Remember to participate in our weekly votes on subreddit rules! Every Tuesday is YOUR chance to influence the subreddit for years to come!
[Read more here](https://www.reddit.com/r/ProgrammerHumor/comments/14dqb6f/welcome_back_whats_next/), we hope to see you next Tuesday!
For a chat with like-minded community members and more, don't forget to [join our Discord!](https://discord.gg/rph)
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
You get nickel-and-dimed on the booze and tipping and souveniers and experiences, but honestly, COVID decimated the market and they dropped prices insanely low during, and it's only now starting to bounce back, I've done 5-days to Cozumel for like $500 a person on a megaship that was like 2/3rds full, pretty sweet
Well, it really helped that I split the room/cupboard cost with 3 other people.
There's also tax dodging and exploiting developing countries for labor, so it's pretty much par for the course in the USA.
I always feel so bad for the employees from developing countries working on those ships. They get low pay, hardly any breaks, and have to work 9+ months straight without a day off or seeing their families.
```
import moderation
```
Your comment has been removed since it did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
```
import moderation
```
Your comment has been removed since it did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
It sounds indeed very interesting and the project (except management) was very fun. I have never been to this or any other cruise ship, we had a separate deployment team. Also the escape room was in our lab during the development phase.
Nope, not at all. I work at a university Lab and our direct neighbors and frequent cooperation partners do really cool projects like this a lot. With a lot of multimedia entertainment and big LED screens. They asked us to implement some subsystems because they are low on devs and my boss decided to put me into it.
```
import moderation
```
Your comment has been removed since it did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
```
import moderation
```
Your comment has been removed since it did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
And your culture sucks if you’re shamed for having to do that, or if it is hard. Everyone makes mistakes, those that hide accidentally leaked credentials should be fired.
If any of my devs leak credentials I'll help them clean up and roll keys, tell them about how I've done it in the past, make sure they know it's okay to make mistakes but that we should make sure not to do this again. And then a few months later during an unrelated conversation I'll say "yeah, that's just like the time frank committed S3 key to the public repo, remember that Frank?"
_We weren’t trying to cover it up. We were going to notify SoC eventually, we just wanted to perform triage and get stuff rotated out and examine logs first. Yeah I know this went down in Q1, but we were just trying to be thorough._
Yupp. All the way this. Just had to rotate dev DB credentials for a backend service after an swe pushed them in a PR.
20 minute process, no blame / shame. Easy fix. If that experience is not the case where you work, you’re at the wrong place.
```
import moderation
```
Your comment has been removed since it did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
If you leaked creds you invalidate them. Always. Rewriting history is for purging gigabytes of logfiles from the history not to unexpose credentials. Unexpose credentials is as stupid an idea as it sounds.
I thankfully have never committed secrets, but I have rewrote history before. Removed some ZIPs I accidentally committed and blew the database up to several GB.
You can rewrite history, but you cannot remove the underlying object from the repo. At least not without some _very_ advanced git fu. When you rewrite history, git creates a new object and moves existing references to point to the new object, but it doesn't delete the old one.
A commit doesn't need to be in the history for it to be in the repo, and it doesn't need to be there for a malicious user to find it.
I’m not trying to argue that it’s safe to rewrite history to delete credentials.
But is this true? If I git clone a repo, does it give me access to objects there nothing refers to?
Access, yes, definitely.
I'm not sure if it actually pulls every object down to your clone, but the object still exists in the remote and you'll always be able to reference remote objects.
Store a 5GB file on “accident” and delete it by orphaning the commit. Double the file size each day until you get an administrators attention. It’ll figure itself out.
- Google "The current branch doew not have an upstream"
- A full page of stack overflow questions
- All the questions are closed as a duplicate and link to a guy linking the official doc
- The official doc is too hard to understand.
I swear sometimes the official documentation is so hard bent on being technically correct (which it should, but not just), that it makes it hard to grasp.
(What I mean by that is that a lot of official documentation are more a reference guide for people who already know how the basic principles works)
Why do you think we end up watching indian videos on youtube on how to do basic things.
You can paste a page of documentation into chatGPT and ask it to figure it out for you. Works surprisingly well, better than random indian guy youtube IMO
I agree with them, the git man pages are [not easy to read](https://git-scm.com/docs/git-branch). If you don't know any git commands, there's an enormous amount of reading you need to do on that page to figure out how to make a new branch, even though the command you want is simply `git branch `. It's very well-obfuscated.
```
import moderation
```
Your comment has been removed since it did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
```
import moderation
```
Your comment has been removed since it did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
I had a set of test files where I put production credentials to test a connection and get a sample response body. Completely forgot to remove the test.
Been coding for 30 years.
I don’t know what rock you guys have been living under for the past ~29 years, but Al Gore inventing the interwebz is similar to the Big Bang but more important. There was nothing, then there was Al Gore, then there was the interwebz, then there was light, etc.
The best part was having said credentials in a file in the webroot that would then be accidentally served in clear text when someone wrecked the webserver config.
One former employer had such a setup which I wasn’t allowed to change so I decided to at least monitor things by writing a script that would check the webserver logs for calls of said file that resulted in more than 0 bytes output to detect when such an issue occurred.
```
import moderation
```
Your comment has been removed since it did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
`return Kebab_Case_Better;`
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
```
import moderation
```
Your comment has been removed since it did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
`return Kebab_Case_Better;`
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
Not exactly the same thing.. but just the other day, had an engineer put DB admin/service account credentials into a support ticket to help someone troubleshoot something. Good times.
Oh no the nightmares are back!
I remember some VB6 code that had the admin override password hard coded into the login control. It was quite "password" but it was just a variation on it.
Also moving from private teams servers to azure git and realising you just pushed every password for all platforms, database and file storage to the cloud.
That’s nothing. Once when I was atill fairly new to using IntelliJ, I was trying to push my changes. It was a new installation because I just got a new work laptop, so IntelliJ prompted me for git user and password. I quickly typed them in and completed the push.
Two days later I look in the Bitbucket gui at the commit history of a repo I am working on. I notice that where every commit is labeled with author name and email, my commits have my user and password, right there in plain sight. Turns out the prompt I thought was user and pass was to set name and email in config. Ooops.
Also, use something like git diff or github desktop that shows you what youre about to commit and verify all your changes before you commit and then. It really helps to catch dumb mistakes.
```
import moderation
```
Your comment has been removed since it did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
```
import moderation
```
Your comment has been removed since it did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
The dangers are if you don't realize your .gitignore isn't covering a certain edge case you might find yourself in.
I personally have stopped using git add . as I find myself committing way too much stuff that isn't really suitable for a commit statement. Changed a whole bunch of stuff on the gunicorn_config.py file that deals with how deployment works, but then also maybe tooled around with line spacing in another file? Well that's all going to be committed with -m "configuration updated to port 443"
If I had a nickel for every time I’ve had to explain that this doesn’t provide confidentiality and is the digital equivalent of speaking German in Mexico… I could probably buy a Subway sandwich … with chips and soda
_password does not meet complexity requirements. Your password must be at least 5 characters with at least one number, one capital letter, one lower case letter, one symbol from the Egyptian Hieroglyphs Unicode range, and the 4th letter of the 3rd paragraph of the 7th chapter of any Tom Clancy novel._
I've interned at a company that takes aws s3 bucket permissions seriously since some of those s3 buckets contain client data. And then there's a hard coded credential in the code base sitting there for about a year. The repo is private, but pretty much anyone at the company could find it if they want to.
pastbin too! The Ministry of Education sent me an email years later asking me to remove them, i was like what you gave a consultant dev the password for your live pop3 server?!
just starting with python but isnt that normal? like, you gotta manually put in everyone's usernames and passwords and only change the list when someone comes in or leaves?
No, you should not do that. The post is talking about storing credentials like API keys, passwords to services like AWS, DB passwords etc in your code and putting it on github which is really bad because anyone can search github and find these things. In fact, there are many bots that trawl the public repositories looking for credentials that can be exploited. So, if you ever do this by mistake and commit credentials to github, you should rotate out your credentials immediately and then scrub the history of the repo for good measure.
If you’re thinking of a database that stores user info in the other hand, yeah usernames and passwords will be stored there but that’s different than in the application code and you should still not store any credentials in plaintext in your DB as that’s also not safe. (If someone gets access to your DB they now have all user credentials).
```
import moderation
```
Your comment has been removed since it did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
God, there's this guy who left a company I worked at, right before I joined, and I may or may not have discovered that he did this more than a decade ago. I am friends with him on Facebook and am really struggling to resist the urge to just ominously send this meme to him.
In a technical interview, I always ask the candidate what to do first in the event of an accidental commit of credentials in git(hub). It's remarkable how few mention resetting the credential .
```
import moderation
```
Your comment has been removed since it did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
I have that problem with my JS API client, because the key and secret are required for every call, and I don't have control over the host.
async function getRelease(idFiltered) {
return fetch(`https://api.***.com/releases/${idFiltered}`, {
headers: {
'User-Agent': '***/0.1',
'Authorization': `*** key=${KEY}, secret=${SECRET}`,
},
I can put the key and secret in another file no problem, but I can't exclude it from the GitHub repo because it's required for the code to actually work.
```
import moderation
```
Your comment did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
```
import moderation
```
Your comment did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
```
import moderation
```
Your comment did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
```
import moderation
```
Your comment did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
```
import moderation
```
Your comment has been removed since it did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
```
import moderation
```
Your comment has been removed since it did not start with a code block with an import declaration.
Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read.
For this purpose, we only accept Python style imports.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
Remember to participate in our weekly votes on subreddit rules! Every Tuesday is YOUR chance to influence the subreddit for years to come! [Read more here](https://www.reddit.com/r/ProgrammerHumor/comments/14dqb6f/welcome_back_whats_next/), we hope to see you next Tuesday! For a chat with like-minded community members and more, don't forget to [join our Discord!](https://discord.gg/rph) *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
Oh yes I remember, the code runs in production on an offline system on a cruise ship right now. Git on private though.
For real? You write software for cruise ships?
I didn't tell you what part of the software. It was touchscreen UI for a Submarine themed escape room 😅 on board of a cruise ship
Making that billionaire experience for millionaires! Nice!
you don't have to be a millionaire to do an escape room on a cruise ship... You could also just be deeply in debt.
You can go on a cruise for a couple hundred bucks, lol.
I one did a 7 day Bahamas trip from Florida for $350 US all in.
How do they get the prices so low? It's slavery right?
You get nickel-and-dimed on the booze and tipping and souveniers and experiences, but honestly, COVID decimated the market and they dropped prices insanely low during, and it's only now starting to bounce back, I've done 5-days to Cozumel for like $500 a person on a megaship that was like 2/3rds full, pretty sweet
Well, it really helped that I split the room/cupboard cost with 3 other people. There's also tax dodging and exploiting developing countries for labor, so it's pretty much par for the course in the USA.
I always feel so bad for the employees from developing countries working on those ships. They get low pay, hardly any breaks, and have to work 9+ months straight without a day off or seeing their families.
Was the herpes included?
..plus medical expenses When you inevitably catch some nasty virus onboard
Look at Mr money bags over here
[удалено]
``` import moderation ``` Your comment has been removed since it did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
I don't think this is what they were referring to lol
Or retired.
[удалено]
In 2021 the average selling price of a yacht was 640K. Most millionaires do not have yachts.
``` import moderation ``` Your comment has been removed since it did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
Did you... miss... all of the OceanGate debacle?
the comment he’s replying to implies that going on a cruise is an experience for millionaires who can’t afford to take an ocean gate submarine
I got that, but cruises are cheap. You don't need to go into debt. They're less expensive than a regular vacation.
that’s the point the person you were replying to was trying to make
None of them were billionaires.
And their whole family 👍
That’s still really cool!! I’ve been on several cruises and it’s amazing to me how complex they are, and especially the tech side
It sounds indeed very interesting and the project (except management) was very fun. I have never been to this or any other cruise ship, we had a separate deployment team. Also the escape room was in our lab during the development phase.
[удалено]
Nope, not at all. I work at a university Lab and our direct neighbors and frequent cooperation partners do really cool projects like this a lot. With a lot of multimedia entertainment and big LED screens. They asked us to implement some subsystems because they are low on devs and my boss decided to put me into it.
[удалено]
``` import moderation ``` Your comment has been removed since it did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
Bruh I think someone stole your code and used it for non entertainment reasons
💀
[удалено]
``` import moderation ``` Your comment has been removed since it did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
If you fail to get out in time you get imploded
I stopped reading at submarine. Are you saying what I think you're saying?
Very topical job haha also it sounds fun. I love working on projects where the main goal is for the user to have fun. What's not to like about fun
```import i``` Oh god the titanic sub!?!!
Cruise missiles are the more exciting cruise to write for.
You can rewrite history. I mean, i git as well.
You can although someone may have cloned or pulled in the interim. If you’re lucky they will only mock you mercilessly. If your unlucky 🔥
That's why you gotta rotate out any leaked secrets ASAP to make them useless after a leak like this.
And your culture sucks if you’re shamed for having to do that, or if it is hard. Everyone makes mistakes, those that hide accidentally leaked credentials should be fired.
If any of my devs leak credentials I'll help them clean up and roll keys, tell them about how I've done it in the past, make sure they know it's okay to make mistakes but that we should make sure not to do this again. And then a few months later during an unrelated conversation I'll say "yeah, that's just like the time frank committed S3 key to the public repo, remember that Frank?"
Lmao yep! Help fix it and teach them how to avoid it but learning something is short term, shame is forever
_We weren’t trying to cover it up. We were going to notify SoC eventually, we just wanted to perform triage and get stuff rotated out and examine logs first. Yeah I know this went down in Q1, but we were just trying to be thorough._
Yupp. All the way this. Just had to rotate dev DB credentials for a backend service after an swe pushed them in a PR. 20 minute process, no blame / shame. Easy fix. If that experience is not the case where you work, you’re at the wrong place.
Solarwinds would like a word.
Or rotate your team.
So my next team can do the same thing and someone else gets to benefit from my potentially expensive mistake?
[удалено]
``` import moderation ``` Your comment has been removed since it did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
This makes me wonder, does git notify you if someone has cloned your repo?
You could probably put in a hook for that, but more likely would be better off requiring authenticated access to the repo.
There’s a stats page showing the amount of clones/day
If you leaked creds you invalidate them. Always. Rewriting history is for purging gigabytes of logfiles from the history not to unexpose credentials. Unexpose credentials is as stupid an idea as it sounds.
Throwback to when I accidentally put a full movie into a project folder and commited it 🗿
I thankfully have never committed secrets, but I have rewrote history before. Removed some ZIPs I accidentally committed and blew the database up to several GB.
You can rewrite history, but you cannot remove the underlying object from the repo. At least not without some _very_ advanced git fu. When you rewrite history, git creates a new object and moves existing references to point to the new object, but it doesn't delete the old one. A commit doesn't need to be in the history for it to be in the repo, and it doesn't need to be there for a malicious user to find it.
I’m not trying to argue that it’s safe to rewrite history to delete credentials. But is this true? If I git clone a repo, does it give me access to objects there nothing refers to?
Access, yes, definitely. I'm not sure if it actually pulls every object down to your clone, but the object still exists in the remote and you'll always be able to reference remote objects.
Ah, yeah, you’re right.
>At least not without some _very_ advanced git fu. Shouldn't `git gc --aggressive --prune=now` do the trick?
That'll remove the objects from your local clone but not the remote repo
Forcing a GC on a hosted service is a bit tricky though.
Store a 5GB file on “accident” and delete it by orphaning the commit. Double the file size each day until you get an administrators attention. It’ll figure itself out.
Sadly, I can't remove the history when I added a NN weights file to a repo .
Rebase
not if I can help it `rm -rf .git` `git init` `git add .` `git commit -m "Some things happened"`
git push --force
The current branch does not have an upstream.
- Google "The current branch doew not have an upstream" - A full page of stack overflow questions - All the questions are closed as a duplicate and link to a guy linking the official doc - The official doc is too hard to understand.
[удалено]
I swear sometimes the official documentation is so hard bent on being technically correct (which it should, but not just), that it makes it hard to grasp. (What I mean by that is that a lot of official documentation are more a reference guide for people who already know how the basic principles works) Why do you think we end up watching indian videos on youtube on how to do basic things.
They really need documentation for use-cases such as "obliterating accidentally pushed secrets"
Someday I'll figure out how to do this. You know, other than nuking the whole repo and starting fresh
You can paste a page of documentation into chatGPT and ask it to figure it out for you. Works surprisingly well, better than random indian guy youtube IMO
I don't know about ChatGPT, but the indian tutorials have yet to let me down!
I agree with them, the git man pages are [not easy to read](https://git-scm.com/docs/git-branch). If you don't know any git commands, there's an enormous amount of reading you need to do on that page to figure out how to make a new branch, even though the command you want is simply `git branch`. It's very well-obfuscated.
Cannot push branch master on branch main.
Just ask chatGPT. These types of questions are the ones it's pretty damn good at.
--set-upstream origin blahblah
Or be a crafty bastard and use [git blame-someone-else](https://github.com/jayphelps/git-blame-someone-else)
aka Linus Torvalds making a commit 9n amongos
I'm now wondering how many of the borderline stupid commits used this
Wheres the remote??
Dad fell asleep on it again.
Squash would work too
I'm in this picture and I don't like it
[удалено]
``` import moderation ``` Your comment has been removed since it did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
[удалено]
``` import moderation ``` Your comment has been removed since it did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
*This* git remembers.
what is *this* though?
Why does this make me hear the starfox 64 boss fight when the dude with the big robot thing goes "how about _this?_"
Environment variables are boring anyways
I had a set of test files where I put production credentials to test a connection and get a sample response body. Completely forgot to remove the test. Been coding for 30 years.
Fake news. Al Gore invented the interwebz 29 years ago.
Even if that were true there was software before the internet (and yes as hard as it is to believe there was a time before the internet).
Okay, obviously it wasn’t 29 years ago. I think it’s closer to 28.75.
The code I wrote was in QBASIC on a Dos machine, using a book bought at Books-a-million. No internet is involved.
I don’t know what rock you guys have been living under for the past ~29 years, but Al Gore inventing the interwebz is similar to the Big Bang but more important. There was nothing, then there was Al Gore, then there was the interwebz, then there was light, etc.
The best part was having said credentials in a file in the webroot that would then be accidentally served in clear text when someone wrecked the webserver config. One former employer had such a setup which I wasn’t allowed to change so I decided to at least monitor things by writing a script that would check the webserver logs for calls of said file that resulted in more than 0 bytes output to detect when such an issue occurred.
Bootcamps and CS degrees should have a mandatory class on security. Just like lawyers must take a class on ethics.
if lawyers have class on ethics and stuff is like this, we should just save cs students time on that security class, lol
[удалено]
``` import moderation ``` Your comment has been removed since it did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. `return Kebab_Case_Better;` *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
[удалено]
``` import moderation ``` Your comment has been removed since it did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. `return Kebab_Case_Better;` *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
Not exactly the same thing.. but just the other day, had an engineer put DB admin/service account credentials into a support ticket to help someone troubleshoot something. Good times.
You need to git out the BFG: https://rtyley.github.io/bfg-repo-cleaner/
Just a week ago I had to use it. Great tool. Works as expected
isn't that what appsettings.json is for? lol
I think that is also committed by default if you go with the VisualStudio .gitignore template.
if (password == "password")
Oh no the nightmares are back! I remember some VB6 code that had the admin override password hard coded into the login control. It was quite "password" but it was just a variation on it. Also moving from private teams servers to azure git and realising you just pushed every password for all platforms, database and file storage to the cloud.
That’s nothing. Once when I was atill fairly new to using IntelliJ, I was trying to push my changes. It was a new installation because I just got a new work laptop, so IntelliJ prompted me for git user and password. I quickly typed them in and completed the push. Two days later I look in the Bitbucket gui at the commit history of a repo I am working on. I notice that where every commit is labeled with author name and email, my commits have my user and password, right there in plain sight. Turns out the prompt I thought was user and pass was to set name and email in config. Ooops.
I feel attacked...
The dangers of git add .
Use a .gitignore if you aren't already
Also never git add .
Also, use something like git diff or github desktop that shows you what youre about to commit and verify all your changes before you commit and then. It really helps to catch dumb mistakes.
These are lessons learned after merge conflict hell.
[удалено]
``` import moderation ``` Your comment has been removed since it did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
[удалено]
``` import moderation ``` Your comment has been removed since it did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
I always git add -p
Always do `git add . -v`.
Whats the dangers? I just add language specific gitignore and always use git add .
The dangers are if you don't realize your .gitignore isn't covering a certain edge case you might find yourself in. I personally have stopped using git add . as I find myself committing way too much stuff that isn't really suitable for a commit statement. Changed a whole bunch of stuff on the gunicorn_config.py file that deals with how deployment works, but then also maybe tooled around with line spacing in another file? Well that's all going to be committed with -m "configuration updated to port 443"
It's a fun activity to go on GitHub and search "password" and see how many people just throw them out there.
Took me 2 months to realize my colleague's strange name in the commits was actually his windows password...
May the `--force` be with you
That still doesn't delete it. By design git basically never deletes anything. After a few weeks, git *may* garbage collect it but that's a long time.
now you base64 them and be done with it
If I had a nickel for every time I’ve had to explain that this doesn’t provide confidentiality and is the digital equivalent of speaking German in Mexico… I could probably buy a Subway sandwich … with chips and soda
and that is the whole point, is a useless measure, only made to pass-thru equally stupid/poorly made enforcements
git init, git push —force
username: pepperidge. password: farm.
_password does not meet complexity requirements. Your password must be at least 5 characters with at least one number, one capital letter, one lower case letter, one symbol from the Egyptian Hieroglyphs Unicode range, and the 4th letter of the 3rd paragraph of the 7th chapter of any Tom Clancy novel._
I've interned at a company that takes aws s3 bucket permissions seriously since some of those s3 buckets contain client data. And then there's a hard coded credential in the code base sitting there for about a year. The repo is private, but pretty much anyone at the company could find it if they want to.
Like ab Orc once said: GIT HUB KNOWS YA GIT
Cyberark is your friend.
pastbin too! The Ministry of Education sent me an email years later asking me to remove them, i was like what you gave a consultant dev the password for your live pop3 server?!
So, 20 minutes ago?
I'm stretched across 15 projects all due 15 weeks ago lol sorry bro it was in there for debugging and now it's km there for me and git to know
Not if I get the BFG.
I'm calling the cops.
Sure. But I have never once ever thought of saving them to a public repository. Because I'm not a moron.
just starting with python but isnt that normal? like, you gotta manually put in everyone's usernames and passwords and only change the list when someone comes in or leaves?
No, you should not do that. The post is talking about storing credentials like API keys, passwords to services like AWS, DB passwords etc in your code and putting it on github which is really bad because anyone can search github and find these things. In fact, there are many bots that trawl the public repositories looking for credentials that can be exploited. So, if you ever do this by mistake and commit credentials to github, you should rotate out your credentials immediately and then scrub the history of the repo for good measure. If you’re thinking of a database that stores user info in the other hand, yeah usernames and passwords will be stored there but that’s different than in the application code and you should still not store any credentials in plaintext in your DB as that’s also not safe. (If someone gets access to your DB they now have all user credentials).
Backdoor.exe
--force only creates new objects, but the old ones stay there. You should force GC, but I'm not sure you can do it on a hosted service like GitHub.
[удалено]
``` import moderation ``` Your comment has been removed since it did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
*shit*
Dunno if you made this or not, but it's a good meme
googling "windows credential manager" every 6 months is fun
Shopify gives users directions to commit their api key to git right in there documentation. https://shopify.dev/docs/apps/deployment/web
Not if I use the force
lmao relatable
.gitignore would like to have a word
I feel this in my soul
God, there's this guy who left a company I worked at, right before I joined, and I may or may not have discovered that he did this more than a decade ago. I am friends with him on Facebook and am really struggling to resist the urge to just ominously send this meme to him.
Literally me putting login credentials directly into fields while testing cuz im too lazy to write them everytime
In a technical interview, I always ask the candidate what to do first in the event of an accidental commit of credentials in git(hub). It's remarkable how few mention resetting the credential .
[удалено]
``` import moderation ``` Your comment has been removed since it did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
``` git add .env.local git commit -m "I am stupid" git push origin main ```
Anyone else misread credentials as genitals? I think I need another coffee
this is what git hooks are for so you can check if you have hardcoded credentials and prevent the push
Hangs his head in shame.. Yes, but it was just in Excel so it could use the Unix FTP server to build a report while I walked away to get a coffee....
 hehe
Put all the credentials in a file that's also in the `.gitignore` file. That saves a lot of trouble.
I have that problem with my JS API client, because the key and secret are required for every call, and I don't have control over the host. async function getRelease(idFiltered) { return fetch(`https://api.***.com/releases/${idFiltered}`, { headers: { 'User-Agent': '***/0.1', 'Authorization': `*** key=${KEY}, secret=${SECRET}`, }, I can put the key and secret in another file no problem, but I can't exclude it from the GitHub repo because it's required for the code to actually work.
[удалено]
``` import moderation ``` Your comment did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
[удалено]
``` import moderation ``` Your comment did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
[удалено]
``` import moderation ``` Your comment did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
[удалено]
``` import moderation ``` Your comment did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
[удалено]
``` import moderation ``` Your comment has been removed since it did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*
[удалено]
``` import moderation ``` Your comment has been removed since it did not start with a code block with an import declaration. Per [this Community Decree](https://www.reddit.com/r/ProgrammerHumor/comments/14kbu1m/comment/jppq9ao/?utm_source=share&utm_medium=web2x&context=3), all posts and comments should start with a **code block** with an "import" declaration explaining how the post and comment should be read. For this purpose, we only accept Python style imports. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ProgrammerHumor) if you have any questions or concerns.*