Forgot your password?
typodupeerror

Comment: Re:to bad intel sucks in some ways (Score 1) 75

by MattJD (#44816491) Attached to: AMD Reveals Roadmap For ARM and X86 SoCs

Another reason why it's morally superior to buy Intel if you care about open source instead of just being some shill who acts like he is a God because he made it halfway through an Ubuntu install once: AMD has dumped some out of date documentation on the internet for third parties to do their Linux driver development for free... Intel *pays* people to develop the entire Linux graphics stack.. and yes, that includes pretty much the entire infrastructure that makes it possible for any AMD gpu to run in Linux. If you want to be such a purist do this: Take out all the code that bad-old Intel wrote and see how well your amazing AMD graphics work on Linux, now do the reverse with AMD & Intel: guess what still runs fine because AMD doesn't do squat for the Linux graphics stack?

This isn't true. While AMD's main focus is on their proprietary driver, they do pay for developers to make an open source driver. Important recent driver work includes enabling uvd, better power management, and continued work on enabling the 7000+ series. Intel doors seem to get more done, but AMD is working with the community too.

Also, Intel still refuses to use the gallium 3d architecture. Gallium is supposed to help centralise various pieces of writing a graphics driver, making less work for everyone. By not using gallium, less work is shared, meaning more work for the other 3d drivers. So while they are definitely a Linux friendly company, they sure aren't perfect.

Comment: Re:Not google? (Score 1) 81

I'll give you the blog post. I've always read the project as being the security first, and privacy as the tack on to "sell it." My focusing on security came from that stance. I'll move that goal post then. If you want to ignore the security aspect, then Personas loses its (IMO) big benefit. But it doesn't become a privacy nightmare either. The key to remember is websites already have emails (many using them as the login id anyways), so BrowserID keying off that isn't a direct problem. Its decentralized manner means anyone can claim an email address, or an infinite amount if they want, so multiple IDs are just as possible.

Comment: Re:Not google? (Score 1) 81

Now you are just cherry-picking my quotes. The tracking ability of independent websites co-operating has not changed. And realistically, as long as you identify yourself the same way across sites, this won't change. If you change your identity (Facebook/G+/OpenID/Email/etc), then they can't track you (according to our discussion of tracking). BrowserID can't change that. Even if BrowserID sent a unique ID to each website, each website would then require an email address anyways. Guess what? You are back to being tracked.

Now, what BrowserID does give you is independence from your Identity Provider tracking you. Under Facebook/G+, it is trivial to see how this occurs. Under OpenID, it is the same. Under BrowserID, the Identity Provider never knows what sites you talk to. In fact, email verification does not provide this security. If your email provider reads your emails (as Google does), Google knows what sites you are talking too. So regarding your points:

You: Eliminates multiple passwords
Me: So does facebook/googleplus and openid

True. OpenID and BrowserID are decentralized, which is there primary draw.

You: Just as vulnerable to tracking by 3rd party trackers as email verification
Me: Facebook/googleplus stops 3rd party trackers

Incorrect. Facebook/G+ gives you an identity. That is there entire purposes. So not only do Facebook/G+ know who you talk to, the sites can easily co-operate to know this too. And I've checked their API documentation.

You: Stops googleplus/facebook/openid authorization provider from tracking you
Me: So does email verification

Partially correct. As pointed out above, your email provider can track you still. And removes the benefit of removing multiple passwords, which is the real benefit being pushed.

To ensure there is no goal post moving, this is my stance:

  1. You are no less protected from privacy invasion from random sites. So not a concern for adoption, and a problem most people don't even care about. For those who do, there are already methods to work around the issue as I've explained earlier (using multiple addresses, mailinator is 100% supportable, etc).
  2. You are isolated from the Identity Provider, giving the advantage over Facebook/G+/OpenID.
  3. You lose the multiple passwords, which is the real security benefit. This is the claimed benefit. And it is successful.

Now, if you can prove any point above is violated, then I'm interested in discussing this further. Please bring proof of the violation. Otherwise I'm done here.

Comment: Re:Not google? (Score 1) 81

Come on, don't try to put words in my mouth. It is MY OBJECTION and I don't care that it is based on email. OK? What I am objecting to is the fact that it uses a unique ID across multiple websites. THAT IS THE OBJECTION.

I'm not putting words into your mouth, I'm saying nothing has changed. How many websites don't track your email address? And how many people change their email address across websites? If you change the email, then you have no change in your privacy level. If you don't, then your privacy stays the same too. Nothing changes.

It improves upon those systems in one way, the authentication source never knows where the person signed into.

That is a benefit so small as to be meaningless. If anything this makes the situation worse because instead of just one company tracking you across all those logins now you have a unique id that any tracker can key off.

If you are so worried about being tracked, it should be important. BrowserID stops one company from tracking you across every website you login too just by having you use their service. Of course if companies compare notes, then yes they can track your email address. But that is no different then before, and no different with OpenID.

The fact BrowserID standardized on it doesn't reduce privacy for most people,

However it does not significantly INCREASE privacy for most people either. So what is the point?

It's not about increasing privacy. It's about increasing security by killing extra passwords. That is its goal. It is about a decentralized single sign on. And BrowserID is working on that goal quite well.

No, only some of the credentials are temporary. The private keys used to sign those temporary credentials are permanent. My point is not about leaving them behind for someone else to misuse, my point is that those private keys are not there to begin with. You can't sit down at someone else's browser and just use it to log in because those private keys used to sign the credential are only stored back on your own computer.

According to this overview, that is not true. There are keys generated and used, but they are only valid for up to 24 hours (mentioned inside the above document). So yes you can just sit down at a computer and login to your favourite site, the computer will just generate a new key pair. It can even destroy the key pair once you are done, ensuring no one else can steal your identity.

And yes the private key can be re-used, but the public key is what expires and that is the signed component that matters. Thus after 24 hours, it doesn't matter that you have the private key.

Comment: Re:Not google? (Score 1) 81

The objection to it was that it requires the site to know your email address, but most sites know this anyways.

No, my objection is that it provides a unique id across multiple websites. An id that will be used for tracking purposes. The fact that the unique id is an email address is really irrelevant.

Except that it is not irrelevant. Websites already have your email address, and in most of the cases it is a pretty good identifier of the person. Most people I know have only one main email they use, the only exception being work emails. None of them use multiple emails to avoid tracking. And guess what most websites use as your identifier? Your email address. The fact BrowserID standardized on it doesn't reduce privacy for most people, and for those who care there are easy workarounds (regardless if you use multiple gmail/yahoo/etc addresses, mailinator, or domain catch-alls).

The goal of BrowserID isn't to reduce user tracking across sites. Its goal is to reduce the use of passwords, something it does pretty well.

By that requirement, there is no functional improvement. It does it just as well as centralized single-sign on like openid/facebook/googleplus. Maybe even worse since the credentials are stored in the browser, making it difficult to sit down at friend's computer and use it to log in.

It improves upon those systems in one way, the authentication source never knows where the person signed into. OpenID requires this knowledge due to how the protocol works (and it's not centralized btw). Facebook/G+ are the same. And using your friend's computer to login still works. The credentials stored in your browser are temporary.

The reason the above is true is that the email provider and the website do not talk to discuss an individual user's credentials. So your email provider (ex. Google) don't know where you are logging into. And your browser only stores a token for an individual site that is valid for a short time (with a limit of 24 hours I believe). So any browser can be used, because the really authority is your email provider, not your browser.

Comment: Re:Not google? (Score 1) 81

And most people have one email, and use it everywhere. This specification doesn't decrease their privacy because of that. If you are not already using multiple email addresses, you lose nothing by using browserid.

That is circular reasoning. If a goal of browserid is to increase the user's security, this system does not achieve that, it only maintains the status quo.

The goal of BrowserID isn't to reduce user tracking across sites. Its goal is to reduce the use of passwords, something it does pretty well. The objection to it was that it requires the site to know your email address, but most sites know this anyways. So privacy is not diminished, however the use of passwords (which most people don't handle well) is dramatically reduced. So yes, it improves security.

And just to add another point, if you own a domain and use a catch-all for multiple email addresses, nothing stops you from setting up an identity provider that authenticates all your email address by your one password, making multiple email addresses even easier to deal with.

I have issues with Persona, but this isn't one of them. The core BrowserID protocol is well thought out.

Comment: Persona vs Browserid (Score 1) 81

I still don't like Mozilla's Persona. For a system meant to be distributed and open, it sure relies a lot on Mozilla services. I like the idea of BrowserID (the underlying specification to Persona), I just really dislike how everyone has to rely on Mozilla to use Persona.

Comment: Re:Not google? (Score 1) 81

Except that mailinator could in theory implement an identity provider for its email addresses. There would be no security, but they could. Realistically it would be no worse then using mailinator now.

And most people have one email, and use it everywhere. This specification doesn't decrease their privacy because of that. If you are not already using multiple email addresses, you lose nothing by using browserid.

Comment: Re:You would think (Score 1) 303

by MattJD (#41503709) Attached to: Notch Won't Certify <em>Minecraft</em> For Windows 8

And that's exactly how my Linux distro's work as well ...

If a program isn't packaged for your distribution, how easy will be for anyone but the true blue Linux geek to install it --- or even to discover that it exists?

Well discoverability and installation of software outside the more approved channels is a challenge, its only that way because no standard has been created. Its not that its made intentionally bad, its that the old method (download source code, compile, install, run) is showing its age for people "who just want it to work"(tm). If you have an easy solution to this problem, there are many people who would be interested (myself included). There are lots of solutions out there trying to solve the problem, but they all have their individual issue.

Ubuntu developers set as a goal:

"...there should be one obvious mechanism for installing, removing, and updating software in Ubuntu, with a self-evident name and an interface anyone can use. There should be a coordinated system for developers and enthusiasts to improve the usefulness of descriptions and other metadata for software packages. The software updates interface should be honed to maximize the voluntary installation of updates across the millions of computers on which Ubuntu is installed. And projects and vendors whose software is packaged for Ubuntu should be encouraged to provide links to their software's presence in the Software Store, instead of command-line installation instructions.

Ubuntu Software Center

This reads equally well as a mission statement for the the Kindle, Android smartphone, Win 8 tablet, and the iOS mobile device.

It is only a half-step away from an admission that the "obvious" mechanism --- the increasingly familiar, easy to use and trusted app store --- is about to become the most significant --- perhaps the only significant --- distribution channel for computer software and services.

Um ... And that's a problem because? I never once stated that an app store is bad. Having an official distribution channel, that's built to high standards is good IMO. Its when a company (or group of people) decide it will be the only channel allowed that I have an issue.

I haven't investigated the Ubuntu Software Center (not an Ubuntu user), so I don't know how it works. That being said as long as I can get its software for whatever distro I choose, and I run whatever software I choose on Ubuntu, its fine by me. And the same goes for Kindles, Androids, Win 8, and IOS.

Comment: Re:You would think (Score 5, Insightful) 303

by MattJD (#41498883) Attached to: Notch Won't Certify <em>Minecraft</em> For Windows 8

The Linux developer who touts the convenience and safety of his distro's repository isn't in a position to complain when other operating systems move in the same direction.

I have absolutely no problem with app stores having a curated listing of items. Its when that stores is the only method I can get software I have an issue. That's why I don't mind Google's Play Store (for apps), while its the default on my phone I can easily enable side-loading of apps on to it.

And that's exactly how my Linux distro's work as well ...

Comment: Re:What pump has *control* via wireless? (Score 1) 81

by MattJD (#37000268) Attached to: Probing Insulin Pumps For Vulnerabilities

I know Animas's OneTouch Ping also is remotely controllable from its meter. It isn't a closed loop, but you could definetly pour a good amount of insulin into someone.

Also, studies have shown that people cannot accurately predict there glucose levels. While people can tell they are off (especially low), exact numbers are hard to produce.

Comment: Re:culture difference (Score 2) 126

by MattJD (#35654958) Attached to: Censorware Vendors Can Stop Mid-East Dealings

While such software in of itself is not evil, and having an opt-in system to allow people to use such software to block out parts of the Internet they either do not want to see or are trying to protect someone else (think of the children!), I personally start having issues when its government mandated and no way to get around in a simple manner.

If my ISP (if it doesn't already) offered a mechanism to filter the Internet for me with a account specific password to get around it, I would not complain. However if tomorrow they put in a forced filter that I had no way to opt-out of, especially on a per-site basis, then I would have a problem with them.

To keep this on track, remember the article is talking about situations where governments force people to accept this, thus controlling what people can see and thus trying to think. Just using filtering software is not evil, and you are not forced to visit the whole Internet without it. Its forced censorship that is evil.

Comment: Re:standard author/exploiter response? (Score 1) 281

by MattJD (#29980902) Attached to: Bug In Most Linuxes Can Give Untrusted Users Root
Except of course being able to generate a million spoofed tcp syn packets that overload different servers w/o taking client resources (beyond bandwidth), or any other similar kind of attack you can think of when you forge packets. Its just not for authenticating streams you know ...

Comment: Re:Pay teachers more (Score 1) 853

by MattJD (#23661237) Attached to: Have Mathematics Exams Become Easier?
It seems the same for me too. I know they've taken out many concepts from the curriculum that sounded really interesting (imaginary numbers as a prime example). I find that we try to equalize the playing field too much. Instead of equalizing the field, we should make sure that everyone has a chance. Not everyone can write a book, and not everyone can comprehend quantum mechanics. That doesn't mean writing a 3 page novel or understanding quantum mechanics as 20th physics should mean a 90% in school. Instead what people are good at they should excel at, and everything else has support structures they can use (tutoring, extra help from teachers, etc.) Dumbing everything done just means that once you need all the skills and don't have them, you won't be able to preform.

I guess my real point is that while we shouldn't discriminate against any single group, we should make sure anti-discriminative behaviour doesn't negatively affect people trying to be better too.

Never underestimate the bandwidth of a station wagon full of tapes. -- Dr. Warren Jackson, Director, UTCS

Working...