Feed aggregator

Malicious software libraries found in PyPI

LWN Headlines -

An advisory from the National Security Authority of Slovakia warns that they have found fake packages in PyPI, posing as well known libraries. "Copies of several well known Python packages were published under slightly modified names in the official Python package repository PyPI (prominent example includes urllib vs. urrlib3, bzip vs. bzip2, etc.). These packages contain the exact same code as their upstream package thus their functionality is the same, but the installation script, setup.py, is modified to include a malicious (but relatively benign) code." The administrators of PyPI were informed and the fake packages are gone now, however they were available from June 2017 to September 2017. (Thanks to Paul Wise)

8,500 Verizon Customers Disconnected Because of 'Substantial' Data Use

Slashdot -

An anonymous reader quotes a report from Ars Technica: Verizon is disconnecting another 8,500 rural customers from its wireless network, saying that roaming charges have made certain customer accounts unprofitable for the carrier. The 8,500 customers have 19,000 lines and live in 13 states (Alaska, Idaho, Iowa, Indiana, Kentucky, Maine, Michigan, Missouri, Montana, North Carolina, Oklahoma, Utah, and Wisconsin), a Verizon Wireless spokesperson told Ars today. They received notices of disconnection this month and will lose access to Verizon service on October 17. Verizon said in June that it was only disconnecting "a small group of customers" who were "using vast amounts of data -- some as much as a terabyte or more a month -- outside of our network footprint." But one customer, who contacted Ars this week about being disconnected, said her family never used more than 50GB of data across four lines despite having an "unlimited" data plan. We asked Verizon whether 50GB a month is a normal cut-off point in its disconnections of rural customers, but the company did not provide a specific answer. "These customers live outside of areas where Verizon operates our own network," Verizon said. "Many of the affected consumer lines use a substantial amount of data while roaming on other providers' networks and the roaming costs generated by these lines exceed what these consumers pay us each month. We sent these notices in advance so customers have plenty of time to choose another wireless provider."

Read more of this story at Slashdot.

HP Users Complain About 10-Minute Login Lag During 'Win 10 Update'

Slashdot -

A number of HP device owners are complaining of seeing black screens for around five to 10 minutes after entering their Windows login information. From a report: They appear to be pointing the finger of blame at Windows 10 updates released September 12 for x64-based systems. One, a quality update called KB4038788, offered a whopping 27 bullet points for general quality improvements and patches, such as an "issue that sometimes causes Windows File Explorer to stop responding and causes the system to stop working." Another, KB4038806, was a "critical" patch for Adobe Flash Player that allowed remote code execution.

Read more of this story at Slashdot.

Joachim's blog: Brief update on Drupal Code Builder

Drupal Planet -

I've completely revamped the Drush commands for Drupal Code Builder:

  • First, they're now in their own project on Github
  • Second, I've rewritten them completely for Drush 9, completely interactive.
  • Third, they are now geared towards adding to existing modules, rather than generating a module as a single shot. That approach made sense in the days of Drupal 6 when it was just hook implementations, but I increasingly find I want to add a plugin, a service, a form, to a module I've already started.

The downside is that installing these is rather tricky at the moment due to some current limitations in Drush 9 beta; see details in the project README, which has full instructions for workarounds.

Now that's out of the way, I'm pushing on with some new generators for the Drupal Code Builder library itself. On my list is:

  • plugin types (as in the plugin manager service, base class and interface, and declaration for Plugins module)
  • entity type
  • entity type handlers
  • your suggestions in the issue queue...

And of course more unit tests and refactoring of the codebase.

Artificial Intelligence Pioneer Says We Need To Start Over

Slashdot -

Steve LeVine, writing for Axios: In 1986, Geoffrey Hinton co-authored a paper that, four decades later, is central to the explosion of artificial intelligence. But Hinton says his breakthrough method should be dispensed with, and a new path to AI found. Speaking with Axios on the sidelines of an AI conference in Toronto on Wednesday, Hinton, a professor emeritus at the University of Toronto and a Google researcher, said he is now "deeply suspicious" of back-propagation, the workhorse method that underlies most of the advances we are seeing in the AI field today, including the capacity to sort through photos and talk to Siri. "My view is throw it all away and start again," he said. Other scientists at the conference said back-propagation still has a core role in AI's future. But Hinton said that, to push materially ahead, entirely new methods will probably have to be invented. "Max Planck said, 'Science progresses one funeral at a time.' The future depends on some graduate student who is deeply suspicious of everything I have said."

Read more of this story at Slashdot.

Equifax CEO Hired a Music Major as the Company's Chief Security Officer

Slashdot -

Susan Mauldin, the person in charge of the Equifax's data security, has a bachelor's degree and a master of fine arts degree in music composition from the University of Georgia, according to her LinkedIn profile. Mauldin's LinkedIn profile lists no education related to technology or security. If that wasn't enough, news outlet MarketWatch reported on Friday that Susan Mauldin's LinkedIn page was made private and her last name was replaced with "M", in a move that appears to keep her education background secret. Earlier this month Equifax, which is one of the three major consumer credit reporting agencies, said that hackers had gained access to company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers and driver's license numbers. On Friday, the UK arm of the organisation said files containing information on "fewer than 400,000" UK consumers was accessed in the breach.

Read more of this story at Slashdot.

South Park's Season Premier Sets Off Everyone's Amazon Echo

Slashdot -

SonicSpike writes: It's hard to believe that Trey Parker and Matt Stone didn't know exactly what they were doing with Wednesday night's season premiere of South Park. This episode marked the beginning of the show's 21st season and as usual, South Park took on current issues like tiki torch-wielding white supremacists and... home digital assistants. The latter meant lots of gags in which Cartman and other characters addressed Amazon Echo's Alexa and Google Home as well. And that ended up being a problem for viewers who own those devices. (Editor's note: example 1, 2) South Park writers absolutely knew their lines would do this and probably had a hilarious time coming up with funny commands for the home assistants.

Read more of this story at Slashdot.

Social Media Site Gab Sues Google For Antitrust Violations Following Ban From Play Store

Slashdot -

The social media site Gab.ai is accusing Google of violating federal antitrust laws when the tech giant booted Gab from the Google Play Store, according to lawsuit filed this week. From a report: The legal action is the latest salvo in an escalating battle between right-leaning technologists and leaders against Silicon Valley giants such as Facebook and Google. Gab alleges in the lawsuit that "Google deprives competitors, on a discriminatory basis, of access to the App Store, which an essential facility or resource." "Google is the biggest threat to the free flow of information," Gab chief executive Andrew Torba said in a statement. "Gab started to fight against the big tech companies in the marketplace, and their monopolistic conduct has forced us to bring the fight to the courtroom." Alternative source.

Read more of this story at Slashdot.

Google Allowed Advertisers To Target 'Jewish Parasite,' 'Black People Ruin Everything'

Slashdot -

Alex Kantrowitz, reporting for BuzzFeed News: Google, the world's biggest advertising platform, allows advertisers to specifically target ads to people typing racist and bigoted terms into its search bar, BuzzFeed News has discovered. Not only that, Google will suggest additional racist and bigoted terms once you type some into its ad buying tool. Type "White people ruin," as a potential advertising keyword into Google's ad platform, and Google will suggest you run ads next to searches including "black people ruin neighborhoods." Type "Why do Jews ruin everything," and Google will suggest you run ads next to searches including "the evil jew" and "jewish control of banks." BuzzFeed News ran an ad campaign targeted to all these keywords and others this week. The ads went live and were visible when we searched for the keywords we'd selected. Google's ad buying platform tracked the ad views. Following our inquiry, Google disabled every keyword in this ad campaign save one -- an exact match for "blacks destroy everything," is still eligible. Google told BuzzFeed News that just because a phrase is eligible does not guarantee an ad campaign will run against it. A total of 17 ad impressions were served before the keywords were disabled.

Read more of this story at Slashdot.

Aten Design Group: Mastering Drupal 8’s Libraries API

Drupal Planet -

If you ever had to overwrite a module’s css file or a core javascript library in Drupal 7, you likely remember the experience. And not because it was a glorious encounter that left you teary-eyed at the sheer beauty of its ease and simplicity.

Along with Drupal 8 came the Libraries API and a whole new way of adding CSS and JS assets and managing libraries. In true Drupal 8 fashion, the new system uses YAML files to grant developers flexibility and control over their CSS and JS assets. This gives you the ability to overwrite core libraries, add libraries directly to templates, specify dependencies and more.

There are many pros to this approach. The most important improvement being that you can add these assets conditionally. The FOAD technique and other hackish ways to overwrite core CSS files or javascript libraries are long gone. This is extraordinarily good news!

However, the simplicity of the drupal_add_js() and drupal_add_css() functions have also disappeared, and now you have to navigate a potentially overwhelming and confusing nest of yml’s just to add some custom CSS or javascript to a page. (No, you can’t just add css via the theme’s .info file). In this post, I’ll guide you through the new Libraries API in Drupal 8 so you can nimbly place assets like you’ve always dreamed.

Prerequisites

If you haven’t yet experienced the glory that is the yml file, you’ll want to get familiar. Read this great introduction to YAML then come back to this post.

Creating Libraries

First step is to create your libraries.yml file at your-theme-name.libraries.yml or your-module-name.libraries.yml.

Here’s an example of how you define a Drupal 8 library.

A few things to note:

  • The path to CSS and JS files are relative to the theme or module directory that contains the libraries.yml file. We’ll cover that in more depth shortly.
  • The dependencies, in this case jQuery, are any other library your library depends on. They will automatically be attached wherever you attach your library and will load before yours.
  • Multiple libraries can be defined in one libraries.yml file, so each library in the file must have a unique name. However the libraries will be namespaced as mytheme/mylibrary or mymodule/mylibrary so a libraries.yml file in your theme and libraries.yml file in your module can contain libraries with the same name.
  • The css files are organized according to the SMACSS categories. This gives some control over the order of which assets are added to your page. The css files will be added according to their category. So any css file in the theme category will be added last, regardless of whether or not it comes from the base theme or the active child theme. Javascript files are not organized by SMACSS category.

Now that you know the library basics, it’s time to up the ante.

Properties

You can add additional properties inside the curly braces that allow you to define where the javascript is included, additional ordering of files, browser properties and more. We won’t cover all the possibilities just now, but here are some examples

Attaching Libraries

The simplest way to attach libraries globally is through the your-theme-name.info.yml file. Instead of adding stylesheets and scripts ala Drupal 7, you now attach libraries like so:

Global is great and all, but perhaps the coolest libraries upgrade in Drupal 8 is the ability to attach libraries via twig templates. For example, if you have a search form block, you can define the css and js for the block, add it to a library, and add that library to the search form block twig template. Those assets specific to the search form block will only be included when the block is rendered.

And yes, you can also attach libraries with our ol’ pal php.

Extending and Overriding Libraries

Another boon is the ability to extend and override libraries. These extensions and overrides take place in the your-theme-name.info.yml file.

As you might expect, libraries-extend respects the conditions of the library is being extended. Maybe you have a forum module that comes with css and js out-of-the-box. If you want to tweak the styling, you can extend the forum modules library, and add your own css file.

For overrides, you can remove or override a specific file or an entire library.

Final Considerations

Before we wrap up, I'll send you on your way with a couple final considerations and gotcha's that you need to be aware of.

  • The Libraries API Module is still relevant in Drupal 8, and should be used to handle external libraries that don't ship with drupal or a module or theme. It also allows libraries to be used by multiple modules or sites.
  • If a file is already linked to within a library it won't get added a second time.
  • Module CSS files are grouped before theme CSS files, so a module's css file will always be loaded before a theme's css file.
  • Refer to the Drupal 8 Theming Guide for more info.

Thanks for reading. Now go forth and use your asset placing powers for good, not evil.

DrupalCon News: Novice Contributor Sprints at DrupalCon Vienna

Drupal Planet -

Everyone is welcome (including you!)

With just about two weeks to go until DrupalCon Vienna we are anticipating an amazing week of learning and collaborating ahead! There will be code sprints all week, but Friday is our dedicated sprint day when anyone and everyone can come contribute to Drupal core and participate together in guided sprints.

The Father of Mobile Computing Is Not Impressed

Slashdot -

harrymcc writes: Starting in the late 1960s, Alan Kay envisioned a powerful portable computer that would be a revolutionary learning device, then built some of the necessary tech at Xerox PARC and elsewhere. Today, his ideas are all around us -- but Kay is distinctly unimpressed with the iPhone, iPad, and other modern devices, which he says encourage passivity rather than creativity. Brian Merchant talked to the computing pioneer for a wide-ranging interview on FastCompany. An excerpt from the interview: Google has been around for a long time now. I bitched at [Google] for years: Why the fuck can't we type in a question and get a decent answer? There's all sorts of pre-processing you can do with the computing we have now to put a lot more semantics in there, and look at the shit you're retrieving. And by the way, the stuff that isn't popular -- which is probably what most people need to read, if the thing even knew what the question is -- is buried [in Google search results], and most people won't go past a couple of results or clicks.

Read more of this story at Slashdot.

Many Machine Learning Studies Don't Actually Show Anything Meaningful, But They Spread Fear, Uncertainty, and Doubt

Slashdot -

Michael Byrne, writing for the Outline: Here's what you need to know about every way-cool and-or way-creepy machine learning study that has ever been or will ever be published: Anything that can be represented in some fashion by patterns within data -- any abstract-able thing that exists in the objective world, from online restaurant reviews to geopolitics -- can be "predicted" by machine learning models given sufficient historical data. At the heart of nearly every foaming news article starting with the words "AI knows ..." is some machine learning paper exploiting this basic realization. "AI knows if you have skin cancer." "AI beats doctors at predicting heart attacks." "AI predicts future crime." "AI knows how many calories are in that cookie." There is no real magic behind these findings. The findings themselves are often taken as profound simply for having way-cool concepts like deep learning and artificial intelligence and neural networks attached to them, rather than because they are offering some great insight or utility -- which most of the time, they are not.

Read more of this story at Slashdot.

Canada's Challenge Is Keeping Techies, BlackBerry Inventor Says

Slashdot -

The former chief executive officer of BlackBerry added his voice to the chorus of people saying that Canada's main economic hurdle is keeping technology talent. From a report: "The biggest challenge as a country is retaining and recruiting the best people to build industries in Canada and not lose them to other jurisdictions," Mike Lazaridis, who left BlackBerry in 2013, said Thursday at the Waterloo Innovation Summit. Canada is pushing to become a technological leader as Prime Minister Justin Trudeau tries to shift away from a commodities-driven economy by increasing funding for technology and offering fast-track visas to highly skilled workers. Cities like Ottawa, the capital, have stepped up recruitment efforts targeting expats in the U.S., while Toronto and its surrounding cities submitted a regional bid Wednesday for Amazon.com's second headquarters. The BlackBerry inventor sees Canada as at the forefront of the development of quantum computers, technology that could transform the world by allowing computers to operate much faster and on larger data sets than ever before.

Read more of this story at Slashdot.

Security updates for Friday

LWN Headlines -

Security updates have been issued by Arch Linux (flashplugin, kernel, lib32-flashplugin, and linux-lts), CentOS (postgresql), Debian (tcpdump and wordpress-shibboleth), Fedora (lightdm, python-django, and tomcat), Mageia (flash-player-plugin and libsndfile), openSUSE (chromium, cvs, kernel, and libreoffice), Oracle (postgresql), and Ubuntu (libgcrypt20 and thunderbird).

Cassini's Saturn Mission Goes Out In A Blaze Of Glory

Slashdot -

An anonymous reader shares a report: Controllers at NASA's Jet Propulsion Laboratory sent a final command Friday morning to the Cassini spacecraft orbiting Saturn. Not long after, accounting for the vast distance the message traveled, the order was received, putting the craft into a suicidal swan dive, plummeting into the ringed planet's atmosphere. Flight Director Julie Webster called "loss of signal" at about 7:55 a.m. ET, followed by Project Manager Earl Maize announcing "end of mission" as the spacecraft began to break up in Saturn's atmosphere. "Congratulations to you all," Maize announced to applause. "It's been an incredible mission, incredible spacecraft, and you're all an incredible team." With Cassini running on empty and no gas station for about a billion miles, NASA decided to go out Thelma & Louise-style. But rather than careen into a canyon, the plucky probe took a final plunge into the object of its obsession. Just how obsessed? Its 13-year mission to explore the strange world of Saturn went on nearly a decade longer than planned. It completed 293 orbits of the planet, snapped 400,000 photos, collected 600 gigabytes of data, discovered at least seven new moons, descending into the famed rings and sent its Huygens lander to a successful 2005 touchdown on the surface of yet another moon, Titan. Also read: Cassini's Best Discoveries of Saturn and Its Moons.

Read more of this story at Slashdot.

Dries Buytaert: Don't blame open-source software for poor security practices

Drupal Planet -

Last week, Equifax, one of the largest American credit agencies, was hit by a cyber attack that may have compromised the personal data of nearly 143 million people, including name, address, social security numbers, birthdates and more. The forfeited information reveals everything required to steal someone's identity or to take out a loan on someone else's name. Considering that the current US population is 321 million, this cyberattack is now considered to be one of the largest and most intrusive breaches in US history.

It's Equifax that is to blame, not open-source

As Equifax began to examine how the breach occurred, many unsubstantiated reports and theories surfaced in an attempt to pinpoint the vulnerability. One such theory targeted Apache Struts as the software responsible for the breach. Because Apache Struts is an open-source framework used for developing Java applications, this resulted in some unwarranted open source shaming.

Yesterday, Equifax confirmed that the security breach was due to an Apache Struts vulnerability. However, here is what is important; it wasn't because Apache Struts is open-source or because open-source is less secure. Equifax was hacked because the firm failed to patch a well-know Apache Struts flaw that was disclosed months earlier in March. Running an old, insecure version of software — open-source or proprietary — can and will jeopardize the security of any site. It's Equifax that is to blame, not open-source.

The importance of keeping software up-to-date

The Equifax breach is a good reminder of why organizations need to remain vigilant about properly maintaining and updating their software, especially when security vulnerabilities have been disclosed. In an ideal world, software would update itself the moment a security patch is released. Wordpress, for example, offers automatic updates in an effort to promote better security, and to streamline the update experience overall. It would be interesting to consider automatic security updates for Drupal (just for patch releases, not for minor or major releases).

In absence of automatic updates, I would encourage users to work with PaaS companies that keep not only your infrastructure secure, but also your Drupal application code. Too many organizations underestimate the effort and expertise it takes to do it themselves.

At Acquia, we provide customers with automatic security patching of both the infrastructure and Drupal code. We monitor our customers sites for intrusion attempts, DDoS attacks, and other suspicious activity. If you prefer to do the security patching yourself, we offer continuous integration or continuous delivery tools that enable you to get security patches into production in minutes rather than weeks or months. We take pride in assisting our customers to keep their sites current with the latest patches and upgrades; it's good for our customers and helps dispel the myth that open-source software is more susceptible to security breaches.

Bitcoin Plummets Below $3,000 on Rising China Worries

Slashdot -

Bitcoin dropped below $3,000 on Friday as the cryptocurrency extended a brutal eight-day sell-off that has reduced its value against the dollar by a third. Financial Times reports: The currency traded as low as $2,972, marking a 36 per cent fall from bitcoin's close on September 7, and a collapse of 40 per cent from the highs struck earlier this month. The latest bout of selling came after BTCChina, one of the country's biggest bitcoin exchanges, said it would halt trading at the end of the month. Focus has now shifted to the communist country's other two big exchanges: OKCoin and Huobi. Alternative source.

Read more of this story at Slashdot.

Trump Blocks China-Backed Takeover of US Chip Maker 'Lattice Semi'

Slashdot -

MountainLogic shares a report from CNN: President Trump has stopped the takeover of an American chip maker by a private equity firm with ties to China. The deal, which would have seen China-backed Canyon Bridge Capital Partners acquire Lattice Semiconductors, was blocked over national security concerns. "Today, consistent with the administration's commitment to take all actions necessary to ensure the protection of U.S. national security, the president issued an order prohibiting the acquisition," Treasury Secretary Steven Mnuchin said in a statement Wednesday. The national security risk included "the potential transfer of intellectual property" to the Chinese-backed company and the "Chinese government's role in supporting this transaction," according to Mnuchin's statement. Those are sensitive matters: the Trump administration launched an investigation last month into whether China is unfairly getting hold of American technology and intellectual property. The Committee on Foreign Investment in the U.S., which reviews deals that could result in a foreign entity taking control of an American company, had previously recommended halting the deal. Lattice CEO Darin G. Billerbeck called the outcome "disappointing" and called the proposed acquisition "an excellent deal" for Lattice and for "expanding the opportunity to keep jobs in America." According to CNN, Lattice currently employs 300 people in Oregon -- and Canyon Bridge has committed to adding 350 more if the takeover deal went through.

Read more of this story at Slashdot.

CiviCRM Blog: CiviCon UK Sponsor post: Registrations in seconds, logins without passwords

Drupal Planet -

A big thank you to all our CiviCON UK Sponsors. Here's a special post from Gold Sponsor Yoti:

Doing things differently: Registrations in seconds, logins without passwords and minimising data.

Over the last 15 years I’ve probably been responsible for around 50 or so websites or microsites that in some way or another have tried to gather people’s data.  Either to enter into an event, join a forum or buy something.  And like most other marketeers I’ve been obsessed by two things.  Funnels and Data. i.e how easily are people signing up and how much do I now know about my customers.  I’ve always known that by asking people for more information there was a danger people would drop out of my acquisition funnel but we marketeers are hungry for data. We want it all and we want it now.

I’ve now come to realise that less is more.  I still want the customers, and loads of them, but I want them to join me on their terms. If I ask people less about themselves I’m more likely to get an answer. 

I always try to liken marketing situations with personal situations.  When you first meet someone in a bar you don’t tend to ask them everything about themselves in the first sentence.  You might introduce yourself and ask them their name.  And perhaps ask them where they’re from.  You certainly wouldn’t ask their address or birthday.  If you did, you can be fairly sure they’d either not tell you or they’d give you a fake one and then avoid you for the rest of the night.  So why do we do it in business?  

So we can send them emails they’ll never read?  Send them mail that’ll clog up their recycling bin. Profiling our user base?  Most businesses can’t afford this kind of wastage.  We can’t afford to be sending emails that damage our brand by clogging up people’s inboxes or sending people mail that costs us thousands of pounds.  And just how much effective user profiling can be done if the data they are giving us isn't actually real in the first place?

I want to suggest a revolutionary new idea.  Why not just ask for less, just their first name? Or maybe, not even ask them anything at all. Imagine if you could give them access to a secure user profile on your website even though you didn't even have a name or email address for them.  And they could return to that profile whenever they want to tell you a bit more about themselves. Imagine if you could give them a special key to your world.

A special key?  What like a password?  Surely not...No, not like a password.  Just let them use their phone and their biometrics.  Let them then build their trust with you by adding more details when they want to.  When they need to.  Let them feel special by showing them all the awesome stuff they can now see that nobody else can, and then when you need their address to send them something they've bought you can ask for it.  You could even give them the option of giving you their phone number or email so you can tell them when you’ve got something new and cool to sell. Or you could just say ‘come and stop by whenever you fancy. You’ve got the keys and you can’t lose them so come and have a browse whenever you fancy it.’

It feels a little scary doesn't it? Having anonymous customers that are in control of what information they give you and when.  But there's also all sorts of other interesting stuff it means you could do. You can create chat forums where people just prove they are from a certain city but otherwise remain anonymous.  You could build web forums for children that only allowed people under a certain age or over another age to register.

However, I know there are plenty of us who do actually need all the data up front, just because that’s how business works and it may take a while for my utopian customer-centric world to exist.  And plenty of businesses need to be absolutely sure they have the right name and address to eliminate fraud that’s costing us billions of pounds every year.

But these businesses still want to get people signed up quickly and they’re still scared about getting their data hacked.  And a lot of businesses do end up giving their customers passwords, which their customers usually forget.

We created Yoti to try and let people and businesses do all of the above. We want to encourage businesses to ask for less, but give you the confidence people are who they claim to be.  We want to make it frictionless for you to sign up new verified customers. We don't want anyone to ever hate your website just because they forgot their password.

Yoti is an easy to use digital identity app for consumers and secure digital identity attribute exchange platform for organisations. Our phones help us connect, make payments and board planes, it’s time that they helped us prove our identity.

People create their Yoti by downloading our free app, prove they’re a real person and match their selfie to their passport or driving licence photo. In less than 5 minutes, out pops their verified digital identity that they control for life. Yoti uses AES 256 encryption to store and share user data in such a way that only they have access to their personal details. Yoti cannot see or access any personal information once the accounts have been verified.

Once people have Yoti they can then prove any element of their identity in seconds to businesses and organisations that accept Yoti.  They simply scan a QR code if they are on a desktop, or press ‘Use Yoti’ if on their mobile.  They’ll then be told what information is being requested and they allow the information to be shared.  Registered in seconds.  They can then log back in using their Yoti. No password is required meaning they’ll never forget them and the business need never worry about whether or not they chose a secure password.  

We are building an ecosystem of places where people can use Yoti in their everyday life. They will use Yoti to prove their age at the supermarket self checkout, apply for jobs online, sign up to new web services, prove their age on nights out instead of having to carry their passport.

We’re in our ‘pre-launch’ phase at the moment (we launch in November) but people seem interested.  Over 65,000 people have installed the app already and some great businesses and organisations like Reed, Worldpay and NSPCC are already working with Yoti.

To make it as easy as possible for businesses and organisations to use Yoti we've developed a number of SDKs in seven different coding languages and plugins for Wordpress and Drupal 7, with Joomla and Drupal 8 in development right now.

If you'd like to find out more about Yoti please visit www.yoti.com

ArchitectureCiviConDrupal

Pages

Subscribe to Heydon Consulting aggregator