There's no way the financial institution would actually offer a loan that they know could not be repaid if the institution had to take the hit when the borrower walked away from the deal.
That's called predatory lending. It should be illegal. But the truth is, the company still stands to benefit. They get the house, plus all of the payments thusfar. They can now sell the house to someone else. If that person can't afford it, they default, and the company gets to repeat the process.
The big problem (for the company) comes when they sell off the loan, claiming that it's more secure than it is, and then due to the bubble finally bursting, no one wants to buy the house anymore.
And you're right--we shouldn't bail them out when this happens--except that our economy doesn't really like it when multi-billion dollar companies fail. Printing more money makes it less of a shock, though we end up in the same end position (if not worse.)
In my mind, it has less to do with protecting those of us who want to buy a home. All bubbles eventually burst. You may have to wait around for a while, but eventually, the prices will come back down.
More important, in my opinion, is protecting the economy. Having hundreds of thousands of people in so much debt that they can barely eat is going to put a strain on the economy. In this case, it's entwined with a dwindling dollar and bad investments on the parts of the lenders, making the problem significantly worse. But even the base situation would make for tighter times for all, and all because lending was allowed to spiral out of control.
If people, in general, were sensible, I'd be vehemently opposed to the government stepping in and putting restrictions on lenders. But the sad truth is that they are not sensible. And when mortgage brokers are allowed to negotiate loans which they know will be defaulted, and then turn around and use those loans for triple-A securities, there's a serious problem.
Anonymity can be used to prevent otherwise unlawful repercussions. It doesn't much matter that Congress makes no law if the moment you blow the whistle on the local police department, you get indefinitely harassed with bogus, trumped up charges.
Anonymity can be an important part of free speech. The line between it being necessary and harassment is very fine, indeed. Usually, it depends upon who the speaker is talking about.
In order to claim slander, there are two prerequisites: first, the allegations must be false, second, someone must believe the allegations to be true. Unless they can prove there is someone somewhere stupid enough to believe in anonymous posts they read on the internet, there are no consequences to that trolling.
That's oversimplifying to a huge degree.
First of all, there are slightly different laws in different states. I'm not sure what the laws in this case are. If they are as you say, then fine, ignore the rest of this post.
A defamation claim can be made for just about any reason. If someone says something negative about you, you can take them to court for it. You've laid out the common defenses to a defamation claim--if it's the truth, in the US, you'll probably lose the case. If it's not true, generally, you have to prove that there was malicious intent. Believability is only one aspect of malicious intent. A statement could be slanderous without being believable ("Jane Doe kills puppies for Satan!"). Of course, if you are a celebrity, you have a higher burden of proof. Now, the alleged slanderer must have knowingly lied. If the guy heard from another guy that I (a celebrity) fucked a goat, and they publish it, I probably won't win the suit.
One of the most common defenses against such suits is that the person was stating an opinion. That's a whole separate can of worms. It's all really quite complicated.
In this case, it sounds like the trolls were making statements with the intent to defame competition, so that the trolls would get opportunities that these Jane Does would otherwise have received. I have no doubt that the Janes will win, unless the trolls made it quite clear that they were expressing opinion, and weren't attempting to state facts about the Janes.
The dressmaker agreed to sell the dress for $100/mo for the first year, and then an undetermined amount for the next five years. At this point, any reasonable person would say, "Screw you!" "Oh no!" the dressmaker replies, "The market for dresses is through the roof! In a year, you'll be able to sell this for way more than you paid and upgrade to a new, better dress!"
SPF breaks a lot of things. I'm a mail server admin who refuses to publish SPF records because it breaks forwarding (and not using MUA forwarding--though the ambiguity makes it easy to get confused.)
If SPF were an equivalent or better solution, I'd publish the records in an instant. As it is, it's a trade off, and honestly, the benefits don't outweigh the negatives, in my opinion. When most of the world disagrees and implements SPF, I'll probably have to follow suit. Until then, I'm happy not to clutter up my DNS records for something that's just not all that useful.
Got it in one. The Internet is now just big business. Business doesn't change unless there's a damned good need. Until we need IPv6, it's just not going to get much actual deployment.
Microsoft really took a leap towards fixing the chicken-egg problem of endpoints-backbone, though. For now, you can use IPv6 through tunneling. Once it starts making its way to the ISPs, the transition will be mostly seamless. Of course, you could do tunneling before Vista came out, but let's face it, Vista (and the next major OS Microsoft releases) are what will get most people on IPv6, just like it's what got most people on the Internet, and before that, got most people using PCs.
For better or worse, I think that we're stuck with what we've got. We'd really be better off improving the Internet we have (DNSSEC, end-to-end encryption on all protocols by default, PKI for the masses) than redesigning it from the ground up.
Does TrueCrypt enforce a chain of trust down to the hardware?
I believe it does. You can load any OS you want or put the disk in another machine and still not be able to decrypt the "hidden" partition, even if you know of its existence.
You misunderstood the question. TPM and full disk encryption, used in this way, ensures that every piece of software from the bootloader on up is either considered trusted or not. It starts this chain of trust in the hardware, which is considered much harder to trojan than software (like the bootloader or OS.)
Put another way, TPM conceivably protects you from software keyloggers by verifying the signature of the bootloader, the OS loader, and the OS itself before allowing you to decrypt your data. If anything in the chain has been modified, it won't release the keys, thus protecting your data. Unless Truecrypt interfaces with TPM, merely knowing the key is enough to decrypt the data, regardless of the computer that you put the disk in. Truecrypt adds a layer of deniability, but that's not the same thing.
Not at all true. Security isn't binary. Bitlocker alone will stop 99% of attackers who try to get at your data through physical access. The rest probably won't bother with a trojan bootloader--they'll either use rubber hose cryptanalysis or a hardware keylogger, depending upon how stealthy they want to be.
I don't see a problem with Bitlocker using TPM in this way at all. But it should allow me to disable the bootloader check if I so choose.
If MS truly GPL'd their software, they would gain unstoppable momentum. Developers, developers, developers!
But at what cost? Sure, they'd probably end up with the best OS in the world, but they'd have to give it away! Microsoft makes huge amounts of money on OEM and corporate distribution without ever having to provide support. Selling support happens to be the only long-term, viable strategy for GPL software, and even then, you can't have a monopoly on it. I could sell support for Redhat OS if I wanted to.
Dell sells millions of computers per year. Even at a Microsoft tax of $10/unit, a lowball estimate of the microsoft tax, they would save millions per year by just hiring a small team at $50k/year to do quality assurance, cutting out Microsoft.
I can agree with just about everything but the below:
Still, running from the law to get away with vigilanteism is substantially different than spinning the press to get away with war crimes. Batman needs to break the law to save it, then he runs from the cops so he can save more lives. Bush breaks the law ostensibly to save the country, and then lies about it to save face.
The truth is, one man's vigilante is another man's crusader. It's not hard to justify stopping atrocities. The hard part is getting everyone to agree to the definition of that word. You'll find people praising Bush for liberating Iraq--not because the media is spinning things, but because he toppled a dictator who actually was doing bad stuff. You'll also see people blasting him because he didn't follow UN guidelines. Honestly, it sounds a lot like what Batman does.
I don't think that the movie was praising Bush, I just thought that your counterexamples weren't as accurate as they could have been.
While we're on that subject though, Batman breaks the law to save Gotham, which was actually threatened. Bush broke the law not to save the union: it was never in danger. Al Qaeda never posed a significant threat, their actions were thoroughly counterproductive even absent a heavy-handed military response.
Well, that was the spin. It'd probably have been harder to justify going into Iraq to depose a dictator that we put there in the first place. Does that mean that it didn't need to be done? I don't know.
There's also some really interesting psychological games going on. I saw a story somewhere on Bush admitting that opening up the off-shore reserves wasn't going to do anything to the price of oil, except inasmuch as people are going to expect the price of oil to drop, so speculators will stop driving up the price. The war on terrorism is pretty much the same thing. It helps to make people feel like we're doing something about a problem that we have no control over. It lets them live their normal lives--something which is essential to keep the world functioning.
Did it work? Was it necessary? Honestly, I don't know. We can't know what would have happened if things went differently. But given the oil story, we know that the government does things with no actual value for the sake of the psychological value, and that means that we have to start thinking of all new questions.
1. Harvey Dent attempts to torture a captured underling to get information out of him, Batman stops this, pointing out he's not going to get anything useful out of him. It was russian roulette torture, not waterboarding, but the connections should be obvious
He won't get anything useful out of him because the guy is mentally ill, not because torture is ineffective. Batman uses torture. Remember the bit where he's "counting on" the fall not killing Sal?
3. While Batman does operate outside the law to get things done, he doesn't make that excuse to duck punishment. At the end, he actually takes on blame that shouldn't be his.
No, Batman becomes the scapegoat. He does things that need doing, whether or not they are in the law. Gotham needs for Harvey to be remembered fondly? Batman takes the fall. Gotham needs the Joker to be put down? Batman engages in wide-scale, highly illegal wiretapping.
He may have taken blame that didn't belong to him, but he still hasn't turned himself in. Why not? Probably because he justifies his actions by saying, "Gotham needs someone to do the dirty work." If he was actually tough on crime, he'd turn himself in, just like the Joker wanted.
5. Batman refuses to kill villians and instead turns them over to the justice system. Bush attempts to kill terrorist sympathizers, and refuses to give terror suspects due process.
Oh, now you're going to claim that Arkham isn't basically Gitmo? (Ok, that was meant to be tongue-in-cheek.)
The person to whom Spy der Mann replied did, in fact, use the word patent. Is this another example of screwy threading on Slashdot?
On my screen, the tree looks like this:
#24326151 by sampson7
| #24326220 by fireslack (uses the word 'patent')
| #24326279 by Spy der Man (accuses use of the word)
| #24326307 by sampson7 (denying use of the word)
That's an ok solution. The main issues I see are that you lose some amount of portability. You have to have md5sum and head wherever you want to log in. You may have to ssh somewhere to do it this way. And if there's a keylogger on the machine, the game is still over. Changing your master password and then changing all of the rest of your passwords will still be quite the pain.
I'd rank this solution above using the same password for everything, but below using single-sign on via OpenID.
It would depend upon your provider, I guess, but when you're effectively proxying access, this is always the case.
If you maintain/register your own URL (note: not necessarily your own OpenID provider) then you can change to a new provider yourself.
Say I have the domain sancho17056.com. I can choose to make that my OpenID by adding a few lines of markup to the <HEAD> portion of that page. Those lines specify which OpenID provider should be used to authenticate my URL. Now, if I delegate to myspace.com (thus using their OpenID services) and my account gets hacked over there, I can simply register with another provider and point my URL over there. Instantly, every place where I use my OpenID as my login will begin authenticating with the new service. I'm in control, you see.
Of course, as I pointed out at the beginning, if you give someone else control over that URL, you have to convince them to delegate to a new provider. I can't speculate on what would be required to do this. And if your OpenID is hosted at the same site as your URL, you may have an even harder time convincing them to change things.
With OpenID, you have a provider and multiple consumers. If any of the consumers get hacked, your account on the other consumers will not, by association, be hacked.
I fully understand that.
Perhaps, but you left out my note about context. The original poster was clearly talking about any given OpenID consumer getting hacked. The person who replied was imprecise in telling him that that wasn't true, and your reply showed either an inability to read contextually or a desire to be overly pedantic. Out of sheer curiosity, would you mind telling me which one it is?
Fishing and XSS are probably the two biggest potential problems with OpenID. The latter may be addressed in the spec (I'll admit that I've only skimmed it) or in specific implementations. The former is going to be a problem for the foreseeable future, anyway. The new issue will be people who don't realize that not being careful with their Facebook account (and being fished) could cause their financial information to be compromised.
Of course, security-sensitive people will just set up specific logins for their sensitive servers. You're still cutting down on the total number of login/password combinations. Banks can force the issue by choosing not to support OpenID, or letting OpenID be one of the many factors in a multi-factor system.
So become an OpenID provider. Maybe you only server out your own ID--no big deal. Now you're not trusting some random site you're trusting your own site, and you can use whatever authentication scheme you want.
I suspect that you're just being an ass and intentionally missing the point.
With OpenID, you have a provider and multiple consumers. If any of the consumers get hacked, your account on the other consumers will not, by association, be hacked. If your provider is hacked, all of the consumers will be compromised until you can switch your provider. So the original poster's assertion:
There are some websites/services I just plain old don't trust with some or all elements of my real information. And if only ONE of those websites is compromised, my login is now compromised across the board
is either disingenuous or the result of a misunderstanding. If you don't trust a website, don't make them your provider. But they can safely consume your OpenID without fear of impersonation on other sites. The poster obviously thought that the password would be shared amongst the sites. Either that, or s/he set up a strawman.
It's just a little different from that. Let's look at a couple of scenarios.
Scenario 1: You have accounts all over the place. You use different passwords for each of them. You have multi-factor authentication for several of them. This is pretty secure, but of course, you have to remember your passwords. You may have to carry around several dongles. If a site is hacked and the password on it is recoverable, only that site is hacked. This scenario, however, is unrealistic for the masses.
Scenario 2: You have accounts all over the place. They all have the same password. You probably don't have multi-factor authentication on any of them, but who knows--maybe your WoW account really is that important to you. This is horrible security. If a site is hacked, the attacker now has access to your entire web presence. You'll be forced to change your password in dozens of places, and you're almost certain to forget a few.
Scenario 3: You have a single sign-on provider (like OpenID). You have accounts all over the place, but only a single password, stored on a single server. If that server is hacked, the attacker has access to all of your accounts for the time period that it takes you to realize the issue and change your authenticator to a new host. You don't have to remember a password for each site you visit. The individual sites never have access to your password. You may use multi-factor authentication on your OpenID site to reduce the liklihood that a hack will give carte blanche access to all of your accounts, and you don't have to carry around a dozen dongles to provide "something you have."
Do you see how Scenario 3 is a compromise between the two? Do you realize that Scenario 2 is how most people use the web? Scenario 3 is better security than what most people use, while maintaining the convenience. If you don't like the idea of using OpenID, you aren't forced to. You can create a new OpenID for every website you wish to use. OpenID allows for better security in a realistic world (where people reuse passwords) when, currently, the only other option is password-management Hell.
I may have used the wrong term, or there may be a better one. Essentially, I mean that they don't use foreign keys. If you understand databases, then you probably know what I'm trying to get at with this.
They're not removing features, they're moving features into modules. Don't use views in your app? That code doesn't get loaded. Honestly, once a program reaches a certain size, this is a necessary step.
Most people could make an argument that any feature is important/easy enough to keep in the core. The truth, though, is that most people use MySQL as a data store. They don't care about data correctness, about views, about advanced features. They just want to be able to store data and look it up again.
Of course, this is partially because the books on database programming don't stress these features, and such programming has become available to the masses who don't know any better. Real programmers understand the issues and use these features, but then, real programmers probably also understand that modularization can be very useful.
Slashdot Mirror
There's no way the financial institution would actually offer a loan that they know could not be repaid if the institution had to take the hit when the borrower walked away from the deal.
That's called predatory lending. It should be illegal. But the truth is, the company still stands to benefit. They get the house, plus all of the payments thusfar. They can now sell the house to someone else. If that person can't afford it, they default, and the company gets to repeat the process.
The big problem (for the company) comes when they sell off the loan, claiming that it's more secure than it is, and then due to the bubble finally bursting, no one wants to buy the house anymore.
And you're right--we shouldn't bail them out when this happens--except that our economy doesn't really like it when multi-billion dollar companies fail. Printing more money makes it less of a shock, though we end up in the same end position (if not worse.)
In my mind, it has less to do with protecting those of us who want to buy a home. All bubbles eventually burst. You may have to wait around for a while, but eventually, the prices will come back down.
More important, in my opinion, is protecting the economy. Having hundreds of thousands of people in so much debt that they can barely eat is going to put a strain on the economy. In this case, it's entwined with a dwindling dollar and bad investments on the parts of the lenders, making the problem significantly worse. But even the base situation would make for tighter times for all, and all because lending was allowed to spiral out of control.
If people, in general, were sensible, I'd be vehemently opposed to the government stepping in and putting restrictions on lenders. But the sad truth is that they are not sensible. And when mortgage brokers are allowed to negotiate loans which they know will be defaulted, and then turn around and use those loans for triple-A securities, there's a serious problem.
Anonymity can be used to prevent otherwise unlawful repercussions. It doesn't much matter that Congress makes no law if the moment you blow the whistle on the local police department, you get indefinitely harassed with bogus, trumped up charges.
Anonymity can be an important part of free speech. The line between it being necessary and harassment is very fine, indeed. Usually, it depends upon who the speaker is talking about.
In order to claim slander, there are two prerequisites: first, the allegations must be false, second, someone must believe the allegations to be true. Unless they can prove there is someone somewhere stupid enough to believe in anonymous posts they read on the internet, there are no consequences to that trolling.
That's oversimplifying to a huge degree.
First of all, there are slightly different laws in different states. I'm not sure what the laws in this case are. If they are as you say, then fine, ignore the rest of this post.
A defamation claim can be made for just about any reason. If someone says something negative about you, you can take them to court for it. You've laid out the common defenses to a defamation claim--if it's the truth, in the US, you'll probably lose the case. If it's not true, generally, you have to prove that there was malicious intent. Believability is only one aspect of malicious intent. A statement could be slanderous without being believable ("Jane Doe kills puppies for Satan!"). Of course, if you are a celebrity, you have a higher burden of proof. Now, the alleged slanderer must have knowingly lied. If the guy heard from another guy that I (a celebrity) fucked a goat, and they publish it, I probably won't win the suit.
One of the most common defenses against such suits is that the person was stating an opinion. That's a whole separate can of worms. It's all really quite complicated.
In this case, it sounds like the trolls were making statements with the intent to defame competition, so that the trolls would get opportunities that these Jane Does would otherwise have received. I have no doubt that the Janes will win, unless the trolls made it quite clear that they were expressing opinion, and weren't attempting to state facts about the Janes.
Closer, but not quite.
The dressmaker agreed to sell the dress for $100/mo for the first year, and then an undetermined amount for the next five years. At this point, any reasonable person would say, "Screw you!" "Oh no!" the dressmaker replies, "The market for dresses is through the roof! In a year, you'll be able to sell this for way more than you paid and upgrade to a new, better dress!"
SPF breaks a lot of things. I'm a mail server admin who refuses to publish SPF records because it breaks forwarding (and not using MUA forwarding--though the ambiguity makes it easy to get confused.)
If SPF were an equivalent or better solution, I'd publish the records in an instant. As it is, it's a trade off, and honestly, the benefits don't outweigh the negatives, in my opinion. When most of the world disagrees and implements SPF, I'll probably have to follow suit. Until then, I'm happy not to clutter up my DNS records for something that's just not all that useful.
Got it in one. The Internet is now just big business. Business doesn't change unless there's a damned good need. Until we need IPv6, it's just not going to get much actual deployment.
Microsoft really took a leap towards fixing the chicken-egg problem of endpoints-backbone, though. For now, you can use IPv6 through tunneling. Once it starts making its way to the ISPs, the transition will be mostly seamless. Of course, you could do tunneling before Vista came out, but let's face it, Vista (and the next major OS Microsoft releases) are what will get most people on IPv6, just like it's what got most people on the Internet, and before that, got most people using PCs.
You left off, "deployed almost nowhere."
For better or worse, I think that we're stuck with what we've got. We'd really be better off improving the Internet we have (DNSSEC, end-to-end encryption on all protocols by default, PKI for the masses) than redesigning it from the ground up.
Does TrueCrypt enforce a chain of trust down to the hardware?
I believe it does. You can load any OS you want or put the disk in another machine and still not be able to decrypt the "hidden" partition, even if you know of its existence.
You misunderstood the question. TPM and full disk encryption, used in this way, ensures that every piece of software from the bootloader on up is either considered trusted or not. It starts this chain of trust in the hardware, which is considered much harder to trojan than software (like the bootloader or OS.)
Put another way, TPM conceivably protects you from software keyloggers by verifying the signature of the bootloader, the OS loader, and the OS itself before allowing you to decrypt your data. If anything in the chain has been modified, it won't release the keys, thus protecting your data. Unless Truecrypt interfaces with TPM, merely knowing the key is enough to decrypt the data, regardless of the computer that you put the disk in. Truecrypt adds a layer of deniability, but that's not the same thing.
Not at all true. Security isn't binary. Bitlocker alone will stop 99% of attackers who try to get at your data through physical access. The rest probably won't bother with a trojan bootloader--they'll either use rubber hose cryptanalysis or a hardware keylogger, depending upon how stealthy they want to be.
I don't see a problem with Bitlocker using TPM in this way at all. But it should allow me to disable the bootloader check if I so choose.
If MS truly GPL'd their software, they would gain unstoppable momentum. Developers, developers, developers!
But at what cost? Sure, they'd probably end up with the best OS in the world, but they'd have to give it away! Microsoft makes huge amounts of money on OEM and corporate distribution without ever having to provide support. Selling support happens to be the only long-term, viable strategy for GPL software, and even then, you can't have a monopoly on it. I could sell support for Redhat OS if I wanted to.
Dell sells millions of computers per year. Even at a Microsoft tax of $10/unit, a lowball estimate of the microsoft tax, they would save millions per year by just hiring a small team at $50k/year to do quality assurance, cutting out Microsoft.
I can agree with just about everything but the below:
Still, running from the law to get away with vigilanteism is substantially different than spinning the press to get away with war crimes. Batman needs to break the law to save it, then he runs from the cops so he can save more lives. Bush breaks the law ostensibly to save the country, and then lies about it to save face.
The truth is, one man's vigilante is another man's crusader. It's not hard to justify stopping atrocities. The hard part is getting everyone to agree to the definition of that word. You'll find people praising Bush for liberating Iraq--not because the media is spinning things, but because he toppled a dictator who actually was doing bad stuff. You'll also see people blasting him because he didn't follow UN guidelines. Honestly, it sounds a lot like what Batman does.
I don't think that the movie was praising Bush, I just thought that your counterexamples weren't as accurate as they could have been.
While we're on that subject though, Batman breaks the law to save Gotham, which was actually threatened. Bush broke the law not to save the union: it was never in danger. Al Qaeda never posed a significant threat, their actions were thoroughly counterproductive even absent a heavy-handed military response.
Well, that was the spin. It'd probably have been harder to justify going into Iraq to depose a dictator that we put there in the first place. Does that mean that it didn't need to be done? I don't know.
There's also some really interesting psychological games going on. I saw a story somewhere on Bush admitting that opening up the off-shore reserves wasn't going to do anything to the price of oil, except inasmuch as people are going to expect the price of oil to drop, so speculators will stop driving up the price. The war on terrorism is pretty much the same thing. It helps to make people feel like we're doing something about a problem that we have no control over. It lets them live their normal lives--something which is essential to keep the world functioning.
Did it work? Was it necessary? Honestly, I don't know. We can't know what would have happened if things went differently. But given the oil story, we know that the government does things with no actual value for the sake of the psychological value, and that means that we have to start thinking of all new questions.
1. Harvey Dent attempts to torture a captured underling to get information out of him, Batman stops this, pointing out he's not going to get anything useful out of him. It was russian roulette torture, not waterboarding, but the connections should be obvious
He won't get anything useful out of him because the guy is mentally ill, not because torture is ineffective. Batman uses torture. Remember the bit where he's "counting on" the fall not killing Sal?
3. While Batman does operate outside the law to get things done, he doesn't make that excuse to duck punishment. At the end, he actually takes on blame that shouldn't be his.
No, Batman becomes the scapegoat. He does things that need doing, whether or not they are in the law. Gotham needs for Harvey to be remembered fondly? Batman takes the fall. Gotham needs the Joker to be put down? Batman engages in wide-scale, highly illegal wiretapping.
He may have taken blame that didn't belong to him, but he still hasn't turned himself in. Why not? Probably because he justifies his actions by saying, "Gotham needs someone to do the dirty work." If he was actually tough on crime, he'd turn himself in, just like the Joker wanted.
5. Batman refuses to kill villians and instead turns them over to the justice system. Bush attempts to kill terrorist sympathizers, and refuses to give terror suspects due process.
Oh, now you're going to claim that Arkham isn't basically Gitmo? (Ok, that was meant to be tongue-in-cheek.)
The person to whom Spy der Mann replied did, in fact, use the word patent. Is this another example of screwy threading on Slashdot?
On my screen, the tree looks like this:
#24326151 by sampson7
|
#24326220 by fireslack (uses the word 'patent')
|
#24326279 by Spy der Man (accuses use of the word)
|
#24326307 by sampson7 (denying use of the word)
Odd behavior.
That's an ok solution. The main issues I see are that you lose some amount of portability. You have to have md5sum and head wherever you want to log in. You may have to ssh somewhere to do it this way. And if there's a keylogger on the machine, the game is still over. Changing your master password and then changing all of the rest of your passwords will still be quite the pain.
I'd rank this solution above using the same password for everything, but below using single-sign on via OpenID.
It would depend upon your provider, I guess, but when you're effectively proxying access, this is always the case.
If you maintain/register your own URL (note: not necessarily your own OpenID provider) then you can change to a new provider yourself.
Say I have the domain sancho17056.com. I can choose to make that my OpenID by adding a few lines of markup to the <HEAD> portion of that page. Those lines specify which OpenID provider should be used to authenticate my URL. Now, if I delegate to myspace.com (thus using their OpenID services) and my account gets hacked over there, I can simply register with another provider and point my URL over there. Instantly, every place where I use my OpenID as my login will begin authenticating with the new service. I'm in control, you see.
Of course, as I pointed out at the beginning, if you give someone else control over that URL, you have to convince them to delegate to a new provider. I can't speculate on what would be required to do this. And if your OpenID is hosted at the same site as your URL, you may have an even harder time convincing them to change things.
I fully understand that.
Perhaps, but you left out my note about context. The original poster was clearly talking about any given OpenID consumer getting hacked. The person who replied was imprecise in telling him that that wasn't true, and your reply showed either an inability to read contextually or a desire to be overly pedantic. Out of sheer curiosity, would you mind telling me which one it is?
Valid points.
Fishing and XSS are probably the two biggest potential problems with OpenID. The latter may be addressed in the spec (I'll admit that I've only skimmed it) or in specific implementations. The former is going to be a problem for the foreseeable future, anyway. The new issue will be people who don't realize that not being careful with their Facebook account (and being fished) could cause their financial information to be compromised.
Of course, security-sensitive people will just set up specific logins for their sensitive servers. You're still cutting down on the total number of login/password combinations. Banks can force the issue by choosing not to support OpenID, or letting OpenID be one of the many factors in a multi-factor system.
So become an OpenID provider. Maybe you only server out your own ID--no big deal. Now you're not trusting some random site you're trusting your own site, and you can use whatever authentication scheme you want.
I suspect that you're just being an ass and intentionally missing the point.
With OpenID, you have a provider and multiple consumers. If any of the consumers get hacked, your account on the other consumers will not, by association, be hacked. If your provider is hacked, all of the consumers will be compromised until you can switch your provider. So the original poster's assertion:
There are some websites/services I just plain old don't trust with some or all elements of my real information. And if only ONE of those websites is compromised, my login is now compromised across the board
is either disingenuous or the result of a misunderstanding. If you don't trust a website, don't make them your provider. But they can safely consume your OpenID without fear of impersonation on other sites. The poster obviously thought that the password would be shared amongst the sites. Either that, or s/he set up a strawman.
Reading for context is a good idea.
It's just a little different from that. Let's look at a couple of scenarios.
Scenario 1: You have accounts all over the place. You use different passwords for each of them. You have multi-factor authentication for several of them.
This is pretty secure, but of course, you have to remember your passwords. You may have to carry around several dongles. If a site is hacked and the password on it is recoverable, only that site is hacked. This scenario, however, is unrealistic for the masses.
Scenario 2: You have accounts all over the place. They all have the same password. You probably don't have multi-factor authentication on any of them, but who knows--maybe your WoW account really is that important to you.
This is horrible security. If a site is hacked, the attacker now has access to your entire web presence. You'll be forced to change your password in dozens of places, and you're almost certain to forget a few.
Scenario 3: You have a single sign-on provider (like OpenID). You have accounts all over the place, but only a single password, stored on a single server. If that server is hacked, the attacker has access to all of your accounts for the time period that it takes you to realize the issue and change your authenticator to a new host. You don't have to remember a password for each site you visit. The individual sites never have access to your password. You may use multi-factor authentication on your OpenID site to reduce the liklihood that a hack will give carte blanche access to all of your accounts, and you don't have to carry around a dozen dongles to provide "something you have."
Do you see how Scenario 3 is a compromise between the two? Do you realize that Scenario 2 is how most people use the web? Scenario 3 is better security than what most people use, while maintaining the convenience. If you don't like the idea of using OpenID, you aren't forced to. You can create a new OpenID for every website you wish to use. OpenID allows for better security in a realistic world (where people reuse passwords) when, currently, the only other option is password-management Hell.
Yes! Thanks!
I may have used the wrong term, or there may be a better one. Essentially, I mean that they don't use foreign keys. If you understand databases, then you probably know what I'm trying to get at with this.
They're not removing features, they're moving features into modules. Don't use views in your app? That code doesn't get loaded. Honestly, once a program reaches a certain size, this is a necessary step.
Most people could make an argument that any feature is important/easy enough to keep in the core. The truth, though, is that most people use MySQL as a data store. They don't care about data correctness, about views, about advanced features. They just want to be able to store data and look it up again.
Of course, this is partially because the books on database programming don't stress these features, and such programming has become available to the masses who don't know any better. Real programmers understand the issues and use these features, but then, real programmers probably also understand that modularization can be very useful.