It's really bad when you need a tl:dr on a security vulnerabilities release, it was a lot more bugs than I expected, I wonder if GitHub enterprises is just as bad?
If only there were a solution I could buy... ;) No, I do believe you should use Google Authenticator, it’s free, easy to implement and adds a lot of security over just passswords.
I would say it all depends on why the do it, if there is a clear motive (like if they depend on it...then it makes sense for me and them and builds trustworthiness). But just sponsor something out of the blue - no. I don’t believe in random goodness when money is involved.
Like it, as a runner and European citizen I always get confused if someone refers to American miles or not, but 5k is always 5000meters regardless? Do Americans who run ever talk about miles?
I would suggest you focus a lot on the design, research the history and design of other languages. Try to understand how they evolved and try to figure out their bad decisions on the way.
I second that, it also allows moving and separation from different sites/publication systems (by DNS pointing). Also a valid concern: I seen main sites been redone/moved so many times while the docs stayed the same on its own subdomain...
It was unnecessary to split the protocol into two ports when STARTTLS came along shortly after. As for myself, I also thinks it's nice that you can partly identify the usage of a port by connecting to it.