"Bret Devereaux" sounds more like of French origin, but if the author self-identifies as jew, this is useful meta-information, even if expressed in terms that are culturally unacceptable in US.
> The solution the world's leading experts have landed on is one your grandparents could have come up with: codewords. You, your family, business partners and anyone else you communicate with about important subjects need to come up with a secret phrase that no-one else knows you can use in an emergency to verify each other's identities. Think of it like a convoluted form of the multi-factor authentication we all use to login online.
> "My wife and I have a codeword that we use if we ever get an unusual call," Farid says. "We haven't needed to use it yet, but sometimes I ask just to test her to make sure we don't forget it."
You know what's funny is that, at least by default, these strings have some information in them that tells you the serial number and model of the key, among other things.
Change directory to your local git repository that you want to share with friends and colleagues and do a bare clone git clone --bare . /tmp/repo.git You just created a copy of the .git folder without all the checked out files.
Upload /tmp/repo.git to your linux server over ssh. Don't have one? Just order a tiny cloud server from Hetzner or another European provider. You can place your git repository anywhere, but the best way is to put it in a separate folder, e.g. /var/git. The command would look like with scp -r /tmp/repo.git me@server:/var/git/.
To share the repository with others, create a group, e.g. groupadd --users me git You will be able to add more users to the group with groupmod.
Your git repository is now writable only by me. To make it writable by the git group, you have to change the group on all files in the repository to git with chgrp -R git /var/repo.git and enable the group write bit on them with chmod -R g+w /var/repo.git.
This fixes the shared access for existing files. For new files, we have to make sure the group write bit is always on by changing UMASK from 022 to 002 in /etc/login.defs.
There is one more trick. For now on, all new files and folders in /var/git will be created with the user's primary group. We could change users to have git as the primary group.
But we can also force all new files and folders to be created with the parent folder's group and not user primary group. For that, set the group sticky bit on all folders in /var/git with find /var/git -type d -exec chmod g+s \{\} +
You are done.
Want to host your git repository online? Install caddy and point to /var/git with something like
Is there some part of PCI auditing requirements that is getting misinterpreted by some auditors to demand this? Though in my experience with standards like this what auditors want to see and what the standards say often have only loose overlap anyhow.
It's pretty counterintuitive from an auditing perspective. If the PCI standards require server racks to be painted red, it's entirely normal for an auditor to ask to see them, and very suspicious for you to say that they're in an encrypted box where nobody can check if they're red or not. I don't mean to excuse it, but I can understand how the error happens.
This is true. Maybe it's someone seeing a requirement like "all passwords must conform to these rules" and deciding that it means they need to check them directly, instead of looking at the systems that enforce that constraint.
Right until the end I thought the guy was doing a social engineering penetration test, checking whether he could brow beat the server admins into bending over backwards to reveal this information.
OTOH, I can already argue with numbers at hand that Bitcoin made the world poorer and worse off.
reply