Sudo is a different beast then UAC to some degree. It lets the admin control what programs can get elevated (/etc/sudoers). Ubuntu doesn't tap into all the crap you can do with sudo. It just does what UAC does... pop up a dialog to confirm privilege escalation, then run said program under the requested privileges. Well, only kinda.
Windows (.NET anyway) lets the program specify what privileges it needs to run under and which privileges are merely a luxury..NET will run the program under only the privileges the application has asked for. I've yet to actually need this kind of stuff so I'm a bit fuzzy on the details, but it is my understanding the application has to request UAC, Vista doesn't just monitor the programs interaction and go "hey, this guy wants to write to a protected file, lets pop up a UAC and ask". Any program that doesn't request a UAC dialog and tries to write to a protected file will get a permission error.
What is my point? You are incorrect saying "not because I visited a website, or because I connected a photo frame to my PC. It also doesn't happen every time that I need those privileges". Vista will not pop up a UAC dialog in any of those cases (have you used it?). If it does, some software you have installed is trying to pull some seriously fucked up shit and obviously you should "cancel".
I doubt it. That poor lady would have gotten the even more evil looking UAC dialog that unsigned applications get.
PS: Folks. Get a damn certificate for your software. I train people to be scared and nervious of UAC dialogs and I think I'm not alone in this. Nothing says amateur more then running a setup program that wasn't signed. The evil looking unsigned UAC dialog will scare normal people (thanks to training) from installing your app. It is the same thing when you hit a page that uses a self-signed certificate in firefox. You will scare off a ton of your traffic.
PPS: And I understand this is expensive for open source apps. The best answer I have is make SSL certs issued by our governments, who would then (in theory) grant them to non-profit groups for free. If governments did SSL, everybody could have certificates. But that is offtopic:-)
By the time you get the CD they are already out of date. If you assume the end user has an internet connection, you can leave out all but drivers for the IO and the netcard. The rest, like video card drivers can either come off the driver CD that came with the video card (i.e. a non-internet user) or get downloaded off the magical inter-tele-tubes.
Seriously, I'm a nerd so this doesn't count... but isn't the first thing you do with a new piece of hardware is throw away the CD and download the current drivers off the net?
Repositories are cool, but they have their own set of issues. To name a single, rather major issue, who controls it? People are pissed about the iPhone and the AppStore, but isn't that a repository? Can a normal user install software on an iPhone that isn't downloaded via the repository? Dunno, dont own one. Same with the Xbox360 and XNA. Can you install random XBox apps that aren't through that XNA community repository? Dunno, I don't have an XBox.
Any operating system that wants to have a non-insignificant market share will have the ability to install software the way Windows or OSX does. It is either "install random executables" or "deal with increasingly draconian repositories".
Before you say "well, ideally the repository would be distributed like YUM is", explain how that isn't "visiting a random website", at least in the eyes of a non-nerd, non-technical user:-)
Or the program executable. Click "Properties". Click on the "Compatibility" tab. Check "disable desktop composition". Then the next time the game gets run, it will drop out of Aero for you so you can alt-tab to your hearts content.
BTW, isn't this were having a video card with more RAM on it would help? It would seem to me the answer is yes.
It is basically like how windows update seems to function in Vista. Windows update is run under some privilege level that lets you, the normal user, do updates that affect the entire system and almost never see a UAC dialog (and you typically do only when you cancel an update). Right?
I've always wondered how windows update was able to do the magic it does without a UAC dialog.
I'm not sure what you are getting at. There is nothing special about Vista that allows random software to be installed. XP would allow it as 99% of all home users were admin. Vista requires $RANDOM.EXE to request a privilege escalation.
And if you aren't the one making decisions about which software to install on Linux, who is? Last I checked, Ubuntu has a repository full of random software. Unless by "random software" you are being dismissive and condescending to software you deem un-pure somehow. But then we descend into semantics and language manipulation... something a few open source advocates seem awfully good at.
The UAC dialog looks a lot difference then any other dialog that pops up. Train them to be very nervous and apprehensive when they see a UAC dialog. Hopefully they'll start calling you when they pop up so you can talk them out of installing $GOOGLE_YAHOO_TWITTER_TOOLBAR_#23.
Really though, I've been fairly successfull in explaining what UAC is and why they should pay attention to when they pop up. Nobody wants spyware, but most people never see the connection between "I just ran $RANDOM.EXE and now my computer is slow". UAC is an easy sell if you frame it as a barrier between $RANDOM.EXE and spyware-city. In fact, given a willing listener, it isn't too hard to explain "on XP, a program could access any part of your system you want, on Vista, it can only access a couple things like your documents and desktop.. the only way it can access your system and install spyware is through a UAC dialog".
PS: And yeah, I know UAC isn't a foolproof barrier. If UAC is used correctly by a user, the only real way for a program to get root access is the old-fashioned way, privilege elevation exploits. But you don't need to tell them that detail, it isn't relevant to them and will just confuse them. Only nerds like us will appreciate that:-)
Are the pundits so brain dead that they don't know the difference between an OS and a UI? A taskbar is not an OS.
You want an analogy that isn't a car analogy? You've got your "the OS is just a wrapper around the BIOS. Applications should do whatever they want" folk. These are the tech equivalent of "government is the root of all problems, remove it from everything"... call them Regan republicans or perhaps Ron Paul style republicans.
On the other end of the spectrum, you've got the "your OS should do pretty much everything, applications aren't able to making proper decisions without OS intervention". Are these guys the far-left who want government to do everything? Are these guys the tech version of socialists? Dunno.
And if you want my opinion, the OS is more then a shim around the bios. Operating systems (like the government) had to evolve to meet the needs of a growing, more complex set of applications and requirements (ditto with our governments). Going back to a "pure" operating system that just wraps the Bios and presents a green console just wouldn't work, same with going back to a razor thin US federal government. The OS needs to enforce rules and needs to dictate what applications (citizens) can and cannot do or else the whole thing will fail.
On the other hand, if you let the operating system do too much, you will piss off your developers and worse, probably piss off various governments (think anti-trust). Let your government get too big, you'll piss off the citizens and worse, risk bankruptcy.
But most everybody using a computer is worried about spyware and viruses. UAC requires user education. You need to train your users (family, friends, etc) that when you see a UAC dialog, they better think. Tell them they should never see that dialog unless they are *installing* a program they bought (or downloaded). Train them to be nervous and worried about UAC dialogs... they should never see one unless they are installing software. It will encourage them to call you when one shows up.
UAC + user training = way better then XP. Your family can install crap easily, and they will call you before they do (so you can talk them out of installing yet another damn toolbar). Win win.
And those of you who are "well, I need to see the child-rapist who will jump out of the bushes and attack" need to consider something. If you are walking in a dark area like a cemetery or park at 3am and cross paths with another group, they dont know who you are either. For all they know, you are down there causing even more trouble then they are.
I personally just keep a hobo-wacking golf-club and a hobo-stabbing knife around for boogymen like cougars (and hobos). I also carry a small but bright LED flashlight that has a very narrow path of illumination.
I'm talking fuckers with broad-spectrum, 360-degree hurricane lamps and such. Those annoy everybody, not just snakes, cougars, forest-hobos or the occasional hobbit. Nothing wrong with pocket, unidirectional LEDS.
I recommend walking around in such areas at night while drunk. Either it was my imagination, or there really were little bits of the path I could see. I dont remember.
My point still stands. You dont need a fucking hurricane lamp to walk to the bathroom while camping. Oh, and if you have a bathroom and it has any kind of water-based flush, you aren't camping. True believers will (correctly) argue that even a pit-toilet invalidates the claim to camping.
So I guess this applies to psuedo-camping trips you go with when you hang out with your wussy "need a daily shower" friends. If you were really camping, you wouldn't have one of those bright monster lights anyways... they are too heavy to pack in.
My annoyance with any and all of you who are reading this and use any kind of bright hurricane light while camping. You ruin my night vision. You dont need your stupid light you fool. Grrrr.
Even on the darkest of nights, you dont need any light to find your way around in the dark. Give yourself a couple minutes to adjust and you will do fine. If you really need light, get a maglite and some blue gels for it. Using a blue gel will let you turn on the light for a second or two while you check for the boogie man, and when you turn it off you'll have most of your night vision back right away.
I thought about why I called it magic, and I think it is because this magic token thing is poorly named. What is "http://coryking.myopenid.com"? It isn't a fucking "URL", that is for god damned sure. For an end user, it is basically an opaque string (or at least should be treated as such). As I said, it sure as fuck is *not* URL. It doesn't have the same behaviour as it doesn't behave like one... it just has "http://" parked in front of it to lie to you.
If it wanted to be called a "URL", it should have fucking came up with a protocol name and gone with "openid:coryking.myopenid.com". Your URL for AIM isn't "http://haha_yeah_right.aim.aol.com", it is just "aim:haha_yeah_right".
So really it isn't a URL. URL's are stuff you can copy and paste into an FTP program (ftp://) or a web browser (http://) or a gopher client (gopher://). This token thing isn't one of those. It lies. You copy "http://coryking.myopenid.com" into your address bar and you get a web page, not an authentication method.
So what do you call this opaque, magic token URL thing? "OpenID"? That just begs the human mind to ask "OpenID what?". What? Is it an "OpenID account"? Not really. Is it an "OpenID Token"? Yeah, but that is technical mumbo-jumbo. "OpenID username"? Okay, maybe. How about "Magic Fucking URL". That works. That is how I'd probably explain it to somebody in person to... "you just copy and paste this magic fucking URL into this textbox and click 'login', then type in your username and password for your OpenID provider". Of course, there eyes would glaze over at that point and I'd get bored. Which is why OpenID is a miserable failure.
If they used an email address, the language used to describe the system would have been much cleaner. The tech would be too... you could use DNS to look up an OPENID record instead of an MX record. Reducnancy would be built in (you can have multiple, prioritized MX records... you could have had the same system for OpenID). But no, some paranoid purity troll wouldn't have that because email addresses are "private information" and "magic URL's", I guess, are not. Fucking purity trolls.
Why should I trust that somebody who wishes to use my website and uses OpenID to authenticate themselves?
If I'm a bank, is OpenID right for me? What if I'm a web-based email provider? What if I'm a site like youtube? What about MySpace? What about a health care company? What about accounts on Newegg or Amazon? What about bobs wordpress blog? What about Slashdot?
At what "level of worthlessness" does a website need to have before OpenID is an ideal way to authenitcate their users? I'd say a bank would be stupid to use OpenID since you cannot trust random OpenID providers. But everything else is a gray area with no real guidance. When are you deemed "too important for OpenID authentication"? Who is the judge?
And respectfully, "OpenID isn't authenticating, their providers are" is a cop-out play on semantics. As a website requiring user authentication, I'm trusting OpenID the protocol to authenticate my users. The fact that the authentication is a bunch of other random untrustable websites is secondary.
Second, if I did compromise your account at myopenid, I could use it to log into OpenID enabled websites you never visited in your life and say nasty things about your mother. You'd know it from within MyOpenID, but the damage would have been done.
The nice thing about OpenID is he wouldn't have a banking login. You could just use his OpenID account and create one for him. Once you have his OpenID account compromised, you dont have to worry if he has an account anywhere. YOu can just copy & paste the OpenID into the website, use his OpenID login/password, and create a new one for him.
The OpenID standard doesn't mandate any particular security measures for providers(that's outside the scope of what OpenID itself is for)
Which translates into "why the fuck should I trust OpenID to authenticate my users"? How can I, a website using OpenID, be sure that the OpenID provider hasn't been compromised?
If somebody is using OpenID and their OpenID account is comprimised, what is my legal liablity if the attacker "logs into" my website and fucks around with the user.
And by the way, what is the proper term for "user" in OpenID parlance? They really aren't "your" users, are they? Their account isn't with you anymore. It is with the OpenID provider. So what do you call somebody who logs into your website using OpenID? A visitor? A member?
First of all, please understand I'm going under the assumption I've compromised RMS's OpenID account. This means I can log in using his OpenID provider....
I couldn't use RMS's email address, as it would leave a digital papertrail. Even if I compromised his email, he'd notice the registration emails. I'd have to delete them quicker then he could pull them off the server (esp if POP3 is checking it).
If I made a real ass of myself, the site owner would probably figure out I wasn't actually RMS since I didn't use his email address.
OpenID however has that nifty magic URL business (and yes, it is actually magic, if it wasn't magic we'd all be using it already). His Magic URL is *HIM*, that is the whole point of OpenID. Your existence is tied to a single Magic URL.
Any site that lets me "sign up" using an OpenID URL is fair game. I can go to a site like StackOverflow and use his OpenID and ask silly questions about using Emacs in Vista. Since StackOverflow doesn't confirm my account via email, RMS would never know I was using his account on sites he has never visited himself.
See what I'm saying? Once I compromise an OpenID account, I can go anywhere and post as that account holder. Since most (all?) OpenID authenticated sites don't require email confirmation, odds are very good the holder of the OpenID account would never know I was using their account, doing nefarious things.
Of course, I imagine there are OpenID providers that show a history of sites that you've used your MagicURL to log into. That would probably curb what I'm talking about.
Lets say I've hacked your OpenID account. Now I can go visit sites like StackOverflow and post as you. Since they dont require email verification when you "sign-up", it doesn't matter if you had an existing account with them before I hacked you. I can go anywere that takes OpenID and "silently" impersonate you regardless of if you used the website before. No email verification means you'd probably never know it either. Well.. until you google "AvitarX" and find yourself posting horse porn on some OpenID site.
The Magic URL (which is magic, actually) *IS THE USERNAME AND PASSWORD*. That is the whole point of OpenID. A website leaves the username/password business to some other guy and just trusts the protocol to make sure the Magic-URL is legit.
If you've hacked RMS's OpenID account, you can just go to any OpenID site, even if he never visited it before, and start impersonating him. That is the "benefit" of OpenID! Most of the OpenID authenticated sites out there dont have a concept of "sign up", you just go to the site, plug in your Magic URL and start doing shit. There is no email confirmation step on those site, and if there was, it would kinda defeat the whole purpose of OpenID in the first place.
And if I'm wrong in my interpretation of this, please send me to a URL that actually explains how the damn thing works. Nobody gets it and if the OpenID guys can't explain it clearly, they probably dont get it either.
Slashdot Mirror
Sudo is a different beast then UAC to some degree. It lets the admin control what programs can get elevated (/etc/sudoers). Ubuntu doesn't tap into all the crap you can do with sudo. It just does what UAC does... pop up a dialog to confirm privilege escalation, then run said program under the requested privileges. Well, only kinda.
Windows (.NET anyway) lets the program specify what privileges it needs to run under and which privileges are merely a luxury. .NET will run the program under only the privileges the application has asked for. I've yet to actually need this kind of stuff so I'm a bit fuzzy on the details, but it is my understanding the application has to request UAC, Vista doesn't just monitor the programs interaction and go "hey, this guy wants to write to a protected file, lets pop up a UAC and ask". Any program that doesn't request a UAC dialog and tries to write to a protected file will get a permission error.
What is my point? You are incorrect saying "not because I visited a website, or because I connected a photo frame to my PC. It also doesn't happen every time that I need those privileges". Vista will not pop up a UAC dialog in any of those cases (have you used it?). If it does, some software you have installed is trying to pull some seriously fucked up shit and obviously you should "cancel".
I doubt it. That poor lady would have gotten the even more evil looking UAC dialog that unsigned applications get.
PS: Folks. Get a damn certificate for your software. I train people to be scared and nervious of UAC dialogs and I think I'm not alone in this. Nothing says amateur more then running a setup program that wasn't signed. The evil looking unsigned UAC dialog will scare normal people (thanks to training) from installing your app. It is the same thing when you hit a page that uses a self-signed certificate in firefox. You will scare off a ton of your traffic.
PPS: And I understand this is expensive for open source apps. The best answer I have is make SSL certs issued by our governments, who would then (in theory) grant them to non-profit groups for free. If governments did SSL, everybody could have certificates. But that is offtopic :-)
By the time you get the CD they are already out of date. If you assume the end user has an internet connection, you can leave out all but drivers for the IO and the netcard. The rest, like video card drivers can either come off the driver CD that came with the video card (i.e. a non-internet user) or get downloaded off the magical inter-tele-tubes.
Seriously, I'm a nerd so this doesn't count... but isn't the first thing you do with a new piece of hardware is throw away the CD and download the current drivers off the net?
Repositories are cool, but they have their own set of issues. To name a single, rather major issue, who controls it? People are pissed about the iPhone and the AppStore, but isn't that a repository? Can a normal user install software on an iPhone that isn't downloaded via the repository? Dunno, dont own one. Same with the Xbox360 and XNA. Can you install random XBox apps that aren't through that XNA community repository? Dunno, I don't have an XBox.
Any operating system that wants to have a non-insignificant market share will have the ability to install software the way Windows or OSX does. It is either "install random executables" or "deal with increasingly draconian repositories".
Before you say "well, ideally the repository would be distributed like YUM is", explain how that isn't "visiting a random website", at least in the eyes of a non-nerd, non-technical user :-)
Or the program executable. Click "Properties". Click on the "Compatibility" tab. Check "disable desktop composition". Then the next time the game gets run, it will drop out of Aero for you so you can alt-tab to your hearts content.
BTW, isn't this were having a video card with more RAM on it would help? It would seem to me the answer is yes.
It is basically like how windows update seems to function in Vista. Windows update is run under some privilege level that lets you, the normal user, do updates that affect the entire system and almost never see a UAC dialog (and you typically do only when you cancel an update). Right?
I've always wondered how windows update was able to do the magic it does without a UAC dialog.
And often times for political gain. See also: the use of the term GNU/Linux.
I'm not sure what you are getting at. There is nothing special about Vista that allows random software to be installed. XP would allow it as 99% of all home users were admin. Vista requires $RANDOM.EXE to request a privilege escalation.
And if you aren't the one making decisions about which software to install on Linux, who is? Last I checked, Ubuntu has a repository full of random software. Unless by "random software" you are being dismissive and condescending to software you deem un-pure somehow. But then we descend into semantics and language manipulation... something a few open source advocates seem awfully good at.
The UAC dialog looks a lot difference then any other dialog that pops up. Train them to be very nervous and apprehensive when they see a UAC dialog. Hopefully they'll start calling you when they pop up so you can talk them out of installing $GOOGLE_YAHOO_TWITTER_TOOLBAR_#23.
Really though, I've been fairly successfull in explaining what UAC is and why they should pay attention to when they pop up. Nobody wants spyware, but most people never see the connection between "I just ran $RANDOM.EXE and now my computer is slow". UAC is an easy sell if you frame it as a barrier between $RANDOM.EXE and spyware-city. In fact, given a willing listener, it isn't too hard to explain "on XP, a program could access any part of your system you want, on Vista, it can only access a couple things like your documents and desktop.. the only way it can access your system and install spyware is through a UAC dialog".
PS: And yeah, I know UAC isn't a foolproof barrier. If UAC is used correctly by a user, the only real way for a program to get root access is the old-fashioned way, privilege elevation exploits. But you don't need to tell them that detail, it isn't relevant to them and will just confuse them. Only nerds like us will appreciate that :-)
You want an analogy that isn't a car analogy? You've got your "the OS is just a wrapper around the BIOS. Applications should do whatever they want" folk. These are the tech equivalent of "government is the root of all problems, remove it from everything"... call them Regan republicans or perhaps Ron Paul style republicans.
On the other end of the spectrum, you've got the "your OS should do pretty much everything, applications aren't able to making proper decisions without OS intervention". Are these guys the far-left who want government to do everything? Are these guys the tech version of socialists? Dunno.
And if you want my opinion, the OS is more then a shim around the bios. Operating systems (like the government) had to evolve to meet the needs of a growing, more complex set of applications and requirements (ditto with our governments). Going back to a "pure" operating system that just wraps the Bios and presents a green console just wouldn't work, same with going back to a razor thin US federal government. The OS needs to enforce rules and needs to dictate what applications (citizens) can and cannot do or else the whole thing will fail.
On the other hand, if you let the operating system do too much, you will piss off your developers and worse, probably piss off various governments (think anti-trust). Let your government get too big, you'll piss off the citizens and worse, risk bankruptcy.
I'll let somebody else flesh this out.
But most everybody using a computer is worried about spyware and viruses. UAC requires user education. You need to train your users (family, friends, etc) that when you see a UAC dialog, they better think. Tell them they should never see that dialog unless they are *installing* a program they bought (or downloaded). Train them to be nervous and worried about UAC dialogs... they should never see one unless they are installing software. It will encourage them to call you when one shows up.
UAC + user training = way better then XP. Your family can install crap easily, and they will call you before they do (so you can talk them out of installing yet another damn toolbar). Win win.
And those of you who are "well, I need to see the child-rapist who will jump out of the bushes and attack" need to consider something. If you are walking in a dark area like a cemetery or park at 3am and cross paths with another group, they dont know who you are either. For all they know, you are down there causing even more trouble then they are.
I personally just keep a hobo-wacking golf-club and a hobo-stabbing knife around for boogymen like cougars (and hobos). I also carry a small but bright LED flashlight that has a very narrow path of illumination.
I'm talking fuckers with broad-spectrum, 360-degree hurricane lamps and such. Those annoy everybody, not just snakes, cougars, forest-hobos or the occasional hobbit. Nothing wrong with pocket, unidirectional LEDS.
I recommend walking around in such areas at night while drunk. Either it was my imagination, or there really were little bits of the path I could see. I dont remember.
My point still stands. You dont need a fucking hurricane lamp to walk to the bathroom while camping. Oh, and if you have a bathroom and it has any kind of water-based flush, you aren't camping. True believers will (correctly) argue that even a pit-toilet invalidates the claim to camping.
So I guess this applies to psuedo-camping trips you go with when you hang out with your wussy "need a daily shower" friends. If you were really camping, you wouldn't have one of those bright monster lights anyways... they are too heavy to pack in.
Just buy it, put a covenant on it, and sell it.
My annoyance with any and all of you who are reading this and use any kind of bright hurricane light while camping. You ruin my night vision. You dont need your stupid light you fool. Grrrr.
Even on the darkest of nights, you dont need any light to find your way around in the dark. Give yourself a couple minutes to adjust and you will do fine. If you really need light, get a maglite and some blue gels for it. Using a blue gel will let you turn on the light for a second or two while you check for the boogie man, and when you turn it off you'll have most of your night vision back right away.
sorry for the grammer and spelling errors. Chrome has a shitty spell checker and I'm tired from a long day of work.
I thought about why I called it magic, and I think it is because this magic token thing is poorly named. What is "http://coryking.myopenid.com"? It isn't a fucking "URL", that is for god damned sure. For an end user, it is basically an opaque string (or at least should be treated as such). As I said, it sure as fuck is *not* URL. It doesn't have the same behaviour as it doesn't behave like one... it just has "http://" parked in front of it to lie to you.
If it wanted to be called a "URL", it should have fucking came up with a protocol name and gone with "openid:coryking.myopenid.com". Your URL for AIM isn't "http://haha_yeah_right.aim.aol.com", it is just "aim:haha_yeah_right".
So really it isn't a URL. URL's are stuff you can copy and paste into an FTP program (ftp://) or a web browser (http://) or a gopher client (gopher://). This token thing isn't one of those. It lies. You copy "http://coryking.myopenid.com" into your address bar and you get a web page, not an authentication method.
So what do you call this opaque, magic token URL thing? "OpenID"? That just begs the human mind to ask "OpenID what?". What? Is it an "OpenID account"? Not really. Is it an "OpenID Token"? Yeah, but that is technical mumbo-jumbo. "OpenID username"? Okay, maybe. How about "Magic Fucking URL". That works. That is how I'd probably explain it to somebody in person to... "you just copy and paste this magic fucking URL into this textbox and click 'login', then type in your username and password for your OpenID provider". Of course, there eyes would glaze over at that point and I'd get bored. Which is why OpenID is a miserable failure.
If they used an email address, the language used to describe the system would have been much cleaner. The tech would be too... you could use DNS to look up an OPENID record instead of an MX record. Reducnancy would be built in (you can have multiple, prioritized MX records... you could have had the same system for OpenID). But no, some paranoid purity troll wouldn't have that because email addresses are "private information" and "magic URL's", I guess, are not. Fucking purity trolls.
Why should I trust that somebody who wishes to use my website and uses OpenID to authenticate themselves?
If I'm a bank, is OpenID right for me?
What if I'm a web-based email provider?
What if I'm a site like youtube?
What about MySpace?
What about a health care company?
What about accounts on Newegg or Amazon?
What about bobs wordpress blog?
What about Slashdot?
At what "level of worthlessness" does a website need to have before OpenID is an ideal way to authenitcate their users? I'd say a bank would be stupid to use OpenID since you cannot trust random OpenID providers. But everything else is a gray area with no real guidance. When are you deemed "too important for OpenID authentication"? Who is the judge?
And respectfully, "OpenID isn't authenticating, their providers are" is a cop-out play on semantics. As a website requiring user authentication, I'm trusting OpenID the protocol to authenticate my users. The fact that the authentication is a bunch of other random untrustable websites is secondary.
The URL is magic, mine is http://coryking.myopenid.com/, and you are a poopyhead.
Second, if I did compromise your account at myopenid, I could use it to log into OpenID enabled websites you never visited in your life and say nasty things about your mother. You'd know it from within MyOpenID, but the damage would have been done.
The nice thing about OpenID is he wouldn't have a banking login. You could just use his OpenID account and create one for him. Once you have his OpenID account compromised, you dont have to worry if he has an account anywhere. YOu can just copy & paste the OpenID into the website, use his OpenID login/password, and create a new one for him.
Which translates into "why the fuck should I trust OpenID to authenticate my users"? How can I, a website using OpenID, be sure that the OpenID provider hasn't been compromised?
If somebody is using OpenID and their OpenID account is comprimised, what is my legal liablity if the attacker "logs into" my website and fucks around with the user.
And by the way, what is the proper term for "user" in OpenID parlance? They really aren't "your" users, are they? Their account isn't with you anymore. It is with the OpenID provider. So what do you call somebody who logs into your website using OpenID? A visitor? A member?
First of all, please understand I'm going under the assumption I've compromised RMS's OpenID account. This means I can log in using his OpenID provider....
I couldn't use RMS's email address, as it would leave a digital papertrail. Even if I compromised his email, he'd notice the registration emails. I'd have to delete them quicker then he could pull them off the server (esp if POP3 is checking it).
If I made a real ass of myself, the site owner would probably figure out I wasn't actually RMS since I didn't use his email address.
OpenID however has that nifty magic URL business (and yes, it is actually magic, if it wasn't magic we'd all be using it already). His Magic URL is *HIM*, that is the whole point of OpenID. Your existence is tied to a single Magic URL.
Any site that lets me "sign up" using an OpenID URL is fair game. I can go to a site like StackOverflow and use his OpenID and ask silly questions about using Emacs in Vista. Since StackOverflow doesn't confirm my account via email, RMS would never know I was using his account on sites he has never visited himself.
See what I'm saying? Once I compromise an OpenID account, I can go anywhere and post as that account holder. Since most (all?) OpenID authenticated sites don't require email confirmation, odds are very good the holder of the OpenID account would never know I was using their account, doing nefarious things.
Of course, I imagine there are OpenID providers that show a history of sites that you've used your MagicURL to log into. That would probably curb what I'm talking about.
Lets say I've hacked your OpenID account. Now I can go visit sites like StackOverflow and post as you. Since they dont require email verification when you "sign-up", it doesn't matter if you had an existing account with them before I hacked you. I can go anywere that takes OpenID and "silently" impersonate you regardless of if you used the website before. No email verification means you'd probably never know it either. Well.. until you google "AvitarX" and find yourself posting horse porn on some OpenID site.
The Magic URL (which is magic, actually) *IS THE USERNAME AND PASSWORD*. That is the whole point of OpenID. A website leaves the username/password business to some other guy and just trusts the protocol to make sure the Magic-URL is legit.
If you've hacked RMS's OpenID account, you can just go to any OpenID site, even if he never visited it before, and start impersonating him. That is the "benefit" of OpenID! Most of the OpenID authenticated sites out there dont have a concept of "sign up", you just go to the site, plug in your Magic URL and start doing shit. There is no email confirmation step on those site, and if there was, it would kinda defeat the whole purpose of OpenID in the first place.
And if I'm wrong in my interpretation of this, please send me to a URL that actually explains how the damn thing works. Nobody gets it and if the OpenID guys can't explain it clearly, they probably dont get it either.