[TriEmbed] GitHub heads up: password logins go away August 13th
jonathan hunsberger
1101010 at gmail.com
Fri Jan 29 07:21:02 CST 2021
I understand your use case with the FRC team. For that have you looked at
other cloud git offerings that do allow password auth? (Gitlab comes to
mind. They have free public repos, although I'm more familiar with the
self-hosted OSS version. I actually think their issue/branch/merge flow is
easier to understand than the github fork/pull, but YMMV).
For the other use case, tokens can apparently be used to auth on the
command line just like passwords. So if you generate one and store it
securely somewhere (e.g. online password vault) then you can access it and
copy/paste when pushing. Also from the examples they seem to just be a
bunch of digits, so you could store on a password vault on your phone and
type it in when it's time to push.
On Fri, Jan 29, 2021, 2:28 AM Robert Mackie via TriEmbed <
triembed at triembed.org> wrote:
> Carl, (or anyone else)
>
> Here i go. I'm going to risk sounding like a wild eyed crazy guy. But if I
> can get good suggestions, it's worth it. :-)
>
> Question 1:
>
> How is a central git repo dramatically ifferent from a local repo?
>
> I'm guessing a lot has happened in the world of git that I've been
> priveledged to ignore, while using git as a simple "client".
>
> What I remember is that i was using bitkeeper for one of the repositories
> my development group had inherited during an acquisition at the time that
> linus torvolds and the owner of bitkeeper decided to separate linux from
> bitkeeper. Are the time it seemed acrimonious although to hear it now it
> was something that they mutually agreed to.
>
> So I started using git when it was still just a set of quick scripts that
> linus "had thrown together over the weekend". It clearly inherited a lot of
> good it worked from bitkeeper. There are some differences because bitkeeper
> was for profit and git was to support distributed opensource development.
>
>
> At that time one of the explicit goals of git was to ensure that no one
> repo or repo manager could ever "own" the source history of a project. The
> goal was that if a repo was closed, or locked or "taken over" - then any
> other repo could become the central repository as long as all the "clients"
> (i.e. local repository holders) decided to reconfigure their "parent" to
> that alternate repo. at the time it seemed (in the press) that linus was
> unhappy with the idea that the holder of a singal repo could hold the
> history of the Linux change control hostage to a personal agenda. But
> saying that's what the owner of bitkeeper did. It's just that what he
> wanted to do made it clear that it was a possibility that someone might
> someday do that.
>
> And my experience with git is that i can point at pretty much any repo as
> the upstream source, whether it's one on the same hard drive, one on
> another computer in my office, or one hosted on the cloud.
>
> What all am I missing about a central server? I don't doubt that I'm
> missing things, i just don't know what? I can imagine the "central server"
> should be backed up, but every time it's fully cloned that happens. And if
> there are other records, then a standard disk backup would do. I can
> imagine that if it gets enough traffic, there might be some questions of
> scale, (load balancing, atomicity, etc) but I'm not to talking about
> thousands of users but rather 10s or at most a couple of hundred occasional
> users.
>
> What am I missing?
>
> Question 2:
> What horrible problems do you see happening with a single account for all
> of many users? How would you address it? (Approach not staffing) Keep in
> mind you are addressing a small nonprofit with a very limited budget, a
> need to give almost every user admin (or some equivalent to sudo) so they
> can install software and experiment and even ruin an OS install and then
> learn to rebuild it, and that pretty much all the computers are 5 or more
> years out of date and heterogenous makes and models because all are donated
> as cast offs.
>
> Also, it is easier to wipe them and start over, than to worry about
> keeping them clean, and that we have had very few problems with wild "sw
> virus plagues" over the last decade, because people use these computers to
> get things done, not to browser random websites.
>
> There is not disk space on each laptop for a personal account for every
> member of the organization. It is not reasonable to dedicate specific
> computers to specific people. We might be able to set up active directory
> (or the like) and have people use an account and home directory) on a
> server, but then we need a reliable and accessible server. However, these
> computers often leave the site to be used for outreach, often while
> training brand new people who would not yet be in the directory and in
> locations where the computer would not be able to reach the directory
> server. (Often used when wifi or ethernet not available.)
>
> So I'm curious - what do you think will go wrong and how would you solve
> it? I'd love a creative effective approach that addresses our odd
> requirement set. The requirements are a result of working really really
> hard to eliminate perceived obstacles to trying something technical. Our
> efforts are aimed at getting people who aren't even sure they should
> consider that they might someday become technical to try something that is
> far outside their comfort zone. So each delay of access, each complexity of
> access, each extra step adds to the likelihood that the people we are
> addressing will decide that their first impression was correct - tech is
> not for them. We want to avoid that.
>
> So we leave things as wide open as we can.
>
> So again - if you have creative solutions that will help us make this more
> accessible, and easier to manage - I'd really love to hear what you
> suggest. Our requirements are so different from an office, or a school, or
> a government, or even the part of our organization that runs it as a
> business that most ideas I've heard are cures worse than the problem in
> terms of lowerng perceived barriers. Just saying "people should get over it
> and do it right", which I've heard a lot - well we can do that, but a lot
> of people with a lot of potential will just walk away - their self story
> will be "tech is too hard" before they find out how much they can love it,
> and well they can learn it.
>
> Rob.
>
> On Wed, Jan 27, 2021, 12:36 PM Carl Nobile <carl.nobile at gmail.com> wrote:
>
>> Robert,
>>
>> I hate to say this but everybody working with the same account is asking
>> for trouble.
>> The reason why I'm the only one to respond, at least with respond all, is
>> because there is no better solution but to have separate accounts.
>> I understand that you have no admin to seemingly solve the issue for you,
>> but that's the issue to solve not to get around it by trying to solve the
>> myriad of problems having only one account will cause.
>>
>> If you really can't solve the single account problem then yes definitely
>> set up a local git repo, but that will take the talents of somebody that
>> really knows how git works. A central git repo is NOT set up like the one
>> you have locally in your working environment, it may need that elusive
>> admin for setting up.
>>
>> ~Carl
>>
>>
>> On Tue, Jan 26, 2021 at 5:55 PM Robert Mackie <rob at mackies.org> wrote:
>>
>>> Hey Folks,
>>>
>>> Could use some insights from you. My normal case - on a computer I own,
>>> or work at regularly and am the only user of, or on an account i own and am
>>> the only user of (home or work), it seems like tokens won't be a problem.
>>> In fact, they may make things even easier, day-to-day.
>>>
>>> I have 2 special cases - curious if you have any suggestions.
>>>
>>> *Case 1)* I coach an FRC team. Everyone on the team uses shared laptops
>>> with shared login. We don't have an IT staff to keep a login on each
>>> machine for each member of the team on each laptop or computer. So any
>>> suggestion that requires doing that isn't worth putting out there. With
>>> passwords it was easy. Anyone could clone a repo, do work, push the work,
>>> and delete the repo - all they needed was their password - oh another
>>> aside, some of the students aren't at all sure they even want to learn to
>>> code so we want to keep the obstacles level as low as possible. requiring
>>> lots of expertise to access the code isn't really useful. Many of them have
>>> never used a command line, and the interest in doing so is still far in
>>> their future.
>>>
>>> So with a token on shared machines and shared accounts -* one solution*
>>> - everyone uses the same token and the same accounts. No one has a clue who
>>> put what code in the repo because the push always comes from that account.
>>> Any better solutions?
>>>
>>> *Case 2)* For me 0 I often find that I am in a situation where I'm on a
>>> machine that is not "my own machine" and may be on an account that is "not
>>> my account". Having non-confidential projects where they can be pulled in
>>> quickly is handy. I have open repos on github where confidentiality isn't
>>> an issue and can just clone a repo, so some work and push the work, and
>>> delete the local repo. if i forget to delete the local repo - no harm to me
>>> - they don't have my password, and the harm to them is just the need to
>>> delete a directory full of junk (whoever "them" is) and if they do push
>>> some junk to my repo, given the repo IS version control - it would be
>>> generally pretty easy to undo the mess unless they were very nefarious.
>>>
>>> What is the easiest way to make a "token" portable (usb thumb?) and make
>>> sure it is never left behind on a machine that I don't control? It feels
>>> like losing control of the token is a bad thing.
>>>
>>> *Parting note:*
>>> I have to admit that I haven't taken the time to look and see if there
>>> are easy solutions. I'm hoping to get a free ride here on someone else's
>>> brilliance. So feel free to tell me my cases are "too special" and go fish
>>> on my own. :-) But if you have any suggestions, I'm interested.
>>>
>>> Rob.
>>> PS: I've seriously thought about just setting up a non github git repo
>>> in the cloud to solve some of these problems, but there are downsides to
>>> that as well. There is value to getting these students on github and aware
>>> of how all of that works. and Github has some nice features beyond simple
>>> git, and is publicly findable. (and someone else maintains it)
>>>
>>> On Tue, Jan 26, 2021 at 11:53 AM Carl Nobile via TriEmbed <
>>> triembed at triembed.org> wrote:
>>>
>>>> Sure,
>>>>
>>>> I already described in one of my previous tutorials how to actually get
>>>> the token, but not how to use it for normal SSH access.
>>>>
>>>> ~Carl
>>>>
>>>> On Tue, Jan 26, 2021 at 11:45 AM Pete Soper via TriEmbed <
>>>> triembed at triembed.org> wrote:
>>>>
>>>>> Been a long time since I hooked up for working with a GitHub repo (the
>>>>> day MS bought them) and I just got a message saying it's time to get
>>>>> with the the token, SSH thing.
>>>>>
>>>>> If anybody's interested I could take notes about how to make this
>>>>> transition, but it will be Linux-centric.
>>>>>
>>>>> -Pete
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Triangle, NC Embedded Computing mailing list
>>>>>
>>>>> To post message: TriEmbed at triembed.org
>>>>> List info:
>>>>> http://mail.triembed.org/mailman/listinfo/triembed_triembed.org
>>>>> TriEmbed web site: http://TriEmbed.org
>>>>> To unsubscribe, click link and send a blank message: mailto:
>>>>> unsubscribe-TriEmbed at bitser.net?subject=unsubscribe
>>>>>
>>>>>
>>>>
>>>> --
>>>>
>>>> -------------------------------------------------------------------------------
>>>> Carl J. Nobile (Software Engineer)
>>>> carl.nobile at gmail.com
>>>>
>>>> -------------------------------------------------------------------------------
>>>> _______________________________________________
>>>> Triangle, NC Embedded Computing mailing list
>>>>
>>>> To post message: TriEmbed at triembed.org
>>>> List info:
>>>> http://mail.triembed.org/mailman/listinfo/triembed_triembed.org
>>>> TriEmbed web site: http://TriEmbed.org
>>>> To unsubscribe, click link and send a blank message: mailto:
>>>> unsubscribe-TriEmbed at bitser.net?subject=unsubscribe
>>>>
>>>>
>>
>> --
>>
>> -------------------------------------------------------------------------------
>> Carl J. Nobile (Software Engineer)
>> carl.nobile at gmail.com
>>
>> -------------------------------------------------------------------------------
>>
> _______________________________________________
> Triangle, NC Embedded Computing mailing list
>
> To post message: TriEmbed at triembed.org
> List info: http://mail.triembed.org/mailman/listinfo/triembed_triembed.org
> TriEmbed web site: http://TriEmbed.org
> To unsubscribe, click link and send a blank message: mailto:
> unsubscribe-TriEmbed at bitser.net?subject=unsubscribe
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.triembed.org/pipermail/triembed_triembed.org/attachments/20210129/633e1509/attachment.htm>
More information about the TriEmbed
mailing list