GPSLog Labs now supports OpenID to allow you to sign in with an account you already have, rather than trying to remember yet another user name and password.
As a bonus, there is now zero-registration required. Sign in and you can upload a log and get started straight away!
-- Tom
A small number of super-geeky obsessives are abuzz over the upcoming launch of Facebook Usernames, an exciting new feature that will let you put some parts of your name into a web address.
Since its announcement yesterday, there's been a lot of excited discussion of the feature, but in a dashes.com exclusive I can exclusively report this exclusive look at the future of the feature. We'll also cover how the feature's rollout will be covered by the technology trade press and the mainstream press.
June 13, 12:01am: Facebook launches Facebook Usernames. The gold rush is on!
Read more: http://globalitnews.blogspot.com/2009/06/future-of-facebook-usernames.html
Tags: Facebook, usernames, Linkedin, Mashable, Myspace, Bebo, AIM, Techmeme, Global IT News, Mark Zuckerberg, Iphone, FUD, Kanye West, Twitter, Flikr, Openid, Digg,
Diffie-Hellman鍵交換方式を利用すれば、秘密鍵をやり取りする必要がないため、秘密鍵暗号方式と比べてネットワーク上の盗聴などに強いという特徴がある。
その反面、通信経路上で暗号を解読する「中間者攻撃」の手法には強くないとされる。
そのためDiffie-Hellman鍵交換は別の暗号化アルゴリズムと組み合わせて用いられることが多い。
Diffie-Hellman鍵交換を採用した代表的な公開鍵暗号としては、RSAやエルガマル法を挙げることができる。
このプロトコルは、通信を行いたい2者が各々公開鍵と秘密鍵 (私有鍵ともいう) を用意し、公開鍵のみを公開する。そして、お互いに秘密の値から作成されるデータを相手に送信し、各自、自分の秘密鍵と受信したデータから共通鍵を作成できる方法である。第三者が送受信されるデータを盗聴しても鍵を生成することができない所に特徴がある。
One of the cooler features of OpenID is delegation. This means, instead of having your OpenID identifier be
it can be
Much easier to remember, right? And it’s really easy to do, too! Here’s how I did it.
First, sign up for an OpenID with the provider of your choice (note that Google, Yahoo, and Microsoft are all OpenID providers now, so you may already have one). I like myopenid.com, so I originally signed up there. My OpenID identifier is codinghorror.myopenid.com.
To enable my domain to act as a delegate to the OpenID provider, I added these two HTML header tags to the homepage of codinghorror.com.
<html>
<head>
<title>Coding Horror</title>
<link rel="shortcut icon" href="/favicon.ico" />
<link rel="openid.server" href="http://www.myopenid.com/server">
<link rel="openid.delegate" href="http://codinghorror.myopenid.com/">
</head>
Then I used our new multiple OpenID feature to tell Stack Overflow about my new OpenID. Here on my user page, I can see that I already have two OpenIDs attached to my account.
In case you’re wondering, the OpenID fields here are only visible because I’m logged in as myself. The OpenID identifiers aren’t normally visible to anyone else.
I want to attach a new OpenID to my account, so I click New Login. Note that I must be logged in first to change my OpenIDs, so I need to be sure I click New Login!
I enter codinghorror.com as my OpenID identifier, then click the Login button (or just press Enter).
When I’m returned to the page, I had a brand new OpenID identifier in my primary slot!
Now I can log in to any OpenID enabled website using codinghorror.com!
One minor technical note: when logging in via the “New Login” link, your alternate OpenID will be filled first, and all subsequent new logins will overwrite your primary OpenID. Use the new “Swap” link to switch them around, so you can overwrite whichever one you want (thanks Stewart Johnson for that suggestion).
Posted by Jeff Atwood on January 4th, 2009
Filed under design
From StackOverflow.com
TechCrunch reported that Vidoop has closed its doors. The company announced layoffs in early May 2009. Joel Norvell, the CEO, said that the company did not have funds to pay wages or other liabilities, and that employees were offered computer in lieu of wages.
Here is an excerpt of a insider's letter from CEO Joel Norvell to Vidoop employees:
Vidoop LLC is officially out of business. Unfortunately, there are no funds to pay the unpaid wages or other liabilities. I don’t yet know if this means there will be a bankruptcy filing. However, we are in the process of winding down and vacating the office.
The shutdown was rapid as Mr. Novell added:
The investors who walked out of the May 5 deal created a situation that made an orderly shutdown impossible. However, several of us have worked nonstop to preserve everyone’s stake in Vidoop, and efforts are ongoing. We hope to provide details soon.
According to it's website, Vidoop states as its mission:
We make the Internet a more secure and less complicated place to do business by providing strong authentication and identity management for the consumer web.
Michael Arrington said in his TechCrunch blog that it was unclear how long Vidoop service will stay active.
On the commenting section of blog post, many were sympathetic to the Vidoop team and their mission. Here is one posted comment that some else would continue their OpenID mission:
I continued to hope that Vidoop would be able to turn their descent around. They’ve got a compelling OpenID offering and their Captcha idea showed promise. It will be interesting to see if anyone else sees enough value in their efforts to pay money to pick up their work and continue.
Identity Management: OpenID mit openid4java
Single-Sign-on (SSO) wartet immer noch auf den Durchbruch im Internet. Dabei existiert mit dem Protokoll OpenID eine gute Implementierung der Technik, die zudem eine breite Unterstützung in der Industrie aufweist.
OAuth is still in early stage, and OpenID is still inconvinient way. The combination with them? It will be a another burden to users and developers, but it's clear that there is /* no alternatives */ in this world.
http://feedproxy.google.com/~r/ProgrammableWeb/~3/73Kg1RXaOoM/
------------------------------
Sent from IPod Touch
A rather interesting vulnerability in OpenID has been posted:
Ben Laurie of Google's Applied Security team, while working with an external researcher, Dr. Richard Clayton of the Computer Laboratory, Cambridge University, found that various OpenID Providers (OPs) had TLS Server Certificates that used weak keys, as a result of the Debian Predictable Random Number Generator (CVE-2008-0166).
In combination with the DNS Cache Poisoning issue (CVE-2008-1447) and the fact that almost all SSL/TLS implementations do not consult CRLs (currently an untracked issue), this means that it is impossible to
rely on these OPs.
Neat stuff. (And a reason that software really should check CRLs.)
