I’ve been a very happy user of ARP Networks for years, both their VPS and dedicated offerings.
@jcs I think it would be cool to have a “Devio.us Admin” hat for myself, @bcallah, and @kyle.
Also, @bcallah totally needs an OpenBSD Developer hat (even if he won’t ask for it himself)
I can has too?
(To clarify, jasper@ is an OpenBSD dev, not a “Devio.us Admin” in case that wasn’t clear.)
Oh I totally forgot @lteo is also an OpenBSD Developer.
Huh I totally didn’t see that before. (And I didn’t see you request one.) Oops.
HFS+, like NTFS, is actually case sensitive “under the hood.” However the OS' that use them default to setting them case-insensitive. It’s not fair to pin this on the filesystem itself. I would title this “Caveats of using git on OSX”
It should be pointed out that you can fairly easily select case-sensitive formatting during OSX installation, or use a disk image formatted appropriately for your case-sensitive work.
The last time I recall this discussion going around, it was pointed out that a significant part of the OS X ecosystem (Adobe being the major offender that I recall) just doesn’t work on case-sensitive HFS+, so regrettably it’s not always as simple as making sure you only use case-sensitive filesystems.
use a disk image formatted appropriately for your case-sensitive work
I believe that’s the solution the post proposes at the end.
Yep, that’s what I ended up doing.
@brycied00d Fair point. Thanks for the clarification.
Actual PDF source from 1997 http://ftp.freebsd.org/pub/FreeBSD/doc/newsletter/issue1.pdf
Wow, this is quite a historical gem! That server on page 3 looks like it has a microwave sitting near the top rack. :-)
Also “today we have over 50 servers running various versions of 2.1 STABLE.” was a giveaway to the age of the article. Not to mention the html page is full of Geocities markup.
Is this really a thing? Their instructions state “Install OmniSharp (https://github.com/OmniSharp/Omnisharp)” but that appears to be an empty repository.
I’ve only installed it through the package manager for Sublime, but it works great.
Strange no one is discussing it more.
I love the idea. I think it’s about time passwords die, one way or another.
I wish I could say “Because it’s a solved problem? SSL client certificates have been around for ages.” but alas I know of only one public website that uses SSL client certificates for authentication. (And it’s an SSL CA)
Linked Data Server https://databox.me/ uses client certificates.
Playing devil’s advocate for a second, the blog takes a hardline “more speed is less safe” stance, which isn’t necessarily true. I have heard (yes, anecdotal, so sue me) of cases where drivers were stopped for driving at the speed limit because they were not driving with the flow of traffic and were thereby posing a safety risk. And I have been spectator to plenty (oh so many!) instances of a car driving at or below the limit and holding up traffic, particularly if they’re in the wrong lane.
If we’re talking fetching SSL/TLS certificates in general, one could simply “openssl s_client -connect host:port” No point in installing an npm package just for that.
To save just the certificate into a file: openssl s_client -connect host:port | openssl x509 [-text] > myfile.pem
Of course, if this is targeted at Node.js developers, then I’d have altered the title to reflect that, “Retrieve the public TLS certificate in x509 format from a distant host in Node.js”
openssl s_client -connect host:port
openssl s_client -connect host:port | openssl x509 [-text] > myfile.pem
% openssl s_client -connect google.com:443 2>/dev/null | openssl x509 -text
Version: 3 (0x2)
Serial Number: 9018882575595640890 (0x7d2981eb1d56983a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Not Before: Nov 4 18:13:15 2015 GMT
Not After : Feb 2 00:00:00 2016 GMT
Subject: C=US, ST=California, L=Mountain View, O=Google Inc, CN=*.google.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Exponent: 65537 (0x10001)
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Alternative Name:
DNS:*.google.com, DNS:*.android.com, DNS:*.appengine.google.com, DNS:*.cloud.google.com, DNS:*.google-analytics.com, DNS:*.google.ca, DNS:*.google.cl, DNS:*.google.co.in, DNS:*.google.co.jp, DNS:*.google.co.uk, DNS:*.google.com.ar, DNS:*.google.com.au, DNS:*.google.com.br, DNS:*.google.com.co, DNS:*.google.com.mx, DNS:*.google.com.tr, DNS:*.google.com.vn, DNS:*.google.de, DNS:*.google.es, DNS:*.google.fr, DNS:*.google.hu, DNS:*.google.it, DNS:*.google.nl, DNS:*.google.pl, DNS:*.google.pt, DNS:*.googleadapis.com, DNS:*.googleapis.cn, DNS:*.googlecommerce.com, DNS:*.googlevideo.com, DNS:*.gstatic.cn, DNS:*.gstatic.com, DNS:*.gvt1.com, DNS:*.gvt2.com, DNS:*.metric.gstatic.com, DNS:*.urchin.com, DNS:*.url.google.com, DNS:*.youtube-nocookie.com, DNS:*.youtube.com, DNS:*.youtubeeducation.com, DNS:*.ytimg.com, DNS:android.clients.google.com, DNS:android.com, DNS:g.co, DNS:goo.gl, DNS:google-analytics.com, DNS:google.com, DNS:googlecommerce.com, DNS:urchin.com, DNS:youtu.be, DNS:youtube.com, DNS:youtubeeducation.com
Authority Information Access:
CA Issuers - URI:http://pki.google.com/GIAG2.crt
OCSP - URI:http://clients1.google.com/ocsp
X509v3 Subject Key Identifier:
X509v3 Basic Constraints: critical
X509v3 Authority Key Identifier:
X509v3 Certificate Policies:
X509v3 CRL Distribution Points:
Signature Algorithm: sha256WithRSAEncryption
I’m not an expert on DNSSEC (though I might play one on TV some day), but how exactly is this “universal” when my registrar doesn’t support DNSSEC? (long chain of expletives Enom resellers more profanity)
Hmm, does this 404 for anyone else?
Yes. http://blog.jasper.la/openbsd-uefi-bootloader-howto/ works for me.
Looks like @jasper’s site has a wrong canonical header, which the URL submission page switches to when it finds one:
<link rel="canonical" href="http://jasper.la/openbsd-uefi-bootloader-howto/" />
Thank you for pointing that out; it’s fixed now.
Clicking the post’s URL http://blog… returns a 301 to https://ghost.jasper.la/openbsd-uefi-bootloader-howto/ which doesn’t resolve. If I visit https://blog… it works.
Congrats @jcs, you’ve reposted news from your own site :) https://lobste.rs/s/tjoucp/evolving_the_google_identity
This is @bcallah’s post. He just didn’t want to be the one to post it. Kudos to @kusuriya.
@tedu addressed the more serious issues with this post, but I’d like to point out something a little less serious:
There was already a 2.0 release of the AOL software, about 20 years ago! That made this post title rather confusing.
(And some of us still remember it. And may have recently junked a box of AOL 2.0 floppy disks.)
This is a duplicate of https://lobste.rs/s/gumn9n which linked directly to the PDF.
Speaking for myself, I don’t feel this sort of content adds anything to the Lobste.rs community. A discussion about hardware? Sure. But simply linking to Amazon product pages and the like is spam.
What does Lobste.rs think - agree? disagree? Am I alone in this thinking?
PS: Not that this isn’t neat looking. It reminds me of the Optimus family of keyboards a few years back, but boy were those expensive and not very comfortable.
That’s a fair criticism. I thought this one was kind of iffy - it’s a novel thing that’s nice to look at (I hadn’t seen the Optimus keyboards before) but not… well, I don’t know how to say it without sounding 19th century, but: it’s not enlightening or ennobling. Reading it is consumptive, not productive.
Yeah, I hear that. I think, like a lot of things, it fits better on Lobste.rs if you write a paragraph explaining that you think it’s cool and a thing people might enjoy looking at. Being open about the consumptive nature of it. :)
A link to the Optimus keyboard family.
Mod: Please clean up the title to “Let’s Encrypt: Root and Intermediate Certificate” Without that separator, it’s suggesting we encrypt certificates…
Poorly titled: should be “Show and teLl” ;)
Valve/Steam recently announced their discontinuation of an Oauth2 api. From my limited experience and what I’ve heard, Oauth* is a convoluted nightmare to implement and to use. And from your description it’s probably the wrong tool for the job - its purpose is cross-application authorization, not so much end user connections.
(Short and quick response from my phone)
OAuth 1 is not that bad, but the thing people miss is that OAuth 2 is not a replacement for OAuth 1.0, it’s an “alternative”, an horrible alternative, so much that the lead author and editor asked his name to get removed from the specs.
If you can find a working server/client implementation of OAuth 1.0, I’d say go for it.
Unfortunately, in the healthcare space, somebody actually managed to get on the computer and discover OAuth2, and, well, we can all guess the rest.
Again, I’m looking at alternatives–but I’d really appreciate some war stories from older and greyer beards or beardettes.
I have to say, this is a very impressive and refreshing state of affairs!
Compare it to identi.ca, which one day decided to completely remove everyone’s accounts, even without being acquired!
P.S. Gitorious at one point was the official place for the unofficial FreeBSD repository and many clones.
Thanks - I was about to flag this for being mis-tagged until you explained the FreeBSD connection. (Even still, I’m not sure it’s a relevant tag, but I won’t flag it.)
Hm? Identi.ca removed accounts? I thought they just remove the ability to register? My account is still there.