Least amount of back-and-forth between the developer and the admin ("sorry, your key has to be at least 2048 bits", "you forgot to sign your mail", "sorry, I sent you guys the wrong key"), plus it helps assure it's a dedicated SSH key and isn't shared between many other projects and therefore copied across workstations. Mostly, though, it reduces hassle.
There is no mistake here -- the ssh private keys are generated on the kernel.org provisioning system, encrypted to the developer's PGP key (which is verified using the PGP web of trust) and then emailed out. The developer then decrypts the ssh private key on their workstation using their own PGP private key. Our copy of the ssh private key is destroyed in the process, so we only keep the ssh public key.
PGP web of trust is king in the kernel.org world.
"Bob, I need financial data for all clients bought the WidgetMaster 9000, ASAP!" "Sure, boss. I couldn't attach it to email for some reason, so I posted it on superfileshare.com."
Repeat after me -- first amendment and other rights provided by the US constitution are ONLY applicable when you're dealing with the US government. When you are dealing with private entities, constitutional rights and freedoms do not apply (think, for example, Non-Disclosure Agreements -- which is pretty much all this is). Yes, doctors now insist on an NDA (for the purposes of CYA) -- that's a WTF, but not a violation of your constitutional rights.
There's a Russian joke about emoticons (I'm sure totally made up). During his first orbit, Yuri Gagarin was asked if he was enjoying the view, to which he responded "the view is three equals eight." 3=8 ("zayebis!" or rough equivalent of "fucking awesome!")
You kinda have to have you mind in the gutter to see this one (but I'm sure most slashdotters will do just fine;)).
I actually have dual feelings. On one hand, it's a good policy to give a warning when a certificate is self-signed. That's expected by everyone, I think -- even though FF3's new "omg-wtf" freakout behaviour is totally excessive. On the other hand, relying solely on an SSL certificate to build the trust in a site is also misguided.
A valid certificate (EV or not EV) is not actually a guarantee that you're safe -- it's just a guarantee that you are a) communicating with a domain owned by "Acme Inc", and b) that the connection between your browser and their webserver is encrypted. With so many off-the-shelf CMS systems available these days, it's common for companies to install a version of Wordpress/Joomla/Wassname and then never patch it, which quickly breeds malware of various degrees of maliciousness. As a result -- yeah, you're talking to "Acme Inc" over a high-grade security link, but that doesn't mean that your credit card numbers in that purchase order are any safer.
With all the work and money being dedicated towards securing the connection and authentication, it's disconcerting to see that nobody is working on communicating to the web client that the application they are accessing was actually deployed by Acme Inc, as opposed to Evil Haxxors. I'm all about strong PKI, but seeing all that effort spent on securing and authenticating the connection makes me wonder when there will be any work done to authenticate the actual code.
Otherwise, it's like building a reinforced door with a card-access scanner, while issuing those access cards to anyone who claims to work for you.
Yeah, completely unnecessary. Unless you're moving to a place that is drastically different in terms of laws and culture (e.g. China, Japan, or Middle East), talking to a lawyer is a complete overkill. In your case, since you're moving from one member of the British Commonwealth (Australia) to another (Canada), you'll find the laws pretty much identical, with slight local variations (exception in Canada is Quebec, which has a civil code).
Move to Vancouver, then go to Chapters and buy a quick reference on Canadian Law. Will cost you $20 instead of $2000.
I work at a large Canadian university and we're expressly forbidden from storing *any* student-related information, no matter how insignificant, on non-Canadian servers. This doesn't just include things like gmail, but also various payment processing services, online storage providers (think Amazon's S3), and even things like Google Analytics. The latter is so ubiquitous, I'm not sure we're succeeding in extricating it from university-owned websites, and each time we have to explain to people why sending sensitive information about our users' browsing habits to the US is not a good idea.
I don't think this policy has much to do with the Patriot Act, though I'm sure it acted as a catalyst. We'd probably not store any data in Netherlands either. If you're an institution that has to worry about compliance with various national privacy laws, it makes sense to store all information either within the organization, or at least within the same country.
Slashdot Mirror
Least amount of back-and-forth between the developer and the admin ("sorry, your key has to be at least 2048 bits", "you forgot to sign your mail", "sorry, I sent you guys the wrong key"), plus it helps assure it's a dedicated SSH key and isn't shared between many other projects and therefore copied across workstations. Mostly, though, it reduces hassle.
There is no mistake here -- the ssh private keys are generated on the kernel.org provisioning system, encrypted to the developer's PGP key (which is verified using the PGP web of trust) and then emailed out. The developer then decrypts the ssh private key on their workstation using their own PGP private key. Our copy of the ssh private key is destroyed in the process, so we only keep the ssh public key. PGP web of trust is king in the kernel.org world.
Yubikeys also support the HOTP standard, which produces 6-digit codes. This is what kernel.org actually uses, not yubikey's own implementation.
Battle.net authenticator uses TOTP, so yes, you can. :)
Stick to imperial units -- American buttloads are bigger. ;)
FTFY.
-Obama
"Bob, I need financial data for all clients bought the WidgetMaster 9000, ASAP!"
"Sure, boss. I couldn't attach it to email for some reason, so I posted it on superfileshare.com."
I think the point here is that what we're not really against religion, as much as we're against dogma.
Once he's in jail, we need to find out who his cellmate is, so we can send him inordinate amounts of penis enlargement ads.
Not that shocking -- they normally listen to the beetles.
> Many times over the last decade I've ended up on a Geocities website when researching particular subjects...
That's because now it's all on wikipedia.
The net is a good way to stay informed.
Unfortunately, it's an even better way to stay misinformed.
The complexity of Adam is that it has cycles.
No, no, no -- the complexity of *Eve* is that it has cycles.
Repeat after me -- first amendment and other rights provided by the US constitution are ONLY applicable when you're dealing with the US government. When you are dealing with private entities, constitutional rights and freedoms do not apply (think, for example, Non-Disclosure Agreements -- which is pretty much all this is). Yes, doctors now insist on an NDA (for the purposes of CYA) -- that's a WTF, but not a violation of your constitutional rights.
... and don't go to watch it.
*shrug*
There's a Russian joke about emoticons (I'm sure totally made up).
During his first orbit, Yuri Gagarin was asked if he was enjoying the view, to which he responded "the view is three equals eight."
3=8 ("zayebis!" or rough equivalent of "fucking awesome!")
You kinda have to have you mind in the gutter to see this one (but I'm sure most slashdotters will do just fine ;)).
In contrast, the rest of the world celebrates the remaining 364 piracy days.
Wait... a Chinese guy will be wearing a "Made in Russia" suit?
Man, it's the first time someone will be a live embodiment of an inverted "Soviet Russia" joke.
I actually have dual feelings. On one hand, it's a good policy to give a warning when a certificate is self-signed. That's expected by everyone, I think -- even though FF3's new "omg-wtf" freakout behaviour is totally excessive. On the other hand, relying solely on an SSL certificate to build the trust in a site is also misguided.
A valid certificate (EV or not EV) is not actually a guarantee that you're safe -- it's just a guarantee that you are a) communicating with a domain owned by "Acme Inc", and b) that the connection between your browser and their webserver is encrypted. With so many off-the-shelf CMS systems available these days, it's common for companies to install a version of Wordpress/Joomla/Wassname and then never patch it, which quickly breeds malware of various degrees of maliciousness. As a result -- yeah, you're talking to "Acme Inc" over a high-grade security link, but that doesn't mean that your credit card numbers in that purchase order are any safer.
With all the work and money being dedicated towards securing the connection and authentication, it's disconcerting to see that nobody is working on communicating to the web client that the application they are accessing was actually deployed by Acme Inc, as opposed to Evil Haxxors. I'm all about strong PKI, but seeing all that effort spent on securing and authenticating the connection makes me wonder when there will be any work done to authenticate the actual code.
Otherwise, it's like building a reinforced door with a card-access scanner, while issuing those access cards to anyone who claims to work for you.
Can someone tag this with "MafiaDefender" please?
Yeah, completely unnecessary. Unless you're moving to a place that is drastically different in terms of laws and culture (e.g. China, Japan, or Middle East), talking to a lawyer is a complete overkill. In your case, since you're moving from one member of the British Commonwealth (Australia) to another (Canada), you'll find the laws pretty much identical, with slight local variations (exception in Canada is Quebec, which has a civil code).
Move to Vancouver, then go to Chapters and buy a quick reference on Canadian Law. Will cost you $20 instead of $2000.
I work at a large Canadian university and we're expressly forbidden from storing *any* student-related information, no matter how insignificant, on non-Canadian servers. This doesn't just include things like gmail, but also various payment processing services, online storage providers (think Amazon's S3), and even things like Google Analytics. The latter is so ubiquitous, I'm not sure we're succeeding in extricating it from university-owned websites, and each time we have to explain to people why sending sensitive information about our users' browsing habits to the US is not a good idea.
I don't think this policy has much to do with the Patriot Act, though I'm sure it acted as a catalyst. We'd probably not store any data in Netherlands either. If you're an institution that has to worry about compliance with various national privacy laws, it makes sense to store all information either within the organization, or at least within the same country.
...and Linux kernel was replaced by Gnome.
At last -- a definitive answer to the question "is that a banana in your pocket, or are you just happy to see me?"
But did you *really* want to know?
Man, when this makes it to Canada, I'll just have to try St-Louis-Du-Ha! Ha!, Quebec.