Conversation

Notices

1. Embed this notice
   mcc (mcc@mastodon.social)'s status on Saturday, 25-Mar-2023 02:10:35 JST mcc

   This blog post seemed very normal until I hit this bit

   GITHUB ACCIDENTALLY POSTED THEIR PRIVATE KEYS TO GITHUB

   THERE IS LITERALLY NO ONE ON EARTH ABLE TO USE THIS PROGRAM SAFELY

   https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/

   • Embed this notice
     mcc (mcc@mastodon.social)'s status on Saturday, 25-Mar-2023 02:20:25 JST mcc

     in reply to

     • Ed Ross

     @edaross Instead of AI, why not try writing a computer program

     silverwizard likes this.
   • Embed this notice
     Ed Ross (edaross@neurodifferent.me)'s status on Saturday, 25-Mar-2023 02:20:26 JST Ed Ross

     in reply to

     • Esther, an actual photographer
     • Kevin Karhan :verified:

     @kkarhan

     @esther @mcc

     Maybe ?just maybe ?? this could be a suitable place for.... some AI? Have files checked for things that look like Private Keys (and other things the user probably doesn't want to upload), and highlight that before uploading so the user can confirm or refuse the upload as needed?

     (And also education about how to design your system so there is less chance of uploading Private Keys in the first place?)

   • Embed this notice
     Kevin Karhan :verified: (kkarhan@mstdn.social)'s status on Saturday, 25-Mar-2023 02:20:27 JST Kevin Karhan :verified:

     in reply to

     • Esther, an actual photographer

     @esther @mcc that's because git is a versioning system and follows unix-esque KISS principle.

     It doesn't have any knowledge of what a file extension is.

     Usually some [partly commercialized] version systems & management platforms like #GitLab and #gitea should have some options to do so - similar to branch protection...

   • Embed this notice
     Esther, an actual photographer (esther@strangeobject.space)'s status on Saturday, 25-Mar-2023 02:20:28 JST Esther, an actual photographer

     in reply to

     @mcc I’m baffled that git still doesn’t at least have some sensible defaults about what types of files maybe should have an extra confirm step before committing

   • Embed this notice
     Tathar is dragons! ΘΔ (tathar@dragon.style)'s status on Saturday, 25-Mar-2023 02:34:05 JST Tathar is dragons! ΘΔ

     in reply to

     @mcc

     What psychopath capitalizes it "GitHub?"

   • Embed this notice
     mcc (mcc@mastodon.social)'s status on Saturday, 25-Mar-2023 02:34:05 JST mcc

     in reply to

     • Tathar is dragons! ΘΔ

     @Tathar …Github does. The linked article was posted by Github, and Github spells Github "GitHub"