User talk:Mstone/Rainflow: Difference between revisions

From OLPC
Jump to navigation Jump to search
m (New page: === Peer review Activity === Instead of making it a pure "security" activity (that "just gets into the way" like any security stuff and thus will be circumvented) it might be better to us...)
 
mNo edit summary
Line 6: Line 6:


-- Sascha Silbe
-- Sascha Silbe

=== Other Ideas ===

* Do what is safe; prompt for unsafe things.
* So what about that covert channel in CSS for detecting what sites you've visited?
* Cards (business, credit, ...) and statements need to start carrying fingerprints and barcodes.
** Then I can compare my cards with other people's.
* The key lies in encouraging people to commit to things that are easier for legitimates to do than for impostors. Repeated application of this principle gives hardness amplification.
* So how does this play into REST? and sessions?
* Also, how about search and browsing?
** Perhaps people have templates that describe what kinds of data they're looking for?
* Why did sshkeys.net fail?

=== Examples ===

* Paul's geodata example
* Automated scans of machines and software.
* CAcert assurers
* PGP key signings
* "User clicks" vs. auto-updates

Revision as of 00:29, 24 June 2009

Peer review Activity

Instead of making it a pure "security" activity (that "just gets into the way" like any security stuff and thus will be circumvented) it might be better to use a peer review approach, helping both the author and the peers to learn (about security etc.) while doing the certification.

A shared "source browser" with highlighting/bookmarks and chat might be a good start.

-- Sascha Silbe

Other Ideas

  • Do what is safe; prompt for unsafe things.
  • So what about that covert channel in CSS for detecting what sites you've visited?
  • Cards (business, credit, ...) and statements need to start carrying fingerprints and barcodes.
    • Then I can compare my cards with other people's.
  • The key lies in encouraging people to commit to things that are easier for legitimates to do than for impostors. Repeated application of this principle gives hardness amplification.
  • So how does this play into REST? and sessions?
  • Also, how about search and browsing?
    • Perhaps people have templates that describe what kinds of data they're looking for?
  • Why did sshkeys.net fail?

Examples

  • Paul's geodata example
  • Automated scans of machines and software.
  • CAcert assurers
  • PGP key signings
  • "User clicks" vs. auto-updates