And it is true that since OpenID emerged from the world of blogging software, its real target isn't important stuff like banks; it's the zillions of little miscellaneous sites that you might just stumble into after following a link to an interesting article or something and perhaps you might like to leave a comment without having to go through a site registration process.
after following a link to an interesting article or something and
perhaps you might like to leave a comment without having to go through
a site registration process.
Then the blogging software can add that as a part of the link they forward to: here's this' guy's information and call me to verfiy if you want.
I thought that was the idea behind OpenID?
Anyway, browsers remembering passwords is fine, until you are not at your browser but want to login....
Also, recently my browser had a severe amnesia and forgot all logindata, including account names. (First time in 11 years or so, but frustrating.) And browsers sometimes stop working if homepages change their layout or whatever too much. (The "send me a new password via email" doesnt always work, either...)
But what I really do hate is the thge registering process in itself:
- No, this paricular special character for your nickname isnt allowed here
- No, we don't accept mail.ru or your special mail server
- Your password is too long, too short, too friggin blonde or whatever (I recently used a 16char password on a site which only accepts 15 chars and wasnt able to login, because you CAN enter 16 chars and the last ones don't get truncated...)
- You failed at the captcha, please try again.. 25 times in a row?
- "Your activation email will arrive soon" <- yeah, sure, two days is soon
- Why do I have to register to use a friggin search button or see some information that is absolutely not priovacy relevant?!
Even if registering only took two minutes, it is lost time. Time better spent browsing cracked.com, xkcd or pr0n!
except they've got tight session timeouts, they'd be real good openid providers...
Wed Sep 07 2011 17:40:06 EDT from IGnatius T Foobar @ UncensoredI sincerely doubt that any bank (or pretty much any site that has access to your money) will ever accept OpenID. Most already require two factor authentication.
hm, a meta openid/oauth/whatever anounced:
anybody in california?
I'm searching for the LibreOffice templates directory so I can add some additional ones that I downloaded for a class I'm writing for drill this weekend. I decide that, rather than randomly browsing through the file tree, I will use the file manager's built-in search function. I search for "template" and then go do something else for a while (no rush). I come back and there's a list of icons showing the folder names, but nothing to indicate where in the directory tree they are. I click on one and it opens up--here are the ones I downloaded. I hit back--
--and it runs the search over again. I wait another minute. Now I have the list again. I try switching the view mode so I can see a directory tree (and eliminate some obvious possibilities) and--
--IT RUNS THE SEARCH AGAIN. And I wait another minute. What? Why?
Best of all? There's no easy way to see where in the file structure a given search result is located, even in the other view modes.
Given the inanities of this interface, I will try to come up with better search parameters, but why couldn't it cache the results for a minute or two?
Would that kill anyone? Hard drive searches are not exactly blisteringly fast on this netbook.
simply use rox-filer. lightningfast, and realy tiny.
I thought Gnome would use "tracker" as a successor to beagle...
I use tracker outside of Gnome here and it is farking brilliant: It indexes your files as the windows index stuff does, but this time it really works. After a while, all your files are indexed, then if you search for something, you instantly get results. Fresh files and file changes are indexed via some kernel interface. I love it.
did they use c-carpet again?
In the process of digging into how to configure alpine to talk to the servers properly, I discovered that the Army is going CAC-only for access to e-mail effective 1 December.
This effectively cuts off all mobile devices and most non-Windows computers.
Configure Linux to use CAC authentication is possible but nontrivial; even the latest version of OS X is a step backward in that respect. Considering how much trouble most soldiers have with getting their CAC readers to work even in Windows, this is a major inconvenience. For reserve component soldiers (National Guard, Army Reserve) who don't have frequent access to Army-maintained computers with installed CAC readers and middleware, this will have a major impact on our ability to communicate during the month. And since we only meet once a month (except for those of us on full-time duty), e-mail is the PRIMARY method of communication.
I almost sold our 1SG on setting up a private messaging system (like, say, a citadel server) just so we could get company business done during the month; that was several years ago. He might be more willing now.
Honestly, if I can't get my Army e-mail on my phone any longer, it's not worth maintaining a data plan to me.
Sep 9 2011 1:57pm from the_mgt @uncnsrd
But it makes sense, I was just going to ask why you have confidential
ratings per paragraph in a medium as "email"... :)
Why portion mark when the entire e-mail system is on a ridiculously classified network? Because different things are accessible to different people, get declassified at different rates and are subject to the Freedom of Information Act. It's a big mess. The message as a whole must be classified at the highest level of any of its content, but if a recipient wants to use some of the information in it, he needs to know what that particular bit is classified to. Overclassification creates "cylinders of excellence" where no one can share anything with anyone else, which pretty much defeats the purpose of intelligence services.
But it makes sense, I was just going to ask why you have confidential ratings per paragraph in a medium as "email"... :)
Yes, but using email for this whole process is like communicating via posters on a campus and marking some sections "not to be read by students"...
SSL or not, you have the unencrypted message body lying around on a mobile phone or another unencrypted system, like your averade windows desktop, and you are allowed to choose your own email client... I would have expected something like enigmail and encryption enforcement policy for receiving devices, at least. I even expected a special locked client with paranoid security. Heck, all my linux systems have luks encrypted partitions (yes, root, too) and I am still bothered because /boot is unencrypted :)
But I do understand the concept of parapgraph/email classification now, makes sense.
Despite that, they are going to the CAC-only authentication because it's considered what used to be called Sensitive But Unclassified (SBU). If someone were on our company mailing list, for example, they could do something nefarious like plant a bomb at our company picnic site or intercept our convoy en route to a training site or something equally silly and annoying.
As a practical matter, enforcing CAC authentication merely convinces the soldiers not to bother using it. It's not HARD, exactly, to install, but you have to follow steps in the right order and install some stuff on your computer, and the early versions had a pretty bad reputation for b0rking Windows. Experience as the admin guy for our unit says that most people won't bother unless you make it dead-stupid-simple because the perceived benefit is minimal: "Oh, I jump through all of these hoops so I can check my e-mail only on this one machine, and now I have the great boon of being able to use a really shitty web portal that is state of the art 2002? And crashes frequently for no reason? And has a 100 megabyte total storage limit? And strips out attachments and links?"
Gee, sign me up.
It's annoying enough when you at least have machines to use at work (on base) that are CAC-enabled. But for the reserve component, we get a double whammy: we don't SEE each other except once a month (and so are more reliant on e-mail) and we don't have ready access to CAC-enabled computers unless we do it ourselves. Net result: Even before this change, perhaps half of my company used their Army e-mail address as their main point of contact; everyone else used some other e-mail address (and because I cared about communication more than policies that I can't enforce), I sent to those addresses. This will only increase.
Even if you configure CAC access on Linux or OS X, you still can't digitally sign the documents that we use, and more and more things are requiring this (evaluations, for example).
Ah, yes, thats a terrific system! Enforcing security which the users see as superflous is the nightmare of any admin... Especially if it isn't even for really classified stuff. And I can totally see people working around these restrictions.
At the university, people with access to the accounting software need a smart card too, combined with a pin code they can choose by themselves. Of course these pins are birthdates of themselves, familymembers or equally stupid numbers and the smartcard is kept in an unlocked drawer somewhere near the computer. All this because they are pissed off by the software (three letter acronym, founded by ex-IBM people, you might guess which one I am referring to) and it isn't their money in the first place.
I guess your admins should build the thumbdrive with CAC reader included (I guess it is RFID/NFC of some sort), so after booting off of it and inserting card, everything works fast and fine and nothing gets stored on untrusted computers.
The Army is still struggling with common sense issues that the private world has come to grips with a decade ago. No official business on personal hardware, but they don't provide you any. Meanwhile, God help you if you don't pay for a cell phone because they need to be able to reach you 24/7--but that is okay, for some reason. Just don't check your e-mail on it.
SSL or not, you have the unencrypted message body lying around on a
mobile phone or another unencrypted system, like your averade windows
desktop, and you are allowed to choose your own email client... I
This, of course, seems insanely counterproductive, when you consider that the average Windows desktop is *far* more likely to have been compromised than the average mobile phone.
An application running on a mobile phone is, at best, sandboxed -- and, at worst, telling you exactly what actions it's asking permission to perform.