How about all the daemons that double log or double timestamp on systemd machines?
I value ctrl+U a lot more for password prompts than the visual feedback, it's even used by GUI on Linux.
The security argument is a red herring. It was originally built with no echo because it was easier to turn echo on and off than to echo asterisks. Not for security.
One implies the other. You turn echo off. Then you write asterisks.
> Not for security.
Consider the case of copy and pasting parts of your terminal to build instructions or to share something like a bug report. Or screen sharing in general. You are then leaking the length of your password. This isn't necessarily disastrous for most use cases but it is a negative security attribute.
That's not how it works. Sudo turns off echo but otherwise keeps the terminal in it's normal cooked canonocal mode, meaning sudo only sees what you've entered after you hit enter. To print asteriks as you type requires putting the terminal in raw mode, which has the addition consequence of needing to implement shit like backspace yourself. Still a UX win worth doing, but it's pretty clear that skipping that and just disabling echo is an easier lazier implementation.
Because to hell with UX when it comes to security. Knowing the exact length of a password absolutely makes it significantly less secure, and knowing the timing of the keystrokes doubly so.
But SUDO is the one bastion where it is absolutely essential to not offer hiding keystrokes as an obscure config option, but enable for everyone and their mother?
So hide the first one as well? But also, that's not true, not all terminal passwords are for local machine
> Confusing — appears frozen
So make it appear flashing? Still doesn't need to reveal length
These servers I had an account setup too were, from what I observed, partially linked with the authentication mechanism used by the VPN and IAM services. Like they'd have this mandatory password reset process and sometimes sudo was set to that new password, other times it was whatever was the old one. Couple that with the high latency connection and password authentication was horrible. You would never know if you mistyped something, or the password itself was incorrect or the password you pasted went through or got double pasted.
I think this is a great addition, but only if it leads to redhat adopting it which is what they were running on their VMs.
Instead of doing this, Ubuntu is just using a Rust rewrite of sudo. Some things really never change.
You'd think by now they'd have learned, but apparently not.
Yes, it means going in a wrong direction sometimes as well: that's why it takes courage — success ain't guaranteed and you might be mocked or ridiculed when you fail.
Still, Ubuntu got from zero to most-used Linux distribution on desktops and servers with much smaller investment than the incumbents who are sometimes only following (like Red Hat).
So perhaps they also did a few things right?
(This discussion is rooted in one of those decisions too: Ubuntu was the first to standardize on sudo and no root account on the desktop, at least of mainstream distributions)
Nobody picked Ubuntu because of Mir, or Compiz, or Upstart(or snaps, while we're on the topic). They were obvious errors. That it's popular doesn't negate that fact.
echo "$USER ALL=(ALL) NOPASSWD:ALL" | sudo tee "/etc/sudoers.d/$USER"; sudo chmod 0600 "/etc/sudoers.d/$USER"
sudo mkdir -p /etc/polkit-1/rules.d
echo 'polkit.addRule(function(action, subject) { if (subject.isInGroup("sudo") || subject.isInGroup("wheel")) { return polkit.Result.YES; }});' | sudo tee /etc/polkit-1/rules.d/00-nopasswd.ruleswhy does everyone want some obtuse enterprise version of every command? What ever happened to minimalism? Is having something with half a dozen poorly documented interconnected points of failure really that awesome?
Is this just elitest job security so that people can feel like they're a linux high priest?
Without knowing more, creating a transient unit just to run a single shell command seems quite roundabout.
> That way you can be certain whether or not you entered a character
They can also count the number of keystrokes they heard.
Of course, once you do understand that it's just a password prompt, it's great. Completely confuses the hell out of any shoulder surfers, who will for sure think it's a confusing puzzle, and eventually they will get rate limited.
^1: Example of it in use: https://www.youtube.com/watch?v=FvT44BSp3Uc
What's the benefit of having a random character from a random set, instead of just a random character?
I think if I was new to Linux that would confuse the life out of me :)
I didn't actually know that Mint had enabled this by default. That would have been a useful counterpoint to the naysayers.
If you want the original behaviour you don't actually need to change the configuration - they added a patch afterwards so you can press tab and it will hide the password just for that time.
> The catalyst for Ubuntu’s change is sudo-rs
Actually it was me getting sufficiently pissed off at the 2 second delay for invalid passwords in sudo (actually PAM's fault). There's no reason for it (if you think there is look up unix_chkpwd). I tried to fix it but the PAM people have this strange idea that people like the delay. So I gave up on that and thought I may as well try fixing this other UX facepalm too. I doubt it would have happened with the original sudo (and they said as much) so it did require sudo-rs to exist.
I think this is one of the benefits of rewriting coreutils and so on in Rust - people are way more open to fixing long-standing issues. You don't get the whole "why are you overturning 46 years of tradition??" nonsense.
If anyone wants to rewrite PAM in Rust... :-D
https://github.com/pibara/pam_unix/blob/master/unix_chkpwd.c...
If you do, offer support for writing modules in a scripting language like Lua or Python. PAM could make it a lot easier to just add OAuth with your company IdP, for example…
In the modern world there is no plausible scenario where this would compromise a password that wouldn't otherwise also be compromised with equivalent effort.
Or, we could just look at the keyboard as they type and gain a lot more information.
In an absolute sense not showing anything is safer. But it never really matters and just acts as a paper cut for all.
This reminds me. Linux was already a fossil, except for some niches, but now in the age of AI, the fact that code can't be updated at will (and instead has to go through some medieval social process) is fatal. Soon the age will be here where we generate the necessary OS features on the fly. No more compatibility layers, no more endless abstractions, no more binaries to distribute, no more copyright, no need to worry about how "the others" use their systems, no more bike shedding. Instead, let the system manage itself, it knows best. We'll get endless customization without the ballast.
It's time to set software free from the social enclosures we built around it.
jbverschoor•1h ago
tsimionescu•1h ago
The crazier part is Ubuntu using a pre-1.0 software suite instead of software that has been around for decades. The switch to Rust coreutils is far too early.