Gedankengesteuerter Computer-Cursor: Gehirnimplantat von Neuralink soll funktionieren
Ein Patient, der vor kurzem ein Gehirnimplantat von Neuralink bekam, hat laut Elon Musk bemerkenswerte Fortschritte gemacht. (Elon Musk, Wissen)
Quelle: Golem
Ein Patient, der vor kurzem ein Gehirnimplantat von Neuralink bekam, hat laut Elon Musk bemerkenswerte Fortschritte gemacht. (Elon Musk, Wissen)
Quelle: Golem
Mehr als 500 Spiele haben auf Valves Plattform Steam mehr als 3 Millionen US-Dollar umgesetzt. (Steam, Valve)
Quelle: Golem
Kopfhörer, die nicht direkt im Ohr sitzen, klingen normalerweise nicht gut. Anders die Freeclip von Huawei: Der Sound ist toll, selbst bei Telefonaten. Fast wären sie perfekt. Ein Test von Ingo Pakalski (Bluetooth-Hörstöpsel, Huawei)
Quelle: Golem
The WordPress project team is continuously improving the Site Editor—your one-stop shop for editing and designing your site.
The latest batch of updates—Gutenberg 17.4 and 17.5—include a handful of small but powerful changes designed to improve both your WordPress experience and that of your site’s visitors.
Let’s take a look at what’s new.
More robust style revisions
Image credit: WordPress.org
When you’re in the zone making changes to the look and feel of your site, you sometimes hit a dead end or realize that the version you had three or four font and color tweaks ago was a bit better. The updated style revisions pane gives you a robust, detailed log of the design changes you’ve made and makes turning back the clock easier with a one-click restore option to take you back to that perfect design.
Newly added pagination and more granular details make this feature even more powerful.
You can access style revisions from the Site Editor by clicking the “Styles” icon on the top right of the page, and then clicking the “Revisions” clock icon.
Unified preferences panel
Image credit: WordPress.org
It’s now much easier to manage your site and post-editing preferences, which have been combined and enhanced in the latest update. In addition to familiar settings, you’ll find new appearance and accessibility options, and an “allow right click” toggle which allows you to override stubborn browser defaults. You can access your preferences by heading to the three-dot menu at the top right of the editor and clicking “Preferences” at the bottom.
Randomized gallery images
Video credit: WordPress.org
The Gallery Block’s always been a great way to show off a collection of photos or images. And now there’s a fun new setting to randomize the order in which those images appear every time the page or post is loaded by a new visitor.
You can turn this setting on with a toggle found at the bottom of the block settings pane:
Streamlined edits in List View
Image credit: WordPress.org
Not everybody knows about the Site Editor’s List View, but it can make editing your site, posts, and pages significantly faster and easier. A new addition to the List View makes editing even more convenient: just right-click any item in the list to open up the settings menu for the selected block.
Even small changes can make a big difference to your workflow, and your site visitor’s overall experience.
We’d love to hear what you think about the new features when you’ve had a chance to take them for a test drive!
Quelle: RedHat Stack
This post was contributed by BastionZero.
Giving people the ability to sign messages under their identity is extremely powerful. For instance, this functionality lets you SSH into servers, sign software artifacts, and create end-to-end encrypted communications under your single sign-on (SSO) identity.
The OpenPubkey protocol and open source project brings the power of digital signatures to both people and workloads without adding trusted parties. OpenPubkey is built on the OpenID Connect (OIDC) SSO protocol, which is supported by major identity providers, including Google, Microsoft, Okta, and Facebook.
This article will explore how OpenPubkey works and look at three use cases in detail.
What can OpenPubkey do?
Public key cryptography was invented in the 1970s and has become the most powerful tool in the security engineering toolbox. It allows anything holding a public key, and its associated signing key, to create a cryptographic identity. This identity is extremely secure because the party cannot only use their signing key to prove they are who they say they are but also sign messages under this identity.
Servers often authenticate themselves to people using public keys associated with the server’s identity, yet the process rarely works the other way. People rarely authenticate to servers using public keys associated with a person’s identity. Instead, less secure authentication methods are employed, such as authentication secrets stored in cookies, which must be transmitted on every request.Let’s say that Alice wanted to sign the message “Flee at once — all is discovered” under her email address alice@example.com. How would she do it? One approach would be for Alice to create a public key (PK) and signing key (SK) and then publish the mapping between her email and the PK.
This approach has two problems. First, you and everyone verifying this message must trust that the webpage has honestly mapped Alice’s email to her public key and has not maliciously replaced her public key with another key that could be used to impersonate Alice. Second, Alice must now protect and manage the signing key associated with this public key. History has shown that users can be terrible at protecting signing keys. Probably the most famous example is of the man who lost a signing key controlling half a billion dollars worth of Bitcoin.Human authentication on the web was originally supposed to work the same way as server authentication. Much like a certificate authority (CA) issues a certificate to a server, which associates a public key with the server’s identity (`example.com`), the plan was to have a CA issue a client certificate to a person that associates a public key with that person’s identity. These client certificates are still around and are well-used for certain applications, but they never caught on for widespread personal use, likely because of the terrible user experience (UX) of asking people to secure and manage secret signing keys.OpenPubkey addresses both of these problems. It uses your identity provider to perform the mapping between identity and your public key. Because you already trust your identity provider, having your identity provider perform this mapping does not add any new trusted parties. For instance, Alice must already trust her identity provider, Example.com, to manage her identity (alice@example.com), so it is natural to use Example.com to perform the mapping between Alice’s public key and her Example.com identity (alice@example.com). Example.com already knows how to authenticate @example.com users, so Alice doesn’t need to set up a new account or create new authentication factors.Second, to solve the problem of lost or stolen signing keys, OpenPubkey public keys and signing keys are ephemeral. That means the signing keys can be deleted and recreated at will. OpenPubkey generates a fresh public key and signing key for a user every time that user authenticates to their identity provider. This approach to making public keys ephemeral removes one of the most significant UX barriers to authenticating people with public keys. It also provides a security win; it creates a much smaller window of exposure if a signing key is stolen, as signing keys can be deleted when the user idles or logs out.
How does OpenPubkey work?
Let’s return to our situation: Alice wants to sign the message “Flee at once — all is discovered” under her identity (alice@example.com). First, Alice’s computer generates a fresh public key and signing key. Next, she needs her identity provider, Example.com, to associate her identity with this public key. How does OpenPubkey do this? To understand the process, we first need to provide details about how SSO/OpenID Connect works.Example.com, which is the identity provider for @example.com, knows how to check that Alice is really alice@example.com. Example.com does this every time Alice signs into Example.com. In OIDC, the identity provider signs a statement, called an ID Token, which roughly says “this is alice@example.com”. Part of the authentication process in OIDC allows the user (or their software) to submit a random value that will be included in the issued ID Token.
Alice’s OpenPubkey client puts the cryptographic hash of Alice’s public key into this value in her ID Token. Alice’s OpenPubkey client modifies the ID Token into an object called a PK Token, which essentially says: “this is alice@example.com and her public key is 0xABCE…“. We’re skipping a few details of OpenPubkey, but this is the basic idea.
Now that Alice has a PK Token signed by Example.com, which binds her public key to her identity, she can sign the statement “Flee at once — all is discovered” and broadcast the message, the signature, and her ID Token. Bob, or anyone else for that matter, can check whether this message is really from alice@example.com, by checking that the ID Token is signed by Example.com and then checking that Alice’s signature matches the public key in the ID Token.
OpenPubkey use cases
Now let’s look at OpenPubkey use cases.
SSH
OpenPubkey is useful for more than just telling your friends that “Flee at once — all is discovered.” Because most security protocols are built on public key cryptography, OpenPubkey can easily plug human identities into these protocols.
SSH supports the authentication of both machines and users with public keys (also known as SSH keys). However, these SSH keys are not associated with identities. With an SSH key, you can say “allow root access for key 0xABCD…”, but not “allow root access for alice@example.com.” This presents several UX and security problems. As mentioned previously, people struggle with managing their secret signing keys, and SSH is no exception.
Even more problematic, because public keys are not associated with identities, it is difficult to tell if an SSH key represents a person or machine that should no longer have access. As Tatu Ylonen, the inventor of SSH, writes in his recent paper Challenges in Managing SSH Keys — and a Call for Solutions:
“In analyzing SSH keys for dozens of large enterprises, it has turned out that in many environments 90% of all authorized keys are no longer used. They represent access that was provisioned, but never terminated when the person left or the need for access ceased to exist. Some of the authorized keys are 10-20 years old, and typically about 10% of them grant root access or other privileged access. The vast majority of private user keys found in most environments do not have passphrases.”
OpenPubkey can be used to solve this problem by binding SSH keys to user identities. That way, the server can check whether the identity (alice@example.com) is allowed to connect to the server or not. This means that Alice can access her SSH server using SSO; she can log in to Example.com as alice@example.com and then gain access to the server as long as her SSO is valid.OpenPubkey authentication can be added to SSH with a small change to the SSH config. No code changes to SSH are required. To try it out, or learn more about how OpenPubkey’s SSH works, see our recent post: How to Use OpenPubkey to SSH Without SSH Keys.
Secure messaging
OpenPubkey can also be used to solve one of the major issues with end-to-end encrypted messaging. Suppose someone sends you a message on a secure messaging app: How do you know they are actually that person? Some secure messaging apps let you look up the public key that is securing your communication, but how do you know that that public key is actually the public key of the person you want to privately communicate with?This connection between public key and identity is the core problem that OpenPubkey solves. With OpenPubkey, Bob can learn the public key for alice@example.com by checking an ID Token signed by Example.com, which includes Alice’s public key and her email address. This does involve trusting Example.com, but you generally already have to trust Example.com to SSO @example.com users.
While it’s not discussed here, OpenPubkey does support an optional protocol — the MFA cosigner — which removes the requirement of trusting the identity provider. But even without the MFA cosigner protocol, OpenPubkey provides stronger security for end-to-end encrypted messaging because it allows Bob to learn Alice’s public key directly from Alice’s identity provider.
Signing container images
OpenPubkey is not limited to human use cases. OpenPubkey developers are working on a solution to allow workflows (rather than people) to sign images using GitHub’s identity provider and GitHub Actions. You can learn more about this use case by reading How to Use OpenPubkey with GitHub Actions Workloads.
Help us expand the utility of OpenPubkey
These three use cases should not be seen as the limits of what OpenPubkey can do. This approach is highly flexible and can be used for VPNs, cosigning, container service meshes, cryptocurrencies, web applications, and even physical access.
We invite anyone who wants to contribute to OpenPubkey to visit and star our GitHub repo. We are building an open and friendly community and welcome pull requests from anyone — see the contribution guidelines to learn more.
Learn more
Read How to Use OpenPubkey with GitHub Actions Workloads.
Read How to use OpenPubkey to SSH Without SSH Keys.
Fireside chat — Redefining Security Standards: Identity Providers as Certificate Authorities.
Get the latest release of Docker Desktop.
Vote on what’s next! Check out our public roadmap.
Have questions? The Docker community is here to help.
New to Docker? Get started.
Quelle: https://blog.docker.com/feed/
Amazon hat den Ceihoit Mini DVD-Player im Angebot, der sich als kompakte und leistungsstarke Ergänzung zum Heimkino-Equipment auszeichnet. (Technik/Hardware)
Quelle: Golem
Bei Amazon kann man ein Balkonkraftwerk mit 1.140 Watt kurze Zeit über 90 Euro günstiger kaufen. Konkurrent Netto nimmt viel mehr. (Balkonkraftwerk, Technik/Hardware)
Quelle: Golem
Ein Vergleichstest bescheinigt der deutschen Hauptstadt die beste 5G-Qualität. Schränkt das Bundesinnenministerium die Zahl der Ausrüster ein, hat das Auswirkungen. (Berlin, Huawei)
Quelle: Golem
Der neue Chef des VATM zeichnet ein dramatisches Bild für den Glasfaserausbau in Deutschland. Die Deutsche Telekom verschrecke Investoren. (VATM, Telekom)
Quelle: Golem
Eine deutliche Mehrheit der Einwohner von Grünheide hat in einem Bürgerentscheid die von Tesla geplante Werkserweiterung abgelehnt. (Gigafactory Berlin, Elektroauto)
Quelle: Golem