Slashdot Mirror

← Back to Stories (view on slashdot.org)

GitHub Drops Support for Weak Cryptographies, Adds Emojis for Labels (github.com)

Posted by EditorDavid on from the fresh-commits dept.

An anonymous reader writes: GitHub has quietly made a few changes this month. Labels for issues and pull requests will now also support emojis and on-hover descriptions. And they're also deprecating the anonymous creation of "gist" code snippets on March 19th, since "as the only way to create anonymous content on GitHub, they also see a large volume of spam." Current anonymous gists will remain accessible.

But the biggest change involves permanently removing support for three weak cryptographic standards, both on github.com and api.github.com.
The three weak cryptography standards that are no longer supported are:
  • TLSv1/TLSv1.1. "This applies to all HTTPS connections, including web, API, and Git connections to https://github.com and https://api.github.com."
  • diffie-hellman-group1-sha1. "This applies to all SSH connections to github.com."
  • diffie-hellman-group14-sha1. "This applies to all SSH connections to github.com."

29 of 50 comments (clear)

  1. Re:Fuck GitHub by hey! · · Score: 1

    That is one of the most poorly thought out rants I've seen here, at least in recent memory.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  2. Re: Can no longer access github.com by Anonymous Coward · · Score: 1

    What the fuck are you using that doesnâ(TM)t support TLS1.2 you wanker?

  3. waste of time by originalGMC · · Score: 1

    Let's add emoji to label instead of fixing all the dumb errors that happen 99% of the time. https://imgs.xkcd.com/comics/g...

    1. Re:waste of time by serviscope_minor · · Score: 1

      You are confusing git with github.

      Github is a platform for hosting git repositories. Git is a distribute version control system. Github can't diverge from git because then it would be something-else-hub and not much use.

      I found this webpage: http://tom.preston-werner.com/... demystified git a lot. Things started to make much more sense about how they worked and why they broke.

      It won't fix the UI problem of random unrelated shite being crammed into one command, poor documentation and submodules and git-lfs being an utter clusterfuck.

      So anyway github can't fix git. As a hosting platform it would however be nice if they fixed the kind of hosting platform related stuff like code reviews. They're absolutely awful on github.

      --
      SJW n. One who posts facts.
    2. Re:waste of time by KiloByte · · Score: 1

      Uhm, except git solves precisely those errors. Once anything is committed, even if you amend/rebase/etc that commit away, git really goes out of its way to preserve it; it takes a malicious action to lose data with git.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  4. Re:What's an emoji? by serviscope_minor · · Score: 1

    Is it something you introduce to small children as a prelude to teaching them to read and write? Seems like a waste of megabytes in /usr/share/fonts to have all those glyphs on your system when you can just give them paper and purple crayon.

    They are something for old men to wave their canes at.

    --
    SJW n. One who posts facts.
  5. Re:What's an emoji? by ArchieBunker · · Score: 2

    Yeah emoji support is my number one requirement when looking at software repositories.

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
  6. Re: Can no longer access github.com by Anonymous Coward · · Score: 1

    What the fuck are you using that doesnÃ(TM)t support TLS1.2 you wanker?

    None of your god damn business, you sheep fucker.

  7. Re:What hell are weak "cryptographies"? by RightwingNutjob · · Score: 1

    They're what poorly designed communication infrastructures use to communicates with aircrafts, watercrafts, spacecrafts, and on the winter solstices, with wirchcrafts.

  8. Re:What's an emoji? by jabberw0k · · Score: 1

    Let me tell you how I feel about that: (indecipherable symbol) (indecipherable symbol) (indecipherable symbol).

  9. Re:What's an emoji? by fahrbot-bot · · Score: 1

    Is it something you introduce to small children as a prelude to teaching them to read and write? Seems like a waste of megabytes in /usr/share/fonts to have all those glyphs on your system when you can just give them paper and purple crayon.

    They were added to help our President learn to code.

    --
    It must have been something you assimilated. . . .
  10. Re:What hell are weak "cryptographies"? by jabberw0k · · Score: 1

    I have an information for you: Your softwares require upgradings.

  11. I never got the point of github by Viol8 · · Score: 1

    I used to develop open source up until a few years back and when I wanted to release something I just stuck a tgz file on my web site. Why do I need something like github? I'll do version control and source management on my own machine with appropriate backups, why on earth would I want to do it on a cloud system? Its extra hassle for zero gain as far as the development process goes as far as I can see.

    1. Re: I never got the point of github by Anonymous Coward · · Score: 1

      How do you collaborate with others?

    2. Re: I never got the point of github by tepples · · Score: 1

      Bug reports on a mailing list, presumably.

    3. Re: I never got the point of github by Viol8 · · Score: 1

      I don't, the code wasn't a collaberative effort. If there are bugs then there's this novel thing called email people can use to report them.

    4. Re:I never got the point of github by Viol8 · · Score: 1

      I've never yet worked at any company that developed on github. Most tend not to want to give away their source code. Perhaps its time for you to get a job in the real world.

  12. Re:What's an emoji? by antdude · · Score: 1

    I am getting annoyed with everything having to have emojis. What's next? Animojis? Argh. Let's just stick with emoticons. :P

    --
    Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  13. Re:Github knows what's important by hey! · · Score: 1

    Do what a real developer does then; clone the repository. Browser access is a minor feature. As for not being able to communicate with projects except through a github account, that's the project's choice.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  14. Collaboration by raymorris · · Score: 2

    As an AC said, the big benefit to GitHub is collaboration.
    Heck even if you don't have other developers, sometimes *users* can benefit from seeing changes, such as when deciding whether or not to install a new version, or if a recent change might explain some odd behavior they are seeing.

    When there is more than one developer, GitHub largely provides the best of both worlds between centralized and de-centralized development. In Git, each clone of the repo is complete and you can work completely offline. There is no "master server" you have to use. I could pull code onto my laptop from your laptop. On the other hand, because your laptop may be offline at any given time, it's convenient to have the GitHub copy as a de-facto sharing point where everyone pushes code to and everyone can pull from at any time.

    GitHub also provides various minor interface functions that make the workflow smoother. You can use Git without GitHub, but GitHub makes it more convenient with an easy interface to comment on pull requests, set up policy regarding if code review is required before merging, etc.

  15. Yes. Well at least if you clone it by raymorris · · Score: 1

    You can probably grep it without cloning it, but you can certainly clone it and then git log | grep

  16. Re:What hell are weak "cryptographies"? by RightwingNutjob · · Score: 1

    Only one information? Why not two informations?

  17. Other Git web frontends by tepples · · Score: 1

    You can use Git without GitHub, but GitHub makes it more convenient with an easy interface to comment on pull requests, set up policy regarding if code review is required before merging, etc.

    How does it compare to Savannah, GitLab, and Bitbucket in this respect? Or a self-hosted copy of Savane (Savannah's engine) or GitLab Community Edition?

  18. I can only guess based on by raymorris · · Score: 2

    I haven't used Savannah. I see that it supports many different types of version control. That may be good if you use many types, but if you have chosen Git, it would be reasonable to expect that a Git-focused system, by far the most popular and best-funded Git-based system, probably works better with Git than does a "jack of all trades" with less than 1% as much development funding.

    I know Linus at one point chose Bitbucket. Linus isn't stupid, so obviously it's worth considering.

  19. Re:Can no longer access github.com by arglebargle_xiv · · Score: 1

    It's also pretty stupid. diffie-hellman-group14-sha1 is 2048-bit DH with HMAC-SHA1, neither of which have shown the remotest signs of being breakable, let alone some unspecified "weak" as Github claims. TLS 1.1 is TLS 1.0 with a few minor issues (e.g. explicit IVs) fixed, which is also no more breakable than TLS 1.2.

    Still, rearranging the deckchairs and saying you're now more secure has a long tradition in big business and government, so I guess this isn't too far out of line with "business best practice for security".

  20. Re:Ssh...it by serviscope_minor · · Score: 1

    I didn't realize they even did ssh...

    Yes: but you have to sign up so you have somewhere to upload your public key.

    Can we grep commit messages of repositories we don't own?

    That's kind of the point of DVCSs, of hwich git is one. A checkout is a full clone of the entire repository and its history.

    --
    SJW n. One who posts facts.
  21. Re: Can no longer access github.com by bhiestand · · Score: 1

    Python requests library on a Mac, apparently.

    --
    SWM seeks new sig for a brief fling
  22. Security theoreticians by Citizen+of+Earth · · Score: 1

    The security theoreticians are making the world a lot less secure and functional. Systems should maintain support for these compromised methods but have connections negotiate the best security available. Because old, unmainted systems remain in service and when a secure connection fails, they fall back to using plain text instead. Or just plain fail. I've been struggling with this in upgrading our company's email server.

  23. Re:What's an emoji? by RockDoctor · · Score: 1

    They were added to help our President learn to code.

    "OK, I've found the Control key. I really believe I'd use this gun to protect schoolchildren. I'v... oh damn, I've shot myself in the leg."

    [Later] "OK, leg bandaged. Control key. Alt key. But where is the Pussygrab key?"

    --
    Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"