfigurable – useful configurations include things like “forget my password after blah minutes”, whether or not to unlock on login, and perhaps app-by-app configuration of what each application is allowed to access (a la PolicyKit)

In fact, the Windows solution doesn’t even compare with, say, Firefox’s stored password support, since Firefox’s support gives a better UI experience (#4), kinda solves #2 by providing a search feature, is discoverable (#1), and can be separately password protected (#7).  Oh, and it is in a friggin web browser.

The linux solutions are about as good as keychain, although they all suffer from uglier UI and being slightly less pervasive than Keychain (gnome keyring; kwallet is fairly pervasive).  However, gnome-keyring-manager and KWalletManager are miles beyond anything included in Windows.

In the end, the world was sat right, with an email that illustrates the contrary to the first email.

How to be helpful and not look retarded:

  1. Keep your email short (this email had 6 words, other than the two provided links).
  2. Provide only factual information
  3. If you reference things helpful to the question, provide links.
  4. Don’t talk about anything unrelated to the answer.
  5. Don’t represent yourself as some type of expert
  6. And, above all, be correct, and provide the links to the two popular linux equivalents of Keychain

Now all I have to do is continue fighting the temptation to feed the troll.  He’s making is especially hard – in a separate part of the thread, he made some other “WINDOWS IS TEH B3ST!” comment, something about random number generators.

Ugh.

This entry was posted on Friday, June 13th, 2008 at 4:25 pm and is filed under general. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

  • http://langholz.googlepages.com Elmar Langholz

    If I only had a cent for every time I’ve seen these responses I would definitely share my fortune with you. I ran into a similar issue recently and just responded the thread, in an eloquent manner, by writing the answer in one line and asking the “holier than thou” individual to keep the responses low on propaganda. I could rant on saying that the multiple references to his/her books denote low self esteem issues and his/her alleged acquired bragging rights shouldn’t be pushed down everyone’s throat for his own satisfaction… After all, if others were interested on his background they could just google him up. In the end I will say this: It doesn’t matter where you’re from or what you’ve done but what you’ve contributed to the solution. Keep It Simple Stupid or go write more books, it’s simple as that!
    Good research my friend!