The official site just says "you choose your email-adress to use and you're logged in". So, now assume i am a attacker, and i choose YOUR e-mail address... i am logged in?!
so please some good links to the techniques behind it, especially: - why it is decentral (is it?) - how it is secure (is it?) - how to set up my own server to use for myself (can i?) - why not use openid (why?)
almost no webservices sends first e-mail to the old account. And its better this way, because maybe you changed the mail, because your old mail account was hacked?!
Commecial companies with a certain size have a women-quote, they NEED to employ some women to fulfill this. Most Opensource Projects just live from volunteers.
i think there is still potential for massive file sharing: everyone puts some files in his dropbox. Then you share your files scripted with somebody else, he copies the file serverside (so no real up/download happens) into a non-shared folder, then he leaves the folder. repeat this steps, later on log into your dropbox and get a lot of files, noone really needed to upload for you (again).
they DOWNloaded from you, then they sued you for distributing the stuff. you are allowed to download in most legislations, but you are not allowed to distribute (UPload).
But while downloading, you uploaded parts of it to people, who may have payed, if they would not have downloaded the parts from you. (just playing devils advocate)
argh, bullshit, the exponent and basis should be swapped, so you need to have the longer password, sorry. but still not from a common wordlist, or the bruteforce with "three words from a good wordlist" will get you soon.
and another thing: a password up to 8 chars is x+x^2+...+x^8 a password which MUST be 8 chars long, is just x^8.
you have choosen three words? okay, your entropy is just wordlist^3. This is way less than 12^(26*2+10+15) (12 chars, alphabetic, uppercase, numbers, reasonable special chars).
simple rule: you want to have a big number in the exponent, not in the basis. Adding one more special char to your alphabeth is better than adding one char from the alphabeth to the password. of course this only matters, when enough chars of the alphabeth are used, you can generate a lowercase-alphabetic password from a 100 char alphabeth, if you are doing it wrong.
another thing to consider: imagine the rule "password needs to be 8 chars, at least one uppercase, at least one digit, at least one special char)
password would have been 8^(chars in alphabeth)
but now it is: 5^(chars in alphabeth)*26*10*15 * number-of-permutations possible for placing the three fixed chars inside the freely choosable ones. (26 upper chars, 10 digits, 15 special chars)
identification with biometrics is easy to do, and securely this way. authentication is not. When your android identifies you on a photo, its okay. Yeah, this IS you on the photo. But when it authenticates you with the photo, all the hacker needs is a photo of you.
so first the identification (userid) step. Then there needs to be an authentication step, which means, the device needs some clue, that the identified person really wants to do the action. The photo contains no "unlock please" clue, and it would be wrong to define the clues in a way a photo could express. Because you do not want somebody to be able to make a photo of your "unlock please"-Face. You want to give this instruction each time by yourself.
I did it, and then i lost the piece of paper. As i kept it in my wallet, i assume i lost it while paying. maybe some cashier got it... maybe i even paid something with it;).
But there were no clues where the passwords are for, and i changed them as soon as possible, so it was no problem.
the carriers will not route incoming connections to the devices, even with IPv6. This would endanger their current business models, so they will try to avoid it. It would be cool, when some important new App would really need incoming connections, so the carries virtually must support it. But i doubt they will, and there will be no such app. So the only thing they see is, that smartphones, tablets and other wanted consumer hardware should not have this feature, and tethering with notebooks is evil for them, anyway.
Slashdot Mirror
okay, so its one of the solutions, i cannot use when using multiple computers/devices/browsers. Lets wait for the next solution, if its any better.
The official site just says "you choose your email-adress to use and you're logged in". So, now assume i am a attacker, and i choose YOUR e-mail address ... i am logged in?!
so please some good links to the techniques behind it, especially:
- why it is decentral (is it?)
- how it is secure (is it?)
- how to set up my own server to use for myself (can i?)
- why not use openid (why?)
yeah, and now assume you deleted the file, and the very next day the service goes down. where is your redundancy now?!
almost no webservices sends first e-mail to the old account. And its better this way, because maybe you changed the mail, because your old mail account was hacked?!
which will not be possible, when the cloud service is gone.
wayne?
sadly its true for the actual comics as well.
and they change the mail address associated with your account. Fuck.
using info is some kind of pita. man just pipes some troff text into less, info uses some form of own reader, which is not very usable.
Commecial companies with a certain size have a women-quote, they NEED to employ some women to fulfill this. Most Opensource Projects just live from volunteers.
yeah, there will be some configuration, which is a fixpoint. but its hard to find.
is this officially supported by google? Otherwise you may just lose your files, when google shuts this abuse down.
just think about everyone hosting their music collection on dropbox.
i think there is still potential for massive file sharing:
everyone puts some files in his dropbox. Then you share your files scripted with somebody else, he copies the file serverside (so no real up/download happens) into a non-shared folder, then he leaves the folder. repeat this steps, later on log into your dropbox and get a lot of files, noone really needed to upload for you (again).
they DOWNloaded from you, then they sued you for distributing the stuff. you are allowed to download in most legislations, but you are not allowed to distribute (UPload).
you cannot host a copy of tpb on tpb. Because it would not contain the copy of tpb then.
But while downloading, you uploaded parts of it to people, who may have payed, if they would not have downloaded the parts from you.
(just playing devils advocate)
do you still own a CRT?
argh, bullshit, the exponent and basis should be swapped, so you need to have the longer password, sorry.
but still not from a common wordlist, or the bruteforce with "three words from a good wordlist" will get you soon.
and another thing:
a password up to 8 chars is x+x^2+...+x^8
a password which MUST be 8 chars long, is just x^8.
the xkcd is not quite correct.
you have choosen three words? okay, your entropy is just wordlist^3. This is way less than 12^(26*2+10+15) (12 chars, alphabetic, uppercase, numbers, reasonable special chars).
simple rule: you want to have a big number in the exponent, not in the basis. Adding one more special char to your alphabeth is better than adding one char from the alphabeth to the password.
of course this only matters, when enough chars of the alphabeth are used, you can generate a lowercase-alphabetic password from a 100 char alphabeth, if you are doing it wrong.
another thing to consider:
imagine the rule "password needs to be 8 chars, at least one uppercase, at least one digit, at least one special char)
password would have been 8^(chars in alphabeth)
but now it is:
5^(chars in alphabeth)*26*10*15 * number-of-permutations possible for placing the three fixed chars inside the freely choosable ones.
(26 upper chars, 10 digits, 15 special chars)
identification with biometrics is easy to do, and securely this way. authentication is not.
When your android identifies you on a photo, its okay. Yeah, this IS you on the photo. But when it authenticates you with the photo, all the hacker needs is a photo of you.
so first the identification (userid) step.
Then there needs to be an authentication step, which means, the device needs some clue, that the identified person really wants to do the action. The photo contains no "unlock please" clue, and it would be wrong to define the clues in a way a photo could express. Because you do not want somebody to be able to make a photo of your "unlock please"-Face. You want to give this instruction each time by yourself.
I did it, and then i lost the piece of paper. As i kept it in my wallet, i assume i lost it while paying. maybe some cashier got it ... maybe i even paid something with it ;).
But there were no clues where the passwords are for, and i changed them as soon as possible, so it was no problem.
the carriers will not route incoming connections to the devices, even with IPv6. This would endanger their current business models, so they will try to avoid it. It would be cool, when some important new App would really need incoming connections, so the carries virtually must support it. But i doubt they will, and there will be no such app. So the only thing they see is, that smartphones, tablets and other wanted consumer hardware should not have this feature, and tethering with notebooks is evil for them, anyway.
yeah. most of the other people google for "facebook.com" and "weather today".
maybe "ask"? Or something like ixquick.