Fork me on GitHub
#off-topic
<
2021-03-11
>
David Pham07:03:28

Anyone knows if this might be helpful for the clojure community? OSS Fuzzer https://twitter.com/metzmanj/status/1369696068997414916

delaguardo09:03:50

https://blog.golang.org/survey2020-results will be interesting to compare with upcoming clojure survey results

3
Stuart14:03:12

We have had to build some stuff in go at my work. I hate it. ANythign bigger than a trivial project I just don't want to touch golang ever again.

delaguardo15:03:40

Anyway, golang is one of the quickest growing community and I believe clojure and the team behind it could learn a lot from their yearly survey.

dharrigan10:03:19

Very interesting

Stuart10:03:59

For Windows users, do you need to restart after editing an environment variable like PATH for changes to take effect?

Stuart10:03:22

when editing via the environment variables window.

jjttjj11:03:44

On windows 10 I find I just need to restart the program I want to have the changes take effect in (such as emacs)

Stuart14:03:08

i got it yep, i just had to close my powershell window and reopen it

Stuart17:03:54

So I set up 2FA on my git hub, now when using the command line I need to enter my git username and a token on every push...

Stuart17:03:44

should i just copy and paste a token into a text file, and use that for all CLI stuff or am I really expected to go to the web page, generate a token, remember what permission boxes I need to tick, then paste that token in every time?

Stuart17:03:48

what am I missing?

cassiel17:03:10

Do you have your SSH key registered with GitHub? Or are you pushing via HTTPS?

☝️ 3
Stuart17:03:02

I'm just pushing via

$ git commit -m "blah"
$ git push
Then it says to enter username, so i enter my git username then it asks for password and I need to paste in a token.

Stuart17:03:44

I think becasue of teh 2FA it wont accept my actual password

cassiel17:03:02

How did you do the initial checkout? Or: what does “`git remote -v`” tell you?

cassiel17:03:17

(I’ve always used SSH, so if there’s a problem with 2FA and HTTPS check-outs I probably can’t help…)

Stuart17:03:20

git remote -v tells me

origin	 (fetch)
origin	 (push)

Stuart17:03:44

the checkout i think i did git clone

pavlosmelissinos17:03:41

git clone what though? github allows you to use http OR ssh when you clone a repo

Stuart17:03:37

oh no, i can't remember...

pavlosmelissinos17:03:19

And when you're done, run git remote origin set-url <ssh url> to override the existing URL for your remote with its ssh counterpart

pavlosmelissinos17:03:43

Really can't fathom why github went with git clone over https by default, are there any sane developers using it deliberately? 🤷

cassiel18:03:20

At one institution we have a sysadmin who blocks Github over SSH, because it’s “not secure”.

3
Alex Miller (Clojure team)18:03:45

there are tradeoffs. ssh does not do host verification. you have to manually verify known hosts by comparing fingerprints (which almost no one actually does)

Alex Miller (Clojure team)18:03:53

https gives you host verification via certificates but you need to manage auth credentials

pavlosmelissinos18:03:43

> and you can't do 2FA as in you can't add a second factor besides ssh if you want extra security? technically ssh keys with a passphrase are already 2FA (something you have and something you know), right? "something you know" is a weak factor anyway :thinking_face: Valid points overall, thanks. Another reminder to make fewer assumptions 🙂

dpsutton17:03:21

its a setting on github that is easily changed, it might even remember once you change it once. It's also a sensible default to use https as there's not much confusing stuff (keyrings, ssh keys, ssh agents, etc) and username and password challenge is straightforward. For low friction to onboarding and new developers https is the clear winner. Once everything is in place, ssh is by far nicer

blak3mill3r17:03:46

Plus you can paste one of those git remote addresses straight into a browser

pavlosmelissinos18:03:04

Fair enough, my comment was too harsh From what I've seen in practice, this comes up too often and sometimes new git users (especially non-developers that are somewhat involved with git repos) might have already set up 4-5 repos with https. Most of them are not aware there's a better alternative, so they just accept the situation. But yeah, https is definitely easier for newcomers

ghadi18:03:14

The granularity of access control using tokens is finer than when using ssh identities

👍 3
pavlosmelissinos18:03:31

Right, another valid point 😅 I'd argue that this is useful for integration with apps but not so much for user access? Has your experience been different?

ghadi18:03:23

for CI it is easier to issue tokens than to mint ssh identities

👍 3
andy.fingerhut18:03:38

I have edited git clones initially pulled with https: URLs to change the URL in .git/config files, and everything went smoothly afterwards. (hopefully this is not a case of YMMV, but no promises from me on that)

👍 3
pavlosmelissinos18:03:10

No need to manually change stuff in the .git folder (I'm not brave enough to try it!), there's a git command for that: https://git-scm.com/docs/git-remote#Documentation/git-remote.txt-emset-urlem It's a non-issue really, I was just venting, sorry 🙂

blak3mill3r19:03:34

Yeah, I've done this a lot and it's fine. Git supports multiple remotes with different trees just fine, so it had better handle a different way of accessing the same remote with the same tree...

ghadi19:03:12

fwiw a Github employee told me >65% of their git traffic is HTTPS protocol

😮 3
dpsutton19:03:28

oh now i'm super interested to know which authentication method uses more energy