Fork me on GitHub
David Pham07:03:28

Anyone knows if this might be helpful for the clojure community? OSS Fuzzer

delaguardo09:03:50 will be interesting to compare with upcoming clojure survey results


We have had to build some stuff in go at my work. I hate it. ANythign bigger than a trivial project I just don't want to touch golang ever again.


Anyway, golang is one of the quickest growing community and I believe clojure and the team behind it could learn a lot from their yearly survey.


Very interesting


For Windows users, do you need to restart after editing an environment variable like PATH for changes to take effect?


when editing via the environment variables window.


On windows 10 I find I just need to restart the program I want to have the changes take effect in (such as emacs)


i got it yep, i just had to close my powershell window and reopen it


So I set up 2FA on my git hub, now when using the command line I need to enter my git username and a token on every push...


should i just copy and paste a token into a text file, and use that for all CLI stuff or am I really expected to go to the web page, generate a token, remember what permission boxes I need to tick, then paste that token in every time?


what am I missing?


Do you have your SSH key registered with GitHub? Or are you pushing via HTTPS?

☝️ 3

I'm just pushing via

$ git commit -m "blah"
$ git push
Then it says to enter username, so i enter my git username then it asks for password and I need to paste in a token.


I think becasue of teh 2FA it wont accept my actual password


How did you do the initial checkout? Or: what does “`git remote -v`” tell you?


(I’ve always used SSH, so if there’s a problem with 2FA and HTTPS check-outs I probably can’t help…)


git remote -v tells me

origin	 (fetch)
origin	 (push)


the checkout i think i did git clone


git clone what though? github allows you to use http OR ssh when you clone a repo


oh no, i can't remember...


And when you're done, run git remote origin set-url <ssh url> to override the existing URL for your remote with its ssh counterpart


Really can't fathom why github went with git clone over https by default, are there any sane developers using it deliberately? 🤷


At one institution we have a sysadmin who blocks Github over SSH, because it’s “not secure”.


there are tradeoffs. ssh does not do host verification. you have to manually verify known hosts by comparing fingerprints (which almost no one actually does)


and you can't do 2FA


https gives you host verification via certificates but you need to manage auth credentials


> and you can't do 2FA as in you can't add a second factor besides ssh if you want extra security? technically ssh keys with a passphrase are already 2FA (something you have and something you know), right? "something you know" is a weak factor anyway :thinking_face: Valid points overall, thanks. Another reminder to make fewer assumptions 🙂


its a setting on github that is easily changed, it might even remember once you change it once. It's also a sensible default to use https as there's not much confusing stuff (keyrings, ssh keys, ssh agents, etc) and username and password challenge is straightforward. For low friction to onboarding and new developers https is the clear winner. Once everything is in place, ssh is by far nicer


Plus you can paste one of those git remote addresses straight into a browser


Fair enough, my comment was too harsh From what I've seen in practice, this comes up too often and sometimes new git users (especially non-developers that are somewhat involved with git repos) might have already set up 4-5 repos with https. Most of them are not aware there's a better alternative, so they just accept the situation. But yeah, https is definitely easier for newcomers


The granularity of access control using tokens is finer than when using ssh identities

👍 3

Right, another valid point 😅 I'd argue that this is useful for integration with apps but not so much for user access? Has your experience been different?


for CI it is easier to issue tokens than to mint ssh identities

👍 3

I have edited git clones initially pulled with https: URLs to change the URL in .git/config files, and everything went smoothly afterwards. (hopefully this is not a case of YMMV, but no promises from me on that)

👍 3

No need to manually change stuff in the .git folder (I'm not brave enough to try it!), there's a git command for that: It's a non-issue really, I was just venting, sorry 🙂


Yeah, I've done this a lot and it's fine. Git supports multiple remotes with different trees just fine, so it had better handle a different way of accessing the same remote with the same tree...


fwiw a Github employee told me >65% of their git traffic is HTTPS protocol

😮 3

oh now i'm super interested to know which authentication method uses more energy