(update: frustrated although I was about the Google Authenticator problem, I've reported it as feedback as clearly as I could using a feedback feature in the app itself)
On Tue, 6 Jun 2023 at 15:27, James Addison <jay@jp-hosting.net> wrote:
> ...
> On Tue, 6 Jun 2023 at 10:21, Graham Cobb <g+debian@cobb.uk.net> wrote:
> > ...
> > 4) Think about **why** people will (should) be attracted to Debian. My
> > thoughts:
> >
> > i) Free
>
> +1 (might bold the text "free operating system")
>
> > ii) Scope - software for everything they need to do
>
> +1 ("for all kinds of computers, and all kinds of tasks"?)
>
> > iii) Learning - learning about computers, about programming, about
> > specific technologies
>
> +0.25 - somewhat agree, thinking about it
There is another aspect to learning that I find compelling about
Debian too: when I don't understand why the computer did (or didn't)
do something (for example: it beeped five times, or a message that I
hadn't seen before appeared) - then it's possible to search and read
the code to figure that out, and to read the history of the code, and
discuss possible suggestions and improvements.
Yes, sometimes documentation and bugreporting can cover some of that,
but there's a significant difference in understandability and
learnability from proprietary software.
A few days ago, Google Authenticator on my Android smartphone began
not updating the TOTP codes displayed on-screen after each code
validity time period elapsed -- so it shows current, correct codes
after app-open, but the codes thereafter remain static, and become
stale and invalid. There's a vague chance that this was intentional;
the app introduced some changes recently related to hiding the codes
by default and requiring manual interaction before they appear
(probably a safety feature to avoid shoulder-surfing and/or endpoint
exploits that can take screenshots from the device), and this could be
a bug related to that. The change to hide the codes seems to have
been partially or completely reverted, since the codes are now, again,
displayed by default and the setting to adjust their display-default
has been removed - but in terms of the visibility I have into that, it
could all have been a figment of my imagination.
Arguably I should report that to Google's security team, but the
inability to login to services using those codes doesn't necessarily
seem like a security exploit, and I would not have any visibility into
the bug, fix process, and regression testing - and they've been
following that proprietary approach for decades, so I think that it's
an argument in favour of migrating further towards free and open
source solutions that achieve the same results and where I and others
can learn -- a compelling reason -- about the app's functionality, and
collectively contribute to keeping it working correctly and
identifying flaws.
> > iv) Communities and society - join like-minded people and get support in
> > areas they are interested in (artists, gamers, volunteers, programmers,
> > ...)
>
> +0.25 - agree, although I suppose I have been less personally involved
> in those kind of communities since ~15 years ago, so feel less
> connection to this (although am now contributing here, on the other
> hand, so that's good). Thinking about this also.