firefox bloat? please explain.
You can see on the example of Uber that taxi companies rather try to forbid the app than sell off their cars and develop and offer competing apps, or focus on rich people who don't want to travel with unprofessionals. But I admit, in this example you may be right, as you don't have to fear competition.
New?! They controlled us all the time. At least since our ancestors arrived at this planet.
Billions of women (and men) around the world paying TRILLIONS for cosmetic product for what?
Skincare is the number one profit making venue for many cosmetic companies, big and small, all around the world
So, will the cosmetic companies let stupid progress destroy their revenue stream? Uh, I guess no. They will buy the researcher's startup for a shitload of money, and then suprise suprise it turns out the method wasn't so promising after all. And they will keep all patents on the technology so that nobody else can release a competing product.
they could steal stuff! better make rectal spyware control posts at the exit, so that nobody can smuggle something out.
Would be at least consistent with BBC's position towards EME. Not firefox should get the blame and the shitstorm.
Don't forget that when the code gets transmitted, it can be compressed down to 71 kb.
I guess very well. In fact, there is a project called peerCDN, which P2P based on WebRTC as a CDN. So Maelstrom can already be achieved by firefox and chrome.
You mean as something like this already has been suggested by lennart poettering? Yeah, there is something to it. Funnily the first dude answering the shuttleworth post was a systemD + btrfs fanboy...
But its good Ubuntu ppl removed this stupid btrfs requirement. I'm myself a fan of btrfs, but things should be exchangeable.
2 is one of my main concerns too. Let application developers develop their applications and library developers develop their libraries. Not every OSS application contributor wants to apply security updates in their free time.
And what is the U2F protected by? Nothing. Anybody who gets hold of the dongle can use it, at least getting into the system protected by a mobile app would require them to steal the device *AND* get the password. And not all phones are locked with a password. There are phones locked with biometrics, or patterns that couldn't quite be called a password.
All those mechanisms can also be implemented by the company as a first factor. Indeed, a system with dongle only is insecure, but security is increased when you have 2 factor.
TFS is about "passwordless authentication". When people are on the "no passwords" train they should consider that phones also have passwords. What they want to say is perhaps they want a master password. But thats something else.
On top of this, there is also the possibility of de-authorizing the device on the server-side with the 2FA provider.
You can do the same with a dongle, I've already pointed that out.
it still requires that the system be configured to let random keyboards/USB devices be plugged in.
I'm sure that when the need arises, some smart company will develop an USB adapter that only allows U2F devices to communicate with the host.
The smartphone can be lost/forgotten, but at least smartphones tend to be encrypted/locked with the option to remote-wipe. A U2F dongle that is lost would seem to offer no such protection.
What is a phone encrypted/locked with? A password. So thats a second factor. Whether you enter it at the companies computer or at the smartphone is no big difference. As a company, I wouldnt rely my security on unlock passwords. How often do you enter your unlock password when other people could, in theory, watch you? How can you as company ensure your employees do this never?
Same for remote-wipe. You set it up with a password. When your dongle (or phone) is lost you don't even need remote wipe, as you can simply call your employer and say it was lost (I admit if you use your dongle for more than just one party it can be a bit of work). With remote-wipe you can never be sure whether the attacker didn't crack the phone, and now just sent a fake "I'm wiped" message.
The apps for 2FA services tend to offer a rotating key, so it's not a fixed password that can be guessed.
With passwords I've meant what I've described in the upper paragraphs. Those rotating keys are yet another thing U2F is better at. Do you want to copy supid strings from your phone to your computer? Also, this kind of 2FA is dangerous, as its only time based and allows for MiTM attacks. U2F protects from those too by also authenticating the server.
The app also needs to be installed on a smartphone, which you can also lose/forget. If the app allows you to log in from arbitrary devices, its just passwords again.