Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Comment Re:It's not even a fucking article (Score 1) 37 37

He has done this kind of "diashow" for some time now. The first time I saw it it was awesome, now I just ignore the whole story.
But very much enjoyed his post on the last "new planet discovered thats even more like earth" news wave:

Comment Re:However the attitude above is broken (Score 1) 55 55

That former employee that knows the root password or has the keys can't get to it.

Make a good policy, no passwords, only keys, and every employee has one. Then you only have to delete the keys from all boxes, if an employee leaves, done. You will however have to use custom tools for logging, because ssh does only log the key if at VERBOSE loglevel, which you usually don't want.

The current employee that fat fingers a command to the wrong host can't do much damage.

That is, I agree, more likely possible. However if an employee has to do "sudo" all the time, they just start turning their brain off while doing it. Too much "are you sure" harms too.

That thief with a stolen laptop can't use a key to get full access remotely.

If you require your employees to encrypt their keys with a passphrase, which you should do, then this isn't an issue.

Comment Re:Stop performing studies (Score 3, Interesting) 47 47

What they did is getting a basic overview of which projects need most attention. This is the first stage in improving the situation the most effective way. Now people/companies which have an interest in linux security as a whole (e.g. redhat) have a list of projects they can contribute to, even sorted by which to contribute first. I think the list is incredibly useful. Before heartbleed nobody did this kind of research, or it didn't get any attention.

"Gravitation cannot be held responsible for people falling in love." -- Albert Einstein