[TriEmbed] GitHub heads up: password logins go away August 13th

Robert Mackie rob at mackies.org
Tue Jan 26 16:55:24 CST 2021 

Hey Folks,

Could use some insights from you.  My normal case - on a computer I own, or
work at regularly and am the only user of, or on an account i own and am
the only user of (home or work), it seems like tokens won't be a problem.
In fact, they may make things even easier, day-to-day.

I have 2 special cases - curious if you have any suggestions.

*Case 1)* I coach an FRC team. Everyone on the team uses shared laptops
with shared login. We don't have an IT staff to keep a login on each
machine for each member of the team on each laptop or computer. So any
suggestion that requires doing that isn't worth putting out there.  With
passwords it was easy. Anyone could clone a repo, do work, push the work,
and delete the repo - all they needed was their password - oh another
aside, some of the students aren't at all sure they even want to learn to
code so we want to keep the obstacles level as low as possible. requiring
lots of expertise to access the code isn't really useful. Many of them have
never used a command line, and the interest in doing so is still far in
their future.

So with a token on shared machines and shared accounts -* one solution* -
everyone uses the same token and the same accounts. No one has a clue who
put what code in the repo because the push always comes from that account.
Any better solutions?

*Case 2)* For me 0 I often find that I am in a situation where I'm on a
machine that is not "my own machine" and may be on an account that is "not
my account". Having non-confidential projects where they can be pulled in
quickly is handy. I have open repos on github where confidentiality isn't
an issue and can just clone a repo, so some work and push the work, and
delete the local repo. if i forget to delete the local repo - no harm to me
- they don't have my password, and the harm to them is just the need to
delete a directory full of junk (whoever "them" is)  and if they do push
some junk to my repo, given the repo IS version control - it would be
generally pretty easy to undo the mess unless they were very nefarious.

What is the easiest way to make a "token" portable (usb thumb?) and make
sure it is never left behind on a machine that I don't control? It feels
like losing control of the token is a bad thing.

*Parting note:*
I have to admit that I haven't taken the time to look and see if there are
easy solutions. I'm hoping to get a free ride here on someone else's
brilliance. So feel free to tell me my cases are "too special" and go fish
on my own. :-) But if you have any suggestions, I'm interested.

Rob.
PS: I've seriously thought about just setting up a non github git repo in
the cloud to solve some of these problems, but there are downsides to that
as well. There is value to getting these students on github and aware of
how all of that works. and Github has some nice features beyond simple git,
and is publicly findable. (and someone else maintains it)

On Tue, Jan 26, 2021 at 11:53 AM Carl Nobile via TriEmbed <
triembed at triembed.org> wrote:

> Sure,
>
> I already described in one of my previous tutorials how to actually get
> the token, but not how to use it for normal SSH access.
>
> ~Carl
>
> On Tue, Jan 26, 2021 at 11:45 AM Pete Soper via TriEmbed <
> triembed at triembed.org> wrote:
>
>> Been a long time since I hooked up for working with a GitHub repo (the
>> day MS bought them) and I just got a message saying it's time to get
>> with the the token, SSH thing.
>>
>> If anybody's interested I could take notes about how to make this
>> transition, but it will be Linux-centric.
>>
>> -Pete
>>
>>
>>
>> _______________________________________________
>> Triangle, NC Embedded Computing mailing list
>>
>> To post message: TriEmbed at triembed.org
>> List info:
>> http://mail.triembed.org/mailman/listinfo/triembed_triembed.org
>> TriEmbed web site: http://TriEmbed.org
>> To unsubscribe, click link and send a blank message: mailto:
>> unsubscribe-TriEmbed at bitser.net?subject=unsubscribe
>>
>>
>
> --
>
> -------------------------------------------------------------------------------
> Carl J. Nobile (Software Engineer)
> carl.nobile at gmail.com
>
> -------------------------------------------------------------------------------
> _______________________________________________
> Triangle, NC Embedded Computing mailing list
>
> To post message: TriEmbed at triembed.org
> List info: http://mail.triembed.org/mailman/listinfo/triembed_triembed.org
> TriEmbed web site: http://TriEmbed.org
> To unsubscribe, click link and send a blank message: mailto:
> unsubscribe-TriEmbed at bitser.net?subject=unsubscribe
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.triembed.org/pipermail/triembed_triembed.org/attachments/20210126/01a7a7fa/attachment.htm>

More information about the TriEmbed mailing list