Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.
We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!
muckracer (1204794) writes "It's true! Slackware 13.37 has been released, featuring the 220.127.116.11 Linux kernel, btrfs support, the Nouveau open-source Nvidia driver and a PXE install server right off the CD." Link to Original Source top
muckracer (1204794) writes "The formerly free Microsoft Office OpenDocument Plugin, developed by SUN Microsystems, now carries a price tag of $90 per user "to obtain a Right to Use (RTU) license", after Oracle took over the company. Whether the plugin, which enables Microsoft Office programs to read and write the ISO-standardized ODF document format, will continue being developed at all remains to be seen. Oracle is currently "reviewing the Sun product roadmap" which they state no longer represents "a commitment to deliver any material, code, or functionality"." Link to Original Source top
muckracer (1204794) writes "With recent discussion about passwords and their obvious deficiencies I've been wondering, why we don't use GPG authentication as a common way of logging into sites:
During the initial registration at some site like Slashdot the user gets asked to upload his public GPG key. On each subsequent login the site sends an encrypted challenge that gets locally decrypted with the user's secret key. A signed (and optionally encrypted) response gets sent back to the server, verified against the stored public key of the user and voila...login succeeded. If the site itself has a public 'site' GPG key it would also allow for mutual authentication, basically eliminating any phishing possibilities.
All that'd be needed for this to work is browser/plugin support and, of course, server-side support (the user should only ever see a local window asking for the GPG passphrase on logging in). But the payoff would, unless I am missing something entirely, be tremenduous: secure single sign-on for all web sites needing a login and one at that, that's locally administered. No passwords ever hit the wire nor do they need to get stored server-side. The same key/passphrase would also handle e-mail and help make having a GPG key worthwile for the rest of us. What's your take on this?"