I made my own collectively managed workplace with some friends. Works great, you should try it.
Regular person? This is slashdot, there are no "regular persons" here.
Good article, quite interesting to see the problems a community is faced when going through standards processes.
Our standards making process is broken beyond repair. This outcome is the direct result of the nature of the IETF, and the particular personalities overseeing this work. To be clear, these are not bad or incompetent individuals. On the contrary – they are all very capable, bright, and otherwise pleasant. But most of them show up to serve their corporate overlords, and it’s practically impossible for the rest of us to compete. Bringing OAuth to the IETF was a huge mistake.
That is a worrisome situation. With the internet openness being so much based on open standards, the idea that the corporate world is taking over standards and sabotaging them to fulfill their own selfish interests is quite problematic, to say the least.
As for the actual concerns he is raising about OAuth 2.0, this one is particularly striking:
Bearer tokens - 2.0 got rid of all signatures and cryptography at the protocol level. Instead it relies solely on TLS. This means that 2.0 tokens are inherently less secure as specified. Any improvement in token security requires additional specifications and as the current proposals demonstrate, the group is solely focused on enterprise use cases.
I don't know much about oauth, but this sounds like a stupid move.
What's wrong with Scriptno? https://chrome.google.com/webstore/detail/oiigbmnaadbkfbmpbfijlflahbdbdgdf
Is it multi-user however?
I have been keeping an eye on this project for a while. To quote their description: "SFLvault is a Networked credentials store and authentication manager. It has a client/vault (server) architecture allowing to cryptographically store and organise loads of passwords for different machines and services."
The design seems sound, and it is a server/client model which seem to fit well your "multi-user" requirement, which isn't fulfilled by any other password manager that I know of. It can also automagically log you into different services like SSH, MySQL or sudo and can do multi-hop.
The only issue I have found so far is that installing the server component is a bit of a pain (ie. no Debian package, as opposed to the client side)... but i guess this really depends on the "Linux" environment you are using...
I have been maintaining a list of FLOSS password managers in our public wiki for a while, any suggestions not mentionned there are welcome.
I was also a bit surprised to see basic stuff and some repetition in the article there, but trick #3 was really nice for me:
ssh-keygen -R remote-hostname
This will remove the entry for remote-hostname in the known_hosts file, for example if you know the key changed or (don't do that) if you think you're in a MITM attack and don't care.
now that will fix many countless fiddling around the known_hosts file...
i have stopped using telnet when i discovered swaks. It just rocks.
The Debian packages are really strange for XBMC. First off the Linux instructions are aimed primarily at Ubuntu. Then the other problem is that there is some kind of a fork between the "official packages" for Ubuntu and the Debian packages provided on debian-multimedia.org, the latter not being up to date (only rc2 is available).
I also note that the Ubuntu packages have an Epoch while the Debian packages do not, which makes it hard to switch between the two.
Short of adding a Ubuntu PPA to my sources.list, I am not sure how I can get this thing installed on Debian, which is a bit annoying.
I wish those great products would actually go the extra mile and work with distributions for their products to be packaged, especially since they seem to be familiar with Debian pacakging...
your fucking comment didn't have a fucking link thank you very much. and i am
thanks for the source anyways.
Any program which runs right is obsolete.