Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission Summary: 0 pending, 3 declined, 1 accepted (4 total, 25.00% accepted)

DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Submission + - Jolla partners with SSH to create Sailfish Secure (techcrunch.com)

muckracer writes: Finnish mobile company Jolla will be working with Finland’s SSH Communications to offer another version of its SailfishOS platform with stronger security credentials. The partnership was announced today at Jolla’s press conference in Barcelona at the Mobile World Congress trade show. SSH will be providing comms encryption and key management to Sailfish Secure.

Submission + - Oracle to start charging for SUN ODF plugin (sun.com)

muckracer writes: The formerly free Microsoft Office OpenDocument Plugin, developed by SUN Microsystems, now carries a price tag of $90 per user "to obtain a Right to Use (RTU) license", after Oracle took over the company. Whether the plugin, which enables Microsoft Office programs to read and write the ISO-standardized ODF document format, will continue being developed at all remains to be seen. Oracle is currently "reviewing the Sun product roadmap" which they state no longer represents "a commitment to deliver any material, code, or functionality".

Submission + - Using GPG for website authentication? 2

muckracer writes: With recent discussion about passwords and their obvious deficiencies
I've been wondering, why we don't use GPG authentication as a common
way of logging into sites:

During the initial registration at some site like Slashdot the user
gets asked to upload his public GPG key. On each subsequent login the
site sends an encrypted challenge that gets locally decrypted with
the user's secret key. A signed (and optionally encrypted) response
gets sent back to the server, verified against the stored public key
of the user and voila...login succeeded. If the site itself has a
public 'site' GPG key it would also allow for mutual authentication,
basically eliminating any phishing possibilities.

All that'd be needed for this to work is browser/plugin support and,
of course, server-side support (the user should only ever see a local
window asking for the GPG passphrase on logging in). But the payoff
would, unless I am missing something entirely, be tremenduous: secure
single sign-on for all web sites needing a login and one at that,
that's locally administered. No passwords ever hit the wire nor do
they need to get stored server-side. The same key/passphrase would
also handle e-mail and help make having a GPG key worthwile for the
rest of us. What's your take on this?

Slashdot Top Deals

The trouble with opportunity is that it always comes disguised as hard work. -- Herbert V. Prochnow