Slashdot Mirror
Sun Releases Open Source Tool for Project Liberty
ruisantos writes "After submiting the technical specifications for the project , Sun has finally launched an open source tool for its upcoming Sun ONE Identity Server version 6.0, the news can be found on CNET news."
The Liberty Alliance Project is an effort to establish a universal online authentication system that serves as an alternative to Microsoft's proprietary Passport online ID system. Both efforts have the same goal: let people surf the Web without having to constantly re-enter passwords, names and other data at different sites.
The question is will Liberty Alliance Project be more secure than passport. Wait, who am I asking? Of course it will be better in security than M$. Who isn't?
Are you kidding? Go back to your leet college lab.
Excuse me? i didnt even finish high school, and i really hated my grade 8 gym teacher.
I don't get it. Is Sun ONE the same as the Liberty Alliance? The article that is referenced doesn't mention Sun ONE that I could see, just the Liberty Alliance.
I didn't even know that the Liberty Alliance was still around since Hailstorm kinda fell through.
I wonder if they're having much luck selling the idea to anyone. Microsoft sure didn't.
www.timcoleman.com is a total waste of your time. Never go there.
If you ever get a FedEx package, thank Solaris for helping it to get to you.
------
Never underestimate the power of stupid people in large groups.
after a few years swinging in and out of the open source community with hidden agendas, maybe Sun is serious this time?
Analytic & algebraic topology of locally Euclidean meterization of infinitely differentiable Riemmanian manifold
Yes, this is open source software, but can anyone explain me the difference between a no-go commercial application and this, except that you have the 'source' ?
As I read in the license it's still 'Intellectual Property bla bla', 5 lines thereafter they define 'Commercial Use'...
What we need is Free Software, not crappy I-wanna-be-cool-but-am-GPL-scared software.
To me this is no better than (oh-the-horror) Microsoft Word
Why not just tell your browser to remember the login? Frankly I trust my computer a lot more than some corporation - Microsoft or otherwise.
No, I did not read the f***ing article!
My brother works at fedex and they are turning into an all Windows shop. THey still have a few old sun and ibm boxen left but they are phasing them out. Most of the package tracking is done on NT boxes that retrieve the data from a Mainframe. Another Mainframe actually processes the orders but everything else is mostly NT.
Was there any other prior releases ?
What is point of jumping directly to 6.0
That is far from the truth. While they do use Windows CE terminals for some tracking, most of the the other stuff is Solaris. Weather, some scanning processing, and avation (ramp managment, flight tracking, ect) to name but a few applications that run on Sun boxes. I know I support the stuff.
------
Never underestimate the power of stupid people in large groups.
http://www.experimentalstuff.com/data/ipl-0.1.zip
Great, so if we ever decide this is a good idea, I guess we know who to look to
Recent article on Linuxworld Apache & Plan9 which describes another solution to identity management.
You should not be using the same password for all your sites, even if the authentication mechanism never lets the site server have the actual password. If this one password is exposed by your own accident or something, you've basically given whoever has it access to everything. You might as well hand them your wallet, too.
To track spamming leaks, I also give each place which gets my email address a different one. So there's another piece of information that needs to be different. Not everyone yet has the ability to do this, and not everyone will want to. But a lot of people will unless the spam problem gets solved (unlikely).
Anyway, I see major privacy risks in both Liberty Alliance as well as Passport, particularly in not letting people (easily?) control who gets what information.
now we need to go OSS in diesel cars
On the other hand, when the machine you enter your passwords on is compromised, you only need to change one password...
As an assistant member of the security team of a large fortune 500 company, I have discovered a new form of terrorism stemming from the deepest underground of the Internet. A site catering to hackers, communists and anti-Americans called Slashdot.org has created a new type of denial-of-service attack known as 'the Slashdot effect'. This attack has been used against what are seen as the enemies of the 'Open source movement' which include many large American companies such as Microsoft as well as many American media companies such as Time-Warner-AOL. The Slashdot Effect could have a potentially crippling effect on the American computer industry and I feel it is justified to offer my own advice on this problem.
What is the Slashdot Effect?
The Slashdot Effect (also known as Slashdotting) is a new form of denial-of-service attack stemming from the site Slashdot.org. Once they find a 'target' (whether it be a large media company or small personal homepage) the URL of the site is posted on the front page of Slashdot.org. Members of this site attempt as quickly as they can to follow these links and overload the target server. This causes the 'target' website to slow to a grinding halt before going offline. It can sometimes take days or even weeks for the site to recover from such a surge of traffic, and often the servers can be damaged beyond repair (that is, they cannot be fixed with a simple defrag!).
Who is normally the target of the Slashdot Effect and how is it done?
Many American companies have already been attacked by the Slashdot Effect. Targets often include news sites such as the New York Times as well as well as large American companies such as Intel. Sites that criticize the open-source movement are a prime target. For example, lets say an American media website such as the London Times does a review of a little known operating system known as Linux. Linux is an operating system developed by a hacker from communist Finland, which is based on code stolen from an American operating system known as Unix. It was created in cooperation with a communist group known as g.n.u. (Which stands for Glorified Novelty Unix) and is generally unusable by non-hackers. Obviously since it is such an archaic and unstable operating system compared to those made by American companies such as Microsoft it would get a bad review on the London Times. Once a Slashdot member discovers this honest review the URL would be posted on the front page of Slashdot.org. A flood of users would follow the link to the site and bring the server to a grinding halt. Since most of these users are terrorists they would probably have ads disabled using European hacking software. This would mean a potential loss of thousands of dollars worth of ad revenue. To top it off, members of Slashdot.org often plagiarize the articles and post it on illegal mirrors, furthering the loss of ad revenue. Members of Slashdot are rewarded for plagiarizing in the form of 'Karma', a form of hacker currency, on Slashdot.org.
What can I do to avoid the Slashdot Effect and how would I deal with it if it happened?
The easiest way to avoid the Slashdot effect is to refrain from posting anything about any open-source software, especially Linux. Focus your website on fine American companies such as Microsoft. You can also set up your server to reject any links from Slashdot.org, something many people have done. If you think your site is being attacked by the Slashdot Effect, contact the authorities immediately and report this act of terrorism. The penalties against hacker/terrorists are stiff and you can feel confident that the perpetrators of this terror will be punished in the harshest possible means.
by Anonymous Pancake
It has come to my attention that joo are teh suxor.
Pls fx k thx bye.
If so, then I might have some enthusiasm for it, and I imagine lots of others would as well.
If my identity data is to be stored by some commercial service, even a Liberty Alliance member, I'm afraid I have no plans to participate.
I won't use any website that requires me to sign up for Passport. I've done a lot of Windows development the last couple years, and I can well imagine it would be to my benefit to pay for M$' developer program, but my understanding is that it requires Passport to participate, so I won't have any part of it.
Even if I had my own personal server storing my identity, you can bet I will configure my firewall so it will only accept queries from sites I consciously want to have the information.
-- Could you use my software consulting serv
My net connection is kinda primitive out here in the Maine sticks.
I can pay $70 a month for static IP dedicated dialup, which I think is excessive, but at some point I might have to do that. But I imagine most people who might want to run personal servers wouldn't want to pay to have static IP's.
-- Could you use my software consulting serv
My brother works at fedex and they are turning into an all Windows shop.
This assertion is completely and utterly incorrect. It is so far from the truth that one might consider it a deliberate fabrication. Real core production FedEx systems revolve around serious IBM mainframe hardware. Nothing else really supports the necessary transaction volume. Many applications are front-ended by web interfaces running on lots and lots of Sun servers. And Sun boxes being phased out are being upgraded, not replaced. No one at FedEx seriously considers Windows for any core business application, server side. No way it could handle the volumes of data.
For example, one of our smallest non-core-business systems handles maintenance on our vehicles. We periodically look for an off-the-shelf system to buy. Vendors come in all bright and happy and tell us how wonderful their application is. It's easy to use and runs on nice commodity PC hardware under Windows. They tell us they have customers supporting fleets with several thousand vehicles with no problems. And they say it as if we should be impressed about someone operating fleets of 1, 2 or even 3 or 4 thousand trucks. We say, "Great! We have over 160,000 assets, over 60,000 of which are big rigs alone. We have more than 2,000 mechanics scattered over the globe performing 5,000-10,000 different repair actions on those assets every business day, year round, to keep them running. Those repairs generate 500-1000 potential vendor warranty claims per day which must be processed and filed as fast as they are created. And we must automate every possible part of the process chain that we can. Oh, and we need to retain all that data on-line for anywhere from 18 months to 5 years for various business and regulatory reasons. Can your system handle that?" And they look back with a deer-in-the-headlights look and promise to get back to us. And back we go to those old mainframes just chugging happily along, with nice spiffy web front-ends and feeding big honkin' data warehouses on Sun servers. And this is an example of one of the tiniest systems we have! Never mind about really important stuff like flight planning, scheduling or, heaven forbid, the Sort!
Oh, and we can't forget the millions of lines of custom COBOL that have been written and tailored to FedEx business processes. Code that would take some terrible amount of programmer-decades to re-engineer if we ever moved off mainframes.
Just because your delivery-truck driving brother uses a Windows PC at his station or strapped to his wrist does not at all mean that FedEx is in any way using Windows for anything other than client access. We use what makes sense, where it makes sense. For clients, at this point in history that's mostly Windows. For most everything else with really big requirements, Windows just doesn't make sense, whether for reliability, scalability or performance.
There are two excellent tools that I use pretty regularly to keep track of passwords on websites and other services.
Password Safe was origionally developed by Bruce Schneier of . It is open source now.
Gpasman is another alternative. I use it on my linux boxes.
I've found them invaluable for keeping track of passwords. Password Safe runs quite happily under wine, and has a tool built in to automatically generate excellent (i.e., almost unrememberable) passwords.
This is an ex-parrot!
what's wrong with Web Initial Signon (webiso nee` pubcookie)? it certainly works well in a University setting, and it might work well in other contexts.
Ceci n'est pas un post
Magical spell is ai-ai-poo!
(-1, Raw and Uncut is the only way to read)
Whatever else you want to say about Bill Gates; he certainly is a visionary. He saw through the hype and while the rest of the world watched a pedjulum swing to favor OSS then commercial software, then OSS once again, he saw how OSS would mature to threaten Microsoft software dominence.
It's great to see that vision coming true as major corporate players are actually finding ways to leverage OSS as a competitive advantage, rather than simply sponsoring projects for PR value.
Bill may see threats around every corner, but he isn't often wrong about this stuff. It's great to see these threats actually manifesting themselves. Life is good!
--CTH
--Got Lists? | Top 95 Star Wars Line
I think the best solution is to store one's passwords under hard encryption, and keep the physical storage medium in a safe - a physical metal box with a combination lock - when not in use.
I'm not using it yet, but at some point I'd like to get a Palm or Handspring Visor just so I can use Keyring for PalmOS (formerly GNU Keyring).
An alternative would be to put compact flash readers on all my machines and use a compact flash card.
Finally, there is WiebeTech's FireWire KeyChain, which stores up to 1 GB of data in a tiny package convienent to hold your metal keys and keep in your pocket.
The advantage of the PalmOS keychain is that it requires no software or hardware support on the computers it is used with, and it can be quickly moved from computer to computer. The advantage of compact flash and WiebeTech's product is that software support can pop the password onto the clipboard for you for convenient pasting into your browser.
-- Could you use my software consulting serv
passport? what?
i could not think of anything clever.
quick...somebody think of a witty poll
To blockquote the original poster:
You might just need to find somebody who's fluently compu-multi-lingual.
Karma: Food Fight (Mostly affected by Date Plate).
Just out of curiosity (I work for a courier company here in Sydney, Australia), what type of system does "the sort" run on? (We have "the sort" here too :-)
The download link gives 404, you guys /.ted it again!
"It would be nice if i could use the info on a centralized system."
It's called a smart card. You go, it goes with you.
If you want something more there. Try a USB keychain device, with smart card features.
"Whatever else you want to say about Bill Gates; he certainly is a visionary."
o ween1.php
"You've got to be willing to read other people's code, then write your own, then have other people review your code.
-- Bill Gates"
"Hardware must be paid for, but software is something to share.
-- Bill Gates"
Seems pretty "visionary" don't it?
Shame he couldn't take his own advise.
Good thing he has people to let him know the train is coming.
http://www.opensource.org/halloween/hall
This isn't just about browsers, its about mobile phones, PDAs, servers, TVs, Set-top boxes, smart cards etc etc.
And its not just about Web content, its about authorisation systems as a whole.
A browser is just one very very small part of what Liberty could be used for. And while a browser remembers a password, it doesn't know who you are and cannot prove that you are that person.
An Eye for an Eye will make the whole world blind - Gandhi
Also, would you care to point out where the SISSL is incompatible with the GPL?
From the License List at GNU.org:
A popular free office suite is licensed under SISSL and Lesser GPL, similar to the way Mozilla is licensed (MPL/LGPL/GPL). Unlike the OpenOffice.org suite, this Liberty implementation doesn't seem to also be under a GNU license.
Will I retire or break 10K?
what's wrong with Web Initial Signon (webiso nee` pubcookie)?
When I first saw the name "WebISO", I got the impression "download ISOz [i.e. ISO 9660 CD-ROM images that probably infringe a copyright] over the Web". I bet more than one suit will pick up a software copyright infringement connotation from that name.
Will I retire or break 10K?
seriously, this actually has a chance, look at the list of members/sponsors at : their website
and the concept of a contiguous online identity is coming anyways, so someone has to offer an alternative to the crap microsoft has been plugging . i'm really looking forward to offering my family members who are just in love w/ what ms already offers something else, running on a secure(r) platform
PC moderators can suck my White pierced, tattooed dick. If you think pride == hate, s/dick/Aryan meat mallet/g.
Uhm. yes.. a smart-card might do it or USB keychain. Assuming the computers you work with have a way of reading those things... In most cybercafe's your not allowed to attach a device to their systems. Nor has everyone a smartcard reader. Not everyone is tech savy..
There seems to be alot of misconceptions about Liberty. As I understand it, the framework allows you to "assert" your identity to a remote location by a trusted third party. Perhaps your trusted third party is your bank, or your University, or your ISP. You authenticate with them, then a packet of data asserting who you are is digitally signed by this trusted third party and sent to where ever. If the remote location trusts the third party to assert identities, then you are in.
This does not seem to be about having the same password on every site, or even having ANY password on a site. It is federated authentication (and possibly authorization, but I don't know how they would do that, possibly with SAML assertions).
Finkployd
If COBOL code is what bothers you, and you like Sun servers, check:d ex.html
http://www.sun.com/migration/mainframe/in
I work for an automaker company (VW Mexico) and we migrate all our mainframe applications to Sun's UniKix platform.
The only hard part is 390 assembler code that needs to be completely rewrite. Fortunatelly we only hade few lines of it. COBOL code run with little change in Sun's E10000. It ends up been way faster and cheaper than the mainframe solution.
If your mainframe has 100 to 500 MIPS you will better try to buy the smallest Sun server that fits that computing power, to reduce even more maintenance costs. Maintanance for a E10000 was half of what we pay to IBM for his mainframe, too much for a Unix server if you ask me...
Sun claims that their new SF15K has 6400 mainframe MIPS... When IBM's G7 has 3000 MIPS. I don't now if that big difference is true, but a good Unix server seems to have comparable power to a mainframe at a lower price point.
The only big difference was the management of the Sun Server. Is not as "profesional" as it was for our mainframe. root account is own by to many if you asks me.. we did have some problems in the initial phase becouse of too many people doing to many things at the same time with root access.
But you better give it a try, at least.
Regards!
Your phrasing reminded me of a passage from Pratchett:
I will now picture "the Sort" as a mind-bogglingly immense task every time I think of FedEx.
Dewey, what part of this looks like authorities should be involved?
I'm sure this is all fine and true for FedEx US, but there's FedEx EMEA and APAC too. we get all our main feeds of data from the mainframe at the US that is true, so you may say that at the core FedEx is run on a mainframe.
When i started to work for FedEx, there was a policy in place - no NT allowed. Oh, how i longer for those days, because at the moment we are 50/50 unix and NT. The reason for this is surely that in our region the load isn't that high as in the US and mostly every country has his seperate little system fullfilling their specific needs (consolidation project has been started just now). This means a bunch of in house developed applications. These applications are written in C or Java, but there are some VB creations running on NT too. Only in the last half year or so there has been interest in linux (before that time there were projects that were not allowed to run on linux, even though the NT server was just acting as web server running IIS).
Anyway at the time of speaking NT has been depreciated unless you have a valid reasons in favor for linux. Even for development, the new strategy is to run/develop on linux and later port over to your UNIX of choice (solaris of hpux).
So yes, there is a high volume of NT in our region, which is not the case for the US.
On a long enough timeline, the survival rate for everyone drops to zero.
Great idea, and just one more reason ISPs ought not prevent you from running your own server.
how long until someone writes an
AIS server
to sit on top of Sun's server?
http://www.pay2send.com/ais/ for more info,
including a working AIS server (although there
is much work to be done on all of it)
Bill's approach to reverse engineering is a little edgy:I'd have to say that this approach is illegal under the DMCA, if not previous copyright law.
--CTH
--Got Lists? | Top 95 Star Wars Line
For most everything else with really big requirements, Windows just doesn't make sense, whether for reliability, scalability or performance.
Sounds like someone's been fed some tall tales from the old grizzled Unix gurus. For the truth on transaction handling, check out the Transaction Processing Perfomance Council's figures. Oh my goodness, Microsoft's SQL Server rocks them all! How can that be? When you throw as much hardware at it as the mainframe guys do, it blows them all away, because its per-processor performance is higher than all the rest. Oracle has 6615 tpmC per processor, while SQL Server has 9644 tpmC per processor. Tell me again about Wintel's lousy transaction capabilities?
A new supply of round tuits has arrived and are available from Mary.
Anyone who has been putting off work until they got a round tuit now
has no excuse for further procrastination.
- this post brought to you by the Automated Last Post Generator...