Clojurians Log v2

Anyone knows if this might be helpful for the clojure community? OSS Fuzzer https://twitter.com/metzmanj/status/1369696068997414916

https://blog.golang.org/survey2020-results will be interesting to compare with upcoming clojure survey results

Very interesting

For Windows users, do you need to restart after editing an environment variable like PATH for changes to take effect?

when editing via the environment variables window.

On windows 10 I find I just need to restart the program I want to have the changes take effect in (such as emacs)

i got it yep, i just had to close my powershell window and reopen it

We have had to build some stuff in go at my work. I hate it. ANythign bigger than a trivial project I just don't want to touch golang ever again.

Anyway, golang is one of the quickest growing community and I believe clojure and the team behind it could learn a lot from their yearly survey.

So I set up 2FA on my git hub, now when using the command line I need to enter my git username and a token on every push...

should i just copy and paste a token into a text file, and use that for all CLI stuff or am I really expected to go to the web page, generate a token, remember what permission boxes I need to tick, then paste that token in every time?

what am I missing?

Do you have your SSH key registered with GitHub? Or are you pushing via HTTPS?

I'm just pushing via

$ git commit -m "blah"
$ git push

I think becasue of teh 2FA it wont accept my actual password

How did you do the initial checkout? Or: what does “`git remote -v`” tell you?

(I’ve always used SSH, so if there’s a problem with 2FA and HTTPS check-outs I probably can’t help…)

git remote -v tells me

origin	<https://github.com/stuartstein777/graal-vm-hello-world.git> (fetch)
origin	<https://github.com/stuartstein777/graal-vm-hello-world.git> (push)

the checkout i think i did git clone

git clone what though? github allows you to use http OR ssh when you clone a repo

oh no, i can't remember...

@qmstuart Follow these two guides: • https://docs.github.com/en/github/authenticating-to-github/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent • https://docs.github.com/en/github/authenticating-to-github/adding-a-new-ssh-key-to-your-github-account

And when you're done, run git remote origin set-url <ssh url> to override the existing URL for your remote with its ssh counterpart

Really can't fathom why github went with git clone over https by default, are there any sane developers using it deliberately? 🤷

its a setting on github that is easily changed, it might even remember once you change it once. It's also a sensible default to use https as there's not much confusing stuff (keyrings, ssh keys, ssh agents, etc) and username and password challenge is straightforward. For low friction to onboarding and new developers https is the clear winner. Once everything is in place, ssh is by far nicer

Plus you can paste one of those git remote addresses straight into a browser

Fair enough, my comment was too harsh From what I've seen in practice, this comes up too often and sometimes new git users (especially non-developers that are somewhat involved with git repos) might have already set up 4-5 repos with https. Most of them are not aware there's a better alternative, so they just accept the situation. But yeah, https is definitely easier for newcomers

The granularity of access control using tokens is finer than when using ssh identities

At one institution we have a sysadmin who blocks Github over SSH, because it’s “not secure”.

there are tradeoffs. ssh does not do host verification. you have to manually verify known hosts by comparing fingerprints (which almost no one actually does)

and you can't do 2FA

https gives you host verification via certificates but you need to manage auth credentials

> and you can't do 2FA as in you can't add a second factor besides ssh if you want extra security? technically ssh keys with a passphrase are already 2FA (something you have and something you know), right? "something you know" is a weak factor anyway :thinking_face: Valid points overall, thanks. Another reminder to make fewer assumptions 🙂

Right, another valid point 😅 I'd argue that this is useful for integration with apps but not so much for user access? Has your experience been different?

I have edited git clones initially pulled with https: URLs to change the URL in .git/config files, and everything went smoothly afterwards. (hopefully this is not a case of YMMV, but no promises from me on that)

for CI it is easier to issue tokens than to mint ssh identities

No need to manually change stuff in the .git folder (I'm not brave enough to try it!), there's a git command for that: https://git-scm.com/docs/git-remote#Documentation/git-remote.txt-emset-urlem It's a non-issue really, I was just venting, sorry 🙂

fwiw a Github employee told me >65% of their git traffic is HTTPS protocol

oh now i'm super interested to know which authentication method uses more energy

Yeah, I've done this a lot and it's fine. Git supports multiple remotes with different trees just fine, so it had better handle a different way of accessing the same remote with the same tree...