/ Andreas | System administrator /

Being a big fan of the OpenID concept I’m quite happy that at least a few of the sites I like to visit are relying parties. Primarily I’m thinking of these sites:

• bitbucket
• linuxportalen
• Server Fault
• SourceForge

Where do you login using your OpenID?

One of the keys I carry around on my keyring is a YubiKey. This post really isn’t about the YubiKey itself, but more about me sharing a few insights I’ve gained on using the key.

• If you already run a WordPress blog you can easily turn it into an OpenID provider to be used with your YubiKey.  What you need is the OpenID plugin and the YubiKey plugin.
• If you decide to personalize your YubiKey I can very much recommend the DuckCorp YubikeyHelp, in addition to the official documentation.
• The new 2.x version of yubikey-val-server-php seems to prefer being part of a group of validation servers, being kept in sync with each other. Failing to figure out how to configure my standalone installation to disregard that synchronization I modified ykval-verify.php (see patch) not to perform those checks.
• The YubiKey WordPress plugin mentioned earlier is hardcoded into using the official Yubico validation server. Apart from  the validation URL, set in the function yubikey_verify_otp(), there is also the length of the key id. Just look for the numeric value 12 and you will find where the key id is being used.

No, this post is not meant to make sense on its own. You probably need to be at least somewhat familiar with the YubiKey as well as the services provided by Yubico.

Seems like there has been quite a few visitors coming to this blog after having done a google search on xkcd system administrator. To spare future visitors the disappointment I might just as well post the content I believe they were looking for.

(See xkcd #705 for the full size original.)

Yet again things are happening in regards to the FUSE version of ZFS. That is something you very well might have missed if you, like me, had satisfied yourself with subscribing to the zfs-on-fuse.blogspot.com RSS feed.

Apparently zfs-fuse.net is where all the action takes place nowdays.

Yes I know that Btrfs most likely is the future of Linux filesystems. Yet I can’t completely shake my crush on ZFS.

As part of the gandi.net 10th birthday I received three promo codes, each worth a free domain name. As I have no real use for them myself I’m giving the promo codes away.

1. 10YRS-8206-D3B6-2E0A (taken)
2. 10YRS-9225-B0BF-E19C (taken)
3. 10YRS-0418-6875-90E7 (taken)

Do note that the promo codes are only valid up until the 31th of Mars, and only for the following top-level domains: .fr, .tel, .com, .net, .info, .me, .mobi, .uk, .be and .eu. Also note that the domain name will only be free for the first year, and that you will have to start paying for the name the second year, if you decide to keep it.

In a default Ubuntu, and probably any other modern Gnome based Linux desktop, the Gnome keyring takes the role of the ssh-agent. If this is not desirable you can tell the keyring not to do that by setting the gconf variable /apps/gnome-keyring/daemon-components/ssh to false.

$ gconftool -s –type bool /apps/gnome-keyring/daemon-components/ssh false

At the next login you should see your environment variable SSH_AUTH_SOCK pointing towards a more proper socket. Note that the real ssh-agent is still started, assuming Ubuntu, thanks to /etc/X11/Xsession.d/90×11-common_ssh-agent.