�ݺ�ߣshows by User: fmarier

�ݺ�ߣshows by User: fmarier / http://www.slideshare.net/images/logo.gif �ݺ�ߣshows by User: fmarier / Sat, 06 May 2017 22:28:36 GMT �ݺ�ߣShare feed for �ݺ�ߣshows by User: fmarier Security and Privacy settings for Firefox Power Users /slideshow/security-and-privacy-settings-for-firefox-power-users/75741147 lfnw2017v2-170506222836
Web browsers have a difficult job to do: they need to perform remote code execution from untrusted locations in the presence of user data. In other words, they need to display websites that people use to share their information. There is a constant struggle between making the web more secure and breaking existing websites that rely on the historically lax defaults. We are working hard to raise the bar, but are also making powerful new features available to the Firefox power users. This talk will examine some of the hidden or advanced settings and extensions that Firefox offers to users who are concerned about their security and privacy. With a little bit of context on the benefits and risks that some of these features provide, you should be able to make informed decisions and tweak your favorite "user agent". https://www.linuxfestnorthwest.org/2017/sessions/security-and-privacy-settings-firefox-power-users]]>
Web browsers have a difficult job to do: they need to perform remote code execution from untrusted locations in the presence of user data. In other words, they need to display websites that people use to share their information. There is a constant struggle between making the web more secure and breaking existing websites that rely on the historically lax defaults. We are working hard to raise the bar, but are also making powerful new features available to the Firefox power users. This talk will examine some of the hidden or advanced settings and extensions that Firefox offers to users who are concerned about their security and privacy. With a little bit of context on the benefits and risks that some of these features provide, you should be able to make informed decisions and tweak your favorite "user agent". https://www.linuxfestnorthwest.org/2017/sessions/security-and-privacy-settings-firefox-power-users]]> Sat, 06 May 2017 22:28:36 GMT /slideshow/security-and-privacy-settings-for-firefox-power-users/75741147 fmarier@slideshare.net(fmarier) Security and Privacy settings for Firefox Power Users fmarier Web browsers have a difficult job to do: they need to perform remote code execution from untrusted locations in the presence of user data. In other words, they need to display websites that people use to share their information. There is a constant struggle between making the web more secure and breaking existing websites that rely on the historically lax defaults. We are working hard to raise the bar, but are also making powerful new features available to the Firefox power users. This talk will examine some of the hidden or advanced settings and extensions that Firefox offers to users who are concerned about their security and privacy. With a little bit of context on the benefits and risks that some of these features provide, you should be able to make informed decisions and tweak your favorite "user agent". https://www.linuxfestnorthwest.org/2017/sessions/security-and-privacy-settings-firefox-power-users <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/lfnw2017v2-170506222836-thumbnail.jpg?width=120&height=120&fit=bounds" /> Web browsers have a difficult job to do: they need to perform remote code execution from untrusted locations in the presence of user data. In other words, they need to display websites that people use to share their information. There is a constant struggle between making the web more secure and breaking existing websites that rely on the historically lax defaults. We are working hard to raise the bar, but are also making powerful new features available to the Firefox power users. This talk will examine some of the hidden or advanced settings and extensions that Firefox offers to users who are concerned about their security and privacy. With a little bit of context on the benefits and risks that some of these features provide, you should be able to make informed decisions and tweak your favorite "user agent". https://www.linuxfestnorthwest.org/2017/sessions/security-and-privacy-settings-firefox-power-users

Security and Privacy settings for Firefox Power Users from Francois Marier

]]> 1109 0 https://cdn.slidesharecdn.com/ss_thumbnails/lfnw2017v2-170506222836-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Getting Browsers to Improve the Security of Your Webapp /slideshow/getting-browsers-to-improve-the-security-of-your-webapp/73022581 confoo2017-170310134535
Most web developers have some knowledge of input sanitization and encryption, but what happens when you forget an edge case or when users are connected to a rogue access point? Through the use of technologies like strict transport security, content security policy, sub-resource integrity, and the referrer policy, web developers can instruct browsers to add a second layer of defenses against the most common attacks.]]>
Most web developers have some knowledge of input sanitization and encryption, but what happens when you forget an edge case or when users are connected to a rogue access point? Through the use of technologies like strict transport security, content security policy, sub-resource integrity, and the referrer policy, web developers can instruct browsers to add a second layer of defenses against the most common attacks.]]> Fri, 10 Mar 2017 13:45:35 GMT /slideshow/getting-browsers-to-improve-the-security-of-your-webapp/73022581 fmarier@slideshare.net(fmarier) Getting Browsers to Improve the Security of Your Webapp fmarier Most web developers have some knowledge of input sanitization and encryption, but what happens when you forget an edge case or when users are connected to a rogue access point? Through the use of technologies like strict transport security, content security policy, sub-resource integrity, and the referrer policy, web developers can instruct browsers to add a second layer of defenses against the most common attacks. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/confoo2017-170310134535-thumbnail.jpg?width=120&height=120&fit=bounds" /> Most web developers have some knowledge of input sanitization and encryption, but what happens when you forget an edge case or when users are connected to a rogue access point? Through the use of technologies like strict transport security, content security policy, sub-resource integrity, and the referrer policy, web developers can instruct browsers to add a second layer of defenses against the most common attacks.

Getting Browsers to Improve the Security of Your Webapp from Francois Marier

]]> 353 0 https://cdn.slidesharecdn.com/ss_thumbnails/confoo2017-170310134535-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Hardening Firefox for Security and Privacy /slideshow/hardening-firefox-for-security-and-privacy/68724047 hardening-firefox-for-security-and-privacy-161112000721
The Web can be a hostile place, full of deceptive and malicious sites trying to install software on your computer or steal your personal information. However, you have a friend on your side: your user agent (also called your web browser). This talk will examine some of the hidden or advanced settings and extensions that Firefox offers to users who are concerned about their security and privacy. While we at Mozilla strive to bring these features to all of our users, the reality is that it's sometimes challenging to balance the need for maximum web compatibility and standards compliance with the desire to phase out harmful practices. With a little bit of context on the benefits and risks that some of these features provide, you should be able to make informed decisions and tweak your favorite user agent. https://osem.seagl.org/conference/seagl2016/program/proposal/188]]>
The Web can be a hostile place, full of deceptive and malicious sites trying to install software on your computer or steal your personal information. However, you have a friend on your side: your user agent (also called your web browser). This talk will examine some of the hidden or advanced settings and extensions that Firefox offers to users who are concerned about their security and privacy. While we at Mozilla strive to bring these features to all of our users, the reality is that it's sometimes challenging to balance the need for maximum web compatibility and standards compliance with the desire to phase out harmful practices. With a little bit of context on the benefits and risks that some of these features provide, you should be able to make informed decisions and tweak your favorite user agent. https://osem.seagl.org/conference/seagl2016/program/proposal/188]]> Sat, 12 Nov 2016 00:07:21 GMT /slideshow/hardening-firefox-for-security-and-privacy/68724047 fmarier@slideshare.net(fmarier) Hardening Firefox for Security and Privacy fmarier The Web can be a hostile place, full of deceptive and malicious sites trying to install software on your computer or steal your personal information. However, you have a friend on your side: your user agent (also called your web browser). This talk will examine some of the hidden or advanced settings and extensions that Firefox offers to users who are concerned about their security and privacy. While we at Mozilla strive to bring these features to all of our users, the reality is that it's sometimes challenging to balance the need for maximum web compatibility and standards compliance with the desire to phase out harmful practices. With a little bit of context on the benefits and risks that some of these features provide, you should be able to make informed decisions and tweak your favorite user agent. https://osem.seagl.org/conference/seagl2016/program/proposal/188 <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/hardening-firefox-for-security-and-privacy-161112000721-thumbnail.jpg?width=120&height=120&fit=bounds" /> The Web can be a hostile place, full of deceptive and malicious sites trying to install software on your computer or steal your personal information. However, you have a friend on your side: your user agent (also called your web browser). This talk will examine some of the hidden or advanced settings and extensions that Firefox offers to users who are concerned about their security and privacy. While we at Mozilla strive to bring these features to all of our users, the reality is that it's sometimes challenging to balance the need for maximum web compatibility and standards compliance with the desire to phase out harmful practices. With a little bit of context on the benefits and risks that some of these features provide, you should be able to make informed decisions and tweak your favorite user agent. https://osem.seagl.org/conference/seagl2016/program/proposal/188

Hardening Firefox for Security and Privacy from Francois Marier

]]> 1825 0 https://cdn.slidesharecdn.com/ss_thumbnails/hardening-firefox-for-security-and-privacy-161112000721-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Security and Privacy on the Web in 2016 /slideshow/security-and-privacy-on-the-web-in-2016/61295815 websec-lfnw2016-160424203209
In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up (e.g. Referrer Policy, Subresource Integrity). As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2016. In addition to that, the non-profit behind Firefox is experimenting with new ways to protect its users, building on Google's Safe Browsing technology to defend users against tracking. This talk will introduce developers to the security features of the web platform they can use today and show end-users how they can harden their Firefox browser. https://www.linuxfestnorthwest.org/2016/sessions/security-and-privacy-web-2016]]>
In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up (e.g. Referrer Policy, Subresource Integrity). As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2016. In addition to that, the non-profit behind Firefox is experimenting with new ways to protect its users, building on Google's Safe Browsing technology to defend users against tracking. This talk will introduce developers to the security features of the web platform they can use today and show end-users how they can harden their Firefox browser. https://www.linuxfestnorthwest.org/2016/sessions/security-and-privacy-web-2016]]> Sun, 24 Apr 2016 20:32:08 GMT /slideshow/security-and-privacy-on-the-web-in-2016/61295815 fmarier@slideshare.net(fmarier) Security and Privacy on the Web in 2016 fmarier In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up (e.g. Referrer Policy, Subresource Integrity). As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2016. In addition to that, the non-profit behind Firefox is experimenting with new ways to protect its users, building on Google's Safe Browsing technology to defend users against tracking. This talk will introduce developers to the security features of the web platform they can use today and show end-users how they can harden their Firefox browser. https://www.linuxfestnorthwest.org/2016/sessions/security-and-privacy-web-2016 <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/websec-lfnw2016-160424203209-thumbnail.jpg?width=120&height=120&fit=bounds" /> In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up (e.g. Referrer Policy, Subresource Integrity). As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2016. In addition to that, the non-profit behind Firefox is experimenting with new ways to protect its users, building on Google's Safe Browsing technology to defend users against tracking. This talk will introduce developers to the security features of the web platform they can use today and show end-users how they can harden their Firefox browser. https://www.linuxfestnorthwest.org/2016/sessions/security-and-privacy-web-2016

Security and Privacy on the Web in 2016 from Francois Marier

]]> 678 1 https://cdn.slidesharecdn.com/ss_thumbnails/websec-lfnw2016-160424203209-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Privacy and Tracking Protection in Firefox /slideshow/privacy-and-tracking-protection-in-firefox/57722456 privacy-tp-in-firefox-160201083718
Surveillance is a growing concern in Europe, and Mozilla believes that privacy and security should be treated as fundamental and not optional in the browsing experience. That's why Firefox has introduced new features for tracking protection and private browsing. Do not track is not only a way to navigate the web, it might also become part of a new privacy law in the EU. We will discuss how this has been implemented in the newest version of Firefox, next steps, and why it's important to have transparency and control in our online experiences. https://fosdem.org/2016/schedule/event/mozilla_privacy_tracking_protection_firefox/]]>
Surveillance is a growing concern in Europe, and Mozilla believes that privacy and security should be treated as fundamental and not optional in the browsing experience. That's why Firefox has introduced new features for tracking protection and private browsing. Do not track is not only a way to navigate the web, it might also become part of a new privacy law in the EU. We will discuss how this has been implemented in the newest version of Firefox, next steps, and why it's important to have transparency and control in our online experiences. https://fosdem.org/2016/schedule/event/mozilla_privacy_tracking_protection_firefox/]]> Mon, 01 Feb 2016 08:37:18 GMT /slideshow/privacy-and-tracking-protection-in-firefox/57722456 fmarier@slideshare.net(fmarier) Privacy and Tracking Protection in Firefox fmarier Surveillance is a growing concern in Europe, and Mozilla believes that privacy and security should be treated as fundamental and not optional in the browsing experience. That's why Firefox has introduced new features for tracking protection and private browsing. Do not track is not only a way to navigate the web, it might also become part of a new privacy law in the EU. We will discuss how this has been implemented in the newest version of Firefox, next steps, and why it's important to have transparency and control in our online experiences. https://fosdem.org/2016/schedule/event/mozilla_privacy_tracking_protection_firefox/ <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/privacy-tp-in-firefox-160201083718-thumbnail.jpg?width=120&height=120&fit=bounds" /> Surveillance is a growing concern in Europe, and Mozilla believes that privacy and security should be treated as fundamental and not optional in the browsing experience. That's why Firefox has introduced new features for tracking protection and private browsing. Do not track is not only a way to navigate the web, it might also become part of a new privacy law in the EU. We will discuss how this has been implemented in the newest version of Firefox, next steps, and why it's important to have transparency and control in our online experiences. https://fosdem.org/2016/schedule/event/mozilla_privacy_tracking_protection_firefox/

Privacy and Tracking Protection in Firefox from Francois Marier

]]> 613 0 https://cdn.slidesharecdn.com/ss_thumbnails/privacy-tp-in-firefox-160201083718-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Security and Privacy on the Web in 2015 /slideshow/security-and-privacy-on-the-web-in-2015/50387840 rmll2015-150710124700-lva1-app6892
In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up this year (e.g. Referrer Policy, Subresource Integrity). In addition to getting familiar with these, a number of recent high-profile bugs in the SSL/TLS protocol and implementations have forced developers to learn more about TLS ciphers and to start worrying about mixed content on their pages. As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2015. This talk will give an overview of the security and privacy landscape on the web as well as pointers to what developers need to know to secure their applications. https://2015.rmll.info/security-and-privacy-on-the-web-in-2015?lang=en]]>
In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up this year (e.g. Referrer Policy, Subresource Integrity). In addition to getting familiar with these, a number of recent high-profile bugs in the SSL/TLS protocol and implementations have forced developers to learn more about TLS ciphers and to start worrying about mixed content on their pages. As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2015. This talk will give an overview of the security and privacy landscape on the web as well as pointers to what developers need to know to secure their applications. https://2015.rmll.info/security-and-privacy-on-the-web-in-2015?lang=en]]> Fri, 10 Jul 2015 12:47:00 GMT /slideshow/security-and-privacy-on-the-web-in-2015/50387840 fmarier@slideshare.net(fmarier) Security and Privacy on the Web in 2015 fmarier In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up this year (e.g. Referrer Policy, Subresource Integrity). In addition to getting familiar with these, a number of recent high-profile bugs in the SSL/TLS protocol and implementations have forced developers to learn more about TLS ciphers and to start worrying about mixed content on their pages. As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2015. This talk will give an overview of the security and privacy landscape on the web as well as pointers to what developers need to know to secure their applications. https://2015.rmll.info/security-and-privacy-on-the-web-in-2015?lang=en <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/rmll2015-150710124700-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds" /> In the last few years, a number of new security features have become available to web developers (e.g. Content Security Policy, Strict Transport Security) and a few more are coming up this year (e.g. Referrer Policy, Subresource Integrity). In addition to getting familiar with these, a number of recent high-profile bugs in the SSL/TLS protocol and implementations have forced developers to learn more about TLS ciphers and to start worrying about mixed content on their pages. As a browser vendor and a member of the W3C WebAppSec working group, Mozilla is busy extending the web platform to provide the tools and features that developers and users need in 2015. This talk will give an overview of the security and privacy landscape on the web as well as pointers to what developers need to know to secure their applications. https://2015.rmll.info/security-and-privacy-on-the-web-in-2015?lang=en

Security and Privacy on the Web in 2015 from Francois Marier

]]> 2885 1 https://cdn.slidesharecdn.com/ss_thumbnails/rmll2015-150710124700-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Integrity protection for third-party JavaScript /slideshow/integrity-protection-for-thirdparty-javascript-49054010/49054010 sri-auscert2015-150605233720-lva1-app6892
Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere. This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity (http://www.w3.org/TR/SRI/). Both Firefox and Chrome have initial implementations of this new specification and a few early adopters such as Github are currently evaluating this feature.]]>
Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere. This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity (http://www.w3.org/TR/SRI/). Both Firefox and Chrome have initial implementations of this new specification and a few early adopters such as Github are currently evaluating this feature.]]> Fri, 05 Jun 2015 23:37:20 GMT /slideshow/integrity-protection-for-thirdparty-javascript-49054010/49054010 fmarier@slideshare.net(fmarier) Integrity protection for third-party JavaScript fmarier Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere. This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity (http://www.w3.org/TR/SRI/). Both Firefox and Chrome have initial implementations of this new specification and a few early adopters such as Github are currently evaluating this feature. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/sri-auscert2015-150605233720-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds" /> Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere. This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity (http://www.w3.org/TR/SRI/). Both Firefox and Chrome have initial implementations of this new specification and a few early adopters such as Github are currently evaluating this feature.

Integrity protection for third-party JavaScript from Francois Marier

]]> 4285 0 https://cdn.slidesharecdn.com/ss_thumbnails/sri-auscert2015-150605233720-lva1-app6892-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 URL to HTML /fmarier/url-to-html-47313369 urltohtml-sotakl-150422213053-conversion-gate01
What happens in between the time you type a URL in your browser and the time you see the fully rendered page.]]>
What happens in between the time you type a URL in your browser and the time you see the fully rendered page.]]> Wed, 22 Apr 2015 21:30:53 GMT /fmarier/url-to-html-47313369 fmarier@slideshare.net(fmarier) URL to HTML fmarier What happens in between the time you type a URL in your browser and the time you see the fully rendered page. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/urltohtml-sotakl-150422213053-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds" /> What happens in between the time you type a URL in your browser and the time you see the fully rendered page.

URL to HTML from Francois Marier

]]> 704 0 https://cdn.slidesharecdn.com/ss_thumbnails/urltohtml-sotakl-150422213053-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Integrity protection for third-party JavaScript /slideshow/integrity-protection-for-thirdparty-javascript/45243090 crnjp8h4qiayucnttiia-signature-f517b9d3255deb1f407f2c36cf548286fe8aa4ef296121777460975e2b8c4210-poli-150227172358-conversion-gate02
Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere. This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity. Both Firefox and Chrome have initial implementations of this new specification and a few early adopters are currently evaluating this feature.]]>
Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere. This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity. Both Firefox and Chrome have initial implementations of this new specification and a few early adopters are currently evaluating this feature.]]> Fri, 27 Feb 2015 17:23:58 GMT /slideshow/integrity-protection-for-thirdparty-javascript/45243090 fmarier@slideshare.net(fmarier) Integrity protection for third-party JavaScript fmarier Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere. This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity. Both Firefox and Chrome have initial implementations of this new specification and a few early adopters are currently evaluating this feature. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/crnjp8h4qiayucnttiia-signature-f517b9d3255deb1f407f2c36cf548286fe8aa4ef296121777460975e2b8c4210-poli-150227172358-conversion-gate02-thumbnail.jpg?width=120&height=120&fit=bounds" /> Modern web applications depend on a lot of auxiliary scripts which are often hosted on third-party CDNs. Should an attacker be able to tamper with the files hosted on such a CDN, millions of sites could be compromised. Web developers need a way to guarantee the integrity of scripts hosted elsewhere. This is the motivation behind a new addition to the web platform being introduced by the W3C: sub-resource integrity. Both Firefox and Chrome have initial implementations of this new specification and a few early adopters are currently evaluating this feature.

Integrity protection for third-party JavaScript from Francois Marier

]]> 1038 1 https://cdn.slidesharecdn.com/ss_thumbnails/crnjp8h4qiayucnttiia-signature-f517b9d3255deb1f407f2c36cf548286fe8aa4ef296121777460975e2b8c4210-poli-150227172358-conversion-gate02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Supporting Debian machines for friends and family /slideshow/supporting-debian-machines-for-friends-and-family-43621385/43621385 lca2015debian-miniconf-150117164733-conversion-gate01
Many Debian developers find themselves providing some form of technical support to friends and family. Achieving the mystical five nines is well beyond the means of an amateur sysadmin like myself, but giving my dad reliable boxes to use can be achieved without eating all of my free time. This talk will draw on my experience supporting and maintaining my dad's Debian-based computers. I will briefly describe the hardware setup, introduce some useful packages and share some configuration hints. Areas of focus will include system updates, reliability, monitoring and security. http://nz2015.mini.debconf.org/Programme/Francois/]]>
Many Debian developers find themselves providing some form of technical support to friends and family. Achieving the mystical five nines is well beyond the means of an amateur sysadmin like myself, but giving my dad reliable boxes to use can be achieved without eating all of my free time. This talk will draw on my experience supporting and maintaining my dad's Debian-based computers. I will briefly describe the hardware setup, introduce some useful packages and share some configuration hints. Areas of focus will include system updates, reliability, monitoring and security. http://nz2015.mini.debconf.org/Programme/Francois/]]> Sat, 17 Jan 2015 16:47:33 GMT /slideshow/supporting-debian-machines-for-friends-and-family-43621385/43621385 fmarier@slideshare.net(fmarier) Supporting Debian machines for friends and family fmarier Many Debian developers find themselves providing some form of technical support to friends and family. Achieving the mystical five nines is well beyond the means of an amateur sysadmin like myself, but giving my dad reliable boxes to use can be achieved without eating all of my free time. This talk will draw on my experience supporting and maintaining my dad's Debian-based computers. I will briefly describe the hardware setup, introduce some useful packages and share some configuration hints. Areas of focus will include system updates, reliability, monitoring and security. http://nz2015.mini.debconf.org/Programme/Francois/ <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/lca2015debian-miniconf-150117164733-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds" /> Many Debian developers find themselves providing some form of technical support to friends and family. Achieving the mystical five nines is well beyond the means of an amateur sysadmin like myself, but giving my dad reliable boxes to use can be achieved without eating all of my free time. This talk will draw on my experience supporting and maintaining my dad's Debian-based computers. I will briefly describe the hardware setup, introduce some useful packages and share some configuration hints. Areas of focus will include system updates, reliability, monitoring and security. http://nz2015.mini.debconf.org/Programme/Francois/

Supporting Debian machines for friends and family from Francois Marier

]]> 860 0 https://cdn.slidesharecdn.com/ss_thumbnails/lca2015debian-miniconf-150117164733-conversion-gate01-thumbnail.jpg?width=120&height=120&fit=bounds presentation White http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Outsourcing your webapp maintenance to Debian https://fr.slideshare.net/slideshow/outsourcing-your-webapp-maintenance-to-debian/38506055 debconf14webappmaintenance-140829205156-phpapp01
Today's web applications often have a lot of external dependencies. Start off with a basic framework, sprinkle a couple of handy modules and finish with a generous serving of JavaScript front-end libraries. What you end up is a gigantic mess of code from different sources which follow very different release schedules and policies. Language-specific package managers can automate much of the dependency resolution and package installation, but you're on your own in terms of integration and quality assurance. Also, the minute you start distributing someone else's code with your project, you become responsible for the security of that third-party code. We moved away from statically-linked C/C++ programs a long time ago and now (mostly) live in a nicely-packaged shared library world. Can we leverage the power of Debian (i.e. the great work of the package maintainers and security team) to similarly reduce the burden of those who end up having to maintain our webapps? This talk will examine the decision that the Libravatar project made to outsource much of its maintenance burden to Debian by using system packages for almost everything. https://summit.debconf.org/debconf14/meeting/16/outsourcing-your-webapp-maintenance-to-debian/]]>
Today's web applications often have a lot of external dependencies. Start off with a basic framework, sprinkle a couple of handy modules and finish with a generous serving of JavaScript front-end libraries. What you end up is a gigantic mess of code from different sources which follow very different release schedules and policies. Language-specific package managers can automate much of the dependency resolution and package installation, but you're on your own in terms of integration and quality assurance. Also, the minute you start distributing someone else's code with your project, you become responsible for the security of that third-party code. We moved away from statically-linked C/C++ programs a long time ago and now (mostly) live in a nicely-packaged shared library world. Can we leverage the power of Debian (i.e. the great work of the package maintainers and security team) to similarly reduce the burden of those who end up having to maintain our webapps? This talk will examine the decision that the Libravatar project made to outsource much of its maintenance burden to Debian by using system packages for almost everything. https://summit.debconf.org/debconf14/meeting/16/outsourcing-your-webapp-maintenance-to-debian/]]> Fri, 29 Aug 2014 20:51:56 GMT https://fr.slideshare.net/slideshow/outsourcing-your-webapp-maintenance-to-debian/38506055 fmarier@slideshare.net(fmarier) Outsourcing your webapp maintenance to Debian fmarier Today's web applications often have a lot of external dependencies. Start off with a basic framework, sprinkle a couple of handy modules and finish with a generous serving of JavaScript front-end libraries. What you end up is a gigantic mess of code from different sources which follow very different release schedules and policies. Language-specific package managers can automate much of the dependency resolution and package installation, but you're on your own in terms of integration and quality assurance. Also, the minute you start distributing someone else's code with your project, you become responsible for the security of that third-party code. We moved away from statically-linked C/C++ programs a long time ago and now (mostly) live in a nicely-packaged shared library world. Can we leverage the power of Debian (i.e. the great work of the package maintainers and security team) to similarly reduce the burden of those who end up having to maintain our webapps? This talk will examine the decision that the Libravatar project made to outsource much of its maintenance burden to Debian by using system packages for almost everything. https://summit.debconf.org/debconf14/meeting/16/outsourcing-your-webapp-maintenance-to-debian/ <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/debconf14webappmaintenance-140829205156-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds" /> Today's web applications often have a lot of external dependencies. Start off with a basic framework, sprinkle a couple of handy modules and finish with a generous serving of JavaScript front-end libraries. What you end up is a gigantic mess of code from different sources which follow very different release schedules and policies. Language-specific package managers can automate much of the dependency resolution and package installation, but you're on your own in terms of integration and quality assurance. Also, the minute you start distributing someone else's code with your project, you become responsible for the security of that third-party code. We moved away from statically-linked C/C++ programs a long time ago and now (mostly) live in a nicely-packaged shared library world. Can we leverage the power of Debian (i.e. the great work of the package maintainers and security team) to similarly reduce the burden of those who end up having to maintain our webapps? This talk will examine the decision that the Libravatar project made to outsource much of its maintenance burden to Debian by using system packages for almost everything. https://summit.debconf.org/debconf14/meeting/16/outsourcing-your-webapp-maintenance-to-debian/

from Francois Marier

]]> 870 0 https://cdn.slidesharecdn.com/ss_thumbnails/debconf14webappmaintenance-140829205156-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds presentation White http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 URL to HTML /slideshow/url-to-html/35069244 urltohtml-sotakl-140524004927-phpapp02
What happens in between the time you type a URL in your browser and the time you see the fully rendered page.]]>
What happens in between the time you type a URL in your browser and the time you see the fully rendered page.]]> Sat, 24 May 2014 00:49:27 GMT /slideshow/url-to-html/35069244 fmarier@slideshare.net(fmarier) URL to HTML fmarier What happens in between the time you type a URL in your browser and the time you see the fully rendered page. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/urltohtml-sotakl-140524004927-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /> What happens in between the time you type a URL in your browser and the time you see the fully rendered page.

URL to HTML from Francois Marier

]]> 1095 1 https://cdn.slidesharecdn.com/ss_thumbnails/urltohtml-sotakl-140524004927-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Easy logins for Ruby web applications /slideshow/easy-logins-for-ruby-web-applications/27831422 persona-montrealrb-131102030109-phpapp02
Users hate picking and having to remember them. Developers hate dealing with and storing them. Why are we still using passwords again? Surely there is a better way to log into websites. This talk will introduce the technology behind Persona and the BrowserID protocol. Mozilla intends to solve the password problem on the web with a federated cross-browser system that is intensely focused on user experience and privacy. We may not be able to get rid of all passwords, after all, you probably don’t want to be subjected to a fingerprint check before leaving a comment on someone’s blog, but we can eliminate site-specific passwords and replace them with something better: a decentralized system that’s under the control of users, not a for-profit gatekeeper. It’s just four easy steps to add it to your Ruby site/app from scratch and there are already plugins for Devise, Omniauth, Rails, Sinatra, and Warden.]]>
Users hate picking and having to remember them. Developers hate dealing with and storing them. Why are we still using passwords again? Surely there is a better way to log into websites. This talk will introduce the technology behind Persona and the BrowserID protocol. Mozilla intends to solve the password problem on the web with a federated cross-browser system that is intensely focused on user experience and privacy. We may not be able to get rid of all passwords, after all, you probably don’t want to be subjected to a fingerprint check before leaving a comment on someone’s blog, but we can eliminate site-specific passwords and replace them with something better: a decentralized system that’s under the control of users, not a for-profit gatekeeper. It’s just four easy steps to add it to your Ruby site/app from scratch and there are already plugins for Devise, Omniauth, Rails, Sinatra, and Warden.]]> Sat, 02 Nov 2013 03:01:09 GMT /slideshow/easy-logins-for-ruby-web-applications/27831422 fmarier@slideshare.net(fmarier) Easy logins for Ruby web applications fmarier Users hate picking and having to remember them. Developers hate dealing with and storing them. Why are we still using passwords again? Surely there is a better way to log into websites. This talk will introduce the technology behind Persona and the BrowserID protocol. Mozilla intends to solve the password problem on the web with a federated cross-browser system that is intensely focused on user experience and privacy. We may not be able to get rid of all passwords, after all, you probably don’t want to be subjected to a fingerprint check before leaving a comment on someone’s blog, but we can eliminate site-specific passwords and replace them with something better: a decentralized system that’s under the control of users, not a for-profit gatekeeper. It’s just four easy steps to add it to your Ruby site/app from scratch and there are already plugins for Devise, Omniauth, Rails, Sinatra, and Warden. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/persona-montrealrb-131102030109-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /> Users hate picking and having to remember them. Developers hate dealing with and storing them. Why are we still using passwords again? Surely there is a better way to log into websites. This talk will introduce the technology behind Persona and the BrowserID protocol. Mozilla intends to solve the password problem on the web with a federated cross-browser system that is intensely focused on user experience and privacy. We may not be able to get rid of all passwords, after all, you probably don’t want to be subjected to a fingerprint check before leaving a comment on someone’s blog, but we can eliminate site-specific passwords and replace them with something better: a decentralized system that’s under the control of users, not a for-profit gatekeeper. It’s just four easy steps to add it to your Ruby site/app from scratch and there are already plugins for Devise, Omniauth, Rails, Sinatra, and Warden.

Easy logins for Ruby web applications from Francois Marier

]]> 882 0 https://cdn.slidesharecdn.com/ss_thumbnails/persona-montrealrb-131102030109-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Easy logins for JavaScript web applications /slideshow/easy-logins-for-javascript-web-applications/27831411 persona-jsmontreal-131102030010-phpapp02
Handling user passwords safely is hard, but replacing passwords on the web in a reasonable way is even harder. Really, this should have been in the browser all along. In this talk you we will see how Persona attempts to solve this issue.]]>
Handling user passwords safely is hard, but replacing passwords on the web in a reasonable way is even harder. Really, this should have been in the browser all along. In this talk you we will see how Persona attempts to solve this issue.]]> Sat, 02 Nov 2013 03:00:10 GMT /slideshow/easy-logins-for-javascript-web-applications/27831411 fmarier@slideshare.net(fmarier) Easy logins for JavaScript web applications fmarier Handling user passwords safely is hard, but replacing passwords on the web in a reasonable way is even harder. Really, this should have been in the browser all along. In this talk you we will see how Persona attempts to solve this issue. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/persona-jsmontreal-131102030010-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /> Handling user passwords safely is hard, but replacing passwords on the web in a reasonable way is even harder. Really, this should have been in the browser all along. In this talk you we will see how Persona attempts to solve this issue.

Easy logins for JavaScript web applications from Francois Marier

]]> 754 0 https://cdn.slidesharecdn.com/ss_thumbnails/persona-jsmontreal-131102030010-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 You're still using passwords on your site? /slideshow/youre-still-using/27831360 persona-osdc2013-131102025310-phpapp02
A few people like to say that passwords are dead, but the reality is far from it. First of all, we can't get rid of passwords entirely, because the alternatives all suck: physical tokens are easy to lose and retina scans are pretty creepy. What we should focus on is eliminating site-specific passwords. Mozilla Persona was introduced at OSDC last year, but a number of new things have been added to it since. But more importantly, it's still the best shot we have at a decentralized web-wide identity system that works for average users and doesn't violate their privacy. So I'm back to show you what's new and to talk about what organizations can gain from adding native support on their domain. It's time to solve the password problem on the web.]]>
A few people like to say that passwords are dead, but the reality is far from it. First of all, we can't get rid of passwords entirely, because the alternatives all suck: physical tokens are easy to lose and retina scans are pretty creepy. What we should focus on is eliminating site-specific passwords. Mozilla Persona was introduced at OSDC last year, but a number of new things have been added to it since. But more importantly, it's still the best shot we have at a decentralized web-wide identity system that works for average users and doesn't violate their privacy. So I'm back to show you what's new and to talk about what organizations can gain from adding native support on their domain. It's time to solve the password problem on the web.]]> Sat, 02 Nov 2013 02:53:10 GMT /slideshow/youre-still-using/27831360 fmarier@slideshare.net(fmarier) You're still using passwords on your site? fmarier A few people like to say that passwords are dead, but the reality is far from it. First of all, we can't get rid of passwords entirely, because the alternatives all suck: physical tokens are easy to lose and retina scans are pretty creepy. What we should focus on is eliminating site-specific passwords. Mozilla Persona was introduced at OSDC last year, but a number of new things have been added to it since. But more importantly, it's still the best shot we have at a decentralized web-wide identity system that works for average users and doesn't violate their privacy. So I'm back to show you what's new and to talk about what organizations can gain from adding native support on their domain. It's time to solve the password problem on the web. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/persona-osdc2013-131102025310-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /> A few people like to say that passwords are dead, but the reality is far from it. First of all, we can't get rid of passwords entirely, because the alternatives all suck: physical tokens are easy to lose and retina scans are pretty creepy. What we should focus on is eliminating site-specific passwords. Mozilla Persona was introduced at OSDC last year, but a number of new things have been added to it since. But more importantly, it's still the best shot we have at a decentralized web-wide identity system that works for average users and doesn't violate their privacy. So I'm back to show you what's new and to talk about what organizations can gain from adding native support on their domain. It's time to solve the password problem on the web.

You're still using passwords on your site? from Francois Marier

]]> 767 0 https://cdn.slidesharecdn.com/ss_thumbnails/persona-osdc2013-131102025310-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Killing Passwords with JavaScript /slideshow/killing-passwords-with-javascript/26491992 persona-jsfoo-130924060010-phpapp01
]]>
]]> Tue, 24 Sep 2013 06:00:10 GMT /slideshow/killing-passwords-with-javascript/26491992 fmarier@slideshare.net(fmarier) Killing Passwords with JavaScript fmarier <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/persona-jsfoo-130924060010-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds" />

Killing Passwords with JavaScript from Francois Marier

]]> 1324 0 https://cdn.slidesharecdn.com/ss_thumbnails/persona-jsfoo-130924060010-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Securing the Web without site-specific passwords /slideshow/persona-owaspdaynz/26156523 persona-owaspdaynz-130913001348-phpapp02
Has anyone else noticed that the OWASP Top 10 is not changing very much? Especially in the realm of authentication-related problems. I don't claim to have the one true solution for this, but one thing is certain: if we change how things are done on the web and relieve developers from having to store passwords, we can make things better. We need to let web developers outsource their authentication needs to people who can do it well. Does that mean we should force all of our users to join Facebook? Well not really. That might work for some sites, but outsourcing all of our logins to a single for-profit company isn't a solution that works for the whole web. The open web needs a better solution. One that enable users to choose their identity provider and shop for the most secure one if that's what they're into. This is the promise behind Persona and the BrowserID protocol. Choose your email provider carefully and let's get rid of all of these site-specific passwords that are just sitting there waiting to be leaked and cracked.]]>
Has anyone else noticed that the OWASP Top 10 is not changing very much? Especially in the realm of authentication-related problems. I don't claim to have the one true solution for this, but one thing is certain: if we change how things are done on the web and relieve developers from having to store passwords, we can make things better. We need to let web developers outsource their authentication needs to people who can do it well. Does that mean we should force all of our users to join Facebook? Well not really. That might work for some sites, but outsourcing all of our logins to a single for-profit company isn't a solution that works for the whole web. The open web needs a better solution. One that enable users to choose their identity provider and shop for the most secure one if that's what they're into. This is the promise behind Persona and the BrowserID protocol. Choose your email provider carefully and let's get rid of all of these site-specific passwords that are just sitting there waiting to be leaked and cracked.]]> Fri, 13 Sep 2013 00:13:48 GMT /slideshow/persona-owaspdaynz/26156523 fmarier@slideshare.net(fmarier) Securing the Web without site-specific passwords fmarier Has anyone else noticed that the OWASP Top 10 is not changing very much? Especially in the realm of authentication-related problems. I don't claim to have the one true solution for this, but one thing is certain: if we change how things are done on the web and relieve developers from having to store passwords, we can make things better. We need to let web developers outsource their authentication needs to people who can do it well. Does that mean we should force all of our users to join Facebook? Well not really. That might work for some sites, but outsourcing all of our logins to a single for-profit company isn't a solution that works for the whole web. The open web needs a better solution. One that enable users to choose their identity provider and shop for the most secure one if that's what they're into. This is the promise behind Persona and the BrowserID protocol. Choose your email provider carefully and let's get rid of all of these site-specific passwords that are just sitting there waiting to be leaked and cracked. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/persona-owaspdaynz-130913001348-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds" /> Has anyone else noticed that the OWASP Top 10 is not changing very much? Especially in the realm of authentication-related problems. I don't claim to have the one true solution for this, but one thing is certain: if we change how things are done on the web and relieve developers from having to store passwords, we can make things better. We need to let web developers outsource their authentication needs to people who can do it well. Does that mean we should force all of our users to join Facebook? Well not really. That might work for some sites, but outsourcing all of our logins to a single for-profit company isn't a solution that works for the whole web. The open web needs a better solution. One that enable users to choose their identity provider and shop for the most secure one if that's what they're into. This is the promise behind Persona and the BrowserID protocol. Choose your email provider carefully and let's get rid of all of these site-specific passwords that are just sitting there waiting to be leaked and cracked.

Securing the Web without site-specific passwords from Francois Marier

]]> 1150 0 https://cdn.slidesharecdn.com/ss_thumbnails/persona-owaspdaynz-130913001348-phpapp02-thumbnail.jpg?width=120&height=120&fit=bounds presentation White http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Easy logins for PHP web applications /slideshow/easy-logins-for-php-web-applications/25572974 persona-edpug-130825150138-phpapp01
Users hate picking and having to remember them. Developers hate dealing with and storing them. Why are we still using passwords again? Surely there is a better way to log into websites. This talk will introduce the technology behind Persona and the BrowserID protocol. Mozilla intends to solve the password problem on the web with a federated cross-browser system that is intensely focused on user experience and privacy. We may not be able to get rid of all passwords, after all, you probably don't want to be subjected to a fingerprint check before leaving a comment on someone's blog, but we can eliminate site-specific passwords and replace them with something better: a decentralized system that's under the control of users, not a for-profit gatekeeper. It's just four easy steps to add it to your site from scratch and there are already plugins for Drupal, CakePHP, Joomla, SPIP, Symfony2, Wordpress and PHPMyBB.]]>
Users hate picking and having to remember them. Developers hate dealing with and storing them. Why are we still using passwords again? Surely there is a better way to log into websites. This talk will introduce the technology behind Persona and the BrowserID protocol. Mozilla intends to solve the password problem on the web with a federated cross-browser system that is intensely focused on user experience and privacy. We may not be able to get rid of all passwords, after all, you probably don't want to be subjected to a fingerprint check before leaving a comment on someone's blog, but we can eliminate site-specific passwords and replace them with something better: a decentralized system that's under the control of users, not a for-profit gatekeeper. It's just four easy steps to add it to your site from scratch and there are already plugins for Drupal, CakePHP, Joomla, SPIP, Symfony2, Wordpress and PHPMyBB.]]> Sun, 25 Aug 2013 15:01:38 GMT /slideshow/easy-logins-for-php-web-applications/25572974 fmarier@slideshare.net(fmarier) Easy logins for PHP web applications fmarier Users hate picking and having to remember them. Developers hate dealing with and storing them. Why are we still using passwords again? Surely there is a better way to log into websites. This talk will introduce the technology behind Persona and the BrowserID protocol. Mozilla intends to solve the password problem on the web with a federated cross-browser system that is intensely focused on user experience and privacy. We may not be able to get rid of all passwords, after all, you probably don't want to be subjected to a fingerprint check before leaving a comment on someone's blog, but we can eliminate site-specific passwords and replace them with something better: a decentralized system that's under the control of users, not a for-profit gatekeeper. It's just four easy steps to add it to your site from scratch and there are already plugins for Drupal, CakePHP, Joomla, SPIP, Symfony2, Wordpress and PHPMyBB. <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/persona-edpug-130825150138-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds" /> Users hate picking and having to remember them. Developers hate dealing with and storing them. Why are we still using passwords again? Surely there is a better way to log into websites. This talk will introduce the technology behind Persona and the BrowserID protocol. Mozilla intends to solve the password problem on the web with a federated cross-browser system that is intensely focused on user experience and privacy. We may not be able to get rid of all passwords, after all, you probably don't want to be subjected to a fingerprint check before leaving a comment on someone's blog, but we can eliminate site-specific passwords and replace them with something better: a decentralized system that's under the control of users, not a for-profit gatekeeper. It's just four easy steps to add it to your site from scratch and there are already plugins for Drupal, CakePHP, Joomla, SPIP, Symfony2, Wordpress and PHPMyBB.

Easy logins for PHP web applications from Francois Marier

]]> 1323 0 https://cdn.slidesharecdn.com/ss_thumbnails/persona-edpug-130825150138-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Persona: a federated and privacy-protecting login system for the whole Web /slideshow/persona-a-federated-and-privacyprotecting-login-system-for-the-whole-web/25572852 persona-froscon-130825145312-phpapp01
]]>
]]> Sun, 25 Aug 2013 14:53:12 GMT /slideshow/persona-a-federated-and-privacyprotecting-login-system-for-the-whole-web/25572852 fmarier@slideshare.net(fmarier) Persona: a federated and privacy-protecting login system for the whole Web fmarier <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/persona-froscon-130825145312-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds" />

Persona: a federated and privacy-protecting login system for the whole Web from Francois Marier

]]> 680 0 https://cdn.slidesharecdn.com/ss_thumbnails/persona-froscon-130825145312-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 Taking the pain out of signing users in /slideshow/taking-the-pain-out-of-signing-users-in/24598574 wdcnz2013-persona-130724211539-phpapp01
]]>
]]> Wed, 24 Jul 2013 21:15:39 GMT /slideshow/taking-the-pain-out-of-signing-users-in/24598574 fmarier@slideshare.net(fmarier) Taking the pain out of signing users in fmarier <img style="border:1px solid #C3E6D8;float:right;" alt="" src="https://cdn.slidesharecdn.com/ss_thumbnails/wdcnz2013-persona-130724211539-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds" />

Taking the pain out of signing users in from Francois Marier

]]> 1350 0 https://cdn.slidesharecdn.com/ss_thumbnails/wdcnz2013-persona-130724211539-phpapp01-thumbnail.jpg?width=120&height=120&fit=bounds presentation Black http://activitystrea.ms/schema/1.0/post

http://activitystrea.ms/schema/1.0/posted

0 https://public.slidesharecdn.com/v2/images/profile-picture.png Free and Open Source software developer fmarier.org https://cdn.slidesharecdn.com/ss_thumbnails/lfnw2017v2-170506222836-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/security-and-privacy-settings-for-firefox-power-users/75741147 Security and Privacy s... https://cdn.slidesharecdn.com/ss_thumbnails/confoo2017-170310134535-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/getting-browsers-to-improve-the-security-of-your-webapp/73022581 Getting Browsers to Im... https://cdn.slidesharecdn.com/ss_thumbnails/hardening-firefox-for-security-and-privacy-161112000721-thumbnail.jpg?width=320&height=320&fit=bounds slideshow/hardening-firefox-for-security-and-privacy/68724047 Hardening Firefox for ...