Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror

Comment Mozilla corporation (Score 2) 336 336

We've read in the news about how prominently mozilla has integrated pocket into its web browser. This isn't the only change into the "closed service" direction they've made. On the other hand, they keep fighting at many fronts for the open web. What is your opinion on what mozilla stood for once, what it is today, and what it is becoming?

Comment Re:It's not even a fucking article (Score 1) 37 37

He has done this kind of "diashow" for some time now. The first time I saw it it was awesome, now I just ignore the whole story.
But very much enjoyed his post on the last "new planet discovered thats even more like earth" news wave:
https://medium.com/starts-with...

Comment Re:However the attitude above is broken (Score 1) 55 55

That former employee that knows the root password or has the keys can't get to it.

Make a good policy, no passwords, only keys, and every employee has one. Then you only have to delete the keys from all boxes, if an employee leaves, done. You will however have to use custom tools for logging, because ssh does only log the key if at VERBOSE loglevel, which you usually don't want.

The current employee that fat fingers a command to the wrong host can't do much damage.

That is, I agree, more likely possible. However if an employee has to do "sudo" all the time, they just start turning their brain off while doing it. Too much "are you sure" harms too.

That thief with a stolen laptop can't use a key to get full access remotely.

If you require your employees to encrypt their keys with a passphrase, which you should do, then this isn't an issue.

Comment Re:Stop performing studies (Score 3, Interesting) 47 47

What they did is getting a basic overview of which projects need most attention. This is the first stage in improving the situation the most effective way. Now people/companies which have an interest in linux security as a whole (e.g. redhat) have a list of projects they can contribute to, even sorted by which to contribute first. I think the list is incredibly useful. Before heartbleed nobody did this kind of research, or it didn't get any attention.

Time-sharing is the junk-mail part of the computer business. -- H.R.J. Grosch (attributed)

Working...