CyTE Updates Moved

We’ve set up a google code account since they offer awesomeness.

Project Info: http://cyte.googlecode.com
Subversion: http://cyte.googlecode.com/svn/trunk/
Wiki: http://code.google.com/p/cyte/w/list
Bugs: http://code.google.com/p/cyte/issues/list

Secure Your OpenID

There are a lot of phishing vulnerabilities with OpenID: see http://marcoslot.net/apps/openid/ if you haven’t. One awesome solution I’ve come across is using https://pip.verisignlabs.com/ as your OpenID provider and using their security key.

PayPal uses the security key also (and sells it for much cheaper). They send you a small device that fits on your key chain that has a token that is updated every thirty seconds. This adds an extra layer of security to your login and will help protect your accounts from unauthorized users.

The same device can be used in multiple places like PayPal, eBay, and VeriSign’s OpenID provider. When you use it for your VeriSign OpenID you add that additional layer of security to all places you use that OpenID.

To learn more about the security key, check this out https://idprotect.verisign.com/learnmoretoken.v

When logged in to PayPal, go to this link
https://www.paypal.com/us/cgi-bin/webscr?cmd=xpt/cps/securitycenter/general/PPSecurityKey to order the security key for $5.

When the device arrives, log in to your VeriSign provider and go to https://pip.verisignlabs.com/managevipcred.do to add it to your VeriSign OpenID.

Since the URI given by them is quite long, it might be useful to use a website to shorten that to a smaller id. Signing in to tinyid.us will create a user on that site that will redirect to your other OpenID.

Introducing MorfU g1

The name MorfU is an anagram of the word forum. The goal of this project is to combine features of Weblogs, Wikis, and Forums. They all have similarities so the same code should be able to produce all three with little variance.

Currently, MorfU only has blog features and the first version of it was tested when creating Code Spatter.

It has now been packaged as a very special g-beta. All that means is, I don’t guarantee anything and good luck with it. Soon things will be flushed out and more features will be added.

If you end up using this software and add features of your own, you are welcome to contribute to the project. I don’t have svn or anything set up, so we’ll figure it out when we get there.

Feature List and very little info at http://morfu.com

Package downloadable from [Link Removed (project abandoned at the moment)]

OpenID Enabled

If you haven’t stumbled upon any sites that use OpenID yet, I’ll fill you in on why you might be seeing it in more places soon. OpenID is a decentralized, single sign on system which allows visitors to use one set of credentials for multiple websites. And, since it’s decentralized, there are many providers to choose from.

This is a benefit for visitors as well as developers. It allows users to gain access to more websites without having to remember or create usernames and passwords. It helps developers by removing the requirements to authenticate usernames and passwords of users.

Once you sign up for an OpenID at a provider like http://myopenid.com you will use a URL (this URL is your OpenID) on websites that allow OpenID authentication. The application will redirect you to your provider so you can sign in there. The provider will then ask if you wish to authenticate to the requesting website. When you select allow once or allow forever, you will be redirected back to the requesting website.

If you want to try it now, get an OpenID from http://myopenid.com , sign in here, and post a comment on this article.

If you are interested in reducing the length of your OpenID, you can check out http://tinyid.us for a shorter ID.

More CyTE Improvements

In addition to the changes listed at http://dev.cyproject.net/ , I will be modifying the OpenID authorization to be more usable.
The OpenID stuff packaged in the last release was just copied from http://tinyid.us when I was writing it for that.

I will add another auth_routine that doesn’t require a database and will just use sessions like the ldap version without the database. To follow the naming trend that I used for the ldap routines, I will rename the current one to openid_with_db and the new one will be named openid.

I will also set up a working example of using openid out of the box.

Limitations

I should probably note somewhere that this won’t work on all servers out of the box. I’ll list a few server requirements here and maybe include a readme.

  • Enable either the GMP extension or Bcmath extension. (GMP is STRONGLY recommended because it’s MUCH faster!)
  • Enable the CURL extension.