Notices by Karl Fogel (kfogel@kfogel.org)
-
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Saturday, 18-Jan-2025 11:19:20 JST 
Karl Fogel
@soaproot Well, the size of SGMC doesn't matter here. It's just about the arrangement of authenticated and authorized customer entities they offer in their online service. -
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Saturday, 18-Jan-2025 06:34:14 JST
Karl Fogel
@soaproot This is technically RBAC, sure, but the trouble is that RBAC sort-of-kind-of implies assigning a user to (one or more) roles within one over-arching organization. Like, you're employed by Soulless Global MegaCorp Inc, and when you log on to the corporate network, you have certain access permisions due to having certain roles within SGMC, Inc.
PAMT is a little bit different because there isn't one authority granting the roles. The user is associated with different organizations, each of whom has their *own* organizational account within the service provider (whether that org account has its own dedicated login account or not doesn't matter), and each of those orgs might assign that user a role within their org's "area" or "domain" (or whatever you want to call it) within that service provider.
I feel like if I say "RBAC" to someone who is entirely familiar with RBAC, they're not necessarily going to think of PAMT. It's sufficiently different to need its own label. -
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Friday, 17-Jan-2025 03:53:17 JST
Karl Fogel
@lightweight Ah, you've just been having better luck than we had, okay. I'm glad! I just wish I knew how to replicate your success. The suggestion to test with mail-tester.com (made in your follow-up reply) is helpful -- thank you. -
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Thursday, 16-Jan-2025 13:33:58 JST
Karl Fogel
@bignose Sure, that describes the feature. I'm looking for the label, not the description, though. Not every service supports this way of working. For those that do, I want to be able to say, for example, "Oh, Digital Ocean supports PAMT" or "FooBar Inc doesn't do PAMT, so you just have to use a role account." -
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Thursday, 16-Jan-2025 13:29:54 JST
Karl Fogel
@lightweight The big question is deliverability. When I've tried this, I've ended up spending lots of time trying to convince -- sometimes successfully, sometimes not -- large providers that the emails coming from our service were not spam (which they 100% were not, by the way). The burden of those interactions was very high, but the price of not engaging in them was that our users could not send email to anyone with, e.g., a Hotmail address.
How did you solve this? Or do you not have this problem? Or do you have it but tolerate it?
We knew about SPF/DKIM/DMARC, and AFAIK implemented everything correctly. I'm sure that helped -- our delivery rates would have been much worse without that. But still, some providers are just eager to reject, and yet sometimes people you want to reach are using those providers. -
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Thursday, 16-Jan-2025 13:24:39 JST
Karl Fogel
Is there a word for this pattern?
Some online services handle the "multiple users per organization && multiple organizations per user" situation in the following way:
A user logs in with their individual account and then chooses (typically from a menu in the upper right) which "team" they want want to currently be acting in. A team might correspond to a company, or to a department within a company, or whatever: it's some organization that the user is associated with. So instead of people logging in with a role account that represents the team, they log in as themselves and then "wear a cloak" that lets them act on the team's behalf (within whatever permissions the team admin has granted to that particular member). Naturally, a user can be associated with multiple teams, and those teams don't all have to know about each other -- maybe only the user knows them all.
Is there a name for this pattern? I'm going with "PAMT" ("Personal Account Multiple Teams") for now, but if there's already a widely-used term I'd like to know it. -
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Saturday, 04-Jan-2025 03:38:42 JST
Karl Fogel
The delights of FOSS citizenship:
I just saw a program I wrote 25 years ago, cvs2cl, referenced as an optional dependency by Gource, which is itself not young but which happened to be on the front page of Hacker News today for some reason.
And the Gource documentation doesn't even need to link to cvs2cl's home page, because it can assume that cvs2cl is available in your OS distribution's packaging system (which it is, if you're on any of the major distributions).
Warms the cockles of my hearty-heart-heart on a cold January day.
-
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Wednesday, 01-Jan-2025 08:03:04 JST
Karl Fogel
@sebsauvage I will seek that closing paren for the rest of my days... -
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Wednesday, 01-Jan-2025 02:52:04 JST
Karl Fogel
@tlariv @evan @tlariv @evan Quite right. The imaginary unit i had not been invented yet, and therefore did not exist. -
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Wednesday, 01-Jan-2025 02:48:18 JST
Karl Fogel
These days, whatever I'm doing, I just automatically ask myself whether I should be using SQLite. Opening a jar of pickles with a tough-to-turn lid? We've all been there -- try SQLite! Retrieving a ball that rolled under the couch? Sounds like a job for SQLite. Car engine running a little low on coolant? It wouldn't be doing that if the manufacturer had used SQLite... -
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Tuesday, 31-Dec-2024 02:35:59 JST
Karl Fogel
@serge @johanneskastl https://www.red-bean.com/kfogel/glossiary.html#oughttamatic -
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Tuesday, 31-Dec-2024 01:27:23 JST
Karl Fogel
@serge @johanneskastl That's interesting, that you think of useradd as the canonical one! I keep a reminder to myself about defaulting to adduser, because I can never remember which is which, but now I think maybe my reminder oversimplifies things.
-
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Monday, 30-Dec-2024 14:31:21 JST
Karl Fogel
Still another twelve or so hours to go before Voyager 1 learns of President Jimmy Carter's death.
May he rest in peace; may his memory be for a blessing. -
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Monday, 30-Dec-2024 14:15:49 JST
Karl Fogel
@mattblaze This place is a local favorite. You captured the spirit well! -
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Sunday, 29-Dec-2024 15:31:08 JST
Karl Fogel
That's a neologism I intend to use again:
"Well, I wasn't trolling tonight, though maybe I was indulging in, if not hyperbole, at least superbole." -
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Saturday, 28-Dec-2024 14:18:30 JST
Karl Fogel
@serge I had that book. Wait, I think I even wrote part of it?
/me checks...
Yup. The Emacs and Bash chapters 😂 . But I'm not sure if it's exactly the book you're thinking of?... https://osm.hpi.de/bs/2019/material/The_Linux_Users_Guide.pdf AHA, wait, maybe https://tldp.org/guides.html is the exact collection you remember.
-
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Saturday, 28-Dec-2024 05:25:12 JST
Karl Fogel
@gvwilson (Had that happen, I mean, not muse about the taut, muscular etc etc.) -
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Saturday, 28-Dec-2024 05:24:34 JST
Karl Fogel
@gvwilson Who among us hasn't... -
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Friday, 27-Dec-2024 12:55:08 JST
Karl Fogel
@carlmalamud Oh that. Yeah, I heard about it. I just assumed that the intersection of "people who donate to Wikipedia" and "people who listen to Elon Musk" is the empty set.
-
Embed this notice
Karl Fogel (kfogel@kfogel.org)'s status on Friday, 27-Dec-2024 11:55:40 JST
Karl Fogel
@carlmalamud Ok, but I still didn't know what memo I missed. (Of course, given that I've pretty clearly signaled that I don't have an open mind regarding what that memo is apparently saying, perhaps it doesn't matter that I remain otherwise unfamiliar with it!)
All GNU social JP content and data are available under the