This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2019-10-02
Channels
- # aleph (3)
- # announcements (2)
- # babashka (4)
- # beginners (74)
- # calva (21)
- # clj-kondo (30)
- # cljs-dev (7)
- # cljsrn (42)
- # clojure (121)
- # clojure-dev (13)
- # clojure-europe (23)
- # clojure-losangeles (2)
- # clojure-nl (2)
- # clojure-norway (7)
- # clojure-spec (140)
- # clojure-uk (58)
- # clojuredesign-podcast (9)
- # clojurescript (49)
- # clojutre (2)
- # cursive (32)
- # datascript (2)
- # datomic (59)
- # duct (7)
- # figwheel-main (6)
- # fulcro (18)
- # graphql (5)
- # jackdaw (1)
- # joker (6)
- # juxt (7)
- # leiningen (9)
- # off-topic (1)
- # pedestal (14)
- # quil (2)
- # re-frame (3)
- # reitit (8)
- # shadow-cljs (78)
- # sql (8)
- # timbre (3)
- # vim (69)
Morning
måning
anyone know of a nice paste service with editor plugins which is also infosec friendly - i.e. no public option and mandatory aging/expiry ?
what i'm particularly after is for the service to have no options to do silly stuff - i.e. pastes will always be private and pastes will always be expired, no options for accidents or misconfiguration (i've got ptsd after some stuff was pasted to a public gist)
'cos we can mandate and monitor "use this paste service" easily enough, but "configure your client this way" is much harder
If you're up for it, you could run your own pastebin service and lock it down as appropriate
so cat all-the-usernames-and-unencrypted-unhashed-passwords-in-the-entire-world.txt | tbc
What is the usecase, though? Why are plaintext credentials being put anywhere even vaguely public?
@conor.p.farrell they should not be, it was an accident - some creds were exposed in an ex-info message (this will be fixed), and pasted without thought. since the best security approaches are multi-layered, i'm looking to also negate the impact of accidental posting
This might be too 'galaxy brain', but just stop people making gists rather than trying to find a secure gist service? I personally don't feel the need to use any when I'm working remotely
how do you share snippets then ? i find gist-like things with editor plugins remarkably useful
@jasonbell that would be nice - i did look at keybase, but you can't link to content, so it's not much good for pasting
We use Teams (which is bad) but it does the job for sharing error messages or what have you
@conor.p.farrell we use our own comms product, but it's not oriented towards code-sharing at all, and the only users for code-sharing type features (i.e. sane formatting) would be us, so it's never going to be a high priority to implement
@mccraigmccraig that’s a shame because it would make an excellent plugin.
It's a shame keybase doesn't do slack like snippets