Dan Jones @[email protected]

Husband, Father, Software Engineer (PHP, go, etc.). Lover of Star Trek and anime.

Looking for other things to do, such as writing, acting, voice acting, but not really finding the time for it. Maybe when my kids are a little older, I'll get back on stage.

Feeling pretty bleak about the future of the United States. #NeverTrump

Feel free to follow. I may follow back if we seem to have similar interests.

#BlackLivesMatter #TransRightsAreHumanRights #StayWoke

Other interests: #Parenting #StarTrek #Writing #Theater #anime #PHP #golang #Programming #WebDevelopment #genealogy #ScienceFiction #DadJokes

My Links

links.danielrayjones.com

Pronouns

he/him/his

XMPP

[email protected]

Mastodon account

fosstodon.org/@danjones000

LinkedIn

linkedin.com/in/danjones000

Résumé

danielrayjones.com

  • Notes
  • Articles
  • Followers 226
  • Following 306
  • Remote follow
Dan Jones's avatar
Dan Jones
@[email protected]

If you use GitHub with SSH, you may have seen a warning when doing a git fetch this morning.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed. The fingerprint for the RSA key sent by the remote host is SHA256:uNiVztksCsDhcc0u9e8BujQXVUpKZIDTMczCvj3tD2s. Please contact your system administrator.

GitHub explained in a blog post that they replaced their RSA key.

But this part of their explanation really stands out to me:

At approximately 05:00 UTC on March 24, out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com.

This week, we discovered that GitHub.com’s RSA SSH private key was briefly exposed in a public GitHub repository.

Replacing an exposed private key is not an "abundance of caution". It is the exact appropriate amount of caution for this sort of situation.

I really wish companies would stop using that phrase, as if they're being super extra careful, when what they're doing is the absolute bare minimum of what any reasonable person would do.

#GitHub #SSH #cryptography #RSA

We updated our RSA SSH host key | The GitHub Blog The GitHub Blog
  • permalink
  • interact from your instance
  • 2 years ago
Powered by microblog.pub 2.0.0+9c8693ea and the ActivityPub protocol. Admin.