More

entelarust · on Jan 11, 2022

Had a fun time today updating requirements.txt, git submodule refs and forking old dependancies of dependancies that havent updated their repos yet =| Inception!

entelarust · on April 8, 2020

TIL about the WTFPL license ;) http://www.wtfpl.net/about/

entelarust · on July 26, 2019

Those sat shots totally remind me of the intro to the blade runner where they show the densely packed structures https://i2.wp.com/rosettedelacroix.com/wp-content/uploads/20...

entelarust · on Oct 12, 2016

needs sheep.exe

entelarust · on Oct 12, 2016

Needs sheep.exe

entelarust · on Oct 20, 2014

http://www.hasoffers.com/

entelarust · on May 3, 2014

Use this all the time to update READMEs and documentation

Great, clean interface

dominotw · on May 3, 2014

Could you tell me how this differs from githubs own markdown editor. I played with this for a bit but I failed to notice anything.

entelarust · on Feb 7, 2014

congrats!

my team and i are big fans of your product

entelarust · on Oct 30, 2013

Quick theoretical senario...

User signs up to try circleci for a private project of theirs. Grants read access to their private repos via github oauth

User also has many other private repos (company they work for, open source projects, forks, etc)

Could they have used the stored github credentials from circleci to clone every private repo in full the user had access to?

xentronium · on Oct 30, 2013

Github has a feature to allow access to a singular repository via a key. It would be logical for CircleCI to use that feature, although I'm not sure they actually did.

https://help.github.com/articles/managing-deploy-keys#deploy...

johnwards · on Oct 30, 2013

I'm pretty sure that Circle uses the oAuth api to checkout repos, the deploy key part on github they use for their deployment feature.

If the attacker has a bunch of tokens, could they have bulk downloaded source code before the oAuth stuff was revoked by Circle?

https://github.com/blog/1270-easier-builds-and-deployments-u...

gravitronic · on Oct 30, 2013

They did not.

j15e · on Oct 30, 2013

They did, Circle-CI client here.

Info have a Circle-CI deploy key per private repository (which I will revoke).

hkdobrev · on Oct 30, 2013

In theory it is possible.

entelarust · on Oct 22, 2013

Our app is based on django + javascript

We use getsentry.com and its great