I'm not sure how that is supposed to work. You would have to rewrite every webapp so that it's data can be protected by sandstorm. Which seems hugely impractical. And as long as the webapp has access to it compromising…
I compromise an app, add myself admin account, log-in, download everything. What's stopping me?
That's just marketing bullshit. Unless the API is magic (and I don't mean advanced technology "magic" but Harry Potter "magic") it has no way of knowing what the application is allowed to send or not and therefor cannot…
How can a COMPROMISED WEBapp ever not be able to leak data while being usable?
Host authentication is a job of SSL though. So you should simply not log-in on a website if it cannot be verified that it is actually Paypal. This holds for both SQRL and passwords and seems to be an independent issue.…
@nly How does this system prevent me from setting up a website that looks like Paypal and giving you the address of my ssh server?
It's pretty much the same thing but using QR codes. One thing that SQRL has is automatic management of different keys for each site. It wouldn't be hard to add that to the ssh version, though. Using QR codes for getting…
It's better because your browser doesn't have a button to clear your ssh private keys. Cookies simply aren't meant for storing important data.
Q: "What does it do?" A: "A utility library delivering consistency, modularity, performance, & extras." Q: "Yeah, but what does it do?" A: "Oh, nothing but it does it consistently, modularly and performant. We also have…
"there are legitimate uses for such keys" - not for crypto
Doesn't this violate the minecraft ToS?
But paypal/ebay is a third party. Something that this system tries to avoid.
In short: The protocol is not even remotely thought through. It is incomplete and cannot work the way it is described. I wonder if it is theoretically impossible to create a protocol that punishes cheating when the…
Oh, sorry! Confused.
Well, at least I'm not the only one who apparently didn't pay attention for half of the tutorial. :)
Oh, I thought it was in the same row. Well, that makes more sense. I treated it like a form of sudoku with only 2 symbols and 3 repetitions allowed.
Bug? http://imgur.com/DmSGy76
I intentionally did not try to answer the question myself because I assume there are people who are much more familiar with the details of the XMPP protocol and much more suited to making a comparison. So fuck you and…
I would like to know how this is different from jabber/xmpp and how likely it is that these differences are worthwhile. They say their API is more "pragmatic" and writing a full-blown XMPP client certainly is very…
Best screenshot ever.
It is a shitty generalization slandering all articles which (possibly poorly) chose a question as headline. This is obviously an "article" where the author was legitimately interested in answering the question in the…
Well, could anybody sum this up? Because I'm definitely not going to read Part 2 since it seems Fowler didn't even bother to produce correct sentences.
Another headline completely bereft of any information.
It's true and important why wouldn't it be enough?
I am totally in favor of good tools with good visual representations but those almost always have to be handcrafted for every specific problem. Which is probably why Bret has never delivered anything useful. And if…
I'm not sure how that is supposed to work. You would have to rewrite every webapp so that it's data can be protected by sandstorm. Which seems hugely impractical. And as long as the webapp has access to it compromising…
I compromise an app, add myself admin account, log-in, download everything. What's stopping me?
That's just marketing bullshit. Unless the API is magic (and I don't mean advanced technology "magic" but Harry Potter "magic") it has no way of knowing what the application is allowed to send or not and therefor cannot…
How can a COMPROMISED WEBapp ever not be able to leak data while being usable?
Host authentication is a job of SSL though. So you should simply not log-in on a website if it cannot be verified that it is actually Paypal. This holds for both SQRL and passwords and seems to be an independent issue.…
@nly How does this system prevent me from setting up a website that looks like Paypal and giving you the address of my ssh server?
It's pretty much the same thing but using QR codes. One thing that SQRL has is automatic management of different keys for each site. It wouldn't be hard to add that to the ssh version, though. Using QR codes for getting…
It's better because your browser doesn't have a button to clear your ssh private keys. Cookies simply aren't meant for storing important data.
Q: "What does it do?" A: "A utility library delivering consistency, modularity, performance, & extras." Q: "Yeah, but what does it do?" A: "Oh, nothing but it does it consistently, modularly and performant. We also have…
"there are legitimate uses for such keys" - not for crypto
Doesn't this violate the minecraft ToS?
But paypal/ebay is a third party. Something that this system tries to avoid.
In short: The protocol is not even remotely thought through. It is incomplete and cannot work the way it is described. I wonder if it is theoretically impossible to create a protocol that punishes cheating when the…
Oh, sorry! Confused.
Well, at least I'm not the only one who apparently didn't pay attention for half of the tutorial. :)
Oh, I thought it was in the same row. Well, that makes more sense. I treated it like a form of sudoku with only 2 symbols and 3 repetitions allowed.
Bug? http://imgur.com/DmSGy76
I intentionally did not try to answer the question myself because I assume there are people who are much more familiar with the details of the XMPP protocol and much more suited to making a comparison. So fuck you and…
I would like to know how this is different from jabber/xmpp and how likely it is that these differences are worthwhile. They say their API is more "pragmatic" and writing a full-blown XMPP client certainly is very…
Best screenshot ever.
It is a shitty generalization slandering all articles which (possibly poorly) chose a question as headline. This is obviously an "article" where the author was legitimately interested in answering the question in the…
Well, could anybody sum this up? Because I'm definitely not going to read Part 2 since it seems Fowler didn't even bother to produce correct sentences.
Another headline completely bereft of any information.
It's true and important why wouldn't it be enough?
I am totally in favor of good tools with good visual representations but those almost always have to be handcrafted for every specific problem. Which is probably why Bret has never delivered anything useful. And if…