Yes, these folks came out of Intel Labs. But that's also a fabless startup. When you start talking about fabs you're talking about needing real money (in the multi billions of dollars). That kind of funding could only come from the likes of Apple and Nvidia.
They did not come (directly) out of Intel Labs. They left because they were working on a moonshot project that lost corporate support. Just like Ampere computing, just a few years later.
okta is not "active-active" in a multi-region sense, they run in a single active AWS single Region per-tenant. You can pay extra to have a faster failover in a region level failure scenario:
Bcrypt is still perfectly usable for its original purpose. They just picked/wrote a bad implementation that silently truncated inputs longer than the maximum input length. Would you also ask why they picked AES (a cipher from 1998) when the error was with the user (e.g. picking fixed/too short key)?
What about "access controls" for the AuthZ side, instead of Permissions?
Wondering HNs collective wisdom on this-- at work we've been using Access Controls on our homepage for awhile- https://www.conductorone.com/ - to the people outside the IAM-geek space does this make more sense?
I like the idea of exposing Roles for selection, and having those roles generally apply to permissions or workflows internally. This tends to work pretty well for many, or even most applications. I can't stand fine-grained access controls in general.
The API for Let's Encrypt to do this requires possession of the private key, which pwned keys doesn't always have. Sometimes they just have an "attestation" of compromise:
You can also just, Log the spans as they are being created to stderr/stdout -- I've done this on a previous project with this approach of "spans first".
It made it debuggable via output if needed, but the primary consumption became span oriented.
If an attacker has access to the private key, they could use the Host-key rotation feature to migrate you to an attacker-controlled key instead, as the old key is trusted. So, GitHub needs everyone to forcibly untrust the old (exposed) key.
The problem with rotating this particular private key is that it's incredibly disruptive. Everyone who uses GH will see a big scary message from ssh saying the host key changed and something malicious might be going on. A majority of those people probably won't have seen a blog post announcing the change beforehand.
Anyone who's baked the host key in the known_hosts file that gets shipped on their CI systems would start to see jobs failing, and have to manually fix it up with the new host key.
These things are just annoying enough that I think it's perfectly understandable that GH doesn't want to regularly rotate this private key.
Host-key rotation would enable the attacker to continue, but the attacker could be detected simply by diligent people monitoring the github key they use.
The current rotation allows anyone to try to fish the lazy users (like me probably) who will just trust on first use. Probably a bigger risk than key compromise, since they have logs.
It could be a better idea to use Host-key rotation, despite it making the life of a key-thief a bit easier. Just because it exposes people less against opportunistic impersonators.
1. IIRC UpdateHostKeys does not remove the old key, so it would still be there, lurking (I haven't checked the code).
2. It was only added in OpenSSH 6.8, so it missed Ubuntu 14.04 release, and only really turned up in 16.04 LTS that way, plenty of old systems it wouldn't work on.
As other posters noted, a bad actor could rotate the key to their chosen keys just as easily as GitHub could cause the rotation.
"Ex-Intel executives raise $21.5 million for RISC-V chip startup":
https://www.aheadcomputing.com/
I believe the founding team is all in Oregon - and mostly all ex-Intel.