You know what's funny is that, at least by default, these strings have some information in them that tells you the serial number and model of the key, among other things.
Change directory to your local git repository that you want to share with friends and colleagues and do a bare clone git clone --bare . /tmp/repo.git You just created a copy of the .git folder without all the checked out files.
Upload /tmp/repo.git to your linux server over ssh. Don't have one? Just order a tiny cloud server from Hetzner or another European provider. You can place your git repository anywhere, but the best way is to put it in a separate folder, e.g. /var/git. The command would look like with scp -r /tmp/repo.git me@server:/var/git/.
To share the repository with others, create a group, e.g. groupadd --users me git You will be able to add more users to the group with groupmod.
Your git repository is now writable only by me. To make it writable by the git group, you have to change the group on all files in the repository to git with chgrp -R git /var/repo.git and enable the group write bit on them with chmod -R g+w /var/repo.git.
This fixes the shared access for existing files. For new files, we have to make sure the group write bit is always on by changing UMASK from 022 to 002 in /etc/login.defs.
There is one more trick. For now on, all new files and folders in /var/git will be created with the user's primary group. We could change users to have git as the primary group.
But we can also force all new files and folders to be created with the parent folder's group and not user primary group. For that, set the group sticky bit on all folders in /var/git with find /var/git -type d -exec chmod g+s \{\} +
You are done.
Want to host your git repository online? Install caddy and point to /var/git with something like
Is there some part of PCI auditing requirements that is getting misinterpreted by some auditors to demand this? Though in my experience with standards like this what auditors want to see and what the standards say often have only loose overlap anyhow.
It's pretty counterintuitive from an auditing perspective. If the PCI standards require server racks to be painted red, it's entirely normal for an auditor to ask to see them, and very suspicious for you to say that they're in an encrypted box where nobody can check if they're red or not. I don't mean to excuse it, but I can understand how the error happens.
This is true. Maybe it's someone seeing a requirement like "all passwords must conform to these rules" and deciding that it means they need to check them directly, instead of looking at the systems that enforce that constraint.
Right until the end I thought the guy was doing a social engineering penetration test, checking whether he could brow beat the server admins into bending over backwards to reveal this information.
I'm French and occasionally like to (re)read about the revolution period and every time I come to the calendar stuff I can't help but think "Really? This was stuff we wanted to spend time on?"
I switch between Thinkpad T420s and PineBook Pro for all the hobby work.
T420s has loose USB ports and the power socket is almost falling off, so I plan to replace it by a 5 years old T14 G2 in the coming months.
I can afford the latest MacBook, but I'd rather not generate more e-waste that there is, and more importantly I feel closer to my users, and my code is efficient and straight to the point.
My non-hobby laptop is an old cheap Dell from 5-6 years ago.
The best laptop I ever had was a maxed-out Thinkpad P7x, and it came with the most meaningless job ever.
I can only compare that job to the one at a unicorn that gave me the latest and greatest MacBook. Not only the job was meaningless, the whole industry made no sense to me.
reply