Results 1 to 6 of 6
  1. #1
    3 Time Nascar Pool Winner 4me2c's Avatar
    Join Date
    May 2015
    Location
    Out There...!
    Posts
    6,751
    Rep Power
    300

    Question Fusion, Indigo n Github Browser...

    Is any1 using these 3 Steps :

    Code:
    https://www.tvaddons.co/kodi-addons/
    ...?!?

    I am asking because I have seen reports that the 2nd and 3rd ones aren't really secure(safe)...!

  2. #2
    Transparent Wall Technician crazed 9.6's Avatar
    Join Date
    Nov 2014
    Posts
    15,650
    Rep Power
    447
    Quote Originally Posted by 4me2c View Post
    Is any1 using these 3 Steps :

    Code:
    https://www.tvaddons.co/kodi-addons/
    ...?!?

    I am asking because I have seen reports that the 2nd and 3rd ones aren't really secure(safe)...!
    considering they come from tvaddons, I am not surprised they are not safe
    And no, I would not even try those
    "The illusion of freedom will continue for as long as it's profitable to continue the illusion. At the point where the illusion becomes too expensive to maintain, they will take down the scenery, move the tables and chairs out of the way, then they will pull back the curtains and you will see the brick wall at the back of the theater."
    - Frank Zappa

  3. #3
    Readings Master kens's Avatar
    Join Date
    Feb 2016
    Location
    yes i do -Y(not)
    Posts
    915
    Rep Power
    86
    Tvaddons is defunct or not what it used to be. Most links are no longer updated.
    Github is a repository for many of the addons you can get from the Kodi Repository that is included in Kodi
    (system settings/ add-ons/ install from repository/ Kodi Repository)

    ...so I 2nd crazed 7.2's recommendation.
    /kens

  4. #4
    3 Time Nascar Pool Winner 4me2c's Avatar
    Join Date
    May 2015
    Location
    Out There...!
    Posts
    6,751
    Rep Power
    300
    C/P :


    We tried out github recently.

    Compared with our previous git hosting (which was on our own linux virtual server), I'm not overly impressed with the security. We did decide to use it, but only for projects where keeping the code private wasn't a huge concern.

    Namely:

    There's no company control at all over the user accounts. We control which users have access to our repository, but there's no password policies, the users pick their own email addresses, etc.
    There's no way to limit access by IP address
    Passwords can only be reset by the user
    Compromising the users email account (which we're unable to see what account they've set it to) also results in a compromise of their github account, as they use an email challenge to reset forgotten passwords.
    There's no access logs (there is an audit trail for most or possibly all changes, but no logging at all for access)
    Access to the web front end is only password protected, so is vulnerable to password reuse from other sites and to some extent to brute forcing (github's statement about what they do for failed logins is pretty unclear).

    One or two of these we could live, but in combination they basically make github completely unsuitable.

    They have added 2 factor authentication recently, and there is an API so that organisations can at least check if users with access to their repositories have two factor authentication enabled. Whilst I don't feel this is really the best solution, it probably just about moves github into being secure enough that it can be considered for private repos.

    As mt3 notes, you can run an enterprise install instead, which presumably significantly improves security - but the cost difference between that and a standard github company account is staggering, and it would probably mean you miss out on all the third party tools that integrate with github.

    On a non-security note, they do at least now support annual billing properly, which helps reduce the paperwork overhead.

    GitHub have recently announced new business plans with extra features - this could solve '1'/'4'/'5'. (Though the 'uptime guarantee' that's part of it is pretty laughable - not even "four 9s", and excludes scheduled maintenance and anything they deem 'outside their reasonable control' - and it's not an actual guarantee, it's just a small credit against your next bill which is capped to be no more than a third of your bill. Basically very carefully worded marketing weasel words instead of any kind of commitment from them.)
    shareimprove this answer
    edited Mar 2 '17 at 11:37

  5. #5
    Transparent Wall Technician crazed 9.6's Avatar
    Join Date
    Nov 2014
    Posts
    15,650
    Rep Power
    447
    4me2c, that article is almost 2 years old. And posted by an unknown entity.
    There is no authentication that any of what he posted is fact or fiction, or just his point of view. I get that from his words such as accussing github in doing some "marketing weasel words" .... Them sort of descriptions define the poster in my eyes as someone out to put github in a bad light. With that, how can this be taken seriously, I ask ?
    Most of what he is saying concerns security and without knowing if this poster is an actual intellect or just some blogger who just threw this altogether on a whime, trying to make github look bad, then it should be classed as a 'point of view only'.
    And since it is almost 2 years old, is there any updates on any of this ?
    Were there any other comments to address this poster's comments ?

    That's why it was probably found on some blog site and not an actual tech site....
    And neither are we a tech site for such things, so there are no github engineers here to address this copy and pasted article.
    "The illusion of freedom will continue for as long as it's profitable to continue the illusion. At the point where the illusion becomes too expensive to maintain, they will take down the scenery, move the tables and chairs out of the way, then they will pull back the curtains and you will see the brick wall at the back of the theater."
    - Frank Zappa

  6. #6
    3 Time Nascar Pool Winner 4me2c's Avatar
    Join Date
    May 2015
    Location
    Out There...!
    Posts
    6,751
    Rep Power
    300
    This one is Newer :

    Code:
    https://www.infoq.com/news/2018/03/github-vulnerability-alerts-resp
    ...!

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •