In that spot I am 100% backing out the changes, and then putting them in a feature branch, etc without a second thought.

If somehow in some freak situation there was a bug and people went searching it down and it was done like that and looked sloppy it might risk making the whole thing look like incompetence.

I don't understand - if you already pushed to master, why would you have to force push?

Are you in the habit of rebasing your branches? If so, I can see why this might be a problem, if not, I guess I don't, unless your feature isn't ready.

If I checked out where I messed up, made a change, force pushed it would rewrite history so no one would see my mistake.

My feature is "ready" in that um it looks like I'm done (and it was just styling/jsx stuff so who cares) but no one has reviewed it and I unnecessarily polluted master with 4 non-merge commits. I never rebase just no ff merge feature branches.

I'm going to look into that checkout then force merge to change history. In that case, I don't think it would be about hiding a mistake but de-cluttering the git history, which is a great thing.

force merge is a thing?

if you have a branch and it has 20 commits you can rebase off of master and then squash the 20 commits down to a single commit and then merge it into master.

i guess you could also merge a branch into master and then git push --force so that all of those changes look like they were apart of the last commit on master, i've never tried that and i don't see any benefit.

if you are working on master and have made changes, you can just do git checkout -b new_branch_name and it will transfer those changes over to the new_branch.
then on master you can just roll back, git reset --hard HEAD.

this is all speculative, i have no idea how git works.

I meant force push

I've only had to do it once, when a team member seemed to **** up git in some weird way where I needed to just figure out exactly what code needed to end up somewhere, and then force the code in.

Squash is nice, but ammending commits may be better.

we force push all the time. its bc we standardize single commit per pull request.

so squashing multiple commits, or undoing and then changing and recommitting or amending a committing will all require a forced push bc it changes history. theres a good chance your team member didnt "**** up git in some weird way".

I'm not sure what you mean but she spent half the day trying to merge code between different branches and the "correct" code never ended up where it should. Git had definitely gotten messed up and she had no idea how to fix it and what she was trying wasn't working.

Yeah I've seen devs spend whole days trying to rebase. Like it's not that hard wtf.

I can understand having an issue and it taking some time while learning a new thing. but what gets me is the ppl that go through he same problem weekly. its like, cmon man, I showed you how to do this last week. oh and you get paid twice as much as me.

Lol

LOLOL at the CA Unemployment security questions. Literally not one of these has an obvious answer for me.



And of course they want four of them.

OMG all 4 have different questions. Someone went completely bananas here.

You should be using a password manager and those answers should just be hashes anyway imo.

It seems like every time I finally decide to start using a password manager news of another one being insecure comes out. Which one are all the cool kids using these days?

Assuming the password manager can't scrape the site - are you really typing in long security questions for every single site that makes you fill them out when you register?

a mistake people make on git is when they rebase off master and master has a bunch of merge conflicts with the code they have written, they should first squash all of their commits on their branch before rebasing/merging into master otherwise they could end up in a situation where they have to deal with merge conflicts for twenty different commits, which could take all day.

It's copy and paste, but yes.

I use Passpack, the older version. It has always seemed good to me and they seem to take security very seriously and seem very thoughtful from the admittedly little that I have read of their writing.

My standard login process is logging into Passpack with 2 passwords and 2 FA (depending if I'm on a trusted device or not) and then accessing my saved passwords, some if which are also in 2FA. So yea it can take 3 passwords and 2 texts/emails (my 2 FA methods are somewhat varied) to log into something but once you get used to it the extra 20 seconds goes by very quickly.

I'm similar to LL, but I switched from passpack to 1password and its been a lot better - their apps / browser / iphone integrations are easy to use.

I use Duo for almost all 2fa which has an apple watch app so I can get the code easily without needing a text or email.

You can have 1password stay logged in for awhile so the extra time is minimal and I never have to remember passwords or care when 2+2 is hacked. I also use garbage for security questions because most things rarely ask you them so the extra effort of going to 1password is still less than the extra effort of trying to remember if my favorite movie as a kid was Hudson Hawk or Die Hard 3.

It's mildly funny to me that most basic functions of every website are still designed from the ground up, like bespoke houses or something (with a lot of the same problems, i.e. everyone inventing their own principles with no regard for what we've learned in the last decades)

The use of security questions is a questionable practice. But if you must use them, for ****'s sake none of them should include anything about your "favorite" whatever, and you should probably avoid firsts unless it's something a person is really likely to remember.

I don't know if the xkcd guy was right about passwords, but I do remember his sample password by heart, and that was like years ago and I only really saw the comic once. There's some wisdom in that.

Hah I went to look at the comic again and the last panel is so right.
https://xkcd.com/936/

The one thing that hasn't aged well from his comic is that you actually need to care now about strong passwords being leaked/stolen.

There's an assumption in his comic that you can re-use a good/strong password across multiple sites. But in practice we've seen that there are too many ways for a password to be leaked: poor storage+hacks, written to logs, SSL security vulnerabilities, etc.

I think basically 2fa or unique passwords per site are really the only options if you want to have good security online.

I think the comic works if you just think of it as the password to your password manager. I use a password manager for everything. Prior to that I use to use something like
md5(url+standardpass)
so that I could essentially use the same password everywhere, from my point of view, but a leaked password didn't expose other sites.

Granted, I just stored these in chrome/firefox/whatever, which who knows where tf those ended up getting stored.

Oh man a giant pet peeve of mine is the different password requirements sites have, so that I have to have 1pass generate different passwords with different lengths and characters and stuff until I get one it'll accept. Like guys, how about you just let me use whatever I want? Some places won't accept passwords with punctuation for example. Why? **** you, that's why.