> One way to get people to comply better is simply to refer to it as a "passphrase" instead of a "password". > Maybe enforce "three word minimum" or something.
Already done here! Used to have: "MyPassword1". Now I got: "My passphrase One":-)
For everybody flippin' out, do remember, that the eastern block country revolutions and subsequent sweep into oblivion of their governments happened largely without any use of technology. Most people on the streets had no computer, no internet, no sms, no cell phones, no landlines etc.. All they had was themselves and the determination to no longer tolerate the bullshit. Does technology help? Well, it can help the protesters cause. Organizing themselves, getting info out etc.. BUT, I'd wager to say, with the given possibilities over surveillance electronic communication probably hurts people more than does them good, as it provides the government forces with absolutely detailed intelligence in real-time. So turning off all that stuff might actually benefit the protesters more and be a shot in their own foot for the government.
> "Libre" is used by others since it implies freedom (liberty, etc.) without really being a term from either "camp".
So why not LibertyOffice instead?
Or...since people usually call MS-Office simply 'Office', we could call ours 'THE Office' or somethin' just to mess with them. "Dude...you got Office?" "No man...better. I got THE Office!;-)"
> Checking facebook is neither an unreasonable search nor a seizure. It is publicly available information.
Is it really? If I have, say, 5 'friends' only and according friends-only privacy settings, does that constitute 'publicly available information' as in available-for-everyone? No, it doesn't. By the same argument one could say, the police can search my house, because I gave my neighbors the keys while I was on vacation...
Exactly. And the WOT, as cool as it is, is irrelevant here (though it could optionally be used server-side for additional authentication). All you need is the key-pair...any key-pair wih any name name attached. Was, btw., very nicely implemented with NYM-(email)-servers, where you can create a virtual persona simply based on your GPG-keys.
> Who cares about their password security on Gawker's sites and other like them. > I personally use the crappiest password I can remember for stuff like that.
Please read the story of the guy using his neighbor's wireless and sent e-mails in 'his' name to threaten various high-profile people, sent childporn etc.. While you might get cleared eventually, when somebody used YOUR oh so unimportant account for such purposes, good luck in the meantime until it gets to that point. And hopefully your boss is OK with you being in jail for the interim 3 months and will welcome you back with open arms, since he still trusts you to work for him after the USSS grilled him about you...
> some sites give the challenges in "multiple choice" format. What's your hometown? > (A) Peoria, (B) Detroit, (C) London, (D) The Fifth Inner Plane of Lord Zgothos' Realms.
> That's fine, until someone wants to log in from a > different computer where they don't have their > private key available..
Most people do not forget their house or car keys because they got used to needing them. The same could be done for cryptographic keys, if used widely. And that's the chicken/egg issue: it will only make sense to the average user, if all his sites (say 90+%) s/he uses can be opened with that key.
> if the user wants to be anonymous, and have > everything they post on their fetish sites be > tied to their same userID as they use for > everything else.
Well, you can make the key say anything you want. User/KeyID "Furry Donald" is perfectly valid and for authentication purposes it doesn't matter at all. All that matters is, that you got the other half on your USB-stick.
> anything that is even slightly more complicated > or involves something that they don't deal with > in every day life it's right out.
Well, I agree with you, that methods should be close to real life. And that's why passwords suck. But most people do know the concept of a key and if implemented correctly, I can see even average users being comfortable with sticking in a USB-stick, aka key to unlock their computer and remote account(s).
Why not upon registration upload one's public GPG key to somesite and then, when logging in, having the server send a challenge (i.e encrypted with the public key) to the browser/user, where you use your normal secret key and its passphrase to respond. Voila! One keyring to rule them all...
I remember seeing WordPerfect 7 (console version) running under Linux at a co-workers house. It was an SGI binary, IIRC. Should still be out there somewhere.
Slashdot Mirror
Anything like that (encrypted calls and text message apps) available for Maemo and Meego?
Out of interest: can apps for Android, which AFAIK is basically a custom-Linux distro, be used on Maemo/Meego?
Oh...I'll have to remember that! :-P
> One way to get people to comply better is simply to refer to it as a "passphrase" instead of a "password".
> Maybe enforce "three word minimum" or something.
Already done here! :-)
Used to have: "MyPassword1".
Now I got: "My passphrase One"
> Not a single cut was actual fat and none of it affected the rich or corporate America.
It's a simple case of:
"Don't bite the hand(s), that feed(s) you.
For everybody flippin' out, do remember, that the eastern block country revolutions and subsequent sweep into oblivion of their governments happened largely without any use of technology. Most people on the streets had no computer, no internet, no sms, no cell phones, no landlines etc.. All they had was themselves and the determination to no longer tolerate the bullshit.
Does technology help? Well, it can help the protesters cause. Organizing themselves, getting info out etc.. BUT, I'd wager to say, with the given possibilities over surveillance electronic communication probably hurts people more than does them good, as it provides the government forces with absolutely detailed intelligence in real-time. So turning off all that stuff might actually benefit the protesters more and be a shot in their own foot for the government.
> "Libre" is used by others since it implies freedom (liberty, etc.) without really being a term from either "camp".
So why not LibertyOffice instead?
Or...since people usually call MS-Office simply 'Office', we could call ours 'THE Office' or somethin' just to mess with them. ;-)"
"Dude...you got Office?" "No man...better. I got THE Office!
> All their designs are going to be littered with English
I can see it already:
"In case of emerlincy please to push great buffon with vigor for happiness immediately!"
> > Its already known that there is a US Gov backdoor in gmail.
> [citation needed]
Edit / Preferences / Advanced / Encryption / View Certificates / Authorities
You're welcome!
> Checking facebook is neither an unreasonable search nor a seizure. It is publicly available information.
Is it really? If I have, say, 5 'friends' only and according friends-only privacy settings, does that constitute 'publicly available information' as in available-for-everyone? No, it doesn't.
By the same argument one could say, the police can search my house, because I gave my neighbors the keys while I was on vacation...
> How do you say "I am Spartacus" in slashcode?
10 9B C7 1B CF UC RA SS US
Exactly. And the WOT, as cool as it is, is irrelevant here (though it could optionally be used server-side for additional authentication). All you need is the key-pair...any key-pair wih any name name attached.
Was, btw., very nicely implemented with NYM-(email)-servers, where you can create a virtual persona simply based on your GPG-keys.
> Who cares about their password security on Gawker's sites and other like them.
> I personally use the crappiest password I can remember for stuff like that.
Please read the story of the guy using his neighbor's wireless and sent e-mails in 'his' name to threaten various high-profile people, sent childporn etc.. While you might get cleared eventually, when somebody used YOUR oh so unimportant account for such purposes, good luck in the meantime until it gets to that point. And hopefully your boss is OK with you being in jail for the interim 3 months and will welcome you back with open arms, since he still trusts you to work for him after the USSS grilled him about you...
> some sites give the challenges in "multiple choice" format. What's your hometown?
> (A) Peoria, (B) Detroit, (C) London, (D) The Fifth Inner Plane of Lord Zgothos' Realms.
That's why I always pick: (E) None of the above.
Ha!
> That is true, but the current spec for client
> keys uses a CA that wants people's real names and
> other info.
I am not talking your NSA-CA-signed certificate, but GPG keys. You can create your own and it would do nicely for authentication.
> That's fine, until someone wants to log in from a
> different computer where they don't have their
> private key available..
Most people do not forget their house or car keys because they got used to needing them. The same could be done for cryptographic keys, if used widely. And that's the chicken/egg issue: it will only make sense to the average user, if all his sites (say 90+%) s/he uses can be opened with that key.
> if the user wants to be anonymous, and have
> everything they post on their fetish sites be
> tied to their same userID as they use for
> everything else.
Well, you can make the key say anything you want. User/KeyID "Furry Donald" is perfectly valid and for authentication purposes it doesn't matter at all. All that matters is, that you got the other half on your USB-stick.
> anything that is even slightly more complicated
> or involves something that they don't deal with
> in every day life it's right out.
Well, I agree with you, that methods should be close to real life. And that's why passwords suck. But most people do know the concept of a key and if implemented correctly, I can see even average users being comfortable with sticking in a USB-stick, aka key to unlock their computer and remote account(s).
Would free the server-side from having to store any passwords etc. and render brute-force-attacks (except RSA :-D) a thing of the past...
Why not upon registration upload one's public GPG key to somesite and then, when logging in, having the server send a challenge (i.e encrypted with the public key) to the browser/user, where you use your normal secret key and its passphrase to respond. Voila! One keyring to rule them all...
I can't wait for CAsheep....
SSL = Great
SSL + some 600 MITM-Orgs your browser "trusts" = Bullshit
Use HTTPS Everywhere anyway. Great plugin. But forget your much-touted "sense-of-security" because it can't exist in light of the above.
> Be sure to start this a few months before you leave. /dev/urandom is INCREDIBLY slow, second only to /dev/random
Sorry bro. Yes it's slow. Yes, on big drives /dev/urandom takes a few days. But not a few months...
> LibreOffice is just a name placeholder while the people involved get the leadership and politics sorted out. Just think of it as a project codename.
They should have a naming contest online and have *users* come up with and subsequently vote for the names, that work for them.
> They have an MS-Office for linux now?
Yeah. Emacs!
I remember seeing WordPerfect 7 (console version) running under Linux at a co-workers house. It was an SGI binary, IIRC. Should still be out there somewhere.