Suggestion: We remain single user... read on!

Well just to enlighten a few about the possibilities of MIT Kerberos it is basically a ticket based authentication system which can be quite nice but I see it getting in the way in non bussiness/edu enviroments basically you have a password to get a ticket that allows you to get tickets from other various ticket servers (as many as need ie printing ticket network acess ticket software license tickets and so on... )

My college uses Kerberos extensivly and it makes it very convineint to have single login acess to all services that I am allowed to use for instance if there is some solaris box name sol.uncc.edu I merely ssh sol.uncc.edu and I am immediatly logged in no futher authentication required as I have already authenticated my Kerberos session when initially logging in. Do note however that most application must be kerberized to support the ticket based authentication many software packages already have support though.

A network filesystem that might be of use is AFS my college also uses this extensivly for roaming profiles so that I have my customised desktop where ever I login on the mosaic network. AFS could indeed be of use to implement roaming prefereces in haiku that would be acessable from any haiku computer you login to that is connected to the internet.

I acually won the NC space grant for a similar idea (roaming profile) although it wasn't network based it was more like (roaming profile on sneakernet ;-) ) so I think such a thing is highly desirable especially so for haiku as it is a desktop operating system and people like to have thier preferences setup as they like where ever they go.

I totally agree with that.

I am just an advanced user for computers. I used all kinds of computers before. If not for a huge organization, you don't need the computer system with multiuser.

I worked for a big research collaboration, there were more than 800 Ph.D.s. I found only when I took something from servers we need multiuser, in other situation, everyone has their own computer. Basically all the sensitive information should be in the database. For a pc, why bothering a password?

Now I am working for hospital, all the computers have the same user name and password. Everyone can access every computer. All the information about patient or about your activities are recorded in the database. You only type password for your activity not for computer. So if you are in a really world, you have few chance really for multiuser.

There is always a gap between reality and theory. I don't object multiuser but I just don't think it is really useful. Windows and linux provide multiuser. But I like many others just use one privilege account for it is my computer.

So don't I have the basic knowledge of computer security? Yes, I have. But the gain for security compromises much a lot convenience. Let me tell you some horrible thing, most of the computer systems in medical field from the same vendor will share the same user name and password in the whole world. So you know, not for a hospital, it is for WHOLE world. Do we really lose patient information every day? Maybe. But all the computer is behind the network, behind the firewall. Some guy needs first break the firewall. If he breaks firewall, he will find something more valuable for them. I also don't think it is a good practice to use the same password and user name for the whole world. But people are lazy. It is the reality. So you couldn't expect people to do this.

I just read news, 64% windows security from the administrator http://www.osnews.com/story/23088/64_of_MS_Vulnerabilities_Mitigated_by_...
So it is multiuser, I would like to know which account you use in your windows. Do you login as an admin?

I think the security need a revolutionary change, not depend on human beings, but on other mechanics. Maybe someday, we can use our fingerprint as password.

Single user doesn't mean we don't need password.

By the way, your story is even more horrible than mine. They threw the computer with patient information was against the law. Hospital here they use the same password has excuse. But this just simple deposit patient information is unimaginable. You should contact the patient and suggest their lawyer sue the hospital.

A single user OS like that would unnecessarily restrict its number of users. Lots of people share computers and have a need to keep their stuff neatly separated from others' stuff on the same disk.

Your idea is great for phones and tablets, and for desktops that are used in places where thin clients would likely work well too. But the shared single desktop computer still exists too and probably won't ever go away.

That said, there is no need to make Haiku work the same as existing multiuser OSes. How about allowing multiple users to log in using the same screen? Just give windows belonging to different users different tab colors, and make sure users can give files/data to each other but not take without permission.

Allowing multiple keyboards and mice would then of course be a good idea too, and allowing a remote user to join... But those are nice extras.

This idea even makes sense on a system that is used by only one person. For example I'd love to be able to talk in an instant messenger to someone I owe money and at the same time do internet banking, and be absolutely 100% sure that no data can flow from my banking to whoever might be exploiting a security hole in the instant messenger. It's not enough for the processes to be separated in RAM - there's stuff like the browser cache and cookies on disk...

I know, security is difficult and people are just too lazy and stupid for it. But giving up is not the right solution. Making security easy is.

For an over the network version where you could send apps to people who are offline, you'd need to make sure your own computer is still on and connected when they log in. Either that or you need a way to archive the state of a program and send it to another computer, which would be VERY difficult if they have different processor architectures.

Here's another way a shared screen could be useful even without the network functionality:

mom: Where did you put those photos?
pop: Oops, sorry, those are in my account. Let me give them to you. *logs in and drag'n'drops the photos mom points at*

Compare that to how current multiuser OSes work:

mom: Where did you put those photos?
pop: Oops, sorry, those are in my account. Let me give them to you. *switches user*
pop: Which ones exactly did you need?
mom: Ummm... It's in that email... *switches user*
pop: *switches user* OK, here they are. I'll just email... wait no, I'll put them on this USB... no wait we have a shared folder... Oh my there is a lot of old junk in this shared folder...
mom: Stop playing with the computer and give me those photos!
pop: Okay okay. *drag'n'drops photos to shared folder* *logs off*
mom: You forgot that one photo.

You can already get this functionality with text editing, with 3D editing, and with some painting/ drawing tools. Probably other applications too. The most famous example might be SubEthaEdit on OS X.

I didn't know that. Which is why it should be integrated into the API. If it is made an official part of the OS then more people will know about it and thus be able to use its functions.

Perhaps I am missing something, but what is wrong with leaving Haiku as a single-user OS security wise? You could have a login password, an "administrator"-like password to perform certain functions(like installing software) and folder encryption.

In the case of multiple people sharing a computer at home(for instance), each person can simply create and encrypt their own folder(preventing anyone else from accessing it). Perhaps an "Override" button can be placed on encrypted folders where using the "Administrator"-like password will allow someone to access the contents of the folder and make any needed changes(which would also be useful if someone forgot their password).

This allows users to have their private files, allows one person(usually the computer owner) to have full access to their computer if/when needed and helps control what can be done/accessed on the computer. It could be done without having to switch to a multi-user setup.

As far as someone downloading an encrypted folder and decrypting it later--isn't that impossible? I have not used encrypted folders before, but I thought an encrypted folder could not be accessed at all--including downloading it. If that is not the case, couldn't the folders be set up so that someone could not download it once encrypted?

Even in a *nix system, someone with access to your computer can do anything they want with the root password. This setup will at least provide similar security as a *nix without having to try to convert Haiku into a multi-user system.

It just seems to me it would be easier to incorporate this into Haiku and keep it single-user.

In my opinion the lowest number of users that is at all acceptable is 2. A privileged and a limited account. Further, both accounts should be nameable. That way you have to guess two things, name and password (as opposed to *nix where you only have to guess passwords due to the omnipresent root; though sudo can help with that, there's significant discussion on whether or not sudo is itself a security hazard.) And once you have 2 accounts it's trivial to add the ability to have several.

Why do I feel like 1 user is too few? Because it means you own everything. Which is a risk that I feel is not abated by having to put in your password or a "root" password. Furthermore, I feel that to an end user, single user is less intuitive. After all, that user owns everything, so why is it that they can't do whatever they want (without a password.) Also you end up with this weird system where some of your files you need a password for and some not. All in all from a usage perspective, single user is not as simple as multiuser. Nor is it as functional. Many people share computers, and having different accounts can also boost security by segregating tasks.

Now what I would think is a better discussion is whether or not we should be able to log into multiple accounts simultaneously. Put differently, whether we should be multiuser serial or multiuser parallel. Security wise I think serial is better. After all, if you have to logout in order to login as "root;" then you will be quite aware that something important is going on. Considering that bundles are more of a single user install option, there won't be much need to use "root." The only time you'd need to use root is if you were making system wide changes; which you should probably cease all activity for anyways. Parallel on the other hand is convenient and allows for a lot of interesting possibilities (see the conversation about multiple inputs to one screen.) Also, if we are hoping to design a system that could truly become like an appliance to a family; I think parallel will be necessary (and perhaps a computer like Microsoft Surface.) Otherwise, unless you have several people who want access to the computer at the same time and they aren't limited by the fact that there's only one computer, serial will achieve most of what people will use the computer for.

An interesting security measure, might be to have a "can see it" permission set. Basically, if you go to the folder that a "hidden" file is in, you won't be able to detect it (the containing folder might say that it is empty, despite having several GBs of hidden files.) Even if you download or move the folder, it won't go with (a new hidden folder with the same name will be created to house the hidden file.) Disk utilities should be able to tell you that there's less room on the drive then what you would think, but wouldn't be able to tell you where it was. This combined with an encryption scheme that writes random data to the blank area and makes the encrypted files look like random data, would make it very hard for anyone to even get a good idea of where to look for the file in question. Of course, this is easier said than done and encryption has its own problems (such as slow decryption.)