Recent content by shanedk

  1. shanedk

    WARNING New Firefox feature WILL break SQRL

    Yes, I can confirm that HTTPS-only mode breaks logins with 84. But it's not because of the localhost issue, which seems to be working fine (I get the green text on Steve's client). Rather, it's sending back the CPS link to the browser and Firefox chokes on it, for some reason. It works fine if...
  2. shanedk

    WARNING New Firefox feature WILL break SQRL

    Bug #1220810 is supposed to fix this. It hardcodes localhost to the loopback addresses. In the process, it makes localhost addresses Secure Context so it won't enforce HTTPS-Only on them. Apparently, there's still a bug with *.localhost subdomains, but that shouldn't affect SQRL.
  3. shanedk

    How to start over.

    You don't say what OS or client software you're using. If you're using Steve's Windows client, it makes a sqrl folder in My Documents. Your identity will be there in the form of a file ending in .sqrl.
  4. shanedk

    Another point about SQRL: it's censorship-free!

    On another site I visit (I won't get into specifics, it isn't about that) they were suspended by Google for completely bogus reasons and their site was taken down (the site was hosted with them). It only took a couple of days to straighten it out, and now the site's back. But apparently, being...
  5. shanedk

    Browser Plugins onPasswdFormSubmit ERRPFS--2

    Does it work with the other clients, and only fails with the plugin?
  6. shanedk

    SQRL server base and sample implementation for Java not working with Windows Client

    I used Firefox. I just tried it with Chrome; it worked scanning the QR code from the Android client, but it still didn't work with the GRC client.
  7. shanedk

    SQRL server base and sample implementation for Java not working with Windows Client

    I was also unable to login with the GRC client. EDIT: It also failed with the Android client scanning the QR code.
  8. shanedk

    Now live at

    The reason I say it's a kludge (and that is said with no disrespect whatsoever to @josecgomez, just the opposite in fact) is because it doesn't actually create an identity for the website. It creates one for the OAUTH provider and the site just uses it. It's not the relationship we ultimately...
  9. shanedk

    Now live at

    It wasn't designed to work with OAUTH2. In fact, it was specifically designed not to need it. So this is a kludge. We need more server solutions built out.
  10. shanedk

    How to use SQRL to my own web site?

    Unless you want to set it up to use OAuth, you're going to have to run something on the backend. What technology is the server running?
  11. shanedk

    Websites using SQRL

    And how would your newsreader know that happened? The newsreader is the issue.
  12. shanedk

    Websites using SQRL

    I'm not even sure that it's possible, since the newsreader would have to be able to display a SQRL QR code and receive the authentication token. Remember that this is 1980s technology.
  13. shanedk

    New user's opinion about SQRL in 2020

    It's certainly possible for a malicious script to flood the server with tons of SQRL login requests, but that can also be done with anything else. A script can flood a server with bogus login requests with random usernames and passwords. DDoS mitigations are there to take care of that sort of...
  14. shanedk

    Localhost security

    I really don't understand the point of this feature. All they have to do is turn off the mixed-mode warning when the insecure resource is on localhost. They were supposed to do this a whole bunch of versions ago, but apparently it only applies to certain cases.
  15. shanedk

    Can SQRL replace the need of keys on the blockchain?

    These are two completely different problems. You could use SQRL as a solution, but I wouldn't advise it.