A proposal of https certificate assignment system for luci

Alberto Bursi bobafetthotmail at gmail.com
Tue Oct 6 17:00:42 EDT 2020 


On 06/10/20 19:43, Michael Richardson wrote:


> 
> Training users to click through those warnings is exactly what browser makers
are trying to avoid, and browser makers have been trying to make the
exception harder and harder to find.  Many would like it removed.
And, for good reason, because it is almost always inappropriate for most
non-technical users to do that.  [Children, (grand)parents, etc...]

What are childern and grandparents or non-technical users doing with a 
network device's administration interface? There is nothing for them 
there, most functions are well above their understanding of the device 
and network, they can break configuration, lock themselves out from 
Internet access, or disable security settings.

The device interface even on a normal router or NAS is actually accessed 
only by people that have some idea of what they are doing, or tinkerers 
that are playing with it, or power users that use it in a more 
professional way.

Which is why I'm saying the warnings and clicking the buttons are fine, 
because the audience is a specific subset of the population.

Grandma, kids, non-tech-savyy people and whatnot will have someone, the 
so-called "friendly family nerd" or an actual specialist that will set 
up the device for them.

 > So, honestly, anyone that needs screenshots to figure it out, should 
never be clicking through the links.

new generations of power users still need to learn from somewhere.

> So, just to be clear, are you saying that we should design openwrt to only be
> useable by developers?

The right word is "power users" or "prosumers".

They aren't developers, they may not be network administrators either, 
but they know enough about the concepts to work on the devices in a 
relatively safe manner.

You don't seem to acknowledge that to get OpenWrt on your device, you 
must void warranty and install a custom firmware, taking risks and 
assuming responsibility of their actions. These aren't your kid or 
grandma or plumber or random commoner.

> Home routers are critical parts of the home IoT ecosystem.
> OpenWRT is shipped in millions of devices by manufacturers too lazy to bother
> doing much.

afaik the only devices where OpenWrt is shipped and the manufacturer 
does not care are random chinese junk routers/APs on Aliexpress, and I 
don't see why should anyone here care about that, also because they 
usually ship Chaos Calmer release (i.e. a 5-ish year old unsupported 
release at this point) without SSL enabled anyway.

Do you know of some other specific examples?

-Alberto

More information about the openwrt-devel mailing list