Permalink
Browse files

wow how come I commit in master? O_o

  • Loading branch information...
homakov committed Mar 4, 2012
1 parent 4d391a4 commit b83965785db1eec019edf1fc272b1aa393e6dc57
Showing with 3 additions and 0 deletions.
  1. +3 −0 hacked
View
3 hacked
@@ -0,0 +1,3 @@
another showcase of rails apps vunlerability.

This comment has been minimized.

Show comment
Hide comment
@jsauve

jsauve Mar 8, 2012

He can hack...but can he spell?

@jsauve

jsauve Mar 8, 2012

He can hack...but can he spell?

This comment has been minimized.

Show comment
Hide comment
@AlekSi

AlekSi Mar 8, 2012

I guess you should do the same in Russian then. ;)

@AlekSi

AlekSi Mar 8, 2012

I guess you should do the same in Russian then. ;)

This comment has been minimized.

Show comment
Hide comment
@jsauve

jsauve Mar 8, 2012

Голос перегиба мой юмор не очень хорошо переведены на русский ;)

@jsauve

jsauve Mar 8, 2012

Голос перегиба мой юмор не очень хорошо переведены на русский ;)

This comment has been minimized.

Show comment
Hide comment
@akostrikov

akostrikov Mar 29, 2012

Действительно, не очень

@akostrikov

akostrikov Mar 29, 2012

Действительно, не очень

This comment has been minimized.

Show comment
Hide comment
@dreamfall

dreamfall Mar 29, 2012

Contributor

Да, чувак, с русским у тебя проблемы) # yeah, dude, you've got some problems with Russian :)

@dreamfall

dreamfall Mar 29, 2012

Contributor

Да, чувак, с русским у тебя проблемы) # yeah, dude, you've got some problems with Russian :)

This comment has been minimized.

Show comment
Hide comment
@andreiglingeanu

andreiglingeanu Oct 13, 2017

probably because github's using rails internally

@andreiglingeanu

andreiglingeanu Oct 13, 2017

probably because github's using rails internally

Github pwned. again :(
will you pay me for security audit?

261 comments on commit b839657

@totseans

This comment has been minimized.

Show comment
Hide comment
@totseans

totseans Mar 5, 2012

Oh well, back to work.

Oh well, back to work.

@jberger

This comment has been minimized.

Show comment
Hide comment
@jberger

jberger Mar 5, 2012

Welcome back @homakov. FWIW you got your message across. Not sure you could have done it any other way. Take this as a lesson all you devs, take all your bug reports seriously.

Welcome back @homakov. FWIW you got your message across. Not sure you could have done it any other way. Take this as a lesson all you devs, take all your bug reports seriously.

@jjmaestro

This comment has been minimized.

Show comment
Hide comment
@jjmaestro

jjmaestro Mar 5, 2012

@gitmonster +infinities and also @DouweM and @tekknolagi

Most comments are completely childish. I've been on both sides of the equation and believe me, mature people deal with this in a much cleaner way. Lot's of people find vulnerabilities bigger than this EVERY day. You just don't hear about them because they are quiet and respect the rules of engagement in Security: report and wait ENOUGH time (not just hit a huge website with a huge bug and expect it to be fixed immediately! Which they did, BTW, huge kudos to Github for their amazing response...)

Having read a lot on this issue, I'm certain @homakov tried to do The Right Thing (TM) and he just messed up due to inexperience and the kind of light-minded attitude that we all have had when we were young. I'm also sure he has learned a big lesson today and all his 0day vulnerabilities will be properly reported from now on instead of breaking hell loose on a Sunday evening.

Thanks @homakov, the Github team and everybody involved in the fixes!

@gitmonster +infinities and also @DouweM and @tekknolagi

Most comments are completely childish. I've been on both sides of the equation and believe me, mature people deal with this in a much cleaner way. Lot's of people find vulnerabilities bigger than this EVERY day. You just don't hear about them because they are quiet and respect the rules of engagement in Security: report and wait ENOUGH time (not just hit a huge website with a huge bug and expect it to be fixed immediately! Which they did, BTW, huge kudos to Github for their amazing response...)

Having read a lot on this issue, I'm certain @homakov tried to do The Right Thing (TM) and he just messed up due to inexperience and the kind of light-minded attitude that we all have had when we were young. I'm also sure he has learned a big lesson today and all his 0day vulnerabilities will be properly reported from now on instead of breaking hell loose on a Sunday evening.

Thanks @homakov, the Github team and everybody involved in the fixes!

@jjmaestro

This comment has been minimized.

Show comment
Hide comment
@jjmaestro

jjmaestro Mar 5, 2012

And now people, LEARN how a good company behaves during such tough times. Please, read the official story of what happened:
https://github.com/blog/1069-responsible-disclosure-policy

And now people, LEARN how a good company behaves during such tough times. Please, read the official story of what happened:
https://github.com/blog/1069-responsible-disclosure-policy

@m3nd3s

This comment has been minimized.

Show comment
Hide comment
@m3nd3s

m3nd3s Mar 5, 2012

I really enjoyed reading this comments, I love open source projects \o/

I really enjoyed reading this comments, I love open source projects \o/

@rainyday

This comment has been minimized.

Show comment
Hide comment
@rainyday

rainyday Mar 5, 2012

Well, I take back what I said, Github seems to be handling this admirably. At least in the end.

Well, I take back what I said, Github seems to be handling this admirably. At least in the end.

@cordoval

This comment has been minimized.

Show comment
Hide comment
@cordoval

cordoval Mar 5, 2012

@homakov is symbol of freedom! Thank you! @php_peru is with you!

@homakov is symbol of freedom! Thank you! @php_peru is with you!

@Miserlou

This comment has been minimized.

Show comment
Hide comment
@Miserlou

Miserlou Mar 5, 2012

No harm no foul, I suppose. Real hacking is always playful!

Fascinating to watch the evolution of this bug (if you look at the tickets, and the tickets which that ticket references) - rail's aim to be easy for beginners has becoming a stumbling point even for the most advanced experts.

+1 for the hack, +1 for GitHub for being so sensible about this. (+1 when Rails changes the default?)

No harm no foul, I suppose. Real hacking is always playful!

Fascinating to watch the evolution of this bug (if you look at the tickets, and the tickets which that ticket references) - rail's aim to be easy for beginners has becoming a stumbling point even for the most advanced experts.

+1 for the hack, +1 for GitHub for being so sensible about this. (+1 when Rails changes the default?)

@chkn

This comment has been minimized.

Show comment
Hide comment
@chkn

chkn Mar 5, 2012

-1 for GitHub's lack of humility about all this. I sincerely hope they are doing a little more for @homakov than just giving him back what he had before. He really did them a big favor.

chkn replied Mar 5, 2012

-1 for GitHub's lack of humility about all this. I sincerely hope they are doing a little more for @homakov than just giving him back what he had before. He really did them a big favor.

@totseans

This comment has been minimized.

Show comment
Hide comment
@coderjonny

This comment has been minimized.

Show comment
Hide comment

lol wow

@KenanY

This comment has been minimized.

Show comment
Hide comment
@KenanY

KenanY Mar 5, 2012

@rmoriz Oh gosh that caught me by surprise.

@rmoriz Oh gosh that caught me by surprise.

@banacorn

This comment has been minimized.

Show comment
Hide comment
@banacorn

banacorn Mar 5, 2012

well done

well done

@rafaelp

This comment has been minimized.

Show comment
Hide comment
@rafaelp

rafaelp Mar 5, 2012

A solution to a more obscure problem related to the "vulnerability" of mass assignment:
https://gist.github.com/1976687

A solution to a more obscure problem related to the "vulnerability" of mass assignment:
https://gist.github.com/1976687

@emwalker

This comment has been minimized.

Show comment
Hide comment
@emwalker

emwalker Mar 5, 2012

After reading through the bug history, I'm glad @homokov persisted. People simply weren't taking him seriously. It looks pretty bad in retrospect.

After reading through the bug history, I'm glad @homokov persisted. People simply weren't taking him seriously. It looks pretty bad in retrospect.

@Apelsin

This comment has been minimized.

Show comment
Hide comment
@Apelsin

Apelsin Mar 5, 2012

Off topic: how can I disable all types of notifications coming from this commit? I have done so for email notifications for this commit, but I would also like to stop receiving tons of notifications via GitHub's interface. Anyone know how? Thanks.

Off topic: how can I disable all types of notifications coming from this commit? I have done so for email notifications for this commit, but I would also like to stop receiving tons of notifications via GitHub's interface. Anyone know how? Thanks.

@jacortinas

This comment has been minimized.

Show comment
Hide comment
@jacortinas

jacortinas Mar 5, 2012

Contributor

@Apelsin right below the comment box at the end of this commit, there is a link to disable email notifications for this commit.

Contributor

jacortinas replied Mar 5, 2012

@Apelsin right below the comment box at the end of this commit, there is a link to disable email notifications for this commit.

@i3zhe

This comment has been minimized.

Show comment
Hide comment
@i3zhe

i3zhe Mar 5, 2012

Actually, this one is hacked by Lei Feng from China.

                                                   Mar 5 2012

i3zhe replied Mar 5, 2012

Actually, this one is hacked by Lei Feng from China.

                                                   Mar 5 2012
@sleeptillseven

This comment has been minimized.

Show comment
Hide comment
@sleeptillseven

sleeptillseven Mar 5, 2012

Shit I'm using @github and @rails right now.
=> Now I have to spend the whole week to move our enterprise code to PHP and CVS.

Shit I'm using @github and @rails right now.
=> Now I have to spend the whole week to move our enterprise code to PHP and CVS.

@thers

This comment has been minimized.

Show comment
Hide comment
@thers

thers Mar 5, 2012

Чикей, все правильно сделал. Роисся гордится тобой :D

thers replied Mar 5, 2012

Чикей, все правильно сделал. Роисся гордится тобой :D

@Apelsin

This comment has been minimized.

Show comment
Hide comment
@Apelsin

Apelsin Mar 5, 2012

@jacortinas Please re-read what I wrote. I just said I did that already and what I am asking for is how to disable ALL notifications for THIS commit.
Thanks.

@jacortinas Please re-read what I wrote. I just said I did that already and what I am asking for is how to disable ALL notifications for THIS commit.
Thanks.

@jacortinas

This comment has been minimized.

Show comment
Hide comment
@jacortinas

jacortinas Mar 5, 2012

Contributor
Contributor

jacortinas replied Mar 5, 2012

@hzlzh

This comment has been minimized.

Show comment
Hide comment
@hzlzh

hzlzh Mar 5, 2012

Just see the 5th comment in front of this one LOL~~~

hzlzh replied Mar 5, 2012

Just see the 5th comment in front of this one LOL~~~

@bloodrizer

This comment has been minimized.

Show comment
Hide comment
@feilaoda

This comment has been minimized.

Show comment
Hide comment
@feilaoda

feilaoda Mar 5, 2012

make word better you can.

make word better you can.

@harshadura

This comment has been minimized.

Show comment
Hide comment
@harshadura

harshadura Mar 5, 2012

oops! this is not so nice to heard! :@

oops! this is not so nice to heard! :@

@milushov

This comment has been minimized.

Show comment
Hide comment
@milushov

milushov Mar 5, 2012

I write in epic thread

I write in epic thread

@sleeptillseven

This comment has been minimized.

Show comment
Hide comment
@sleeptillseven

sleeptillseven Mar 5, 2012

With that, all those "node.js community is so immature" phrases come to my mind. Seems like there are more of these ...

With that, all those "node.js community is so immature" phrases come to my mind. Seems like there are more of these ...

@bmjames

This comment has been minimized.

Show comment
Hide comment
@bmjames

bmjames Mar 5, 2012

Rails is PHP in disguise?

Rails is PHP in disguise?

@madsheep

This comment has been minimized.

Show comment
Hide comment
@madsheep

madsheep Mar 5, 2012

put this in your initializer and forget all about it:

ActiveRecord::Base.send(:attr_accessible, nil)

put this in your initializer and forget all about it:

ActiveRecord::Base.send(:attr_accessible, nil)
@pwlin

This comment has been minimized.

Show comment
Hide comment
@pwlin

pwlin Mar 5, 2012

put this in your php.ini and forget all about it:

register_globals = Off

pwlin replied Mar 5, 2012

put this in your php.ini and forget all about it:

register_globals = Off

@sleeptillseven

This comment has been minimized.

Show comment
Hide comment
@sleeptillseven

sleeptillseven Mar 5, 2012

Only CoffeScript allowed :P

Only CoffeScript allowed :P

@NoICE

This comment has been minimized.

Show comment
Hide comment
@NoICE

NoICE Mar 5, 2012

I wonder how many bugs like this are in githubs (and my) code. What about subscriptions for example...

NoICE replied Mar 5, 2012

I wonder how many bugs like this are in githubs (and my) code. What about subscriptions for example...

@gugu

This comment has been minimized.

Show comment
Hide comment
@gugu

gugu Mar 5, 2012

there are no kittens in this thread

kitten

gugu replied Mar 5, 2012

there are no kittens in this thread

kitten

@mininaim

This comment has been minimized.

Show comment
Hide comment
@mininaim

mininaim Mar 5, 2012

Wow amazing thread! even If I'm not a Rails developer!

Wow amazing thread! even If I'm not a Rails developer!

@gfosco

This comment has been minimized.

Show comment
Hide comment

They Said

@simoncpu

This comment has been minimized.

Show comment
Hide comment
@simoncpu

simoncpu Mar 5, 2012

 _____ _   _ _____    ____    _    __  __ _____ 
|_   _| | | | ____|  / ___|  / \  |  \/  | ____|
  | | | |_| |  _|   | |  _  / _ \ | |\/| |  _|  
  | | |  _  | |___  | |_| |/ ___ \| |  | | |___ 
  |_| |_| |_|_____|  \____/_/   \_\_|  |_|_____|
 _____ _   _ _____    ____    _    __  __ _____ 
|_   _| | | | ____|  / ___|  / \  |  \/  | ____|
  | | | |_| |  _|   | |  _  / _ \ | |\/| |  _|  
  | | |  _  | |___  | |_| |/ ___ \| |  | | |___ 
  |_| |_| |_|_____|  \____/_/   \_\_|  |_|_____|
@darkstalker

This comment has been minimized.

Show comment
Hide comment

lol gg

@wouteroostervld

This comment has been minimized.

Show comment
Hide comment
@wouteroostervld

wouteroostervld Mar 5, 2012

OMG GitHub has turned into Reddit/2+2...

OMG GitHub has turned into Reddit/2+2...

@lostinplace

This comment has been minimized.

Show comment
Hide comment

upvote

@mattcaldwell

This comment has been minimized.

Show comment
Hide comment
@mattcaldwell

mattcaldwell Mar 5, 2012

I hereby associate myself with this epic commit thread.

I hereby associate myself with this epic commit thread.

@paulwal

This comment has been minimized.

Show comment
Hide comment
@paulwal

paulwal Mar 5, 2012

@homakov

Congrats on unbanning yourself!

PS- can you upgrade my account? Thanks!

@homakov

Congrats on unbanning yourself!

PS- can you upgrade my account? Thanks!

@rishta

This comment has been minimized.

Show comment
Hide comment
@rishta

rishta Mar 5, 2012

This is not a design problem... of the architecture, but that of the default policy making assignment implicit AND of the user (github) not being security conscious enough. And since github was informed about the status quo it's its sole responsibility for being hacked and they were IN LUCK that it wasn't someone malevolent. Committing to main branch guaranteed speedy alert of the resposible personnel and patch fixing all apps hence.

This is not a design problem... of the architecture, but that of the default policy making assignment implicit AND of the user (github) not being security conscious enough. And since github was informed about the status quo it's its sole responsibility for being hacked and they were IN LUCK that it wasn't someone malevolent. Committing to main branch guaranteed speedy alert of the resposible personnel and patch fixing all apps hence.

@MechanisM

This comment has been minimized.

Show comment
Hide comment
@MechanisM

MechanisM Mar 5, 2012

@homakov "get account back" - is nice reward. Congrats! :trollface:

@homakov "get account back" - is nice reward. Congrats! :trollface:

@chjohnst

This comment has been minimized.

Show comment
Hide comment

quazy

@earlcochran

This comment has been minimized.

Show comment
Hide comment
@earlcochran

earlcochran Mar 5, 2012

@grantgalitz Exactly. This is a place for coders to get things done. Go back to Reddit and 4chan if you want meme pictures and let the men and women do work.

@grantgalitz Exactly. This is a place for coders to get things done. Go back to Reddit and 4chan if you want meme pictures and let the men and women do work.

@gfosco

This comment has been minimized.

Show comment
Hide comment
@gfosco

gfosco Mar 5, 2012

Oh please... get over yourselves.

GitHub is one of the greatest things ever created.

Rails, however... not so much.

Oh please... get over yourselves.

GitHub is one of the greatest things ever created.

Rails, however... not so much.

@gamaral

This comment has been minimized.

Show comment
Hide comment
@gamaral

gamaral Mar 5, 2012

@gfosco I can't agree more... stupid Rails. Powered Rails on the other hand, they are pretty awesome, but you do need to get a lot of gold.

@gfosco I can't agree more... stupid Rails. Powered Rails on the other hand, they are pretty awesome, but you do need to get a lot of gold.

@CryptoJones

This comment has been minimized.

Show comment
Hide comment
@CryptoJones

CryptoJones Mar 5, 2012

When you commit in master, the terrorists win!

When you commit in master, the terrorists win!

@oreoshake

This comment has been minimized.

Show comment
Hide comment
@oreoshake

oreoshake Mar 5, 2012

Contributor

use https://github.com/presidentbeef/brakeman, it finds mass assignment vulnerabilities pretty darn well

Contributor

oreoshake replied Mar 5, 2012

use https://github.com/presidentbeef/brakeman, it finds mass assignment vulnerabilities pretty darn well

@mzeena

This comment has been minimized.

Show comment
Hide comment

Bravo!

@koopa

This comment has been minimized.

Show comment
Hide comment
@koopa

koopa Mar 5, 2012

good job mate :)
you did the right thing in my opinion. no harm done but great way to get attention for a critical issue

koopa replied Mar 5, 2012

good job mate :)
you did the right thing in my opinion. no harm done but great way to get attention for a critical issue

@tinogomes

This comment has been minimized.

Show comment
Hide comment
@tinogomes

tinogomes Mar 5, 2012

Contributor

@oreoshake awesome tool +1

Contributor

tinogomes replied Mar 5, 2012

@oreoshake awesome tool +1

@Petah

This comment has been minimized.

Show comment
Hide comment

Petah replied Mar 6, 2012

Oh no you didnt

@pearcec

This comment has been minimized.

Show comment
Hide comment
@pearcec

pearcec Mar 6, 2012

@Petah what were you thinking?

@Petah what were you thinking?

@stevenseeley

This comment has been minimized.

Show comment
Hide comment
@kirkbushell

This comment has been minimized.

Show comment
Hide comment
@kirkbushell

kirkbushell Mar 6, 2012

What an interesting discussion. Point of the matter is - the guy pointed out a vulnerability, some people decided it should be ignored (being a security issue that's a pretty big problem), so he made it even more obvious to the entire community and some people are putting him down for it. Absolute joke.

What an interesting discussion. Point of the matter is - the guy pointed out a vulnerability, some people decided it should be ignored (being a security issue that's a pretty big problem), so he made it even more obvious to the entire community and some people are putting him down for it. Absolute joke.

@Ocramius

This comment has been minimized.

Show comment
Hide comment
@Ocramius

Ocramius Mar 6, 2012

Wow, now really, how much will it take to have also a register_globals -like functionality? =)
Seriously rails? :|

Wow, now really, how much will it take to have also a register_globals -like functionality? =)
Seriously rails? :|

@rishta

This comment has been minimized.

Show comment
Hide comment
@rishta

rishta Mar 6, 2012

@Ocramius and @Others:
register_globals and magic_quotes are deprecated and have been removed in latest versions of PHP, so you don't shine and unless you're being vaguely sarcastic, you show you lack skill.

@Ocramius and @Others:
register_globals and magic_quotes are deprecated and have been removed in latest versions of PHP, so you don't shine and unless you're being vaguely sarcastic, you show you lack skill.

@Ocramius

This comment has been minimized.

Show comment
Hide comment
@Ocramius

Ocramius Mar 6, 2012

@rishta you don't say? :D

@rishta you don't say? :D

@pwlin

This comment has been minimized.

Show comment
Hide comment
@pwlin

pwlin Mar 6, 2012

@rishta
Your comment lacks a certain level of understanding the joke.
Of course they are deprecated, because PHP - by design - is no more vulnerable to this sort of attacks. That was the whole point.
By not fixing these holes in a default installation, RoR now scores even lower than PHP of 5 years ago.

pwlin replied Mar 6, 2012

@rishta
Your comment lacks a certain level of understanding the joke.
Of course they are deprecated, because PHP - by design - is no more vulnerable to this sort of attacks. That was the whole point.
By not fixing these holes in a default installation, RoR now scores even lower than PHP of 5 years ago.

@jberger

This comment has been minimized.

Show comment
Hide comment
@jberger

jberger Mar 6, 2012

@github, pretty please is there some way to turn off notifications from this thread without turning off all commit comment notifications?

@github, pretty please is there some way to turn off notifications from this thread without turning off all commit comment notifications?

@mishak87

This comment has been minimized.

Show comment
Hide comment
@mishak87

mishak87 Mar 6, 2012

If PHP code is producing errors with register_globals on you are terrible terrible programmer. If you are using magic_quotes you are simply stupid.

If PHP code is producing errors with register_globals on you are terrible terrible programmer. If you are using magic_quotes you are simply stupid.

@warmwaffles

This comment has been minimized.

Show comment
Hide comment
@warmwaffles

warmwaffles Mar 6, 2012

If PHP code is producing errors with register_globals on you are terrible terrible programmer. If you are using magic_quotes you are simply stupid.

But I like magic! David Blaine is soo cool

If PHP code is producing errors with register_globals on you are terrible terrible programmer. If you are using magic_quotes you are simply stupid.

But I like magic! David Blaine is soo cool

@ixti

This comment has been minimized.

Show comment
Hide comment
@ixti

ixti Mar 6, 2012

Contributor

@jberger I use Firebug: $('.del a').click() on notification page to get rid of approx 10 messages per hour from this thread :))

Contributor

ixti replied Mar 6, 2012

@jberger I use Firebug: $('.del a').click() on notification page to get rid of approx 10 messages per hour from this thread :))

@imlcl

This comment has been minimized.

Show comment
Hide comment

imlcl replied Mar 7, 2012

wow

@dreamr

This comment has been minimized.

Show comment
Hide comment
@dreamr

dreamr Mar 7, 2012

Welcome to Rails :) If you aren't using attr_accessible Santa kills 3 kittens for every vulnerable model.

Welcome to Rails :) If you aren't using attr_accessible Santa kills 3 kittens for every vulnerable model.

@believe3301

This comment has been minimized.

Show comment
Hide comment

wow

@Mithgol

This comment has been minimized.

Show comment
Hide comment
@Mithgol

Mithgol Mar 8, 2012

@dreamr

Santa kills 3 kittens for every vulnerable model

In this case there was a dead octokitten.

@dreamr

Santa kills 3 kittens for every vulnerable model

In this case there was a dead octokitten.

@darth10

This comment has been minimized.

Show comment
Hide comment
@darth10

darth10 Mar 8, 2012

holy crap

holy crap

@MechanisM

This comment has been minimized.

Show comment
Hide comment
@kevinpostal

This comment has been minimized.

Show comment
Hide comment
@kevinpostal

kevinpostal Mar 8, 2012

Pagination for the win..

Pagination for the win..

@homakov

This comment has been minimized.

Show comment
Hide comment
@homakov

homakov Mar 8, 2012

Contributor

@larzconwell
1 there is 'mark all as read' button on notif. tab
2 Why you think clearing messages should help. I am 100% sure they have table for participating users and you will be there FOR EVERS

Contributor

homakov replied Mar 8, 2012

@larzconwell
1 there is 'mark all as read' button on notif. tab
2 Why you think clearing messages should help. I am 100% sure they have table for participating users and you will be there FOR EVERS

@kelliott

This comment has been minimized.

Show comment
Hide comment
@kelliott

kelliott Mar 8, 2012

Damnit, can't I go one day without having to see Michael Jackson?

Damnit, can't I go one day without having to see Michael Jackson?

@wilmoore

This comment has been minimized.

Show comment
Hide comment
@brodock

This comment has been minimized.

Show comment
Hide comment
@brodock

brodock Mar 10, 2012

Epic commit is epic!

Epic commit is epic!

@NoICE

This comment has been minimized.

Show comment
Hide comment
@NoICE

NoICE Mar 10, 2012

Why I still get notifications about this thread when I unsubscribed few days ago and according to the bottom of this page they are properply off? :/

Why I still get notifications about this thread when I unsubscribed few days ago and according to the bottom of this page they are properply off? :/

@ajukraine

This comment has been minimized.

Show comment
Hide comment
@ajukraine

ajukraine Mar 10, 2012

Рейлз розробник: секюріті? нє, не слихал!

(ukrainian)

Рейлз розробник: секюріті? нє, не слихал!

(ukrainian)

@Mithgol

This comment has been minimized.

Show comment
Hide comment
@Mithgol

Mithgol Mar 11, 2012

@NoICE

Why I still get notifications about this thread when I unsubscribed few days ago and according to the bottom of this page they are properly off? :/

Check the «Comments after me on commits» setting in your Notification Center.

@NoICE

Why I still get notifications about this thread when I unsubscribed few days ago and according to the bottom of this page they are properly off? :/

Check the «Comments after me on commits» setting in your Notification Center.

@NoICE

This comment has been minimized.

Show comment
Hide comment

@Mithgol thanks!

@jfahrenkrug

This comment has been minimized.

Show comment
Hide comment
@jfahrenkrug

jfahrenkrug Mar 14, 2012

Wow, all these animated gifs make me feel like I'm on a 1996 Geocities page.

Wow, all these animated gifs make me feel like I'm on a 1996 Geocities page.

@Ocramius

This comment has been minimized.

Show comment
Hide comment
@Ocramius

Ocramius Mar 14, 2012

@jfahrenkrug that's exactly what they're meant for... We're commenting on 1996's web applications' security issues :D

@jfahrenkrug that's exactly what they're meant for... We're commenting on 1996's web applications' security issues :D

@rusllonrails

This comment has been minimized.

Show comment
Hide comment
@rusllonrails

rusllonrails Mar 24, 2012

Хомяков Ты крут )

Хомяков Ты крут )

@chucai

This comment has been minimized.

Show comment
Hide comment
@chucai

chucai Apr 6, 2012

有意思

有意思

@arbing

This comment has been minimized.

Show comment
Hide comment
@arbing

arbing May 23, 2012

好欢乐呀

好欢乐呀

@odiszapc

This comment has been minimized.

Show comment
Hide comment
@odiszapc

odiszapc Jun 11, 2012

Egor Letov live!

Egor Letov live!

@hinagiku

This comment has been minimized.

Show comment
Hide comment
@hinagiku

hinagiku Apr 18, 2013

万火留= =

万火留= =

@collaroid

This comment has been minimized.

Show comment
Hide comment
@collaroid

collaroid Oct 22, 2013

已火留。。。

已火留。。。

@hutusi

This comment has been minimized.

Show comment
Hide comment

😷

@dandv

This comment has been minimized.

Show comment
Hide comment
@dandv

dandv Nov 19, 2014

What if someone introduced very hard to detect vulnerabilties in popular software packages and libraries by altering commits long ago in the history of the projects?

We'd never know.

What if this has already happened?

What if someone introduced very hard to detect vulnerabilties in popular software packages and libraries by altering commits long ago in the history of the projects?

We'd never know.

What if this has already happened?

@seuros

This comment has been minimized.

Show comment
Hide comment
@seuros

seuros Nov 19, 2014

Member

Git is not centralized, everybody will notice that once he/she try to push to the repo since the SHA will not match.

Member

seuros replied Nov 19, 2014

Git is not centralized, everybody will notice that once he/she try to push to the repo since the SHA will not match.

@kirushyk

This comment has been minimized.

Show comment
Hide comment

:-)

@paralin

This comment has been minimized.

Show comment
Hide comment
@paralin

paralin Jul 7, 2015

@dandv Man, I'm seeing you everywhere.

@seuros is right, though. You can't pull from a repository with altered commit history without huge flames and explosions.

@dandv Man, I'm seeing you everywhere.

@seuros is right, though. You can't pull from a repository with altered commit history without huge flames and explosions.

@bsh314

This comment has been minimized.

Show comment
Hide comment
@bsh314

bsh314 Dec 14, 2015

Well, Egor deserves a cookie. Give it to him! Medium

Well, Egor deserves a cookie. Give it to him! Medium

@egeersoz

This comment has been minimized.

Show comment
Hide comment
@egeersoz

egeersoz Dec 15, 2015

Egor for president!!!

Egor for president!!!

@mozillo

This comment has been minimized.

Show comment
Hide comment
@mozillo

mozillo Feb 24, 2016

vulnerability

vulnerability

@sebie

This comment has been minimized.

Show comment
Hide comment
@sebie

sebie Apr 29, 2016

Over four years now.. 😃

Over four years now.. 😃

@YasserGersy

This comment has been minimized.

Show comment
Hide comment

💃

@samrocketman

This comment has been minimized.

Show comment
Hide comment
@samrocketman

samrocketman Jan 14, 2017

2017, comment for every year so far.

2017, comment for every year so far.

@geluso

This comment has been minimized.

Show comment
Hide comment

2018

Please sign in to comment.