User talk:Mstone/Rainflow

From OLPC
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Peer review Activity

Instead of making it a pure "security" activity (that "just gets into the way" like any security stuff and thus will be circumvented) it might be better to use a peer review approach, helping both the author and the peers to learn (about security etc.) while doing the certification.

A shared "source browser" with highlighting/bookmarks and chat might be a good start.

-- Sascha Silbe

Other Ideas

  • Do what is safe; prompt for unsafe things.
  • So what about that covert channel in CSS for detecting what sites you've visited?
  • Cards (business, credit, ...) and statements need to start carrying fingerprints and barcodes.
    • Then I can compare my cards with other people's.
  • The key lies in encouraging people to commit to things that are easier for legitimates to do than for impostors. Repeated application of this principle gives hardness amplification.
  • So how does this play into REST? and sessions?
  • Also, how about search and browsing?
    • Perhaps people have templates that describe what kinds of data they're looking for?
  • Why did sshkeys.net fail?

Examples

  • Paul's geodata example
  • Automated scans of machines and software.
  • CAcert assurers
  • PGP key signings
  • "User clicks" vs. auto-updates
Retrieved from "http://wiki.laptop.org/mediawiki/index.php?title=User_talk:Mstone/Rainflow&oldid=210826"