Vegard Skjefstad

www.vegard.net

Menu Close

Tag: PRISM Break (page 1 of 5)

Is WebAuthn the Key to Passwordless Authentication?

Can WebAuthn succeed where Universal 2nd Factor failed?

Back in October, 2015, I wrote about the FIDO Alliance, their U2F standard, and the YubiKey implementation by Yubico. The goal of U2F is was to describe a method for universal two factor authentication (2FA). Today, 2FA is usually done either by text messages, or by using a mobile application that provides one-time codes. U2F is aimed more at physical tokens, with the YubiKey the most well-known implementation.

I thought the idea of a physical token was brilliant so I shelled out for a YubiKey Neo. Since 2015, I’ve used it for anything practical exactly zero (0) times1.

While using a physical token like the YubiKey for 2FA is a killer concept, U2F support was only implemented in Chrome, and only supported by a tiny handful of sites. Because of this, U2F never saw any wide spread adaption, and the YubiKey on my key chain continues to be dead weight. It’s not terribly heavy, but dead weight nonetheless.

Now, a new authentication standard, WebAuthn, is seeing the light of day. And it might succeed where U2F failed.

Read more

Welcome to the Fediverse

Wouldn’t it be great if you could participate on the internet without having your private data and habits sold for profit? You already can. Join the fediverse.

Imagine logging on to a social media site to discuss your anime obsession. But instead of logging on to a site owned, controlled, and monetized on by a Fortune 500 company, you log on to an instance being operated by a fellow anime fanatic in her spare time. The instance you log on to only has about 50 users, but it’s a friendly, tightly knit group of people who all share the same interest as you. No harassment, no hate-speech, no bigotry. Any bad apples not following the Code of Conduct decided by the instance administrator – “don’t be an ass” – is simply banned from participating in the discussion.

The instance you log on to is in many ways an isolated, private island. But it’s also part of a larger network consisting of hundreds of other nodes with hundreds of thousands of users. Most of the instances are owned and operated by private individuals, and together all the instances form a federation.

Welcome to the fediverse.

Read more

Delete Your Facebook Account Today

So you’re still on Facebook? Here are three good reasons why you should delete Facebook today.

It’s been a rough year for Facebook. First, it was the Cambridge Analytica data scandal. Whistleblowers revealed that personal information from over 87 million Facebook users was sold to Cambridge Analytica, a political data analysis firm that had worked for Donald Trump’s presidential campaign. Then it turned out Facebook had been scraping call and text message data with its Android apps for years. Everything was stored in Facebook’s databases.

And now, The New York Times has revealed internal Facebook documents that show the social network gave Microsoft, Amazon, Spotify and others far greater access to people’s data than it has disclosed. In some cases, companies were allowed to read, write and delete users’ private messages, and to see all participants in a message thread.

Read more

Dump Google

Google shows its true colors, and removes “don’t be evil” from the code of conduct. It’s time to dump Google.

For years, Google’s been the good guys of the internet. They’ve provided great services without showing a single stick up their customers collective asses. But when they decided to go to bed with the Pentagon war machine, those of us with an ethical backbone started to feel a tiny tingle in the pooper. I covered the utterly moronic decision in the post You Might Be Helping Pentagon Train Killer Dones back in March.

Even Google’s own employees thought playing with Pentagon was a bad idea, and several thousand of them petitioned the company to end the so called Project Maven. About a dozen employees even quit the company in the wake of information about the project surfacing. But that’s a tiny drop in the vast ocean that is Google. With its 85,000 employees, a dozen resignations don’t make a difference.

Now Google has decided to go full anal fist instead, removing the well-known “don’t be evil” from its code of conduct. For me, this is a clear sign the once beloved company is heading in the wrong direction.

It’s time to dump Google.

Read more

How to install Nextcloud on NETGEAR ReadyNAS

Once there was ownCloud. Now there is Nextcloud. It’s time to install Nextcloud on NETGEAR ReadyNAS.

If you’ve followed my 5-year-old guide How to install Owncloud on a NETGEAR ReadyNAS, you might have noticed that the ownCloud desktop client has complained about an unsupported server version for some time. ownCloud on your ReadyNAS server has been stuck on version 6, while the rest of the world has moved on to version 10. Unfortunately, the ownCloud version in the NETGEAR package repository has not been maintained, and upgrading using ownCloud’s own mechanisms has not been possible. ownCloud itself has also been through some rough times. In 2016, its founder, Frank Karlitschek, left the company, citing “moral questions”. Karlitschek went on to found Nextcloud, which is a ownCloud fork, and the file hosting software we will install now.

My particular ReadyNAS model is the 102, which uses an ARM CPU. There is no Nextcloud package in the NETGEAR package repository. This means that getting Nextcloud up and running on my ReadyNAS 102 would involve a lot of compiling, troubleshooting, and general hair pulling. Not ideal for a guy like me with a receding hairline, and I’d probably use a lot of my precious spare time that I’d prefer to prioritize differently. That’s why I’ll take the path of least resistance this time, and turn to someone who’ve gone through all those hoops already: Say hello to RNXtras.com.

Read more

Copyright © 2000-2019 www.vegard.net | Privacy Policy | Statement of Audience | Hosted on vbox4.vbox-host.com