Tuesday, September 29, 2009

Distinguish the two words in reCAPTCHA

reCAPTCHA is a great idea, but people can `easily` distinguish the known word from the unknown one.

Saturday, September 26, 2009

Moebius Gears

Here's a picture of Moebius Gears.

Look cool? If you are on a Linux box, you might already have a lively demo installed. For Ubuntu users, it is located at /usr/lib/xscreensaver/moebiusgears.

Press Alt+F2 and type /usr/lib/xscreensaver/moebiusgears and run!

The xscreensaver source code could be downloaded from here.

Wednesday, September 23, 2009

The Risk of OpenID

OpenID seems a promising standard for user authentication. If service providers support OpenID, users can login without creating another pair of account and password. Ideally, a user need only remember one pair of account and password. However, such convenience comes at a cost. The only pair of account and password or the OpenID provider becomes a Single Point Of Failure. If you ever forgot your password or the Identity Provider withdrew your account because you didn't login in the past three months, you will have no way to login to any of the services. Here, we assume that the service providers only accept authentication from OpenID providers. This also applies to other forms of third party authentications.

For users, care should be taken on choosing OpenID providers. Users should keep their OpenID account active and secure the password. For service providers, they should allow other ways of authentication besides OpenID. Users should not lose the service if they lose their OpenID.

OpenID is not that open, not even as open as telephone numbers which could be transfered among telephone service providers.