No announcement yet.

PHP's Git Server Compromised, Now Switching To GitHub

  • Filter
  • Time
  • Show
Clear All
new posts

  • #41
    I do not see any good or bad in that, it's a service provided by one of the largest software companies at the moment, it's free, and the source was open anyway. And Microsoft uses it themselves, so they do have an interest to keep it maintained, stable and secure.

    Everything can and will eventually be breached. Even the Pentagon was by a british guy with Authism interested in UFOs.

    If Microsoft should decide to change their stance on the platforms usage and payment models, moving to another provider isn't even close to as hard as it used to be.

    I have no preference personally, and currently use GitLab at work and mostly github privately. As long as it's free for open source and you do not give up any rights by using it... I'm fine with that.

    I wish github provided an open source version,


    • #42
      Originally posted by darkcoder View Post
      Is sad that the 1st solution most companies or OS foundations opt these days is to move to the cloud when they got issues or get compromised.

      Is not like Microsoft or any other company services haven’t been hacked or taken offline due to issues, both Exchange and Sharepoint coming to my mind.
      Why is it sad? The prime competency and interest of those various foundations and communities are not to run infrastructure so it far better to hand over those details to people that handle it professionally. And let's not pretend that the people handling the infrastructure for Github is in any way shape or form the same people that write POS software like Exchange or Sharepoint.


      • #43
        Originally posted by birdie View Post
        Let's have a dozen comments how GitHub is owned and run by an evil anti-open-source company.
        This, but unironically.


        • #44
          Originally posted by skeevy420 View Post
          When you work construction and you're doing something at a house in the woods miles from civilization, 1, you agree to that beforehand, 2, you can choose to drive your happy ass to a gas station in lieu of pooping in the woods,
          Not sure what any of this has to do with PHP's git server being compromised, but since you brought it up...

          When the pimply faced teenagers at Taco Bell fail to cook your lunch properly and you get a surprise case of the sudden shits later, you should never "choose to drive" yourself to the gas station over pooping in the woods you're already standing in. If you make it to the gas station, great, but if you don't, then what are you gonna do??

          This isn't about saving time or cost cutting -- it's about being properly prepared for an emergency. It is far more sanitary and safer to poop in the woods (or a suitable bag, pee in a bottle, etc) than unsuccessfully driving to a gas station when duty calls. Prepare yourself in advance for this often unspoken and unfortunate situation. Carry a roll of toilet paper, some water/sanitizer, a bag/bottle/shovel, etc every time you are in a situation that may not have a restroom handy at all times. It's the smart and responsible thing to do.

          My hat's off to those brave men and women working through the pandemic at Amazon, especially the ones smart enough to think about these problems in advance and do the right things to keep everything safe and sanitary.
          Last edited by ed31337; 29 March 2021, 09:54 PM.


          • #45
            I wonder which government agency did the hack. North Korea? Russia? USA?
            Good thing there's some sort of audit going on.


            • #46
              Originally posted by birdie View Post

              According to this news piece support agents accounts were compromised, not Microsoft servers or infrastructure. Microsoft to my best knowledge has seen close to zero compromises for its 40 years history.

              Meanwhile open source projects are getting hacked left and right almost on a monthly basis. We have had the breaches of:
              • Fedora (a major breach)
              • The Linux Kernel (a major breach)
              • Debian Wiki
              • OpenSuse website
              • Multiple NPM/Ruby modules
              • PHP (a major breach)
              This comment contains nothing but facts, zero speculation and zero pronouns.

              Someone is again deleting my comments even though I've long stopped with personal attacks. Sigh. OK, I'm out of this discussion.
              Add FreeBSD ports repo years back (9-RELEASE). Binary packages compromised through leaked ssh key of a ports contributor.


              • #47
                Originally posted by timrichardson View Post

                There is nothing Microsoft in GitHub's tech stack. It's open source, so there is a contradiction in your claim: GitHub can't be secure if open source is insecure.
                GitHub tech stack:
                I'm not sure what you're talking about. I've never claimed open source software is inherently insecure, I've never claimed closed source software is inherently secure. I'm talking specifically about companies - many Phoronix open source fans claim Microsoft is a worse option for hosting git repos than self-hosting which has proven on numerous occasions to be quite insecure.


                • #48
                  Originally posted by AndyChow View Post
                  I wonder which government agency did the hack. North Korea? Russia? USA?
                  Good thing there's some sort of audit going on.
                  Hardly anyone with such resources behind them with such a sloppy execution.


                  • #49
                    Originally posted by aht0 View Post
                    He is right tho, US government agencies use overwhelmingly Windows in their workstations.
                    Yes, but when they need something which will work on Mars millions of miles from help, they use Linux


                    • #50
                      Originally posted by timrichardson View Post
                      Yes, but when they need something which will work on Mars millions of miles from help, they use Linux
                      Which is irrelevant and besides the point, no one is trying to hack a rover on mars however plenty of people are trying to hack government workstations especially for data espionage (i.e. cyber attacks).

                      There is a difference between something that will "work" and something thats difficult to compromise.