HackerTrans
TopNewTrendsCommentsPastAskShowJobs

terrorobe

no profile record

Submissions

Removed unencrypted Git protocol and certain SSH keys

github.blog
4 points·by terrorobe·4 tahun yang lalu·0 comments

comments

terrorobe
·4 tahun yang lalu·discuss
> calling out to services should be a core competency.

What’s the typical failure rate of a method call within a process of a language of your choice?

If it’s not Java2k it will be one or two orders of magnitude lower than any cross-process, host or provider RPC call you’re ever going to make.

At smaller scales, just not having to deal with all the bugs and cleanup work missed error handling brings - and then building proper error handling for all relevant cases - can make a huge difference.
terrorobe
·5 tahun yang lalu·discuss
Then the brownout had its desired effect.

Using unauthenticated transports for code is borderline malicious.
terrorobe
·5 tahun yang lalu·discuss
The main reason to de-emphasize passwords is that they can easily get leaked and can cause long-lasting problems.

Forcing automation to use per-service authentication tokens in the form of distinct SSH keys or access tokens allows you to

* limit the scope of the token when it gets leaked * Using a password gives you full control over a GitHub account, a SSH key or token much less so * verify which credentials are still actively used * deactivate & replace tokens on a more fine-grained level if one should get leaked