Talk:End-user Computer Security

Policies, guidelines, and guiding principles established for this Wikibooks book

 * Whenever you add non-text media to the book, remember to CATEGORISE the media in an appropriate book sub-category under Category:Book:End-user_Computer_Security/Non-text_media. To do this, first obtain the name of the media that is used in the book. Then go to the URL:
 * that begins with ,
 * that then has the name you obtained following that beginning text, and
 * that then finally ends with the text.
 * In the file description page that appears, add the text  to the page, with the three question marks replaced with the path dictating the exact sub-category of the "Non-text media" book category, under which the media is appropriately categorised.


 * For the time being, the book deliberately does not have a downloadable version as the book's material is very much liable to change (including change classed as correction).
 * The book is moving towards a goal of not being "the book authored by MarkJFernandes", and instead of being "the world's book" (presumably like many of the other books hosted on Wikibooks).
 * Mostly, new ideas should be added to the different talk/discussion tabs of the book's main content. When ideas are associated with a particular chapter, those ideas should be in the talk/discussion tab of the particular chapter. MarkJFernandes may be able to do this work for you; in this regard, it is helpful for you to give him general copyright permission to facilitate this.
 * When readers read the book's sections, they should see up-vote and down-vote icons just next to the section headings. Readers can click those icons to up-vote and down-vote different sections, with the option of being able to add extra information pertaining to their up-vote or down-vote. Using those 'buttons' just after reading a section is perhaps a good idea in the case that a reader has clear sentiments regarding the section just read.
 * The book is more based in ongoing, never-ending, democratic collaborative research, than a treatise on an established subject. Particularly because of such, it is encouraged that entities that are in some way linked to parts of the book (which could simply be by way of the entity being mentioned), contribute to the work, even if that be just through peer review, and especially in respect of the parts connected to them.
 * In the book, there is the tendency to focus on principles rather than implementation-specific things. Naming a particular implementation is fine (for example, the Qubes implementation and the Google password manager are named), but probably such naming should be used for examples of concepts, rather than as the nuts-and-bolts of a concept. The Google password manager is documented in a little detail, but the underlying concepts could be applied to a variety of password managers (in theory).
 * The book does touch upon some theoretical ideas. For example, there is mention that the cross-signing of certificates might be a way to strengthen the current TLS-certificate-based security system.
 * With respect to the mentioning of implementations, often they should only be mentioned in the main body of the work if they are 'par excellence' instances of the related theories/principles put into practice. When the relationship to an implementation is not one of the implementation being a 'par excellence' instance, it is then perhaps better to mention the implementation in the Appendix, and then just link to the Appendix from the related section in the main body of the book. Alternatively, using footnotes might also be appropriate in such cases. It should also be considered whether it is perhaps better to completely leave out from the book (including from the Appendix) mention of an implementation connected with a particular theory/principle.
 * 'New security inventions requiring a non-trivial investment in new technology', should be documented in the Appendix, in the "New security inventions requiring a non-trivial investment in new technology" section.
 * Sometimes it is unclear as to how to integrate precisely certain ideas into the book, perhaps because the ideas haven't 'solidified' as definite nuggets of knowledge/understanding/information worthy of inclusion in the main content of the book. In such instances, it is perhaps better to build-up some more information on the related issues, before doing any such integration. If following this guideline, you can still record such ideas and notes, by simply adding them to the talk/discussion tabs of the book's pages.
 * It's important to add insights gathered from the practice of security concepts. The book is written tilted towards theory, mostly because MarkJFernandes didn't possess the practical experience for the various security ideas. This is perhaps a weakness of the first versions of the book but should hopefully be ironed-out through time, as the insights from practical experiences are more and more added to the book. The book was written out of necessity, mostly because there appeared to be a dearth of information on the issues covered.
 * The first versions of the book probably didn't focus that much on privacy issues, except in the sense of privacy of security credentials. MarkJFernandes wasn't so concerned with other privacy issues. Whether this should form an ongoing policy, or instead just be statements about the first versions of the book, is unclear.
 * MarkJFernandes is of the opinion that the general lack of meaningful resources for end-user computer security, is likely a hidden way for various groups to be able to spy on, and interfere with, people with ease (see the "Stop funding the spies and hackers" section).
 * There is an attempt to make the book unique (you might say with a "unique selling point" {USP} ) in that it deals with inexpensive security. That's what MarkJFernandes wanted for himself, and what he believed would also be very much helpful to users all over the world (especially those who are not so wealthy).
 * Part of the original philosophy behind book:
 * There should be a transfer of sovereignty to citizens. Robust secure computing is likely integral to this. Computing is so important these days, that its general compromise is a threat to peace, democracy, education, and probably lots of other things. Legitimate policing organisations should probably be encouraged to be open and honest in their interrogations of suspected criminals, rather than allowing compromised technology to be prevalent as some kind of means for detecting and/or preventing crime. Honesty and integrity are vital. Lies and deceptions are generally not good. Lies and deceptions might be able to convict more criminals for longer sentences, but honesty and integrity might help to turn people away from crime in the first place.
 * Having democratic resources like wikis are good for involving people at the grass-roots level from different backgrounds, so that people's voices can be heard.
 * Computer technology is something of a fashion, and people adopt it because it is fashionable but not necessarily because it helps situations. It's acceptance is almost dogmatic. But the reality is, is that less tech is sometimes better.
 * MarkJFernandes tried not to get very much into politics in the book. He tended to follow the principle that a user should be able to use digital technologies safely and securely, regardless of their political opinions. In contrast, privacy rights are often violated by governments using the rhetoric that they need to be able to detect terrorism. The book goes for more of a human-rights, bottom-up perspective, where the government is instituted to protect human rights, instituted by the individual persons making up a people, and where persons in the messiness of everyday living can work out issues (such as terrorism issues) as they go along (they can help each other come to better thinking through means such as dialogue, dialogue facilitated by degrees of freedom in communication and thought).
 * MarkJFernandes generally favours things like social media, where grassroots opinions can come to the fore. He considers that social media is sometimes a good way to overcome propaganda.
 * Paranoia can be an effective tool and motivator for security development. The accusations of paranoia perhaps fail to see this: turn negative paranoia into positive security development.
 * Book was mostly originally written in respect of security for MarkJFernandes as a self-employed individual needing to use digital technologies. Partly it's a wiki because he knew how limited his knowledge and experience was, and because he wasn't an expert in the area of computer security. Still, he was quite shocked at how poor the prevailing advice on computer security seemed to be (almost as though there was something underhand in it).
 * Getting the opinions of people from widely differing backgrounds is good. A person having special circumstances, even those of being marginalised, can mean that their advice is particularly unaffected by the conflicts of interest often surrounding security advice.

Possible improvements

 * Possible improvement is to remove repetition in footnotes such as the footnote `as detailed later on in the section entitled “user randomly selecting unit from off physical shelves”.`
 * Possible improvement is to lighten photographs so that they stand out less. this may make reading such parts easier as the photos can otherwise potentially visually intrude too much.
 * Originally, wanted to keep each chapter on its own page, probably because I had thought that going back and forth between sections within a chapter was important for understanding material. Now am thinking that there is too much content on some chapter pages. Instead, probably is a good idea to have each gold-headed section on its own page (this would be more in line with how other Wikibooks books are structured). If doing such rearrangement, should be mindful that I have sent messages (such as to the Qubes mailing list) with links to sections in the present book structure, that may fail if I do such restructuring without establishing appropriate link redirects. Therefore, should remember that establishing such link redirects may be the right thing to do if doing such restructuring.
 * Headings beneath the level of gold-coloured headings, do not appear conspicuous enough, and the related sections don't appear distinguished enough. Adding extra formatting to improve this, is probably a good idea, where such formatting may include using different font colours, different fonts, bigger font sizes, indenting text beneath headings more than their headings, and using more vertical space between sections.
 * The vertical spacing between contents-page entries, on the contents page, could be improved. For the sub-section entries, the entries are too close to each other (not distinguished enough), and the contents page could do with greater grouping together of sub-section entries and sub-sub-section entries that fall within the same parent, along with greater distinction of the groupings from each other (they're too close to each other).
 * The blue colour used for hyperlinks, makes reading the text slightly difficult (perhaps the text becomes a bit ugly). This is partly because I have opted to use many hyperlinks (to provision better further additional reading related to the text). To improve this, it might be a good idea to use a colour for hyperlinks that is only slightly different from the colour used for un-hyperlinked text, or perhaps instead to add a very slight colour highlight to hyperlinks that then have a font colour that is the same as un-hyperlinked text. It should be noted that users may use book-reading skins, such that the colour used for un-hyperlinked texts may not simply be black. An alternative approach might be to warn users that there are many hyperlinks in the text, and that to find them they will have to hover their mouse pointer over text to see whether there is a hyperlink there; if there is a hyperlink, hovering over it will likely underline the link, display some hover text indicating the presence of a hyperlink, and display the hyperlink address in the web-browser status rectangle (often at the bottom of the window).
 * It might be a good idea not to incrementally change the main contents of the book for the next group of updates, but instead to lump all the updates together into one new version update of the book (version 2 of the book), and then to make all the updates together. This probably would make sense as there are corrections/improvements to be made that span much of the breadth of the book rather than being localised just to individual pieces of text. This may require saving proposed page changes in cloud storage, and then when ready, committing the page changes to the book all in one go.
 * The book doesn't make much use of images, partly because I was more interested in making sure the important ideas were in the book in at least some form, rather than providing extra inessential illustrations that to some extent beautify the text, and that has the aspect of improving the form of the ideas (rather than the substance). Looking at other Wikibooks books and other Wiki Foundation material, and also based on other thoughts about how to improve the content, I am now thinking that adding more images would be a good idea.

Wish list

 * Would be good if turtle link on each page (other than book-cover page) for navigating to the navigation controls at the bottom of each page, were animated when hovering the mouse pointer over it, such that the turtle appeared to be swimming forward. It looks like this can be done by simply animating from the current unicode string to a different unicode string. The following animation transition might be good:


 * --MarkJFernandes (discuss • contribs) 14:24, 27 April 2020 (UTC)


 * Would like to convert all gold-coloured headings into collapsible blocks, that are collapsed by default. I feel this would really make the book more usable. I can do this, but then the problem is that hyperlinks that link to anchors within such collapsible blocks, do not work when the blocks are collapsed (which is undesirable). It does look like that Javascript code can be used to expand such collapsible blocks before such hyperlinks are executed. However, I don't have specific guidance on how to do this for Wiki pages (for conventional websites, I could probably fairly easily do this). It does seem possible to do this for Wiki pages, perhaps with the use of some kind of book-wide `common.js` file however, it will likely take a while for me to figure out how to do this. It's best to leave this for now, and have it on the book's wish list.
 * --MarkJFernandes (discuss • contribs) 14:24, 27 April 2020 (UTC)


 * Would be good to have a hover-over Wikipedia page preview, for all Wikipedia page links (like how they have on Wikipedia). Have made a feature request regarding this here. It seems likely that this functionality is already available, but it appears it may take a while to figure out how to use it. Best to place it on the ongoing wish list for the time being.
 * --MarkJFernandes (discuss • contribs) 14:24, 27 April 2020 (UTC)


 * Book search currently doesn't return more than one result when more than one match occurs on a page. Such functionality is desirable for this book, where each chapter is stored on its own page. Have asked in the Technical Assistance reading room for help. Also would be good if icon and/or text for book search, matched colour scheme of book.
 * --MarkJFernandes (discuss • contribs) 08:58, 28 April 2020 (UTC)
 * The Wiki transclusion functionality might be helpful in the implementation of such book search functionality.
 * --MarkJFernandes (discuss • contribs) 08:28, 29 April 2020 (UTC)
 * The idea of restructuring chapter pages so that each section is on its own page, and then using transclusion to pool all chapter sections together so that a chapter can also be viewed on a single page, appears to be a good idea for implementing the book search functionality. With such in place, hopefully it would be possible to return several search hits for some search, even though the different hits be all for the same chapter. Another advantage of this approach, is that the page categorisation can be more refined. At the moment, a page containing much content, may be categorised into a category where there is only one small section on the page applying to the category. With this new approach, such course-grained categorisation can be avoided, with the knock-on effect of improving the categorisation system of the whole book.


 * Probably would be better to use paths indicating chapter number within total number of chapters, so that at top of page, this information is seen clearly in a large font size. For example, perhaps a path such as:
 * can be used. Probably best not to use folder names for this as users may get the impression that more than one page is contained in each chapter. Also, on each chapter page, the heading of 'Chapter n' where n is the chapter number, should probably be changed to 'Chapter n of 10'. A concrete example: 'Chapter 5 of 10'. This helps readers to get an idea of how far through the book they are, as well as how large the book is based on the amount of content that is on the page they are reviewing.
 * can be used. Probably best not to use folder names for this as users may get the impression that more than one page is contained in each chapter. Also, on each chapter page, the heading of 'Chapter n' where n is the chapter number, should probably be changed to 'Chapter n of 10'. A concrete example: 'Chapter 5 of 10'. This helps readers to get an idea of how far through the book they are, as well as how large the book is based on the amount of content that is on the page they are reviewing.

--MarkJFernandes (discuss • contribs) 11:28, 28 April 2020 (UTC)
 * Upon reflection, might be best not to change path such that chapter number information is included in it. The reason is if the number of chapters change, or the chapter ordering changes, the URLs may then have to change again resulting in any links to the old URLs becoming broken (which is undesirable). Instead, see whether the pages can be customised so as to either suppress or shrink the path shown at the top of each page (for this page, the path text is currently 'User talk:MarkJFernandes/End-user Computer Security'). I think this is likely possible seeing as the table of contents on pages can be customised.

--MarkJFernandes (discuss • contribs) 11:35, 1 May 2020 (UTC)


 * Would be good to have up-vote and down-vote buttons displayed next to each section heading, or similar web 2.0 features, so that users can easily indicate whether they like, dislike, agree, or disagree with a section. Has now been implemented in "Upvote_downvote_section_links" template.
 * --MarkJFernandes (discuss • contribs) 15:20, 28 April 2020 (UTC)

See here for wish list related to up-voting and down-voting sections. --MarkJFernandes (discuss • contribs) 14:13, 30 April 2020 (UTC) --MarkJFernandes (discuss • contribs) 10:32, 1 May 2020 (UTC) MarkJFernandes (discuss • contribs) 15:08, 1 May 2020 (UTC)
 * In the navigation controls in the footer of each page (module), a likely improvement is to have a re-sizeable  HTML element that displays (via linking) the contents of the 'Preliminaries' page. This would be an improvement because users would then not need to navigate back to the Preliminaries page each time, when wanting to access the contents, index, or foreword.
 * Make greater use of book-specific templates, by creating them just for this book, especially for the banner and footer of each page/module (the code of which is mostly duplicated for each page).


 * It is possible to use CSS files for styling and it is not that it is only possible to use CSS in the style attributes of the Wikitext. Therefore, it would be a very good idea to use CSS classes for the different styles used in the book—it would reduce code duplication to make it just better code. The way that such CSS files can be used, is exampled in the Template:End-user_Computer_Security/Upvote_downvote_section_links. The  tag has a   attribute that can be set, so that in the final page rendered to users, all   elements with their class attribute set to some value you set, have the related CSS-file styling applied to their contents. See Extension:TemplateStyles for more about this.

 MarkJFernandes (discuss • contribs) 09:30, 28 May 2020 (UTC)

MarkJFernandes (discuss • contribs) 10:13, 5 May 2020 (UTC)  MarkJFernandes (discuss • contribs) 15:26, 26 May 2020 (UTC)
 * Perhaps replace texts like 'section entitled' with the section symbol ( § ) for conciseness and perhaps better readability? If doing this, remember to add hover text so that user can hover over symbol to get some explanation as to what it means (HTML title attribute can be used for this).
 * As indicated at Reading_room/Technical_Assistance, in order to facilitate section-sensitive search results, a chapter can be split into its constituent sections where each section is stored on its own page, and then through transclusion, the chapter can be reconstructed onto a single page. I mooted this idea about a month ago (as can be seen at the just-mentioned link) and no one has given me particular feedback on it. I'm inclined to believe that the idea would work in practice because it hasn't yet received any negative feedback. Additionally, If the chapters are split up in such ways, Wikibook CATEGORIES categorising can be performed in a section-sensitive way, which seems like a really good idea. Therefore, doing such chapter conversions is on this wish list. When a section is placed on its own 'standalone' page, it should also contain a link that takes the user to the section as transcluded on its chapter page; this way, when users traverse links taking them to such 'standalone' pages, they can easily get to how the section should properly be read on its chapter page. In fact, automatic redirects to the parent chapter page may be even better than such links.

Userboxes on main page?
Hello!

I just noticed that userboxes on the main page of this Wikibook have caused it to be included in at least one userbox category. Is there a way to make it so the userboxes appear, but are not added to the category?

Thanks! --Mbrickn (discuss • contribs) 14:34, 23 June 2021 (UTC)