Slashdot Mirror
Sun Releases Open Source Tool for Project Liberty
ruisantos writes "After submiting the technical specifications for the project , Sun has finally launched an open source tool for its upcoming Sun ONE Identity Server version 6.0, the news can be found on CNET news."
I don't get it. Is Sun ONE the same as the Liberty Alliance? The article that is referenced doesn't mention Sun ONE that I could see, just the Liberty Alliance.
I didn't even know that the Liberty Alliance was still around since Hailstorm kinda fell through.
I wonder if they're having much luck selling the idea to anyone. Microsoft sure didn't.
www.timcoleman.com is a total waste of your time. Never go there.
Yes, this is open source software, but can anyone explain me the difference between a no-go commercial application and this, except that you have the 'source' ?
As I read in the license it's still 'Intellectual Property bla bla', 5 lines thereafter they define 'Commercial Use'...
What we need is Free Software, not crappy I-wanna-be-cool-but-am-GPL-scared software.
To me this is no better than (oh-the-horror) Microsoft Word
Why not just tell your browser to remember the login? Frankly I trust my computer a lot more than some corporation - Microsoft or otherwise.
No, I did not read the f***ing article!
http://www.experimentalstuff.com/data/ipl-0.1.zip
You should not be using the same password for all your sites, even if the authentication mechanism never lets the site server have the actual password. If this one password is exposed by your own accident or something, you've basically given whoever has it access to everything. You might as well hand them your wallet, too.
To track spamming leaks, I also give each place which gets my email address a different one. So there's another piece of information that needs to be different. Not everyone yet has the ability to do this, and not everyone will want to. But a lot of people will unless the spam problem gets solved (unlikely).
Anyway, I see major privacy risks in both Liberty Alliance as well as Passport, particularly in not letting people (easily?) control who gets what information.
now we need to go OSS in diesel cars
As an assistant member of the security team of a large fortune 500 company, I have discovered a new form of terrorism stemming from the deepest underground of the Internet. A site catering to hackers, communists and anti-Americans called Slashdot.org has created a new type of denial-of-service attack known as 'the Slashdot effect'. This attack has been used against what are seen as the enemies of the 'Open source movement' which include many large American companies such as Microsoft as well as many American media companies such as Time-Warner-AOL. The Slashdot Effect could have a potentially crippling effect on the American computer industry and I feel it is justified to offer my own advice on this problem.
What is the Slashdot Effect?
The Slashdot Effect (also known as Slashdotting) is a new form of denial-of-service attack stemming from the site Slashdot.org. Once they find a 'target' (whether it be a large media company or small personal homepage) the URL of the site is posted on the front page of Slashdot.org. Members of this site attempt as quickly as they can to follow these links and overload the target server. This causes the 'target' website to slow to a grinding halt before going offline. It can sometimes take days or even weeks for the site to recover from such a surge of traffic, and often the servers can be damaged beyond repair (that is, they cannot be fixed with a simple defrag!).
Who is normally the target of the Slashdot Effect and how is it done?
Many American companies have already been attacked by the Slashdot Effect. Targets often include news sites such as the New York Times as well as well as large American companies such as Intel. Sites that criticize the open-source movement are a prime target. For example, lets say an American media website such as the London Times does a review of a little known operating system known as Linux. Linux is an operating system developed by a hacker from communist Finland, which is based on code stolen from an American operating system known as Unix. It was created in cooperation with a communist group known as g.n.u. (Which stands for Glorified Novelty Unix) and is generally unusable by non-hackers. Obviously since it is such an archaic and unstable operating system compared to those made by American companies such as Microsoft it would get a bad review on the London Times. Once a Slashdot member discovers this honest review the URL would be posted on the front page of Slashdot.org. A flood of users would follow the link to the site and bring the server to a grinding halt. Since most of these users are terrorists they would probably have ads disabled using European hacking software. This would mean a potential loss of thousands of dollars worth of ad revenue. To top it off, members of Slashdot.org often plagiarize the articles and post it on illegal mirrors, furthering the loss of ad revenue. Members of Slashdot are rewarded for plagiarizing in the form of 'Karma', a form of hacker currency, on Slashdot.org.
What can I do to avoid the Slashdot Effect and how would I deal with it if it happened?
The easiest way to avoid the Slashdot effect is to refrain from posting anything about any open-source software, especially Linux. Focus your website on fine American companies such as Microsoft. You can also set up your server to reject any links from Slashdot.org, something many people have done. If you think your site is being attacked by the Slashdot Effect, contact the authorities immediately and report this act of terrorism. The penalties against hacker/terrorists are stiff and you can feel confident that the perpetrators of this terror will be punished in the harshest possible means.
by Anonymous Pancake
If so, then I might have some enthusiasm for it, and I imagine lots of others would as well.
If my identity data is to be stored by some commercial service, even a Liberty Alliance member, I'm afraid I have no plans to participate.
I won't use any website that requires me to sign up for Passport. I've done a lot of Windows development the last couple years, and I can well imagine it would be to my benefit to pay for M$' developer program, but my understanding is that it requires Passport to participate, so I won't have any part of it.
Even if I had my own personal server storing my identity, you can bet I will configure my firewall so it will only accept queries from sites I consciously want to have the information.
-- Could you use my software consulting serv
My net connection is kinda primitive out here in the Maine sticks.
I can pay $70 a month for static IP dedicated dialup, which I think is excessive, but at some point I might have to do that. But I imagine most people who might want to run personal servers wouldn't want to pay to have static IP's.
-- Could you use my software consulting serv
My brother works at fedex and they are turning into an all Windows shop.
This assertion is completely and utterly incorrect. It is so far from the truth that one might consider it a deliberate fabrication. Real core production FedEx systems revolve around serious IBM mainframe hardware. Nothing else really supports the necessary transaction volume. Many applications are front-ended by web interfaces running on lots and lots of Sun servers. And Sun boxes being phased out are being upgraded, not replaced. No one at FedEx seriously considers Windows for any core business application, server side. No way it could handle the volumes of data.
For example, one of our smallest non-core-business systems handles maintenance on our vehicles. We periodically look for an off-the-shelf system to buy. Vendors come in all bright and happy and tell us how wonderful their application is. It's easy to use and runs on nice commodity PC hardware under Windows. They tell us they have customers supporting fleets with several thousand vehicles with no problems. And they say it as if we should be impressed about someone operating fleets of 1, 2 or even 3 or 4 thousand trucks. We say, "Great! We have over 160,000 assets, over 60,000 of which are big rigs alone. We have more than 2,000 mechanics scattered over the globe performing 5,000-10,000 different repair actions on those assets every business day, year round, to keep them running. Those repairs generate 500-1000 potential vendor warranty claims per day which must be processed and filed as fast as they are created. And we must automate every possible part of the process chain that we can. Oh, and we need to retain all that data on-line for anywhere from 18 months to 5 years for various business and regulatory reasons. Can your system handle that?" And they look back with a deer-in-the-headlights look and promise to get back to us. And back we go to those old mainframes just chugging happily along, with nice spiffy web front-ends and feeding big honkin' data warehouses on Sun servers. And this is an example of one of the tiniest systems we have! Never mind about really important stuff like flight planning, scheduling or, heaven forbid, the Sort!
Oh, and we can't forget the millions of lines of custom COBOL that have been written and tailored to FedEx business processes. Code that would take some terrible amount of programmer-decades to re-engineer if we ever moved off mainframes.
Just because your delivery-truck driving brother uses a Windows PC at his station or strapped to his wrist does not at all mean that FedEx is in any way using Windows for anything other than client access. We use what makes sense, where it makes sense. For clients, at this point in history that's mostly Windows. For most everything else with really big requirements, Windows just doesn't make sense, whether for reliability, scalability or performance.
There are two excellent tools that I use pretty regularly to keep track of passwords on websites and other services.
Password Safe was origionally developed by Bruce Schneier of . It is open source now.
Gpasman is another alternative. I use it on my linux boxes.
I've found them invaluable for keeping track of passwords. Password Safe runs quite happily under wine, and has a tool built in to automatically generate excellent (i.e., almost unrememberable) passwords.
This is an ex-parrot!
what's wrong with Web Initial Signon (webiso nee` pubcookie)? it certainly works well in a University setting, and it might work well in other contexts.
Ceci n'est pas un post
I think the best solution is to store one's passwords under hard encryption, and keep the physical storage medium in a safe - a physical metal box with a combination lock - when not in use.
I'm not using it yet, but at some point I'd like to get a Palm or Handspring Visor just so I can use Keyring for PalmOS (formerly GNU Keyring).
An alternative would be to put compact flash readers on all my machines and use a compact flash card.
Finally, there is WiebeTech's FireWire KeyChain, which stores up to 1 GB of data in a tiny package convienent to hold your metal keys and keep in your pocket.
The advantage of the PalmOS keychain is that it requires no software or hardware support on the computers it is used with, and it can be quickly moved from computer to computer. The advantage of compact flash and WiebeTech's product is that software support can pop the password onto the clipboard for you for convenient pasting into your browser.
-- Could you use my software consulting serv
This isn't just about browsers, its about mobile phones, PDAs, servers, TVs, Set-top boxes, smart cards etc etc.
And its not just about Web content, its about authorisation systems as a whole.
A browser is just one very very small part of what Liberty could be used for. And while a browser remembers a password, it doesn't know who you are and cannot prove that you are that person.
An Eye for an Eye will make the whole world blind - Gandhi
SunONE Identity Server 6.0 is the Netscape/iPlanet/SunONE Directory Server (LDAP directory) renamed. It's becoming more than just a directory server, since it becomes an identity and policy management server.
Chris
Chris -- http://www.bitter.net/
Also, would you care to point out where the SISSL is incompatible with the GPL?
From the License List at GNU.org:
A popular free office suite is licensed under SISSL and Lesser GPL, similar to the way Mozilla is licensed (MPL/LGPL/GPL). Unlike the OpenOffice.org suite, this Liberty implementation doesn't seem to also be under a GNU license.
Will I retire or break 10K?
what's wrong with Web Initial Signon (webiso nee` pubcookie)?
When I first saw the name "WebISO", I got the impression "download ISOz [i.e. ISO 9660 CD-ROM images that probably infringe a copyright] over the Web". I bet more than one suit will pick up a software copyright infringement connotation from that name.
Will I retire or break 10K?
Uhm. yes.. a smart-card might do it or USB keychain. Assuming the computers you work with have a way of reading those things... In most cybercafe's your not allowed to attach a device to their systems. Nor has everyone a smartcard reader. Not everyone is tech savy..
There seems to be alot of misconceptions about Liberty. As I understand it, the framework allows you to "assert" your identity to a remote location by a trusted third party. Perhaps your trusted third party is your bank, or your University, or your ISP. You authenticate with them, then a packet of data asserting who you are is digitally signed by this trusted third party and sent to where ever. If the remote location trusts the third party to assert identities, then you are in.
This does not seem to be about having the same password on every site, or even having ANY password on a site. It is federated authentication (and possibly authorization, but I don't know how they would do that, possibly with SAML assertions).
Finkployd
Your phrasing reminded me of a passage from Pratchett:
I will now picture "the Sort" as a mind-bogglingly immense task every time I think of FedEx.
Dewey, what part of this looks like authorities should be involved?
Great idea, and just one more reason ISPs ought not prevent you from running your own server.
Bill's approach to reverse engineering is a little edgy:I'd have to say that this approach is illegal under the DMCA, if not previous copyright law.
--CTH
--Got Lists? | Top 95 Star Wars Line
For most everything else with really big requirements, Windows just doesn't make sense, whether for reliability, scalability or performance.
Sounds like someone's been fed some tall tales from the old grizzled Unix gurus. For the truth on transaction handling, check out the Transaction Processing Perfomance Council's figures. Oh my goodness, Microsoft's SQL Server rocks them all! How can that be? When you throw as much hardware at it as the mainframe guys do, it blows them all away, because its per-processor performance is higher than all the rest. Oracle has 6615 tpmC per processor, while SQL Server has 9644 tpmC per processor. Tell me again about Wintel's lousy transaction capabilities?