View Full Version : Fusion, Indigo n Github Browser...
4me2c
09-16-2018, 08:46 PM
Is any1 using these 3 Steps :
https://www.tvaddons.co/kodi-addons/ ...?!?
I am asking because I have seen reports that the 2nd and 3rd ones aren't really secure(safe)...!
crazed 9.6
09-16-2018, 08:57 PM
Is any1 using these 3 Steps :
https://www.tvaddons.co/kodi-addons/ ...?!?
I am asking because I have seen reports that the 2nd and 3rd ones aren't really secure(safe)...!
considering they come from tvaddons, I am not surprised they are not safe :eek:
And no, I would not even try those
Tvaddons is defunct or not what it used to be. Most links are no longer updated.
Github is a repository for many of the addons you can get from the Kodi Repository that is included in Kodi
(system settings/ add-ons/ install from repository/ Kodi Repository)
...so I 2nd crazed 7.2's recommendation.
/kens
4me2c
09-17-2018, 08:35 PM
C/P :
We tried out github recently.
Compared with our previous git hosting (which was on our own linux virtual server), I'm not overly impressed with the security. We did decide to use it, but only for projects where keeping the code private wasn't a huge concern.
Namely:
There's no company control at all over the user accounts. We control which users have access to our repository, but there's no password policies, the users pick their own email addresses, etc.
There's no way to limit access by IP address
Passwords can only be reset by the user
Compromising the users email account (which we're unable to see what account they've set it to) also results in a compromise of their github account, as they use an email challenge to reset forgotten passwords.
There's no access logs (there is an audit trail for most or possibly all changes, but no logging at all for access)
Access to the web front end is only password protected, so is vulnerable to password reuse from other sites and to some extent to brute forcing (github's statement about what they do for failed logins is pretty unclear).
One or two of these we could live, but in combination they basically make github completely unsuitable.
They have added 2 factor authentication recently, and there is an API so that organisations can at least check if users with access to their repositories have two factor authentication enabled. Whilst I don't feel this is really the best solution, it probably just about moves github into being secure enough that it can be considered for private repos.
As mt3 notes, you can run an enterprise install instead, which presumably significantly improves security - but the cost difference between that and a standard github company account is staggering, and it would probably mean you miss out on all the third party tools that integrate with github.
On a non-security note, they do at least now support annual billing properly, which helps reduce the paperwork overhead.
GitHub have recently announced new business plans with extra features - this could solve '1'/'4'/'5'. (Though the 'uptime guarantee' that's part of it is pretty laughable - not even "four 9s", and excludes scheduled maintenance and anything they deem 'outside their reasonable control' - and it's not an actual guarantee, it's just a small credit against your next bill which is capped to be no more than a third of your bill. Basically very carefully worded marketing weasel words instead of any kind of commitment from them.)
shareimprove this answer
edited Mar 2 '17 at 11:37
crazed 9.6
09-17-2018, 11:31 PM
4me2c, that article is almost 2 years old. And posted by an unknown entity.
There is no authentication that any of what he posted is fact or fiction, or just his point of view. I get that from his words such as accussing github in doing some "marketing weasel words" .... Them sort of descriptions define the poster in my eyes as someone out to put github in a bad light. With that, how can this be taken seriously, I ask ?
Most of what he is saying concerns security and without knowing if this poster is an actual intellect or just some blogger who just threw this altogether on a whime, trying to make github look bad, then it should be classed as a 'point of view only'.
And since it is almost 2 years old, is there any updates on any of this ?
Were there any other comments to address this poster's comments ?
That's why it was probably found on some blog site and not an actual tech site.... :eek:
And neither are we a tech site for such things, so there are no github engineers here to address this copy and pasted article.
4me2c
09-18-2018, 04:32 PM
This one is Newer :
https://www.infoq.com/news/2018/03/github-vulnerability-alerts-resp ...!
Powered by vBulletin® Version 4.2.5 Copyright © 2024 vBulletin Solutions Inc. All rights reserved.