• (nodebb)

    I was so ready for the non-ascii 4th character of "Janči" to be the problem.

  • Hanzito (unregistered) in reply to WTFGuy

    I did have to fix a Windows + non-ASCII char + ssh key problem once. It wasn't pleasant. It involved three icacls $path commands whenever the key was changed.

  • Troll (unregistered)

    Those "Linux users", always troublemakers, something always doesn't work for them. Why cannot they just be normal?

  • 516052 (unregistered) in reply to Troll

    Frankly if you ask me all operating systems were just a bad idea. The moment you start adding layers between your code and the bare metal is the moment you give up on quality and performance both.

    Sure, they look great on the brochure. Run any program on any machine. Newer have to worry about hardware specs. Etc. Etc. What they don't tell you is that this comes at the cost of introducing dependencies on the work of people you can't trust with all the bugs that come with it. And you can forget about optimization too since you can't optimize for unknown hardware.

    Yuck to it all I say. :)

  • (nodebb)

    Some Unix tools (e.g. chown) allow you to specify users and groups either by name or uid. Having an all-numeric username will confuse them, so it's a Bad Idea even if the system technically allows it. For this reason, account management tools like useradd usually prohibit them (and for simplicity they just check that the first character is not a digit).

    The WTF should be that he wasn't informed of this when he first created the account. And if this guy is a "veteran", he should have known about this.

  • Coyote (unregistered)

    This is entirely on the sysadmins of those servers. Sending the same private key to everyone? Only supporting outdated crypto? Inconsistent usernames and not letting the affected people know?

    If the server is that poorly managed, just fix it once you log in, I'm sure it won't be hard to get root.

  • (nodebb) in reply to Barry Margolin

    Oh you sweet summer child! I remember when DEC user accounts were all numeric, XXX.YY Same for Compuserve, I recall.

  • (nodebb)

    {misquote media="tv" source="The Prisoner"} I am a number! {/misquote}

  • (nodebb) in reply to cellocgw

    UICs were of the format [GGG,UUU] where each number was three digits.

  • (nodebb) in reply to Barry Margolin

    The WTF should be that he wasn't informed of this when he first created the account.

    While I agree that the system can have the right to not accept all-numeric identifiers, it is IMHO completely wrong to change the requested identifier, with or without notification. "Reject the request with a meaningful error message" is the only acceptable course of action.

  • John (unregistered)

    I'm confused. Each student got a username for every one of their multiple email aliases, except one student ?

  • (nodebb)

    Sending the same private key to everyone? Only supporting outdated crypto? Inconsistent usernames and not letting the affected people know?

    To answer those in turn: The server is open to any student, the private key rather than password is to stop random password-scanning attacks so it's doing its job. DSA sigs are still perfectly secure, just not trendy any more. Inconsistent usernames, that's a problem with some script which I assume they've fixed by now.

    So the story describes a bit of a WTF, but the underlying reasons aren't really.

  • (nodebb) in reply to zomgwtf

    the private key rather than password is to stop random password-scanning attacks so it's doing its job.

    No it isn't. It's entirely backwards. Each user should have a public/private key pair and they should send the public key to be installed on the server in their account.

    You may say it doesn't matter because these are training servers or something but, firstly, you've sent this private key in an email which is almost certainly stored in plain text in various places and secondly, you need to get people to use SSH keys properly. It's confusing enough for most people without giving them an example of how not to do it.

  • matt (unregistered)

    A compulsory elective?

  • Coyote (unregistered) in reply to zomgwtf

    Have you ever set up pubkey SSH auth? Disabling password login and only allowing pubkey is good, it's what I do, but...

    If every account has the same private key, that means the public key in authorized_keys is the same for every account. Everyone can log in as everyone else, all you have to do is change the username you are connecting as. This is terrible for accountability purposes, and if that private key gets leaked you have to disable every account until everyone has a new key. You simply do not do it this way. Ever.

    If you want a single shared account, just create that and securely distribute the key, or even better set up sudo so users can su to that shared account and only to that shared account.

  • Coyote (unregistered) in reply to zomgwtf

    Have you ever set up pubkey SSH auth? Disabling password login and only allowing pubkey is good, it's what I do, but...

    If every account has the same private key, that means the public key in authorized_keys is the same for every account. Everyone can log in as everyone else, all you have to do is change the username you are connecting as. This is terrible for accountability purposes, and if that private key gets leaked you have to disable every account until everyone has a new key. You simply do not do it this way. Ever.

    If you want a single shared account, just create that and securely distribute the key, or even better set up sudo so users can su to that shared account and only to that shared account.

  • Kotarak (unregistered) in reply to Barry Margolin

    TRWTF is that email addresses and user names are two completely unrelated things. There is no reason, why they should be connected in any shape or form. Would I run the stuff, people would receive their freshly made usernames to their registered email address.

  • 516052 (unregistered) in reply to Kotarak

    There is one very good reason to do so in a professional or educational setting. It makes sure people are forced to use their real name as their username. And this is a cheep and cheerful way of avoiding a whole host of HR issues.

  • Frodo Brömmelkamp (unregistered) in reply to matt

    A compulsory elective?

    When I got my master's, I was pretty free to choose what courses I took but some restrictions applied. Something along the lines of "4 base courses, but at least one from category A and one from category B". Maybe something like this is meant here.

  • Kotarak (unregistered) in reply to 516052

    Huh? The whole article is about them not using their real names as usernames. Then: A generated username may be based on their real names (which sucks because it's really ugly to break ties on any somewhat bigger organisation). Still, it's that: a valid username from our own system. Not a 3rd party invention. I don't know what problem HR has with that. IT: "user123 did something fishy." HR: "Who is that?" IT: "John Doe from Purchasing."

    You register on your educational or professional site with your email, your full name and your public key. You get an email: "Congratulations! You are proud owner of the account your.name.123. Please connect with your private key."

    Regarding professional settings: I literally have an email address which is basically [email protected] and user123@somewhere, which I use for login purposes.

  • 516052 (unregistered) in reply to Kotarak

    I was responding to this:

    TRWTF is that email addresses and user names are two completely unrelated things. There is no reason, why they should be connected in any shape or form.

    And the point I was making is that having system generated usernames tied to a system generated email, neither of which can be changed and which preferably do in fact have the format you describe is exactly what should be and is done in most sane organizations.

    There is a place and time for arguments between an elderly professor and his students on the subject of emailing papers using [email protected] and the IT office is not one of them. ;)

  • A Human (unregistered) in reply to matt

    I don't know about university, but I can speak of my high school.

    In the lower years of high school, everyone does the same subjects. There is no concept of blocks or lines or electives or any of that mindf**k that is explained to everyone constantly but no one knows what means.

    In the middle years of high school, there are specific blocks on the time table where everyone does the same, mandatory class. These are compulsory subjects. The rest of the time is split up into elective blocks, where different people do different subjects that they choose to do. These subjects are your electives. Most electives you are free to choose or not choose ('true electives'), but the exception was art, which took up an elective block, wasn't done by everyone at once, but everyone was required to pick it. That is a compulsory elective.

    In the later years of high school, there is no distinction between electives and compulsory subjects, as all subjects are elective. Except for the fact that everyone must "choose" to do english. It's a compulsory elective.

  • A Human (unregistered) in reply to Troll

    :(

    Too real. Whyyy does everyone perceive us as such?

Leave a comment on “The Pride Goeth”

Log In or post as a guest

Replying to comment #698463:

Log Out

« Return to Article