this post was submitted on 24 Jan 2024
270 points (90.9% liked)
Open Source
31719 readers
129 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Case in point. This literally just happened to me just now:
Boy, I sure am glad I'm more secure now. I think the easiest way to get out of this is literally to make a new API token just for me to be able to type to this command. Time to log in to github and spend a few minutes not accomplishing what I was trying to do originally.
As I said before, using API tokens for genuine automated access, I'm all for. An easy way might be to only support typing passwords on interactive ttys or something, and enforce API tokens otherwise. But as it is, and especially given the fact that they're specifically reducing the security of the interactive case, it's hard not to be irritated when this kind of thing happens.
Edit: Oh, and it made me type my password into the github web site in order to generate the token. Hope no one's shoulder- or camera-surfing me.
Also, I was following old instructions anyway; the command failed and I learned I should have just done
brew install httpx
. I wish github was configured so I could have learned that 10 minutes ago.