daniel:// stenberg://Feb 10, 2025
lemme show you 140,000 (!) places in code where certificate verification is switched off when using libcurl: https://github.com/search?q=CURLOPT_SSL_VERIFYPEER%2C+FALSE&type=code
Build software better, together

GitHub is where people build software. More than 150 million people use GitHub to discover, fork, and contribute to over 420 million projects.

GitHub
Show threadmittorn
@bagder And i cannot sign in because of 2fa enforcement...
Feb 10, 2025 at 2:19pmWeb
Show threadDamian YerrickFeb 10, 2025

@mittorn @bagder I've read rumors on the Internets that a program called "oathtool" lets you generate TOTP 2-factor authentication codes on a desktop computer.

#oathtool #totp #2fa

Show threadmittornFeb 11, 2025
@PinoBatch @bagder i do not want enable totp because account will be tethered to some auth software.
Show threadThe Cookie WitchFeb 11, 2025

@mittorn @PinoBatch @bagder TOTP does not require connection. Codes are generated offline, and you can use open source software like Aegis for the purpose.

https://en.wikipedia.org/wiki/Time-based_one-time_password

Time-based one-time password - Wikipedia

Show threadmittornFeb 11, 2025
@Artha @PinoBatch @bagder i know how totp works. I do not like idea i only can access account while some specific device with me
Show threadnikoFeb 11, 2025
@mittorn @Artha @PinoBatch @bagder you don’t have to have it tied to a specific device though? You can self-host a TOTP service for yourself or have TOTP codes in your password manager meaning as long as you have access to your password manager you have access to TOTP
Show threadmittornFeb 11, 2025
@nrab @Artha @PinoBatch @bagder Hosting totp is good idea, but it will require trusted hosting. Anyway, i do not want use github if it tries enforce totp i do not want setup NOW.
I still have access with personal token, but i cannot use browser-only features like code search